161 research outputs found
Germanna’s Treasure Trove of History: A Journey of Discovery
The author shares the rich historical setting of Germanna Community College’s Locust Grove Campus, as well as the classroom and college activities and events that have grown alongside his discoveries
Misbehaving TCP Receivers Can Cause Internet-Wide Congestion Collapse
An "optimistic" acknowledgment (OptAck) is an acknowledgment
sent by a misbehaving client for a data segment that it has not
received. Whereas previous work has focused on OptAck as a means to
greedily improve end-to-end performance, we study OptAck exclusively
as a denial of service attack. Specifically, an attacker sends
optimistic acknowledgments to many victims in parallel, thereby
amplifying its effective bandwidth by a factor of 30 million (worst
case). Thus, even a relatively modest attacker can totally saturate
the paths from many victims back to the attacker. Worse, a
distributed network of compromised machines (``zombies'') can exploit
this attack in parallel to bring about wide-spread, sustained
congestion collapse.
We implement this attack both in simulation and in a wide-area
network, and show it severity both in terms of number of packets and
total traffic generated. We engineer and implement a novel solution
that does not require client or network modifications allowing for
practical deployment. Additionally, we demonstrate the solution's
efficiency on a real network
TOPEX/Poseidon battery performance during the first year of operation
The topics are presented in viewgraph form and include the following: cell/battery history, operational strategy, and spacecraft data
Slurpie: A Cooperative Bulk Data Transfer Protocol
We present Slurpie: a peer-to-peer protocol for bulk data transfer. Slurpie is specifically designed to reduce client download times for large, popular files, and to reduce load on servers that serve these files. Slurpie employs a novel adaptive downloading strategy to increase client performance, and employs a randomized backoff strategy to precisely control load on the server. We describe a full implementation of the Slurpie protocol, and present results from both controlled localarea and wide-area testbeds. Our results show that Slurpie clients improve performance as the size of the network increases, and the server is completely insulated from large flash crowds entering the Slurpie network
An Autonomous Earth Observing Sensorweb
We describe a network of sensors linked by software and the internet to an autonomous satellite observation response capability. This system of systems is designed with a flexible, modular, architecture to facilitate expansion in sensors, customization of trigger conditions, and customization of responses. This system has been used to implement a global surveillance program of science phenomena including: volcanoes, flooding, cryosphere events, and atmospheric phenomena. In this paper we describe the importance of the earth observing sensorweb application as well as overall architecture for the network
P4Testgen: An Extensible Test Oracle For P4
We present P4Testgen, a test oracle for the P4-16 language that supports
automatic generation of packet tests for any P4-programmable device. Given a P4
program and sufficient time, P4Testgen generates tests that cover every
reachable statement in the input program. Each generated test consists of an
input packet, control-plane configuration, and output packet(s), and can be
executed in software or on hardware. Unlike prior work, P4Testgen is open
source and extensible, making it a general resource for the community.
P4Testgen not only covers the full P4-16 language specification, it also
supports modeling the semantics of an entire packet-processing pipeline,
including target-specific behaviors-i.e., whole-program semantics. Handling
aspects of packet processing that lie outside of the official specification is
critical for supporting real-world targets (e.g., switches, NICs, end host
stacks). In addition, P4Testgen uses taint tracking and concolic execution to
model complex externs (e.g., checksums and hash functions) that have been
omitted by other tools, and ensures the generated tests are correct and
deterministic. We have instantiated P4Testgen to build test oracles for the
V1model, eBPF, and the Tofino (TNA and T2NA) architectures; each of these
extensions only required effort commensurate with the complexity of the target.
We validated the tests generated by P4Testgen by running them across the entire
P4C program test suite as well as the Tofino programs supplied with Intel's P4
Studio. In just a few months using the tool, we discovered and confirmed 25
bugs in the mature, production toolchains for BMv2 and Tofino, and are
conducting ongoing investigations into further faults uncovered by P4Testgen
OFLOPS: An Open Framework for Openflow Switch Evaluation,” in PAM,
Abstract. Recent efforts in software-defined networks, such as OpenFlow, give unprecedented access into the forwarding plane of networking equipment. When building a network based on OpenFlow however, one must take into account the performance characteristics of particular OpenFlow switch implementations. In this paper, we present OFLOPS, an open and generic software framework that permits the development of tests for OpenFlow-enabled switches, that measure the capabilities and bottlenecks between the forwarding engine of the switch and the remote control application. OFLOPS combines hardware instrumentation with an extensible software framework. We use OFLOPS to evaluate current OpenFlow switch implementations and make the following observations: (i) The switching performance of flows depends on applied actions and firmware. (ii) Current OpenFlow implementations differ substantially in flow updating rates as well as traffic monitoring capabilities. (iii) Accurate OpenFlow command completion can be observed only through the data plane. These observations are crucial for understanding the applicability of OpenFlow in the context of specific use-cases, which have requirements in terms of forwarding table consistency, flow setup latency, flow space granularity, packet modification types, and/or traffic monitoring abilities
OFLOPS: An Open Framework for Openflow Switch Evaluation,” in PAM,
Abstract. Recent efforts in software-defined networks, such as OpenFlow, give unprecedented access into the forwarding plane of networking equipment. When building a network based on OpenFlow however, one must take into account the performance characteristics of particular OpenFlow switch implementations. In this paper, we present OFLOPS, an open and generic software framework that permits the development of tests for OpenFlow-enabled switches, that measure the capabilities and bottlenecks between the forwarding engine of the switch and the remote control application. OFLOPS combines hardware instrumentation with an extensible software framework. We use OFLOPS to evaluate current OpenFlow switch implementations and make the following observations: (i) The switching performance of flows depends on applied actions and firmware. (ii) Current OpenFlow implementations differ substantially in flow updating rates as well as traffic monitoring capabilities. (iii) Accurate OpenFlow command completion can be observed only through the data plane. These observations are crucial for understanding the applicability of OpenFlow in the context of specific use-cases, which have requirements in terms of forwarding table consistency, flow setup latency, flow space granularity, packet modification types, and/or traffic monitoring abilities
A Secure DHT via the Pigeonhole Principle
The standard Byzantine attack model assumes no more than some fixed
fraction of the participants are faulty. This assumption does not
accurately apply to peer-to-peer settings, where Sybil attacks and botnets
are realistic threats. We propose an attack model that permits an
arbitrary number of malicious nodes under the assumption that each node
can be classified based on some of its attributes, such as autonomous
system number or operating system, and that the number of classes with
malicious nodes is bounded (e.g., an attacker may exploit at most a few
operating systems at a time). In this model, we present a secure DHT,
evilTwin, which replaces a single, large DHT with sufficiently many
smaller instances such that it is impossible for an adversary to corrupt
every instance. Our system ensures high availability and low-latency
lookups, is easy to implement, does not require a complex Byzantine
agreement protocol, and its proof of security is a straightforward
application of the pigeonhole principle. The cost of security comes in the
form of increased storage and bandwidth overhead; we show how to reduce
these costs by replicating data and adaptively querying participants who
historically perform well. We use implementation and simulation to show
that evilTwin imposes a relatively small additional cost compared to
conventional DHTs
- …