A5103040133- Cloud Computing and Resource Management
- Network Security and Intrusion Detection
- Internet Traffic Analysis and Secure E-voting
- Software-Defined Networks and 5G
- Software System Performance and Reliability
- Advanced Data Storage Technologies
- Caching and Content Delivery
- Advanced Malware Detection Techniques
- Interconnection Networks and Systems
- Embedded Systems Design Techniques
- Distributed systems and fault tolerance
- Parallel Computing and Optimization Techniques
- Spam and Phishing Detection
- Peer-to-Peer Network Technologies
- Wireless Networks and Protocols
- Software Testing and Debugging Techniques
- Distributed and Parallel Computing Systems
- Graph Theory and Algorithms
- Access Control and Trust
- Security and Verification in Computing
- Network Packet Processing and Optimization
- IoT and Edge/Fog Computing
- Software Engineering Research
- Security in Wireless Sensor Networks
- RFID technology advancements
Alibaba Group (United States)
2017-2025
Alibaba Group (China)
2023-2024
Yale University
2018-2020
Global Development Network
2020
Bellevue Hospital Center
2020
Chinese Academy of Sciences
2011-2012
Institute of Software
2010
Peking University
2009-2010
In-network Access Control List (ACL) is an important technique in ensuring network-wide connectivity and security. As cloud-scale WANs today constantly evolve size complexity, in-network ACL rules are becoming increasingly more complex. This presents a great challenge to the updating process of configurations: network operators frequently required update "tangled" across thousands devices meet diverse business requirements, even single misconfiguration may lead disruptions. Such increasing...
With the wide adoption, Linux-based IoT devices have emerged as one primary target of today's cyber attacks. Traditional malware-based attacks can quickly spread across these devices, but they are well-understood threats with effective defense techniques such malware fingerprinting and community-based fingerprint sharing. Recently, fileless attacks---attacks that do not rely on files---have been increasing posing significant to security privacy systems. Little has known in terms their...
Programmable data plane has been moving towards deployments in centers as mainstream vendors of switching ASICs enable programmability their newly launched products, such Broadcom's Trident-4, Intel/Barefoot's Tofino, and Cisco's Silicon One. However, current programs are written low-level, chip-specific languages (e.g., P4 NPL) thus tightly coupled to the architecture. As a result, it is arduous error-prone develop, maintain, composite production networks. This paper presents Lyra, first...
Among the thriving ecosystem of cloud computing and proliferation Large Language Model (LLM)-based code generation tools, there is a lack benchmarking for in cloud-native applications. In response to this need, we present CloudEval-YAML, practical benchmark configuration generation. CloudEval-YAML tackles diversity challenge by focusing on YAML, de facto standard numerous tools. We develop with practicality mind: dataset consists hand-written problems unit tests targeting scenarios. further...
As a key UI feature of Android, overlay enables one app to draw over other apps by creating an extra View layer on top the host View. While greatly facilitating user interactions with multiple at same time, it is often exploited malicious (malware) attack users. To combat this threat, prior countermeasures concentrate restricting capabilities overlays OS level, while barely seeing adoption Android due concern sacrificing overlays' usability. address dilemma, more pragmatic approach enable...
This paper presents CellFusion, a system designed for high-quality, real-time video streaming from vehicles to the cloud. It leverages an innovative blend of multipath QUIC transport and network coding. Surpassing limitations individual cellular carriers, CellFusion uses unique last-mile overlay that integrates multiple networks into single, unified cloud connection. integration is made possible through use in-vehicle Customer Premises Equipment (CPEs) edge-cloud proxy servers.
This paper presents Aquila, the first practically usable verification system for Alibaba's production-scale programmable data planes. Aquila addresses four challenges in building a verification: (1) specification complexity; (2) scalability; (3) bug localization; and (4) verifier self validation. Specifically, first, proposes high-level language that facilitates easy expression of specifications, reducing lines codes by tenfold compared to state-of-the-art. Second, constructs sequential...
In multi-tenant data centers, each tenant desires reassuring predictability from the virtual network fabric - bandwidth guarantee, work conservation, and bounded tail latency. Achieving these goals simultaneously relies on rapid precise traffic admission. However, slow convergence (tens of milliseconds) prior works can hardly satisfy increasingly rigorous performance demand under dynamic patterns. Further, state-of-the-art load balance schemes are all guarantee-agnostic bring great risks...
Ensuring the correctness of programmable data planes is important. Testing offers comprehensive checking, including detecting both code bugs and non-code bugs. However, scalability a key challenge for testing production-scale to achieve high coverage. This paper presents Meissa, scalable network system with full path The core Meissa domain-specific summary technique that simplifies control flow graph plane program without sacrificing Code decomposes into individual pipelines, summarizes each...
Automated Fare Collection (AFC) systems have been globally deployed for decades, particularly in the public transportation network where transit fee is calculated based on length of trip (a.k.a., distance-based pricing AFC systems). Although most messages are insecurely transferred plaintext, system operators did not pay much attention to this vulnerability, since basically isolated from (e.g., Internet)-there no way exploiting such a vulnerability outside network. Nevertheless, recent...
Deceptive behaviors of peers in peer-to-peer (P2P) content sharing systems have become a serious problem due to the features P2P overlay networks such as anonymity, self-organization, etc. This paper presents Sorcery, novel active challenge-response mechanism based on notion that one side interaction with dominant information can detect whether other is telling lie. To make each client obtain information, our approach introduces social network system; thus, establish friend-relationships who...
As one type of the most popular cloud storage services, OpenStack Swift and its follow-up systems replicate each object across multiple nodes leverage <i>object sync protocols</i> to achieve high reliability <i>eventual consistency</i> . The performance protocols heavily relies on two key parameters: <inline-formula><tex-math notation="LaTeX">$r$</tex-math></inline-formula> (number replicas for object) notation="LaTeX">$n$</tex-math></inline-formula> objects hosted by node). In existing...
Cloud storage services such as Dropbox and OneDrive provide users with a convenient reliable way to store share data from anywhere, on any device, at time. Their cornerstone is the synchronization (sync) operation, which automatically maps changes in users’ local file systems cloud via series of network communications timely manner. Without careful design implementation, however, sync mechanisms could generate overwhelming traffic, causing tremendous financial overhead performance penalties...
Abstract Organizational networks are vulnerable to trafficanalysis attacks that enable adversaries infer sensitive information fromnetwork traffic—even if encryption is used. Typical anonymous communication tailored the Internet and poorly suited for organizational networks.We present PriFi, an protocol LANs, which protects users against eavesdroppers provides high-performance traffic-analysis resistance. PriFi builds onDining Cryptographers (DC-nets), but reduces high latency of prior...
Quality and cost are two key considerations for video conferencing services. Service providers face a dilemma when selecting network tiers to build their infrastructure---relying on Internet links has poor quality, while using premium brings excessive cost.
With the rapid adoption of concepts Service Oriented Architecture (SOA), sophisticated business processes and tasks are increasingly realized through composing distributed software components offered by different providers. Though such practices offer advantages in terms cost-effectiveness flexibility, those not immune to vulnerabilities. It is therefore important for administrator some composed service evaluate threats vulnerabilities accordingly within limited available information. Since...
Today's cloud storage infrastructures typically provide two distinct types of services for hosting files: object like Amazon S3 and filesystem EFS. In practice, a user often desires the advantages both-efficient operations with low unit price. An intuitive approach to achieving this goal is combine services, e.g., by large files in small together directory structures Unfortunately, our benchmark experiments indicate that clients' download performance becomes severe system bottleneck....
Tagging systems are particularly vulnerable to tag spam. Although some previous efforts aim address this problem with detection-based or demotion-based approaches, tricky attacks launched by attackers who can exploit vulnerabilities of spam-resistant mechanisms still able invalidate those efforts. Therefore, it is challenging resist spam in tagging systems. This paper proposes a novel spam-proof system, which provide high-quality search results even under attacks, based on four key insights:...
Object storage clouds (e.g., Amazon S3) have become extremely popular due to their highly usable interface and cost-effectiveness. They are, therefore, widely used by various applications Dropbox) host user data. However, because object are flat lack the concept of a directory, it becomes necessary maintain file meta-data directory structure in separate index cloud. This paper investigates possibility using single cloud efficiently whole filesystem for users, including both content...
Today's cloud storage infrastructures typically provide two distinct types of services for hosting files: object like Amazon S3 and filesystem EFS. The former supports simple, flat operations with a low unit price, while the latter complex, hierarchical high price. In practice, however, user often desires advantages both-efficient An intuitive approach to achieving this goal is combine services, e.g., by large files in small together directory structures Unfortunately, our benchmark...