NOISE

Network Operations and Internet Security @ UChicago


Leave a comment

Arpit Gupta Speaks about SDX at NANOG 59

Arpit Gupta spoke about a Software-Defined Internet Exchange at NANOG 59 in Phoenix, Arizona.  An abstract for the talk is below. See Arpit’s talk slides here.

Abstract: Deploying software-defined networking (SDN) at Internet Exchange Points (IXPs) offers new hope for solving longstanding problems in interdomain routing. SDN allows direct expression of more flexible policies, and IXPs are central rendezvous points that are in the midst of a rebirth, making them a natural place to start. We present the design of an SDN exchange point (SDX) that enables much more expressive policies than conventional hop-by-hop, destination-based forwarding. ISPs can apply many diverse actions on packets based on multiple header fields, and distant networks can exercise “remote control” over packet handling. This flexibility enables applications such as inbound traffic engineering, redirection of traffic to middleboxes, wide-area server load balancing, and blocking of unwanted traffic. Supporting these applications requires effective ways to combine the policies of multiple ISPs. Our SDX controller provides each ISP the abstraction of its own virtual switch and sequentially composes the policies of different ISPs into a single set of rules in the physical switches. Preliminary experiments on our operational SDX demonstrate the potential for changing interdomain routing from the inside out.


Leave a comment

Study Comparing Fixed and Mobile Broadband in South Africa to Appear at ACM DEV

A study led by Marshini Chetty and Srikanth Sundaresan will appear at the Fourth Annual Symposium on Computing for Development (ACM DEV) this coming December.  The study presents the results of a performance study of fixed and mobile broadband performance from five mobile providers and nine fixed-line providers across all nine provinces in South Africa in 2013.

The study involved the deployment of the BISmark performance measurement software on home routers across the country, as well as a widespread deployment of the MySpeedTest Android cellular performance measurement software.  The paper’s results include the following:

  • Performance consistently underperforms with respect to advertised rates
  • Mobile broadband consistently achieves higher throughput than fixed broadband
  • (Bad) peering can introduce significant latency, introduce fragility in times of failure (e.g., fiber cut).  (See Srikanth and Nick’s blog post for more detailed coverage of this phenomenon.)

We are continuing to collect performance data in South Africa and are in the process of replicating and expanding this study in other countries in Africa.  The plot below shows some summary data of download throughput from ISPs across Africa from May 1 through today (September 18, 2013).  You can explore the data for the fixed-line South African deployment more at BISmark’s Network Dashboard (developed by Alfred Roberts).

ISP Throughput in South Africa


Leave a comment

Sarthak Grover Presents on Home Network Security at Ubicomp Workshop

Sarthak Grover presented a new system built on BISmark for detecting malware in home networks at Ubicomp.  The current system, called Panoptes, tracks DNS lookups from hosts inside a home and compares the DNS lookups against a blacklist on the router.   The system then notifies the user if the DNS lookups suggest the presence of malware on a device in the home.

The system significantly enhances the capabilities of existing systems for providing security in home networks, building on deployed products such as Comcast’s Constant Guard service.  He and Yogesh Mundada are currently working with Comcast on designing an SDN-based system that builds on this design, called SAZO, as part of a larger field deployment.  More to come on SAZO in the future!

sarthak_poster_for_homesys2


Leave a comment

Software Defined Security: Data Leak Prevention System to Appear at ACSAC

Yogesh Mundada and Anirudh Ramachandran‘s SilverLine system was accepted to the 2013 Annual Computer Security Applications Conference (ACSAC).  SilverLine is an SDN-based system that protects against data leaks from multi-tier Web applications that access sensitive data but are nonetheless vulnerable to various attacks such as SQL injection and insecure direct object reference that might ultimately leak sensitive data.

SilverLine Architecture

In SilverLine, an application developer who writes a Web application can apply security labels to data in a database.  When a Web application issues a query against the database to retrieve data, the query is rewritten so that the records include security labels.  All network connections associated with that result are also associated with both labels and the intended recipient of the data.  A declassifier (a special SDN controller) inspects the security labels associated with each flow and determines whether to allow the flow based on the recipient of the data and the security labels associated with that flow.

SilverLine is one of the first systems to step into the space of Software Defined Security.  Congratulations to Yogesh and Anirudh on this pioneering effort!  An abstract of the work is below.

SilverLine: Preventing Data Leaks from Compromised Web Applications 
Yogesh Mundada, Anirudh Ramachandran, Nick Feamster
Web applications can have vulnerabilities that result in server- side data leaks. Securing sensitive data from Web applications while ensuring reasonable performance and without requiring developers to rewrite applications is challenging. We present SilverLine, which prevents data leaks from compromised Web applications. SilverLine uses login information to associate a user with each Web session; it then taints each file and database record applies information-flow tracking to the data associated with each session to ensure that application data is released only to sessions of authorized users. We have implemented SilverLine on Linux; our implementation demonstrates that SilverLine can protect a PHP-based Web application from many of the most common server-side Web application attacks, with only minor application modifications and reasonable performance overhead.


Leave a comment

New Measurement/Policy Brief: Mobile and Fixed Broadband in South Africa

How do mobile and fixed broadband stack up in South Africa?

Unlike in more developed nations, where fixed-line broadband connectivity is the predominant form of broadband access, in South Africa, mobile broadband is predominant. Mobile broadband connectivity is also both cheaper and faster than fixed-line connectivity.   Unfortunately, our study using a BISmark testbed deployment in South Africa shows that wireless is inherently less stable than fixed broadband technologies such as XDSL and fibre and the implications of not having ubiquitous, reliable always-on high-speed connectivity for the economy and global competitiveness are serious.

For a detailed description about the methods applied for measuring broadband performance, download the policy paper draft that we co-authored with Research ICT Africa for comments on investigating broadband performance in South Africa 2013. (Comments welcome!)


Leave a comment

Feamster Gives Talk on Coursera SDN MOOC Experience

Professor Feamster gave a talk at the University of Cape Town on his experiences with designing and running the first-ever university-level course on Software Defined Networking, which was also a Coursera Massive Open Online Course (MOOC).

In the talk, Nick offers several insights and thoughts about MOOCs, including why certain aspects of teaching a large MOOC are, in fact, easier than teaching a small classroom course.

Slides from the talk are available here: A ReMOOCable Experience: Teaching Networking to the Masses from Nick Feamster

Update: See the interview with Nick in TechTarget on his experiences preparing the SDN MOOC.


1 Comment

Home Networking and DNS Security Papers Accepted to Internet Measurement Conference

Project BISmark

Our research group has had three long papers accepted at the ACM SIGCOMM Internet Measurement Conference this October in Berlin, Germany.  Two of the papers are on studying the performance and usage of home networks.  A third paper is on the security of the Internet’s domain name system.  The draft abstracts of the papers are below.  We are very well represented (seven students, and one alum, Nazanin, who is now at Cisco).

There were only 25 long papers accepted at IMC, so we are very well-represented in the program.

Congrats to Sarthak, Srikanth, Shuang, Mi Seon, Sam, Joon, Bharath, and Nazanin!

Peeking Behind the NAT: An Empirical Study of Home Networks
Sarthak Grover (Georgia Institute of Technology)
Mi Seon Park (Georgia Institute of Technology)
Srikanth Sundaresan (Georgia Institute of Technology)
Sam Burnett (Georgia Institute of Technology)
Hyojoon Kim (Georgia Institute of Technology)
Bharath Ravi (Georgia Institute of Technology)
Nick Feamster (Georgia Institute of Technology)

We present the first empirical study of home network availability, infrastructure, and usage, using data collected from home networks around the world. In each home, we deploy a router with custom firmware to collect information about the availability of home broadband network connectivity, the home network infrastructure (including the wireless connectivity in each home network and the number of devices connected to the network), and how people in each home network use the network. Outages are more frequent and longer in developing countries—sometimes due to the network, and in other cases because they simply turn their home router off. We also find that some portions of the wireless spectrum are extremely crowded, that diurnal patterns are more pronounced during the week, and that most traffic in home networks is exchanged over a few connections to a small number of domains. Our study is both a preliminary view into many home networks and an illustration of how measurements from a home router can yield significant information about home networks.

Measuring and Mitigating Web Performance Bottlenecks in Broadband Access Networks
Srikanth Sundaresan (Georgia Institute of Technology)
Nick Feamster (Georgia Institute of Technology)
Renata Teixeira (CNRS/UPMC Sorbonne Universites)
Nazanin Magharei (Cisco Systems)

We measure Web performance bottlenecks in home broadband access networks and evaluate ways to mitigate these bottlenecks with caching in home networks. We first measure Web performance bottlenecks to nine popular Web sites from more than 5,000 broadband access networks and demonstrate that when the downstream throughput of the access link exceeds about 16 Mbits/s, latency is the main bottleneck for Web page load time. Next, we use a router-based Web measurement tool, Mirage, to deconstruct Web page load time into its constituent components (DNS lookup, TCP connection setup, object download) and show that simple latency optimizations can yield significant improvements in overall page load times. We then present a case for placing a cache in the home network and deploy three common optimizations: DNS caching, TCP connection caching, and content caching. We show that just caching DNS and TCP connections can can yield significant improvements in page load time, and even user’s browser is already performing similar independent optimizations. Finally, we use traces from real homes to demonstrate how popularity-based prefetching of DNS and TCP connections in a home-router cache can achieve faster page load times in home networks.

Understanding the Domain Registration Behavior of Spammers
Shuang Hao (Georgia Institute of Technology)
Matthew Thomas (Verisign, Inc.)
Vern Paxson (ICSI & UC Berkeley)
Nick Feamster (Georgia Institute of Technology)
Christian Kreibich (ICSI)
Chris Grier (ICSI)
Scott Hollenbeck (Verisign, Inc.)

Spammers register tremendous number of domains to evade blacklisting and takedown efforts. Current techniques to detect such domains rely on crawling spam URLs or monitoring lookup traffic. Such detection triggers after the spammers have already launched their campaigns, and thus these countermeasures may only come into play after the spammer has already reaped significant benefits from the dissemination of large volumes of spam. In this paper we examine the registration process of such domains, with a particular eye towards features that might indicate directly at registration time that a given domain likely has a malicious purpose. Our assessment includes exploring the characteristics of registrars, domain life cycles, registration bursts, and naming patterns. By investigating zone changes from the .com TLD over a 5-month period, we discover that spammers employ bulk registration, often re-use domains previously registered by others, and tend to register and host their domains over a small set of registrars. Our findings suggest a number of steps that registries and/or registrars could employ to crimp the ease with which miscreants acquire domains in bulk, thus potentially increasing their costs and reducing their agility for large-scale attacks.


Leave a comment

Internet2 Innovation Award on SDN Internet Exchanges

Congratulations to Muhammad Shahbaz and Arpit Gupta, winners of a new Internet2 Internet Innovation award.

Internet2 recently announced the winners of its 2013 Innovative Application Awards program. Each finalist was awarded a $10K grant to support their work building applications using Software Defined Networking (SDN) that solve the challenges faced by research, education and business networks. We are excited to recognize that two of the eight winning proposals were written by current Georgia Tech PhD students.
Muhammad Shahbaz and Arpit Gupta are working with their advisor Nick Feamster and Russ Clark, Ron Hutchins and others to build a working, commercial Internet exchange in Atlanta based on SDN technology that will finally address some of the shortcomings of BGP.
 Shahbaz and Arpit are working with Russ Clark, Ron Hutchins, and others from ColoATL to build an Internet exchange downtown at 55 Marietta Street based on SDN technology.  A preliminary deployment is already in place, and Arpit and Shahbaz are spending the summer building an SDN controller for the exchange and several new interdomain routing applications.  We’re finally giving BGP a run for its money!
Read the full press release here.

SDX March 2013


Leave a comment

Prof. Feamster offers SDN Course on Coursera

Nick Feamster is teaching a course on SDN on Coursera this summer.

About the Course

This course introduces software defined networking, an emerging paradigm in computer networking that allows a logically centralized software program to control the behavior of an entire network.

Separating a network’s control logic from the underlying physical routers and switches that forward traffic allows network operators to write high-level control programs that specify the behavior of an entire network, in contrast to conventional networks, whereby network operators must codify functionality in terms of low-level device configuration.

Logically centralized network control makes it possible for operators to specify more complex tasks that involve integrating many disjoint network functions (e.g., security, resource control, prioritization) into a single control framework, allowing network operators to create more sophisticated policies, and making network configurations easier to configure, manage, troubleshoot, and debug.

The course starts on June 24 and runs for six weeks.