Signe Rüsch scite author profile

Signe Rüsch

5Publications

49Citation Statements Received

75Citation Statements Given

How they've been cited

How they cite others

133

Affiliations

Technische Universität Braunschweig

Publications

Order By: Most citations

EndBox: Scalable Middlebox Functions Using Client-Side Trusted Execution

Goltzsche¹,

Rüsch²,

Nieke³

et al. 2018

View full text Add to dashboard Cite

Many organisations enhance the performance, security, and functionality of their managed networks by deploying middleboxes centrally as part of their core network. While this simplifies maintenance, it also increases cost because middlebox hardware must scale with the number of clients. A promising alternative is to outsource middlebox functions to the clients themselves, thus leveraging their CPU resources. Such an approach, however, raises security challenges for critical middlebox functions such as firewalls and intrusion detection systems. We describe ENDBOX, a system that securely executes middlebox functions on client machines at the network edge. Its design combines a virtual private network (VPN) with middlebox functions that are hardware-protected by a trusted execution environment (TEE), as offered by Intel's Software Guard Extensions (SGX). By maintaining VPN connection endpoints inside SGX enclaves, ENDBOX ensures that all client traffic, including encrypted communication, is processed by the middlebox. Despite its decentralised model, ENDBOX's middlebox functions remain maintainable: they are centrally controlled and can be updated efficiently. We demonstrate ENDBOX with two scenarios involving (i) a large company; and (ii) an Internet service provider that both need to protect their network and connected clients. We evaluate ENDBOX by comparing it to centralised deployments of common middlebox functions, such as load balancing, intrusion detection, firewalling, and DDoS prevention. We show that ENDBOX achieves up to 3.8× higher throughput and scales linearly with the number of clients.

show abstract

Adding Fairness to Order: Preventing Front-Running Attacks in BFT Protocols using TEEs

Stathakopoulou

Rüsch

Brandenburger

et al. 2021

View full text Add to dashboard Cite

ZugChain: Blockchain-Based Juridical Data Recording in Railway Systems

Rüsch

Bleeke

Messadi

et al. 2022

View full text Add to dashboard Cite

Towards Low-Latency Byzantine Agreement Protocols Using RDMA

Rüsch

Messadi

Kapitza

2018

View full text Add to dashboard Cite

show abstract

Bloxy: Providing Transparent and Generic BFT-Based Ordering Services for Blockchains

Rüsch

Bleeke

Kapitza

2019

View full text Add to dashboard Cite

With the wide-spread use of blockchain technology, Byzantine fault-tolerant (BFT) protocols are explored as a means to achieve consensus on which transactions should be processed next. BFT protocols are not a one-size-fits-all solution: they should be chosen according to the blockchain's use case, which can range from supply chain management to decentralised storage, requiring specialisation e. g. regarding throughput, latency, or level of decentralisation. Previously, consensus protocols were usually hardcoded into the blockchain infrastructure and could not be exchanged, therefore inhibiting flexible use of an otherwise generic blockchain infrastructure. Hyperledger Fabric claims to provide modular consensus and support for crash-fault and Byzantine fault tolerant protocols. However, integrating a BFT protocol has shown that Fabric's architecture is currently not well-suited for this fault model as it requires substantial changes and thereby breaks Fabric's modularity. This also has to be repeated for each integrated BFT protocol.In this paper, we present BLOXY, a blockchain-aware trusted proxy running on the replica that encapsulates all BFT client functionality. BLOXY enables transparent access to generic BFT frameworks and preserves Fabric's modularity even for the Byzantine fault model. It runs inside a trusted execution environment based on Intel's Software Guard Extensions. BLOXY offers blockchain-specific communication mechanisms as well as short-term block storage to handle crashes or disconnects to ensure that all nodes receive block updates. We implemented two BLOXY-based ordering services based on PBFT and the hybrid BFT protocol Hybster. Our evaluation shows that our approach increases the throughput of the ordering component by up to 71 % compared to directly integrated BFT protocols.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Signe Rüsch

EndBox: Scalable Middlebox Functions Using Client-Side Trusted Execution

Adding Fairness to Order: Preventing Front-Running Attacks in BFT Protocols using TEEs

ZugChain: Blockchain-Based Juridical Data Recording in Railway Systems

Towards Low-Latency Byzantine Agreement Protocols Using RDMA

Bloxy: Providing Transparent and Generic BFT-Based Ordering Services for Blockchains

Contact Info

Product

Resources

About