-
SoK: The Ghost Trilemma
Authors:
Sulagna Mukherjee,
Srivatsan Ravi,
Paul Schmitt,
Barath Raghavan
Abstract:
Trolls, bots, and sybils distort online discourse and compromise the security of networked platforms. User identity is central to the vectors of attack and manipulation employed in these contexts. However it has long seemed that, try as it might, the security community has been unable to stem the rising tide of such problems. We posit the Ghost Trilemma, that there are three key properties of iden…
▽ More
Trolls, bots, and sybils distort online discourse and compromise the security of networked platforms. User identity is central to the vectors of attack and manipulation employed in these contexts. However it has long seemed that, try as it might, the security community has been unable to stem the rising tide of such problems. We posit the Ghost Trilemma, that there are three key properties of identity -- sentience, location, and uniqueness -- that cannot be simultaneously verified in a fully-decentralized setting. Many fully-decentralized systems -- whether for communication or social coordination -- grapple with this trilemma in some way, perhaps unknowingly. In this Systematization of Knowledge (SoK) paper, we examine the design space, use cases, problems with prior approaches, and possible paths forward. We sketch a proof of this trilemma and outline options for practical, incrementally deployable schemes to achieve an acceptable tradeoff of trust in centralized trust anchors, decentralized operation, and an ability to withstand a range of attacks, while protecting user privacy.
△ Less
Submitted 19 January, 2024; v1 submitted 4 August, 2023;
originally announced August 2023.
-
Scheduling Network Function Chains Under Sub-Millisecond Latency SLOs
Authors:
Jianfeng Wang,
Siddhant Gupta,
Marcos A. M. Vieira,
Barath Raghavan,
Ramesh Govindan
Abstract:
Network Function Virtualization (NFV) seeks to replace hardware middleboxes with software-based Network Functions (NFs). NFV systems are seeing greater deployment in the cloud and at the edge. However, especially at the edge, there is a mismatch between the traditional focus on NFV throughput and the need to meet very low latency SLOs, as edge services inherently require low latency. Moreover, clo…
▽ More
Network Function Virtualization (NFV) seeks to replace hardware middleboxes with software-based Network Functions (NFs). NFV systems are seeing greater deployment in the cloud and at the edge. However, especially at the edge, there is a mismatch between the traditional focus on NFV throughput and the need to meet very low latency SLOs, as edge services inherently require low latency. Moreover, cloud-based NFV systems need to achieve such low latency while minimizing CPU core usage.
We find that real-world traffic exhibits burstiness that causes latency spikes of up to 10s of milliseconds in existing NFV systems. To address this, we built NetBlaze, which achieves sub-millisecond p99 latency SLOs, even for adversarial traffic, using a novel multi-scale core-scaling strategy. NetBlaze makes traffic-to-core allocation decisions at rack, server, and core-spatial scales, and at increasingly finer timescales, to accommodate multi-timescale bursts. In comparison with state-of-the-art approaches, NetBlaze is the only one capable of achieving sub-millisecond p99 latency SLOs while using a comparable number of cores.
△ Less
Submitted 3 May, 2023;
originally announced May 2023.
-
Robotic Lime Picking by Considering Leaves as Permeable Obstacles
Authors:
Heramb Nemlekar,
Ziang Liu,
Suraj Kothawade,
Sherdil Niyaz,
Barath Raghavan,
Stefanos Nikolaidis
Abstract:
The problem of robotic lime picking is challenging; lime plants have dense foliage which makes it difficult for a robotic arm to grasp a lime without coming in contact with leaves. Existing approaches either do not consider leaves, or treat them as obstacles and completely avoid them, often resulting in undesirable or infeasible plans. We focus on reaching a lime in the presence of dense foliage b…
▽ More
The problem of robotic lime picking is challenging; lime plants have dense foliage which makes it difficult for a robotic arm to grasp a lime without coming in contact with leaves. Existing approaches either do not consider leaves, or treat them as obstacles and completely avoid them, often resulting in undesirable or infeasible plans. We focus on reaching a lime in the presence of dense foliage by considering the leaves of a plant as 'permeable obstacles' with a collision cost. We then adapt the rapidly exploring random tree star (RRT*) algorithm for the problem of fruit harvesting by incorporating the cost of collision with leaves into the path cost. To reduce the time required for finding low-cost paths to goal, we bias the growth of the tree using an artificial potential field (APF). We compare our proposed method with prior work in a 2-D environment and a 6-DOF robot simulation. Our experiments and a real-world demonstration on a robotic lime picking task demonstrate the applicability of our approach.
△ Less
Submitted 31 August, 2021;
originally announced August 2021.
-
A Pluralist Approach to Democratizing Online Discourse
Authors:
Jay Chen,
Barath Raghavan,
Paul Schmitt,
Tai Liu
Abstract:
Online discourse takes place in corporate-controlled spaces thought by users to be public realms. These platforms in name enable free speech but in practice implement varying degrees of censorship either by government edict or by uneven and unseen corporate policy. This kind of censorship has no countervailing accountability mechanism, and as such platform owners, moderators, and algorithms shape…
▽ More
Online discourse takes place in corporate-controlled spaces thought by users to be public realms. These platforms in name enable free speech but in practice implement varying degrees of censorship either by government edict or by uneven and unseen corporate policy. This kind of censorship has no countervailing accountability mechanism, and as such platform owners, moderators, and algorithms shape public discourse without recourse or transparency.
Systems research has explored approaches to decentralizing or democratizing Internet infrastructure for decades. In parallel, the Internet censorship literature is replete with efforts to measure and overcome online censorship. However, in the course of designing specialized open-source platforms and tools, projects generally neglect the needs of supportive but uninvolved `average' users. In this paper, we propose a pluralistic approach to democratizing online discourse that considers both the systems-related and user-facing issues as first-order design goals.
△ Less
Submitted 28 August, 2021;
originally announced August 2021.
-
Information Batteries: Storing Opportunity Power with Speculative Execution
Authors:
Jennifer Switzer,
Barath Raghavan
Abstract:
Co** with the intermittency of renewables is a fundamental challenge, with load shifting and grid-scale storage as key responses. We propose Information Batteries (IB), in which energy is stored in the form of information -- specifically, the results of completed computational tasks. Information Batteries thus provide storage through speculative load shifting, anticipating computation that will…
▽ More
Co** with the intermittency of renewables is a fundamental challenge, with load shifting and grid-scale storage as key responses. We propose Information Batteries (IB), in which energy is stored in the form of information -- specifically, the results of completed computational tasks. Information Batteries thus provide storage through speculative load shifting, anticipating computation that will be performed in the future.
We take a distributed systems perspective, and evaluate the extent to which an IB storage system can be made practical through augmentation of compiler toolchains, key-value stores, and other important elements in modern hyper-scale compute. In particular, we implement one specific IB prototype by augmenting the Rust compiler to enable transparent function-level precomputation and caching. We evaluate the overheads this imposes, along with macro-level job prediction and power prediction. We also evaluate the space of operation for an IB system, to identify the best case efficiency of any IB system for a given power and compute regime.
△ Less
Submitted 2 August, 2021;
originally announced August 2021.
-
TerraWatt: Sustaining Sustainable Computing of Containers in Containers
Authors:
Jennifer Switzer,
Rob McGuinness,
Pat Pannuto,
George Porter,
Aaron Schulman,
Barath Raghavan
Abstract:
Each day the world inches closer to a climate catastrophe and a sustainability revolution. To avoid the former and achieve the latter we must transform our use of energy. Surprisingly, today's growing problem is that there is too much wind and solar power generation at the wrong times and in the wrong places.
We argue for the construction of TerraWatt: a geographically-distributed, large-scale,…
▽ More
Each day the world inches closer to a climate catastrophe and a sustainability revolution. To avoid the former and achieve the latter we must transform our use of energy. Surprisingly, today's growing problem is that there is too much wind and solar power generation at the wrong times and in the wrong places.
We argue for the construction of TerraWatt: a geographically-distributed, large-scale, zero-carbon compute infrastructure using renewable energy and older hardware. Delivering zero-carbon compute for general cloud workloads is challenging due to spatiotemporal power variability. We describe the systems challenges in using intermittent renewable power at scale to fuel such an older, decentralized compute infrastructure.
△ Less
Submitted 12 February, 2021;
originally announced February 2021.
-
Migration in the Stencil Pluralist Cloud Architecture
Authors:
Tai Liu,
Zain Tariq,
Barath Raghavan,
Jay Chen
Abstract:
A debate in the research community has buzzed in the background for years: should large-scale Internet services be centralized or decentralized? Now-common centralized cloud and web services have downsides -- user lock-in and loss of privacy and data control -- that are increasingly apparent. However, their decentralized counterparts have struggled to gain adoption, suffer from their own problems…
▽ More
A debate in the research community has buzzed in the background for years: should large-scale Internet services be centralized or decentralized? Now-common centralized cloud and web services have downsides -- user lock-in and loss of privacy and data control -- that are increasingly apparent. However, their decentralized counterparts have struggled to gain adoption, suffer from their own problems of scalability and trust, and eventually may result in the exact same lock-in they intended to prevent. In this paper, we explore the design of a pluralist cloud architecture, Stencil, one that can serve as a narrow waist for user-facing services such as social media. We aim to enable pluralism via a unifying set of abstractions that support migration from one service to a competing service. We find that migrating linked data introduces many challenges in both source and destination services as links are severed. We show how Stencil enables correct and efficient data migration between services, how it supports the deployment of new services, and how Stencil could be incrementally deployed.
△ Less
Submitted 7 February, 2021;
originally announced February 2021.
-
Galleon: Resha** the Square Peg of NFV
Authors:
Jianfeng Wang,
Tamás Lévai,
Zhuo** Li,
Marcos A. M. Vieira,
Ramesh Govindan,
Barath Raghavan
Abstract:
Software is often used for Network Functions (NFs) -- such as firewalls, NAT, deep packet inspection, and encryption -- that are applied to traffic in the network. The community has hoped that NFV would enable rapid development of new NFs and leverage commodity computing infrastructure. However, the challenge for researchers and operators has been to align the square peg of high-speed packet proce…
▽ More
Software is often used for Network Functions (NFs) -- such as firewalls, NAT, deep packet inspection, and encryption -- that are applied to traffic in the network. The community has hoped that NFV would enable rapid development of new NFs and leverage commodity computing infrastructure. However, the challenge for researchers and operators has been to align the square peg of high-speed packet processing with the round hole of cloud computing infrastructures and abstractions, all while delivering performance, scalability, and isolation. Past work has led to the belief that NFV is different enough that it requires novel, custom approaches that deviate from today's norms. To the contrary, we show that we can achieve performance, scalability, and isolation in NFV judiciously using mechanisms and abstractions of FaaS, the Linux kernel, NIC hardware, and OpenFlow switches. As such, with our system Galleon, NFV can be practically-deployable today in conventional cloud environments while delivering up to double the performance per core compared to the state of the art.
△ Less
Submitted 16 January, 2021;
originally announced January 2021.
-
Semi-Automated Protocol Disambiguation and Code Generation
Authors:
Jane Yen,
Tamás Lévai,
Qinyuan Ye,
Xiang Ren,
Ramesh Govindan,
Barath Raghavan
Abstract:
For decades, Internet protocols have been specified using natural language. Given the ambiguity inherent in such text, it is not surprising that protocol implementations have long exhibited bugs. In this paper, we apply natural language processing (NLP) to effect semi-automated generation of protocol implementations from specification text. Our system, SAGE, can uncover ambiguous or under-specifie…
▽ More
For decades, Internet protocols have been specified using natural language. Given the ambiguity inherent in such text, it is not surprising that protocol implementations have long exhibited bugs. In this paper, we apply natural language processing (NLP) to effect semi-automated generation of protocol implementations from specification text. Our system, SAGE, can uncover ambiguous or under-specified sentences in specifications; once these are clarified by the spec author, SAGE can generate protocol code automatically. Using SAGE, we discover 5 instances of ambiguity and 6 instances of under-specification in the ICMP RFC; after clarification, SAGE is able to automatically generate code that interoperates perfectly with Linux implementations. We show that SAGE generalizes to BFD, IGMP, and NTP. We also find that SAGE supports many of the conceptual components found in key protocols, suggesting that, with some additional machinery, SAGE may be able to generalize to TCP and BGP.
△ Less
Submitted 1 February, 2021; v1 submitted 9 October, 2020;
originally announced October 2020.
-
Tactical Patterns for Grassroots Urban Repair
Authors:
Sarah Cooney,
Barath Raghavan
Abstract:
The process of revitalizing cities in the United States suffers from balky and unresponsive processes---de jure egalitarian but de facto controlled and mediated by city officials and powerful interests, not residents. We argue that, instead, our goal should be to put city planning in the hands of the people, and to that end, give ordinary residents pattern-based planning tools to help them redesig…
▽ More
The process of revitalizing cities in the United States suffers from balky and unresponsive processes---de jure egalitarian but de facto controlled and mediated by city officials and powerful interests, not residents. We argue that, instead, our goal should be to put city planning in the hands of the people, and to that end, give ordinary residents pattern-based planning tools to help them redesign (and repair) their urban surrounds. Through this, residents can explore many disparate ideas, try them, and, if successful, replicate them, enabling bottom-up city planning through direct action. We describe a prototype for such a tool that leverages classic patterns to enable city planning by residents, using case studies from Los Angeles as guides for both the problem and potential solution.
△ Less
Submitted 5 October, 2020;
originally announced October 2020.
-
Pretty Good Phone Privacy
Authors:
Paul Schmitt,
Barath Raghavan
Abstract:
To receive service in today's cellular architecture, phones uniquely identify themselves to towers and thus to operators. This is now a cause of major privacy violations, as operators now sell and leak identity and location data of hundreds of millions of mobile users.
In this paper, we take an end-to-end perspective on the cellular architecture and find key points of decoupling that enable us t…
▽ More
To receive service in today's cellular architecture, phones uniquely identify themselves to towers and thus to operators. This is now a cause of major privacy violations, as operators now sell and leak identity and location data of hundreds of millions of mobile users.
In this paper, we take an end-to-end perspective on the cellular architecture and find key points of decoupling that enable us to protect user identity and location privacy with no changes to physical infrastructure, no added latency, and no requirement of direct cooperation from existing operators.
We describe Pretty Good Phone Privacy (PGPP) and demonstrate how our modified backend stack (NGC) works with real phones to provide ordinary yet privacy-preserving connectivity. We explore inherent privacy and efficiency tradeoffs in a simulation of a large metropolitan region. We show how PGPP maintains today's control overheads while significantly improving user identity and location privacy.
△ Less
Submitted 28 December, 2020; v1 submitted 18 September, 2020;
originally announced September 2020.
-
Beyond the Trees: Resilient Multipath for Last-mile WISP Networks
Authors:
Bilal Saleem,
Paul Schmitt,
Jay Chen,
Barath Raghavan
Abstract:
Expanding the reach of the Internet is a topic of widespread interest today. Google and Facebook, among others, have begun investing substantial research efforts toward expanding Internet access at the edge. Compared to data center networks, which are relatively over-engineered, last-mile networks are highly constrained and end up being ultimately responsible for the performance issues that impact…
▽ More
Expanding the reach of the Internet is a topic of widespread interest today. Google and Facebook, among others, have begun investing substantial research efforts toward expanding Internet access at the edge. Compared to data center networks, which are relatively over-engineered, last-mile networks are highly constrained and end up being ultimately responsible for the performance issues that impact the user experience.
The most viable and cost-effective approach for providing last-mile connectivity has proved to be Wireless ISPs (WISPs), which rely on point-to-point wireless backhaul infrastructure to provide connectivity using cheap commodity wireless hardware. However, individual WISP network links are known to have poor reliability and the networks as a whole are highly cost constrained.
Motivated by these observations, we propose Wireless ISPs with Redundancy (WISPR), which leverages the cost-performance tradeoff inherent in commodity wireless hardware to move toward a greater number of inexpensive links in WISP networks thereby lowering costs. To take advantage of this new path diversity, we introduce a new, general protocol that provides increased performance, reliability, or a combination of the two.
△ Less
Submitted 27 February, 2020;
originally announced February 2020.
-
Rangzen: Anonymously Getting the Word Out in a Blackout
Authors:
Adam Lerner,
Giulia Fanti,
Yahel Ben-David,
Jesus Garcia,
Paul Schmitt,
Barath Raghavan
Abstract:
In recent years governments have shown themselves willing to impose blackouts to shut off key communication infrastructure during times of civil strife, and to surveil citizen communications whenever possible. However, it is exactly during such strife that citizens need reliable and anonymous communications the most. In this paper, we present Rangzen, a system for anonymous broadcast messaging dur…
▽ More
In recent years governments have shown themselves willing to impose blackouts to shut off key communication infrastructure during times of civil strife, and to surveil citizen communications whenever possible. However, it is exactly during such strife that citizens need reliable and anonymous communications the most. In this paper, we present Rangzen, a system for anonymous broadcast messaging during network blackouts. Rangzen is distinctive in both aim and design. Our aim is to provide an anonymous, one-to-many messaging layer that requires only users' smartphones and can withstand network-level attacks. Our design is a delay-tolerant mesh network which deprioritizes adversarial messages by means of a social graph while preserving user anonymity. We built a complete implementation that runs on Android smartphones, present benchmarks of its performance and battery usage, and present simulation results suggesting Rangzen's efficacy at scale.
△ Less
Submitted 10 December, 2016;
originally announced December 2016.
-
Recursive SDN for Carrier Networks
Authors:
James McCauley,
Zhi Liu,
Aurojit Panda,
Teemu Koponen,
Barath Raghavan,
Jennifer Rexford,
Scott Shenker
Abstract:
Control planes for global carrier networks should be programmable (so that new functionality can be easily introduced) and scalable (so they can handle the numerical scale and geographic scope of these networks). Neither traditional control planes nor new SDN-based control planes meet both of these goals. In this paper, we propose a framework for recursive routing computations that combines the be…
▽ More
Control planes for global carrier networks should be programmable (so that new functionality can be easily introduced) and scalable (so they can handle the numerical scale and geographic scope of these networks). Neither traditional control planes nor new SDN-based control planes meet both of these goals. In this paper, we propose a framework for recursive routing computations that combines the best of SDN (programmability) and traditional networks (scalability through hierarchy) to achieve these two desired properties. Through simulation on graphs of up to 10,000 nodes, we evaluate our design's ability to support a variety of routing and traffic engineering solutions, while incorporating a fast failure recovery mechanism.
△ Less
Submitted 25 May, 2016;
originally announced May 2016.
-
Approximate Networking for Global Access to the Internet for All (GAIA)
Authors:
Junaid Qadir,
Arjuna Sathiaseelan,
Liang Wang,
Barath Raghavan
Abstract:
Decades of experience have shown that there is no single one-size-fits-all solution that can be used to provision Internet globally and that invariably there are tradeoffs in the design of Internet. Despite the best efforts of networking researchers and practitioners, an ideal Internet experience is inaccessible to an overwhelming majority of people the world over, mainly due to the lack of cost e…
▽ More
Decades of experience have shown that there is no single one-size-fits-all solution that can be used to provision Internet globally and that invariably there are tradeoffs in the design of Internet. Despite the best efforts of networking researchers and practitioners, an ideal Internet experience is inaccessible to an overwhelming majority of people the world over, mainly due to the lack of cost efficient ways of provisioning high-performance global Internet. In this paper, we argue that instead of an exclusive focus on a utopian goal of universally accessible "ideal networking" (in which we have high throughput and quality of service as well as low latency and congestion), we should consider providing "approximate networking" through the adoption of context-appropriate tradeoffs. Approximate networking can be used to implement a pragmatic tiered global access to the Internet for all (GAIA) system in which different users the world over have different context-appropriate (but still contextually functional) Internet experience.
△ Less
Submitted 24 March, 2016;
originally announced March 2016.
-
Brain4Cars: Car That Knows Before You Do via Sensory-Fusion Deep Learning Architecture
Authors:
Ashesh Jain,
Hema S Koppula,
Shane Soh,
Bharad Raghavan,
Avi Singh,
Ashutosh Saxena
Abstract:
Advanced Driver Assistance Systems (ADAS) have made driving safer over the last decade. They prepare vehicles for unsafe road conditions and alert drivers if they perform a dangerous maneuver. However, many accidents are unavoidable because by the time drivers are alerted, it is already too late. Anticipating maneuvers beforehand can alert drivers before they perform the maneuver and also give ADA…
▽ More
Advanced Driver Assistance Systems (ADAS) have made driving safer over the last decade. They prepare vehicles for unsafe road conditions and alert drivers if they perform a dangerous maneuver. However, many accidents are unavoidable because by the time drivers are alerted, it is already too late. Anticipating maneuvers beforehand can alert drivers before they perform the maneuver and also give ADAS more time to avoid or prepare for the danger.
In this work we propose a vehicular sensor-rich platform and learning algorithms for maneuver anticipation. For this purpose we equip a car with cameras, Global Positioning System (GPS), and a computing device to capture the driving context from both inside and outside of the car. In order to anticipate maneuvers, we propose a sensory-fusion deep learning architecture which jointly learns to anticipate and fuse multiple sensory streams. Our architecture consists of Recurrent Neural Networks (RNNs) that use Long Short-Term Memory (LSTM) units to capture long temporal dependencies. We propose a novel training procedure which allows the network to predict the future given only a partial temporal context. We introduce a diverse data set with 1180 miles of natural freeway and city driving, and show that we can anticipate maneuvers 3.5 seconds before they occur in real-time with a precision and recall of 90.5\% and 87.4\% respectively.
△ Less
Submitted 5 January, 2016;
originally announced January 2016.
-
Car that Knows Before You Do: Anticipating Maneuvers via Learning Temporal Driving Models
Authors:
Ashesh Jain,
Hema S. Koppula,
Bharad Raghavan,
Shane Soh,
Ashutosh Saxena
Abstract:
Advanced Driver Assistance Systems (ADAS) have made driving safer over the last decade. They prepare vehicles for unsafe road conditions and alert drivers if they perform a dangerous maneuver. However, many accidents are unavoidable because by the time drivers are alerted, it is already too late. Anticipating maneuvers beforehand can alert drivers before they perform the maneuver and also give ADA…
▽ More
Advanced Driver Assistance Systems (ADAS) have made driving safer over the last decade. They prepare vehicles for unsafe road conditions and alert drivers if they perform a dangerous maneuver. However, many accidents are unavoidable because by the time drivers are alerted, it is already too late. Anticipating maneuvers beforehand can alert drivers before they perform the maneuver and also give ADAS more time to avoid or prepare for the danger.
In this work we anticipate driving maneuvers a few seconds before they occur. For this purpose we equip a car with cameras and a computing device to capture the driving context from both inside and outside of the car. We propose an Autoregressive Input-Output HMM to model the contextual information alongwith the maneuvers. We evaluate our approach on a diverse data set with 1180 miles of natural freeway and city driving and show that we can anticipate maneuvers 3.5 seconds before they occur with over 80\% F1-score in real-time.
△ Less
Submitted 19 September, 2015; v1 submitted 10 April, 2015;
originally announced April 2015.