Networking and Security Projects

Co-Design of Network, Storage and Computation Fabrics for Disaggregated Datacenters

Traditional datacenters are built using servers, each of which tightly integrates a small amount of CPU, memory and storage onto a single motherboard. The slowdown of Moore's Law has led to surfacing of several fundamental limitations of such server-centric architectures (e.g, the memory-capacity wall making CPU-memory co-location unsustainable). As a result, a new computing paradigm is emerging --- a disaggregated datacenter architecture, where each resource type is built as a standalone "blade" and a network fabric interconnects the resource blades within and across datacenter racks.

Universal Packet Scheduling

This project addresses a seemingly simple question: Is there a universal packet scheduling algorithm? More precisely, researchers are analyzing whether there is a single packet scheduling algorithm that, at a network-wide level, can perfectly match the results of any given scheduling algorithm. The question of universal packet scheduling is being investigated from both a theoretical and empirical perspective.

When do Computers Discriminate? Toward Informing Users About Algorithmic Discrimination

In this collaborative project with University of Maryland, ICSI researchers are tackling the challenge of explaining what constitutes unacceptable algorithmic discrimination. Getting the answer to this question right is key to unlocking the potential of automated decision systems without eroding the ability of people to get a fair deal and advance in society.

De-Mystifying and Hardening the Domain Name System

When the DNS fails, nothing works. One does not need to look beyond many real-world advertising campaigns to appreciate that naming is one of the foundational elements upon which most higher layer Internet services are built. We use names as rendezvous points between users and services (e.g., www.twitter.com). Yet, we do not use names directly in traffic routing. Rather, we turn names into IP addresses via the Domain Name System (DNS). A DNS lookup is therefore a prerequisite for most Internet transactions.

Accountable Information Use: Privacy and Fairness in Decision-Making Systems

Increasingly, decisions and actions affecting people's lives are determined by automated systems processing personal data. Excitement over the positive contributions of these systems has been accompanied by serious concerns about their opacity and the threats that they pose to privacy, fairness, and other values. Recognizing these concerns, this project seeks to enable real-world automated decision-making systems to be accountable for privacy and fairness.

Counter Power Lab

In this collaborative project with UC Berkeley, ICSI PIs are working with the lead developer of the "Snowflake" censorship circumvention system to refine the code for production deployment in both the Tor Browser Bundle and as a stand-alone application. The work includes developing instrumentation to measure the usage of Snowflake as its deployment rolls out and analyzing the results to assess Snowflake's impact on enabling circumvention.

Exploring Internet Balkanization through the Lens of Regional Discrimination

One of the Internet’s greatest strengths is the degree to which it facilitates access to any of its resources from users anywhere in the world. Various forces, however, have arisen that restrict particular users from accessing particular destinations, resulting in a "balkanization" of the network. This project explores apt methodologies for understanding such balkanization, an effort we will undertake in the context of examining "regional discrimination," i.e., the degree to which certain web services deny or degrade access to users from particular geographic regions.

Effective and Economical Protection for High-Performance Research and Education Networks

As scientific research requires free exchange of information and ideas among collaborators world-wide, scientists depend critically on full and open access to the Internet. Yet in today’s world, such open access also exposes sites to incessant network attacks. Some of the most powerful networks today remain particularly hard to defend: for the 100G environments and backbones that facilitate modern data-intensive sciences, classic inline firewalls remain infeasible options.

Lumen Privacy Monitor

Your mobile phone hosts a rich array of information about you and your behavior. This includes a wide range of unique identifiers and sensitive personal information that enables online tracking, often times for delivering targeted advertisement. It is, however, striking how little insight and control we, as mobile users have into the operation and performance of our devices, into how (or whether) they protect information we entrust to them, and who they share it with.

Shining Light on Non-Public Data Flows

This project looks into the usage and collection of data by programs that operate behind the scenes. The collected data and its use by a network of sellers, brokers, and marketers represents a direct privacy threat as it can be used for marketing, profiling, crime, or government surveillance, and yet consumers have little knowledge about it and no legal means to access the data. ICSI researchers are conducting surveys and experiments to determine the current status of this data and observe its effects.

Understanding the State of TLS Using Large-scale Passive Measurements

This project leverages and extends the data collection of the ICSI SSL Notary for an extensive study of the real-world TLS/X.509 ecosystem through measurement-centric research. The SSL/TLS protocol suite constitutes the key building block of today’s Internet security, providing encryption and authentication for end-to-end communication with the help of an associated global X.509 public key infrastructure. However, from its first version in 1994 until today, researchers and practioners keep discovering TLS deficiencies undermining the protocol’s security on a regular basis.

Towards a Science of Censorship Resistance

This project focuses on establishing a science of censorship resistance. Recent years have seen significant efforts on the part of both practitioners and researchers in countering large-scale Internet censorship imposed by nation-states. Driven by an active arms race, much of the research work in the field has been reactive in nature, lacking solid and methodical foundations.

Security and Privacy for Wearable and Continuous Sensing Platforms

In this collaborative project, researchers at ICSI, UC Berkeley, and University of Washington are systematically exploring the security and privacy issues brought up by the increasing popularity of wearable computers. The recent demand for devices like Google Glass, smart watches, and wearable fitness monitors suggests that wearable computers may become as ubiquitous as cellphones.

Internet-Wide Vulnerability Measurement, Assessment, and Notification

Vulnerable software costs the U.S. economy more than $180 billion a year, and large-scale, remotely exploitable vulnerabilities affecting millions of Internet hosts have become a regular occurrence. This project seeks to reduce the impact of software vulnerabilities in Internet-connected systems by developing measurement-driven techniques for global vulnerability detection, assessment, and mitigation.

Science of Security

In this collaborative project, researchers at ICSI are utilizing Carnegie Mellon University's Security Behavior Observatory (SBO) infrastructure to conduct quantitative experiments about how end-users make security decisions. The results of these experiments are used to design new security mitigations and interventions, which are then iteratively evaluated in the laboratory and the field. This collaboration is designed to provide keen insights into how users make security decisions in situ.

A Software-Defined Internet Exchange

In this collaborative project with researchers from Georgia Tech and Princeton, ICSI researchers are finding incrementally deployable ways to leverage the power of Software-Defined Networking (SDN) to improve interdomain routing. SDN has had a profound influence on how people think about managing networks. To date, however, it has had little impact on how separately administered networks are interconnected through BGP. Since many of the current failings of the Internet are due to BGP's poor performance and limited functionality, it is imperative that these methods are developted.

Teaching Resources for Online Privacy Education (TROPE)

Researchers are developing classroom-ready teaching modules to educate young people about why and how to protect their privacy online, as well as a Teachers' Guide with background information, suggested lesson plans, and guidance on how to employ the modules in the classroom.

Developing Security Science from Measurement

This project aims to define foundational data-driven methodologies and the related science to create a basis for continuous and dynamic monitoring that enables adaptive approaches to mitigate and contain the spread of attacks. The basis of the approach is data on security incidents from a real large-scale production environment at the National Center for Supercomputing Applications (NCSA) at the University of Illinois at Urbana-Champaign (UIUC).

Bro Center of Expertise for the NSF Community

Researchers at ICSI and NCSA are operating a center to provide support and guideance to the NSF community on customized Bro installations that meet the specific needs of research environments. They are simultaneously making improvements to Bro that benefit the community, and leveraging Bro as a deployment platform for networking research results.

CESR: The Center for Evidence-based Security Research

The Center for Evidenced-based Security Research (CESR) is a joint project among researchers at UC San Diego, the International Computer Science Institute, and George Mason University. This interdisciplinary effort takes the view that, while security is a phenomenon mediated by the technical workings of computers and networks, it is ultimately a conflict driven by economic and social issues that merit a commensurate level of scrutiny.

Pages