Abstract: Despite the popularity of adding sensors to mobile devices, the readings provided by these sensors cannot be trusted. Users can fabricate sensor readings with relatively little effort. This lack of trust discourages the emergence of applications where users have an incentive to lie about their sensor readings, such as falsifying a location or altering a photo taken by the camera. This paper presents a broad range of applications that would benefit from the deployment of trusted sensors, from participatory sensing to monitoring energy consumption. We present two design alternatives for making sensor readings trustworthy. Although both designs rely on the presence of a trusted platform module (TPM), they trade-off security guarantees for hardware requirements. While our first design is less secure, it requires no additional hardware beyond a TPM, unlike our second design. Finally, we present the privacy issues arising from the deployment of trusted sensors and we discuss protocols that can overcome them. 1.

A key feature that distinguishes modern botnets from earlier counterparts is their increasing use of structured overlay topologies. This lets them carry out sophisticated coordinated activities while being resilient to churn, but it can also be used as a point of detection. In this work, we devise techniques to localize botnet members based on the unique communication patterns arising from their overlay topologies used for command and control. Experimental results on synthetic topologies embedded within Internet traffic traces from an ISP’s backbone network indicate that our techniques (i) can localize the majority of bots with low false positive rate, and (ii) are resilient to incomplete visibility arising from partial deployment of monitoring systems and measurement inaccuracies from dynamics of background traffic. 1

This paper presents the design and implementation of NetQuery, a knowledge plane for federated networks such as the Internet. In such networks, not all administrative domains will generate information that an application can trust and many administrative domains may have restrictive policies on disclosing network information. Thus, both the trustworthiness and accessibility of network information pose obstacles to effective reasoning. NetQuery employs trustworthy computing techniques to facilitate reasoning about the trustworthiness of information contained in the knowledge plane while preserving confidentiality guarantees for operator data. By characterizing information disclosure between operators, NetQuery enables remote verification of advertised claims and contractual stipulations; this enables new applications because network guarantees can span administrative boundaries. We have implemented NetQuery, built several NetQuery-enabled devices, and deployed applications for cloud datacenters, enterprise networks, and the Internet. Simulations, testbed experiments, and a deployment on a departmental network indicate NetQuery can support hundreds of thousands of operations per second and can thus scale to large ISPs.

I am excited about building practical systems and networks based on rigorous theory and sound analysis. My research interests cover a broad range of experimental and theoretical problems that arise in realizing future systems and networks. I envision a world in which users communicate and control cyber and physical infrastructures wirelessly. Recent advances in cloud computing and wireless networks point to such a future. There are several challenges that must be overcome before this vision becomes a reality. My work is motivated by three important and recurring challenging themes: 1. Programming systems and networks: Today’s distributed systems and networks, ranging from data centers to wireless networks to battery-operated sensor nodes, are hard to program, do not function as expected, and are power hungry. My goal is to simplify the programming of systems and networks, and improve their reliability and energy efficiency. 2. Security and privacy: Today’s Internet is lacking a good security model. Further, privacy is hard to achieve in wireless networks and devices. I want to enhance the security and privacy of wireless networks and the Internet. 3. High-throughput wireless networks: Most wireless networks suffer from poor performance under

Abstract. Data aggregation is a key aspect of many distributed applications, such as distributed sensing, performance monitoring, and distributed diagnostics. In such settings, user anonymity is a key concern of the participants. In the absence of an assurance of anonymity, users may be reluctant to contribute data such as their location or configuration settings on their computer. In this paper, we present the design, analysis, implementation, and evaluation of Anonygator, an anonymity-preserving data aggregation service for large-scale distributed applications. Anonygator uses anonymous routing to provide user anonymity by disassociating messages from the hosts that generated them. It prevents malicious users from uploading disproportionate amounts of spurious data by using a light-weight accounting scheme. Finally, Anonygator maintains overall system scalability by employing a novel distributed tree-based data aggregation procedure that is robust to pollution attacks. All of these components are tuned by a customization tool, with a view to achieve specific anonymity, pollution resistance, and efficiency goals. We have implemented Anonygator as a service and have used it to prototype three applications, one of which we have evaluated on PlanetLab. The other two have been evaluated on a local testbed.