Networks Research Group

Prof. Mark Handley

Department of Computer Science

Nets Faculty: Interests & Accomplishments

PhDs from Cambridge, Harvard, MIT, Queen Mary, UCL

Internet standards activity(30+ standards including SIP)

Brought the first Internet link to Europe

Research contributions in: congestion control, distributed systems, mobility, multimedia, routing, scheduling, security, wireless networks.

Wedge: Making Networked Applications more Resilient to

Attack

Andrea Bittau, Petr MarchenkoMark Handley, and Brad Karp

Software vulnerability reports per year

As one-off defenses are released, new vulnerability categories emerge

Source: Open source vulnerability database (osvdb.org)

Two systems security principles

Compartmentalization:Divide system intosubsystems that failindependently

Least privilege:Each subsystem should only have access to read/modify data needed for its job

Problem: Lack of compartmentalization

Monolithic process must invoke SSL, so must hold RSA private key in memory

Single, monolithic address space: any code can access all memory

Apache web server

Internet

requestparse

r

HACKED!private key

Wedge: Compartments improve security

Crowbar, a run-time instrumentation tool: Measures memory access behavior of code running

on real, non-malicious workloads Informs programmer of memory permissions code

requires on these workloads OS primitives for Linux:

Fine-grained tagging of memory Explicit assignment of per-tag permissions to

threads

requestparsergen_session_key

(~200 LoC)

memory protection

memory protection

InternetHACKE

D!private key

Cone of Silence: Nulling Interference for Higher-

Throughput Wireless Networks

Yiorgos Nikolaidis, Astrit Zhushi, Kyle Jamieson, and Brad Karp

The 802.11 (WiFi) “success disaster”

Limits of omnidirectional antennas

Interference from other senders is typically the limiting factor

Receiver can only decode Sender’s packet when Sender is sufficiently stronger than Interferer

Interferer

Receiver

Sender

The promise of directional antennas

InterfererReceiver

Sender

OK!

Our approach: Cone of Silence (CoS)

Phased arrays: Long used in radar systems; newly available for 802.11

Receiver shapes beam to maximize SIR Receiver balances between nulling toward

interferer, directing gaintoward sender

Explicitly measure S andI to account formulti-path propagation

Multipath TCP: Utilizing the natural resilience of the

Internet

Mark Handley, Damon Wischik, Costin Raiciu, Christoper Plunkte

Multipath traffic control, or, why peer-to-peer will balance the Internet

Why does my phone have to choose between connections?

What if it could use several connections at the same time?

Mb/s on wifi alone

Mb/s on 3G alone

Mb/s with multipath

At my desk. Good wifi reception,

poor 3G.

Go downstairs to make coffee. Wifi fails. 3G is good.

In the kitchen. Wifi is OK, 3G

is good.

We’ve implemented multipath extensions for TCP.

But is it safe?

If everyone greedily takes all the bandwidth they want, the Internet will collapse, like it did in 1988.

If everyone is restrained in the total bandwidth they use, but everyone greedily shifts all his/her traffic onto the best path, the Internet will “flap”.

Need to guarantee it is safe to deploy.

Not only is it safe, it’s the natural evolution of the Internet.

Before the Internet, networks used to split links into “circuits”, e.g. one circuit per telephone call.

One of the big ideas of the Internet was to use packets, not circuits, to carry data. This lets users take more bandwidth on a link as they need it — but relies on them to share fairly.

Our algorithm extends the idea of “fair sharing as needed” from links to networks.

Build your own Internet

Trend: Opening the network up to innovation Software routers, software-defined radios,

peer-to-peer networks Result: New ways of communicating