20 research outputs found
Logic Programming approaches for routing fault-free and maximally-parallel Wavelength Routed Optical Networks on Chip (Application paper)
One promising trend in digital system integration consists of boosting
on-chip communication performance by means of silicon photonics, thus
materializing the so-called Optical Networks-on-Chip (ONoCs). Among them,
wavelength routing can be used to route a signal to destination by univocally
associating a routing path to the wavelength of the optical carrier. Such
wavelengths should be chosen so to minimize interferences among optical
channels and to avoid routing faults. As a result, physical parameter selection
of such networks requires the solution of complex constrained optimization
problems. In previous work, published in the proceedings of the International
Conference on Computer-Aided Design, we proposed and solved the problem of
computing the maximum parallelism obtainable in the communication between any
two endpoints while avoiding misrouting of optical signals. The underlying
technology, only quickly mentioned in that paper, is Answer Set Programming
(ASP). In this work, we detail the ASP approach we used to solve such problem.
Another important design issue is to select the wavelengths of optical
carriers such that they are spread across the available spectrum, in order to
reduce the likelihood that, due to imperfections in the manufacturing process,
unintended routing faults arise. We show how to address such problem in
Constraint Logic Programming on Finite Domains (CLP(FD)).
This paper is under consideration for possible publication on Theory and
Practice of Logic Programming.Comment: Paper presented at the 33nd International Conference on Logic
Programming (ICLP 2017), Melbourne, Australia, August 28 to September 1,
2017. 16 pages, LaTeX, 5 figure
Secure Network-on-Chip Against Black Hole and Tampering Attacks
The Network-on-Chip (NoC) has become the communication heart of Multiprocessors-System-on-Chip (MPSoC). Therefore, it has been subject to a plethora of security threats to degrade the system performance or steal sensitive information. Due to the globalization of the modern semiconductor industry, many different parties take part in the hardware design of the system. As a result, the NoC could be infected with a malicious circuit, known as a Hardware Trojan (HT), to leave a back door for security breach purposes. HTs are smartly designed to be too small to be uncovered by offline circuit-level testing, so the system requires an online monitoring to detect and prevent the HT in runtime.
This dissertation focuses on HTs inside the router of a NoC designed by a third party. It explores two HT-based threat models for the MPSoC, where the NoC experiences packet-loss and packet-tampering once the HT in the infected router is activated and is in the attacking state. Extensive experiments for each proposed architecture were conducted using a cycle-accurate simulator to demonstrate its effectiveness on the performance of the NoC-based system.
The first threat model is the Black Hole Router (BHR) attack, where it silently discards the packets that are passing through without further announcement. The effect of the BHR is presented and analyzed to show the potency of the attack on a NoC-based system. A countermeasure protocol is proposed to detect the BHR at runtime and counteract the deliberate packet-dropping attack with a 26.9% area overhead, an average 21.31% performance overhead and a 22% energy consumption overhead. The protocol is extended to provide an efficient and power-gated scheme to enhance the NoC throughput and reduce the energy consumption by using end-to-end (e2e) approach. The power-gated e2e technique locates the BHR and avoids it with a 1% performance overhead and a 2% energy consumption overhead.
The second threat model is a packet-integrity attack, where the HT tampers with the packet to apply a denial-of-service attack, steal sensitive information, gain unauthorized access, or misroute the packet to an unintended node. An authentic and secure NoC platform is proposed to detect and countermeasure the packet-tampering attack to maintain data-integrity and authenticity while keeping its secrecy with a 24.21% area overhead. The proposed NoC architecture is not only able to detect the attack, but also locates the infected router and isolates it from the network
Two-tier Intrusion Detection System for Mobile Ad Hoc Networks
Nowadays, a commonly used wireless network (i.e. Wi-Fi) operates with the aid of a fixed
infrastructure (i.e. an access point) to facilitate communication between nodes when they
roam from one location to another. The need for such a fixed supporting infrastructure
limits the adaptability of the wireless network, especially in situations where the
deployment of such an infrastructure is impractical. In addition, Wi-Fi limits nodes'
communication as it only provides facility for mobile nodes to send and receive
information, but not reroute the information across the network. Recent advancements in
computer network introduced a new wireless network, known as a Mobile Ad Hoc
Network (MANET), to overcome these limitations.
MANET has a set of unique characteristics that make it different from other kind of
wireless networks. Often referred as a peer to peer network, such a network does not have
any fixed topology, thus nodes are free to roam anywhere, and could join or leave the
network anytime they desire. Its ability to be setup without the need of any infrastructure is
very useful, especially in geographically constrained environments such as in a military
battlefield or a disaster relief operation. In addition, through its multi hop routing facility,
each node could function as a router, thus communication between nodes could be made
available without the need of a supporting fixed router or an access point. However, these
handy facilities come with big challenges, especially in dealing with the security issues.
This research aims to address MANET security issues by proposing a novel intrusion
detection system that could be used to complement existing prevention mechanisms that
have been proposed to secure such a network.
A comprehensive analysis of attacks and the existing security measures proved that there is
a need for an Intrusion Detection System (IDS) to protect MANETs against security threats.
The analysis also suggested that the existing IDS proposed for MANET are not immune
against a colluding blackmail attack due to the nature of such a network that comprises
autonomous and anonymous nodes. The IDS architecture as proposed in this study utilises
trust relationships between nodes to overcome this nodes' anonymity issue. Through a
friendship mechanism, the problems of false accusations and false alarms caused by
blackmail attackers in global detection and response mechanisms could be eliminated.
The applicability of the friendship concept as well as other proposed mechanisms to solve
MANET IDS related issues have been validated through a set of simulation experiments.
Several MANET settings, which differ from each other based on the network's density
level, the number of initial trusted friends owned by each node, and the duration of the
simulation times, have been used to study the effects of such factors towards the overall
performance of the proposed IDS framework. The results obtained from the experiments
proved that the proposed concepts are capable to at least minimise i f not fully eliminate the
problem currently faced in MANET IDS
Non-minimal adaptive routing for efficient interconnection networks
RESUMEN: La red de interconexión es un concepto clave de los sistemas de computación paralelos. El primer aspecto que define una red de interconexión es su topologÃa. Habitualmente, las redes escalables y eficientes en términos de coste y consumo energético tienen bajo diámetro y se basan en topologÃas que encaran el lÃmite de Moore y en las que no hay diversidad de caminos mÃnimos. Una vez definida la topologÃa, quedando implÃcitamente definidos los lÃmites de rendimiento de la red, es necesario diseñar un algoritmo de enrutamiento que se acerque lo máximo posible a esos lÃmites y debido a la ausencia de caminos mÃnimos, este además debe explotar los caminos no mÃnimos cuando el tráfico es adverso. Estos algoritmos de enrutamiento habitualmente seleccionan entre rutas mÃnimas y no mÃnimas en base a las condiciones de la red. Las rutas no mÃnimas habitualmente se basan en el algoritmo de balanceo de carga propuesto por Valiant, esto implica que doblan la longitud de las rutas mÃnimas y por lo tanto, la latencia soportada por los paquetes se incrementa. En cuanto a la tecnologÃa, desde su introducción en entornos HPC a principios de los años 2000, Ethernet ha sido usado en un porcentaje representativo de los sistemas.
Esta tesis introduce una implementación realista y competitiva de una red escalable y sin pérdidas basada en dispositivos de red Ethernet commodity, considerando topologÃas de bajo diámetro y bajo consumo energético y logrando un ahorro energético de hasta un 54%. Además, propone un enrutamiento sobre la citada arquitectura, en adelante QCN-Switch, el cual selecciona entre rutas mÃnimas y no mÃnimas basado en notificaciones de congestión explÃcitas. Una vez implementada la decisión de enrutar siguiendo rutas no mÃnimas, se introduce un enrutamiento adaptativo en fuente capaz de adaptar el número de saltos en las rutas no mÃnimas. Este enrutamiento, en adelante ACOR, es agnóstico de la topologÃa y mejora la latencia en hasta un 28%. Finalmente, se introduce un enrutamiento dependiente de la topologÃa, en adelante LIAN, que optimiza el número de saltos de las rutas no mÃnimas basado en las condiciones de la red. Los resultados de su evaluación muestran que obtiene una latencia cuasi óptima y mejora el rendimiento de algoritmos de enrutamiento actuales reduciendo la latencia en hasta un 30% y obteniendo un rendimiento estable y equitativo.ABSTRACT: Interconnection network is a key concept of any parallel computing system. The first aspect to define an interconnection network is its topology. Typically, power and cost-efficient scalable networks with low diameter rely on topologies that approach the Moore bound in which there is no minimal path diversity. Once the topology is defined, the performance bounds of the network are determined consequently, so a suitable routing algorithm should be designed to accomplish as much as possible of those limits and, due to the lack of minimal path diversity, it must exploit non-minimal paths when the traffic pattern is adversarial. These routing algorithms usually select between minimal and non-minimal paths based on the network conditions, where the non-minimal paths are built according to Valiant load-balancing algorithm. This implies that these paths double the length of minimal ones and then the latency supported by packets increases. Regarding the technology, from its introduction in HPC systems in the early 2000s, Ethernet has been used in a significant fraction of the systems.
This dissertation introduces a realistic and competitive implementation of a scalable lossless Ethernet network for HPC environments considering low-diameter and low-power topologies. This allows for up to 54% power savings. Furthermore, it proposes a routing upon the cited architecture, hereon QCN-Switch, which selects between minimal and non-minimal paths per packet based on explicit congestion notifications instead of credits. Once the miss-routing decision is implemented, it introduces two mechanisms regarding the selection of the intermediate switch to develop a source adaptive routing algorithm capable of adapting the number of hops in the non-minimal paths. This routing, hereon ACOR, is topology-agnostic and improves average latency in all cases up to 28%. Finally, a topology-dependent routing, hereon LIAN, is introduced to optimize the number of hops in the non-minimal paths based on the network live conditions. Evaluations show that LIAN obtains almost-optimal latency and outperforms state-of-the-art adaptive routing algorithms, reducing latency by up to 30.0% and providing stable throughput and fairness.This work has been supported by the Spanish Ministry of Education, Culture and Sports
under grant FPU14/02253, the Spanish Ministry of Economy, Industry and Competitiveness
under contracts TIN2010-21291-C02-02, TIN2013-46957-C2-2-P, and TIN2013-46957-C2-2-P (AEI/FEDER, UE), the Spanish Research Agency under contract PID2019-105660RBC22/AEI/10.13039/501100011033, the European Union under agreements FP7-ICT-2011-
7-288777 (Mont-Blanc 1) and FP7-ICT-2013-10-610402 (Mont-Blanc 2), the University of
Cantabria under project PAR.30.P072.64004, and by the European HiPEAC Network of Excellence through an internship grant supported by the European Union’s Horizon 2020 research
and innovation program under grant agreement No. H2020-ICT-2015-687689
Securing routing protocols in mobile ad hoc networks
A Mobile Ad Hoc Network (MANET) is more prone to security threats than other
wired and wireless networks because of the distributed nature of the network.
Conventional MANET routing protocols assume that all nodes cooperate without
maliciously disrupting the operation of the protocol and do not provide defence
against attackers. Blackhole and flooding attacks have a dramatic negative impact
while grayhole and selfish attacks have a little negative impact on the performance
of MANET routing protocols.
Malicious nodes or misbehaviour actions detection in the network is an important
task to maintain the proper routing protocol operation. Current solutions
cannot guarantee the true classification of nodes because the cooperative nature
of the MANETs which leads to false exclusions of innocent nodes and/or good
classification of malicious nodes. The thesis introduces a new concept of Self-
Protocol Trustiness (SPT) to discover malicious nodes with a very high trustiness
ratio of a node classification. Designing and implementing new mechanisms that
can resist flooding and blackhole attacks which have high negative impacts on
the performance of these reactive protocols is the main objective of the thesis.
The design of these mechanisms is based on SPT concept to ensure the high
trustiness ratio of node classification. In addition, they neither incorporate the
use of cryptographic algorithms nor depend on routing packet formats which make
these solutions robust and reliable, and simplify their implementations in different
MANET reactive protocols.
Anti-Flooding (AF) mechanism is designed to resist flooding attacks which relies
on locally applied timers and thresholds to classify nodes as malicious. Although
AF mechanism succeeded in discovering malicious nodes within a small time, it
has a number of thresholds that enable attacker to subvert the algorithm and
cannot guarantee that the excluded nodes are genuine malicious nodes which was
the motivation to develop this algorithm. On the other hand, Flooding Attack
Resisting Mechanism (FARM) is designed to close the security gaps and overcome
the drawbacks of AF mechanism. It succeeded in detecting and excluding more
than 80% of flooding nodes within the simulation time with a very high trustiness
ratio.
Anti-Blackhole (AB) mechanism is designed to resist blackhole attacks and relies
on a single threshold. The algorithm guarantees 100% exclusion of blackhole nodes
and does not exclude any innocent node that may forward a reply packet. Although
AB mechanism succeeded in discovering malicious nodes within a small time, the
only suggested threshold enables an attacker to subvert the algorithm which was
the motivation to develop it. On the other hand, Blackhole Resisting Mechanism
(BRM) has the main advantages of AB mechanism while it is designed to close
the security gaps and overcome the drawbacks of AB mechanism. It succeeded in
detecting and excluding the vast majority of blackhole nodes within the simulation
time
On Energy Efficient Computing Platforms
In accordance with the Moore's law, the increasing number of on-chip integrated transistors has enabled modern computing platforms with not only higher processing power but also more affordable prices. As a result, these platforms, including portable devices, work stations and data centres, are becoming an inevitable part of the human society. However, with the demand for portability and raising cost of power, energy efficiency has emerged to be a major concern for modern computing platforms.
As the complexity of on-chip systems increases, Network-on-Chip (NoC) has been proved as an efficient communication architecture which can further improve system performances and scalability while reducing the design cost. Therefore, in this thesis, we study and propose energy optimization approaches based on NoC architecture, with special focuses on the following aspects.
As the architectural trend of future computing platforms, 3D systems have many bene ts including higher integration density, smaller footprint, heterogeneous integration, etc. Moreover, 3D technology can signi cantly improve the network communication and effectively avoid long wirings, and therefore, provide higher system performance and energy efficiency.
With the dynamic nature of on-chip communication in large scale NoC based systems, run-time system optimization is of crucial importance in order to achieve higher system reliability and essentially energy efficiency. In this thesis, we propose an agent based system design approach where agents are on-chip components which monitor and control system parameters such as supply voltage, operating frequency, etc. With this approach, we have analysed the implementation alternatives for dynamic voltage and frequency scaling and power gating techniques at different granularity, which reduce both dynamic and leakage energy consumption.
Topologies, being one of the key factors for NoCs, are also explored for energy saving purpose. A Honeycomb NoC architecture is proposed in this thesis with turn-model based deadlock-free routing algorithms. Our analysis and simulation based evaluation show that Honeycomb NoCs outperform their Mesh based counterparts in terms of network cost, system performance as well as energy efficiency.Siirretty Doriast
Characterization and optimization of network traffic in cortical simulation
Considering the great variety of obstacles the Exascale systems
have to face in the next future, a deeper attention will be given in this thesis
to the interconnect and the power consumption.
The data movement challenge involves the whole hierarchical organization
of components in HPC systems — i.e. registers, cache, memory, disks.
Running scientific applications needs to provide the most effective methods
of data transport among the levels of hierarchy. On current petaflop systems,
memory access at all the levels is the limiting factor in almost all applications.
This drives the requirement for an interconnect achieving adequate rates of
data transfer, or throughput, and reducing time delays, or latency, between
the levels.
Power consumption is identified as the largest hardware research challenge.
The annual power cost to operate the system would be above 2.5 B$
per year for an Exascale system using current technology. The research for alternative
power-efficient computing device is mandatory for the procurement
of the future HPC systems.
In this thesis, a preliminary approach will be offered to the critical process of
co-design. Co-desing is defined as the simultaneos design of both hardware
and software, to implement a desired function. This process both integrates
all components of the Exascale initiative and illuminates the trade-offs that
must be made within this complex undertaking
Unifying Static And Runtime Analysis In Declarative Distributed Systems
Today’s distributed systems are becoming increasingly complex, due to the ever-growing number of network devices and their variety. The complexity makes it hard for system administrators to correctly configure distributed systems. This motivates the need for effective analytic tools that can help ensure correctness of distributed systems.
One challenge in ensuring correctness is that there does not exist one solution that works for all properties. One type of properties, such as security properties, are so critical that they demand pre-deployment verification (i.e., static analysis) which, though time-consuming, explores the whole execution space. However, due to the potential problem of state explosion, static verification of all properties is not practical, and not necessary. Violation of non-critical properties, such as correct routing with shortest paths, is tolerable during execution and can be diagnosed after errors occur (i.e., runtime analysis), a more light-weight approach compared to verification.
This dissertation presents STRANDS, a declarative framework that enables users to perform both pre-deployment verification and post-deployment diagnostics on top of declarative specification of distributed systems. STRANDS uses Network Datalog (NDlog), a distributed variant of Datalog query language, to specify network protocols and services. STRANDS has two components: a system verifier and a system debugger. The verifier allows the user to rigorously prove safety properties of network protocols and services, using either the program logic or symbolic execution we develop for NDlog programs. The debugger, on the other hand, facilitates diagnosis of system errors by allowing for querying of the structured history of network execution (i.e., network provenance) that is maintained in a storage-efficient manner.
We show the effectiveness of STRANDS by evaluating both the verifier and the debugger. Using the verifier, we prove path authenticity of secure routing protocols, and verify a number of safety properties in software-defined networking (SDN). Also, we demonstrate that our provenance maintenance algorithm achieves significant storage reduction, while incurring negligible network overhead