Peter Reiher - US grants

This project will develop methods to give mobile computers timely access to changing data through improved data replication. When remote replicas of files stored on a mobile computer are updated, the system must balance data staleness against using scarce and expensive network bandwidth to fetch the new version. This research will investigate methods to automatically predict when files replicated on a portable computer should be reconcilied with remote replicas, which files are of most importance to reconcile, and which remote replica is likely to have the freshest data. The project will build on the success of the Seer predictive file hoarding system. The predictive methods developed will rely on information already kept for other purposes, plus a modest amount of newly gathered information. Simulation, analytic modeling, and measurement will be used to determine suitable methods. The project will produce a working prototype system. This research will improve the quality of data for portable computer users. It will be applicable to other types of data, such as database fragments or cached Web pages.

This proposal is aimed at developing a general framework for source address validation across the Internet and investigating issues in realizing the source validation deployment. Result of this work will help in stopping malicious attacks such as denial of service' attack. The work includes enhancements to the current network routing protocols to provide necessary information for source validation, creating a prototype implementation of the source validation checking and deploy it on the CAIRN testbed. Through real implementation the performance of the new protocols will be investigated including how effectively source address validation supports diagnosis of flaws and attacks when it is only partially deployed.

The use of persistent RAM in consumer products has increased its capacity and decreased its price. These trends suggest that typical computers could contain large quantities of this kind of memory in the near future. This project will investigate how to change operating system design for workstation and server machines to make best use of the availability of large quantities of persistent RAM. In particular, the project will investigate the use of persistent RAM for a machine's primary stable storage, replacing hard disks. The project will perform a test design and implementation to demonstrate the feasibility of the concept and to suggest possible advantages of the approach. This implementation will be performed on a Linux system augmented with 2 Gbytes or more of RAM that will serve as its primary storage device, with a hard disk used only for large files, such as video and audio data. The project will demonstrate advantages in speed and simplicity of the system. It will also point out interesting possibilities for improvements in operating system services made possible by the use of persistent RAM.

The utility of databases could be much greater if they were generally accessible across a network. But such network-available databases face serious security challenges. Users can use inference techniques on information from multiple databases to obtain data that none of these databases would directly divulge.

We propose to build a system to protect network-accessible databases form this threat by establishing an inference protection system at the directory (e.g., the standard resource description framework, RDF) site. The system will require that all requests, sent to sites that store the databases, be submitted through the RDF directory site. As a result, this site will be able to observe the information content of all requests. By keeping proper records on the requests submitted by each user, and by using knowledge about database schema, contents and patterns leading to security violations, this site will be able to detect when an individual user is attempting to use data mining techniques to infer information that he could not obtain directly.
A test bed of the proposed security violation protection system will be constructed. A series of experiments with data traces from real applications will be used to evaluate the effectiveness of the proposed system.

National Science Foundation
Distributed Systems Research
CISE/CNS


ABSTRACT

PROPOSAL NUMBER: 0410908/0410896
PRINCIPAL INVESTIGATOR: Reiher Peter/Wang An-I
INSTITUTION: University of California, Los Angeles and Florida State University
PROPOSAL TITLE: Collaborative Research: Conquest-2: Improving Energy Effi-ciency and Performance Through a Disk/RAM Hybrid File System

This project improves energy efficiency and performance for many kinds of com-puters. Portables must be shut down when their battery is exhausted. While large servers do not rely on batteries, their energy consumption is a significant fraction of overall cost. Disk drives incur large energy costs for both types of machines, consuming up to 77% of all energy used by some servers.

The Conquest-2 file system reduces energy consumption by replacing disks with inexpensive RAM for persistent storage of many files. The earlier Conquest filesystem demonstrated impressive speed improvements through this tech-nique. Conquest-2 builds on Conquest to reduce disk power consumption as well. Conquest-2 is being built as a working prototype to demonstrate that it can reduce the energy demands of both individual laptop machines and huge data centers, while achieving speeds better than traditional systems. Files that were previously kept on disk are stored in persistent RAM, saving energy by keeping the disk spinning much less. Since RAM itself consumes power, a re-search challenge for Conquest-2 is to use the persistent RAM in a power-efficient way without compromising the system's speed. Under popular Web server loads, Conquest-2 is expected to save up to 77% of power on servers and achieve up to a 96% increase in file system speed, to be demonstrated by measuring the prototype with realistic workloads. The source code of Con-quest-2 will be available under an open-source license. Conquest-2 will sup-port many different machine types and applications, including databases, web and other on-line servers, and laptops.

Dr. Brett D. Fleisch
Program Director, CISE/CNS
May 26, 2004.
.

Collaborative Research: DefCOM - Distributed Defense against DDoS

Jelena Mirkovic, University of Delaware
Peter Reiher, UCLA

Award 0430228

Abstract

This project investigates a distributed cooperative solution to the problem of distributed denial-of-service attacks. The proposed defense system, DefCOM, combines the advantages of victim-end defenses (accurate attack detection) and source-end defenses (efficient response and precise separation of the legitimate traffic from the attack traffic). It also enlists the help of backbone routers to control attack traffic in partial deployment scenarios where many potential sources do not deploy a source-end defense.

DefCOM nodes will be deployed in source, victim and core networks, and will cooperate via an overlay to detect and stop attacks. Overlay communication will ensure effective operation even if DefCOM nodes are sparsely and non-contiguously deployed. DefCOM's response to attacks is twofold: defense nodes reduce the attack traffic, freeing the victim's resources; and they also cooperate to detect legitimate traffic within the suspicious stream and ensure its correct delivery to the victim. Because networks deploying defense nodes directly benefit from their operation, DefCOM has a workable economic model to spur its deployment. DefCOM further offers a framework for existing security systems to join the overlay and cooperate in the defense. These features create excellent motivation for wide deployment, and the possibility of a large impact on the DDoS threat.

Proposal number: CNS-0427748

Title: ITR: Panoply: Enabling Safe Ubiquitous Computing Environments

PI: Leonard Kleinrock

ABSTRACT

Ubiquitous computing offers both powerful possibilities and great risks and challenges. Mobile devices entering ubiquitous environments may bring dangers in or face threats already there, so careful control of the interaction between such devices and a ubiquitous environment is required. The Panoply project will provide safe ubiquitous computing environments by using the innovative spheres-of-influence model to dynamically organize related devices into geographical and semantic groups. Spheres of influence offer both a conceptual model for reasoning about group interactions and an organizing principle for an actual implementation. Devices in a sphere share a common security policy and mechanisms that can prevent importation of malicious code or improper use of local resources. Contaminated devices entering a sphere can be rejected, decontaminated or allowed to operate in limited, safe ways. On the reverse side, devices entering a sphere can control what they expose and offer to other devices there, rather than allowing complete access, thereby providing greater privacy and safety for mobile device users. Panoply will use policy negotiation and automated planning capabilities to provide safety in a sphere of influence. The project will build an implementation of the spheres-of-influence model and will demonstrate its safety and effectiveness.

0716452
Jelena Mirkovic
University of Delaware

0716829
Peter Reiher
UCLA

CT-ISG: Collaborative Research: Enabling Routers to Detect and Filter Spoofed Traffic


IP spoofing exacerbates many security threats.If spoofing were eliminated or sufficiently reduced, defenses against DDoS, distributed scanning and intrusions would be much simplified and more effective. Of particular interest are spoofing defenses that will be both practical (cheap to deploy and operate) and effective (provide significant benefit in sparse deployment. This project develops two such defense mechanisms: (1) Clouseau, which enables routers on asymmetric paths to accurately infer associations between the route descriptor and the source address. It will support multiple associations (in case of multipath routing) and will promptly update associations when routes change. Clouseau will be integrated with two very effective spoofing defenses: route-based filtering and hop-count filtering, and will protect deploying networks from spoofed traffic. (2) RAD, which helps networks protect themselves from reflector attacks.

Clouseau and RAD will operate completely autonomously.
Deployment of Clouseau at as few as 50 chosen Internet autonomous systems, together with RBF or HCF, will reduce amount of spoofed traffic on the Internet to less than 3%. In isolated deployment, Clouseau with RBF or HCF will reduce spoofed traffic received by the deploying network to less than 3%. RAD system will offer a significant protection from reflector attacks in isolated deployment and an almost perfect protection when RAD is deployed in the Internet core.

This research is leading to a significant reduction of spoofed traffic in the Internet. All code will be released to the public, and graduate and undergraduate students will receive valuable training from participation in this project.

This project investigates using controlled degradation of local area network performance to control the types of applications that can run effectively on the network. Network administrators can use the techniques developed by the project to prevent undesirable applications (peer file sharing, network games, etc.) from being run on the network merely by adjusting network performance. For example, some network games can be made intolerable by varying jitter or live audio can be disrupted by high loss rates, without impacting applications like web browsing, remote file access, or email. This technique works even if you cannot log into computers connected to the network and it is much harder for users to evade. The project will build practical tools that allow network administrators to control their networks in this manner and provide insight into how to use those tools for common cases. A major challenge for this approach is to find fundamental required network conditions that control important applications such that no attempt by programmers or users to work with the applications in the face of those degraded conditions is likely to be fruitful. The project will also investigate analytic issues of network performance, in particular the use of derivatives and integrals of common network performance metrics like bandwidth and delay.

Broader Impact: This analysis will both assist in building control mechanisms for the project and generally increase the research community's understanding of network behaviors. The software and analytic tools developed by this project will be released to the research community.

The Data Tethers project is building an operating system that prevents loss of sensitive data when portable computers or storage devices are lost or stolen. Loss of such information is commonplace and often very
damaging. Data Tethers addresses this problem by ensuring that when a
portable device leaves a secure environment, sensitive data is not allowed to go with it. Many organizations have policies saying that such data should not leave their premises, but they have no enforcement mechanism. Data Tethers provides that mechanism. Data Tethers must track data as it is copied from file to file, since the goal is to prevent data loss, not just to protect particular files. The system must deal with issues of data lingering on in deleted files, temporary storage locations, and other obscure places in a modern computer, since
thieves will look for sensitive data in those places, as well. Data
Tethers is being added to Sun Microsystem's Open Solaris, an existing operating system in common use, and will make use of Sun's standard mechanism for adding functionality to Open Solaris. The expected results of the Data Tethers project will be a working open source operating system that will allow the owners and curators of sensitive data to avoid loss of that data through loss of their devices. This system will be freely available to all through a well-known web distribution mechanism, and will also serve as a template for how other operating system providers can add similar services to their systems.

Computer Science (31)

The objective of this collaborative project is to develop a public repository of practical security exercises for undergraduate curriculum. These exercises involve students in hands-on security experiments, demonstrating realistic threats and defenses. They provide active learning opportunities in computer security curriculum which has been typically taught using passive learning methods. The exercises are hosted on the shared, public and free DETER testbed at the lead institution, University of Southern California; the remaining four collaborating institutions, including Colorado State University, University of California Los Angeles, Lehigh University, and the University of North Carolina at Charlotte offer a unique and diverse experience in security education and research.

The setup of each exercise is fully automated with tools for customization of exercises; accompanied by detailed guidelines about common pitfalls; and supported by experiment health management to send students automated alerts when their experiment is not configured properly. The DETER testbed contains several traffic generation, visualization and experiment monitoring tools which allow students to work at a high-level via a simple GUI interaction as well as at low-level, command-line activities.

The project delivers portable, shared and publicly accessible exercises available from anywhere, at any time, making it more accessible than having to share a computer lab or requiring a complex physical setup. This project has a potential to reach a large number institutions via outreach activities such as tutorials at security conferences; workshops, and the DETER newsletter.

Intellectual Merit:
The focus of the proposal is on finding semantically equivalent files in an efficient and scalable manner. If two files are identical, they are candidates for optimizations to reduce storage costs, increase performance, and generally improve the system. Traditionally, two files are only considered equivalent if they are byte-by-byte identical - i.e., byte equivalence. However, this team's preliminary research shows that there are many other files that are essentially equivalent, even though the bytes they contain are not the same. This proposal will investigate how to find such cases and perform optimizations that make use of semantic equivalence, rather than byte equivalence.

This project will design and implement a framework, Facets, which explores new capabilities by applying optimizations to files that are essentially transformed versions of each other. Many optimizations and improvements can be applied to semantically equivalent files, including:

-Ensuring that the security of semantically equivalent files is preserved
-Easing backup and maintenance of semantically equivalent files in various formats, fidelities, and versions
-Using semantically equivalent files to improve performance, reliability, and availability
-Regenerating semantically equivalent files to speed up recovery and network transfer
-Selecting which semantically equivalent files to access according to performance or energy constraints

This team's preliminary research shows that 5% of files on a typical user's machine are original content. The rest are copies of files from elsewhere or various derivatives of original content. While leveraging this observation to achieve advantages is not trivial, many significant improvements are possible if one can find these relationships and make proper use of them. These improvements include enhanced security, more efficient backup and restoration, better file caching, more intelligent tradeoffs in performance versus power use, and a host of other possibilities.

Broader Impacts:
The code and techniques developed will be released in open source form. The team will take steps (such as applying for supplemental REU grants) to involve undergraduates in the research. They will give talks and recruit at Hispanic-serving institutions. Materials and concepts from the research will be incorporated into classes taught by the principal investigators at their institutions.

The electrical power used by all classes of computers is becoming of increasing importance. A major component of the cost of running large server operations is power, and, on the other end, the utility of laptops, palmtops, pads, and other portable devices is highly constrained by their batteries? capacity to power operations.
One important element of the power used by computers is that burned by the operating system, the software that controls the computer?s operation. Little is known about the impact different operating system options have on a machine?s power budget, due to difficulties with existing technology in precisely measuring power use and correctly ascribing power expended to its true source. Thus, determining if scheduling algorithm alternatives, different forms of memory management, or different security options offered by the operating system have good, bad, or neutral power impacts has been difficult. The Kalipers project will address this issue by using new technology to obtain detailed and reliable information about how important operating system components affect machine power use.
Kalipers will achieve this goal through a program of experimentation using a unique hardware/software platform called LEAP. The LEAP platform, which we have already built and tested, allows fine-grained assignments of power use to particular piece of code. It also measures the differing power consumption by important system components, such as the CPU, the memory, and the hard drive. We will use the LEAP?s capabilities to determine how operating system actions and decisions affect the power use of platforms that have strong needs to minimize their power budget.
Our experiments will be concentrated in three areas: file systems, memory management, and security services. These are areas we have experience in and where we have reason to believe power savings can be found. We will investigate alternative technologies (such as the power costs of different file systems, or software vs. hardware full disk encryption). The LEAP technology will allow us to dive more deeply into the power costs of different system components, allowing us to shed light on issues like the degree to which higher power costs for ext3 are due to its implementation details and the degree to which they are inherent in the journaling nature of that file system. We will also reimplement key components of the operating system to demonstrate how the knowledge we have gained can be used to improve a system?s power consumption.

A mobile health monitoring system generates and monitors data related to a patient?s health using a wireless or wired channel. It may also control dosages of medicine or alter the behavior of medical devices to preserve a patient?s health. Such continuous monitoring and control gives mobile health monitoring systems the promise of improving health for lower costs than traditional methods. The security of mobile health monitoring systems is critical because of the importance of their tasks and the vulnerability of the devices and their operating environments. Such devices are sometimes used in hospitals or other health care facilities, but more often in patients? homes, offices, and other ordinary environments whose physical and cyber security cannot be controlled. The security of widely used mobile health monitoring devices is badly flawed. This danger will be addressed by adding security mechanisms to the overall system and environment in which mobile medical health devices operate. While less effective and efficient than designing such devices properly in the first place, there are reasonable low-cost solutions that can substantially improve the safety and security of such devices.