Network Operations and Internet Security Lab

  • Increase font size
  • Default font size
  • Decrease font size
Network Operations and Internet Security Lab

OpenFlow Click Featured at Click Symposium

E-mail Print PDF

Yogesh Mundada gave a talk at the Click Symposium in Belgium last week on his new OpenFlow Click Element, which he developed with Rob Sherwood at Deutche Telekom Labs.

The OpenFlow Click element is a module for the Click modular router that can be controlled via a standard OpenFlow controller.  The element essentially turns a Click router into a software switch with flow table entries.  One of the most powerful aspects of this paradigm is that it allows hybrid packet and flow processing, as part of a paradigm we call Flowlets.

More details about OpenFlow Click element are available here:

Last Updated on Thursday, 10 December 2009 08:35

GENI Engineering Conference 6

E-mail Print PDF

Vytautas Valancius gave a great demo of the BGP Session Multiplexer ("BGP Mux") at the GENI Engineering Conference 6 in Salt Lake City, UT.  The BGP Mux is a system to provide interdomain routing connectivity to virtual networks and data center applications.

For more information about our GENI-funded project, please see our project web page at

Here's a video summarizing Valas's demo:

Last Updated on Tuesday, 24 November 2009 04:06

SIGCOMM Demos in Barcelona

E-mail Print PDF

The lab had a great showing at this year's SIGCOMM 2009 conference in Barcelona, with three demonstrations:

  • Transit Portal: Bringing Connectivity to the Cloud.  Student: Valas Valancius
  • Securing Enterprise Networks with Traffic Tainting. Students: Anirudh Ramachandran, Yogesh Mundada, Mukarram bin Tariq
  • Network and End-System Support for Transparent Use of Multiple Paths. Student: Murtaza Motiwala.

Below is a photo of Yogesh Mundada giving the demo of our Pedigree system, which performs network-level enforcement of information-flow policies in an enterprise network.


Last Updated on Tuesday, 24 November 2009 04:19

NSF Awards $450k for Data Leak Prevention

E-mail Print PDF

The National Science Foundation has awarded Professor Feamster $450k over three years to develop techniques to control and prevent data leaks and the spread of malware in enterprise networks.

In Deloitte's recent Global Security Survey, nearly half of the companies surveyed reported some internal security breach; of those, about a third of breaches resulted from viruses or malware, and another third resulted from insider fraud.  The Pedigree project aims to develop mechanisms to control and prevent these data breaches in enterprise networks.  This growing problem begs the need for better techniques for controlling information flow in the network itself.

We are addressing several research challenges. First, we are exploring the appropriate granularity for tainting that preserves semantics without imposing unacceptable memory and performance overhead. Second, we are designing the system to minimize performance overhead on applications. Third, we are exploring translation mechanisms between host-based taints and network-based taints, so that taints carried in network traffic convey meaningful semantics without imposing prohibitive network overhead. The research will result in an information tracking and control system that is deployed in experimental settings (e.g., the Georgia Tech campus network) using the existing and forthcoming programmable switch implementations.

Our writeup of the system remonstration from SIGCOMM 2009 provides more details.  Details on the aware are available at the NSF Web site.



SNARE on Slashdot, Tech Review

E-mail Print PDF

Our paper on network-level spam filtering, SNARE, appeared in Tech Review, Slashdot, and MetaFilter.  Spam-filtering techniques from SNARE and SpamTracker have been adopted by various spam filtering vendors and Web mail providers.  Below, Shuang Hao presents SNARE at USENIX Security Symposium in Montreal.

Last Updated on Tuesday, 24 November 2009 04:31

Page 2 of 3