Upload
rudolph-owen
View
222
Download
7
Tags:
Embed Size (px)
Citation preview
Networks Research Group
Prof. Mark Handley
Department of Computer Science
Nets Faculty: Interests & Accomplishments
PhDs from Cambridge, Harvard, MIT, Queen Mary, UCL
Internet standards activity(30+ standards including SIP)
Brought the first Internet link to Europe
Research contributions in: congestion control, distributed systems, mobility, multimedia, routing, scheduling, security, wireless networks.
Wedge: Making Networked Applications more Resilient to
Attack
Andrea Bittau, Petr MarchenkoMark Handley, and Brad Karp
Software vulnerability reports per year
As one-off defenses are released, new vulnerability categories emerge
Source: Open source vulnerability database (osvdb.org)
Two systems security principles
Compartmentalization:Divide system intosubsystems that failindependently
Least privilege:Each subsystem should only have access to read/modify data needed for its job
Problem: Lack of compartmentalization
Monolithic process must invoke SSL, so must hold RSA private key in memory
Single, monolithic address space: any code can access all memory
Apache web server
Internet
requestparse
r
HACKED!private key
Wedge: Compartments improve security
Crowbar, a run-time instrumentation tool: Measures memory access behavior of code running
on real, non-malicious workloads Informs programmer of memory permissions code
requires on these workloads OS primitives for Linux:
Fine-grained tagging of memory Explicit assignment of per-tag permissions to
threads
requestparsergen_session_key
(~200 LoC)
memory protection
memory protection
InternetHACKE
D!private key
Cone of Silence: Nulling Interference for Higher-
Throughput Wireless Networks
Yiorgos Nikolaidis, Astrit Zhushi, Kyle Jamieson, and Brad Karp
The 802.11 (WiFi) “success disaster”
Limits of omnidirectional antennas
Interference from other senders is typically the limiting factor
Receiver can only decode Sender’s packet when Sender is sufficiently stronger than Interferer
Interferer
Receiver
Sender
The promise of directional antennas
InterfererReceiver
Sender
OK!
Our approach: Cone of Silence (CoS)
Phased arrays: Long used in radar systems; newly available for 802.11
Receiver shapes beam to maximize SIR Receiver balances between nulling toward
interferer, directing gaintoward sender
Explicitly measure S andI to account formulti-path propagation
Multipath TCP: Utilizing the natural resilience of the
Internet
Mark Handley, Damon Wischik, Costin Raiciu, Christoper Plunkte
Multipath traffic control, or, why peer-to-peer will balance the Internet
Why does my phone have to choose between connections?
What if it could use several connections at the same time?
Mb/s on wifi alone
Mb/s on 3G alone
Mb/s with multipath
At my desk. Good wifi reception,
poor 3G.
Go downstairs to make coffee. Wifi fails. 3G is good.
In the kitchen. Wifi is OK, 3G
is good.
We’ve implemented multipath extensions for TCP.
But is it safe?
If everyone greedily takes all the bandwidth they want, the Internet will collapse, like it did in 1988.
If everyone is restrained in the total bandwidth they use, but everyone greedily shifts all his/her traffic onto the best path, the Internet will “flap”.
Need to guarantee it is safe to deploy.
Not only is it safe, it’s the natural evolution of the Internet.
Before the Internet, networks used to split links into “circuits”, e.g. one circuit per telephone call.
One of the big ideas of the Internet was to use packets, not circuits, to carry data. This lets users take more bandwidth on a link as they need it — but relies on them to share fairly.
Our algorithm extends the idea of “fair sharing as needed” from links to networks.
Build your own Internet
Trend: Opening the network up to innovation Software routers, software-defined radios,
peer-to-peer networks Result: New ways of communicating