Enabling Confidentiality in Content-Based Publish/Subscribe Infrastructures

Content-Based Publish/Subscribe (CBPS) is an interaction model where the interests of subscribers are stored in a content-based forwarding infrastructure to guide routing of notifications to interested parties. In this paper, we focus on answering the following question: Can we implement content-based publish/subscribe while keeping subscriptions and notifications confidential from the forwarding brokers? Our contributions include a systematic analysis of the problem, providing a formal security model and showing that the maximum level of attainable security in this setting is restricted. We focus on enabling provable confidentiality for commonly used applications and subscription languages in CBPS and present a series of practical provably secure protocols, some of which are novel and others adapted from existing work. We have implemented these protocols in SIENA, a popular CBPS system. Evaluation results show that confidential content-based publish/subscribe is practical: A single broker serving 1000 subscribers is able to route more than 100 notifications per second with our solutions

Reducing Congestion Effects by Multipath Routing in Wireless Networks

We propose a solution to improve fairness and increasethroughput in wireless networks with location information.Our approach consists of a multipath routing protocol, BiasedGeographical Routing (BGR), and two congestion controlalgorithms, In-Network Packet Scatter (IPS) and End-to-EndPacket Scatter (EPS), which leverage BGR to avoid the congestedareas of the network. BGR achieves good performancewhile incurring a communication overhead of just 1 byte perdata packet, and has a computational complexity similar togreedy geographic routing. IPS alleviates transient congestion bysplitting traffic immediately before the congested areas. In contrast,EPS alleviates long term congestion by splitting the flow atthe source, and performing rate control. EPS selects the pathsdynamically, and uses a less aggressive congestion controlmechanism on non-greedy paths to improve energy efficiency.Simulation and experimental results show that our solutionachieves its objectives. Extensive ns-2 simulations show that oursolution improves both fairness and throughput as compared tosingle path greedy routing. Our solution reduces the variance ofthroughput across all flows by 35%, reduction which is mainlyachieved by increasing throughput of long-range flows witharound 70%. Furthermore, overall network throughput increasesby approximately 10%. Experimental results on a 50-node testbed are consistent with our simulation results, suggestingthat BGR is effective in practice

ROAR: increasing the flexibility and performance of distributed search

Search engines are a fundamental building block of the web. Be they general purpose web search engines, product search engines for online catalogues or people search in online networks, search engines provide easy access to a huge amount of information. To cope with large amounts of information, search engines use many distributed servers to perform their functionality. For instance, to search the web quickly, search engines partition the web index over many machines, and consult every partition when answering a query. To increase throughput, replicas are added for each of these machines. The key parameter of these search algorithms is the trade-off between replication and partitioning: increasing the partitioning level typically improves query completion time since more servers handle the query. However, partitioning too much also has drawbacks: startup costs for each sub-query are not negligible, and will decrease total throughput. Finding the right operating point and adapting to it can significantly improve performance and reduce costs. In this thesis we propose that the tradeoff between partitioning and replication should be easily configurable. To this end we introduce Rendezvous On a Ring (ROAR), a novel distributed algorithm that enables on-the-fly re-configuration of the partitioning level. ROAR can add and remove servers without stopping the system, cope with server failures, and provide good load-balancing even with a heterogeneous server pool. We experimentally show that it is possible to dynamically adjust the partitioning level to cope with different loads while meeting target query delays, and in doing so the system can reduce its power consumption significantly. To test ROAR we introduce Privacy Preserving Search: a particular search application that allows users to store encrypted data online while being able to easily search that data. Our contributions include novel protocols that allow PPS for numeric values, as well as a proof of concept implementation of PPS running on top of ROAR and allowing users to match as many as 5 million files in well under 1s

Opportunistic mobility with multipath TCP

Proceedings of: ACM MobiArch 2011, The 6th ACM International Workshop on Mobility in the Evolving Internet Architecture, June 28, 2011, Washington, D.C.Host mobility has traditionally been solved at the network layer, but even though Mobile IP has been standardised for 15 years, it hasn’t been supported by operators. IP’s double role as a location identif er and communication endpoint identif er brings a number of functional and performance problems. We argue that the best place to handle mobility is at the transport layer. While this is not a new argument, we believe that the emerging standard of Multipath TCP (MPTCP) can be used to solve many issues related to mobility. MPTCP naturally implements make-before-break, can be incrementally deployed, is backwards compatible with standard TCP, and could even ease incremental adoption of IPv6. Using simulations and indoor experiments with WiFi and 3G, we show that MPTCP gives better throughput, achieves smoother handoffs, and can be tuned to lower energy consumption.This research was supported by Trilogy (http://www.trilogy-project.org), a research project (ICT-216372) partially funded by the European Community under its Seventh Framework Programme. European Community's Seventh Framework ProgramThis work was partly funded by POSDRU/89/1.5/S/62557Publicad

Boosting mobility performance with multi-path TCP

Proceeding of: Future Network & Mobile Summit 2010, 16 - 18 June 2010, Florence, ItalyFourth Generation mobile devices incorporate multiple interfaces with diverse access technologies. The current Mobile IP protocol fails to support the enhanced fault tolerance capabilities that are enabled by the availability of multiple interfaces. In particular, established Mobile IP communications cannot be preserved through outages affecting the Home Address. In this paper we describe an architecture for mobile host multihoming that enables transport layer survivability through multiple failure modes. The proposed approach relies on the cooperation between Mobile IP and Multi-Path TCP and aims to fully support multihoming and extend roaming capabilities of mobile devices.This research was supported by Trilogy (http://www.trilogy-project.org), a research project (ICT-216372) partially funded by the European Community under its Seventh Framework Programme.European Community's Seventh Framework ProgramNo publicad

Loupe: Driving the Development of OS Compatibility Layers

Supporting mainstream applications is fundamental for a new OS to have impact. It is generally achieved by developing a layer of compatibility allowing applications developed for a mainstream OS like Linux to run unmodified on the new OS. Building such a layer, as we show, results in large engineering inefficiencies due to the lack of efficient methods to precisely measure the OS features required by a set of applications. We propose Loupe, a novel method based on dynamic analysis that determines the OS features that need to be implemented in a prototype OS to bring support for a target set of applications and workloads. Loupe guides and boosts OS developers as they build compatibility layers, prioritizing which features to implement in order to quickly support many applications as early as possible. We apply our methodology to 100+ applications and several OSes currently under development, demonstrating high engineering effort savings vs. existing approaches: for example, for the 62 applications supported by the OSv kernel, we show that using Loupe, would have required implementing only 37 system calls vs. 92 for the non-systematic process followed by OSv developers. We study our measurements and extract novel key insights. Overall, we show that the burden of building compatibility layers is significantly less than what previous works suggest: in some cases, only as few as 20% of system calls reported by static analysis, and 50% of those reported by naive dynamic analysis need an implementation for an application to successfully run standard benchmarks.Comment: Accepted to appear at ASPLOS'24 (https://www.asplos-conference.org/asplos2024/

An edge-queued datagram service for all datacenter traffic

Modern datacenters support a wide range of protocols and in-network switch enhancements aimed at improving performance. Unfortunately, the resulting protocols often do not coexist gracefully because they inevitably interact via queuing in the network. In this paper we describe EQDS, a new datagram service for datacenters that moves almost all of the queuing out of the core network and into the sending host. This enables it to support multiple (conflicting) higher layer protocols, while only sending packets into the network according to any receiver-driven credit scheme. EQDS can transparently speed up legacy TCP and RDMA stacks, and enables transport protocol evolution, while benefiting from future switch enhancements without needing to modify higher layer stacks. We show through simulation and multiple implementations that EQDS can reduce FCT of legacy TCP by 2x, improve the NVMeOF-RDMA throughput by 30%, and safely run TCP alongside RDMA on the same network

FlexOS: Towards Flexible OS Isolation

At design time, modern operating systems are locked in a specific safety and isolation strategy that mixes one or more hardware/software protection mechanisms (e.g. user/kernel separation); revisiting these choices after deployment requires a major refactoring effort. This rigid approach shows its limits given the wide variety of modern applications' safety/performance requirements, when new hardware isolation mechanisms are rolled out, or when existing ones break. We present FlexOS, a novel OS allowing users to easily specialize the safety and isolation strategy of an OS at compilation/deployment time instead of design time. This modular LibOS is composed of fine-grained components that can be isolated via a range of hardware protection mechanisms with various data sharing strategies and additional software hardening. The OS ships with an exploration technique helping the user navigate the vast safety/performance design space it unlocks. We implement a prototype of the system and demonstrate, for several applications (Redis/Nginx/SQLite), FlexOS' vast configuration space as well as the efficiency of the exploration technique: we evaluate 80 FlexOS configurations for Redis and show how that space can be probabilistically subset to the 5 safest ones under a given performance budget. We also show that, under equivalent configurations, FlexOS performs similarly or better than several baselines/competitors.Comment: Artifact Evaluation Repository: https://github.com/project-flexos/asplos22-a