School of Computer Science Technical Report Series

Series Type
Publication Series
Associated Organization(s)
Associated Organization(s)
Organizational Unit
Organizational Unit

Publication Search Results

Now showing 1 - 10 of 24
  • Item
    FlowQoS: Per-Flow Quality of Service for Broadband Access Networks
    (Georgia Institute of Technology, 2015) Seddiki, M. Said ; Shahbaz, Muhammad ; Donovan, Sean ; Grover, Sarthak ; Park, Miseon ; Feamster, Nick ; Song, Ye-Qiong
    In broadband access networks, one application may compete for the bandwidth of other applications, thus degrading overall performance. One solution to this problem is to allocate bandwidth to competing flows based on the application type at the gateway of the home network. Unfortunately, application-based quality of service (QoS) on a home network gateway faces significant constraints, as commodity home routers are not typically powerful enough to perform application classification, and many home users are not savvy enough to configure QoS parameters. This paper describes FlowQoS, an SDN-based approach for application-based bandwidth allocation where users can allocate upstream and downstream bandwidths for different applications at a high level, offloading application identification to an SDN controller that dynamically installs traffic shaping rules for application flows. FlowQoS has two modules: a flow classifier and an SDNbased rate limiter. We design a custom DNS-based classifier to identify different applications that run over common web ports; a second classifier performs lightweight packet inspection to classify non-HTTP traffic flows. We implement FlowQoS on OpenWrt and demonstrate that it can improve the performance of both adaptive video streaming and VoIP in the presence of active competing traffic.
  • Item
    Half-Baked Cookies: Client Authentication on the Modern Web
    (Georgia Institute of Technology, 2014) Mundada, Yogesh ; Feamster, Nick ; Krishnamurthy, Balachander ; Guha, Saikat ; Levin, Dave
    Modern websites set multiple authentication cookies during the login process to allow users to remain authenticated over the duration of a web session. Web applications use cookie-based authentication to provide different levels of access and authorization; the complexity of websites’ code and various combinations of authentication cookies that allow such access introduce potentially serious vulnerabilities. For example, an on-path attacker can trick a victim’s browser into revealing insecure authentication cookies for any site, even if the site itself is always accessed over HTTPS. Analyzing the susceptibility of websites to such attacks first requires a way to identify a website’s authentication cookies. We developed an algorithm to determine the set of cookies that serve as authentication cookies for a particular site. Using this algorithm, which we implemented as a Chrome extension, we tested 45 websites and found that an attacker can gain access to a user’s sensitive information on sites such as GoDaddy, Yahoo Search, Comcast, LiveJournal, stumbleupon, and Netflix. In cases where these sites cannot enable site-wide HTTPS, we offer recommendations for using authentication cookies that reduce the likelihood of attack. Based on these recommendations, we develop a tool, Newton, that website administrators can use to audit the security of a site’s cookie-based authentication and users can run to identify vulnerabilities at runtime.
  • Item
    SDX: A Software Defined Internet Exchange
    (Georgia Institute of Technology, 2013) Gupta, Arpit ; Shahbaz, Muhammad ; Vanbever, Laurent ; Kim, Hyojoon ; Clark, Russ ; Feamster, Nick ; Rexford, Jennifer ; Shenker, Scott
    Deploying software-defined networking (SDN) at Internet Exchange Points (IXPs) offers new hope for solving long-standing problems in interdomain routing. SDN allows direct expression of more flexible policies, and IXPs are central rendezvous points that are in the midst of a rebirth, making them a natural place to start. We present the design of an SDN exchange point (SDX) that enables much more expressive policies than conventional hop-by-hop, destination- based forwarding. ISPs can apply many diverse actions on packets based on multiple header fields, and distant networks can exercise “remote control” over packet handling. This flexibility enables applications such as inbound traffic engineering, redirection of traffic to middleboxes, wide-area server load balancing, and blocking of unwanted traffic. Supporting these applications requires effective ways to combine the policies of multiple ISPs. Our SDX controller provides each ISP the abstraction of its own virtual switch and sequentially composes the policies of different ISPs into a single set of rules in the physical switches. Preliminary experiments on our operational SDX demonstrate the potential for changing interdomain routing from the inside out.
  • Item
    Simpler Network Configuration with State-Based Network Policies
    (Georgia Institute of Technology, 2013) Kim, Hyojoon ; Gupta, Arpit ; Shahbaz, Muhammad ; Reich, Joshua ; Feamster, Nick ; Clark, Russ
    Operators make hundreds of changes to a network’s router and switch configurations every day—a painstaking, error-prone process. If the network configuration could instead encode different forwarding behavior for different network states a priori, a network controller could automatically alter forwarding behavior when conditions change. To enable this capability, we introduce state-based network policies, which describe how a network’s forwarding behavior should change in response to arbitrary network events. A state-based network policy comprises many tasks, each of which encodes the forwarding behavior for a single network management operation (e.g., intrusion detection) or part of the network (e.g., a sub-organization), and how that behavior should change when network conditions change. Composing these policies produces a network-wide control program that adapts to different operating conditions. We implement state-based network policies in a system called PyResonance and demonstrate with real-world examples and use cases that PyResonance is expressive enough to specify a wide range of network policies and simple enough for many operators to use. Our evaluation based on event traces from the Georgia Tech campus network shows that PyResonance can achieve good performance in operational settings.
  • Item
    WTF? Locating Performance Problems in Home Networks
    (Georgia Institute of Technology, 2013) Sundaresan, Srikanth ; Grunenberger, Yan ; Feamster, Nick ; Papagiannaki, Dina ; Levin, Dave ; Teixeira, Renata
    Most users of home networks have experienced the intense frustration that comes with diagnosing poor performance. Even determining something as simple as whether a performance problem lies with the ISP or somewhere in the home network is incredibly difficult; this lack of visibility results in unnecessary service calls to ISPs and a general inability to have the network perform as well as it should. In this paper, we design and develop WTF (Where’s The Fault?), a system that reliably determines whether a performance problem lies with the user’s ISP or inside the home network. The tool can also distinguish these problematic situations from the benign case when the network is simply under-utilized. WTF uses cross-layer techniques to discover signatures of various pathologies. We implemented WTF in an off-the-shelf home router; evaluated the techniques in controlled lab experiments under a variety of operating conditions; validated it in real homes where we can directly observe the home conditions and network setup; and deployed it in 30 home networks across North America. The real-world deployment sheds light on common pathologies that occur in home networks. We find, for instance, that many users purchase fast access links but experience significant (and frequent) performance bottlenecks in their home wireless network.
  • Item
    Characterizing and Mitigating Web Performance Bottlenecks in Broadband Access Networks
    (Georgia Institute of Technology, 2013) Sundaresan, Srikanth ; Magharei, Nazanin ; Feamster, Nick ; Teixeira, Renata
    We present the first large-scale analysis of Web performance bottlenecks as measured from broadband access networks, using data collected from two extensive home router deployments. We design and implement tools and methods to identify the contribution of critical factors such as DNS lookups and TCP connection establishment to Web page load times and characterize how they contribute to page load times in broadband networks. We find that, as the connection speeds of broadband networks continue to increase, other factors such as TCP connection setup time, server response time, and network latency are often dominant performance bottlenecks. Thus, realizing a “faster Web” requires not only higher download throughput, but also optimizations to reduce both client and server-side latency. We deploy three common caching optimizations inside home networks to reduce latency—content caching, TCP connection caching, and DNS caching—and evaluate their effects on the factors that contribute to page load times in broadband networks.
  • Item
    Lithium: Event-Driven Network Control
    (Georgia Institute of Technology, 2012) Kim, Hyojoon ; Voellmy, Andreas ; Burnett, Sam ; Feamster, Nick ; Clark, Russ
    This paper introduces event-driven network control, a network control framework that makes networks easier to manage by automating many tasks that must currently be performed by manually modifying low-level, distributed, and complex device configuration. We identify four policy domains that inherently capture many events: time, user, history, and traffic flow. We then present Lithium, an event-driven network control framework that can implement policies expressed using these domains. Lithium can support policies that automatically react to a wide range of events, from fluctuations in traffic volumes to changes in the time of day. Lithium allows network operators to specify networkwide policies in terms of a high-level, event-driven policy model, as opposed to configuring individual network devices with low-level commands. To show that Lithium is practical, general, and applicable in different types of network scenarios, we have deployed Lithium in both a campus network and a home network and used it to implement more flexible and dynamic network policies. We also perform evaluations to show that Lithium introduces negligible overhead beyond a conventional OpenFlow-based control framework.
  • Item
    Spam or Ham? Characterizing and Detecting Fraudulent "Not Spam" Reports in Web Mail Systems
    (Georgia Institute of Technology, 2011) Ramachandran, Anirudh ; Dasgupta, Anirban ; Feamster, Nick ; Weinberger, Kilian
    Web mail providers rely on users to “vote” to quickly and collaboratively identify spam messages. Unfortunately, spammers have begun to use large collections of compromised accounts not only to send spam, but also to vote “not spam” on many spam emails in an attempt to thwart collaborative filtering. We call this practice a vote gaming attack. This attack confuses spam filters, since it causes spam messages to be mislabeled as legitimate; thus, spammer IP addresses can continue sending spam for longer. In this paper, we introduce the vote gaming attack and study the extent of these attacks in practice, using four months of email voting data from a large Web mail provider. We develop a model for vote gaming attacks, explain why existing detection mechanisms cannot detect them, and develop new, efficient detection methods. Our empirical analysis reveals that the bots that perform fraudulent voting differ from those that send spam. We use this insight to develop a clustering technique that identifies bots that engage in vote-gaming attacks. Our method detects tens of thousands of previously undetected fraudulent voters with only a 0.17% false positive rate, significantly outperforming existing clustering methods used to detect bots who send spam from compromisedWeb mail accounts.
  • Item
    Practical Data-Leak Prevention for Legacy Applications in Enterprise Networks
    (Georgia Institute of Technology, 2011) Mundada, Yogesh ; Ramachandran, Anirudh ; Tariq, Mukarram Bin ; Feamster, Nick
    Organizations must control where private information spreads; this problem is referred to in the industry as data leak prevention. Commercial solutions for DLP are based on scanning content; these impose high overhead and are easily evaded. Research solutions for this problem, information flow control, require rewriting applications or running a custom operating system, which makes these approaches difficult to deploy. They also typically enforce information flow control on a single host, not across a network, making it difficult to implement an information flow control policy for a network of machines. This paper presents Pedigree, which enforces information flow control across a network for legacy applications. Pedigree allows enterprise administrators and users to associate a label with each file and process; a small, trusted module on the host uses these labels to determine whether two processes on the same host can communicate. When a process attempts to communicate across the network, Pedigree tracks these information flows and enforces information flow control either at end-hosts or at a network switch. Pedigree allows users and operators to specify network-wide information flow policies rather than having to specify and implement policies for each host. Enforcing information flow policies in the network allows Pedigree to operate in networks with heterogeneous devices and operating systems. We present the design and implementation of Pedigree, show that it can prevent data leaks, and investigate its feasibility and usability in common environments.
  • Item
    Which Factors Affect Access Network Performance?
    (Georgia Institute of Technology, 2010) Sundaresan, Srikanth ; Feamster, Nick ; Dicioccio, Lucas ; Teixeira, Renata
    This paper presents an analysis of the performance of residential access networks using over four months of round-trip, download, and upload measurements from more than 7,000 users across four ADSL and cable providers in France. Previous studies have characterized residential access network performance, but this paper presents the first study of how access network performance relates to other factors, such as choice of access provider, service-level agreement, and geographic location. We first explore the extent to which user performance matches the capacity advertised by an access provider, and whether the ability to achieve this capacity depends on the user’s access network. We then analyze the extent to which various factors influence the performance that users experience. Finally, we explore how different groups of users experience simultaneous performance anomalies and analyze the common characteristics of users that share fate (e.g., whether users that experience simultaneous performance degradation share the same provider, city). Our analysis informs both users and designers of networked services who wish to improve the reliability and performance of access networks through multihoming and may also assist operators with troubleshooting network issues by narrowing down likely causes.