Browsing by Author "Williamson, Carey"
Now showing 1 - 20 of 48
Results Per Page
Sort Options
Item Open Access A hardware programmable network processor(2004) Munteanu, Dan; Williamson, CareyItem Open Access A practical buses protocol for anonymous network communication(2004) Hirt, Andreas; Williamson, Carey; Jacobson, Michael JohnThe need to communicate anonymously over the Internet has increased with the proliferation of networked computers. Applications such as military communications, Web browsing, e-voting, and e-counseling for victims of abuse all require anonymous communication. Without anonymity, individuals may refrain from communicating for fear of retribution, potentially resulting in social, psychological, or financial losses, or even the loss of life. This thesis contains a comprehensive survey and analysis of anonymous communication schemes. Analysis of the prior literature shows that there is no secure and scalable anonymous communication scheme. Previous literature has only analyzed each scheme for a subset of the known attacks. In this thesis, the analysis is extended to assess the anonymity capabilities of these schemes with respect to all known attacks. It is shown that none of the scalable anonymous communication schemes are secure. The thesis contains a description of the design, implementation, and evaluation of a prototype anonymous communication scheme. The Buses anonymity protocol is identified as the most secure and scalable candidate protocol for a dynamic network topology. The protocol is re-designed and extended into the Practical Buses protocol, with features added to protect against all of the known attacks in the literature. New techniques are introduced to make the protocol scalable while preserving mutual anonymity. The design is extended to make the protocol more efficient, secure, and fault-tolerant. The experimental results obtained demonstrate that the Practical Buses protocol is a promising solution for anonymous network communication.Item Open Access Analysis and evaluation of anonymity protocols(2011) Ismail, Ibrahim Mohammad; Williamson, CareyItem Open Access Anomaly detection in edge networks(2012-08-01) Iqbal, Faisal; Williamson, Carey; Locasto, MichaelAnomalies are unusual and unexpected events in the network that do not conform to the normal network activity. Accurate and agile anomaly identification is critical for reliable operation of the network. However, identifying complex anomalies within voluminous and diverse network traffic is a challenging task. This problem is further complicated when anomaly detection techniques designed for backbone networks are deployed in edge networks, producing low accuracy and many false alarms. This thesis reports the anomaly detection performance of three techniques in a large edge network. I enhance two backbone network techniques, BasisDetect and PCA, to work in edge networks. I also develop Gradient, a simple gradient-based multi-resolution anomaly detection technique, that performs efficiently in practice. The experiments are performed on a dataset spanning 23 months with periods of high and low network activity. The diverse sets of hosts in the network included servers, wireless devices, and residential users. I assess the detection performance using several metrics, including detection accuracy, robustness, and sensitivity to training sets and traffic volumes. I also analyze the impact of configuration parameters on the performance of anomaly detection techniques. My results show that both BasisDetect and Gradient generally perform with high accuracy in edge networks. BasisDetect lacks robustness over a long period of time but this deficiency can be addressed with periodic retraining. PCA, however, has low detection accuracy and generates many false alarms.Item Open Access Barrier coverage in mixed sensor networks(2011) Srinivasa, Shambhavi; Li, Zongpeng; Williamson, CareyItem Open Access Broadband wireless access: perspectives and performance(2010) Halepovic, Emir; Williamson, Carey; Ghaderi Dehkordi, MajidItem Open Access Building Babel - Towards a Security System through Co-dependency and Diversity(2015-12-24) de Castro, Daniel Medeiros Nunes; Aycock, John Daniel; Williamson, Carey; Locasto, Michael; Far, Behrouz; Miller, JamesA common misconception in computer security is that a computer is able to evaluate whether or not it is compromised. However, if we consider a compromised system, the evaluation is not reliable, thus meaningless. By reducing the set of trusted software components to a minimum size, allowing feasible verification of security, and by having the evaluation of any other software happening physically apart from the computer in question, we could avoid contamination of the evaluation process. This research project called “Babel” consists of an innovative approach for computer security. We envision a system where, from the user’s viewpoint, everything seems exactly the same, but the computer is unable, by itself, to execute any installed software. Babel requires a third party to incrementally translate all or part of a program, thus allowing the program to be executed. We call this requirement for an external party “secure co-dependency”. Babel assumes that the computer and each program running on this computer speak a different language. We imagine these different languages as instructions for different processors, which can be implemented as virtual machines (VMs). The computer needs to communicate to an external interpreter to execute any program. This interpreter not only translates code instructions but it also performs security checks. Inspired by the idea of software diversity, we use different languages among processes to enforce co-dependency. Additionally, software diversity makes it harder for adversaries (malicious software or external attackers) to infect or disrupt program execution. Babel consists of two main, separate systems: a client with the operating system where users run their programs; and a server, responsible for translation and for security checks. Babel components consist basically of a flexible VM (where we can define different instruction sets and registers for each instance) and a communication module. On the server side, the main components of Babel are a translator (or interpreter), which initially provides a VM specification and later on translates the programs to that VM, and a security checker responsible for detecting malicious activity. This dissertation documents our experiences and successes developing a proof-of-concept of Babel.Item Open Access Channel selection strategies for multi-channel MAC protocols in wireless ad-hoc networks(2005) Wormsbecker, Ian B.; Williamson, CareyItem Open Access Characterising usage of the AirUC WLAN(2006) Mahanti, Aniket; Williamson, CareyItem Open Access Characterization of Periodic Network Traffic(2017) Haffey, Mackenzie; Williamson, Carey; Arlitt, Martin; Williamson, Carey; Arlitt, Martin; Aycock, John; Fong, PhilipThis thesis focuses on characterizing periodic communications in network traffic, which we refer to as network heartbeats. Heartbeat traffic can be used to assess the overall health of an operational network, based on the presence/absence of heartbeats for known network services, and also to detect unexpected/undesired network services, such as malicious traffic. We use a simple and flexible SQL-based method to detect a wide range of heartbeats in network traffic, using seven weeks of connection logs from a campus edge network. Our results show that heartbeat analysis is effective for detecting P2P, gaming, cloud, scanning, and botnet traffic flows, which often have periodic signatures.Item Open Access Characterizing D2L Usage at the U of C(2017) Roy, Sourish; Williamson, Carey; Wang, Mea; Williamson, Carey; Kawash, JalalOver the last decade, online Learning Management System (LMS) services have been utilized by many universities. Desire2Learn (D2L) is the official LMS used by the University of Calgary (U of C). Every student, teaching assistant, and faculty member has access to D2L services. This thesis presents a workload characterization study of the D2L Web site for on-campus and off-campus users based on a period of two calender years, 2015 and 2016. D2L mainly provides online learning services, delivers course content, and monitors student progress. It uses content delivery networks consisting of geographically dispersed nodes. Persistent and parallel connections are used extensively throughout D2L sessions with users. This thesis sheds light upon the usage of modern LMS services like D2L. It utilizes network-level data for an extended period of time. Our measurement results highlight the impacts of network latency on the user-perceived D2L performance at the U of C.Item Open Access Collection and analysis of web-based exploits and malware(2008) Obied, Ahmed Mohamed Abdulla; Jacobson, Michael John; Williamson, CareyMalicious software in the form of worms, Trojan horses, spyware, and bots has become an effective tool for financial gain. To effectively infect the computers of unsuspecting users with malware, attackers use malicious Web pages. When a user views a malicious Web page using a Web browser, the malicious Web page delivers a Web-based exploit that targets browser vulnerabilities. Successful exploitation of a browser vulnerability can lead to an automatic download and execution of malware on the victim's computer. This thesis presents a honeypot that uses Internet Explorer as bait to identify malicious Web pages, which successfully download and execute malware via Webbased exploits. When the honeypot instructs Internet Explorer to visit a Web page, the honeypot monitors and records process and file creation activities of Internet Explorer and processes spawned by Internet Explorer. The recorded activities are analyzed to find deviations from normal behavior, which indicate successful exploitation. The Web-based exploits delivered by malicious Web pages and the malware downloaded by the exploits are automatically collected by the honeypot after successful exploitations. Additionally, the honeypot constructs an analysis graph to find relationships between different malicious Web pages and identify the Web pages that download the same malware. This thesis also presents an analysis of data collected by the honeypot after processing 33,811 URLs collected fom three data sets. Observations and case studies are presented to provide insights about Web-based exploits and malware, malicious Web pages, and the techniques used by attackers to deliver and obfuscate the exploits.Item Open Access Coordinated Packet-Level Traffic Monitoring in Software-Defined Networks(2023-01-19) Sadrhaghighi, Sogand; Ghaderi, Majid; Reardon, Joel; Wang, Mea; Williamson, Carey; Krishnamurthy, Diwakar; Liang, BenAs the scale and speed of networks grow, packet-level monitoring has become an indispensable tool for extensive network-wide visibility. Traditional tools for capturing packet-level traces have either become unfit or do not meet the requirements of modern networks. This thesis presents the design and evaluation of software-defined packet-level monitoring solutions that address the monitoring requirements of modern high-speed networks. In particular, we present the design and evaluation of SoftTap, a scalable alternative to hardware taps, which provides pervasive flow visibility utilizing the traffic mirroring capabilities of commodity OpenFlow switches. To decide on the mirroring configurations, we design polynomial time approximation algorithms with bounded approximation ratios. Our Mininet experiments show that an intrusion detection system implemented on top of SoftTap achieves up to 25% higher detection recall compared to existing mirroring solutions. To reduce the monitoring overhead, networks adopt traffic sampling solutions. Existing sampling solutions, however, either provide limited flow visibility or scale poorly in large networks. We present the design and evaluation of FlowShark, a high-visibility per-flow sampling system for software-defined networks. The main idea in FlowShark is to manage sampling decisions on short flows using edge switches, whereas a central controller optimizes sampling decisions on long flows. To manage long flow sampling decisions, we design an online algorithm with a bounded competitive ratio. Our Mininet experiments with a machine learning-based traffic classifier show up to 27% higher classification recall with FlowShark compared to existing sampling solutions. Deploying network-wide packet-level monitoring solutions in multi-tenant virtual networks (VNs) remains challenging. Existing solutions, in which each VN configures mirroring or sampling independently of other VNs, lead to inefficiencies. We present the design and evaluation of Open Virtual Tap and SampVisor, network-wide virtualization-aware flow mirroring and sampling monitoring solutions, respectively. The key idea behind both systems is the joint configuration of all switches in the substrate physical network to efficiently mirror/sample flows from all VNs. We formulate virtualization-aware flow mirroring and sampling as optimization problems and design efficient algorithms with bounded worst-case performance to solve the problems.Item Open Access Defending against Link Quality Routing Attacks in Wireless Sensor Networks(2011) Hegazy, Islam; Safavi-Naini, Reihaneh; Williamson, CareyItem Open Access Distributed Routing for Vehicular Ad Hoc Networks: Throughput-Delay Tradeoff(2009-12-16T18:24:05Z) Abedi, Ali; Ghaderi, Majid; Williamson, CareyIn this paper, we address the problem of low-latency routing in a vehicular highway network. To cover long highways while minimizing the number of required roadside access points, we utilize vehicle-to-vehicle communication to propagate data in the network. Vehicular networks are highly dynamic, and hence routing algorithms that require global network state information or centralized coordination are not suitable for such networks. Instead, we develop a novel distributed routing algorithm that requires minimal coordination among vehicles, while achieving a highly efficient throughput-delay tradeoff. Specifically, we show that the proposed algorithm achieves a throughput that is within a factor of 1=e of the throughput of an algorithm that centrally coordinates vehicle transmissions in a highly dense network, and yet its end-to-end delay is approximately half of that of a widely studied ALOHA-based randomized routing algorithm. We evaluate our algorithm analytically and through simulations and compare its throughput-delay performance against the ALOHA-based randomized routing.Item Open Access Efficient Pricing Methods in The Cloud Computing Market(2017) Soleimani, Maryam; Li, Zongpeng; Williamson, Carey; Jacobson, Michael J. JrThe emerging cloud computing paradigm enables cloud systems to provide multiple heterogeneous types of cloud resources for end customers over a network. Users and providers in these systems attempt to maximize their revenue using well-designed pricing methods. Auctions are considered as efficient mechanisms for resource sharing and charging users in cloud systems. We study the online social welfare maximization problem at a cloud market, and design efficient pricing functions to be used in online auction mechanisms for cloud resource provisioning, for tasks with completion deadlines. Combining the techniques of primal-dual approximation algorithm design with our proposed pricing methods, we design a cloud auction that runs efficiently in polynomial time, guarantees truthfulness, and achieves near-optimal social welfare, in the cloud eco-system. Simulation studies con rm the efficacy of the proposed mechanism.Item Open Access Energy-efficient clustering in wireless sensor networks(2011) Dabirmoghaddam, Ali; Ghaderi Dehkordi, Majid; Williamson, CareyItem Open Access Experimental Evaluation of Speed Scaling Systems(2016) Skrenes, Arsham Bryan; Williamson, Carey; Wang, Mea; Krishnamurthy, Diwakar; Williamson, CareySpeed scaling policies are a critical component in modern operating systems, impacting both energy efficiency and performance. Energy efficiency is important from a sustainability standpoint, especially since datacenters account for roughly 2% of the global energy consumption, growing by 6% per year. Understanding the features of modern processors facilitates the development of more effective policies. As a first contribution, this thesis provides such information, along with the details necessary to properly interpret experimental measurement results. The second contribution is a profiler that makes it easy to perform controlled workloads made up of precise units of work at defined speeds, and produces high-resolution timing and energy measurement data broken down by process and workload. The profiler is used to collect empirical data about several theoretical speed scaling policies using a modern processor, with detailed analysis and comparisons to the most common policy on contemporary operating systems.Item Open Access Experimental Evaluation of Two OpenFlow Controllers(2017) Darianian, Mohamad; Williamson, Carey; Krishnamurthy, Diwakar; Wang, Mea; Williamson, CareyNetwork management has become a tricky task in today's complex networks and distributed data centers. Software Defined Networking (SDN) provides more flexibility, eases automation, and gives a more comprehensive view of the network. In a software-defined network, traffic management functionality requires a high-performance and responsive controller. The SDN controller, as the “brain'' of the network, enables network administrators to classify, manipulate, and dynamically re-route an evolving set of traffic flows across many possible network paths. In mission-critical networks, having a flexible and carrier-grade controller is a high priority. In this thesis, we conduct an experimental evaluation of two open-source distributed OpenFlow controllers, namely ONOS and OpenDaylight. To this end, we construct a testbed and use a standard benchmarking tool called Cbench to evaluate their performance. We benchmark the throughput and latency of these controllers in both physical and virtual environments. The experimental results show that ONOS provides higher throughput and lower latency than OpenDaylight.Item Open Access Exploiting Non-Uniformities in Redundant Traffic Elimination(2010-08-25T16:21:01Z) Halepovic, Emir; Williamson, Carey; Ghaderi, MajidProtocol-independent redundant traffic elimination (RTE) at the network layer is a method of detecting and removing redundant chunks of data from data packets using caching at both ends of a network link or path. In this paper, we propose a set of techniques to improve the effectiveness of packet-level RTE. In particular, we consider two bypass techniques, with one based on packet size, and the other based on content type. Both bypass techniques are effective in reducing the processing requirements of RTE, with little or no adverse impact on redundancy detection. The bypass techniques apply at the front-end of the RTE pipeline. Within the RTE pipeline, we propose chunk overlap and oversampling as techniques that can improve redundancy detection, while obviating the storage and processing requirements associated with chunk expansion at the network endpoints as suggested by previous research. Finally, we propose savings-based cache management at the backend of the RTE pipeline, as an improvement to the commonly used FIFO-based cache management. We evaluate our techniques on full-payload packet-level traces from a university environment. Our results show that the 11-12% savings achieved with typical RTE can be improved to 16-18% with our techniques.
- «
- 1 (current)
- 2
- 3
- »