|
OMEC
See this link
for details.
mOS
mOS networking stack provides elegant abstractions for
stateful flow processing tailored for middlebox applications.
Our API allows developers to focus on the core application
logic instead of dealing with low-level packet/flow processing
themselves. Under the hood, the stack implements an efficient
event system derived from
mTCP,
a high-performance user-level TCP/IP stack. Our evaluation
demonstrates that the mOS API enables modular development
of stateful middleboxes, often significantly reducing
development efforts represented by the source lines of
code, while introducing little performance overhead.
[CCR 2015,
NSDI 2017]
[Project Webpage].
mTCP
mTCP is a high-performance user-level TCP stack for multicore
systems. It addresses the inefficiencies of current Linux-based
TCP/IP stack from the ground up - from packet I/O and TCP connection
management to the application interface. In addition to adopting
well-known techniques, mTCP (1) allows efficient flow-level event
aggregation, and (2) performs batch processing of RX/TX packets
for high I/O efficiency. mTCP improves the performance of small
message transactions by a factor 25 than that of latest Linux
TCP stack. [NSDI 2014]
[Project Webpage].
HUMANSIGN
A device framework under development in which input keystroke
events are securely coupled with actual textual content typed
by humans for reliable network payload delivery. This scheme
is based on trusted computing principles that places the root
of trust on a customized input device running a trusted platform
module (TPM) chip and a small attester daemon within it. Each
input event generates a cryptographic hash that attests to
human activity and the combined message attestation (derived
from such events) gets a third-party verifiable digital
signature. These human attestations are then attached to the
actual messages which ultimately assist in reducing false
positive rates in the recipients' filter modules.
Please email in case you wish to read the technical report.
[APSYS 2010, NSDI 2011]
KARGUS
Intrusion attempts on the Internet have consistently risen in
the last few years. As the link bandwidths of large campus
& meteropolitan area networks reach 10 Gbps, network
administrators have employed high-performance intrusion
detection systems (IDSes) that use dedicated network
processors and specialized memory to cope with the increasing
ingress traffic rates. Unfortunately, the deployment and
maintainence costs of such solutions are inevitably high, and
the hardware design is often too inflexible to adopt new
analysis algorithms.
Kargus is a highly-scalable software-based IDS that runs on
commodity PCs and its performance is comparable to
hardware-based IDSes. It effectively exploits the potentials
of modern hardware innovations such as multicore CPUs,
heterogeneous GPUs and multi-queue interface of NICs that
drives its monitoring rate by up to 33 Gbps in real time.
[CCS 2012]
[Project Webpage].
BOTBUSTER
DDoS attacks increasingly use normal-looking application-layer
requests to waste HTTP server CPU or disk resources. CAPTCHAs
attempt to distinguish bots from human clients and are often used
to avoid such attacks. However, CAPTCHAs themselves consume
resources and are frequently defeated. Bobuster is an extensible
ebtables module that pushes client authentication in the kernel
while overcoming several limitations in Kill-Bots (NSDI 2005). It
can easily be deployed as a bridge in front of server farms,
modularly accepts a variety of present and future authentication
schemes, and can do server-directed client authentication and
packet classification. [ICCCN 2008,
LCN 2010]
|
