Research

HardMesh: A SmartNIC-accelerated ingress gateway for cloud service meshes
Service meshes enable microservices in cloud environments but suffer from significant performance bottlenecks at the ingress gateway. HardMesh introduces a hardware–software hybrid design that offloads traffic analysis and routing to a SmartNIC while retaining lightweight traffic management on the CPU. This co-design achieves up to 4.4× higher throughput compared to existing ingress gateways, providing both high performance and full traffic management capabilities.

[ACM SIGCOMM 25 shorts]

MUFFLER: Dynamic traffic obfuscation for securing Tor egress connections

Tor enables anonymous communication but remains vulnerable to flow correlation attacks that match ingress and egress traffic patterns. MUFFLER introduces a connection-level obfuscation system that dynamically maps real connections to multiple virtual ones at the Tor egress, creating patterns fundamentally different from ingress traffic. Without relying on padding or delays, MUFFLER achieves strong protection against correlation attacks with minimal overhead, reducing latency by up to 27× compared to prior defenses while integrating seamlessly into the existing Tor architecture.

[IEEE INFOCOM 25]

HardWhale: SmartNIC-based network security enforcement for containers

Containerized microservices increasingly rely on secure networking, yet existing solutions depend on the host OS to enforce policies, leaving them vulnerable and inefficient. HardWhale introduces a hardware-isolated enforcement system that leverages a SmartNIC to inspect and manage container traffic independently of the host. By isolating policies on the SmartNIC and enabling secure runtime updates, HardWhale ensures strong protection even in compromised environments. It improves security against diverse attacks while achieving up to 3× higher throughput and 2.3× lower latency compared to state-of-the-art solutions.

[IEEE ICDCS 24]