Marc Wyss


Last Name

Wyss

First Name

Marc

ORCID

0000-0001-9267-6646

Organisational unit

03975 - Perrig, Adrian / Perrig, Adrian

Filters

20253
Reset filters

Search Results

Publications 1 - 3 of 3
  • Hummingbird: Fast, Flexible, and Fair Inter-Domain Bandwidth Reservations
    Item type: Conference Paper
    Wüst, Karl; Giuliari, Giacomo; Legner, Markus; et al. (2025)
    SIGCOMM '25: Proceedings of the ACM SIGCOMM 2025 Conference
    To realize the long-standing vision of providing quality-of-service (QoS) guarantees on a public Internet, this paper introduces Hummingbird: a lightweight QoS-system that provides fine-grained inter-domain reservations for end hosts. Hummingbird enables flexible and composable reservations with end-to-end guarantees, and addresses an often overlooked, but crucial, aspect of bandwidth-reservation systems: incentivization of network providers. Hummingbird represents bandwidth reservations as tradable assets, allowing markets to emerge. These markets then ensure fair and efficient resource allocation and encourage deployment by remunerating providers. This incentivization is facilitated by decoupling reservations from network identities, which enables novel control-plane mechanisms and allows the design of a control plane based on smart contracts. Hummingbird also provides an efficient reservation data plane, which streamlines the processing on routers and thus simplifies the implementation, deployment, and traffic policing, while maintaining robust security properties. Our prototype implementation demonstrates the efficiency and scalability of Hummingbird's asset-based control plane, and our high-speed software implementation can fill a 160 Gbps link with Hummingbird packets on commodity hardware.
  • Realizing Internet Communication Guarantees through Bandwidth Allocation and Isolation
    Item type: Doctoral Thesis
    Wyss, Marc (2025)
    The Internet feels seamless when it works, but its fragility becomes strikingly clear when attacks halt critical services. Recent disruptions have shown that the Internet is more vulnerable than we might assume, with outages impacting everything from emergency systems to financial markets. When so much depends on uninterrupted connectivity, even brief failures can result in significant consequences. Ensuring reliable network communication is challenging, especially against adversaries launching DDoS attacks to congest routers and links, blocking legitimate traffic. By exploiting IP spoofing, attackers evade detection, making mitigation even harder. Worse, the landscape is shifting in their favor: the rise of insecure IoT devices and cheap cloud VMs makes building large-scale botnets easier, enabling devastating attacks. Both industry and academic solutions have shortcomings: Industry systems face scalability, management, centralization, vendor lock-in, and cost issues, while research-based systems often operate reactively and are vulnerable to spoofing or latency inflation; both commonly rely on heuristics. This thesis aims to achieve the ambitious goal of providing secure, scalable, and low-cost communication guarantees on the public Internet. Unlike existing approaches, our proposals achieve security through fundamental principles rather than heuristics and take a proactive stance instead of focusing on attack detection and mitigation. In particular, our contributions focus on allocating bandwidth to individual streams and enforcing these allocations via in-network isolation. First, we introduce the concept of flyover reservations, a fundamentally novel approach to ensuring availability on the Internet. Unlike path-based reservation systems, flyover reservations enable fine-grained, hop-based bandwidth allocations at the level of individual autonomous systems. Our system instantiating flyover reservations provides strong in-network bandwidth isolation, facilitates the establishment of reservations even under DDoS attacks, and outperforms path-based reservation systems in many key performance metrics. Second, we present Z-Lane, a system offering immediate forwarding guarantees for short-lived, intermediate-rate communication, such as web traffic. For this type of traffic, bandwidth reservations are unsuitable, as the time to establish them causes delays longer than the data transmission itself. Third, we introduce the concept of a Fractional Fair Share (FFS), which enables efficient bandwidth allocation and isolation, while minimizing the implementation and deployment complexity present in earlier solutions. We implement high-speed versions of all three systems in DPDK, achieving 160 Gbps line rate on commodity hardware. Our security analysis shows the systems’ robustness against IP spoofing and DDoS attacks.
  • Inter-domain Routing with Extensible Criteria
    Item type: Conference Paper
    Tabaeiaghdaei, Seyedali; van Bommel, Jelte; Wyss, Marc; et al. (2025)
    SIGCOMM '25: Proceedings of the ACM SIGCOMM 2025 Conference
    With the rapid evolution and diversification of Internet applications, their communication-quality criteria are continuously evolving. To globally optimize communication quality, the Internet’s control plane thus needs to optimize inter-domain paths on diverse criteria, and should provide extensibility for adding new criteria or modifying existing ones. However, current inter-domain routing protocols and proposals satisfy these requirements at best to a limited degree. We argue that an inter-domain routing architecture with extensible routing criteria can be realized in path-aware networks, due to their stateless forwarding. We thus propose IREC, an inter-domain routing architecture for the SCION path-aware Internet architecture that enables path optimization with extensible criteria. IREC achieves this through parallel execution and real-time addition of independent route computations, together enabling end domains to express their desired criteria to the control plane. Through large-scale simulations with realistic Internet topologies, we show IREC’s viability via implementation and emulation, and its negligible global cost compared to static routing protocols.
Publications 1 - 3 of 3