This paper presents the design and implementation of a filter-based DoS defense system (StopIt) and a comparison study on the effectiveness of filters and capabilities. Central to the StopIt design is a novel closed-control, open-service architecture: any receiver can use StopIt to block the undesired traffic it receives, yet the design is robust to various strategic attacks from millions of bots, including filter exhaustion attacks and bandwidth flooding attacks that aim to disrupt the timely installation of filters. Our evaluation shows that StopIt can block the attack traffic from a few millions of attackers within tens of minutes with bounded router memory. We compare StopIt with existing filter-based and capabilitybased DoS defense systems under simulated DoS attacks of various types and scales. Our results show that StopIt outperforms existing filter-based systems, and can prevent legitimate communications from being disrupted by various DoS flooding attacks. It also outperforms capability-based systems in most attack scenarios, but a capability-based system is more effective in a type of attack that the attack traffic does not reach a victim, but congests a link shared by the victim. These results suggest that both filters and capabilities are highly effective DoS defense mechanisms, but neither is more effective than the other in all types of DoS attacks. Categories and Subject Descriptors

Most artificial neural networks suffer from the problem of catastrophic for-getting, where previously learnt information is suddenly and completely lost when new information is learnt. Memory in real neural systems does not appear to suffer from this unusual behaviour. In this thesis we discuss the problem of catastrophic forgetting in Hopfield networks, and investi-gate various potential solutions. We extend the pseudorehearsal solution of Robins (1995) enabling it to work in this attractor network, and compare the results with the unlearning procedure proposed by Crick and Mitchison (1983). We then explore a familiarity measure based on the energy profile of the learnt patterns. By using the ratio of high energy to low energy parts of the network we can robustly distinguish the learnt patterns from the large number of spurious “fantasy ” patterns that are common in these networks. This energy ratio measure is then used to improve the pseudorehearsal solu-tion so that it can store 0.3N patterns in the Hopfield network, significantly

Abstract—Ethernet does not scale well to large networks. The flat MAC address space, whilst having obvious benefits for the user and administrator, is the primary cause of this poor scalability; other recent efforts to improve upon Ethernet’s scalability have addressed symptoms, rather than this underlying cause. In this paper we present MOOSE, Multi-level Origin-Organised Scalable Ethernet, an Ethernet switch architecture that performs in-place rewriting of MAC addresses in order to impose a hierarchy upon the address space without reconfiguration or modification of connected devices. This removes the need for switches to maintain large forwarding databases, is of direct use in implementing improved routing, and allows for a variety of other scalability and security innovations. I.

This paper proposes a specialized memory structure called CA-RAM (Content Addressable Random Access Memory) to accelerate search operations present in many important real-world applications. Search operations can occupy a significant portion of total execution time and energy consumption, while posing a difficult performance problem to tackle using traditional memory hierarchy concepts. In essence, CA-RAM is a direct hardware implementation of the well-known hashing technique. Searchable records are stored in CA-RAM at a location determined by a hash function, defined on their search key. After a database has been built, looking up a record in CA-RAM typically involves a single memory access followed by a parallel key matching operation. Compared with a conventional CAM (Content Addressable Memory) solution, CA-RAM capitalizes on dense SRAM and DRAM designs, and achieves comparable search performance while occupying much smaller area and consuming significantly less power. This paper presents detailed design aspects of CA-RAM, to be integrated in future general-purpose and application-specific processors and systems. To further motivate and justify our approach, we present two real examples of using CA-RAM to build a high-performance search accelerator targeting: IP address lookup in core routers and trigram lookup in a large speech recognition system. 1

I hereby declare that I am the sole author of this thesis. This is a true copy of the thesis, including any required final revisions, as accepted by my examiners. I understand that my thesis may be made electronically available to the public.

Abstract—This paper presents a match-line (ML) sensing scheme that distinguishes a match from a miss by first shunting every ML with a fixed negative resistance, then exciting the MLs with an initial charge, and subsequently observing their voltage developments. It is shown that the voltage on the matched ML will grow to VDD, as in an unstable system, whereas the voltage on a missed ML will decay to zero, as in a stable system. Since the initial excitation charge on the ML’s can be as low as the noise level in the system, this scheme can approach the minimum possible energy consumption level for match-line sensing. We have implemented, in 0.18 m CMOS, a 144 144 ternary CAM array that includes the stability-based sensing scheme along with two previously-reported sensing schemes. The measured results confirm the power savings of the proposed sensing scheme. In addition, the CAM includes a pipelined search-line (SL) architecture that can reduce the SL portion of CAM power by up to 50%. Index Terms—Content-addressable memory, CAM, stability-based sensing, match-line sensing, match-line power,

classification often have to deal with unpredictable sets of rules, resulting in highly variable rule expansions, and can only rely on heuristic encoding algorithms with no reasonable guarantees. In this paper, given several types of rules, we provide new upper bounds on the TCAM worst-case rule expansions. In particular, we prove that a W-bit range can be encoded in W TCAM entries, improving upon the previously-known bound of 2W − 5. We also introduce new analytical tools based on independent sets and alternating paths, and use these tools to prove the tightness of the upper bounds. In particular, no prefix encoding can encode all ranges in less than W TCAM entries. Last, we propose a modified TCAM architecture that can use additional logic to significantly reduce the rule expansions, both in the worst case and using real-life classification databases. A. Background I.

Abstract—Ternary content-addressable memory (TCAM) devices are increasingly used for performing high-speed packet classification. A TCAM consists of an associative memory that compares a search key in parallel against all entries. TCAMs may suffer from error events that cause ternary cells to change their value to any symbol in the ternary alphabet “0”,“1”,“*”. Due to their parallel access feature, standard error detection schemes are not directly applicable to TCAMs; an additional difficulty is posed by the special semantic of the “* ” symbol. This paper introduces PEDS, a novel parallel error detection scheme that locates the erroneous entries in a TCAM device. PEDS is based on applying an error-detecting code to each TCAM entry, and utilizing the parallel capabilities of the TCAM, by simultaneously checking the correctness of multiple TCAM entries. A key feature of PEDS is that the number of TCAM lookup operations required to locate all errors depends on the number of symbols per entry in a manner that is typically orders of magnitude smaller than the number of TCAM entries. For large TCAM devices, a specific instance of PEDS requires only 200 lookups for 100-symbol entries, while a naive approach may need hundreds of thousands lookups. PEDS allows flexible and dynamic selection of trade-off points between robustness, space complexity, and number of lookups.

Modern computer systems are called on to deal with billions of events every second, whether they are instructions executed, memory locations accessed, or packets forwarded. This presents a serious challenge to those who seek to quantify, analyze, or optimize such systems, because important trends and behaviors may easily be lost in a sea of data. We present Range Adaptive Profiling (RAP) as a new and general purpose profiling method capable of hierarchically classifying streams of data efficiently in hardware. Through the use of RAP, events in an input stream are dynamically classified into increasingly precise categories based on the frequency with which they occur. The more important a class, or range of events, the more precisely it is quantified. Despite the dynamic nature of our technique, we build upon tight theoretic bounds covering both worst-case error as well as the required memory. In the limit, it is known that error and the memory bounds can be independent of the stream size, and grow only linearly with the level of precision desired. Significantly, we expose the critical constants in these algorithms and through careful engineering, algorithm re-design, and use of heuristics, we show how a high performance profile system can be implemented for Range Adaptive Profiling. RAP can be used on various profiles such as PCs, load values, and memory addresses, and has a broad range of uses, from

For modern software systems that operate in complex execution environments, reliability is key. The ability for observing the internal states of an executing program can facilitate a spectrum of program execution monitors to enhance software reliability; and modern multicore processors provide the computing power needed by such monitors. This paper presents Ex-Mon, novel hardware and software supports that enable efficient and flexible dynamic program execution monitoring. In Ex-Mon, a hardwarebased extraction logic that can be configured dynamically by the monitoring software, is integrated onto each processor core. The extraction logic forwards events that are of interests to the monitoring software for correctness verification. We evaluate the effectiveness and efficiency of the proposed system by using it to detect memory-bugs in the SPEC2000 benchmark suite. The experiments show that performance overhead of Ex-Mon is 15 % on average and 41.4 % in the worst case. The bandwidth requirement of the proposed system is below 10 bits per cycle, which is acceptable considering the bandwidth capacity of today’s state-of-the-art on-chip interconnect network. 1