Characterizing Secure Dynamic Web Applications Scalability
IPDPS '05 Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Papers - Volume 01
Performance analysis of TLS Web servers
ACM Transactions on Computer Systems (TOCS)
Improving secure server performance by re-balancing SSL/TLS handshakes
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Designing an overload control strategy for secure e-commerce applications
Computer Networks: The International Journal of Computer and Telecommunications Networking
iOBS3: An iSCSI-Based Object Storage Security System
Computational Intelligence and Security
Study on security iSCSI based on SSH
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
Hi-index | 0.00 |
Although there exist accelerator products to increasethroughput of encrypted transactions produced by an InternetHTTP server, there are no current architectures thatprovide a truly coordinated and scalable solution for SecureSocket Layer (SSL) encrypted communications. Thispaper presents an architecture that facilitates high volumeSSL Internet serving, scaling from thousands to millions ofindependently active SSL sessions. Reliability, availability,serviceability, and on-line error recovery requirements forsuch an application are also addressed.Our approach is to offload SSL set-up protocol activitythat was traditionally executed by Transaction Engines (anddedicated co-processors), to a scalable array of SSL Hand-shakeProtocol specific servers. This significantly reducesutilization on the Transaction Engines since SSL sessionset-up is a CPU intensive operation. Additionally, the actualencryption/decryption processing is offloaded as well,to a dedicated and scalable array of In-Line Encryption Engine(s). The In-Line Encryption Engine is architected suchthat requests and responses flowing to and from the Trans-actionServers are in clear text. A benefit of this arrangementis that Transaction Engines (as well as Web AcceleratorProxies) will retain the ability to cache web objects,while firewalls will retain the ability to perform packet levelinspection of all traffic directed to the transaction engines.Such features have been sacrificed in prior SSL implementations.