{"title":"加速应用级安全协议","authors":"Matthew Burnside, A. Keromytis","doi":"10.1109/ICON.2003.1266209","DOIUrl":null,"url":null,"abstract":"We present a minimal extension to the BSD socket layer that can improve the performance of application-level security protocols, such as SSH or SSL/TLS, by 10%, when hardware cryptographic accelerators are available in the system. Applications specify what cryptographic transforms must be applied to incoming and outgoing data frames, and such processing is applied by the operating system itself (exploiting hardware accelerators) when the application sends or receives data. Under this scheme, we can reduce the number of system calls and context switches by 50%, and the amount of data copying by 66%. We describe our prototype implementation for the openBSD system and quantify its performance implications. We conclude with a discussion of further possible performance improvements that our approach enables.","PeriodicalId":122389,"journal":{"name":"The 11th IEEE International Conference on Networks, 2003. ICON2003.","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2003-09-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Accelerating application-level security protocols\",\"authors\":\"Matthew Burnside, A. Keromytis\",\"doi\":\"10.1109/ICON.2003.1266209\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We present a minimal extension to the BSD socket layer that can improve the performance of application-level security protocols, such as SSH or SSL/TLS, by 10%, when hardware cryptographic accelerators are available in the system. Applications specify what cryptographic transforms must be applied to incoming and outgoing data frames, and such processing is applied by the operating system itself (exploiting hardware accelerators) when the application sends or receives data. Under this scheme, we can reduce the number of system calls and context switches by 50%, and the amount of data copying by 66%. We describe our prototype implementation for the openBSD system and quantify its performance implications. We conclude with a discussion of further possible performance improvements that our approach enables.\",\"PeriodicalId\":122389,\"journal\":{\"name\":\"The 11th IEEE International Conference on Networks, 2003. ICON2003.\",\"volume\":\"2 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2003-09-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"The 11th IEEE International Conference on Networks, 2003. ICON2003.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICON.2003.1266209\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"The 11th IEEE International Conference on Networks, 2003. ICON2003.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICON.2003.1266209","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
We present a minimal extension to the BSD socket layer that can improve the performance of application-level security protocols, such as SSH or SSL/TLS, by 10%, when hardware cryptographic accelerators are available in the system. Applications specify what cryptographic transforms must be applied to incoming and outgoing data frames, and such processing is applied by the operating system itself (exploiting hardware accelerators) when the application sends or receives data. Under this scheme, we can reduce the number of system calls and context switches by 50%, and the amount of data copying by 66%. We describe our prototype implementation for the openBSD system and quantify its performance implications. We conclude with a discussion of further possible performance improvements that our approach enables.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
