{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T07:00:16Z","timestamp":1782889216583,"version":"3.54.5"},"publisher-location":"New York, NY, USA","reference-count":66,"publisher":"ACM","license":[{"start":{"date-parts":[[2026,6,30]],"date-time":"2026-06-30T00:00:00Z","timestamp":1782777600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2026,6,30]]},"DOI":"10.1145\/3805773.3805992","type":"proceedings-article","created":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T05:20:41Z","timestamp":1782883241000},"page":"3-13","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["SGX-MB: A Secure Framework for Middleboxes Leveraging Intel SGX"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6673-4128","authenticated-orcid":false,"given":"Mahmoud","family":"Hofny","sequence":"first","affiliation":[{"name":"Concordia University, Montreal, Canada"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6376-4062","authenticated-orcid":false,"given":"Lianying","family":"Zhao","sequence":"additional","affiliation":[{"name":"Carleton University, Ottawa, Canada"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4284-8646","authenticated-orcid":false,"given":"Amr","family":"Youssef","sequence":"additional","affiliation":[{"name":"Concordia University, Montreal, Canada"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2026,6,30]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-97-1238-0_3"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/3689031.3696090"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","unstructured":"Mike Belshe Roberto Peon and Martin Thomson. 2015. Hypertext Transfer Protocol Version 2 (HTTP\/2). RFC 7540. doi:10.17487\/RFC7540 10.17487\/RFC7540","DOI":"10.17487\/RFC7540"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC5282"},{"key":"e_1_3_2_1_5_1","first-page":"991","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Bulck Jo Van","year":"2018","unstructured":"Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom, and Raoul Strackx. 2018. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution. In 27th USENIX Security Symposium (USENIX Security 18) (Baltimore, MD). USENIX Association, Berkeley, CA, USA, 991-1008. https: \/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/bulck"},{"key":"e_1_3_2_1_6_1","first-page":"645","volume-title":"Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX. In 2017 USENIX Annual Technical Conference (USENIX ATC 17)","author":"Tsai Chia","year":"2017","unstructured":"Chia che Tsai, Donald E. Porter, and Mona Vij. 2017. Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX. In 2017 USENIX Annual Technical Conference (USENIX ATC 17) (Santa Clara, CA). USENIX Association, Berkeley, CA, USA, 645-658. https:\/\/www.usenix.org\/conference\/atc17\/technicalsessions\/presentation\/tsai"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3053007"},{"key":"e_1_3_2_1_8_1","first-page":"551","volume-title":"DFC: Accelerating String Pattern Matching for Network Applications. In 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI 16)","author":"Choi Byungkwon","year":"2016","unstructured":"Byungkwon Choi, Jongwook Chae, Muhammad Jamshed, KyoungSoo Park, and Dongsu Han. 2016. DFC: Accelerating String Pattern Matching for Network Applications. In 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI 16) (Santa Clara, CA). USENIX Association, Berkeley, CA, USA, 551-565. https:\/\/www.usenix.org\/conference\/nsdi16\/technicalsessions\/presentation\/choi"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3580522"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3339814"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3533737.3535098"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNET"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC7231"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102731"},{"key":"e_1_3_2_1_15_1","volume-title":"Retrieved","year":"2026","unstructured":"GlobalPlatform. 2026. Trusted Execution Environment (TEE) Committee. Retrieved March 30, 2026 from https:\/\/globalplatform.org\/technical-committees\/ trusted-execution-environment-tee-committee\/"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2018.00048"},{"key":"e_1_3_2_1_17_1","volume-title":"Retrieved","year":"2026","unstructured":"Google. 2026. Trusty TEE. Retrieved March 30, 2026 from https:\/\/source.android. com\/docs\/security\/features\/trusty"},{"key":"e_1_3_2_1_18_1","volume-title":"Retrieved","year":"2025","unstructured":"Google. 2025. Chrome ROOT Store. Retrieved January 28, 2026"},{"key":"e_1_3_2_1_19_1","volume-title":"Retrieved","year":"2024","unstructured":"Gramine. 2024. Gramine documentation. Retrieved January 28, 2026 from https:\/\/gramine.readthedocs.io\/en\/stable\/"},{"key":"e_1_3_2_1_20_1","first-page":"4255","volume-title":"Zero-Knowledge Middleboxes. In 31st USENIX Security Symposium (USENIX Security 22)","author":"Grubbs Paul","year":"2022","unstructured":"Paul Grubbs, Arasu Arun, Ye Zhang, Joseph Bonneau, and Michael Walfish. 2022. Zero-Knowledge Middleboxes. In 31st USENIX Security Symposium (USENIX Security 22) (Boston, MA). USENIX Association, Berkeley, CA, USA, 4255-4272. https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/grubbs"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2020.3016785"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3106989.3106994"},{"key":"e_1_3_2_1_23_1","volume-title":"Retrieved","year":"2024","unstructured":"Huawei. 2024. NetEngine 8000 F8 V800R024C00SPC500 Configuration Guide: Trusted System Description. Retrieved March 30, 2026"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.13154\/tches.v2020.i1.321-"},{"key":"e_1_3_2_1_25_1","volume-title":"Retrieved","year":"2024","unstructured":"Intel. 2024. Hyperscan Library Source Code. Retrieved January 28, 2026 from https:\/\/github.com\/intel\/hyperscan"},{"key":"e_1_3_2_1_26_1","volume-title":"Retrieved","year":"2024","unstructured":"Intel. 2024. Intel\u00ae Software Guard Extensions (Intel\u00ae SGX). Retrieved January 28, 2026 from https:\/\/www.intel.com\/content\/www\/us\/en\/products\/docs\/ accelerator-engines\/software-guard-extensions.html"},{"key":"e_1_3_2_1_27_1","volume-title":"Black Hat Europe Archives (Amsterdam, Netherlands). Black Hat","author":"Jarmoc Jeff","unstructured":"Jeff Jarmoc and DSCT Unit. 2012. SSL\/TLS interception proxies and transitive trust. In Black Hat Europe Archives (Amsterdam, Netherlands). Black Hat, London, UK, 21 pages. https:\/\/media.blackhat.com\/bh-eu-12\/Jarmoc\/bh-eu-12-Jarmoc- SSL_TLS_Interception-WP.pdf"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2018.12.001"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM53939.2023.10229081"},{"key":"e_1_3_2_1_30_1","volume-title":"13th USENIX Symposium on Networked Systems Design and Implementation (NSDI 16)","author":"Lan Chang","year":"2016","unstructured":"Chang Lan, Justine Sherry, Raluca Ada Popa, Sylvia Ratnasamy, and Zhi Liu. 2016. Embark: Securely Outsourcing Middleboxes to the Cloud. In 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI 16) (Santa"},{"key":"e_1_3_2_1_31_1","unstructured":"Clara CA). USENIX Association Berkeley CA USA 255-273. https:\/\/www. usenix.org\/conference\/nsdi16\/technical-sessions\/presentation\/lan"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23547"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3386367.3431310"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/JIOT.2019.2953715"},{"key":"e_1_3_2_1_36_1","volume-title":"Retrieved","year":"2024","unstructured":"LittleData. 2024. What is the average server response time? Retrieved January 28, 2026 from https:\/\/lp.littledata.io\/average\/server-response-time"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3676641.3716004"},{"key":"e_1_3_2_1_38_1","volume-title":"Retrieved","year":"2025","unstructured":"Microsoft. 2025. List of Participants -Microsoft Trusted Root Program. Retrieved January 28, 2026 from https:\/\/learn.microsoft.com\/en-us\/security\/trusted-root\/ participants-list"},{"key":"e_1_3_2_1_39_1","volume-title":"Retrieved","year":"2025","unstructured":"Mozilla. 2025. Mozilla Included CA Certificate List. Retrieved January 28, 2026 from https:\/\/wiki.mozilla.org\/CA\/Included_Certificates"},{"key":"e_1_3_2_1_40_1","volume-title":"Retrieved","year":"2025","unstructured":"Mozilla. 2025. Mozilla Root Store Policy. Retrieved January 28, 2026"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103180"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/3143361.3143383"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/2829988.2787482"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-58951-6_1"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354204"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/3457904"},{"key":"e_1_3_2_1_47_1","first-page":"201","volume-title":"SafeBricks: Shielding Network Functions in the Cloud. In 15th USENIX Symposium on Networked Systems Design and Implementation (NSDI 18)","author":"Poddar Rishabh","year":"2018","unstructured":"Rishabh Poddar, Chang Lan, Raluca Ada Popa, and Sylvia Ratnasamy. 2018. SafeBricks: Shielding Network Functions in the Cloud. In 15th USENIX Symposium on Networked Systems Design and Implementation (NSDI 18). USENIX Association, Renton, WA, 201-216. https:\/\/www.usenix.org\/conference\/nsdi18\/presentation\/ poddar"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.48550\/arXiv.2101.04338"},{"key":"e_1_3_2_1_49_1","volume-title":"Retrieved","year":"2024","unstructured":"Proofpoint. 2024. Proofpoint Emerging Threats Rules. Retrieved January 28, 2026 from https:\/\/rules.emergingthreats.net\/open\/"},{"key":"e_1_3_2_1_50_1","first-page":"663","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Puddu Ivan","year":"2021","unstructured":"Ivan Puddu, Moritz Schneider, Miro Haller, and Srdjan Capkun. 2021. Frontal Attack: Leaking Control-Flow in SGX via the CPU Frontend. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, 663-680. https: \/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/puddu"},{"key":"e_1_3_2_1_51_1","volume-title":"Retrieved","year":"2025","unstructured":"Qualcomm. 2025. Qualcomm Trusted Execution Environment. Retrieved March 30, 2026 from https:\/\/docs.qualcomm.com\/doc\/80-70018-11\/topic\/qualcommtrusted-execution-environment.html"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/TCC.2020.2991167"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","unstructured":"Eric Rescorla. 2018. The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446. doi:10.17487\/RFC8446 10.17487\/RFC8446","DOI":"10.17487\/RFC8446"},{"key":"e_1_3_2_1_54_1","first-page":"753","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Schwarz Fabian","year":"2020","unstructured":"Fabian Schwarz and Christian Rossow. 2020. SENG, the SGX-Enforcing Network Gateway: Authorizing Communication from Shielded Clients. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 753-770. https: \/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/schwarz"},{"key":"e_1_3_2_1_55_1","volume-title":"Retrieved","author":"Security Calyptix","year":"2024","unstructured":"Calyptix Security. 2024. Egress Filtering 101: What it is and how to do it. Retrieved January 28, 2026 from https:\/\/www.calyptix.com\/educational-resources\/egressfiltering-101-what-it-is-and-how-to-do-it\/"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/2785956.2787502"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23193"},{"key":"e_1_3_2_1_58_1","volume-title":"Retrieved","year":"2024","unstructured":"Snort. 2024. Snort -Network Intrusion Detection & Prevention System. Retrieved January 28, 2026 from https:\/\/www.snort.org\/"},{"key":"e_1_3_2_1_59_1","volume-title":"Retrieved","year":"2024","unstructured":"Suricata. 2024. Suricata. Retrieved January 28, 2026 from https:\/\/suricata.io\/"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/3185467.3185469"},{"key":"e_1_3_2_1_61_1","volume-title":"USENIX Security (Seattle, WA, USA)","author":"Vanoverloop Daan","unstructured":"Daan Vanoverloop, Andres Sanchez, Flavio Toffalini, Frank Piessens, Mathias Payer, and Jo Van Bulck. 2025. TLBlur: Compiler-assisted automated hardening against controlled channels on off-the-shelf Intel SGX platforms. In USENIX Security (Seattle, WA, USA), Vol. 25. USENIX Association, Berkeley, CA, USA. https: \/\/www.usenix.org\/conference\/usenixsecurity25\/presentation\/vanoverloop"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1109\/MNET.2017.1700060"},{"key":"e_1_3_2_1_63_1","first-page":"631","volume-title":"Hyperscan: A Fast Multi-pattern Regex Matcher for Modern CPUs. In 16th USENIX Symposium on Networked Systems Design and Implementation (NSDI 19)","author":"Wang Xiang","year":"2019","unstructured":"Xiang Wang, Yang Hong, Harry Chang, KyoungSoo Park, Geoff Langdale, Jiayu Hu, and Heqing Zhu. 2019. Hyperscan: A Fast Multi-pattern Regex Matcher for Modern CPUs. In 16th USENIX Symposium on Networked Systems Design and Implementation (NSDI 19). USENIX Association, Boston, MA, 631-648. https: \/\/www.usenix.org\/conference\/nsdi19\/presentation\/wang-xiang"},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-06975-8_6"},{"key":"e_1_3_2_1_65_1","first-page":"1917","volume-title":"21st USENIX Symposium on Networked Systems Design and Implementation (NSDI 24)","author":"Zhang Collin","year":"2024","unstructured":"Collin Zhang, Zachary DeStefano, Arasu Arun, Joseph Bonneau, Paul Grubbs, and Michael Walfish. 2024. Zombie: Middleboxes that Don't Snoop. In 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI 24) (Santa Clara, CA). USENIX Association, Berkeley, CA, USA, 1917-1936. https: \/\/www.usenix.org\/conference\/nsdi24\/presentation\/zhang-collin"},{"key":"e_1_3_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484768"}],"event":{"name":"SecDev '26: 2026 ACM Secure Development Conference","location":"Montreal QC Canada","acronym":"SecDev '26","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering"]},"container-title":["Proceedings of the 2026 ACM Secure Development Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3805773.3805992","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T05:24:16Z","timestamp":1782883456000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3805773.3805992"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,6,30]]},"references-count":66,"alternative-id":["10.1145\/3805773.3805992","10.1145\/3805773"],"URL":"https:\/\/doi.org\/10.1145\/3805773.3805992","relation":{},"subject":[],"published":{"date-parts":[[2026,6,30]]},"assertion":[{"value":"2026-06-30","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}