Selfish Optimization in Computer Networks

This paper describes two applications of decentralized (Pareto) optimization to problems of computer communication networks. The first application is to develop a generalized principle for optimality of multi-hop broadcast channel access schemes. The second application is to decentralized flow-control in fixed virtual-circuit networks (e.g., SNA) using power maximization as the performance index. The decentralized approach to optimum network behavior yields, among other results, characterization of fair global objective functions, and optimal decentralized greedy network control algorithms. The main conclusion of this paper is that Pareto-optimality methods can be successfully used to develop optimal decentralized behavior algorithms where a centralized approach is (sometimes provably) not applicable

Virtual lines, a deadlock-free and real-time routing mechanism for ATM networks

In this paper, we present a routing mechanism and buffer allocation mechanism for an ATM switching fabric. Since the fabric will be used to transfer multimedia traffic, it should provide a guaranteed throughput and a bounded latency. We focus on the design of a suitable routing mechanism that is capable of fulfilling these requirements and is free of deadlocks. We will describe two basic concepts that can be used to implement deadlock-free routing. Routing of messages is closely related to buffering. We have organized the buffers into parallel FIFO's, each representing a virtual line. In this way, we not only have solved the problem of head of line blocking, but we can also give real-time guarantees. We will show that for local high-speed networks, it is more advantageous to have a proper flow control than to have large buffers. Although the virtual line concept can have a low buffer utilization, the transfer efficiency can be higher. The virtual line concept allows adaptive routing. The total throughput of the network can be improved by using alternative routes. Adaptive routing is attractive in networks where alternative routes are not much longer than the initial route(s). The network of the switching fabric is built up from switching elements interconnected in a Kautz topology

Dynamic algorithms for multicast with intra-session network coding

The problem of multiple multicast sessions with intra-session network coding in time-varying networks is considered. The network-layer capacity region of input rates that can be stably supported is established. Dynamic algorithms for multicast routing, network coding, power allocation, session scheduling, and rate allocation across correlated sources, which achieve stability for rates within the capacity region, are presented. This work builds on the back-pressure approach introduced by Tassiulas et al., extending it to network coding and correlated sources. In the proposed algorithms, decisions on routing, network coding, and scheduling between different sessions at a node are made locally at each node based on virtual queues for different sinks. For correlated sources, the sinks locally determine and control transmission rates across the sources. The proposed approach yields a completely distributed algorithm for wired networks. In the wireless case, power control among different transmitters is centralized while routing, network coding, and scheduling between different sessions at a given node are distributed

Virtual lines, a deadlock free and real-time routing mechanism for ATM networks

In this paper we present a routing mechanism and buffer allocation mechanism for an ATM switching fabric. Since the fabric will be used to transfer multimedia traffic it should provide a guaranteed throughput and a bounded latency. We focus on the design of a suitable routing mechanism that is capable to fulfil these requirements and is free of deadlocks. We will describe two basic concepts that can be used to implement deadlock free routing. Routing of messages is closely related to buffering. We have organized the buffers into parallel fifos, each representing a virtual line. In this way we not only have solved the problem of Head Of Line blocking, but we can also give real-time guarantees. We will show that for local high-speed networks it is more advantageous to have a proper flow control than to have large buffers. Although the virtual line concept can have a low buffer utilization, the transfer efficiency can be higher. The virtual lines concept allows adaptive routing. The total throughput of the network can be improved by using alternative routes. Adaptive routing is attractive in networks where alternative routes are not much longer than the initial route(s). The network of the switching fabric is built up from switching elements interconnected in a Kautz topology

Stacco: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves

Intel Software Guard Extension (SGX) offers software applications enclave to protect their confidentiality and integrity from malicious operating systems. The SSL/TLS protocol, which is the de facto standard for protecting transport-layer network communications, has been broadly deployed for a secure communication channel. However, in this paper, we show that the marriage between SGX and SSL may not be smooth sailing. Particularly, we consider a category of side-channel attacks against SSL/TLS implementations in secure enclaves, which we call the control-flow inference attacks. In these attacks, the malicious operating system kernel may perform a powerful man-in-the-kernel attack to collect execution traces of the enclave programs at page, cacheline, or branch level, while positioning itself in the middle of the two communicating parties. At the center of our work is a differential analysis framework, dubbed Stacco, to dynamically analyze the SSL/TLS implementations and detect vulnerabilities that can be exploited as decryption oracles. Surprisingly, we found exploitable vulnerabilities in the latest versions of all the SSL/TLS libraries we have examined. To validate the detected vulnerabilities, we developed a man-in-the-kernel adversary to demonstrate Bleichenbacher attacks against the latest OpenSSL library running in the SGX enclave (with the help of Graphene) and completely broke the PreMasterSecret encrypted by a 4096-bit RSA public key with only 57286 queries. We also conducted CBC padding oracle attacks against the latest GnuTLS running in Graphene-SGX and an open-source SGX-implementation of mbedTLS (i.e., mbedTLS-SGX) that runs directly inside the enclave, and showed that it only needs 48388 and 25717 queries, respectively, to break one block of AES ciphertext. Empirical evaluation suggests these man-in-the-kernel attacks can be completed within 1 or 2 hours.Comment: CCS 17, October 30-November 3, 2017, Dallas, TX, US

Sampled data systems passivity and discrete port-Hamiltonian systems

In this paper, we present a novel way to approach the interconnection of a continuous and a discrete time physical system first presented in [1][2] [3]. This is done in a way which preserves passivity of the coupled system independently of the sampling time T. This strategy can be used both in the field of telemanipulation, for the implementation of a passive master/slave system on a digital transmission line with varying time delays and possible loss of packets (e.g., the Internet), and in the field of haptics, where the virtual environment should `feel¿ like a physical equivalent system

Device-Centric Cooperation in Mobile Networks

The increasing popularity of applications such as video streaming in today's mobile devices introduces higher demand for throughput, and puts a strain especially on cellular links. Cooperation among mobile devices by exploiting both cellular and local area connections is a promising approach to meet the increasing demand. In this paper, we consider that a group of cooperative mobile devices, exploiting both cellular and local area links and within proximity of each other, are interested in the same video content. Traditional network control algorithms introduce high overhead and delay in this setup as the network control and cooperation decisions are made in a source-centric manner. Instead, we develop a device-centric stochastic cooperation scheme. Our device-centric scheme; DcC allows mobile devices to make control decisions such as flow control, scheduling, and cooperation without loss of optimality. Thanks to being device-centric, DcC reduces; (i) overhead; i.e., the number of control packets that should be transmitted over cellular links, so cellular links are used more efficiently, and (ii) the amount of delay that each packet experiences, which improves quality of service. The simulation results demonstrate the benefits of DcC