{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,7]],"date-time":"2025-11-07T09:53:21Z","timestamp":1762509201590,"version":"3.28.0"},"reference-count":54,"publisher":"IEEE","license":[{"start":{"date-parts":[[2024,5,20]],"date-time":"2024-05-20T00:00:00Z","timestamp":1716163200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2024,5,20]],"date-time":"2024-05-20T00:00:00Z","timestamp":1716163200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024,5,20]]},"DOI":"10.1109\/infocom52122.2024.10621259","type":"proceedings-article","created":{"date-parts":[[2024,8,12]],"date-time":"2024-08-12T17:25:41Z","timestamp":1723483541000},"page":"1041-1050","source":"Crossref","is-referenced-by-count":1,"title":["Zeta: Transparent Zero-Trust Security Add-on for RDMA"],"prefix":"10.1109","author":[{"given":"Hyunseok","family":"Chang","sequence":"first","affiliation":[{"name":"Nokia Bell Labs,Murray Hill,NJ,USA"}]},{"given":"Sarit","family":"Mukherjee","sequence":"additional","affiliation":[{"name":"Nokia Bell Labs,Murray Hill,NJ,USA"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1145\/1851182.1851192"},{"article-title":"Deadline-Aware Data-center TCP (D2TCP)","volume-title":"Proc. ACM SIGCOMM \u201912","author":"Vamanan","key":"ref2"},{"article-title":"PCC: Re-architecting Congestion Control for Consistent High Performance","volume-title":"Proc. USENIX NSDI \u201915","author":"Dong","key":"ref3"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1145\/3387514.3406591"},{"key":"ref5","doi-asserted-by":"crossref","DOI":"10.1145\/3012426.3022184","article-title":"BBR: Congestion-Based Congestion Control","volume":"14","author":"Cardwell","year":"2016","journal-title":"ACM Queue"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1145\/3230543.3230557"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/3386367.3431316"},{"article-title":"Azure Accelerated Networking: SmartNICs in the Public Cloud","volume-title":"Proc. USENIX NSDI \u201918","author":"Firestone","key":"ref8"},{"article-title":"Securing RDMA for High-Performance Datacenter Storage Systems","volume-title":"Proc. USENIX HotCloud \u201920","author":"Simpson","key":"ref9"},{"article-title":"ReDMArk: Bypassing RDMA Security Mechanisms","volume-title":"Proc. USENIX Security \u201921","author":"Rothenberger","key":"ref10"},{"key":"ref11","doi-asserted-by":"crossref","first-page":"800","DOI":"10.6028\/NIST.SP.800-207","volume-title":"Zero Trust Architecture","author":"Rose","year":"2020"},{"volume-title":"Improve Performance of a File Server with SMB Direct","year":"2016","key":"ref12"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/3482898.3483363"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.14778\/3236187.3236209"},{"volume-title":"SELinux support for Infiniband RDMA","year":"2016","author":"Jurgens","key":"ref15"},{"article-title":"Security in Mellanox Technologies InfiniBand Fabrics","volume-title":"Mellanox, Tech. Rep.","year":"2012","key":"ref16"},{"volume-title":"NVDIA ConnectX-6 Dx Ethernet SmiartNIC","key":"ref17"},{"article-title":"Building an Application-Aware IPsec Policy System","volume-title":"Proc. 14th USENIX Security Symposium","author":"Yin","key":"ref18"},{"article-title":"sRDMA \u2013 Efficient NIC-based Authentication and Encryption for Remote Direct Memory Access","volume-title":"Proc. USENIX Annual Technical Conference","author":"Taranov","key":"ref19"},{"volume-title":"Cilium","key":"ref20"},{"volume-title":"Calico","key":"ref21"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/3314148.3314349"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274720"},{"article-title":"SCONE: Secure Linux Containers with Intel SGX","volume-title":"Proc. USENIX OSDI \u201916","author":"Arnautov","key":"ref24"},{"article-title":"Confine: Automated System Call Policy Generation for Container Attack Surface Reduction","volume-title":"Proc. USENIX RAID \u201920","author":"Ghavamnia","key":"ref25"},{"article-title":"Security Namespace: Making Linux Security Frameworks Available to Containers","volume-title":"Proc. 27th USENIX Security Symposium","author":"Sun","key":"ref26"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/3474123.3486762"},{"article-title":"BPFCONTAIN: Fixing the Soft Underbelly of Container Security","year":"2021","author":"Findlay","key":"ref28"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/HCS52781.2021.9567455"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/HCS52781.2021.9567066"},{"volume-title":"A thorough introduction to eBPF","key":"ref31"},{"volume-title":"Open vSwitch","key":"ref32"},{"volume-title":"Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection","year":"1998","author":"Ptacek","key":"ref33"},{"volume-title":"Segmentation Offloads","key":"ref34"},{"key":"ref35","first-page":"4459","volume-title":"MTU and Fragmentation Issues with In-the-Network Tunneling","author":"Savola","year":"2006"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-72582-2_27"},{"key":"ref37","first-page":"4880","volume-title":"OpenPGP Message Format","author":"Callas","year":"2007"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/CLUSTER.2019.8891004"},{"volume-title":"RoCE v2.0 UDP Source Port Entropy","year":"2019","author":"Rosenbaum","key":"ref39"},{"volume-title":"VPP - fd.io","key":"ref40"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1145\/3373360.3380837"},{"volume-title":"Mellanox BlueField PKA support","key":"ref42"},{"volume-title":"InfiniBand Architecture Specification Volume 1, Release 1.2.1","year":"2007","key":"ref43"},{"volume-title":"BlueField DPU \u2013 Mode of Operation","key":"ref44"},{"volume-title":"Generic flow API (rte_flow)","key":"ref45"},{"volume-title":"[dpdk-dev] [RFC] net\/mlx5: add IPsec offload support","author":"Ovsiienko","key":"ref46"},{"volume-title":"Mellanox Technologies, Tech. Rep., rev 2.3","key":"ref47","article-title":"Public Key Accelerator: Driver Design and Implementation Architecture Document"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1145\/3411029.3411034"},{"volume-title":"Perftest: Infiniband Verbs Performance Tests","key":"ref49"},{"volume-title":"How to Configure NFS over RDMA (RoCE)","year":"2022","key":"ref50"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1109\/IWQoS57198.2023.10188785"},{"volume-title":"NVIDIA GPUDirect","key":"ref52"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-72582-2_19"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1145\/3411495.3421358"}],"event":{"name":"IEEE INFOCOM 2024 - IEEE Conference on Computer Communications","start":{"date-parts":[[2024,5,20]]},"location":"Vancouver, BC, Canada","end":{"date-parts":[[2024,5,23]]}},"container-title":["IEEE INFOCOM 2024 - IEEE Conference on Computer Communications"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/10621050\/10621073\/10621259.pdf?arnumber=10621259","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,8,21]],"date-time":"2024-08-21T22:49:33Z","timestamp":1724280573000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10621259\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,5,20]]},"references-count":54,"URL":"https:\/\/doi.org\/10.1109\/infocom52122.2024.10621259","relation":{},"subject":[],"published":{"date-parts":[[2024,5,20]]}}}