Infinite CacheFlow: a Rule-caching Solution for Software Defined Networks

January 2014

abstract: New OpenFlow switches support a wide range of network applications, such as firewalls, load balancers, routers, and traffic monitoring. While ternary content addressable memory (TCAM) allows switches to process packets at high speed based on multiple header fields, today's commodity switches support just thousands to tens of thousands of forwarding rules. To allow for finer-grained policies on this hardware, efficient ways to support the abstraction of a switch are needed with arbitrarily large rule tables. To do so, a hardware-software hybrid switch is designed that relies on rule caching to provide large rule tables at low cost. Unlike traditional caching solutions, neither individual rules are cached (to respect rule dependencies) nor compressed (to preserve the per-rule traffic counts). Instead long dependency chains are ``spliced'' to cache smaller groups of rules while preserving the semantics of the network policy. The proposed hybrid switch design satisfies three criteria: (1) responsiveness, to allow rapid changes to the cache with minimal effect on traffic throughput; (2) transparency, to faithfully support native OpenFlow semantics; (3) correctness, to cache rules while preserving the semantics of the original policy. The evaluation of the hybrid switch on large rule tables suggest that it can effectively expose the benefits of both hardware and software switches to the controller and to applications running on top of it. / Dissertation/Thesis / M.S. Computer Science 2014

Computer science

Algorithms

Caching

Software Defined Networking

VPN Mesh in Industrial Networking

Berndtsson, Andreas

January 2013

This thesis report describes the process and present the results gained while evaluating available VPN mesh solutions and equipment for integration into Industrial systems. The task was divided into several sub steps; summarize the previous work done in the VPN mesh area, evaluate the available VPN mesh solutions, verify that the interesting equipment comply with the criteria set by ABB and lastly verify that the equipment can be integrated transparently into already running systems. The result shows that there is equipment that complies with the criteria, which can also be integrated transparently into running systems. The result also shows that IPSec should be used as the VPN protocol since IPSec can make use of the crypto hardware whereas TLS based VPNs currently cannot. Even though the implementation of secure gateways would provide authentication and authorization to the network, the cost of implementing these gateways would be great. The best solution would be to present the evaluated equipment as an optional feature instead of making it standard equipment in each system. / Denna examensarbetesrapport beskriver den process, samt presenterar de resultat som har insamlats, när tillgängliga VPN-mesh-lösningar- och utrustning har utvärderats för integrering i Industriella system. Uppgiften var uppdelad i ett flertal delmoment, varvid det första bestod i att summera tidigare utfört arbete inom VPN-mesh-området. De efterföljande delmomenten bestod i att utvärdera tillgängliga VPN-mesh-lösningar, verifiera att den utvärderade utrustningen uppfyller de krav som fastställts av ABB samt verifiera att utrustningen har stöd för transparent integrering i system under drift. Resultatet visar att det finns utrustning som uppfyller ABB’s krav, vilken även kan bli transparent integrerade i system under drift. Resultatet visar även att IPSec bör användas som VPN-protokoll eftersom IPSec kan nyttja krypto-hårdvara medan TLS-baserade VPN-lösningar för tillfället saknar denna funktionalitet. Implementeringen av säkra gateways medför autentisering och auktorisering till nätverket, dock är kostnaden att implementera dessa hög. Den bästa lösningen vore att erbjuda de utvärderade produkterna som möjliga tillägg, istället för att göra dem till standardutrustning vid köp av ett industriellt system.

Industrial

Networking

Firewall

Computer Sciences

Datavetenskap (datalogi)

Representation of Adolescent Identity Status through Facebook Use: A Qualitative Multicase Study of Adolescent Digital Behaviors

Valdez, David

05 July 2016

The expanding landscape of social media offers users several platforms to introduce into their lifestyle choices. Facebook continues to be one of the most ubiquitous social media platforms in the United States (Pew Research Center, 2015), and its use in educational contexts has become an area of inquiry. This study examines how a sample of high school seniors in an IB psychology class use social media, specifically, Facebook by inquiring into the interrelationship between social media use, identity formation, and personal teacher pedagogy as part of instruction. The research questions for this study were: Question 1- How are students using social media platforms during their senior-year of high school? Question 2- In what ways does Marcia’s model of adolescence identity type help to explain potential differences in Facebook use among adolescents? Question 3- In what ways are students’ Facebook practices and teaching practices that relies on social media responsive to one another? Following ethical guidelines as prescribed by IRB procedures, participants were surveyed and categorized by their respective identity type using Marcia’s (1967) model of adolescence identity type. Utilizing a socioconstructionist theoretical framework and Marcia’s model, journal entries, interview data, and Facebook observations from four students were analyzed over a four-week period. Findings revealed that identity achievement students regarded their social media use as active and were more likely to use Facebook to research future goals. These students felt Facebook deepened interests in aspects of their identity and often used Facebook to follow-up with classwork/homework. Moratorium students regarded their Facebook use as passive and did not feel their online use deepened their identity development. All students agreed that their current Facebook profiles no longer represent their identities accurately. Gender differences, recommendations for classroom inclusion of Facebook, and personal reflections on pedagogy were also described.

social networking

Marcia

technology

Educational Psychology

FULL-VIEW COVERAGE PROBLEMS IN CAMERA SENSOR NETWORKS

Li, Chaoyang

08 August 2017

Camera Sensor Networks (CSNs) have emerged as an information-rich sensing modality with many potential applications and have received much research attention over the past few years. One of the major challenges in research for CSNs is that camera sensors are different from traditional scalar sensors, as different cameras from different positions can form distinct views of the object in question. As a result, simply combining the sensing range of the cameras across the field does not necessarily form an effective camera coverage, since the face image (or the targeted aspect) of the object may be missed. The angle between the object's facing direction and the camera's viewing direction is used to measure the quality of sensing in CSNs instead. This distinction makes the coverage verification and deployment methodology dedicated to conventional sensor networks unsuitable. A new coverage model called full-view coverage can precisely characterize the features of coverage in CSNs. An object is full-view covered if there is always a camera to cover it no matter which direction it faces and the camera's viewing direction is sufficiently close to the object's facing direction. In this dissertation, we consider three areas of research for CSNS: 1. an analytical theory for full-view coverage; 2. energy efficiency issues in full-view coverage CSNs; 3. Multi-dimension full-view coverage theory. For the first topic, we propose a novel analytical full-view coverage theory, where the set of full-view covered points is produced by numerical methodology. Based on this theory, we solve the following problems. First, we address the full-view coverage holes detection problem and provide the healing solutions. Second, we propose $k$-Full-View-Coverage algorithms in camera sensor networks. Finally, we address the camera sensor density minimization problem for triangular lattice based deployment in full-view covered camera sensor networks, where we argue that there is a flaw in the previous literature, and present our corresponding solution. For the second topic, we discuss lifetime and full-view coverage guarantees through distributed algorithms in camera sensor networks. Another energy issue we discuss is about object tracking problems in full-view coverage camera sensor networks. Next, the third topic addresses multi-dimension full-view coverage problem where we propose a novel 3D full-view coverage model, and we tackle the full-view coverage optimization problem in order to minimize the number of camera sensors and demonstrate a valid solution. This research is important due to the numerous applications for CSNs. Especially some deployment can be in remote locations, it is critical to efficiently obtain accurate meaningful data.

Full-view coverage

Algorithm

Networking

Energy efficiency

Error behaviour in optical networks

James, Laura Bryony

January 2005

Optical fibre communications are now widely used in many applications, including local area computer networks. I postulate that many future optical LANs will be required to operate with limited optical power budgets for a variety of reasons, including increased system complexity and link speed, low cost components and minimal increases in transmit power. Some developers will wish to run links with reduced power budget margins, and the received data in these systems will be more susceptible to errors than has been the case previously. The errors observed in optical systems are investigated using the particular case of Gigabit Ethernet on fibre as an example. Gigabit Ethernet is one of three popular optical local area interconnects which use 8B/10B line coding, along with Fibre Channel and Infiniband, and is widely deployed. This line encoding is also used by packet switched optical LANs currently under development. A probabilistic analysis follows the effects of a single channel error in a frame, through the line coding scheme and the MAC layer frame error detection mechanisms. Empirical data is used to enhance this original analysis, making it directly relevant to deployed systems. Experiments using Gigabit Ethernet on fibre with reduced power levels at the receiver to simulate the effect of limited power margins are described. It is found that channel bit error rate and packet loss rate have only a weakly deterministic relationship, due to interactions between a number of non-uniform error characteristics at various network sub-layers. Some data payloads suffer from high bit error rates and low packet loss rates, compared to others with lower bit error rates and yet higher packet losses. Experiments using real Internet traffic contribute to the development of a novel model linking packet loss, the payload damage rate, and channel bit error rate. The observed error behaviours at various points in the physical and data link layers are detailed. These include data-dependent channel errors; this error hot- spotting is in contrast to the failure modes observed in a copper-based system. It is also found that both multiple channel errors within a single code-group, and multiple error instances within a frame, occur more frequently than might be expected. The overall effects of these error characteristics on the ability of cyclic redundancy checks (CRCs) to detect errors, and on the performance of higher layers in the network, is considered. This dissertation contributes to the discussion of layer interactions, which may lead to un-foreseen performance issues at higher levels of the network stack, and extends it by considering the physical and data link layers for a common form of optical link. The increased risk of errors in future optical networks, and my findings for 8B/10B encoded optical links, demonstrate the need for a cross-layer understanding of error characteristics in such systems. The development of these new networks should take error performance into account in light of the particular requirements of the application in question.

621.3827

Dynamic holography using ferroelectric liquid crystal on silicon spatial light modulators

Tan, Kim Leong

January 1999

No description available.

535

Developing and Evaluating an Open Source Network Laboratory and Curriculum

Yuan, Dongqing

01 January 2011

This study focused on developing and evaluating an open source software (OSS) network laboratory and curriculum for information technology (IT) program students. A review of literature revealed that to date there have been very few published studies on the development of the labs with clear and specific learning outcomes mapping the Institute for Electrical and Electronic Engineers (IEEE) and Association of Computing Machinery (ACM) IT computing curriculum recommendations. In addition, very few efforts have been taken to develop the lab and curriculum by using instructional design and learning theory from a pedagogical perspective. The goals of the research were to (a) analyze current computer networking education in the higher education system and the IEEE/ACM IT computing curriculum recommendation, (b) map the labs to the learning outcomes recommended by IEEE/ACM IT computing curriculum, (c) create and implement the OSS-based network laboratory and curriculum, and (d) evaluate the effectiveness of the laboratory and curriculum. The dissertation followed a developmental research model for the development of the lab and curriculum. The needs of the new curriculum were identified and the instructional goal was established. The 2008 ACM/IEEE computing curriculum recommendations were analyzed and translated into the lab objectives. Then five OSS labs were designed and implemented to cover the recommended learning outcomes. The curriculum was delivered to the students for two semester offerings at University of Wisconsin-Stout. An evaluation strategy which included a pretest, a posttest, and survey instrument was developed to measure students' performance and attitudes about the labs. The test questions were mapped to the learning objectives of the labs. The performances of the students from the intervention and control group were compared with paired t tests. Statistical analysis indicated that the labs were effective in introducing students to the concepts of computer networking. Students' comments also indicated that they preferred hands-on labs coupled with the classroom lectures. These results confirmed findings reported from previous studies. Additionally, based on some students' recommendation, the OSS network labs for distance online students could be a future direction to pursue.

Curriculum

Information Technology

Laboratory

Networking

Computer Sciences

DESIGN A SCALABLE AND SECURE NDN-BASED DATA RETRIEVAL FRAMEWORK FOR INTERNET OF THINGS

Yang, Ning

01 May 2020

Internet of Things (IoT) has great potential in enabling many beneficial applications (i.e., connected vehicle applications). Named Data Networking (NDN) recently emerges as a promising networking paradigm in supporting IoT due to its data-centric architecture. In this dissertation, we present our research on design a scalable, efficient and secure ndn-based data retrieval framework for Internet of Things. Our work includes three parts:First, we envision an NDN-based Connected Vehicles (CV) application framework with a distributed data service model, as CV is a typical scenario of IoT. The scalability of the framework is greatly challenged by the fast mobility and vast moving area of vehicles. To handle such an issue, we develop a novel hyperbolic hierarchical NDN backbone architecture (H2NDN) by exploiting the location dependency of CV applications. H2NDN designs the backbone routers topology and the data/interest namespace by following the hierarchical architecture of geographic locations. The efficient data searching only requires static forwarding information base (FIB) configuration over NDN routers. To avoid overloading high-level routers, H2NDN integrates hyperbolic routing through carefully designed hyperbolic planes.Second, a distributed adaptive caching strategy is proposed to improve the efficiency of data caches on NDN routers. NDN provides native support to cache data at routers for future Interest packets. As we model the caching problem, the goal of cache allocation is to maximize the savings of Interest/Data forwarding hops under the limited cache space on each router. We discuss the impracticality of global optimization and provide the local caching method. Extensive ndnSIM based simulation with real traffic data proves the efficiency and scalability of the proposed H2NDN architecture.Finally, although NDN provides some security advantages such as secures data directly and uses name semantics to enable applications to reason about security, employing NDN to support IoT applications nevertheless presents some new challenges about security. In this dissertation, we focus on two resultant attacks that are not effectively handled in current studies, namely the targeted blackhole attack and the targeted content poisoning attack. We propose a lightweight and efficient approach named SmartDetour to tackle the two attacks. To ensure high scalability and collusion-resilience, SmartDetour lets each router respond to attacks (i.e., packet drops or corrupted data) independently in order to isolate attackers. The core solution contains a reputation-based probabilistic forwarding strategy and a proactive attacker detection algorithm. Extensive ndnSIM based simulation demonstrates the efficiency and accuracy of the proposed SmartDetour.

Connected Vehicles Networking

Internet of Things

NDN Security

Towards Better Kernel and Network Monitoring of Software Actions

Lei, Yunsen

15 May 2020

Monitoring software actions is one of the most studied approaches to help security researchers understand how software interacts with the system or network. In many cases, monitoring is an important component to help detect attacks that use software vulnerabilities as a vector to compromise endpoints. Attacks are becoming more sophisticated and network use is growing dramatically. Both host-based and network-based monitoring are facing different challenges. A host-based approach has more insight into software's actions but puts itself at the risk of compromise. When deployed on the server endpoint, the lack of separation between different clients only further complicates the monitoring scope. Compared to network-based approaches, host-based monitoring usually loses control of a software's network trace once the network packet leaves the endpoint. On the other hand, network-based monitoring usually has full control of a software's network packets but confronts scalability problems as the network grows. This thesis focuses on the limitations of the current monitoring approaches and technologies and proposes different solutions to mitigate the current problem. For software-defined networking, we design and implement a host-based SDN system that achieves the same forwarding path control and packet rewriting functionality as a switch-based SDN. Our implementation empower the host-based SDN with more control in the network even without using any SDN-enabled middleboxes, allowing SDN adoption in large-scale deployments. We further corroborate flow reports from different host SDN agents to address the endpoint compromise problem. On the server endpoint, we leverage containers as a light-weight environment to separate different clients and build monitoring infrastructures to narrow down the monitoring scope that have the potential to facilitate further forensic analysis.

Security monitoring

Software-defined networking

Containerization

Exploring Critical Factors in Predicting Post-Adoptive Use of Facebook

Magro, Michael J.

05 1900

Social networking applications (SNAs) have experienced a boom in popularity in recent years. Sites like Facebook and MySpace continuously draw new users, and are successful in organizing groups of users around topics of common interest. Among SNAs, Facebook has demonstrably outgrown its rivals growing an estimated 157 percent from 2008 to 2009. Facebook is now estimated to be the fourth largest Internet site in the world, trailing only Google, Microsoft and Yahoo (Schonfeld 2009). This dissertation posits and tests a theoretical model composed of key factors that contribute to post-adoptive use of social networking applications and the relationship of those factors to one another. This study also identifies and clarifies new constructs that were not previously used to measure usage, and further refines the constructs that were previously used so that they better fit social networking applications. The results of this dissertation show that the critical factors of social capital, hedonic enjoyment, perceived usefulness, social influence, satisfaction and attitude have a positive influence on a post-adoptive user's intention to continue using Facebook. The results of this study yielded a structural model for predicting the post-adoptive use of Facebook. This work also developed an instrument for measuring constructs relevant to social networking applications.

Social networking

social capital

post-adoption

Facebook