segnalo PAPER1: https://www.ibr.cs.tu-bs.de/users/goltzsch/papers/eurosec2017-trustjs.pdf Client-side JavaScript has become ubiquitous in web applicationsto improve user experience and reduce server load. However, sinceclients are untrusted, servers cannot rely on the confidentiality orintegrity of client-side JavaScript code and the data that it operateson. For example, client-side input validation must be repeated atserver side, and confidential business logic cannot be offloaded. Inthis paper, we presentTRUSTJS, a framework that enables trust-worthy execution of security-sensitive JavaScript inside commoditybrowsers.TRUSTJSleverages trusted hardware support providedby Intel SGX to protect the client-side execution of JavaScript, en-abling a flexible partitioning of web application code. We presentthe design ofTRUSTJSand provide initial evaluation results, show-ing that trustworthy JavaScript offloading can further improve userexperience and conserve more server resources. PAPER2: https://www.ibr.cs.tu-bs.de/users/goltzsch/papers/dsn18-endbox.pdf Many organisations enhance the performance, secu-rity, and functionality of their managed networks by deployingmiddleboxescentrally as part of their core network. While thissimplifies maintenance, it also increases cost because middleboxhardware must scale with the number of clients. A promisingalternative is to outsource middlebox functions to the clientsthemselves, thus leveraging their CPU resources. Such an ap-proach, however, raises security challenges for critical middleboxfunctions such as firewalls and intrusion detection systems.We describe ENDBOX, a system that securely executes mid-dlebox functions on client machines at the network edge. Itsdesign combines a virtual private network (VPN) with middleboxfunctions that are hardware-protected by a trusted executionenvironment (TEE), as offered by Intel’s Software Guard Exten-sions (SGX). By maintaining VPN connection endpoints insideSGX enclaves, ENDBOXensures that all client traffic, includingencrypted communication, is processed by the middlebox. Despiteits decentralised model, ENDBOX’s middlebox functions remainmaintainable: they are centrally controlled and can be updatedefficiently. We demonstrate ENDBOXwith two scenarios involving(i) a large company; and (ii) an Internet service provider thatboth need to protect their network and connected clients. Weevaluate ENDBOXby comparing it to centralised deployments ofcommon middlebox functions, such as load balancing, intrusiondetection, firewalling, and DDoS prevention. We show thatENDBOXachieves up to3.8×higher throughput and scaleslinearly with the number of clients. -- Marco "Now produce your explanation, and pray make it improbable!" _______________________________________________ Equiliber mailing list Equiliber@server-nexa.polito.it https://server-nexa.polito.it/cgi-bin/mailman/listinfo/equiliber