News

Anti-Censorship Tool Collage Featured in Slashdot

Thu, 19 Aug 2010 10:07:13 +0000

Ph.D. student Sam Burnett developed Collage, a tool that relies on user-generated content sites like Flickr to help citizens in countries oppressed by censorship communicate more openly. The basic idea is to hide censored content in seemingly innocuous photos that are hosted on user-generated content sites like Flickr. Below is a conceptual diagram explaining how Collage works:

For more information about how Collage works, please see the full paper. For more information, and to contribute to or download the code, please see the Collage project home page.

You can also read about Collage in various trade articles:

Colalge also appeared on Slashdot twice; Professor Feamster also recently blogged about Collage, here.

Transit Portal Featured in Tech Review

Mon, 16 Aug 2010 05:00:00 +0000

Ph.D. student Valas Valancius has been developing the Transit Portal, software that gives services hosted on cloud infrastructures like Amazon EC2 direct control over inbound and outbound traffic. Different services may have different service requirements: some services may require connectivity that satisfies strict performance requirements (e.g., interactive services or gaming may require low latency or packet loss), while other services might wish to simply use the least expensive connectivity. Unfortunately, today's cloud providers select the same routes for every service hosted on the cloud infrastructure (effectively doing "one size fits all" routing for all hosted services).

The Transit Portal allows each service hosted in a cloud to perform its own Internet routing. For more information on Transit Portal, see the full paper, or check out the following articles:

Professor Nick Feamster also blogged about the Transit Portal here. Lots of information about Transit Portal, including information about how to install a Transit Portal yourself, is available on the GENI project wiki for Transit Portal.

Next-Generation Access Control at GENI Engineering Conference

Wed, 17 Mar 2010 05:00:00 +0000

Hyojoon "Joon" Kim and Ankur Nayak presented a next-generation access control system called Resonance at the GENI Engineering Conference at Duke University in Durham, North Carolina. The current Georgia Tech network access control framework is based on complicated network configuration settings, making it difficult for operators to debug the system, to make changes to it, and to implement complicated network policies.

Joon and Ankur have been developing a next-generation version of Georgia Tech's access control framework, based on OpenFlow. The OpenFlow architecture decouples a network's control framework from individual network devices. We are using this framework to allow operators to express more complex policies in a higher-level language. The Resonance access control system is deployed on the Georgia Tech campus in research labs across three buildings. We are in the process of evaluating this deployment for real users on the network. A more widespread campus deployment is planned over the course of the coming year.

The video below shows the Resonance system in action. You can also read a bit more about Resonance:

In our ACM SIGCOMM workshop paper from last year, which describes the basic design.
In our IEEE LANMAN invited paper, which describes some of the high-level design philosophy behind Resonance.

Network Neutrality Tool NANO at ACM SIGCOMM CoNext

Fri, 04 Dec 2009 00:00:00 +0000

NANO ("Network Access Neutrality Observatory"), was presented at ACM SIGCOMM CoNext last Friday.

NANO detects whether a user's access ISP is discriminating against certain users, destinations or applications. In contrast to existing tools, NANO relies primarily on data that is passively collected from user's machines. To use NANO, simply download and install the NANO-Agent on your machine. Currently, NANO-Agent runs only on Linux, but a Windows version will be coming shortly.

NANO is part of Google's Measurement Lab project.

For more information about NANO, please see the following:

NSF Awards $450k for Data Leak Prevention

Tue, 22 Sep 2009 00:00:00 +0000

The National Science Foundation has awarded Professor Feamster $450k over three years to develop techniques to control and prevent data leaks and the spread of malware in enterprise networks.

In Deloitte's recent Global Security Survey, nearly half of the companies surveyed reported some internal security breach; of those, about a third of breaches resulted from viruses or malware, and another third resulted from insider fraud. The Pedigree project aims to develop mechanisms to control and prevent these data breaches in enterprise networks. This growing problem begs the need for better techniques for controlling information flow in the network itself.

We are addressing several research challenges. First, we are exploring the appropriate granularity for tainting that preserves semantics without imposing unacceptable memory and performance overhead. Second, we are designing the system to minimize performance overhead on applications. Third, we are exploring translation mechanisms between host-based taints and network-based taints, so that taints carried in network traffic convey meaningful semantics without imposing prohibitive network overhead. The research will result in an information tracking and control system that is deployed in experimental settings (e.g., the Georgia Tech campus network) using the existing and forthcoming programmable switch implementations.

Our writeup of the system remonstration from SIGCOMM 2009 provides more details. Details on the aware are available at the NSF Web site.

OpenFlow Click Featured at Click Symposium

Tue, 01 Dec 2009 06:16:29 +0000

Yogesh Mundada gave a talk at the Click Symposium in Belgium last week on his new OpenFlow Click Element, which he developed with Rob Sherwood at Deutche Telekom Labs.

The OpenFlow Click element is a module for the Click modular router that can be controlled via a standard OpenFlow controller. The element essentially turns a Click router into a software switch with flow table entries. One of the most powerful aspects of this paradigm is that it allows hybrid packet and flow processing, as part of a paradigm we call Flowlets.

More details about OpenFlow Click element are available here:

NSF Security Driven Architectures Workshop

Wed, 29 Jul 2009 00:00:00 +0000

Nick Feamster co-organized the NSF Security Driven Architectures workshop with NSF program managers Karl Levitt and Lenore Zuck. The workshop drew about 30 participants from a variety of areas in computer science to discuss next-generation architectures focused around improving system and network security. Slides from this workshop are available upon request; a writeup is forthcoming.

SNARE on Slashdot, Tech Review

Thu, 13 Aug 2009 00:00:00 +0000

Our paper on network-level spam filtering, SNARE, appeared in Tech Review, Slashdot, and MetaFilter. Spam-filtering techniques from SNARE and SpamTracker have been adopted by various spam filtering vendors and Web mail providers. Below, Shuang Hao presents SNARE at USENIX Security Symposium in Montreal.

SIGCOMM Demos in Barcelona

Wed, 26 Aug 2009 00:00:00 +0000

The lab had a great showing at this year's SIGCOMM 2009 conference in Barcelona, with three demonstrations:

Transit Portal: Bringing Connectivity to the Cloud. Student: Valas Valancius
Securing Enterprise Networks with Traffic Tainting. Students: Anirudh Ramachandran, Yogesh Mundada, Mukarram bin Tariq
Network and End-System Support for Transparent Use of Multiple Paths. Student: Murtaza Motiwala.

Below is a photo of Yogesh Mundada giving the demo of our Pedigree system, which performs network-level enforcement of information-flow policies in an enterprise network.

GENI Engineering Conference 6

Mon, 16 Nov 2009 00:00:00 +0000

Vytautas Valancius gave a great demo of the BGP Session Multiplexer ("BGP Mux") at the GENI Engineering Conference 6 in Salt Lake City, UT. The BGP Mux is a system to provide interdomain routing connectivity to virtual networks and data center applications.

For more information about our GENI-funded project, please see our project web page at geni.net.

Here's a video summarizing Valas's demo: