UniSec:a Unified Security Framework with SmartNIC Acceleration in Public Cloud
In the public cloud,the software security functions that multi-tenants deploy in their virtual networks have limited per-formance.SmartNIC overcomes these limitations by imple-menting these security functions with hardware accelera-tion.However,the shared SmartNIC resources are not open for external users with security considerations.Since the se-curity requirements of tenants are diverse,it is tedious for network operators to develop these functions from scratch with low-level APIs.This paper presents UniSec,a unified programming frame-work for fast security functions development while improv-ing performance with SmartNIC acceleration.UniSec pro-vides modular abstraction for a single function and module sharing among multiple security functions.With the well-defined APIs of UniSec,developers only need to focus on the core logic instead of complex underlying operations includ-ing resource management,matching algorithms,etc.Exper-imental results show that the code has been reduced by 65%on average for each security function with UniSec.UniSec also improves processing performance up to 76%,compared with the software-only implementation.
SmartNIC Security Function Programming Framework
Jinli Yan Lu Tang Junnan Li Xiangrui Yang Wei Quan Hongyi Chen Zhigang Sun
College of Computer,National University of Defense Technology
国际会议
2019国图灵大会(ACM Turing Celebration conference-China 2019 )
成都
英文
371-376
2019-05-17(万方平台首次上网日期,不代表论文的发表时间)