Showing 1–6 of 6 results for author: Campanella, M

In-Network Volumetric DDoS Victim Identification Using Programmable Commodity Switches

Authors: Damu Ding, Marco Savi, Federico Pederzolli, Mauro Campanella, Domenico Siracusa

Abstract: Volumetric distributed Denial-of-Service (DDoS) attacks have become one of the most significant threats to modern telecommunication networks. However, most existing defense systems require that detection software operates from a centralized monitoring collector, leading to increased traffic load and delayed response. The recent advent of Data Plane Programmability (DPP) enables an alternative solu… ▽ More Volumetric distributed Denial-of-Service (DDoS) attacks have become one of the most significant threats to modern telecommunication networks. However, most existing defense systems require that detection software operates from a centralized monitoring collector, leading to increased traffic load and delayed response. The recent advent of Data Plane Programmability (DPP) enables an alternative solution: threshold-based volumetric DDoS detection can be performed directly in programmable switches to skim only potentially hazardous traffic, to be analyzed in depth at the controller. In this paper, we first introduce the BACON data structure based on sketches, to estimate per-destination flow cardinality, and theoretically analyze it. Then we employ it in a simple in-network DDoS victim identification strategy, INDDoS, to detect the destination IPs for which the number of incoming connections exceeds a pre-defined threshold. We describe its hardware implementation on a Tofino-based programmable switch using the domain-specific P4 language, proving that some limitations imposed by real hardware to safeguard processing speed can be overcome to implement relatively complex packet manipulations. Finally, we present some experimental performance measurements, showing that our programmable switch is able to keep processing packets at line-rate while performing volumetric DDoS detection, and also achieves a high F1 score on DDoS victim identification. △ Less

Submitted 16 April, 2021; v1 submitted 13 April, 2021; originally announced April 2021.

Comments: Accepted by IEEE Transactions on Network and Service Management Special issue on Latest Developments for Security Management of Networks and Services

200 mm Sensor Development Using Bonded Wafers

Authors: M. Alyari, R. Bradford, M. Campanella, P. Camporeale, R. Demina, J. Everts, Z. Gecse, R. Halenza, U. Heintz, S. Holland, S. Hong, S. Korjenevski, A. Lampis, R. Lipton, R. Patti, J. Segal, K. W. Shin

Abstract: Sensors fabricated from high resistivity, float zone, silicon material have been the basis of vertex detectors and trackers for the last 30 years. The areas of these devices have increased from a few square cm to $\> 200\ m^2$ for the existing CMS tracker. High Luminosity Large Hadron Collider (HL-LHC), CMS and ATLAS tracker upgrades will each require more than $200\ m^2$ of silicon and the CMS Hi… ▽ More Sensors fabricated from high resistivity, float zone, silicon material have been the basis of vertex detectors and trackers for the last 30 years. The areas of these devices have increased from a few square cm to $\> 200\ m^2$ for the existing CMS tracker. High Luminosity Large Hadron Collider (HL-LHC), CMS and ATLAS tracker upgrades will each require more than $200\ m^2$ of silicon and the CMS High Granularity Calorimeter (HGCAL) will require more than $600\ m^2$. The cost and complexity of assembly of these devices is related to the area of each module, which in turn is set by the size of the silicon sensors. In addition to large area, the devices must be radiation hard, which requires the use of sensors thinned to 200 microns or less. The combination of wafer thinning and large wafer diameter is a significant technical challenge, and is the subject of this work. We describe work on development of thin sensors on $200 mm$ wafers using wafer bonding technology. Results of development runs with float zone, Silicon-on-Insulator and Silicon-Silicon bonded wafer technologies are reported. △ Less

Submitted 2 September, 2020; v1 submitted 8 June, 2020; originally announced June 2020.

Comments: 11 pages

Report number: FERMILAB-PUB-20-223-CMS-E

Hybrid IP/SDN networking: open implementation and experiment management tools

Authors: Stefano Salsano, Pier Luigi Ventre, Francesco Lombardo, Giuseppe Siracusano, Matteo Gerola, Elio Salvadori, Michele Santuari, Mauro Campanella, Luca Prete

Abstract: The introduction of SDN in large-scale IP provider networks is still an open issue and different solutions have been suggested so far. In this paper we propose a hybrid approach that allows the coexistence of traditional IP routing with SDN based forwarding within the same provider domain. The solution is called OSHI - Open Source Hybrid IP/SDN networking as we have fully implemented it combining… ▽ More The introduction of SDN in large-scale IP provider networks is still an open issue and different solutions have been suggested so far. In this paper we propose a hybrid approach that allows the coexistence of traditional IP routing with SDN based forwarding within the same provider domain. The solution is called OSHI - Open Source Hybrid IP/SDN networking as we have fully implemented it combining and extending Open Source software. We discuss the OSHI system architecture and the design and implementation of advanced services like Pseudo Wires and Virtual Switches. In addition, we describe a set of Open Source management tools for the emulation of the proposed solution using either the Mininet emulator or distributed physical testbeds. We refer to this suite of tools as Mantoo (Management tools). Mantoo includes an extensible web-based graphical topology designer, which provides different layered network "views" (e.g. from physical links to service relationships among nodes). The suite can validate an input topology, automatically deploy it over a Mininet emulator or a distributed SDN testbed and allows access to emulated nodes by opening consoles in the web GUI. Mantoo provides also tools to evaluate the performance of the deployed nodes. △ Less

Submitted 6 January, 2016; v1 submitted 13 May, 2015; originally announced May 2015.

Comments: Accepted for publication in IEEE Transaction of Network and Service Management - December 2015 http://dx.doi.org/10.1109/TNSM.2015.2507622

ICONA: Inter Cluster ONOS Network Application

Authors: M. Gerola, M. Santuari, E. Salvadori, S. Salsano, M. Campanella, P. L. Ventre, A. Al-Shabibi, W. Snow

Abstract: Several Network Operating Systems (NOS) have been proposed in the last few years for Software Defined Networks; however, a few of them are currently offering the resiliency, scalability and high availability required for production environments. Open Networking Operating System (ONOS) is an open source NOS, designed to be reliable and to scale up to thousands of managed devices. It supports multip… ▽ More Several Network Operating Systems (NOS) have been proposed in the last few years for Software Defined Networks; however, a few of them are currently offering the resiliency, scalability and high availability required for production environments. Open Networking Operating System (ONOS) is an open source NOS, designed to be reliable and to scale up to thousands of managed devices. It supports multiple concurrent instances (a cluster of controllers) with distributed data stores. A tight requirement of ONOS is that all instances must be close enough to have negligible communication delays, which means they are typically installed within a single datacenter or a LAN network. However in certain wide area network scenarios, this constraint may limit the speed of responsiveness of the controller toward network events like failures or congested links, an important requirement from the point of view of a Service Provider. This paper presents ICONA, a tool developed on top of ONOS and designed in order to extend ONOS capability in network scenarios where there are stringent requirements in term of control plane responsiveness. In particular the paper describes the architecture behind ICONA and provides some initial evaluation obtained on a preliminary version of the tool. △ Less

Submitted 26 March, 2015; originally announced March 2015.

Comments: Paper submitted to a conference

Optical Biochemical Platforms for Nanoparticles Detection

Authors: Clarissa Martina Campanella

Abstract: In the biochemical sensing field, a fervent research activity related to the development of real time, low cost, compact and high throughput devices for the detection and characterization of natural or synthetic nanoparticles NPs actually exists. In this research scenario, different platforms for biosensing purposes have been developed according to the huge amount of physical effects involved in t… ▽ More In the biochemical sensing field, a fervent research activity related to the development of real time, low cost, compact and high throughput devices for the detection and characterization of natural or synthetic nanoparticles NPs actually exists. In this research scenario, different platforms for biosensing purposes have been developed according to the huge amount of physical effects involved in the transduction of the biochemical-signal into a measurable output signal. In the present work two different optical platforms for NP detection have been investigated, one based on integrated optics and the other based on microscopy. Both the approaches rely on the study of the interaction of an electromagnetic wave with a small particle in the hypothesis of dealing with a Rayleigh scatterer, i.e. a nanoparticle having a size really smaller than the one of the wavelength of the incident light and scattering light elastically. △ Less

Submitted 9 January, 2014; originally announced January 2014.

Comments: PhD Thesis

The FLUKA code: present applications and future developments

Authors: A. Fasso', A. Ferrari, S. Roesler, J. Ranft, P. R. Sala, G. Battistoni, M. Campanella, F. Cerutti, L. De Biaggi, E. Gadioli, M. V. Garzelli, F. Ballarini, A. Ottolenghi, D. Scannicchio, M. Carboni, M. Pelliccioni, R. Villari, V. Andersen, A. Empl, K. Lee, L. Pinsky, T. N. Wilson, N. Zapp

Abstract: The main features of the FLUKA Monte Carlo code, which can deal with transport and interaction of electromagnetic and hadronic particles, are summarised. The physical models embedded in FLUKA are mentioned, as well as examples of benchmarking against experimental data. A short history of the code is provided and the following examples of applications are discussed in detail: prediction of calori… ▽ More The main features of the FLUKA Monte Carlo code, which can deal with transport and interaction of electromagnetic and hadronic particles, are summarised. The physical models embedded in FLUKA are mentioned, as well as examples of benchmarking against experimental data. A short history of the code is provided and the following examples of applications are discussed in detail: prediction of calorimetric performances, atmospheric neutrino flux calculations, dosimetry in atmosphere and radiobiology applications, including hadrontherapy and space radiation protection. Finally a few lines are dedicated to the FLUKA server, from which the code can be downloaded. △ Less

Submitted 23 June, 2003; originally announced June 2003.

Comments: talk from the 2003 Computing in High Energy and Nuclear Physics (CHEP03), La Jolla, Ca, USA, March 2003, 8 pages, pdf