``In-Net: Enabling In-Network Processing for the Masses"
Radu Stoenescu, Matei Popovici, Vladimir Olteanu, Joao Martins, Roberto Bifulco,
Felipe Huici, Mohamed Ahmed, Georgios Smaragdakis, Mark Handley, and Costin
ACM EuroSys 2015.
Network Function Virtualization is pushing network operators
to deploy commodity hardware that will be used to run
middlebox functionality and processing on behalf of third
parties: in effect, network operators are slowly but surely
becoming in-network cloud providers. The market for innetwork
clouds is large, ranging from content providers, mobile
applications and even end-users.
We show in this paper that blindly adopting cloud technologies
in the context of in-network clouds is not feasible
from both the security and scalability points of view. Instead
we propose IN-NET, an architecture that allows untrusted
endpoints as well as content-providers to deploy custom in-network
processing to be run on platforms owned by network
operators. IN-NET relies on static analysis to allow
platforms to check whether the requested processing is safe,
and whether it contradicts the operator's policies.
We have implemented IN-NET and tested it in the wide-area,
supporting a range of use-cases that are difficult to deploy
today. Our experience shows that IN-NET is secure,
scales to many users (thousands of clients on a single inexpensive
server), allows for a wide-range of functionality,
and offers benefits to
end-users, network operators and content