Browsing by Author "Chen, Ang"

Now showing 1 - 4 of 4
  • Thumbnail Image
    Item
    Building Secure Runtime Programmable Networked Systems
    (2024-08-09) Xing, Jiarong; Chen, Ang
    Our modern lives rely on a variety of network services, which are powered by large-scale networked systems spanning the globe. These systems constantly evolve to match the growing demand for variegated applications and services. The most recent advance in this domain is programmable network devices (e.g., programmable switches, SmartNICs, and FPGAs). Built with specialized hardware, these new devices can deliver high performance while enabling greater operational flexibility. Researchers have seized this opportunity to build efficient and agile networked systems by redesigning the network protocols and applications. On these grounds, in this thesis, we consider the research question of what next-generation networked systems should entail. While we view network programmability as a positive initial step, we believe future networked systems should extend beyond that. Specifically, we investigate two crucial properties that are absent from today's networked systems: security and runtime programmability. Security is a long-absent network property, as has been proved by the escalating network attacks. Although those attacks are launched through or directly targeting the network, the current network infrastructure has not played an active role in defense. We believe the future network infrastructure should treat security as a first-class goal just as it does routing so that while routing traffic end-to-end, the network also applies a variety of security defenses to eliminate threats within the traffic. The increasing programmability provides an unprecedented opportunity to architect security into the network without incurring intrusive infrastructure changes. In this thesis, we envision enhancing the network infrastructure with security functionalities in two steps. We first turn a programmable switch into a defense platform where a range of defenses can be activated according to the type of threat. Next, we turn the whole network into a defense fleet that conducts security functions while performing end-to-end routing. Following this roadmap, we design NetWarden, a performance-preserving covert channel defense on a single switch, and Ripple, a programmable, decentralized link-flooding defense on multiple switches across the network. Furthermore, for most of the programmable network devices available on the market, their programmability is restricted by a practical yet fundamental barrier: device functions are only programmable at compile time, but they effectively become fixed functions at runtime. We believe future networked systems need not only compile-time programmability but also runtime programmability---the ability to seamlessly incorporate function changes at any time. Runtime programmable networked systems can shapeshift in response to real-time change; they can be optimally tuned for the current requirements and traffic workloads. This requires runtime programming of individual devices as a building block including both switches and NICs. In this thesis, we first realize runtime programmability for switches by designing FlexCore, a whole-stack design for runtime programmable switches. Next, we explore runtime programmability on SmartNICs in Pipeleon, where packet processing performance varies with traffic patterns. Leveraging runtime programmability, we address the problem by adjusting the implementation according to runtime traffic profiles.
  • Thumbnail Image
    Item
    Programmable In-Network Security for Context-aware BYOD Policies
    (2021-01-26) Kang, Qiao; Chen, Ang
    Bring Your Own Device (BYOD) has become the new norm in enterprise networks, but BYOD security remains a top concern. Context-aware security, which enforces access control based on dynamic runtime context, is a promising approach. Recent work has developed SDN solutions to collect device contexts and enforce access control at a central controller. However, the central controller could become a bottleneck and attack target. Responding to context changes from the remote controller is also too slow for real-time decision change. We present a new paradigm, programmable in-network security (Poise), which is enabled by the emergence of programmable switches. At the heart of Poise is a novel security primitive, which can be programmed to support a wide range of contextaware policies in hardware. Users of Poise specify concise policies, and Poise compiles them into different configurations of the primitive in P4. Compared to traditional SDN defenses, Poise is resilient to control plane saturation attacks, and it dramatically increases defense agility.
  • Thumbnail Image
    Item
    Programming the Network Management Stack for Cloud Datacenters
    (2022-06-07) Hsu, Kuo-Feng; Chen, Ang
    Datacenter networks are the foundation of cloud services. The increasing demand of these services leads to challenging requirements to the network management, especially in security, performance, and reliability. However, managing the network to satisfy these requirements is difficult, as datacenter networks used to contain many opaque, vendor-specific components (e.g., proprietary switch hardware and software). The management stack only has limited control over these components, making optimizations hard to achieve. In recent years, datacenter networks have become more open and programmable. This trend gives rise to the possibility of programmatic control from the management stack, with a more precise and customizable control loop. In this thesis, we leverage this trend to systematically improve the network management stack, rethinking how security, performance, and reliability goals can be better addressed programmatically. First, to address the unique security issues due to the emerging Remote Direct Memory Access (RDMA) hardware, we developed Bedrock. By co-designing RDMA hardware with programmable switches, Bedrock significantly enhances RDMA security without sacrificing its native performance. Second, to achieve high performance, granular load balancing in datacenter networks is required for to operate at high utilization. We built Contra to implement performance-aware routing protocols in a distributed manner. By analyzing the network topology and the user-provided policies, Contra can automate the generation of routing protocols for programmable switches to enforce the policies at hardware speeds. Finally, high reliability is crucial to large networks, and it is again up to the management stack to achieve this goal. We proposed Occam, a system that exposes a shim layer of APIs for network management tasks. With the restricted but expressive APIs, our algorithms on scheduling and rollback plan generation can provide better transaction semantics for network management tasks and prevent conflicts between them. In all three cases, we show how the network management stack can be drastically improved with programmability.
  • Thumbnail Image
    Item
    Theseus: Rethinking Operating Systems Structure and State Management
    (2020-08-14) Boos, Kevin Alexander; Zhong, Lin; Chen, Ang
    State management has become an intractable problem in modern operating systems due to their sheer size and complexity. Despite efforts to cleanly modularize OSes, the propagation and mismanagement of states remains a significant obstacle to many computing goals, e.g., system evolution and fault tolerance. We identify the root cause of such obstacles to be state spill, the phenomenon in which a software entity’s state undergoes a lasting change as a result of handling an interaction with another entity. We systematically study the existence and manifestation of state spill in existing OSes and find that it is deeply ingrained in both low-level OS kernels and framework-level components like Android system services. To this end, we introduce Theseus, an experimental OS written from scratch in Rust that rethinks overall OS structure and treats state management as a first-class design concern. Theseus makes two primary contributions. First, its OS structure consists of many tiny cell-like entities with clear, runtime-persistent bounds that are all loaded and linked dynamically, and interact without holding states for one another. Second, its intralingual design and implementation realizes OS functionality using existing language-level mechanisms, empowering the compiler to enforce invariants about OS semantics and enabling us to shift the responsibility of resource bookkeeping from the OS into the compiler, vastly reducing the set of states the OS must necessarily maintain. Together, Theseus’s structure, intralingual design, and state management principles facilitate desirable computing goals, allowing us to realize easy and arbitrary live evolution, system flexibility, and availability through fault recovery, even for core OS components.