A5008945902- Software-Defined Networks and 5G
- Distributed systems and fault tolerance
- Internet Traffic Analysis and Secure E-voting
- Network Security and Intrusion Detection
- Advanced Data Storage Technologies
- Cloud Computing and Resource Management
- Caching and Content Delivery
- Age of Information Optimization
- Peer-to-Peer Network Technologies
- Security and Verification in Computing
- Cloud Data Security Solutions
- Software System Performance and Reliability
- Advanced Authentication Protocols Security
- IoT and Edge/Fog Computing
- Mobile Ad Hoc Networks
- Network Traffic and Congestion Control
- Spacecraft Design and Technology
- Covalent Organic Framework Applications
- User Authentication and Security Systems
- Advanced Optical Network Technologies
- Distributed and Parallel Computing Systems
- Service-Oriented Architecture and Web Services
École Polytechnique Fédérale de Lausanne
2021-2023
ETH Zurich
2014-2016
Vrije Universiteit Amsterdam
2011-2012
Universitatea Națională de Știință și Tehnologie Politehnica București
2011-2012
In-network source authentication and path validation are fundamental primitives to construct higher-level security mechanisms such as DDoS mitigation, compliance, packet attribution, or protection against flow redirection. Unfortunately, currently proposed solutions either fall short of addressing important concerns require a substantial amount router overhead. In this paper, we propose lightweight, scalable, secure protocols for shared key setup, authentication, validation. Our prototype...
Providing an adequate security level in Cloud Environments is currently extremely active research area. More specifically, malicious behaviors targeting large-scale data repositories (e.g. Denial of Service attacks) may drastically degrade the overall performance such systems and cannot be detected by typical authentication mechanisms. In this paper we propose a generic management framework allowing providers to define enforce complex policies. This designed detect stop large array attacks...
This paper proposes a Scalable Internet Bandwidth Reservation Architecture (SIBRA) as new approach against DDoS attacks, which, until now, continue to be menace on today's Internet.SIBRA provides scalable inter-domain resource allocations and botnet-size independence, an important property realize why previous defense approaches are insufficient.Botnetsize independence enables two end hosts set up communication regardless of the size distributed botnets in any Autonomous System thus ends...
A key-value store (KVS) offers functions for storing and retrieving values associated with unique keys. KVSs have become the most popular way to access Internet-scale "cloud" storage systems. We present an efficient wait-free algorithm that emulates multi-reader multi-writer from a set of potentially faulty KVS replicas in asynchronous environment. Our implementation serves unbounded number clients use concurrently. It tolerates crashes minority any clients. minimizes space overhead at comes...
In-network source authentication and path validation are fundamental primitives to construct higher-level security mechanisms such as DDoS mitigation, compliance, packet attribution, or protection against flow redirection. Unfortunately, currently proposed solutions either fall short of addressing important concerns require a substantial amount router overhead. In this paper, we propose lightweight, scalable, secure protocols for shared key setup, authentication, validation. Our prototype...
A secure routing infrastructure is vital for and reliable Internet services. Source authentication path validation are two fundamental primitives building a more Internet. Although several protocols have been proposed to implement these primitives, they not formally analyzed their security guarantees. In this paper, we apply proof techniques verifying cryptographic (e.g., key exchange protocols) analyzing network protocols. We encode LS2, program logic reasoning about programs that execute...
Data-plane fault localization enhances network availability and reliability by enabling circumvention of malicious entities on a path. Algorithms for data-plane exist intra-domain settings, however, the per-flow or per-source state required at intermediate routers makes them prohibitively expensive in inter-domain settings. We present Faultprints, first secure protocol that is practical Faultprints enables source to precisely localize links drop, delay, modify packets. implemented an...
Leader-based consensus algorithms are fast and efficient under normal conditions, but lack robustness to adverse conditions due their reliance on timeouts for liveness. We present QuePaxa, the first protocol offering state-of-the-art normal-case efficiency without depending timeouts. QuePaxa uses a novel randomized asynchronous core tolerate such as denial-of-service (DoS) attacks, while one-round-trip path preserves of Multi-Paxos or Raft. By allowing simultaneous proposers destructive...
A key-value store (KVS) offers functions for storing and retrieving values associated with unique keys. KVSs have become widely used as shared storage solutions Internet-scale distributed applications.
In source-based path selection, the sender chooses to destination from a set of available paths and embeds forwarding information in packets. Future Internet proposals have employed this scheme realize benefits source routing without inherent scalability problems computation at source. Furthermore, address security concerns packet-carried state, these leverage cryptographic primitives (e.g., Message Authentication Codes) per packet data plane. However, implications on performance novel...
Providing an adequate security level in Cloud Environments is currently extremely active research area. More specifically, malicious behaviors targeting large-scale data repositories (e.g., Denial of Service attacks) may drastically degrade the overall performance such systems and cannot be detected by typical authentication mechanisms. This article proposes a generic management framework allowing providers to define enforce complex policies. designed detect stop large array attacks defined...
Failures far away from a user should intuitively be less likely to affect that user. Today's ecosystem miserably fails this test, however, despite high-availability best practices. Correlated and cascading failures - triggered by misconfigurations, bugs, network partitions often invalidate assumptions of failure independence. We propose distributed services need not expose local activities distant or partitions, no matter how severe. Limix is an exposure-limiting architecture, guaranteeing...
Future Internet proposals have employed edge-directed routing to realize the benefits of path choice by sources (e.g., end users). However, economic issues hamper adoption ISPs: 1) ISPs' costs increase when choose paths that are not economically optimal for ISPs, and 2) ISPs overprovision their links aggressively since traffic engineering is shifted users congestion more likely occur. We implement a path-based dynamic pricing scheme addresses these challenges. can dynamically adjust prices...
Globalized computing infrastructures offer the convenience and elasticity of globally managed objects services, but lack resilience to distant failures that localized such as private clouds provide. Providing both global management failures, however, poses a fundamental problem for configuration services: How discover possibly migratory, strongly-consistent service/object in globalized infrastructure without dependencies on state? Limix is first metadata service addresses this problem. With...
Leader-based consensus algorithms are vulnerable to liveness and performance downgrade attacks. We explore the possibility of replacing leader election in Multi-Paxos with random exponential backoff (REB), a simpler approach that requires minimum modifications two phase Synod Paxos achieves better resiliency under propose Baxos, new resilient protocol leverages scheme as replacement for algorithms. Our addresses common challenges such scalability robustness changing wide area latency....