PURDUE UNIVERSITY GRADUATE SCHOOL Thesis/Dissertation Acceptance

Total Page:16

File Type:pdf, Size:1020Kb

PURDUE UNIVERSITY GRADUATE SCHOOL Thesis/Dissertation Acceptance Graduate School Form 30 Updated PURDUE UNIVERSITY GRADUATE SCHOOL Thesis/Dissertation Acceptance This is to certify that the thesis/dissertation prepared By Harold Owens II Entitled PROVISIONING END-TO-END QUALITY OF SERVICE FOR REAL-TIME INTERACTIVE VIDEO OVER SOFTWARE-DEFINED NETWORKING For the degree of Doctor of Philosophy Is approved by the final examining committee: Arjan Durresi Chair Mohammad Al Hasan Xia N. Ning Raje R. Rajeev To the best of my knowledge and as understood by the student in the Thesis/Dissertation Agreement, Publication Delay, and Certification Disclaimer (Graduate School Form 32), this thesis/dissertation adheres to the provisions of Purdue University’s “Policy of Integrity in Research” and the use of copyright material. Approved by Major Professor(s): Arjan Durresi Approved by: Shiaofen Fang 11/22/2016 Head of the Departmental Graduate Program Date PROVISIONING END-TO-END QUALITY OF SERVICE FOR REAL-TIME INTERACTIVE VIDEO OVER SOFTWARE-DEFINED NETWORKING A Dissertation Submitted to the Faculty of Purdue University by Harold Owens II In Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy December 2016 Purdue University Indianapolis, Indiana ii To my mother (1947-2006). To my wife, daughter, and son. Thank you. iii ACKNOWLEDGMENTS I want to acknowledge my mentor and advisor, Dr. Arjan Durresi for his encour- agement and guidance during my studies. I want to acknowledge thesis committee members Dr. Rajeev Raje, Dr. Xia Ning, and Dr. Mohammad Al Hasan for reviewing and providing feedback on my thesis. iv TABLE OF CONTENTS Page LIST OF TABLES :::::::::::::::::::::::::::::::: vii LIST OF FIGURES ::::::::::::::::::::::::::::::: viii ABSTRACT ::::::::::::::::::::::::::::::::::: xii 1 INTRODUCTION :::::::::::::::::::::::::::::: 1 1.1 Overview of Problem :::::::::::::::::::::::::: 1 1.2 Motivation :::::::::::::::::::::::::::::::: 3 1.3 Proposed Solution :::::::::::::::::::::::::::: 6 1.4 Research Goals ::::::::::::::::::::::::::::: 9 1.5 Assumptions and Limitations ::::::::::::::::::::: 10 1.6 Expected Outcome ::::::::::::::::::::::::::: 10 1.7 Scope :::::::::::::::::::::::::::::::::: 11 1.8 Dissertation Structure ::::::::::::::::::::::::: 11 2 SOFTWARE-DEFINED NETWORKING SURVEY: A RESEARCH LAND- SCAPE :::::::::::::::::::::::::::::::::::: 13 2.1 Abstract ::::::::::::::::::::::::::::::::: 13 2.2 Introduction ::::::::::::::::::::::::::::::: 14 2.2.1 Programmable Networks: Background :::::::::::: 16 2.3 SDN Architecture :::::::::::::::::::::::::::: 19 2.3.1 Communication Between Network Planes ::::::::::: 21 2.4 SDN Research Review ::::::::::::::::::::::::: 22 2.4.1 Characteristics ::::::::::::::::::::::::: 23 2.4.2 Network Technology :::::::::::::::::::::: 24 2.4.3 Layer of Control :::::::::::::::::::::::: 31 2.4.4 Application Domain :::::::::::::::::::::: 37 2.4.5 Level of Programmability ::::::::::::::::::: 50 2.5 SDN Research Challenges ::::::::::::::::::::::: 51 2.5.1 Scalability :::::::::::::::::::::::::::: 51 2.5.2 Availability ::::::::::::::::::::::::::: 52 2.5.3 Security ::::::::::::::::::::::::::::: 53 2.5.4 Standardization ::::::::::::::::::::::::: 53 2.6 Networking Industry :::::::::::::::::::::::::: 54 2.7 Conclusions ::::::::::::::::::::::::::::::: 59 3 VIDEO OVER SOFTWARE-DEFINED NETWORKING (VSDN) :::: 61 v Page 3.1 Abstract ::::::::::::::::::::::::::::::::: 61 3.2 Introduction ::::::::::::::::::::::::::::::: 61 3.3 Motivation: Integrated Services (IntServ) ::::::::::::::: 63 3.4 Design and Implementation :::::::::::::::::::::: 66 3.4.1 Software-Defined Networking (SDN) ::::::::::::: 67 3.4.2 VSDN Design Overview :::::::::::::::::::: 67 3.4.3 VSDN Protocol ::::::::::::::::::::::::: 73 3.4.4 OpenFlow Changes ::::::::::::::::::::::: 76 3.4.5 Network Client API ::::::::::::::::::::::: 76 3.4.6 QoS Mapping :::::::::::::::::::::::::: 77 3.5 Results :::::::::::::::::::::::::::::::::: 77 3.6 Related Works :::::::::::::::::::::::::::::: 80 3.7 Conclusions ::::::::::::::::::::::::::::::: 82 4 EXPLICIT ROUTING IN SOFTWARE-DEFINED NETWORKING (ERSDN): ADDRESSING CONTROLLER SCALABILITY :::::::::::::: 87 4.1 Abstract ::::::::::::::::::::::::::::::::: 87 4.2 Introduction ::::::::::::::::::::::::::::::: 87 4.3 Software-Defined Networking (SDN) Overview and Video Over Software- Defined Networking (VSDN) Implementation ::::::::::::: 90 4.3.1 Software-Defined Networking (SDN) Overview :::::::: 90 4.3.2 Video Over Software-Defined Networking (VSDN) Implemen- tation :::::::::::::::::::::::::::::: 91 4.4 Design and Implementation :::::::::::::::::::::: 92 4.4.1 VSDN Flow Installation :::::::::::::::::::: 92 4.4.2 Design Choices ::::::::::::::::::::::::: 93 4.4.3 VSDN Purposed Flow Installation ::::::::::::::: 93 4.4.4 VSDN Switch Implementation Changes :::::::::::: 94 4.4.5 VSDN Controller Implementation Changes :::::::::: 95 4.5 Results :::::::::::::::::::::::::::::::::: 97 4.5.1 Experimental Setup ::::::::::::::::::::::: 97 4.5.2 Experimental Results :::::::::::::::::::::: 98 4.6 Related Works :::::::::::::::::::::::::::::: 102 4.7 Conclusions ::::::::::::::::::::::::::::::: 103 5 RELIABLE VIDEO OVER SOFTWARE-DEFINED NETWORKING (RVSDN) ::::::::::::::::::::::::::::::::::: 104 5.1 Abstract ::::::::::::::::::::::::::::::::: 104 5.2 Introduction ::::::::::::::::::::::::::::::: 104 5.3 Integrated Services (IntServ) and Video over Software-Defined Net- working (VSDN) :::::::::::::::::::::::::::: 107 5.3.1 Integrated Services (IntServ) :::::::::::::::::: 107 5.3.2 VSDN Limitations ::::::::::::::::::::::: 109 vi Page 5.4 Design and Implementation :::::::::::::::::::::: 110 5.4.1 VSDN Routing Module Changes :::::::::::::::: 111 5.5 Results :::::::::::::::::::::::::::::::::: 114 5.5.1 Experimental Setup ::::::::::::::::::::::: 114 5.5.2 Experimental Results :::::::::::::::::::::: 115 5.6 Related Works :::::::::::::::::::::::::::::: 117 5.7 Conclusions ::::::::::::::::::::::::::::::: 118 6 MULTI-DOMAIN OVER SOFTWARE-DEFINED NETWORKING (MD- VSDN) ::::::::::::::::::::::::::::::::::::: 120 6.1 Abstract ::::::::::::::::::::::::::::::::: 120 6.2 Introduction ::::::::::::::::::::::::::::::: 120 6.3 Motivation: VSDN Network :::::::::::::::::::::: 124 6.4 Architecture and Design :::::::::::::::::::::::: 126 6.4.1 Controller :::::::::::::::::::::::::::: 128 6.4.2 Controller to Controller Communication ::::::::::: 132 6.5 Simulation Results ::::::::::::::::::::::::::: 133 6.6 Related Works :::::::::::::::::::::::::::::: 135 6.7 Conclusions ::::::::::::::::::::::::::::::: 137 7 CONCLUSIONS ::::::::::::::::::::::::::::::: 138 7.1 Future Work ::::::::::::::::::::::::::::::: 140 LIST OF REFERENCES :::::::::::::::::::::::::::: 141 APPENDICES Appendix A Data Tables :::::::::::::::::::::::::: 169 Appendix B Network Topologies :::::::::::::::::::::: 176 Appendix C SDN Lab Experience ::::::::::::::::::::: 178 VITA ::::::::::::::::::::::::::::::::::::::: 179 vii LIST OF TABLES Table Page 2.1 Classification and contribution of SDN research A-N :::::::::: 57 2.2 Classification and contribution of SDN research O-Z ::::::::::: 58 3.1 The API for requesting, accepting, and responding to requests. ::::: 83 3.2 The guaranteed services (GS) flow properties. :::::::::::::: 84 3.3 The video type to service specification mapping, illustrating values for each service specification for video type, bandwidth in Mbps, bucket size in bytes, peak rate in Kbps, minimum policed unit in bytes, maximum packet size in bytes, rate in Kbps, and frames per second. :::::::: 85 3.4 VSDN protocol messages. ::::::::::::::::::::::::: 86 5.1 The QoS constraints used during experiment where bandwidth, delay, and jitter remained constant, but reliability varied between 0.90 and 1.00. : 119 viii LIST OF FIGURES Figure Page 1.1 Seven-node IP network with sender and receiver. The routers in au- tonomous systems one (AS1) are running Open Shortest Path First routing protocol which determines shortest path between the sender and receiver. The shortest path is R1-R5, but best path is R1-R2-R4-R5. The routers are unable to select feasible|best path. ::::::::::::::::: 3 1.2 SDN network with sender and receiver. The routers in AS1 are commodity network devices that the SDN controller programs for forwarding network traffic. The SDN controller has the network-wide view of network resources such as link state, congestion, bandwidth, delay, and jitter. The SDN controller selects a feasible path|R1-R2-R4-R5 using the network-wide view and programs network devices including the sender and receiver. : 7 2.1 SDN architecture, illustrating relationship between network planes. Each network plane represents specific function of the SDN architecture. In the application plane, the network applications program data plane using northbound API. Using southbound API to send requests, the control plane converts the application plane requests to modifications or queries in the data plane. The data plane presents the control plane with an open API. The management plane performs management functionalities such as configuring network policies, monitoring network performance, and setting up network devices in the data plane. ::::::::::::::::::: 19 2.2 SDN application domain, illustrating how SDN applications are organized. There are eight application research areas|network optimization, security, quality of service, programming languages, testing and debugging, network configuration, monitoring and measurement, and routing. The eight ap- plication research areas have specific applications which functionalities are researched and developed. For example, tunneling applications|tunneling supports
Recommended publications
  • A DATA-ORIENTED NETWORK ARCHITECTURE Doctoral Dissertation
    TKK Dissertations 140 Espoo 2008 A DATA-ORIENTED NETWORK ARCHITECTURE Doctoral Dissertation Teemu Koponen Helsinki University of Technology Faculty of Information and Natural Sciences Department of Computer Science and Engineering TKK Dissertations 140 Espoo 2008 A DATA-ORIENTED NETWORK ARCHITECTURE Doctoral Dissertation Teemu Koponen Dissertation for the degree of Doctor of Science in Technology to be presented with due permission of the Faculty of Information and Natural Sciences for public examination and debate in Auditorium T1 at Helsinki University of Technology (Espoo, Finland) on the 2nd of October, 2008, at 12 noon. Helsinki University of Technology Faculty of Information and Natural Sciences Department of Computer Science and Engineering Teknillinen korkeakoulu Informaatio- ja luonnontieteiden tiedekunta Tietotekniikan laitos Distribution: Helsinki University of Technology Faculty of Information and Natural Sciences Department of Computer Science and Engineering P.O. Box 5400 FI - 02015 TKK FINLAND URL: http://cse.tkk.fi/ Tel. +358-9-4511 © 2008 Teemu Koponen ISBN 978-951-22-9559-3 ISBN 978-951-22-9560-9 (PDF) ISSN 1795-2239 ISSN 1795-4584 (PDF) URL: http://lib.tkk.fi/Diss/2008/isbn9789512295609/ TKK-DISS-2510 Picaset Oy Helsinki 2008 AB ABSTRACT OF DOCTORAL DISSERTATION HELSINKI UNIVERSITY OF TECHNOLOGY P. O. BOX 1000, FI-02015 TKK http://www.tkk.fi Author Teemu Koponen Name of the dissertation A Data-Oriented Network Architecture Manuscript submitted 09.06.2008 Manuscript revised 12.09.2008 Date of the defence 02.10.2008 Monograph X Article dissertation (summary + original articles) Faculty Information and Natural Sciences Department Computer Science and Engineering Field of research Networking Opponent(s) Professor Jon Crowcroft Supervisor Professor Antti Ylä-Jääski Instructor(s) Dr.
    [Show full text]
  • NSDI '11: 8Th USENIX Symposium on Networked Systems Design And
    NSDI ’11: 8th USENIX Symposium on Networked Systems Design and Implementation Boston, MA March 30–April 1, 2011 Opening Remarks and Awards Presentation Summarized by Rik Farrow ([email protected]) David Andersen (CMU), co-chair with Sylvia Ratnasamy (Intel Labs, Berkeley), presided over the opening of NSDI. David told us that there were 251 attendees by the time of the opening, three short of a record for NSDI; 157 papers were submitted and 27 accepted. David joked that they used a Bayesian ranking process based on keywords, and that using the word “A” in your title seemed to increase your chances of having your paper accepted. In reality, format checking and Geoff Voelker’s Banal paper checker were used in a first pass, and all surviving papers received three initial reviews. By the time of the day-long program committee meeting, there were 56 papers left. In the end, there were no invited talks at NSDI ’11, just paper presentation sessions. David announced the winners of the Best Paper awards: “ServerSwitch: A Programmable and High Performance Platform for Datacenter Networks,” Guohan Lu et al. (Microsoft Research Asia), and “Design, Implementation and Evaluation of Congestion Control for Multipath TCP,” Damon Wischik et al. (University College London). Patrick Wendell (Princeton University) was awarded a CRA Undergraduate Research Award for outstanding research potential in CS for his work on DONAR, a system for selecting the best online replica, a service he deployed and tested. Patrick also worked at Cloudera in the summer of 2010 and become a committer for the Apache Avro system, the RPC networking layer to be used in Hadoop.
    [Show full text]
  • Readdressing Network Layers
    Readdressing Network Layers James McCauley Electrical Engineering and Computer Sciences University of California at Berkeley Technical Report No. UCB/EECS-2020-161 http://www2.eecs.berkeley.edu/Pubs/TechRpts/2020/EECS-2020-161.html August 14, 2020 Copyright © 2020, by the author(s). All rights reserved. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission. Readdressing Network Layers By James Ash McCauley A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Computer Science in the Graduate Division of the University of California, Berkeley Committee in charge: Professor Scott Shenker, Chair Professor Sylvia Ratnasamy Professor Coye Cheshire Summer 2020 Readdressing Network Layers Copyright 2020 by James Ash McCauley 1 Abstract Readdressing Network Layers by James Ash McCauley Doctor of Philosophy in Computer Science University of California, Berkeley Professor Scott Shenker, Chair It has long been common practice to split the functionality of computer networks into distinct layers. In the context of the most common networks today, there are five such layers, bracketed by hardware at the lowest layer and application software at the highest. While this modularization has generally been a huge success story for the field, networks have now been subject to decades of changes in terms of both technologies and use cases.
    [Show full text]
  • Architectural Support for Security Management in Enterprise Networks
    ARCHITECTURAL SUPPORT FOR SECURITY MANAGEMENT IN ENTERPRISE NETWORKS A DISSERTATION SUBMITTED TO THE DEPARTMENT OF COMPUTER SCIENCE AND THE COMMITTEE ON GRADUATE STUDIES OF STANFORD UNIVERSITY IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF DOCTOR OF PHILOSOPHY Martin Casado August 2007 Reproduced with permission of the copyright owner. Further reproduction prohibited without permission. UMI Number: 3281806 INFORMATION TO USERS The quality of this reproduction is dependent upon the quality of the copy submitted. Broken or indistinct print, colored or poor quality illustrations and photographs, print bleed-through, substandard margins, and improper alignment can adversely affect reproduction. In the unlikely event that the author did not send a complete manuscript and there are missing pages, these will be noted. Also, if unauthorized copyright material had to be removed, a note will indicate the deletion. ® UMI UMI Microform 3281806 Copyright 2007 by ProQuest Information and Learning Company. All rights reserved. This microform edition is protected against unauthorized copying under Title 17, United States Code. ProQuest Information and Learning Company 300 North Zeeb Road P.O. Box 1346 Ann Arbor, Ml 48106-1346 Reproduced with permission of the copyright owner. Further reproduction prohibited without permission. (c) Copyright by Martin Casado 2007 All Rights Reserved ii Reproduced with permission of the copyright owner. Further reproduction prohibited without permission. I certify that I have read this dissertation and that, in my opinion, it is fully adequate in scope and quality as a dissertation for the degree of Doctor of Philosophy. f f- f (Nick McKeown) Principal Adviser I certify that I have read this dissertation and that, in my opinion, it is fully adequate in scope and quality as a dissertation for the degree of Doctor of Philosophy.
    [Show full text]
  • Abstract Sensor Event Processing to Achieve Dynamic Composition of Cyber-Physical Systems
    Abstract Sensor Event Processing to Achieve Dynamic Composition of Cyber-Physical Systems D I S S E R T A T I O N zur Erlangung des akademischen Grades Doktoringenieur (Dr.-Ing.) angenommen durch die Fakultät für Informatik der Otto-von-Guericke-Universität Magdeburg von Dipl.-Inform. Christoph Steup geb. am 29.01.1985 in Halle (Saale) Gutachterinnen/Gutachter Prof. Dr. rer. nat. Jörg Kaiser Prof. Dr. s.c. ETH Kay Uwe Römer Prof. Dr.-Ing. Christian Diedrich Magdeburg, den 19.02.2018 Zusammenfassung Diese Thesis widmet sich dem übergeordneten Ziel Cyber-Physische Systeme (CPS) dy- namisch aus Komponenten zusammenzusetzen. CPS sind eine Schlüsseltechnologie für die Industrie 4.0, moderne Robotik und autonom fahrende Fahrzeuge. Jedoch werden die realen Systeme immer komplexer und setzen sich aus immer mehr einzelnen Komponenten zusam- men, welche über ein Kommunikationsnetz verbunden sind. Die Herausforderung bei der En- twicklung dieser Systeme ist die Spezifikation und der Austausch der im System vorhandenen Informationen um die vorhandenen Komponenten bestmöglich zu nutzen. Die notwendigen Informationen sind dabei sehr Szenario spezifisch. Diese Arbeit versucht die Konstruktion und Komposition dieser Systeme zu vereinfachen indem eine neue Form der Information- sabstraktion für CPS eingeführt wird: Abstract Sensor Events (ASE). Diese stellen die Kapselung von Sensorinformation in maschinenlesbare Form dar. Die Kapselung vereint die inhärenten Sensordaten mit den notwendigen Kontextdaten. Der Kontext der Information besteht hierbei mindestens aus Zeitpunkt, Position, Ersteller und semantischer Beschrei- bung. Um die unvermeidbare Unschärfe der Sensorinformationen abzubilden, enthalten ASE eine intervallbasierte Unschärfebeschreibung, der Daten und des Kontextes. Die semantische Beschreibung basiert auf einem Wörterbuch von Attributen, die in den Ereignissen enthal- ten sein können.
    [Show full text]
  • Nick Feamster
    Nick Feamster Neubauer Professor [email protected] Department of Computer Science https://people.cs.uchicago.edu/˜feamster/ University of Chicago https://noise.cs.uchicago.edu/ 5730 South Ellis Avenue https://medium.com/@feamster/ Chicago, Illinois 60637 Research Interests My research focuses on networked computer systems, with an emphasis on network architecture and protocol design; network security, management, and measurement; routing; and anti-censorship techniques. The primary goal of my research is to design tools, techniques, and policies to help networks operate better, and to enable users of these networks (both public and private) to experience high availability and good end-to-end performance. The problems that I tackle often involve the intersection of networking technology and policy. I study problems in the pricing and economics of Internet interconnection, global Internet censorship and information control, the security and privacy implications of emerging technologies, and the performance of consumer, commercial, and enterprise networks. My research achieves impact through new design paradigms in network architecture, the release of open-source software systems, and data and evidence that can influence public policy discourse. Education Degree Year University Field Ph.D. 2005 Massachusetts Institute of Technology Computer Science Cambridge, MA Dissertation: Proactive Techniques for Correct and Predictable Internet Routing Sprowls Honorable Mention for best MIT Ph.D. dissertation in Computer Science Advisor: Hari Balakrishnan
    [Show full text]
  • A New Approach to Network Function Virtualization
    A New Approach to Network Function Virtualization By Aurojit Panda A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Computer Science in the Graduate Division of the University of California, Berkeley Committee in charge: Professor Scott J. Shenker, Chair Professor Sylvia Ratnasamy Professor Ion Stoica Professor Deirdre Mulligan Summer 2017 A New Approach to Network Function Virtualization Copyright 2017 by Aurojit Panda 1 Abstract A New Approach to Network Function Virtualization by Aurojit Panda Doctor of Philosophy in Computer Science University of California, Berkeley Professor Scott J. Shenker, Chair Networks provide functionality beyond just packet routing and delivery. Network functions such as firewalls, caches, WAN optimizers, etc. are crucial for scaling networks and in supporting new applications. While traditionally network functions were implemented using dedicated hardware middleboxes, recent efforts have resulted in them being implemented as software and deployed in virtualized environment . This move towards virtualized network function is commonly referred to as network function virtualization (NFV). While the NFV proposal has been enthusiastically accepted by carriers and enterprises, actual efforts to deploy NFV have not been as successful. In this thesis we argue that this is because the current deployment strategy which relies on operators to ensure that network functions are configured to correctly implement policies, and then deploys these network functions as virtual machines (or containers), connected by virtual switches are ill- suited to NFV workload. In this dissertation we propose an alternative NFV framework based on the use of static tech- niques such as type checking and formal verification.
    [Show full text]
  • A New Approach to Network Function Virtualization
    A New Approach to Network Function Virtualization By Aurojit Panda A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Computer Science in the Graduate Division of the University of California, Berkeley Committee in charge: Professor Scott J. Shenker, Chair Professor Sylvia Ratnasamy Professor Ion Stoica Professor Deirdre Mulligan Summer 2017 A New Approach to Network Function Virtualization Copyright 2017 by Aurojit Panda 1 Abstract A New Approach to Network Function Virtualization by Aurojit Panda Doctor of Philosophy in Computer Science University of California, Berkeley Professor Scott J. Shenker, Chair Networks provide functionality beyond just packet routing and delivery. Network functions such as firewalls, caches, WAN optimizers, etc. are crucial for scaling networks and in supporting new applications. While traditionally network functions were implemented using dedicated hardware middleboxes, recent efforts have resulted in them being implemented as software and deployed in virtualized environment . This move towards virtualized network function is commonly referred to as network function virtualization (NFV). While the NFV proposal has been enthusiastically accepted by carriers and enterprises, actual efforts to deploy NFV have not been as successful. In this thesis we argue that this is because the current deployment strategy which relies on operators to ensure that network functions are configured to correctly implement policies, and then deploys these network functions as virtual machines (or containers), connected by virtual switches are ill- suited to NFV workload. In this dissertation we propose an alternative NFV framework based on the use of static tech- niques such as type checking and formal verification.
    [Show full text]
  • Federated Computing Research Conference, FCRC’96, Which Is David Wise, Steering Being Held May 20 - 28, 1996 at the Philadelphia Downtown Marriott
    CRA Workshop on Academic Careers Federated for Women in Computing Science 23rd Annual ACM/IEEE International Symposium on Computing Computer Architecture FCRC ‘96 ACM International Conference on Research Supercomputing ACM SIGMETRICS International Conference Conference on Measurement and Modeling of Computer Systems 28th Annual ACM Symposium on Theory of Computing 11th Annual IEEE Conference on Computational Complexity 15th Annual ACM Symposium on Principles of Distributed Computing 12th Annual ACM Symposium on Computational Geometry First ACM Workshop on Applied Computational Geometry ACM/UMIACS Workshop on Parallel Algorithms ACM SIGPLAN ‘96 Conference on Programming Language Design and Implementation ACM Workshop of Functional Languages in Introductory Computing Philadelphia Skyline SIGPLAN International Conference on Functional Programming 10th ACM Workshop on Parallel and Distributed Simulation Invited Speakers Wm. A. Wulf ACM SIGMETRICS Symposium on Burton Smith Parallel and Distributed Tools Cynthia Dwork 4th Annual ACM/IEEE Workshop on Robin Milner I/O in Parallel and Distributed Systems Randy Katz SIAM Symposium on Networks and Information Management Sponsors ACM CRA IEEE NSF May 20-28, 1996 SIAM Philadelphia, PA FCRC WELCOME Organizing Committee Mary Jane Irwin, Chair Penn State University Steve Mahaney, Vice Chair Rutgers University Alan Berenbaum, Treasurer AT&T Bell Laboratories Frank Friedman, Exhibits Temple University Sampath Kannan, Student Coordinator Univ. of Pennsylvania Welcome to the second Federated Computing Research Conference, FCRC’96, which is David Wise, Steering being held May 20 - 28, 1996 at the Philadelphia downtown Marriott. This second Indiana University FCRC follows the same model of the highly successful first conference, FCRC’93, in Janice Cuny, Careers which nine constituent conferences participated.
    [Show full text]
  • Two Decades of Ddos Attacks and Defenses
    Two Decades of DDoS Attacks and Defenses LUMIN SHI, University of Oregon Two decades after the first distributed denial-of-service (DDoS) attack, the Internet continues to faceDDoS attacks. To understand why DDoS defense is a difficult problem, we must study how the attacks are carried out and whether the existing defense solutions are sufficient. In this work, we review the latest DDoS attacks and DDoS defense solutions. In particular, we focus on the key advancements and missing pieces in DDoS research. CCS Concepts: • Networks → Network security; Denial-of-service attacks. Additional Key Words and Phrases: DDoS attack, DDoS defense, CDN, SDN 1 INTRODUCTION Distributed denial-of-service (DDoS) attacks are easy to launch but difficult to defend against. Despite two decades of DDoS research, DDoS attacks continue to impose threats to today’s networks. Recent attacks such as [1, 2, 3] have shown that resourceful attackers can launch DDoS attacks to flood network links and leaves them paralyzed for hours or days. In the meantime, the proliferation of Internet-of-Things (IoT) devices amplifies the threat of DDoS. Many of these devices come with little to no updates for security vulnerabilities, and as such, they are exploitable by the attackers. Compromised IoT devices remain vulnerable even after major incidents such as the Mirai attack [1]. The sheer amount of vulnerable, increasing IoT devices challenges the capacity/scalability of existing defense solutions. On the other hand, the frequent DDoS attacks led the network community to seek better defense solutions. From remotely triggered black hole (RTBH) [4] to BGP FlowSpec [5], we see the progress made by the network community to move away from high-collateral-damage solutions [4].
    [Show full text]
  • Download and Use Untrusted Code Without Fear
    2 KELEY COMPUTER SCIENC CONTENTS INTRODUCTION1 CITRIS AND2 MOTES 30 YEARS OF INNOVATION GENE MYERS4 Q&A 1973–20 0 3 6GRAPHICS INTELLIGENT SYSTEMS 1RESEARCH0 DEPARTMENT STATISTICS14 ROC-SOLID SYSTEMS16 USER INTERFACE DESIGN AND DEVELOPMENT20 INTERDISCIPLINARY THEOR22Y 30PROOF-CARRYING CODE 28 COMPLEXITY 30THEORY FACULTY32 THE COMPUTER SCIENCE DIVISION OF THE DEPARTMENT OF EECS AT UC BERKELEY WAS CREATED IN 1973. THIRTY YEARS OF INNOVATION IS A CELEBRATION OF THE ACHIEVEMENTS OF THE FACULTY, STAFF, STUDENTS AND ALUMNI DURING A PERIOD OF TRULY BREATHTAKING ADVANCES IN COMPUTER SCIENCE AND ENGINEERING. THE FIRST CHAIR OF COMPUTER research in theoretical computer science received a Turing Award in 1989 for this work. learning is bringing us ever closer to the dream SCIENCE AT BERKELEY was Richard Karp, at Berkeley. In the area of programming languages and of truly intelligent machines. who had just shown that the hardness of well- software engineering, Berkeley research has The impact of Berkeley research on the practi- Berkeley’s was the one of the first top comput- known algorithmic problems, such as finding been noted for its flair for combining theory cal end of computer science has been no less er science programs to invest seriously in com- the minimum cost tour for a travelling sales- and practice, as exemplified in these pages significant. The development of Reduced puter graphics, and our illustrious alumni in person, could be related to NP-completeness— by George Necula’s research on proof- Instruction Set computers by David Patterson that area have done us proud. We were not so a concept proposed earlier by former Berkeley carrying code.
    [Show full text]
  • Zero-Knowledge Middleboxes
    Zero-Knowledge Middleboxes Paul Grubbs Arasu Arun Ye Zhang Joseph Bonneau Michael Walfish NYU Department of Computer Science, Courant Institute Abstract. This paper initiates research on zero-knowledge an attempted compromise, Mozilla introduced a special ca- middleboxes (ZKMBs). A ZKMB is a network middlebox that nary domain that instructs clients to fall back to legacy DNS. enforces network usage policies on encrypted traffic. Clients But this is no compromise: it is simply handing the local send the middlebox zero-knowledge proofs that their traffic network a (silent) veto over encrypted DNS. is policy-compliant; these proofs reveal nothing about the Encrypted DNS represents a fraught tussle [30, 70] that we client’s communication except that it complies with the pol- specifically want to confront and resolve. Thus, this paper’s icy. We show how to make ZKMBs work with unmodified overarching question: can we create mechanisms that achieve encrypted-communication protocols (specifically TLS 1.3), meaningful compromise? Note that we do not take a philo- making ZKMBs invisible to servers. As a contribution of in- sophical position for or against middleboxes.1 That debate is dependent interest, we design zero-knowledge proofs for TLS almost as old as the Internet architecture itself. Instead, we ac- 1.3 session keys. We apply the ZKMB paradigm to several cept that policy-enforcing middleboxes are a fact of life today case studies, including filtering for encrypted DNS protocols. and likely to remain so. For example, adult content blocking Experimental results suggest that performance, while not yet is legally mandated for U.S. K–12 school networks [27,61] practical, is promising.
    [Show full text]