DOCSLIB.ORG

Architectural Support for Security Management in Enterprise Networks

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Architectural Support for Security Management in Enterprise Networks ARCHITECTURAL SUPPORT FOR SECURITY MANAGEMENT IN ENTERPRISE NETWORKS A DISSERTATION SUBMITTED TO THE DEPARTMENT OF COMPUTER SCIENCE AND THE COMMITTEE ON GRADUATE STUDIES OF STANFORD UNIVERSITY IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF DOCTOR OF PHILOSOPHY Martin Casado August 2007 Reproduced with permission of the copyright owner. Further reproduction prohibited without permission. UMI Number: 3281806 INFORMATION TO USERS The quality of this reproduction is dependent upon the quality of the copy submitted. Broken or indistinct print, colored or poor quality illustrations and photographs, print bleed-through, substandard margins, and improper alignment can adversely affect reproduction. In the unlikely event that the author did not send a complete manuscript and there are missing pages, these will be noted. Also, if unauthorized copyright material had to be removed, a note will indicate the deletion. ® UMI UMI Microform 3281806 Copyright 2007 by ProQuest Information and Learning Company. All rights reserved. This microform edition is protected against unauthorized copying under Title 17, United States Code. ProQuest Information and Learning Company 300 North Zeeb Road P.O. Box 1346 Ann Arbor, Ml 48106-1346 Reproduced with permission of the copyright owner. Further reproduction prohibited without permission. (c) Copyright by Martin Casado 2007 All Rights Reserved ii Reproduced with permission of the copyright owner. Further reproduction prohibited without permission. I certify that I have read this dissertation and that, in my opinion, it is fully adequate in scope and quality as a dissertation for the degree of Doctor of Philosophy. f f- f (Nick McKeown) Principal Adviser I certify that I have read this dissertation and that, in my opinion, it is fully adequate in scope and quality as a dissertation for the degree of Doctor of Philosophy. (Scott Shenker) I certify that I have read this dissertation and that, in my opinion, it is fully adequate in scope and quality as a dissertation for the degree of Doctor of Philosophy. (Dan Boneh) Approved for the University Committee on Graduate Studies. iii Reproduced with permission of the copyright owner. Further reproduction prohibited without permission. To my parents, and their power to lend dreams. And to my niece Brittani, and her power to achieve them. iv Reproduced with permission of the copyright owner. Further reproduction prohibited without permission. Abstract Enterprise networks are often large, run a wide variety of applications and protocols, and operate under strict reliability constraints; thus, they represent a challenging environment for security management. Security policies in todays enterprise are typ­ ically enforced by regulating connectivity with a combination of complex routing and bridging policies along with various interdiction mechanisms such as ACLs, packet filters, and middleboxes that attempt to retrofit access control onto an otherwise permissive network architecture. This leads to networks that are inflexible, fragile, difficult to manage, and still riddled with security problems. This thesis presents a principled approach to network redesign that creates more secure and manageable networks. We propose a new network architecture in which a global security policy defines all connectivity. The policy is declared at a logically centralized Controller and then enforced directly at each switch. All communication must first obtain permission from the Controller before being forwarded by any of the network switches. The Controller manages the policy namespace and performs all routing and access control decisions, while the switches are reduced to simple forwarding engines that enforce the Controller’s decisions. We present an idealized instantiation of the network architecture called SANE. In SANE, the Controller grants permission to requesting flows by handing out ca­ pabilities (encrypted source routes). SANE switches will only forward a packet if it contains a valid capability between the link and network headers. SANE thus intro­ duces a new, low-level protection layer that defines all connectivity on the network. We present the design and prototype implementation, showing that the design can easily scale to networks of tens of thousands of nodes. v Reproduced with permission of the copyright owner. Further reproduction prohibited without permission. SANE would require a fork-lift replacement of an enterprise’s entire networking infrastructure and changes to all the end-hosts. While this might be suitable in some cases, it is clearly a significant impediment to widespread adoption. To address this, we present Ethane a deployable instantiation of our architecture. Ethane does not require modification to end-hosts and can be incrementally deployed within an exist­ ing network. Instead of handing out capabilities, permission is granted by explicitly setting up flows at each switch. We have implemented Ethane in both hardware and software, supporting both wired and wireless hosts. We describe our experience managing an operational Ethane network of over 300 hosts. vi Reproduced with permission of the copyright owner. Further reproduction prohibited without permission. Acknowledgements It is hard to overstate the impact my adviser, Nick McKeown, has had on my growth as a student, an engineer, and a researcher. His introductory networking course, which I took prior to attending graduate school, re-enforced my passion for networks, led me to apply for the Ph.D. program, and remains the best class I have ever taken. Through example, Nick has shaped my perception of what it takes to be a world class researcher: unwavering focus, comfort with risk, trend skepticism, attention to detail, and the ability to discern deep results over shallow findings. He is a model researcher, an accomplished entrepreneur, an inspiring educator, and a brilliant adviser. I am deeply honored to be a member of his group. I would also like to thank Dan Boneh and Scott Shenker for their mentorship dur­ ing my studies. In addition to research guidance, I am very grateful for the comments and feedback they provided while enduring positions on my reading committee. The primary focus of my thesis grew out of the SANE and Ethane projects, neither of which would have been successful without our exceptionally skilled team. I would like to thank Michael Freedman, Tal Garfinkel, Justin Pettit, Jianying Luo, Aditya Akella, Natasha Gude, Gregory Watson, Dan Boneh, Scott Shenker and Nick McKeown for their many significant contributions. Throughout my graduate studies I was fortunate enough to be a member of the high performance networking group, the best research group on the planet. Every member has had a hand in very positively shaping my graduate experience. In ad­ dition to those already mentioned, I thank Guido Appenzeller, Shang-Tse Chuang, Isaac Keslassy, Sundar Iyer, Neda Beheshti, Nandita Dukkipati, Glenn Gibb, Yashar vii Reproduced with permission of the copyright owner. Further reproduction prohibited without permission. Ganjali, Jad Naous, Rui Zhang-Shen, Dan Wendlandt, Paul Tarjan, and David Er­ ickson. I also had the privilege to work with a number of extremely talented researchers outside of my core research group. With each new project, I learned a little more about software development, research, writing, and the vicissitudes of the peer review process. Certainly, my acquired skill-set over the last few years was largely snatched, borrowed, pilfered, and copied from my various collaborators. To this end, I would like to thank Pei Cao, Aditya Akella, Tal Garfinkel, Vern Paxson, and Michael Freedman. Finally, I would like to thank my wife Kristin - I simply could not have managed without her encouragement and support. It is widely accepted that being the spouse of a Ph.D. student requires tremendous patience and understanding. A less well-known corollary is that these requirements are doubled if the field of study is computer science, and again doubled if Nick is the research adviser. Enduring the trek with me was a monumental feat for which I will always be grateful. Above all, thanks to you, my love. viii Reproduced with permission of the copyright owner. Further reproduction prohibited without permission. Contents iv Abstract v Acknowledgements vii 1 Introduction 1 1.1 Problems with Current Approaches ........................................................ 2 1.2 Solution Requirements .............................................................................. 4 1.2.1 Threat Environment..................................................................... 6 1.3 A Centralized, Default-Off Solution ........................................................ 6 1.4 Why Focus on the Enterprise? ................................................................. 8 1.5 Previous W orks .......................................................................................... 9 1.6 Organization of T hesis .............................................................................. 11 2 SANE: An Idealized Architecture 13 2.1 Introduction ................................................................................................ 13 2.2 System Architecture ................................................................................. 13 2.2.1 C ontroller........................................................................................ 14 2.2.2 Network Service D irectory ............................................................ 16 2.2.3 Protection L a y e
Load more

Recommended publications
  • Readdressing Network Layers
    Readdressing Network Layers James McCauley Electrical Engineering and Computer Sciences University of California at Berkeley Technical Report No. UCB/EECS-2020-161 http://www2.eecs.berkeley.edu/Pubs/TechRpts/2020/EECS-2020-161.html August 14, 2020 Copyright © 2020, by the author(s). All rights reserved. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission. Readdressing Network Layers By James Ash McCauley A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Computer Science in the Graduate Division of the University of California, Berkeley Committee in charge: Professor Scott Shenker, Chair Professor Sylvia Ratnasamy Professor Coye Cheshire Summer 2020 Readdressing Network Layers Copyright 2020 by James Ash McCauley 1 Abstract Readdressing Network Layers by James Ash McCauley Doctor of Philosophy in Computer Science University of California, Berkeley Professor Scott Shenker, Chair It has long been common practice to split the functionality of computer networks into distinct layers. In the context of the most common networks today, there are five such layers, bracketed by hardware at the lowest layer and application software at the highest. While this modularization has generally been a huge success story for the field, networks have now been subject to decades of changes in terms of both technologies and use cases.
    [Show full text]
  • Nick Feamster
    Nick Feamster Neubauer Professor [email protected] Department of Computer Science https://people.cs.uchicago.edu/˜feamster/ University of Chicago https://noise.cs.uchicago.edu/ 5730 South Ellis Avenue https://medium.com/@feamster/ Chicago, Illinois 60637 Research Interests My research focuses on networked computer systems, with an emphasis on network architecture and protocol design; network security, management, and measurement; routing; and anti-censorship techniques. The primary goal of my research is to design tools, techniques, and policies to help networks operate better, and to enable users of these networks (both public and private) to experience high availability and good end-to-end performance. The problems that I tackle often involve the intersection of networking technology and policy. I study problems in the pricing and economics of Internet interconnection, global Internet censorship and information control, the security and privacy implications of emerging technologies, and the performance of consumer, commercial, and enterprise networks. My research achieves impact through new design paradigms in network architecture, the release of open-source software systems, and data and evidence that can influence public policy discourse. Education Degree Year University Field Ph.D. 2005 Massachusetts Institute of Technology Computer Science Cambridge, MA Dissertation: Proactive Techniques for Correct and Predictable Internet Routing Sprowls Honorable Mention for best MIT Ph.D. dissertation in Computer Science Advisor: Hari Balakrishnan
    [Show full text]
  • A New Approach to Network Function Virtualization
    A New Approach to Network Function Virtualization By Aurojit Panda A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Computer Science in the Graduate Division of the University of California, Berkeley Committee in charge: Professor Scott J. Shenker, Chair Professor Sylvia Ratnasamy Professor Ion Stoica Professor Deirdre Mulligan Summer 2017 A New Approach to Network Function Virtualization Copyright 2017 by Aurojit Panda 1 Abstract A New Approach to Network Function Virtualization by Aurojit Panda Doctor of Philosophy in Computer Science University of California, Berkeley Professor Scott J. Shenker, Chair Networks provide functionality beyond just packet routing and delivery. Network functions such as firewalls, caches, WAN optimizers, etc. are crucial for scaling networks and in supporting new applications. While traditionally network functions were implemented using dedicated hardware middleboxes, recent efforts have resulted in them being implemented as software and deployed in virtualized environment . This move towards virtualized network function is commonly referred to as network function virtualization (NFV). While the NFV proposal has been enthusiastically accepted by carriers and enterprises, actual efforts to deploy NFV have not been as successful. In this thesis we argue that this is because the current deployment strategy which relies on operators to ensure that network functions are configured to correctly implement policies, and then deploys these network functions as virtual machines (or containers), connected by virtual switches are ill- suited to NFV workload. In this dissertation we propose an alternative NFV framework based on the use of static tech- niques such as type checking and formal verification.
    [Show full text]
  • Federated Computing Research Conference, FCRC’96, Which Is David Wise, Steering Being Held May 20 - 28, 1996 at the Philadelphia Downtown Marriott
    CRA Workshop on Academic Careers Federated for Women in Computing Science 23rd Annual ACM/IEEE International Symposium on Computing Computer Architecture FCRC ‘96 ACM International Conference on Research Supercomputing ACM SIGMETRICS International Conference Conference on Measurement and Modeling of Computer Systems 28th Annual ACM Symposium on Theory of Computing 11th Annual IEEE Conference on Computational Complexity 15th Annual ACM Symposium on Principles of Distributed Computing 12th Annual ACM Symposium on Computational Geometry First ACM Workshop on Applied Computational Geometry ACM/UMIACS Workshop on Parallel Algorithms ACM SIGPLAN ‘96 Conference on Programming Language Design and Implementation ACM Workshop of Functional Languages in Introductory Computing Philadelphia Skyline SIGPLAN International Conference on Functional Programming 10th ACM Workshop on Parallel and Distributed Simulation Invited Speakers Wm. A. Wulf ACM SIGMETRICS Symposium on Burton Smith Parallel and Distributed Tools Cynthia Dwork 4th Annual ACM/IEEE Workshop on Robin Milner I/O in Parallel and Distributed Systems Randy Katz SIAM Symposium on Networks and Information Management Sponsors ACM CRA IEEE NSF May 20-28, 1996 SIAM Philadelphia, PA FCRC WELCOME Organizing Committee Mary Jane Irwin, Chair Penn State University Steve Mahaney, Vice Chair Rutgers University Alan Berenbaum, Treasurer AT&T Bell Laboratories Frank Friedman, Exhibits Temple University Sampath Kannan, Student Coordinator Univ. of Pennsylvania Welcome to the second Federated Computing Research Conference, FCRC’96, which is David Wise, Steering being held May 20 - 28, 1996 at the Philadelphia downtown Marriott. This second Indiana University FCRC follows the same model of the highly successful first conference, FCRC’93, in Janice Cuny, Careers which nine constituent conferences participated.
    [Show full text]
  • Download and Use Untrusted Code Without Fear
    2 KELEY COMPUTER SCIENC CONTENTS INTRODUCTION1 CITRIS AND2 MOTES 30 YEARS OF INNOVATION GENE MYERS4 Q&A 1973–20 0 3 6GRAPHICS INTELLIGENT SYSTEMS 1RESEARCH0 DEPARTMENT STATISTICS14 ROC-SOLID SYSTEMS16 USER INTERFACE DESIGN AND DEVELOPMENT20 INTERDISCIPLINARY THEOR22Y 30PROOF-CARRYING CODE 28 COMPLEXITY 30THEORY FACULTY32 THE COMPUTER SCIENCE DIVISION OF THE DEPARTMENT OF EECS AT UC BERKELEY WAS CREATED IN 1973. THIRTY YEARS OF INNOVATION IS A CELEBRATION OF THE ACHIEVEMENTS OF THE FACULTY, STAFF, STUDENTS AND ALUMNI DURING A PERIOD OF TRULY BREATHTAKING ADVANCES IN COMPUTER SCIENCE AND ENGINEERING. THE FIRST CHAIR OF COMPUTER research in theoretical computer science received a Turing Award in 1989 for this work. learning is bringing us ever closer to the dream SCIENCE AT BERKELEY was Richard Karp, at Berkeley. In the area of programming languages and of truly intelligent machines. who had just shown that the hardness of well- software engineering, Berkeley research has The impact of Berkeley research on the practi- Berkeley’s was the one of the first top comput- known algorithmic problems, such as finding been noted for its flair for combining theory cal end of computer science has been no less er science programs to invest seriously in com- the minimum cost tour for a travelling sales- and practice, as exemplified in these pages significant. The development of Reduced puter graphics, and our illustrious alumni in person, could be related to NP-completeness— by George Necula’s research on proof- Instruction Set computers by David Patterson that area have done us proud. We were not so a concept proposed earlier by former Berkeley carrying code.
    [Show full text]
  • Enabling a Permanent Revolution in Internet Architecture
    Enabling a Permanent Revolution in Internet Architecture James McCauley Yotam Harchol Aurojit Panda UC Berkeley & ICSI UC Berkeley New York University [email protected] [email protected] [email protected] Barath Raghavan Scott Shenker University of Southern California UC Berkeley & ICSI [email protected] [email protected] ABSTRACT architecture is seriously deficient along one or more dimensions. Recent Internet research has been driven by two facts and their The most frequently cited architectural flaw is the lack of a coher- contradictory implications: the current Internet architecture is both ent security design that has left the Internet vulnerable to various inherently flawed (so we should explore radically different alterna- attacks such as DDoS and route spoofing. In addition, many ques- tive designs) and deeply entrenched (so we should restrict ourselves tion whether the basic service model of the Internet (point-to-point to backwards-compatible and therefore incrementally deployable packet delivery) is appropriate now that the current usage model improvements). In this paper, we try to reconcile these two perspec- is so heavily dominated by content-oriented activities (where the tives by proposing a backwards-compatible architectural framework content, not the location, is what matters). These and many other called Trotsky in which one can incrementally deploy radically new critiques reflect a broad agreement that despite the Internet’s great designs. We show how this can lead to a permanent revolution in success, it has significant architectural problems. Internet architecture by (i) easing the deployment of new architec- However, the second widely-accepted observation is that the cur- tures and (ii) allowing multiple coexisting architectures to be used rent Internet architecture is firmly entrenched, so attempts to sig- simultaneously by applications.
    [Show full text]
  • Curriculum Vitae
    Michael J. Freedman Princeton University www.michaelfreedman.org Dept. of Computer Science [email protected] 35 Olden Street @michaelfreedman Princeton, NJ 08540-5233 Phone: (609) 258-9179 Academics Princeton University . Princeton, NJ Full Professor of Computer Science . .Sept 2015 – onward Associate Professor (with tenure) of Computer Science . July 2013 – Aug 2015 Assistant Professor of Computer Science . Sept 2007 – June 2013 New York University, Courant Institute . .New York, NY Ph.D. in Computer Science . Sept 2007 Thesis title: Democratizing Content Distribution Visited Stanford University to accompany advisor, Sept 2005 – Aug 2007 Advisor: David Mazieres` ; GPA: 4.0/4.0 M.S. in Computer Science . May 2005 Advisor: David Mazieres` ; GPA: 4.0/4.0 Massachusetts Institute of Technology . Cambridge, MA M.Eng. in Electrical Engineering and Computer Science . June 2002 Thesis title: A Peer-to-Peer Anonymizing Network Layer Advisor: Robert Morris ; GPA: 5.0/5.0 S.B. in Computer Science, Minor in Political Science . .June 2001 Thesis title: An Anonymous Communications Channel for the Free Haven Project Advisor: Ron Rivest ; GPA: 4.9/5.0 Wyoming Valley West High School . Plymouth, PA Class Valedictorian (1 / 314), June 1997. National Merit Finalist, A.P. Scholar with Distinction Interests Distributed systems, networking, and security. Work experience 9/15–present Princeton University, Full Professor, Princeton, NJ. 2/14–present Timescale, Co-Founder & CTO, New York, NY. Timescale (time-series database company) has raised $32M from top VCs (Benchmark, New Enterprise Associates, Icon Ventures, Two Sigma Ventures). 7/13–8/15 Princeton University, Associate Professor (with tenure), Princeton, NJ. 8/07–6/13 Princeton University, Assistant Professor, Princeton, NJ.
    [Show full text]
  • Spam: It's Not Just for Inboxes and Search Engines! Making Hirsch H
    [Draft article] Spam: It’s Not Just for Inboxes and Search Engines! Making Hirsch h-index Robust to Scientospam Dimitrios Katsaros1,2 Leonidas Akritidis1 Panayiotis Bozanis1 1Dept. of Computer & Communication Engineering, University of Thessaly, Volos, Greece 2Dept. of Informatics, Aristotle University, Thessaloniki, Greece [email protected], {leoakr,pbozanis}@inf.uth.gr Abstract What is the ‘level of excellence’ of a scientist and the real impact of his/her work upon the scientific thinking and practising? How can we design a fair, an unbiased metric – and most importantly – a metric robust to manipulation? Quantifying an individual’s scientific merit The evaluation of the scientific work of a scientist has long attracted significant interest, due to the benefits by obtaining an unbiased and fair criterion. A few years ago such metrics were yet another topic of investigation for the scientometric community with only theoretical importance, without any practical extensions. Very recently though the situation has dramatically changed; an increasing number of academic institutions are using such scientometric indicators to decide faculty promotions. Automated methodologies have been developed to calculate such indicators [6]. Also, fund- ing agencies use them to allocate funds, and recently some governments are considering the consistent use of such metrics for funding distribution. For instance, the Australian govern- ment has established the Research Quality Framework (RQF) as an important feature in the fabric of research in Australia1; the UK government has established the Research Assessment Exercise (RAE) to produce quality profiles for each submission of research activity made by institution2. The use of such indicators to characterize a scientist’s merit is controversial, and a plethora arXiv:0801.0386v1 [cs.DL] 2 Jan 2008 of arguments can be stated against their use.
    [Show full text]
  • Novel Frameworks for Mining Heterogeneous and Dynamic
    Novel Frameworks for Mining Heterogeneous and Dynamic Networks A dissertation submitted to the Graduate School of the University of Cincinnati in partial fulfillment of the requirements for the degree of Doctor of Philosophy in the Department of Electrical and Computer Engineering and Computer Science of the College of Engineering by Chunsheng Fang B.E., Electrical Engineering & Information Science, June 2006 University of Science & Technology of China, Hefei, P.R.China Advisor and Committee Chair: Prof. Anca L. Ralescu November 3, 2011 Abstract Graphs serve as an important tool for discrete data representation. Recently, graph representations have made possible very powerful machine learning algorithms, such as manifold learning, kernel methods, semi-supervised learning. With the advent of large-scale real world networks, such as biological networks (disease network, drug target network, etc.), social networks (DBLP Co- authorship network, Facebook friendship, etc.), machine learning and data mining algorithms have found new application areas and have contributed to advance our understanding of proper- ties, and phenomena governing real world networks. When dealing with real world data represented as networks, two problems arise quite naturally: I) How to integrate and align the knowledge encoded in multiple and heterogeneous networks? For instance, how to find out the similar genes in co-disease and protein-protein inter- action networks? II) How to model and predict the evolution of a dynamic network? A real world exam- ple is, given N years snapshots of an evolving social network, how to build a model that can cap- ture the temporal evolution and make reliable prediction? In this dissertation, we present an innovative graph embedding framework, which identifies the key components of modeling the evolution in time of a dynamic graph.
    [Show full text]
  • PURDUE UNIVERSITY GRADUATE SCHOOL Thesis/Dissertation Acceptance
    Graduate School Form 30 Updated PURDUE UNIVERSITY GRADUATE SCHOOL Thesis/Dissertation Acceptance This is to certify that the thesis/dissertation prepared By Harold Owens II Entitled PROVISIONING END-TO-END QUALITY OF SERVICE FOR REAL-TIME INTERACTIVE VIDEO OVER SOFTWARE-DEFINED NETWORKING For the degree of Doctor of Philosophy Is approved by the final examining committee: Arjan Durresi Chair Mohammad Al Hasan Xia N. Ning Raje R. Rajeev To the best of my knowledge and as understood by the student in the Thesis/Dissertation Agreement, Publication Delay, and Certification Disclaimer (Graduate School Form 32), this thesis/dissertation adheres to the provisions of Purdue University’s “Policy of Integrity in Research” and the use of copyright material. Approved by Major Professor(s): Arjan Durresi Approved by: Shiaofen Fang 11/22/2016 Head of the Departmental Graduate Program Date PROVISIONING END-TO-END QUALITY OF SERVICE FOR REAL-TIME INTERACTIVE VIDEO OVER SOFTWARE-DEFINED NETWORKING A Dissertation Submitted to the Faculty of Purdue University by Harold Owens II In Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy December 2016 Purdue University Indianapolis, Indiana ii To my mother (1947-2006). To my wife, daughter, and son. Thank you. iii ACKNOWLEDGMENTS I want to acknowledge my mentor and advisor, Dr. Arjan Durresi for his encour- agement and guidance during my studies. I want to acknowledge thesis committee members Dr. Rajeev Raje, Dr. Xia Ning, and Dr. Mohammad Al Hasan for reviewing and providing feedback
    [Show full text]
  • Aurojit Panda – Curriculum Vitae
    14 Washington Pl, Apt 7M Aurojit Panda New York, NY 10003 H +1 (401) 323 1524 B [email protected] Curriculum Vitae Í cs.nyu.edu/~apanda Research Interests Computer Systems, Distributed Systems, Networking Education 2011–2017 Ph.D. Computer Science, University of California, Berkeley, CA. Advisor: Scott Shenker 2004–2008 Sc.B. Math–Computer Science, Brown University, Providence, RI. Honors in Math–Computer Science Advisor: Meinolf Sellmann Professional Employment Aug 2018– Assistant Professor, Courant Institute, New York University, New York, NY. 2017–2018 Software Developer, Nefeli Networks, Berkeley, CA. 2011–2017 Research Assistant, UC Berkeley, Berkeley, CA. 2008–2011 Software Developer, Microsoft, Redmond, WA. Summer ’07 Software Engineering Intern, Electronic Arts, Redwood City, CA. Summer ’06 Software Engineering Intern, Bloomberg LP, New York, NY. Teaching Experience Fall ’13 TA for EE122 (Undergraduate Networking), UC Berkeley, Berkeley, CA. Fall ’12 { Taught about 20 students in a weekly discussion section. { Designed problem sets and projects, ran a project involving plug computers 2006–2008 Undergraduate TA, CS Department, Brown University, Providence, RI. { TAed CS51 (Models of Computation), CS138 (Distributed Computing), CS166 (Security), CS167 (Operating Systems) and CS169 (Operating Systems Lab). { Helped with designing new content and projects for distributed systems and security. { Helped design and grade problem sets and projects. Fall ’05 Reader, Math Department, Brown University, Providence, RI. { Graded problem sets and exams for Honors Linear Algebra. Awards { Demetri Angelakos Memorial Achievement Award, Berkeley EECS 2016-17 { Best Student Paper, SIGCOMM 2015 { Best Paper, EuroSys 2013 { Qualcomm Innovation Fellowship 2012 Publications Conferences • Radhika Mittal, Alex Shpiner, Aurojit Panda, Eitan Zahavi, Arvind Krishnamurthy, Sylvia Ratnasamy, and Scott Shenker.
    [Show full text]
  • Securing Network Content
    Securing Network Content Diana Smetters Van Jacobson Palo Alto Research Center 3333 Coyote Hill Road Palo Alto, CA 94304 fsmetters,[email protected] 1 Introduction orably ties the security of content to trust in the host that stores it, and then additionally requires secure mech- The goal of the current Internet is to provide content anisms to identify, locate and communicate with that of interest (Web pages, voice, video, etc.) to the users host. This is widely recognized as a significant prob- that need it. Access to that content is achieved using a lem [11, 21]. Because the “trust” the user gets in the communication model designed in terms of connections content they depend upon is tied inextricably to the con- between hosts. This conflation of what content you want nection over which it was retrieved, that trust is transient to access with where (on what host) that content resides – leaving no reliable traces on the content after the con- extends throughout current network protocols, and deter- nection ends, and cannot be leveraged by anyone other mines the context in which they offer network security. than the original retriever. A user who has stored a piece Trust in content – that it is the desired content, from of content that they directly retrieved cannot be sure that the intended source, and unmodified in transit – is de- it has not been modified since (e.g. by malware) with- termined by where (from what host) and how (over what out re-retrieving it prior to use. Another user interested kind of connection) the content was retrieved.
    [Show full text]