Efficient demultiplexing of incoming TCP packets
SIGCOMM '92 Conference proceedings on Communications architectures & protocols
The impact of operating system structure on memory system performance
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Fbufs: a high-bandwidth cross-domain transfer facility
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Experiences with a high-speed network adaptor: a software perspective
SIGCOMM '94 Proceedings of the conference on Communications architectures, protocols and applications
User-space protocols deliver high performance to applications on a low-cost Gb/s LAN
SIGCOMM '94 Proceedings of the conference on Communications architectures, protocols and applications
U-Net: a user-level network interface for parallel and distributed computing
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
The performance of the Container Shipping I/O system
SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Using the SimOS machine simulator to study complex computer systems
ACM Transactions on Modeling and Computer Simulation (TOMACS)
Analysis of techniques to improve protocol processing latency
Conference proceedings on Applications, technologies, architectures, and protocols for computer communications
Performance issues of enterprise level web proxies
SIGMETRICS '97 Proceedings of the 1997 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Cluster-based scalable network services
Proceedings of the sixteenth ACM symposium on Operating systems principles
Locality-aware request distribution in cluster-based network servers
Proceedings of the eighth international conference on Architectural support for programming languages and operating systems
IO-lite: a unified I/O buffering and caching system
OSDI '99 Proceedings of the third symposium on Operating systems design and implementation
Better operating system features for faster network servers
ACM SIGMETRICS Performance Evaluation Review
Public-key cryptography and password protocols
ACM Transactions on Information and System Security (TISSEC)
Inductive analysis of the Internet protocol TLS
ACM Transactions on Information and System Security (TISSEC)
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
The effects of wide-area conditions on WWW server performance
Proceedings of the 2001 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
SEDA: an architecture for well-conditioned, scalable internet services
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Performance issues in WWW servers
IEEE/ACM Transactions on Networking (TON)
Network Security with Openssl
Apache: The Definitive Guide
Measuring the capacity of a Web server under realistic loads
World Wide Web
Increasing web server throughput with network interface data caching
Proceedings of the 10th international conference on Architectural support for programming languages and operating systems
Improving SSL Handshake Performance via Batching
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
A Study of the Relative Costs of Network Security Protocols
Proceedings of the FREENIX Track: 2002 USENIX Annual Technical Conference
Finite-State Analysis of Security Protocols
CAV '98 Proceedings of the 10th International Conference on Computer Aided Verification
Secure Blue: An Architecture for a Scalable, Reliable, High Volume SSL Internet Server
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Analysis of the SSL Protocol
An Efficient Zero-Copy I/O Framework for UNIX
An Efficient Zero-Copy I/O Framework for UNIX
Analysis of the SSL 3.0 protocol
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
Scalable kernel performance for internet servers under realistic loads
ATEC '98 Proceedings of the annual conference on USENIX Annual Technical Conference
A hierarchical internet object cache
ATEC '96 Proceedings of the 1996 annual conference on USENIX Annual Technical Conference
ATEC '96 Proceedings of the 1996 annual conference on USENIX Annual Technical Conference
Flash: an efficient and portable web server
ATEC '99 Proceedings of the annual conference on USENIX Annual Technical Conference
A scalable and explicit event delivery mechanism for UNIX
ATEC '99 Proceedings of the annual conference on USENIX Annual Technical Conference
Cryptography as an operating system service: A case study
ACM Transactions on Computer Systems (TOCS)
Cryptographic strength of ssl/tls servers: current and recent practices
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Performance analysis of network operating systems in local area networks
CEA'08 Proceedings of the 2nd WSEAS International Conference on Computer Engineering and Applications
Session resumption for the secure shell protocol
IM'09 Proceedings of the 11th IFIP/IEEE international conference on Symposium on Integrated Network Management
Improving e-payment security using Elliptic Curve Cryptosystem
Electronic Commerce Research
A session key caching and prefetching scheme for secure communication in cluster systems
Journal of Parallel and Distributed Computing
USENIXATC'10 Proceedings of the 2010 USENIX conference on USENIX annual technical conference
Analysis of IPSec overheads for VPN servers
NPSEC'05 Proceedings of the First international conference on Secure network protocols
Integrity of the web content: the case of online advertising
CollSec'10 Proceedings of the 2010 international conference on Collaborative methods for security and privacy
An integrated approach to cryptographic mitigation of denial-of-service attacks
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
ACCENT: Cognitive cryptography plugged compression for SSL/TLS-based cloud computing services
ACM Transactions on Internet Technology (TOIT)
Legal concepts meet technology: a 50-state survey of privacy laws
Proceedings of the 2011 Workshop on Governance of Technology, Information, and Policies
ICICS'09 Proceedings of the 11th international conference on Information and Communications Security
CMS'10 Proceedings of the 11th IFIP TC 6/TC 11 international conference on Communications and Multimedia Security
One-time cookies: Preventing session hijacking attacks with stateless authentication tokens
ACM Transactions on Internet Technology (TOIT)
Transaction-based authentication and key agreement protocol for inter-domain VoIP
Journal of Network and Computer Applications
iHTTP: efficient authentication of non-confidential HTTP traffic
ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
LAKE: A Server-Side Authenticated Key-Establishment with Low Computational Workload
ACM Transactions on Internet Technology (TOIT)
Computer Standards & Interfaces
Hi-index | 0.00 |
TLS is the protocol of choice for securing today's e-commerce and online transactions but adding TLS to a Web server imposes a significant overhead relative to an insecure Web server on the same platform. We perform a comprehensive study of the performance costs of TLS. Our methodology is to profile TLS Web servers with trace-driven workloads, replace individual components inside TLS with no-ops, and measure the observed increase in server throughput. We estimate the relative costs of each TLS processing stage, identifying the areas for which future optimizations would be worthwhile. Our results show that while the RSA operations represent the largest performance cost in TLS Web servers, they do not solely account for TLS overhead. RSA accelerators are effective for e-commerce site workloads since they experience low TLS session reuse. Accelerators appear to be less effective for sites where all the requests are handled by a TLS server because they have a higher session reuse rate. In this case, investing in a faster CPU might provide a greater boost in performance. Our experiments show that having a second CPU is at least as useful as an RSA accelerator. Our results seem to suggest that, as CPUs become faster, the cryptographic costs of TLS will become dwarfed by the CPU costs of the nonsecurity aspects of a Web server. Optimizations aimed at general purpose Web servers should continue to be a focus of research and would benefit secure Web servers as well.