Due to the proliferation of cloud computing many services that were traditionally accessible through secure centralised locations are being outsourced to the cloud. An outsourced service is in general tied to a set of rules or guidelines, which govern how the service is to process requests and output results. Often such rules as well as the results of the service are sensitive, and the entity outsourcing the service wishes to keep the rules and the processed data hidden from not only third parties but also the cloud itself.
Our research is to come up with solutions for outsourcing of services (functions) that rely on a set of rules (policies) such that the function, its output and the policies are hidden from the cloud. Moreover, the solution should guarantee timely processing of the outsourced function (real-time).
At present, our research is on private processing of network functions. We are also looking at other avenues where functions need to be outsourced.
Private Processing of Outsourced Network Functions
Like other services, network functions, such as firewalls and NAT, can be outsourced via technologies such as network function virtualization (NFV).
Our research attempts to find a private solution where the policies governing the network function, such as firewall rules, remain hidden from the cloud while being efficient in terms of network throughput. Our solution comes in two flavours
Due to the heavy involvement of public-key algorithms, the above approach did not result in a fast enough system. Based on the lessons learned, we developed a new system relying on private-key operations as well as using a more distributed approach. We call the resulting system, SplitBox.