Show simple item record

dc.contributor.author
Gran Alcoz, Alberto
dc.contributor.supervisor
Vanbever, Laurent
dc.contributor.supervisor
McKeown, Nick
dc.contributor.supervisor
Alizadeh, Mohammad
dc.date.accessioned
2024-11-27T14:05:13Z
dc.date.available
2024-11-19T09:39:04Z
dc.date.available
2024-11-27T14:05:13Z
dc.date.issued
2024
dc.identifier.uri
http://hdl.handle.net/20.500.11850/706071
dc.identifier.doi
10.3929/ethz-b-000706071
dc.description.abstract
It was during the early days of the ARPANET that researchers first realized the crucial role that congestion would play in the Internet’s performance. Since then, numerous scholars have dedicated themselves to developing a variety of algorithms to proactively manage it. Today, 50 years later, the Internet has undergone significant evolution. Yet, network congestion remains one of the biggest open challenges in current Internet design. In this dissertation, we propose techniques aimed at managing network congestion while enhancing the performance and security of the Internet. Our approach is grounded in data-plane programmability—a recent techno- logical paradigm in the networking field that has fundamentally reshaped how we design and reason about network architectures. Additionally, we ad- dress state-of-the-art congestion types, such as pulse-wave denial-of-service (DoS) attacks, which pose a growing threat to existing infrastructures. First, we introduce SP-PIFO and PACKS, two frameworks that enable programmable in-network congestion management on existing routers. Operators assign ranks to packets to indicate how they should be prioritized during congestion. SP-PIFO and PACKS then admit and schedule packets based on these ranks. To run on existing devices, they build on a set of priority queues and decide which packets to admit and how to map admitted packets to the different queues. SP-PIFO operates on a per-packet basis, while PACKS enhances SP-PIFO’s performance by incorporating rank-distribution information and queue-occupancy levels during enqueue. Next, we present QVISOR, a hypervisor that extends SP-PIFO and PACKS to support multi-tenancy, allowing different tenants to specify their own pri- orities while sharing a common set of hardware resources. Within QVISOR, tenants define their traffic prioritization preferences, while the operator de- termines how the resources should be allocated. QVISOR then synthesizes a joint scheduling strategy and implements it on the underlying hardware. Finally, we introduce ACC-Turbo, a pulse-wave denial-of-service defense that demonstrates the advantages of in-network congestion management in the context of security. ACC-Turbo detects attacks at line rate and in real time by applying online clustering techniques in the network and mitigates them on a per-packet basis using programmable packet scheduling.
en_US
dc.format
application/pdf
en_US
dc.language.iso
en
en_US
dc.publisher
ETH Zurich
en_US
dc.rights.uri
http://rightsstatements.org/page/InC-NC/1.0/
dc.subject
Networks
en_US
dc.subject
Computer networks
en_US
dc.subject
scheduling algorithms
en_US
dc.subject
NETWORK MONITORING (COMPUTER SYSTEMS)
en_US
dc.title
In-Network Congestion Management for Security and Performance
en_US
dc.type
Doctoral Thesis
dc.rights.license
In Copyright - Non-Commercial Use Permitted
dc.date.published
2024-11-27
ethz.size
168 p.
en_US
ethz.code.ddc
DDC - DDC::6 - Technology, medicine and applied sciences::620 - Engineering & allied operations
en_US
ethz.identifier.diss
30290
en_US
ethz.publication.place
Zurich
en_US
ethz.publication.status
published
en_US
ethz.leitzahl
ETH Zürich::00002 - ETH Zürich::00012 - Lehre und Forschung::00007 - Departemente::02140 - Dep. Inf.technologie und Elektrotechnik / Dep. of Inform.Technol. Electrical Eng.::02640 - Inst. f. Technische Informatik und Komm. / Computer Eng. and Networks Lab.::09477 - Vanbever, Laurent / Vanbever, Laurent
en_US
ethz.date.deposited
2024-11-19T09:39:04Z
ethz.source
FORM
ethz.eth
yes
en_US
ethz.availability
Open access
en_US
ethz.rosetta.installDate
2024-11-27T14:05:14Z
ethz.rosetta.lastUpdated
2024-11-27T14:05:14Z
ethz.rosetta.versionExported
true
ethz.COinS
ctx_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.atitle=In-Network%20Congestion%20Management%20for%20Security%20and%20Performance&rft.date=2024&rft.au=Gran%20Alcoz,%20Alberto&rft.genre=unknown&rft.btitle=In-Network%20Congestion%20Management%20for%20Security%20and%20Performance
 Search print copy at ETH Library

Files in this item

Thumbnail

Publication type

Show simple item record