http://hdl.handle.net/1813/5602 http://dspace.library.cornell.edu/retrieve/32119 http://hdl.handle.net/1813/5602 Search the Channel search http://dspace.library.cornell.edu/simple-search http://hdl.handle.net/1813/11220 Title: On The Difficulty of Finding the Nearest Peer in P2P Systems <br/> <br/>Authors: Vishnumurthy, Vivek; Francis, Paul <br/> <br/>Abstract: Finding the nearest peer, in terms of latency, is an important problem in many Internet applications. In this paper, we argue that solutions that only examine inter-peer latencies as part of their operation will find it infeasible, in certain cases, to discover the nearest peer in P2P systems. The difficulty arises out of the way the last hop is typically laid out in the Internet, where a single PoP (point of presence) belonging to an ISP provides connectivity to numerous client networks. This setup leads to a large number of peers being at about the same latency from one another, which, we argue, presents a serious obstacle when a peer tries to discover another peer residing in the same network as itself. We use large-scale measurements over hosts in the Azureus P2P network and DNS servers to show that this condition does occur in real settings, and use simulations of the Meridian closest-server algorithm to show that the condition does indeed lead to difficulty in finding the exact-closest peer. We also propose a few heuristics that help address this issue. http://hdl.handle.net/1813/11153 Title: Hyperproperties: Verification of Proofs <br/> <br/>Authors: Bueno, Denis L.; Clarkson, Michael R. <br/> <br/>Abstract: This paper formalizes some proofs by Clarkson and Schneider about hyperproperties. The proofs are mechanically verified using the proof assistant Isabelle. http://hdl.handle.net/1813/11102 Title: A Dirty-Slate Approach to Routing Scalability <br/> <br/>Authors: Ballani, Hitesh; Francis, Paul; Wang, Jia; Cao, Tuan <br/> <br/>Abstract: This paper presents Virtual Aggregation, an architecture that attempts to tackle the Internet routing scalability problem. Our approach does not require any changes to router software and routing protocols and can be deployed by any ISP without the cooperation of other ISPs. Hence, Virtual Aggregation is a configuration-only solution. The key insight here is to use divide-and-conquer so that default-free zone routers don?t need to maintain the entire routing table. Instead, an ISP can modify its internal routing such that individual routers in its network only maintain a part of the routing table. We evaluate the application of Virtual Aggregation to a few tier-1 and tier-2 ISPs and show that it can reduce routing table size on individual routers by an order of magnitude while imposing almost no traffic stretch and very little increase in router load. We also deploy Virtual Aggregation across two different testbeds comprising of Cisco and Linux routers. Finally, we detail some shortcomings of the proposed design and discuss alternative designs that alleviate some of these. However, in spite of the limitations, we believe that the simplicity of the proposal and its possible short-term impact on routing scalability suggest that it is an alternative worth considering. http://hdl.handle.net/1813/11101 Title: ShutUp: End-to-End Containment of Unwanted Traffic <br/> <br/>Authors: Guha, Saikat; Taft, Nina <br/> <br/>Abstract: While the majority of Denial-of-Service (DoS) defense proposals assume a purely infrastructure-based architecture, some recent proposals suggest that the attacking endhost may be enlisted as part of the solution, through tamper-proof software, network-imposed incentives, or user altruism. While intriguing, these proposals ultimately raise the deployment bar by requiring both the infrastructure and endhosts to cooperate. In this paper, we explore the design of a pure end-to-end architecture based on tamper-proof endhost software implemented for instance with trusted platforms and virtual machines. We present the design of a ?Shutup Service?, whereby the recipient of unwanted traffic can ask the sender to slowdown or stop. We show that this service is effective in stopping DoS attacks, and in significantly slowing down other types of unwanted traffic such as worms. The Shutup service is incrementally deployable with buy-in from OS or antivirus vendors, requiring only minimal changes to the endhost software stack and no changes to the protocol stack. We show through experimentation that the service is effective and has little impact on legitimate traffic.