Global ETD Search

11	A FRAMEWORK FOR ECONOMIC ANALYSIS OF NETWORK ARCHITECTURES Murat Karakus (5931083) 17 January 2019 (has links) <div>This thesis firstly surveys and summarizes the state-of-the-art studies from two research areas in Software Defined Networking (SDN) architecture: (i) control plane scalability and (ii) Quality of Service (QoS)-related problems. It also outlines the potential challenges and open problems that need to be addressed further for more scalable SDN control planes and better and complete QoS abilities in SDN networks. The thesis secondly presents a hierarchical SDN design along with an inter-AS QoS-guaranteed routing approach. This design addresses the scalability problems of control plane and privacy concerns of inter-AS QoS routing philosophies in SDN. After exploring the roots of control plane scalability problems in SDN, the thesis then proposes a metric to quantitatively evaluate the control plane scalability in SDN. Later, the thesis presents a general framework for economic analysis of network architectures and designs. To this end, the thesis defines and utilizes two metrics, Unit Service Cost Scalability and Cost-to-Service, to evaluate how SDN architecture performs compared to MPLS architecture in terms of unit cost for a service and cost of introducing a new service along with giving mathematical models to calculate Capital Expenditures (CAPEX) and Operational Expenditures (OPEX) of a network. Moreover, the thesis studies the problem of optimal final pricing for services by proposing an optimal pricing scheme for a service request with QoS in SDN environment while aiming to maximize benefits of both service providers and customers. Finally, the thesis investigates how programmable network architectures, i.e. SDN, affect the network economics compared to traditional network architectures, i.e. MPLS, in case of failures along with exploring the economic impact of failures in different SDN control plane models. </div> Networking and Communications Computer Communications Networks Economic Analysis software defined networking SDN Unit Service Cost CAPEX OPEX network architectures
12	A Systematic Framework For Analyzing the Security and Privacy of Cellular Networks Syed Rafiul Hussain (5929793) 16 January 2020 (has links) <div>Cellular networks are an indispensable part of a nation's critical infrastructure. They not only support functionality that are critical for our society as a whole (e.g., business, public-safety message dissemination) but also positively impact us at a more personal level by enabling applications that often improve our quality of life (e.g., navigation). Due to deployment constraints and backward compatibility issues, the various cellular protocol versions were not designed and deployed with a strong security and privacy focus. Because of their ubiquitous presence for connecting billions of users and use for critical applications, cellular networks are, however, lucrative attack targets of motivated and resourceful adversaries. </div><div><br></div><div></div><div>In this dissertation, we investigate the security and privacy of 4G LTE and 5G protocol designs and deployments. More precisely, we systematically identify design weaknesses and implementation oversights affecting the critical operations of the networks, and also design countermeasures to mitigate the identified vulnerabilities and attacks. Towards this goal, we developed a systematic model-based testing framework called LTEInspector. LTEInspector can be used to not only identify protocol design weaknesses but also deployment oversights. LTEInspector leverages the combined reasoning capabilities of a symbolic model checker and a cryptographic protocol verifier by combining them in a lazy fashion. We instantiated \system with three critical procedures (i.e., attach, detach, and paging) of 4G LTE. Our analysis uncovered 10 new exploitable vulnerabilities along with 9 prior attacks of 4G LTE all of which have been verified in a real testbed. Since identifying all classes of attacks with a unique framework like \system is nearly impossible, we show that it is possible to identify sophisticated security and privacy attacks by devising techniques specifically tailored for a particular protocol and by leveraging the findings of LTEInspector. As a case study, we analyzed the paging protocol of 4G LTE and the current version of 5G, and observed that by leveraging the findings from LTEInspector and other side-channel information and by using a probabilistic reasoning technique it is possible to mount sophisticated privacy attacks that can expose a victim device's coarse-grained location information and sensitive identifiers when the adversary is equipped only with the victim's phone number or other soft-identity (e.g., social networking profile). An analysis of LTEInspector's findings shows that the absence of broadcast authentication enables an adversary to mount a wide plethora of security and privacy attacks. We thus develop an attack-agnostic generic countermeasure that provides broadcast authentication without violating any common-sense deployment constraints. Finally, we design a practical countermeasure for mitigating the side-channel attacks in the paging procedure without breaking the backward compatibility.</div> Computer System Security Networking and Communications Cellular Networks security threats Privacy 4G LTE 5G NR Side Channel Attacks Defenses
13	Towards More Scalable and Practical Program Synthesis Yanjun Wang (12240227) 29 April 2022 (has links) <p>Program synthesis aims to generate programs automatically from user-provided specifications and has the potential to aid users in real-world programming tasks from different domains. Although there have been great achievements of synthesis techniques in specific domains such as spreadsheet programming, computer-aided education and software engineering, there still exist huge barriers that keep us from achieving scalable and practical synthesis tools.</p> <p><br></p> <p>This dissertation presents several techniques towards more scalable and practical program synthesis from three perspectives: 1) intention: Writing formal specification for synthesis is a major barrier for average programmers. In particular, in some quantitative synthesis scenarios (such as network design), the first challenge faced by users is expressing their optimization targets. To address this problem, we present comparative synthesis, an interactive synthesis framework that learns near optimal programs through comparative queries, without explicitly specified optimization targets. 2) invention: Synthesis algorithms are key to pushing the performance limit of program synthesis. Aiming to solve syntax-guided synthesis problems efficiently, we introduce a cooperative synthesis technique that combines the merits of enumerative and deductive synthesis. 3) adaptation: Besides functional correctness, quality of generated code is another important aspect. Towards automated provably-correct optimization over tree traversals, we propose a stack-based representation for iterations in tree traversals and an encoding to Monadic Second-Order logic over trees, which enables reasoning about tree traversal transformations which were not possible before.</p> Programming Languages Networking and Communications Automatic Programming Program Synthesis Automated Reasoning Syntax-Guided Synthesis Tree Traversals Traffic Engineering
14	Long-Range High-Throughput Wireless Communication Using Microwave Radiation Across Agricultural Fields Paul Christian Thieme (8151186) 19 December 2019 (has links) Over the past three decades, agricultural machinery has made the transition from purely mechanical systems to hybrid machines, reliant on both mechanical and electronic systems. A this transformation continues, the most modern agricultural machinery uses networked systems that require a network connection to function to their full potential. In rural areas, providing this network connection has proven difficult. Obstacles, distance from access points, and incomplete coverage of cellular connection are all challenges to be overcome. “Off the shelf” commercial-grade Wi-Fi equipment, including many products from Ubiquiti like the Bullet M2 transceiver and the PowerBeam point-to-point linking system, as well as antennas by Terrawave, Crane, and Hawking, were installed in a purpose-built system which could be implemented on a production farm. This system consisted of a tower-mounted access point which used an antenna with a 65<sup>o</sup> beamwidth, and the test included distances up to 1150 meters in an agricultural setting with corn and soybeans. Some sensors were stationary and the other platform was a tractor following a path around the farm with both 8dBi and 15dBi gain antennas. Through all tests, throughput never dropped below 5 Mb/s, and the latency of successful connections never exceeded 20ms. Packets were rarely dropped and never accounted for a significant portion of all packet transmission attempts. Environmental effects like immediate precipitation, crop heights, recent rainfall, and ambient temperature had little or no effect on wireless network characteristics. As a result, it was proven that as long as line-of-sight was maintained, reliable wireless connectivity could be achieved despite varying conditions using microwave radiation. Network throughput was marginally affected by the change in free space path loss due to increased distance between the access point and the client, as well as travel by the mobile client outside the beamwidth of the access point. By enabling this coverage, it is hoped that the implementation of new agricultural technology utilizing a live network connection will progress more rapidly. Agricultural Engineering Networking and Communications Computer Communications Networks Data Communications Wireless Communications RF Communcations Communication Microwave Wi-Fi Agricultural Wireless Long-Range Communication
15	Software-defined Buffer Management and Robust Congestion Control for Modern Datacenter Networks Danushka N Menikkumbura (12208121) 20 April 2022 (has links) <p> Modern datacenter network applications continue to demand ultra low latencies and very high throughputs. At the same time, network infrastructure keeps achieving higher speeds and larger bandwidths. We still need better network management solutions to keep these two demand and supply fronts go hand-in-hand. There are key metrics that define network performance such as flow completion time (the lower the better), throughput (the higher the better), and end-to-end latency (the lower the better) that are mainly governed by how effectively network application get their fair share of network resources. We observe that buffer utilization on network switches gives a very accurate indication of network performance. Therefore, network buffer management is important in modern datacenter networks, and other network management solutions can be efficiently built around buffer utilization. This dissertation presents three solutions based on buffer use on network switches.</p> <p> This dissertation consists of three main sections. The first section is on a specification language for buffer management in modern programmable switches. The second section is on a congestion control solution for Remote Direct Memory Access (RDMA) networks. The third section is on a solution to head-of-the-line blocking in modern datacenter networks.</p> Computer System Architecture Networking and Communications Switch Buffering Architectures Network Programmability Datacenter Networks Congestion Control Remote Direct Memory Access (RDMA) Head-of-line Blocking Routing Deadlocks
16	ENHANCING SECURITY IN DOCKER WEB SERVERS USING APPARMOR AND BPFTRACE Avigyan Mukherjee (15306883) 19 April 2023 (has links) <p>Dockerizing web servers has gained significant popularity due to its lightweight containerization approach, enabling rapid and efficient deployment of web services. However, the security of web server containers remains a critical concern. This study proposes a novel approach to enhance the security of Docker-based web servers using bpftrace to trace Nginx and Apache containers under attack, identifying abnormal syscalls, connections, shared library calls, and file accesses from normal ones. The gathered metrics are used to generate tailored AppArmor profiles for improved mandatory access control policies and enhanced container security. BPFtrace is a high-level tracing language allowing for real-time analysis of system events. This research introduces an innovative method for generating AppArmor profiles by utilizing BPFtrace to monitor system alerts, creating customized security policies tailored to the specific needs of Docker-based web servers. Once the profiles are generated, the web server container is redeployed with enhanced security measures in place. This approach increases security by providing granular control and adaptability to address potential threats. The evaluation of the proposed method is conducted using CVE’s found in the open source literature affecting nginx and apache web servers that correspond to the classification system that was created. The Apache and Nginx containers was attacked with Metasploit, and benchmark tests including ltrace evaluation in accordance with existing literature were conducted. The results demonstrate the effectiveness of the proposed approach in mitigating security risks and strengthening the overall security posture of Docker-based web servers. This is achieved by limiting memcpy and memset shared library calls identified using bpftrace and applying rlimits in 9 AppArmor to limit their rate to normal levels (as gauged during testing) and deny other harmful file accesses and syscalls. The study’s findings contribute to the growing body of knowledge on container security and offer valuable insights for practitioners aiming to develop more secure web server deployments using Docker. </p> Data security and protection System and network security Networking and communications Docker security Webserver Containerization
17	System Support for Next-Gen Mobile Applications Jiayi Meng (16512234) 10 July 2023 (has links) <p>Next-generation (Next-Gen) mobile applications, Extended Reality (XR), which encompasses Virtual/Augmented/Mixed Reality (VR/AR/MR), promise to revolutionize how people interact with technology and the world, ushering in a new era of immersive experiences. However, the hardware capacity of mobile devices will not grow proportionally with the escalating resource demands of the mobile apps due to their battery constraint. To bridge the gap, edge computing has emerged as a promising approach. It is further boosted by emerging 5G cellular networks, which promise low latency and high bandwidth. However, realizing the full potential of edge computing faces several fundamental challenges.</p> <p><br></p> <p>In this thesis, we first discuss a set of fundamental design challenges in supporting Next-Gen mobile applications via edge computing. These challenges extend across the three key system components involved — mobile clients, edge servers, and cellular networks. We then present how we address several of these challenges, including (1) how to coordinate mobile clients and edge servers to achieve stringent QoE requirements for Next-Gen apps; (2) how to optimize energy consumption of running Next-Gen apps on mobile devices to ensure long-lasting user experience; and (3) how to model and generate control-plane traﬃc of cellular networks to enable innovation on mobile network architectural design to support Next-Gen apps not only over 4G but also over 5G and beyond.</p> <p><br></p> <p>First, we present how to optimize the latency in edge-assisted XR system via the mobile-client and edge-server co-design. Speciﬁcally, we exploit key insights about frame similarity in VR to build the first multiplayer edge-assisted VR design, Coterie. We demonstrate that compared with the prior work on single-player VR, Coterie reduces the per-player network load by 10.6X−25.7X, and can easily support 4 players for high-quality VR apps on Pixel 2 over 802.11ac running at 60 FPS and under 16ms responsiveness without exhausting the finite wireless bandwidth.</p> <p><br></p> <p>Second, we focus on the energy perspective of running Next-Gen apps on mobile devices. We study a major limitation of a classic and de facto app energy management technique, reactive energy-aware app adaptation, which was first proposed two decades ago. We propose, design, and validate a new solution, the first proactive energy-aware app adaptation, that eﬀectively tackles the limitation and achieves higher app QoE while meeting a given energy drain target. Compared with traditional approaches, our proactive solution improves the QoE by 44.8% (Pixel 2) and 19.2% (Moto Z3) under low power budget.</p> <p><br></p> <p>Finally, we delve into the third system component, cellular networks. To facilitate innovation in mobile network architecture to better support Next-Gen apps, we characterize and model the control-plane traffic of cellular networks, which has been mostly overlooked by prior work. To model the control-plane traffic, we first prove that traditional probability distributions that have been widely used for modeling Internet traffic (e.g., Poisson, Pareto, and Weibull) cannot model the control-plane traffic due to the much higher burstiness and longer tails in the cumulative distributions of the control-plane traffic. We then propose a two-level state-machine-based traffic model based on the Semi-Markov model. We finally validate that the synthesized traces by using our model achieve small differences compared with the real traces, i.e., within 1.7%, 4.9% and 0.8%, for phones, connected cars, and tablets, respectively. We also show that our model can be easily adjusted from LTE to 5G, enabling further research on control-plane design and optimization for 4G/5G and beyond.</p> Energy-efficient computing Mobile computing Networking and communications Performance evaluation Virtual and mixed reality Edge Computing LTE 5G Virtual Reality Augmented Reality Mixed Reality Energy Traffic Modeling
18	SUPPORTING DATA CENTER AND INTERNET VIDEO APPLICATIONS WITH STRINGENT PERFORMANCE NEEDS: MEASUREMENTS AND DESIGN Ehab Mohammad Ghabashneh (18257911) 28 March 2024 (has links) <p dir="ltr">Ensuring a high quality of experience for Internet applications is challenging owing to the significant variability (e.g., of traffic patterns) inherent to both cloud data-center networks and wide area networks. This thesis focuses on optimizing application performance by both conducting measurements to characterize traffic variability, and designing applications that can perform well in the face of variability. On the data center side, a key aspect that impacts performance is traffic burstiness at fine granular time scales. Yet, little is know about traffic burstiness and how it impacts application loss. On the wide area side, we focus on video applications as a major traffic driver. While optimizing traditional videos traffic remains a challenge, new forms of video such as 360◦ introduce additional challenges such as respon- siveness in addition to the bandwidth uncertainty challenge. In this thesis, we make three contributions.</p><p dir="ltr"><b>First</b>, for data center networks, we present Millisampler, a lightweight network traffic char- acterization tool for continual monitoring which operates at fine configurable time scales, and deployed across all servers in a large real-world data center networks. Millisampler takes a host-centric perspective to characterize traffic across all servers within a data center rack at the same time. Next, we present data-center-scale joint analysis of burstiness, contention, and loss. Our results show (i) bursts are likely to encounter contention; (ii) contention varies significantly over short timescales; and (iii) higher contention need not lead to more loss, and the interplay with workload and burst properties matters.</p><p dir="ltr"><b>Second</b>, we consider challenges with traditional video in wide area networks. We take a step towards understanding the interplay between Content-Delivery-Networks (CDNs), and video performance through end-to-end measurements. Our results show that (i) video traffic in a session can be sourced from multiple CDN layers, and (ii) throughput can vary signifi- cantly based on the traffic source. Next we evaluate the potential benefits of exposing CDN information to the client Adaptive-Bit-Rate (ABR) algorithm. Emulation experiments show the approach has the potential to reduce prediction inaccuracies, and enhance video quality of experience (QoE).</p><p dir="ltr"><b>Third</b>, for 360◦ videos, we argue for a new streaming model which is explicitly designed for continuous, rather than stalling, playback to preserve interactivity. Next, we propose Dragonfly, a new 360° system that leverages the additional degrees of freedom provided by this design point. Dragonfly proactively skips tiles (i.e., spatial segment of the video) using a model that defines an overall utility function that captures factors relevant to user experience. We conduct a user study which shows that majority of interactivity feedback indicating Dragonfly being highly reactive, while the majority of state-of-the-art’s feedback indicates the systems are slow to react. Further, extensive emulations show Dragonfly improves the image quality significantly without stalling playback.</p> Networking and communications Network Systems Computer Networks Adaptive Bitrate Algorithms Video Streaming Data Center Networks Content Delivery Networks Internet Videos 360˚ Videos
19	NETWORK-AWARE FEDERATED LEARNING ACROSS HIGHLY HETEROGENEOUS EDGE/FOG NETWORKS Su Wang (17592381) 09 December 2023 (has links) <p dir="ltr">The parallel growth of contemporary machine learning (ML) technologies alongside edge/-fog networking has necessitated the development of novel paradigms to effectively manage their intersection. Specifically, the proliferation of edge devices equipped with data generation and ML model training capabilities has given rise to an alternative paradigm called federated learning (FL), moving away from traditional centralized ML common in cloud-based networks. FL involves training ML models directly on edge devices where data are generated.</p><p dir="ltr">A fundamental challenge of FL lies in the extensive heterogeneity inherent to edge/fog networks, which manifests in various forms such as (i) statistical heterogeneity: edge devices have distinct underlying data distributions, (ii) structural heterogeneity: edge devices have diverse physical hardware, (iii) data quality heterogeneity: edge devices have varying ratios of labeled and unlabeled data, and (iv) adversarial compromise: some edge devices may be compromised by adversarial attacks. This dissertation endeavors to capture and model these intricate relationships at the intersection of FL and highly heterogeneous edge/fog networks. To do so, this dissertation will initially develop closed-form expressions for the trade-offs between ML performance and resource cost considerations within edge/fog networks. Subsequently, it optimizes the fundamental processes of FL, encompassing aspects such as batch size control for stochastic gradient descent (SGD) and sampling for global aggregations. This optimization is jointly formulated with networking considerations, which include communication resource consumption and device-to-device (D2D) cooperation.</p><p dir="ltr">In the former half of the dissertation, the emphasis is first on optimizing device sampling for global aggregations in FL, and then on developing a self-sufficient hierarchical meta-learning approach for FL. These methodologies maximize expected ML model performance while addressing common challenges associated with statistical and system heterogeneity. Novel techniques, such as management of D2D data offloading, adaptive CPU clock cycle control, integration of meta-learning, and much more, enable these methodologies. In particular, the proposed hierarchical meta-learning approach enables rapid integration of new devices in large-scale edge/fog networks.</p><p dir="ltr">The latter half of the dissertation directs its ocus towards emerging forms of heterogeneity in FL scenarios, namely (i) heterogeneity in quantity and quality of local labeled and unlabeled data at edge devices and (ii) heterogeneity in terms of adversarially comprised edge devices. To deal with heterogeneous labeled/unlabeled data across edge networks, this dissertation proposes a novel methodology that enables multi-source to multi-target federated domain adaptation. This proposed methodology views edge devices as sources – devices with mostly labeled data that perform ML model training, or targets - devices with mostly unlabeled data that rely on sources’ ML models, and subsequently optimizes the network relationships. In the final chapter, a novel methodology to improve FL robustness is developed in part by viewing adversarial attacks on FL as a form of heterogeneity.</p> Networking and communications
20	Privacy and Security Enhancements for Tor Arushi Arora (18414417) 21 April 2024 (has links) <p dir="ltr">Privacy serves as a crucial safeguard for personal autonomy and information, enabling control over personal data and space, fostering trust and security in society, and standing as a cornerstone of democracy by protecting against unwarranted interference. This work aims to enhance Tor, a volunteer-operated network providing privacy to over two million users, by improving its programmability, security, and user-friendliness to support wider adoption and underscore the importance of privacy in protecting individual rights in the digital age.</p><p dir="ltr">Addressing Tor's limitations in adapting to new services and threats, this thesis introduces programmable middleboxes, enabling users to execute complex functions on Tor routers to enhance anonymity, security, and performance. This architecture, called Bento, is designed to secure middleboxes from harmful functions and vice versa, making Tor more flexible and efficient.</p><p dir="ltr">Many of the attacks on Tor's anonymity occur when an adversary can intercept a user’s traffic; it is thus useful to limit how much of a user's traffic can enter potentially adversarial networks. We tackle the vulnerabilities of onion services to surveillance and censorship by proposing DeTor<sub>OS</sub>, a Bento function enabling geographic avoidance for onion services- which is challenging since no one entity knows the full circuit between user and onion service, providing a method to circumvent adversarial regions and enhance user privacy.</p><p dir="ltr">The final part focuses on improving onion services' usability and security. Despite their importance, these services face high latency, Denial of Service (DoS) and deanonymization attacks due to their content. We introduce CenTor, a Content Delivery Network (CDN) for onion services using Bento, offering replication, load balancing, and content proximity benefits. Additionally, we enhance performance with multipath routing strategies through uTor, balancing performance and anonymity. We quantitatively analyze how geographical-awareness for an onion service CDN and its clients could impact a user’s anonymity- performance versus security tradeoff. Further, we evaluate CenTor on the live Tor network as well as large-scale Shadow simulations.</p><p dir="ltr">These contributions, requiring no changes to the Tor protocol, represent significant advancements in Tor's capabilities, performance, and defenses, demonstrating potential for immediate benefits to the Tor community.</p> System and network security Networking and communications Privacy and data rights tor anonymity networks privacy usability and security programmable networks onion services CDN censorship anonymity NFV

Search results