TY - GEN
T1 - HELIOS
T2 - 14th ACM Symposium on Cloud Computing, SoCC 2023
AU - You, Myoungsung
AU - Nam, Jaehyun
AU - Seo, Minjae
AU - Shin, Seungwon
N1 - Publisher Copyright:
© 2023 Copyright held by the owner/author(s). Publication rights licensed to ACM.
PY - 2023/10/30
Y1 - 2023/10/30
N2 - With the increasing adoption of containerization in cloud services, container networking has become a critical concern, as it enables the agile deployment of microservices but also introduces new vulnerabilities susceptible to network attacks, posing a threat to container environments. While several security solutions have been introduced to address this concern, they unfortunately exhibit significant shortcomings, including security vulnerabilities and limited performance. We thus propose Helios, a novel hardware-based network security extension that addresses the security and performance limitations in existing solutions. Leveraging a smartNIC, Helios enhances both the security and performance facets of container networking through two key mechanisms: (i) the establishment of physically isolated container communication channels and (ii) the network security engines fully offloaded to the smartNIC. Our evaluation shows that Helios mitigates various network threats initiated from both container- and host-side while performing up to 3x faster than the existing solutions in container communication.
AB - With the increasing adoption of containerization in cloud services, container networking has become a critical concern, as it enables the agile deployment of microservices but also introduces new vulnerabilities susceptible to network attacks, posing a threat to container environments. While several security solutions have been introduced to address this concern, they unfortunately exhibit significant shortcomings, including security vulnerabilities and limited performance. We thus propose Helios, a novel hardware-based network security extension that addresses the security and performance limitations in existing solutions. Leveraging a smartNIC, Helios enhances both the security and performance facets of container networking through two key mechanisms: (i) the establishment of physically isolated container communication channels and (ii) the network security engines fully offloaded to the smartNIC. Our evaluation shows that Helios mitigates various network threats initiated from both container- and host-side while performing up to 3x faster than the existing solutions in container communication.
KW - Container Network
KW - Security Policy Enforcement
KW - SmartNIC
UR - https://www.scopus.com/pages/publications/85178517163
U2 - 10.1145/3620678.3624786
DO - 10.1145/3620678.3624786
M3 - Conference contribution
AN - SCOPUS:85178517163
T3 - SoCC 2023 - Proceedings of the 2023 ACM Symposium on Cloud Computing
SP - 486
EP - 501
BT - SoCC 2023 - Proceedings of the 2023 ACM Symposium on Cloud Computing
PB - Association for Computing Machinery, Inc
Y2 - 30 October 2023 through 1 November 2023
ER -