Tianyi Wang, G. Wang, Xing Li, Haitao Zheng, Ben Y. Zhao
Popular Internet services in recent years have shown that remarkable things can be achieved by harnessing the power of the masses. However, crowd-sourcing systems also pose a real challenge to existing security mechanisms deployed to protect Internet services, particularly those tools that identify malicious activity by detecting activities of automated programs such as CAPTCHAs. In this work, we leverage access to two large crowdturfing sites to gather a large corpus of ground-truth data generated by crowdturfing campaigns. We compare and contrast this data with "organic" content generated by normal users to identify unique characteristics and potential signatures for use in real-time detectors. This poster describes first steps taken focused on crowdturfing campaigns targeting the Sina Weibo microblogging system. We describe our methodology, our data (over 290K campaigns, 34K worker accounts, 61 million tweets...), and some initial results.
{"title":"Characterizing and detecting malicious crowdsourcing","authors":"Tianyi Wang, G. Wang, Xing Li, Haitao Zheng, Ben Y. Zhao","doi":"10.1145/2486001.2491719","DOIUrl":"https://doi.org/10.1145/2486001.2491719","url":null,"abstract":"Popular Internet services in recent years have shown that remarkable things can be achieved by harnessing the power of the masses. However, crowd-sourcing systems also pose a real challenge to existing security mechanisms deployed to protect Internet services, particularly those tools that identify malicious activity by detecting activities of automated programs such as CAPTCHAs. In this work, we leverage access to two large crowdturfing sites to gather a large corpus of ground-truth data generated by crowdturfing campaigns. We compare and contrast this data with \"organic\" content generated by normal users to identify unique characteristics and potential signatures for use in real-time detectors. This poster describes first steps taken focused on crowdturfing campaigns targeting the Sina Weibo microblogging system. We describe our methodology, our data (over 290K campaigns, 34K worker accounts, 61 million tweets...), and some initial results.","PeriodicalId":159374,"journal":{"name":"Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM","volume":"126 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-08-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115185901","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Making intra-domain traffic engineering resistant to failures","authors":"Baobao Zhang, J. Bi, Jianping Wu","doi":"10.1145/2486001.2491730","DOIUrl":"https://doi.org/10.1145/2486001.2491730","url":null,"abstract":"","PeriodicalId":159374,"journal":{"name":"Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-08-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115985977","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
G. Porter, Richard D. Strong, Nathan Farrington, Alex Forencich, P. Sun, T. Simunic, Y. Fainman, G. Papen, Amin Vahdat
Recent proposals have employed optical circuit switching (OCS) to reduce the cost of data center networks. However, the relatively slow switching times (10--100 ms) assumed by these approaches, and the accompanying latencies of their control planes, has limited its use to only the largest data center networks with highly aggregated and constrained workloads. As faster switch technologies become available, designing a control plane capable of supporting them becomes a key challenge. In this paper, we design and implement an OCS prototype capable of switching in 11.5 us, and we use this prototype to expose a set of challenges that arise when supporting switching at microsecond time scales. In response, we propose a microsecond-latency control plane based on a circuit scheduling approach we call Traffic Matrix Scheduling (TMS) that proactively communicates circuit assignments to communicating entities so that circuit bandwidth can be used efficiently.
{"title":"Integrating microsecond circuit switching into the data center","authors":"G. Porter, Richard D. Strong, Nathan Farrington, Alex Forencich, P. Sun, T. Simunic, Y. Fainman, G. Papen, Amin Vahdat","doi":"10.1145/2486001.2486007","DOIUrl":"https://doi.org/10.1145/2486001.2486007","url":null,"abstract":"Recent proposals have employed optical circuit switching (OCS) to reduce the cost of data center networks. However, the relatively slow switching times (10--100 ms) assumed by these approaches, and the accompanying latencies of their control planes, has limited its use to only the largest data center networks with highly aggregated and constrained workloads. As faster switch technologies become available, designing a control plane capable of supporting them becomes a key challenge. In this paper, we design and implement an OCS prototype capable of switching in 11.5 us, and we use this prototype to expose a set of challenges that arise when supporting switching at microsecond time scales. In response, we propose a microsecond-latency control plane based on a circuit scheduling approach we call Traffic Matrix Scheduling (TMS) that proactively communicates circuit assignments to communicating entities so that circuit bandwidth can be used efficiently.","PeriodicalId":159374,"journal":{"name":"Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-08-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116447879","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
P. Bosshart, G. Gibb, Hun-Seok Kim, G. Varghese, N. McKeown, M. Izzard, Fernando A. Mujica, M. Horowitz
In Software Defined Networking (SDN) the control plane is physically separate from the forwarding plane. Control software programs the forwarding plane (e.g., switches and routers) using an open interface, such as OpenFlow. This paper aims to overcomes two limitations in current switching chips and the OpenFlow protocol: i) current hardware switches are quite rigid, allowing ``Match-Action'' processing on only a fixed set of fields, and ii) the OpenFlow specification only defines a limited repertoire of packet processing actions. We propose the RMT (reconfigurable match tables) model, a new RISC-inspired pipelined architecture for switching chips, and we identify the essential minimal set of action primitives to specify how headers are processed in hardware. RMT allows the forwarding plane to be changed in the field without modifying hardware. As in OpenFlow, the programmer can specify multiple match tables of arbitrary width and depth, subject only to an overall resource limit, with each table configurable for matching on arbitrary fields. However, RMT allows the programmer to modify all header fields much more comprehensively than in OpenFlow. Our paper describes the design of a 64 port by 10 Gb/s switch chip implementing the RMT model. Our concrete design demonstrates, contrary to concerns within the community, that flexible OpenFlow hardware switch implementations are feasible at almost no additional cost or power.
在SDN (Software Defined Networking)中,控制平面与转发平面在物理上是分离的。控制软件使用开放接口(如OpenFlow)对转发平面(如交换机和路由器)进行编程。本文旨在克服当前交换芯片和OpenFlow协议的两个限制:i)当前的硬件交换机非常严格,只允许在固定的一组字段上进行“匹配-动作”处理;ii) OpenFlow规范只定义了有限的数据包处理动作。我们提出了RMT(可重构匹配表)模型,这是一种新的risc启发的用于切换芯片的流水线架构,我们确定了基本的最小操作原语集,以指定如何在硬件中处理头信息。RMT允许在不修改硬件的情况下现场改变转发平面。就像在OpenFlow中一样,程序员可以指定任意宽度和深度的多个匹配表,只受总体资源限制,每个表都可以配置为在任意字段上匹配。然而,RMT允许程序员比OpenFlow更全面地修改所有报头字段。本文介绍了一种实现RMT模型的64口10gb /s开关芯片的设计。我们的具体设计表明,与社区的担忧相反,灵活的OpenFlow硬件交换机实现几乎不需要额外的成本或功率。
{"title":"Forwarding metamorphosis: fast programmable match-action processing in hardware for SDN","authors":"P. Bosshart, G. Gibb, Hun-Seok Kim, G. Varghese, N. McKeown, M. Izzard, Fernando A. Mujica, M. Horowitz","doi":"10.1145/2486001.2486011","DOIUrl":"https://doi.org/10.1145/2486001.2486011","url":null,"abstract":"In Software Defined Networking (SDN) the control plane is physically separate from the forwarding plane. Control software programs the forwarding plane (e.g., switches and routers) using an open interface, such as OpenFlow. This paper aims to overcomes two limitations in current switching chips and the OpenFlow protocol: i) current hardware switches are quite rigid, allowing ``Match-Action'' processing on only a fixed set of fields, and ii) the OpenFlow specification only defines a limited repertoire of packet processing actions. We propose the RMT (reconfigurable match tables) model, a new RISC-inspired pipelined architecture for switching chips, and we identify the essential minimal set of action primitives to specify how headers are processed in hardware. RMT allows the forwarding plane to be changed in the field without modifying hardware. As in OpenFlow, the programmer can specify multiple match tables of arbitrary width and depth, subject only to an overall resource limit, with each table configurable for matching on arbitrary fields. However, RMT allows the programmer to modify all header fields much more comprehensively than in OpenFlow. Our paper describes the design of a 64 port by 10 Gb/s switch chip implementing the RMT model. Our concrete design demonstrates, contrary to concerns within the community, that flexible OpenFlow hardware switch implementations are feasible at almost no additional cost or power.","PeriodicalId":159374,"journal":{"name":"Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM","volume":"3 3","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-08-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132768158","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper treats a critical component of the Web ecosystem that has so far received little attention in our community: ad exchanges. Ad exchanges run auctions to sell publishers' inventory-space on Web pages-to advertisers who want to display ads in those spaces. Unfortunately, under the status quo, the parties to an auction cannot check that the auction was carried out correctly, which raises the following more general question: how can we create verifiability in low-latency, high-frequency auctions where the parties do not know each other? We address this question with the design, prototype implementation, and experimental evaluation of VEX. VEX introduces a technique for efficient, privacy-preserving integer comparisons; couples these with careful protocol design; and adds little latency and tolerable overhead.
{"title":"Verifiable auctions for online ad exchanges","authors":"Sebastian Angel, Michael Walfish","doi":"10.1145/2486001.2486038","DOIUrl":"https://doi.org/10.1145/2486001.2486038","url":null,"abstract":"This paper treats a critical component of the Web ecosystem that has so far received little attention in our community: ad exchanges. Ad exchanges run auctions to sell publishers' inventory-space on Web pages-to advertisers who want to display ads in those spaces. Unfortunately, under the status quo, the parties to an auction cannot check that the auction was carried out correctly, which raises the following more general question: how can we create verifiability in low-latency, high-frequency auctions where the parties do not know each other? We address this question with the design, prototype implementation, and experimental evaluation of VEX. VEX introduces a technique for efficient, privacy-preserving integer comparisons; couples these with careful protocol design; and adds little latency and tolerable overhead.","PeriodicalId":159374,"journal":{"name":"Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115151238","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Vincent Liu, Aaron N. Parks, V. Talla, Shyamnath Gollakota, D. Wetherall, Joshua R. Smith
We present the design of a communication system that enables two devices to communicate using ambient RF as the only source of power. Our approach leverages existing TV and cellular transmissions to eliminate the need for wires and batteries, thus enabling ubiquitous communication where devices can communicate among themselves at unprecedented scales and in locations that were previously inaccessible. To achieve this, we introduce ambient backscatter, a new communication primitive where devices communicate by backscattering ambient RF signals. Our design avoids the expensive process of generating radio waves; backscatter communication is orders of magnitude more power-efficient than traditional radio communication. Further, since it leverages the ambient RF signals that are already around us, it does not require a dedicated power infrastructure as in traditional backscatter communication. To show the feasibility of our design, we prototype ambient backscatter devices in hardware and achieve information rates of 1 kbps over distances of 2.5 feet and 1.5 feet, while operating outdoors and indoors respectively. We use our hardware prototype to implement proof-of-concepts for two previously infeasible ubiquitous communication applications.
{"title":"Ambient backscatter: wireless communication out of thin air","authors":"Vincent Liu, Aaron N. Parks, V. Talla, Shyamnath Gollakota, D. Wetherall, Joshua R. Smith","doi":"10.1145/2486001.2486015","DOIUrl":"https://doi.org/10.1145/2486001.2486015","url":null,"abstract":"We present the design of a communication system that enables two devices to communicate using ambient RF as the only source of power. Our approach leverages existing TV and cellular transmissions to eliminate the need for wires and batteries, thus enabling ubiquitous communication where devices can communicate among themselves at unprecedented scales and in locations that were previously inaccessible. To achieve this, we introduce ambient backscatter, a new communication primitive where devices communicate by backscattering ambient RF signals. Our design avoids the expensive process of generating radio waves; backscatter communication is orders of magnitude more power-efficient than traditional radio communication. Further, since it leverages the ambient RF signals that are already around us, it does not require a dedicated power infrastructure as in traditional backscatter communication. To show the feasibility of our design, we prototype ambient backscatter devices in hardware and achieve information rates of 1 kbps over distances of 2.5 feet and 1.5 feet, while operating outdoors and indoors respectively. We use our hardware prototype to implement proof-of-concepts for two previously infeasible ubiquitous communication applications.","PeriodicalId":159374,"journal":{"name":"Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM","volume":"136 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116382301","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Numerous smart devices are deployed in smart grid for state measurement, decision-making and remote control. The security issues of smart devices attract more and more attention. In our work, the communication protocol, storage mechanism and authentication of smart devices are analyzed and a toolbox is developed to evaluate the security risks of smart devices. In this demo, our toolbox is applied to scan 3 smart meters/power monitor systems. A potential risk list is generated and the vulnerabilities are further verified.
{"title":"Security risks evaluation toolbox for smart grid devices","authors":"Yang Liu, Jiahe Liu, Ting Liu, X. Guan, Yanan Sun","doi":"10.1145/2486001.2491693","DOIUrl":"https://doi.org/10.1145/2486001.2491693","url":null,"abstract":"Numerous smart devices are deployed in smart grid for state measurement, decision-making and remote control. The security issues of smart devices attract more and more attention. In our work, the communication protocol, storage mechanism and authentication of smart devices are analyzed and a toolbox is developed to evaluate the security risks of smart devices. In this demo, our toolbox is applied to scan 3 smart meters/power monitor systems. A potential risk list is generated and the vulnerabilities are further verified.","PeriodicalId":159374,"journal":{"name":"Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM","volume":"81 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122667181","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, T. Anderson, A. Krishnamurthy, D. Wetherall
As personal information increases in value, the incentives for remote services to collect as much of it as possible increase as well. In the current Internet, the default assumption is that all behavior can be correlated using a variety of identifying information, not the least of which is a user's IP address. Tools like Tor, Privoxy, and even NATs, are located at the opposite end of the spectrum and prevent any behavior from being linked. Instead, our goal is to provide users with more control over linkability---which activites of the user can be correlated at the remote services---not necessarily more anonymity. We design a cross-layer architecture that provides users with a pseudonym abstraction. To the user, a pseudonym represents a set of activities that the user is fine with linking, and to the outside world, a pseudonym gives the illusion of a single machine. We provide this abstraction by associating each pseudonym with a unique, random address drawn from the IPv6 address space, which is large enough to provide each device with multiple globally-routable addresses. We have implemented and evaluated a prototype that is able to provide unlinkable pseudonyms within the Chrome web browser in order to demonstrate the feasibility, efficacy, and expressiveness of our approach.
{"title":"Expressive privacy control with pseudonyms","authors":"Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, T. Anderson, A. Krishnamurthy, D. Wetherall","doi":"10.1145/2486001.2486032","DOIUrl":"https://doi.org/10.1145/2486001.2486032","url":null,"abstract":"As personal information increases in value, the incentives for remote services to collect as much of it as possible increase as well. In the current Internet, the default assumption is that all behavior can be correlated using a variety of identifying information, not the least of which is a user's IP address. Tools like Tor, Privoxy, and even NATs, are located at the opposite end of the spectrum and prevent any behavior from being linked. Instead, our goal is to provide users with more control over linkability---which activites of the user can be correlated at the remote services---not necessarily more anonymity. We design a cross-layer architecture that provides users with a pseudonym abstraction. To the user, a pseudonym represents a set of activities that the user is fine with linking, and to the outside world, a pseudonym gives the illusion of a single machine. We provide this abstraction by associating each pseudonym with a unique, random address drawn from the IPv6 address space, which is large enough to provide each device with multiple globally-routable addresses. We have implemented and evaluated a prototype that is able to provide unlinkable pseudonyms within the Chrome web browser in order to demonstrate the feasibility, efficacy, and expressiveness of our approach.","PeriodicalId":159374,"journal":{"name":"Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128449549","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
R. Singh, A. Brush, E. Filippov, D. Huang, Ratul Mahajan, Khurshed Mazhar, Amar Phanishayee, Arjmand Samuel
The downward spiral in the cost of connected devices and sensors (e.g., cameras, motion sensors, remote controlled light switches) has generated a vast amount of interest towards using them in the home environments. Companies and researchers are developing technologies that employ these devices in a diverse range of ways. These include improving energy efficiency, increasing comfort and convenience through automation, implementing security and monitoring, and providing in-home healthcare. However, conducting experimental work in this domain is extremely challenging today. Evaluating the effectiveness of research prototypes typically requires some form of deployment in real homes. This task is riddled with not only social and legal constraints, but also logistical and technical hurdles. Examples include recruiting participants, hardware and software setup in the home, training participants and residents who typically possess varying levels of technical expertise, and diverse security and privacy concerns. Because of these challenges, individual research groups rarely manage to deploy their prototypes on more than a dozen or so homes concentrated in their geographic area. Such deployments tend to lack the scale and diversity that is needed to confidently answer the research hypothesis. Our goal is to lower the barrier towards deploying experimental technology in a large number of geographically distributed homes.
{"title":"HomeLab: a platform for conducting experiments with connected devices in the home","authors":"R. Singh, A. Brush, E. Filippov, D. Huang, Ratul Mahajan, Khurshed Mazhar, Amar Phanishayee, Arjmand Samuel","doi":"10.1145/2486001.2491701","DOIUrl":"https://doi.org/10.1145/2486001.2491701","url":null,"abstract":"The downward spiral in the cost of connected devices and sensors (e.g., cameras, motion sensors, remote controlled light switches) has generated a vast amount of interest towards using them in the home environments. Companies and researchers are developing technologies that employ these devices in a diverse range of ways. These include improving energy efficiency, increasing comfort and convenience through automation, implementing security and monitoring, and providing in-home healthcare. However, conducting experimental work in this domain is extremely challenging today. Evaluating the effectiveness of research prototypes typically requires some form of deployment in real homes. This task is riddled with not only social and legal constraints, but also logistical and technical hurdles. Examples include recruiting participants, hardware and software setup in the home, training participants and residents who typically possess varying levels of technical expertise, and diverse security and privacy concerns. Because of these challenges, individual research groups rarely manage to deploy their prototypes on more than a dozen or so homes concentrated in their geographic area. Such deployments tend to lack the scale and diversity that is needed to confidently answer the research hypothesis. Our goal is to lower the barrier towards deploying experimental technology in a large number of geographically distributed homes.","PeriodicalId":159374,"journal":{"name":"Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129738168","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Andrew D. Ferguson, Arjun Guha, Chen Liang, Rodrigo Fonseca, S. Krishnamurthi
We present the design, implementation, and evaluation of an API for applications to control a software-defined network (SDN). Our API is implemented by an OpenFlow controller that delegates read and write authority from the network's administrators to end users, or applications and devices acting on their behalf. Users can then work with the network, rather than around it, to achieve better performance, security, or predictable behavior. Our API serves well as the next layer atop current SDN stacks. Our design addresses the two key challenges: how to safely decompose control and visibility of the network, and how to resolve conflicts between untrusted users and across requests, while maintaining baseline levels of fairness and security. Using a real OpenFlow testbed, we demonstrate our API's feasibility through microbenchmarks, and its usefulness by experiments with four real applications modified to take advantage of it.
{"title":"Participatory networking: an API for application control of SDNs","authors":"Andrew D. Ferguson, Arjun Guha, Chen Liang, Rodrigo Fonseca, S. Krishnamurthi","doi":"10.1145/2486001.2486003","DOIUrl":"https://doi.org/10.1145/2486001.2486003","url":null,"abstract":"We present the design, implementation, and evaluation of an API for applications to control a software-defined network (SDN). Our API is implemented by an OpenFlow controller that delegates read and write authority from the network's administrators to end users, or applications and devices acting on their behalf. Users can then work with the network, rather than around it, to achieve better performance, security, or predictable behavior. Our API serves well as the next layer atop current SDN stacks. Our design addresses the two key challenges: how to safely decompose control and visibility of the network, and how to resolve conflicts between untrusted users and across requests, while maintaining baseline levels of fairness and security. Using a real OpenFlow testbed, we demonstrate our API's feasibility through microbenchmarks, and its usefulness by experiments with four real applications modified to take advantage of it.","PeriodicalId":159374,"journal":{"name":"Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129035377","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: