3,530 research outputs found
An analytical framework for the performance evaluation of proximity-aware structured overlays
In this paper, we present an analytical study of proximity-aware structured peer-to-peer networks under churn. We use a master-equation-based approach, which is used traditionally in non-equilibrium statistical mechanics to describe steady-state or transient phenomena. In earlier work we have demonstrated that this methodology is in fact also well suited to describing structured overlay networks under churn, by showing how we can accurately predict the average number of hops taken by a lookup, for any value of churn, for the Chord system. In this paper, we extend the analysis so as to also be able to predict lookup latency, given an average latency for the links in the network. Our results show that there exists a region in the parameter space of the model, depending on churn, the number of nodes, the maintenance rates and the delays in the network, when the network cannot function as a small world graph anymore, due to the farthest connections of a node always being wrong or dead. We also demonstrate how it is possible to analyse proximity neighbour selection or proximity route selection within this formalism
Models and Protocols for Resource Optimization in Wireless Mesh Networks
Wireless mesh networks are built on a mix of fixed and mobile nodes interconnected via wireless links to form a multihop ad hoc network. An emerging application area for wireless mesh networks is their evolution into a converged infrastructure used to share and extend, to mobile users, the wireless Internet connectivity of sparsely deployed fixed lines with heterogeneous capacity, ranging from ISP-owned broadband links to subscriber owned low-speed connections. In this thesis we address different key research issues for this networking scenario. First, we propose an analytical predictive tool, developing a queuing network model capable of predicting the network capacity and we use it in a load aware routing protocol in order to provide, to the end users, a quality of service based on the throughput. We then extend the queuing network model and introduce a multi-class queuing network model to predict analytically the average end-to-end packet delay of the traffic flows among the mobile end users and the Internet. The analytical models are validated against simulation. Second, we propose an address auto-configuration solution to extend the coverage of a wireless mesh network by interconnecting it to a mobile ad hoc network in a transparent way for the infrastructure network (i.e., the legacy Internet interconnected to the wireless mesh network). Third, we implement two real testbed prototypes of the proposed solutions as a proof-of-concept, both for the load aware routing protocol and the auto-configuration protocol. Finally we discuss the issues related to the adoption of ad hoc networking technologies to address the fragility of our communication infrastructure and to build the next generation of dependable, secure and rapidly deployable communications infrastructures
LineSwitch: Efficiently Managing Switch Flow in Software-Defined Networking while Effectively Tackling DoS Attacks
Software Defined Networking (SDN) is a new networking architecture which aims
to provide better decoupling between network control (control plane) and data
forwarding functionalities (data plane). This separation introduces several
benefits, such as a directly programmable and (virtually) centralized network
control. However, researchers showed that the required communication channel
between the control and data plane of SDN creates a potential bottleneck in the
system, introducing new vulnerabilities. Indeed, this behavior could be
exploited to mount powerful attacks, such as the control plane saturation
attack, that can severely hinder the performance of the whole network.
In this paper we present LineSwitch, an efficient and effective solution
against control plane saturation attack. LineSwitch combines SYN proxy
techniques and probabilistic blacklisting of network traffic. We implemented
LineSwitch as an extension of OpenFlow, the current reference implementation of
SDN, and evaluate our solution considering different traffic scenarios (with
and without attack). The results of our preliminary experiments confirm that,
compared to the state-of-the-art, LineSwitch reduces the time overhead up to
30%, while ensuring the same level of protection.Comment: In Proceedings of the 10th ACM Symposium on Information, Computer and
Communications Security (ASIACCS 2015). To appea
Systematizing Decentralization and Privacy: Lessons from 15 Years of Research and Deployments
Decentralized systems are a subset of distributed systems where multiple
authorities control different components and no authority is fully trusted by
all. This implies that any component in a decentralized system is potentially
adversarial. We revise fifteen years of research on decentralization and
privacy, and provide an overview of key systems, as well as key insights for
designers of future systems. We show that decentralized designs can enhance
privacy, integrity, and availability but also require careful trade-offs in
terms of system complexity, properties provided, and degree of
decentralization. These trade-offs need to be understood and navigated by
designers. We argue that a combination of insights from cryptography,
distributed systems, and mechanism design, aligned with the development of
adequate incentives, are necessary to build scalable and successful
privacy-preserving decentralized systems
ZuverlÀssige und Energieeffiziente gemischt-kritische Echtzeit On-Chip Systeme
Multi- and many-core embedded systems are increasingly becoming the target for many applications that require high performance under varying conditions. A resulting challenge is the control, and reliable operation of such complex multiprocessing architectures under changes, e.g., high temperature and degradation. In mixed-criticality systems where many applications with varying criticalities are consolidated on the same execution platform, fundamental isolation requirements to guarantee non-interference of critical functions are crucially important. While Networks-on-Chip (NoCs) are the prevalent solution to provide scalable and efficient interconnects for the multiprocessing architectures, their associated energy consumption has immensely increased. Specifically, hard real-time NoCs must manifest limited energy consumption as thermal runaway in such a core shared resource jeopardizes the whole system guarantees. Thus, dynamic energy management of NoCs, as opposed to the related work static solutions, is highly necessary to save energy and decrease temperature, while preserving essential temporal requirements. In this thesis, we introduce a centralized management to provide energy-aware NoCs for hard real-time systems. The design relies on an energy control network, developed on top of an existing switch arbitration network to allow isolation between energy optimization and data transmission. The energy control layer includes local units called Power-Aware NoC controllers that dynamically optimize NoC energy depending on the global state and applicationsâ temporal requirements. Furthermore, to adapt to abnormal situations that might occur in the system due to degradation, we extend the concept of NoC energy control to include the entire system scope. That is, online resource management employing hierarchical control layers to treat system degradation (imminent core failures) is supported. The mechanism applies system reconfiguration that involves workload migration. For mixed-criticality systems, it allows flexible boundaries between safety-critical and non-critical subsystems to safely apply the reconfiguration, preserving fundamental safety requirements and temporal predictability. Simulation and formal analysis-based experiments on various realistic usecases and benchmarks are conducted showing significant improvements in NoC energy-savings and in treatment of system degradation for mixed-criticality systems improving dependability over the status quo.Eingebettete Many- und Multi-core-Systeme werden zunehmend das Ziel fĂŒr Anwendungen, die hohe Anfordungen unter unterschiedlichen Bedinungen haben. FĂŒr solche hochkomplexed Multi-Prozessor-Systeme ist es eine grosse Herausforderung zuverlĂ€ssigen Betrieb sicherzustellen, insbesondere wenn sich die UmgebungseinflĂŒsse verĂ€ndern. In Systeme mit gemischter KritikalitĂ€t, in denen viele Anwendungen mit unterschiedlicher KritikalitĂ€t auf derselben AusfĂŒhrungsplattform bedient werden mĂŒssen, sind grundlegende Isolationsanforderungen zur GewĂ€hrleistung der Nichteinmischung kritischer Funktionen von entscheidender Bedeutung. WĂ€hrend On-Chip Netzwerke (NoCs) hĂ€ufig als skalierbare Verbindung fĂŒr die Multiprozessor-Architekturen eingesetzt werden, ist der damit verbundene Energieverbrauch immens gestiegen. Daher sind dynamische Plattformverwaltungen, im Gegensatz zu den statischen, zwingend notwendig, um ein System an die oben genannten VerĂ€nderungen anzupassen und gleichzeitig Timing zu gewĂ€hrleisten. In dieser Arbeit entwickeln wir energieeffiziente NoCs fĂŒr harte Echtzeitsysteme. Das Design basiert auf einem Energiekontrollnetzwerk, das auf einem bestehenden Switch-Arbitration-Netzwerk entwickelt wurde, um eine Isolierung zwischen Energieoptimierung und DatenĂŒbertragung zu ermöglichen. Die Energiesteuerungsschicht umfasst lokale Einheiten, die als Power-Aware NoC-Controllers bezeichnet werden und die die NoC-Energie in AbhĂ€ngigkeit vom globalen Zustand und den zeitlichen Anforderungen der Anwendungen optimieren. DarĂŒber hinaus wird das Konzept der NoC-Energiekontrolle zur Anpassung an Anomalien, die aufgrund von Abnutzung auftreten können, auf den gesamten Systemumfang ausgedehnt. Online- Ressourcenverwaltungen, die hierarchische Kontrollschichten zur Behandlung Abnutzung (drohender KernausfĂ€lle) einsetzen, werden bereitgestellt. Bei Systemen mit gemischter KritikalitĂ€t erlaubt es flexible Grenzen zwischen sicherheitskritischen und unkritischen Subsystemen, um die Rekonfiguration sicher anzuwenden, wobei grundlegende Sicherheitsanforderungen erhalten bleiben und Timing Vorhersehbarkeit. Experimente werden auf der Basis von Simulationen und formalen Analysen zu verschiedenen realistischen Anwendungsfallen und Benchmarks durchgefĂŒhrt, die signifikanten Verbesserungen bei On-Chip Netzwerke-Energieeinsparungen und bei der Behandlung von Abnutzung fĂŒr Systeme mit gemischter KritikalitĂ€t zur Verbesserung die SystemstabilitĂ€t gegenĂŒber dem bisherigen Status quo zeigen
Know Your Enemy: Stealth Configuration-Information Gathering in SDN
Software Defined Networking (SDN) is a network architecture that aims at
providing high flexibility through the separation of the network logic from the
forwarding functions. The industry has already widely adopted SDN and
researchers thoroughly analyzed its vulnerabilities, proposing solutions to
improve its security. However, we believe important security aspects of SDN are
still left uninvestigated. In this paper, we raise the concern of the
possibility for an attacker to obtain knowledge about an SDN network. In
particular, we introduce a novel attack, named Know Your Enemy (KYE), by means
of which an attacker can gather vital information about the configuration of
the network. This information ranges from the configuration of security tools,
such as attack detection thresholds for network scanning, to general network
policies like QoS and network virtualization. Additionally, we show that an
attacker can perform a KYE attack in a stealthy fashion, i.e., without the risk
of being detected. We underline that the vulnerability exploited by the KYE
attack is proper of SDN and is not present in legacy networks. To address the
KYE attack, we also propose an active defense countermeasure based on network
flows obfuscation, which considerably increases the complexity for a successful
attack. Our solution offers provable security guarantees that can be tailored
to the needs of the specific network under consideratio
- âŠ