angelos,misra,danr¥ Denial of service (DoS) attacks continue to threaten the reliability of networking systems. Previous approaches for protecting networks from DoS attacks are reactive in that they wait for an attack to be launched before taking appropriate measures to protect the network. This leaves the door open for other attacks that use more sophisticated methods to mask their traffic. We propose an architecture called Secure Overlay Services (SOS) that proactively prevents DoS attacks, geared toward supporting Emergency Services or similar types of communication. The architecture is constructed using a combination of secure overlay tunneling, routing via consistent hashing, and filtering. We reduce the probability of successful attacks by (i) performing intensive filtering near protected network edges, pushing the attack point perimeter into the core of the network, where high-speed routers can handle the volume of attack traffic, and (ii) introducing randomness and anonymity into the architecture, making it difficult for an attacker to target nodes along the path to a specific SOS-protected destination. Using simple analytical models, we evaluate the likelihood that an attacker can successfully launch a DoS attack against an SOSprotected network. Our analysis demonstrates that such an architecture reduces the likelihood of a successful attack to minuscule levels.

Abstract—We propose an architecture called secure overlay services (SOS) that proactively prevents denial of service (DoS) attacks, geared toward supporting emergency services, or similar types of communication. The architecture uses a combination of secure overlay tunneling, routing via consistent hashing, and filtering. We reduce the probability of successful attacks by: 1) performing intensive filtering near protected network edges, pushing the attack point perimeter into the core of the network, where high-speed routers can handle the volume of attack traffic and 2) introducing randomness and anonymity into the forwarding architecture, making it difficult for an attacker to target nodes along the path to a specific SOS-protected destination. Using simple analytical models, we evaluate the likelihood that an attacker can successfully launch a DoS attack against an SOSprotected network. Our analysis demonstrates that such an architecture reduces the likelihood of a successful attack to minuscule levels. Our performance measurements using a prototype implementation indicate an increase in end-to-end latency by a factor of two for the general case, and an average heal time of less than 10 s. Index Terms—Access control, denial of service (DoS) attacks, overlay networks, packet filtering, peer-to-peer (P2P) networks. I.

Balancing loads in a multiprocessor or multicomputer system can have a significant impact on performance. In this paper, we model such a system as a heterogeneous multi-server queueing system. We study the behavior of such a system operating under the Minimum Expected Delay (MED) routing policy, i.e., an arriving customer is assigned to the queue which has the minimal expected value of unfinished work. This routing discipline can be viewed as a generalization of the join-the-shortest queue (SQ) discipline for homogeneous servers. There is no closed-form solution for this class of queueing problem. In this paper, we provide a methodology to compute upper and lower bounds on the mean response time of the system. This methodology allows one to tradeoff the tightness of the bounds and computational cost. Applications and numerical examples are presented which show how to use this methodology for deriving performance measures and also illustrating that the excellent accuracy of the computat...

The M/G/K queueing system is one of the oldest model for multi-server systems, and has been the topic of performance papers for almost half a century. However, even now, only coarse approximations exist for its mean waiting time. All the closed-form (non-numerical) approximations in the literature are based on (at most) the first two moments of the job size distribution. In this paper we prove that no approximation based on only the first two moments can be accurate for all job size distributions, and we provide a lower bound on the inapproximability ratio, which we refer to as “the gap. ” This is the first such result in the literature to address “the gap. ” The proof technique behind this result is novel as well and combines mean value analysis, sample path techniques, scheduling, regenerative arguments, and asymptotic estimates. Finally, our work provides insight into the effect of higher moments of the job size distribution on the mean waiting time. 1

Abstract not found

Abstract—We consider a three node network in which a pair of nodes with stochastic arrivals communicate with each other with the help of an intermediate relay. The bi-directional nature of the traffic, in this setting, poses a new energy delay trade-off. Namely, the relay node may choose to cache packets from one direction and send it only after packets from the other direction arrive, using an XOR network coding scheme. Doing so would save energy, but would also incur some delay for the packet. In this work, we analyze this trade-off when the relay node queues packets from each direction and uses a first-come-firstserve policy. We show that under an even traffic load where one would hope for the most energy savings, to achieve the minimum energy expenditure promised by the XOR network coding scheme, the average delay has to go to ∞. Keywords: Two-way relay, queuing, energy-delay trade-off I.

Preemptive scheduling policies not based on job size

In this lecture we will derive the Laplace transform of the response time for an M/G/1 queue. The transform will allow us to get moments of response time. Announcements: 1. HW 7 due Monday. HW 8 will hopefully go out the following Wednesday, and will be the last homework:-) 2. I will be teaching class this Friday, during the Recitation slot, so please come! 1 Warmup Before we begin, it is useful to warm up a bit on transforms. Review Question: What is ÂS(z), Where AS denotes the number of arrivals of a Poission(λ) process during R.V. S.

Energy costs for data centers continue to rise, already exceeding $15 billion yearly. Sadly much of this power is wasted. Servers are only busy 10–30 % of the time on average, but they are often left on, while idle, utilizing 60 % or more of peak power when in the idle state. We introduce a dynamic capacity management policy, AutoScale, that greatly reduces the number of servers needed in data centers driven by unpredictable, time-varying load, while meeting response time SLAs. AutoScale scales the data center capacity, adding or removing servers as needed. AutoScale has two key features: (i) it autonomically maintains just the right amount of spare capacity to handle bursts in the request rate; and (ii) it is robust not just to changes in the request rate of real-world traces, but also request size and server efficiency. We evaluate our dynamic capacity management approach via implementation on a 38-server multi-tier data center, serving a web site of the type seen in Facebook or Amazon, with a key-value store workload. We demonstrate that AutoScale vastly improves upon existing dynamic capacity management policies with respect to meeting SLAs and robustness.

those of the author and should not be interpreted as representing the official policies, either expressed or implied, of Energy costs for data centers continue to rise, already exceeding $15 billion yearly. Sadly much of this power is wasted. Servers are only busy 10-30 % of the time on average, but they are often left on, while idle, utilizing 60 % or more of peak power when in the idle state. We introduce a dynamic capacity management policy, AutoScale, that greatly reduces the number of servers needed in data centers driven by unpredictable, time-varying load, while meeting response time SLAs. AutoScale scales the data center capacity, adding or removing servers as needed. AutoScale has two key features: (i) it autonomically maintains just the right amount of spare capacity to handle bursts in the request rate; and (ii) it is robust not just to changes in the request rate of real-world traces, but also request size and server efficiency. We evaluate our dynamic capacity management approach via implementation on a 38-server multitier data center, serving a web site of the type seen in Facebook or Amazon, with a key-value store workload. We demonstrate that AutoScale vastly improves upon existing dynamic capacity management