Unifying Static And Runtime Analysis In Declarative Distributed Systems

Today’s distributed systems are becoming increasingly complex, due to the ever-growing number of network devices and their variety. The complexity makes it hard for system administrators to correctly configure distributed systems. This motivates the need for effective analytic tools that can help ensure correctness of distributed systems. One challenge in ensuring correctness is that there does not exist one solution that works for all properties. One type of properties, such as security properties, are so critical that they demand pre-deployment verification (i.e., static analysis) which, though time-consuming, explores the whole execution space. However, due to the potential problem of state explosion, static verification of all properties is not practical, and not necessary. Violation of non-critical properties, such as correct routing with shortest paths, is tolerable during execution and can be diagnosed after errors occur (i.e., runtime analysis), a more light-weight approach compared to verification. This dissertation presents STRANDS, a declarative framework that enables users to perform both pre-deployment verification and post-deployment diagnostics on top of declarative specification of distributed systems. STRANDS uses Network Datalog (NDlog), a distributed variant of Datalog query language, to specify network protocols and services. STRANDS has two components: a system verifier and a system debugger. The verifier allows the user to rigorously prove safety properties of network protocols and services, using either the program logic or symbolic execution we develop for NDlog programs. The debugger, on the other hand, facilitates diagnosis of system errors by allowing for querying of the structured history of network execution (i.e., network provenance) that is maintained in a storage-efficient manner. We show the effectiveness of STRANDS by evaluating both the verifier and the debugger. Using the verifier, we prove path authenticity of secure routing protocols, and verify a number of safety properties in software-defined networking (SDN). Also, we demonstrate that our provenance maintenance algorithm achieves significant storage reduction, while incurring negligible network overhead

TOWARDS RELIABLE CIRCUMVENTION OF INTERNET CENSORSHIP

The Internet plays a crucial role in today\u27s social and political movements by facilitating the free circulation of speech, information, and ideas; democracy and human rights throughout the world critically depend on preserving and bolstering the Internet\u27s openness. Consequently, repressive regimes, totalitarian governments, and corrupt corporations regulate, monitor, and restrict the access to the Internet, which is broadly known as Internet \emph{censorship}. Most countries are improving the internet infrastructures, as a result they can implement more advanced censoring techniques. Also with the advancements in the application of machine learning techniques for network traffic analysis have enabled the more sophisticated Internet censorship. In this thesis, We take a close look at the main pillars of internet censorship, we will introduce new defense and attacks in the internet censorship literature. Internet censorship techniques investigate users’ communications and they can decide to interrupt a connection to prevent a user from communicating with a specific entity. Traffic analysis is one of the main techniques used to infer information from internet communications. One of the major challenges to traffic analysis mechanisms is scaling the techniques to today\u27s exploding volumes of network traffic, i.e., they impose high storage, communications, and computation overheads. We aim at addressing this scalability issue by introducing a new direction for traffic analysis, which we call \emph{compressive traffic analysis}. Moreover, we show that, unfortunately, traffic analysis attacks can be conducted on Anonymity systems with drastically higher accuracies than before by leveraging emerging learning mechanisms. We particularly design a system, called \deepcorr, that outperforms the state-of-the-art by significant margins in correlating network connections. \deepcorr leverages an advanced deep learning architecture to \emph{learn} a flow correlation function tailored to complex networks. Also to be able to analyze the weakness of such approaches we show that an adversary can defeat deep neural network based traffic analysis techniques by applying statistically undetectable \emph{adversarial perturbations} on the patterns of live network traffic. We also design techniques to circumvent internet censorship. Decoy routing is an emerging approach for censorship circumvention in which circumvention is implemented with help from a number of volunteer Internet autonomous systems, called decoy ASes. We propose a new architecture for decoy routing that, by design, is significantly stronger to rerouting attacks compared to \emph{all} previous designs. Unlike previous designs, our new architecture operates decoy routers only on the downstream traffic of the censored users; therefore we call it \emph{downstream-only} decoy routing. As we demonstrate through Internet-scale BGP simulations, downstream-only decoy routing offers significantly stronger resistance to rerouting attacks, which is intuitively because a (censoring) ISP has much less control on the downstream BGP routes of its traffic. Then, we propose to use game theoretic approaches to model the arms races between the censors and the censorship circumvention tools. This will allow us to analyze the effect of different parameters or censoring behaviors on the performance of censorship circumvention tools. We apply our methods on two fundamental problems in internet censorship. Finally, to bring our ideas to practice, we designed a new censorship circumvention tool called \name. \name aims at increasing the collateral damage of censorship by employing a ``mass\u27\u27 of normal Internet users, from both censored and uncensored areas, to serve as circumvention proxies

Efficient traffic trajectory error detection

Our recent survey on publicly reported router bugs shows that many router bugs, once triggered, can cause various traffic trajectory errors including traffic deviating from its intended forwarding paths, traffic being mistakenly dropped and unauthorized traffic bypassing packet filters. These traffic trajectory errors are serious problems because they may cause network applications to fail and create security loopholes for network intruders to exploit. Therefore, traffic trajectory errors must be quickly and efficiently detected so that the corrective action can be performed in a timely fashion. Detecting traffic trajectory errors requires the real-time tracking of the control states (e.g., forwarding tables, packet filters) of routers and the scalable monitoring of the actual traffic trajectories in the network. Traffic trajectory errors can then be detected by efficiently comparing the observed traffic trajectories against the intended control states. Making such trajectory error detection efficient and practical for large-scale high speed networks requires us to address many challenges. First, existing traffic trajectory monitoring algorithms require the simultaneously monitoring of all network interfaces in a network for the packets of interest, which will cause a daunting monitoring overhead. To improve the efficiency of traffic trajectory monitoring, we propose the router group monitoring technique that only monitors the periphery interfaces of a set of selected router groups. We analyze a large number of real network topologies and show that effective router groups with high trajectory error detection rates exist in all cases. We then develop an analytical model for quickly and accurately estimating the detection rates of different router groups. Based on this model, we propose an algorithm to select a set of router groups that can achieve complete error detection and low monitoring overhead. Second, maintaining the control states of all the routers in the network requires a significant amount of memory. However, there exist no studies on how to efficiently store multiple complex packet filters. We propose to store multiple packet filters using a shared Hyper- Cuts decision tree. To help decide which subset of packet filters should share a HyperCuts decision tree, we first identify a number of important factors that collectively impact the efficiency of the resulting shared HyperCuts decision tree. Based on the identified factors, we then propose to use machine learning techniques to predict whether any pair of packet filters should share a tree. Given the pair-wise prediction matrix, a greedy heuristic algorithm is used to classify packet filters into a number of shared HyperCuts decision trees. Our experiments using both real packet filters and synthetic packet filters show that our shared HyperCuts decision trees require considerably less memory while having the same or a slightly higher average height than separate trees. In addition, the shared HyperCuts decision trees enable concurrent lookup of multiple packet filters sharing the same tree. Finally, based on the two proposed techniques, we have implemented a complete prototype system that is compatible with Juniper's JUNOS. We have shown in the thesis that, to detect traffic trajectory errors, it is sufficient to only selectively implement a small set of key functions of a full-fletched router on our prototype, which makes our prototype simpler and less error prone. We conduct both Emulab experiments and micro-benchmark experiments to show that the system can efficiently track router control states, monitor traffic trajectories and detect traffic trajectory errors

Scalability and Resilience Analysis of Software-Defined Networking

Software-defined Networking (SDN) ist eine moderne Architektur für Kommunikationsnetze, welche entwickelt wurde, um die Einführung von neuen Diensten und Funktionen in Netzwerke zu erleichtern. Durch eine Trennung der Weiterleitungs- und Kontrollfunktionen sind nur wenige Kontrollelemente mit Software-Updates zu versehen, um Veränderungen am Netz vornehmen zu können. Allerdings wirft die Netzstrukturierung von SDN neue Fragen bezüglich Skalierbarkeit und Ausfallsicherheit auf, welche in dezentralen Netzstrukturen nicht auftreten. In dieser Arbeit befassen wir uns mit Fragestellungen zu Skalierbarkeit und Ausfallsicherheit in Bezug auf Unicast- und Multicast-Verkehr in SDN-basierten Netzen. Wir führen eine Komprimierungstechnik für Routingtabellen ein, welche die Skalierungsproblematik aktueller SDN Weiterleitungsgeräte verbessern soll und ermitteln ihre Effizienz in einer Leistungsbewertung. Außerdem diskutieren wir unterschiedliche Methoden, um die Ausfallsicherheit in SDN zu verbessern. Wir analysieren sie auf öffentlich zugänglichen Netzwerken und benennen Vor- und Nachteile der Ansätze. Abschließend schlagen wir eine skalierbare und ausfallsichere Architektur für Multicast-basiertes SDN vor. Wir untersuchen ihre Effizienz in einer Leistungsbewertung und zeigen ihre Umsetzbarkeit mithilfe eines Prototypen.Software-Defined Networking (SDN) is a novel architecture for communication networks that has been developed to ease the introduction of new network services and functions. It leverages the separation of the data plane and the control plane to allow network services to be deployed solely in software. Although SDN provides great flexibility, the applicability of SDN in communication networks raises several questions with regard to scalability and resilience against network failures. These concerns are not prevalent in current decentralized network architectures. In this thesis, we address scalability and resilience issues with regard to unicast and multicast traffic for SDN-based networks. We propose a new compression method for inter-domain routing tables to address hardware limitations of current SDN switches and analyze its effectiveness. We propose various resilience methods for SDN and identify their key performance indicators in the context of carrier-grade and datacenter networks. We discuss the advantages and disadvantages of these proposals and their appropriate use cases. Finally, we propose a scalable and resilient software-defined multicast architecture. We study the effectiveness of our approach and show its feasibility using a prototype implementation

Data Driven Network Design for Cloud Services Based on Historic Utilization

In recent years we have seen a shift from traditional networking in enterprises with Data Center centric architectures moving to cloud services. Companies are moving away from private networking technologies like MPLS as they migrate their application workloads to the cloud. With these migrations, network architects must struggle with how to design and build new network infrastructure to support the cloud for all their end users including office workers, remote workers, and home office workers. The main goal for network design is to maximize availability and performance and minimize cost. However, network architects and network engineers tend to over provision networks by sizing the bandwidth for worst case scenarios wasting millions of dollars per year. This thesis will analyze traditional network utilization data from twenty-five of the Fortune 500 companies in the United States and determine the most efficient bandwidth to support cloud services from providers like Amazon, Microsoft, Google, and others. The analysis of real-world data and the resulting proposed scaling factor is an original contribution from this study

Towards Simulation and Emulation of Large-Scale Computer Networks

Developing analytical models that can accurately describe behaviors of Internet-scale networks is difficult. This is due, in part, to the heterogeneous structure, immense size and rapidly changing properties of today\u27s networks. The lack of analytical models makes large-scale network simulation an indispensable tool for studying immense networks. However, large-scale network simulation has not been commonly used to study networks of Internet-scale. This can be attributed to three factors: 1) current large-scale network simulators are geared towards simulation research and not network research, 2) the memory required to execute an Internet-scale model is exorbitant, and 3) large-scale network models are difficult to validate. This dissertation tackles each of these problems. First, this work presents a method for automatically enabling real-time interaction, monitoring, and control of large-scale network models. Network researchers need tools that allow them to focus on creating realistic models and conducting experiments. However, this should not increase the complexity of developing a large-scale network simulator. This work presents a systematic approach to separating the concerns of running large-scale network models on parallel computers and the user facing concerns of configuring and interacting with large-scale network models. Second, this work deals with reducing memory consumption of network models. As network models become larger, so does the amount of memory needed to simulate them. This work presents a comprehensive approach to exploiting structural duplications in network models to dramatically reduce the memory required to execute large-scale network experiments. Lastly, this work addresses the issue of validating large-scale simulations by integrating real protocols and applications into the simulation. With an emulation extension, a network simulator operating in real-time can run together with real-world distributed applications and services. As such, real-time network simulation not only alleviates the burden of developing separate models for applications in simulation, but as real systems are included in the network model, it also increases the confidence level of network simulation. This work presents a scalable and flexible framework to integrate real-world applications with real-time simulation

On the Memory Requirement of Hop-by-hop Routing: Tight Bounds and Optimal Address Spaces

Routing in large-scale computer networks today is built on hop-by-hop routing: packet headers specify the destination address and routers use internal forwarding tables to map addresses to next-hop ports. In this paper we take a new look at the scalability of this paradigm. We define a new model that reduces forwarding tables to sequential strings, which then lend themselves readily to an information-theoretical analysis. Contrary to previous work, our analysis is not of worst-case nature, but gives verifiable and realizable memory requirement characterizations even when subjected to concrete topologies and routing policies. We formulate the optimal address space design problem as the task to set node addresses in order to minimize certain network-wide entropy-related measures. We derive tight space bounds for many well-known graph families and we propose a simple heuristic to find optimal address spaces for general graphs. Our evaluations suggest that in structured graphs, including most practically important network topologies, significant memory savings can be attained by forwarding table compression over our optimized address spaces. According to our knowledge, our work is the first to bridge the gap between computer network scalability and information-theory

Thermosensitive chitosan-based hydrogels for extrusion-based bioprinting and injectable scaffold for articular tissue engineering

La bio-impression est une forme avancée de fabrication additive qui permet de créer des structures 3D vivantes (contenant des cellules) et de créer des modèles 3D de tissus ou, à plus long terme, des tissus implantables pour remplacer les tissus ou organes malades ou endommagés. La bio-impression connaît une croissance rapide mais doit faire face à plusieurs défis. L'un d'entre eux consiste à trouver des matériaux extrudables contenant des cellules (appelée bioencres) qui combinent toutes les propriétés requises. Les hydrogels de chitosan thermosensibles qui forment des solutions à température ambiante mais gélifient rapidement à la température du corps sont d’intéressants candidats comme bioencre mais à ce jour il n'y a pas encore eu de résultats convaincants démontrant leur potentiel. De plus, les méthodes rhéologiques permettant de prédire leur imprimabilité font toujours défaut. L'objectif général de ce doctorat était d'étudier et optimiser les hydrogels thermosensibles à base de chitosan fabriqué avec un mélange de deux bases faibles, (bêta-glycérophosphate et hydrogénocarbonate de sodium) pour la bio-impression par extrusion, notamment pour l'ingénierie des tissus articulaires. Nous avons tout d’abord développé une approche rhéologique pour évaluer leur potentiel en tant que bioencres. Les cinétiques de gélification à température ambiante et du corps ont été caractérisées. Puis les essais de viscosité et de récupération ont été adaptés pour prendre en compte l’absence de stabilité des gels. La fidélité de forme et les propriétés mécaniques des structures imprimées ont également été caractérisées en fonction du taux de cisaillement appliqué et les résultats corrélés avec les données rhéologiques. Nous avons démontré qu'il était possible d'imprimer une structure avec une fidélité et une maniabilité adéquate; cependant, une concentration élevée de chitosan (3%p/v) est nécessaire, ce qui entraîne un taux de mortalité élevé des cellules, tandis que réduire la concentration à 2%p/v entraîne une très mauvaise fidélité de la forme. Nous avons surmonté ces limites en utilisant une approche basée sur la bio-impression FRESH (Freeform reversible embedding of suspended hydrogel). Un bain de support chaud a été conçu afin de soutenir les structures bioprintées et d'améliorer la thermoréticulation du chitosan pendant l'impression. Cette approche augmente drastiquement la fidélité et les propriétés mécaniques des structures imprimées avec une concentration de chitosane (2% p/v) adaptée à l'encapsulation de cellules. ii Enfin, nous avons étudié l'impact du chargement de particules de bioverre osteoconducteurs dans ces hydrogels thermosensibles, en vue de leur utilisation pour la fabrication de tissus osseux minéralisés. Les propriétés mécaniques et la cytocompatibilité in vitro étant affectées de manière négative par l'ajout de bioglass, notre stratégie a consisté à concentrer le bioverre sous forme de microbilles, puis incorporer ces microbilles dans l'hydrogel à base de chitosan chargé de cellules. Cette nouvelle stratégie a permis d'améliorer considérablement les propriétés mécaniques et la viabilité des cellules. Cet hydrogel bioactif hybride n’est pas utilisable comme bioencre, mais il est injectable et pourrait être utilisé comme matrice injectable pour la régénération de défauts osseux. Cependant, il reste encore beaucoup d’optimisation à faire pour la bio-impression de tissus de gradient complexes.Bioprinting is an advanced method that enables to engineer living 3D structures mimicking the tissue complexity found in-vivo. It allows to create 3D tissues to study drugs/biological mechanisms, also, in longer-term, implantable tissue to replace diseased/damaged body tissues/organs. Bioprinting is growing rapidly but faces several challenges. One of them is to find ideal bioinks which combine all the required properties. Hydrogels are generally used since cells require an aqueous environment. But it is very challenging to stack hydrogels into a 3D structure because hydrogels are weak by nature and cannot support the structure without collapsing. Among the potential candidates are thermosensitive chitosan hydrogels which form solutions at room temperature but rapidly gel at body temperature. However, their potential in bioprinting has not been yet studied. Moreover, comprehensive rheological methods to predict their printability are still missing. The general objective of this Ph.D. was to study and optimize the thermosensitive chitosan-based hydrogels for extrusion-based bioprinting and injectable scaffold for articular tissue engineering. The first objective was to develop a rheological approach to study printability of these time- and temperature-dependent hydrogels and assess their potential as bioinks. Chitosan-based physical hydrogels prepared by combining chitosan acidic solution with weak bases like beta-glycerophosphate and sodium-hydrogen-carbonate were studied. Gelation kinetics, shear-thinning viscosity as a function of shear rate corresponding to that applied during printing, and recovery tests were performed. The resolution and mechanical properties were characterized as a function of applied shear rate and results were correlated with rheological data. This work allowed us to determine the best chitosan hydrogel formulation for 3Dprinting and compare it with conventionally used bioink, alginate/gelatin. This methodology can also be useful for other temperature- and time-dependent materials. We demonstrated that printing structures with adequate fidelity and handability using chitosan-based hydrogels was feasible; however, a high concentration (3%w/v) was required, leading to high mortality rate of encapsulated cells. Decreasing chitosan concentration resulted in poor shape fidelity. The second objective was therefore to develop a method using Freeform reversible embedding of suspended hydrogel (FRESH) bioprinting to overcome these limitations. A warm support bath was designed to support chitosan-based bioprinted structures and enhance chitosan thermo-crosslinking during printing. This approach iv drastically increases the fidelity and mechanical properties of structures printed with low concentration chitosan (2%w/v) suitable for cell encapsulation. Lastly, we studied the impact of loading bioglass particles into such thermosensitive hydrogels for potential bone-mineralized tissue repair, which could promote bone ingrowth through osteoconductivity. The mechanical properties and in-vitro cytocompatibility are affected adversely by bioglass addition. A new strategy was implemented to encapsulate bioglass within chitosan-based microbeads, then incorporate these microbeads in the cell-laden chitosan-based hydrogel. This strategy improved mechanical properties and cell viability. This hybrid hydrogel could be used to form an injectable cell-loaded scaffold. The bioactive microbeads were freezable, increasing their potential for clinical applications. We demonstrated the potential of the thermosensitive chitosan-based hydrogels for bioprinting, especially with the FRESH approach. This opens interesting avenues toward tissue engineering. However, much works still remain to be done before bioprinting complex gradient tissues