admits - Systems and Networking
Download
Report
Transcript admits - Systems and Networking
Walt Burkhart
Andrew Chien (adjunct)
kc claffy (adjunct)
Keith Marzullo (chair)
Joe Pasquale
Stefan Savage
Alex C. Snoeren
Amin Vahdat
George Varghese
Geoff Voelker
What do you mean by
Systems? Networking?
Systems. Noun. From Greek systEmat: “to combine”
1. Degenerate branch of computer science, combining
bits ofsystems,
Theory, AI,networking
Architecture,(and
PL/Compilers,
Here,
security) all
Crypto,
Databases, etc for crass utilitarian purposes.
blur
together.
Networking.
Noun. (1560)
We’re interested
in solving real or emerging
1. problems
The study by
of systems
that communicate.
designing,
building and
hardware
and software
2. measuring
The study ofreal
relevant
systems.
artifacts.
UCSD
Systems & Networking
Large group
10 faculty, ~40 students, 4 full-time staff
Broad interests
High-speed storage, fault-tolerance, network &
system security, routing protocols, overlay
networks, virtual machines, distributed
programming, wireless networks, distributed
debugging, content caching, router design,
network measurement, distributed authentication,
self-managing/adaptive systems, peer-to-peer
systems, applications of economics/game-theory,
mobile code, multimedia, grids, scheduling, etc….
Resource rich
$10M+ in committed $$$
~80 workstations, 400+ servers,
10’s of TB of storage, 10Gbps uplink,
unmatched network monitoring,
programmable wireless infrastructure
Good surf + high-quality espresso machine
+ biometric soda machine
Quick Horn Tooting
• Faculty (great)
– 7 Sysnet faculty hired in last decade have all turned
down tenure-track offers at “top 5” schools to be
here
– 2 Sloan Fellows, 2 ACM Fellows, 1 IEEE Fellow,
5 NSF Career/PYI winners, and 1 ONR PYI winner
• Research record (great)
– In last nine: 13 SOSP/OSDI, 19 NSDI/USITS, 23
SIGCOMM, 16 INFOCOM, 6 SIGMETRICS
– 12 award papers, >20 “most cited” in CiteSeer
• Bottom line: We do okay...
Some Recent Efforts
• Routing
Ken
– Distributed Rate Limiting
• Wireless
– Jigsaw/Shaman
• Measurement & emulation
– dK-series
• Security
– Tint/Neon/Storm…
kc
Internet Routing
• Quality of wide-area routing
[SIGCOMM 99]
• Flexible inter-AS routing
[SIGCOMM00, JSAC01]
• Exploiting multi-path for
reliability
[SOSP01, IMC03 (2)]
• Impacts of “HotPotato” routing
[SIGCOMM02, SIGMETRICS04,
SIGCOMM04, PAM05]
• Debugging routing failures
dst
New York
San Francisco
ISP network
[NSDI05,INFOCOM07]
10
9
11
Dallas
Cloud Control
• Resources and clients are across the world
• Services combine these distributed resources
1 Gbps
Distributed Rate Limiting
• Make distributed feel centralized
– Packets should experience same limiter behavior
Limiters
D
S
S
0 ms
D
0 ms
S
0 ms
D
High-speed Network Processing
• Goal: Need to process network traffic in-line at high speeds
– E.g., 40 Gbps using limited (< 4Mbyte) SRAM with 1 nsec access
time using a few memory references.
• Deficit Round-Robin Scheduling
[SIGCOMM95]
• Forwarding Lookups
[SIGCOMM98, SIGCOMM00]
• Packet Classification
[SIGCOMM98, SIGCOMM99,SIGCOMM01,
Infocom 03, SIGCOMM03]
• Interface Statistics
[SIGMETRICS03]
• Security processing
[Infocom03,IMC04, OSDI04]
• Flow Measurement
[SIGCOMM02, IMC03,SIGCOMM04,
IMC05,SIGMETRICS05]
The Dude
Network Measurement
Measurement
1
Analysis
4
2
2
Time
• Measurement Tools (e.g., loss, BW)
[USITS99,IMW02, SIGCOMM03,
USENIX04, ToN04, IMC04, PAM05 ]
• Routing
[SIGCOMM99, IMC03, SIGCOMM04,
SIGMETRICS04, PAM05]
• Web & content distribution
[USITS99, SOSP99, USITS01,
WWW04, Infocom01, WCW01,
WCW02, IPTPS03]
• Security Measurements
[USENIX Sec01, IMW02, S&P03,
S&P04, TOCS06, IMC06]
2
2
3
2
5
Graph Rescaling: dK series
1K
2K
3K
ModelNet: Scalable Network
Emulation
Edge
Nodes
Router
Core
[OSDI02, MASCOTS03, MASCOTS04]
• Goal: answer “what if” questions
about network & application
changes
• Step 1: specify target wide-area
topology
100Mb
– Labeled w/BW, latency, loss
Switch
rates, etc.
• Step 2: map topology to router
Gb
core
Switch
ModelNet
core
pipe 12
pipe 43
pipe 26
Route
lookup
ipfw
delay
loss
IP
Output
10.1.1.410.1.2.3
VNs
10.1.1.110.1.1.10
Edge Node A
IP packet
VNs
10.1.2.110.1.2.10
Edge Node B
• Step 3: run real applications on
end systems
Virtual Clusters
Rack1
RackN
VLAN Switch
VLAN Switch
UsherCtrl,
Bind, SQL,
LDAP, RO NFS
VMM
node1
VMM
node2
RW NFS
VMM
node3
VMM
nodeN
LNM
VM1
VMM (Xen)
VMM
node3
VMM
node4
VMM
nodeN
VMN
Time Dilation
• Change OS’s perception of time via virtual machine
• Physical resources appear faster
• 1-Gbps,100ms link appears as 10-Gbps,10 ms w/TDF=10
• Test impact of future network hardware
DieCast
• Goal: test new service at scale
– Similar hardware, software, workload, etc
• But without the overhead of scale
Gigabit Switch
VMM
VMM
VMM
Gigabit Switch
Gigabit Switch
Load
Balancer
VMM
VMM
VMM
Gigabit Switch
ModelNet
Gigabit Switch
Wireless Networking
•
•
•
•
•
•
•
•
Transport-layer Mobility
[Mobicom00,USITS01]
802.11 use characterization
[SIGMETRICS02]
802.11 Hotspot architecture
[PCM02, WMCSA02, WMASH03]
Energy Efficient Protocols
[Sensys03]
802.11 Denial-of-Service
[USENIX Security03]
Congestion vs Wireless loss
differentiation
[MMCN02, ToN03]
802.11 Fast Handoff (SyncScan)
[Infocom05]
Location services and characterization
[Mobisys05, M2CN06]
Comprehensive monitoring
[SIGCOMM06]
Location Query
(DNS Lookup)
Location Update
(Dynamic DNS Update)
DNS Server
Connection Migration
Correspondent
Host
Attacker
800
WinXP
Linux Thinkpad
Linux iPaq
Mobile Host
foo.bar.edu
yyy.yyy.yyy.yyy
MacOS X
700
600
500
packets
•
400
300
200
100
0
1
9
17 25 33 41 49 57
65 73 81 89 97 105 113 121 129 137 145 153
time (s)
Jigsaw: Enterprise-scale
802.11 Monitoring/Analysis
• Goal: understand how production WiFi
networks really work, or don’t work, and
why.
• >190 software-defined 802.11 radio
monitors
• Global view of wireless activity
– All frequencies in all space (>1M ft3)
• Passive broadcast-based time
synchronization (order 1us)
• Reconstruct traffic view at each layer
(physical, datalink, network/transport)
– Can directly see contention, broadband
interference, layer interactions, etc
• Automatic cross-layer diagnosis of
problems
CCIED
• Collaborative Center for Internet Epidemiology and
Defenses (“Seaside”)
– Joint UCSD/ICSI project, 1 of 4 National CyberTrust Centers
– Focused on threats posed by large-scale host compromise
• Worms, viruses, botnets, DDoS, spam, etc
– Supported by >$7M from NSF, Microsoft, Cisco, Intel, HP,
Symantec, Ericsson, VMWare, AT&T, Sun, Qualcomm
• Three key areas of work
– Network Epidemiology
– Automated Defenses
– Forensic, legal, economic drivers
• See: http://www.ccied.org
Potemkin Honeyfarm
• Provide the illusion of
millions of honeypots
– But use a much smaller
set of physical resources
– 1 Million IP addresses on
10s of physical hosts
• Gateway multiplexes
traffic onto multiple
virtual machines (VMs)
• VMM multiplexes
multiple VMs on physical
Currently, largest highservers
fidelity honeyfarm on planet
Vrable et al., Scalability, Fidelity, and Containment in the
Potemkin Virtual Honeyfarm, SOSP 2005.
Outbreak Defense
• Modern worms can infect
>1M hosts/sec
[S&P03,WORM04]
• Need to detect and block
new outbreaks << 1 sec
[Infocom03]
Earlybird: Line-rate network inference of
worm signatures [OSDI04]
PACKET HEADER
SRC: 11.12.13.14.3920 DST: 132.239.13.24.5000 PROT: TCP
PACKET PAYLOAD (CONTENT)
00F0
0100
0110
0120
0130
0140
. . .
90
90
90
90
90
66
90
90
90
90
90
01
90
90
90
90
90
80
90
90
90
90
90
34
90
90
FF
90
90
0A
90
90
63
90
90
99
90
90
64
90
90
E2
90
90
90
90
90
FA
90
90
90
90
EB
EB
90
90
90
90
10
05
90
90
90
90
5A
E8
90
90
90
90
4A
EB
90
4D
90
90
33
FF
90
3F
90
90
C9
FF
90
E3
90
90
66
FF
90
77
90
90
B9
70
................
............M?.w
.....cd.........
................
..........ZJ3.f.
f..4...........p
Derived Data Management
• Modern organizations wish to enforce
a range of information management
policies
– Who may access data?
– How it is accessed?
– What it can be used for?
• Why?
–
–
–
–
Regulatory constraints
Trade secret protection
ID Theft
Brand Damage
However…
• While most policies are about data…
– “Customer records should be encrypted on disk”
– “GPLed files should not be used to build product
binaries”
– “Trade secret data should not leave the corporate
network”
• Most enforcement mechanisms are about
data containers
– Encrypted files (e.g. EFS), File-based authentication
– VPNs+ routing restriction (must route via mothership)
Data-oriented policy
management
• Tag data with its policy
• Tag any data derived from other sources with
the union of their policies
• Policy tags should be preserved on disk and
across network (in enterprise)
• Enforce policy during I/O
– Data leakage: no packet with “corp only” policy tag
should be allowed to leave access routers
– Forced encryption: buffer with “must encrypt”
policy tag must be encrypted before being written
to disk
Neon: Derived Data Tracking
• Track information flow through host and network
• Data is ‘tinted’ based upon its source
– Tint propagates from inputs to outputs
– Implemented at the VMM level to support any OS
• Enables enforcement of data management polices
– Name/SSN always encrypted on disk, Cisco source code never
leaves company, product never/only dependent on GPL, etc
+
=
Tons of other stuff…
•
Runtime/PL Support for Distributed Computing
[NSDI04, PLDI07]
•
•
Low-overhead link-state routing
Machine-learning for protocol recognition
[IMC05]
•
•
Modeling dependent failures
[DISC05, EuroPar05, USENIX05, ICDCS03]
Automated Availability Management
[NSDI04, Infocom06]
•
Resource Management in Federated Systems
[SOSP03,WEPPS05,HPDC05,HOTOS05,EMNets05,Infocom05]
•
Constant-time QoS scheduling
[SIGCOMM03]
•
Grid protocols, storage, group membership, etc…
Finally, we know how
to have fun too…
Ultimately we faculty only make noise…
… the students make everything happen