information session for master seminar „future internet“ · 2013-02-25 · final slides*...

Network Architectures and ServicesDepartment Computer Science

Technische Universität München

Information Session for

Master Seminar

„Future Internet“

Prof. Dr.-Ing. Georg Carle and Staff

Organisation: Raumer, Schwaighofer, Schmitt

Seminar Future Internet 2

Administrative Things for all Seminars

Responsibilities

Grading

Today: Topic Selection for Seminar Future Internet

www.fotoila.de



Responsibilities

Grading

Today: Topic Selection for SeminarFuture Internet

www.fotoila.de


Responsibilities Seminars

Organisation: Prof. Dr.-Ing. Carle, t.b.a.

Appointments:

Formality:

Main Language: German

Diplom: 2 SWS

B.Sc./ M.Sc: 4 ECTS

Attendance list exists

Each participant will be session chair for one talk (moderation, discussion leader, min. 1 question concerning the talk)

Successfull attendance (Talk, Paper, Review)

Using department templates on our homepage

Registration via Seminar homepage

http://www.net.in.tum.de/de/lehre/

Seminar FI: ~ 12 Slots

11.-12.04.2013, 8-18 p.m.

in room 03.07.023

Seminar IITM: ~ 16 Slots

Topic Selection 19.04.2013,

Fridays 14:00-16:00 p.m.

in room 03.07.023


Material

See homepage: http://www.net.in.tum.de/de/lehre/

Slides:

Talk: How to write a scientific paper?

Talk: How to write a review?

Talk: How to give feedback?

Example:

1st paper version Advisor review 2nd paper version

Questions: Send them to advisor first before inquiring

organization

Advisors offer the opportunity of test talks (dry runs)


Hints for Topic Handling

Attention:

From your advisor(s) you may receive some literature.

Starting from this you have to do research for papers on your own.

Make scholar.google.com /acm.org /ieee.org your friend! (and

your source’s sources…)

With all topics the task is especially not taking the literature

given and presenting it.

You fill the topic with life. Your goal: make it interesting for you,

me, and the other participants (your audience!)


Grading for the seminars – Guidelines

Grading parts:

1. Personal meeting with advisor is compulsory!

2. Both of your paper submissions (6–8 pages in ACM) (50%)

• 1st Version (75%) Peer review process

2nd version (final) for publication (25%)

3. Your talk (20–25min, following discussion and feedback) (25%)

• Content counts; personal presentation style is not counted

4. Your review of papers from other seminar participants (25%)

Further things to consider:

Attendance at all appointments is compulsory

Observance of deadlines (upload form on homepage)

Write the paper yourself! (plagiarism checks in every upload!)

Session chair for one talk

Plagiarism = DISQUALIFICATION.

Missing deadlines = per day 0.3 degrading (each time)

No submission = grade 5 for the concerning part


You have the chance to get your talk recorded

Seminar goals:

…, …, …, Improving your presentation skills.

They said I did this and

that… no way!

• Have a

look at yourself

after the talk!

Your talk was great? Now

you have the chance to

show it to your friends.

Want to know something about a topic that was already in the

seminar? Watch your fellow students explaining the topic



Today: Topic Selection for Seminar

Future Internet

Seminar Future Internet

Challenging Topics!

Sometimes previousknowledge required!

www.fotoila.de


Deadlines Seminar FI

Dates

Topic Selection (room 03.07.023) today

Pick up literature per mail or personal by advisor Until 01.02.2013

Advisor meeting to group topic (discussion of received literature – be prepared (MUST)

Until 15.02.2013

Detailed structure of paper and talk Until 08.03.2013

Final slides* discussion with advisor

* Slides must be presentable, otherwise -0.3 degree in grading. They can be modified until

final talk.

Until 04.04.2013

Upload paper (1. Version) 26.03.2013

Upload Reviews 09.04.2013

TalksSchedule comes soon

11.04.2013-

12.04.2013

Upload paper (2. Version) and final slides 30.04.2013

Publication in Proceeding t.b.a.

Deadline might be shifted

depending on number of participants.


Honeypot-Architectures using VMI Techniques

The honeypot has emerged as an effective tool to provide insights

into new attacks and current exploitation trends.

Though effective, a single honeypot or multiple independently

operated honeypots only provide a limited local view of network

attacks.

Problem: coordinated honeypot deployment and operation require

close and consistent collaboration across participating network

domains

Approach: Using VMI Techniques

Your Task: Analyse and compare VMScope and Collapsar. Get an

insight into honeypot usage in general and compare it with VMI

based solutions. What is improved? Are there new problems and

issues?

It would be helpful to have some basic knowledge about

VMs, Virtual Machine Introspection and anomaly detection.

Nadine, Stephan P.


Protect Guest Kernel Integrity and monitor Guest Kernel

Behavior

Virtualization can be used to improve security, because an

additional layer is inserted between hardware and OS.

Focus in this work: Kernel Integrity and Control Flow Integrity of

the Guest OS

Your Task: Analyse and compare SIM, NICKLE, HookSafe and

VMWatcher. What is most suitable in certain circumstances? What

goals they have? What is protected?

It would be helpful to have some basic knowledge about

VMs, Virtual Machine Introspection and kernel internals.

Nadine, Stephan P.

Guest Application

Guest Application

Guest Application

Guest OS

VMM

Host Hardware

Guest Application

Guest Application

Guest Application

Guest OS

VMM

Host OS

Host Hardware


Internet Science 1 – Dependability, Resilience,

Terms and Concepts (Heiko)

Critical Infrastructure needs to be

safe and secure.

There are some terms to understand:

Safety vs Security

Dependability

Resilience

Concept

The basic idea is redundancy.

How does redundancy look like in

Network

Server

Access Point

A Travel

…


Internet Science 2 – Impact of social behavior for

critical infrastructure resilience (Heiko)

Computer Science solutions often

forget the surroundings

And the most important ingridient:

the Human

Goal

Better understand human element

Aspects

Social Risk Amplification

Intentions

Processes

Socio-economic incentives


Internet Science 3 – Virtualization as tool for network

resilience (Heiko)

Virtualization makes the position of a running service from a phyiscal

location

How can we profit from this for resilience?

Multiple server instances

Move server away from attacker

More difficult than you may think


Internet Science 4 – Cyber Attacks against Critical

Infrastructures (e.g. Smart Power Grid)

Critical Infrastructures never fail! …. well sometimes they do!

Look at REAL (and academic) cases of attack or failure

What happened?

What went wrong?

How do these networks defend?

What could they do?

Resilience (graph theory), security (network protection, crypto, protocols)

Heiko


DHT-based multicastBart


Multicast Key ManagementBart


Anonymity: Formalisation of Privacy – Ralph

Anonymity is (practically) never

perfect

Classic papers:

k-anonymity

l-diversity

Formalisations give

boundaries

Your task:

You get starting directions

Research using above starting points

Clear, concise and comprehensive overview

Think of practical applications and potential failures

Prerequisites: Willingness to learn and maths

(This topic can be split into 2)


TCP internals

Proposed changes to update TCP:

Handshake

TCP Fast Open: accelerated content transmission using the handshake

Initial congestion window

Implications of increasing init_cwnd

Sources: Papers, RFCs, TCP implementation in the Linux kernel

Your task:

Compare

Identify impediments to deployment, security analysis

How useful is it?

You should know about:

Socket programming in C or kernel programming

Inner workings of TCP, slow start, fast retransmit, syn cookies…

Benjamin, Lukas


Solutions to Bufferbloat

Bufferbloat is a common problem

Bittorrent is innocent

Your ISP doesn’t care anyway

Try it at home

Saturate your upload bandwidth

Watch the round-trip-times (e.g. using ICMP) to your favorite website

increase (typically to a value much larger than 100ms)

Your tasks:

Familiarize yourself with Bufferbloat

Implications for TCP’s congestion avoidance

Understand proposed solutions

Tuning buffer sizes

Active queue management

Random Early Detection (RED, 1993)

Controlled Delay (CoDel, 2012)

If you can, try it yourself (using your Linux-based router)

Write a (good!) paper

Lukas, Benjamin


How modern NICs speed up Packet-Processing

Performance of PC-Systems

Basic behavior of a Network Card:

1. triggers an interrupt when a packet is received

2. transmits the packet to the main memory

3. CPU processes various information in the main memory

There is a need for

…avoidance of interrupts

…offload of work to the NICs

partly requires support by drivers and OS

Goal

Provide an overview to existing techniques;

Select some relevant/innovative, describe and analyze them

Requires reading of technical descriptions of NIC‘s !!!!1einself

Wohlfart, Raumer


Standardizing Network Management

Network management is a complex task. The lack of standards

leads to

…various CLI-scripts

…different non-compatible, proprietary software

…higher costs and more complex systems

…high entry barriers for new vendors

…

The Network Configuration Protocol (NETCONF),

is a network management protocol standardized by the IETF

Goal

Why NETCONF?

What is NETCONF?

How does it cooperate with YANG

Evaluation (in context of trends and currently hyped SDN architectures)

Raumer, Wohlfart


SDN with OpenFlow architecture currently gains high interest

Southbound API is standardized

No standard / state of the art for

the Northbound API

Explain the OpenFlow/SDN architecture

Goal

Explain the OpenFlow architecture

How does the process of standardizing a Northbound API differ from standardizing the

Southbound API? Why?

Have a look at SDN controllers (i.e. NOX/POX and Floodlight) and their Northbound APIs

What are their differences?

Explain candidates and approaches for Northbound APIs

(optional combined with a look at the East-/Westbound API)

Requires fun in reading technical blogs, and a critical eye

Completing SDN – The Northbound APIRaumer, Wohlfart


Network Simulation and its LimitationsWohlfart, Raumer

Compute the behavior of a network using a mathematical model

Estimate various parameters:

Throughput, delay, packet loss, etc…

Make it possible to make statements about a system, that does

not (yet) exist

E.g. analyze the large-scale behavior of new network protocols

Goal

Give an overview of network simulation

Where is it used?

What models do exist? What are their limitations?

Describe the NS3 network simulator

Technical implementation

Simulation model


VMI-IDS

Host-based IDS resides inside the monitored host

Deep view into the monitored system

Disadvantage: Low resistance against attacks, e.g.

by malware

Possible solution: Use of virtualization

Isolation between IDS and monitored system

Monitoring can be done using Virtual Machine

Introspection

How does VMI work?

Which VMI-IDS are available?

Malware detection methods?

Classification?

Simon


Linux Rootkits

Rootkits offer data hiding techniques in context of operating

systems and allow to reobtain privileged access

Especially malware uses this technique

Hide running processes, loaded modules, files,

network ports, …

Provide root access without authentication

Different mechanisms: User mode and kernel mode

rootkits

How do rootkits work?

Focus on Linux kernel mode rootkits

Simple demonstration

Possible detection mechanisms

Simon


Evolution of Cellular Networks

From GSM to LTE-Advanced

Tasks & Questions

Describe the different Radio Access Networks (RAN)

GERAN, UTRAN, E-URAN

Describe the evolution of the core network: 2G/3G Core vs. EPC

Reachable data rates, channel access methods

3GPP inter-working system system architecture

How does the handover procedure work (e.g. inter-RAT)?

Tsvetko


LTE Self-Organizing Networks (SON)

High complexity of mobile

communication systems

Planning and optimization tools

supervised by human operators are

time-consuming

error prone and expensive

require high degree of expertise

Introduction to SON-Enabled Systems

Tasks & Questions

What is a SON-Function?

Distinguish between self-optimization, -healing and –configuration

Introduce some key SON functions (e.g. MRO, COD, CDC, CCO)

Possible SON Conflicts?

Tsvetko


Administrative Things for all

Seminars

Today: Topic Selection for

Seminar Future Internet

Challenging Topics!

Sometimes previousknowledge required!

www.fotoila.de


Topic assignment (I)

Speaker Title Advisor(s)

Hr. M. Köpferl Internet Science 1 – Dependability, Resilience, Terms and Concepts

Heiko

Hr. R. Milzarek Internet Science 2 – Impact of socialbehavior for critical infrastructureresilience

Heiko

Hr. D. Hoyos Internet Science 3 – Virtualization as tool for network resilience

Heiko

Hr. M. Grimm Internet Science 4 – Cyber Attacks against Critical Infrastructures

Heiko

Hr. S. Floeren Honeypot-Architectures using VMI Techniques

Nadine, Stephan P.

Protect Guest Kernel Integrity and Monitor Guest Kernel Behavior

Nadine, Stephan P.

Hr. J. Maier,

Hr. M. Kern

Anonymity: Formalisation of Privacy Ralph

Hr. B. Engeser VMI-IDS Simon


Topic assignment (II)

Speaker Title Advisor(s)

Hr. C. Paul Linux Rootkits Simon, Lothar

Hr. C. Dietz DHT-based Multicast Bart

Multicast Key Management Bart

Hr. S. Scheibner TCP Internals Benjamin, Lukas

Hr. V. Jacht Solutions to Bufferbloat Lukas, Benjamin

Hr. R. Schoenberger

How modern NICs speed up Packet-

Processing Performance of PC-

Systems

Wohlfart, Raumer

Hr. S. Rampfl Network Simulation and ist Limitations Wohlfart, Raumer

Hr. L. Stehnken Evolution of Cellular Networks Tsvetko

LTE Self-Organizing Networks (SON) Tsvetko

Standardizing Network Management Raumer, Wohlfart

Completing SDN – The Northbound

API

Raumer, Wohlfart

information session for master seminar „future internet“ · 2013-02-25 · final slides*...

Documents