Networking and Security Projects

Agent Based Modeling at the Boundary of Law and Software

ICSI researchers are studying how agent-based models (ABMs) of social contexts can improve the design and regulation of accountable software systems. Agent-based modeling is a social scientific research method that involves bottom-up modeling of complex systems and computationally determining their emergent properties by running simulations. The ICSI researchers are using ABMs to model elements of the social and regulatory environment in which a software system operates.

PacketLab: A Universal Measurement Endpoint Interface

The right vantage point is critical to the success of any active measurement. However, most research groups cannot afford to design, deploy, and maintain their own network of measurement endpoints, and thus rely measurement infrastructure shared by others. Unfortunately, the mechanism by which we share access to measurement endpoints today is not frictionless; indeed, issues of compatibility, trust, and a lack of incentives get in the way of efficiently sharing measurement infrastructure.

Rethinking Home Networking for the Ultrabroadband Era

People generally center their lives around their residence. This center of gravity is where we can be contacted, store our things, do our homework, play games, meet after disparate activities, eat our meals, and so on. Our digital lives are, however, not organized around such a hub. Rather, we use a myriad of services to communicate with one another, store pictures, work on documents, share videos, keep our music, deal with calendars, etc. In this arrangement we are the hub. Our content and information comes to us from a range of places to wherever we happen to be at the moment.

Privacy Risk in Machine Learning Pipelines

ICSI researchers are working with researchers at Carnegie Mellon University on tracking private data through machine learning pipelines. They will develop stronger notions of proxy that account for why a classifier is using information by: 

Co-Design of Network, Storage and Computation Fabrics for Disaggregated Datacenters

Traditional datacenters are built using servers, each of which tightly integrates a small amount of CPU, memory and storage onto a single motherboard. The slowdown of Moore's Law has led to surfacing of several fundamental limitations of such server-centric architectures (e.g, the memory-capacity wall making CPU-memory co-location unsustainable). As a result, a new computing paradigm is emerging --- a disaggregated datacenter architecture, where each resource type is built as a standalone "blade" and a network fabric interconnects the resource blades within and across datacenter racks.

Universal Packet Scheduling

This project addresses a seemingly simple question: Is there a universal packet scheduling algorithm? More precisely, researchers are analyzing whether there is a single packet scheduling algorithm that, at a network-wide level, can perfectly match the results of any given scheduling algorithm. The question of universal packet scheduling is being investigated from both a theoretical and empirical perspective.

Zeek Intrusion Detection System Refinements

ICSI is working with LBNL on refinements to Zeek (formerly known as Bro). The work includes troubleshooting and resolving the most complex problems with the Zeek network monitor, development/integration of the communication framework, development and implementation of new features for the Input framework, and development of a persistence solution for the NetControl and Catch-and Release frameworks of Zeek/Bro. Zeek/Bro is an open-source network intrustion detection system developed at ICSI and LBNL which is currently in use at Fortune 500 companies, universities, and governments.

When do Computers Discriminate? Toward Informing Users About Algorithmic Discrimination

In this collaborative project with University of Maryland, ICSI researchers are tackling the challenge of explaining what constitutes unacceptable algorithmic discrimination. Getting the answer to this question right is key to unlocking the potential of automated decision systems without eroding the ability of people to get a fair deal and advance in society.

Creating an Evolvable, Diverse, and Dynamic Internet

The Internet has ushered in a new era of communication, and has supported an ever-growing set of applications that have transformed our lives. It is remarkable that all this has taken place with an Internet architecture that has remained unchanged for over forty years. While unfortunate, some view this architectural stagnation as inevitable. After all, it has long been a central tenet that the Internet needs a "narrow waist" at the internetworking layer (L3), a single uniform protocol adopted by everyone; given this assumption, changing this layer is inevitably hard.

Towards Programming Datacenters

Datacenters have redefined the nature of high-end computing, but harnessing their computing power remains a challenging task. Initially, programming frameworks such as MapReduce, Hadoop, Spark, TensorFlow, and Flink provided a way to run large-scale computations. These frameworks took care of the difficult issues of scaling, fault-tolerance, and consistency, freeing the developer to focus on the logic of their particular application. However, each of these frameworks were aimed at a specific computational task (e.g., machine learning, data analytics, etc.), and are not fully general.

De-Mystifying and Hardening the Domain Name System

When the DNS fails, nothing works. One does not need to look beyond many real-world advertising campaigns to appreciate that naming is one of the foundational elements upon which most higher layer Internet services are built. We use names as rendezvous points between users and services (e.g., Yet, we do not use names directly in traffic routing. Rather, we turn names into IP addresses via the Domain Name System (DNS). A DNS lookup is therefore a prerequisite for most Internet transactions.

Accountable Information Use: Privacy and Fairness in Decision-Making Systems

Increasingly, decisions and actions affecting people's lives are determined by automated systems processing personal data. Excitement over the positive contributions of these systems has been accompanied by serious concerns about their opacity and the threats that they pose to privacy, fairness, and other values. Recognizing these concerns, this project seeks to enable real-world automated decision-making systems to be accountable for privacy and fairness.

Counter Power Lab

In this collaborative project with UC Berkeley, ICSI PIs are working with the lead developer of the "Snowflake" censorship circumvention system to refine the code for production deployment in both the Tor Browser Bundle and as a stand-alone application. The work includes developing instrumentation to measure the usage of Snowflake as its deployment rolls out and analyzing the results to assess Snowflake's impact on enabling circumvention.

Exploring Internet Balkanization through the Lens of Regional Discrimination

One of the Internet’s greatest strengths is the degree to which it facilitates access to any of its resources from users anywhere in the world. Various forces, however, have arisen that restrict particular users from accessing particular destinations, resulting in a "balkanization" of the network. This project explores apt methodologies for understanding such balkanization, an effort we will undertake in the context of examining "regional discrimination," i.e., the degree to which certain web services deny or degrade access to users from particular geographic regions.

Effective and Economical Protection for High-Performance Research and Education Networks

As scientific research requires free exchange of information and ideas among collaborators world-wide, scientists depend critically on full and open access to the Internet. Yet in today’s world, such open access also exposes sites to incessant network attacks. Some of the most powerful networks today remain particularly hard to defend: for the 100G environments and backbones that facilitate modern data-intensive sciences, classic inline firewalls remain infeasible options.

Lumen Privacy Monitor

Your mobile phone hosts a rich array of information about you and your behavior. This includes a wide range of unique identifiers and sensitive personal information that enables online tracking, often times for delivering targeted advertisement. It is, however, striking how little insight and control we, as mobile users have into the operation and performance of our devices, into how (or whether) they protect information we entrust to them, and who they share it with.

Shining Light on Non-Public Data Flows

This project looks into the usage and collection of data by programs that operate behind the scenes. The collected data and its use by a network of sellers, brokers, and marketers represents a direct privacy threat as it can be used for marketing, profiling, crime, or government surveillance, and yet consumers have little knowledge about it and no legal means to access the data. ICSI researchers are conducting surveys and experiments to determine the current status of this data and observe its effects.

Understanding the State of TLS Using Large-scale Passive Measurements

This project leverages and extends the data collection of the ICSI SSL Notary for an extensive study of the real-world TLS/X.509 ecosystem through measurement-centric research. The SSL/TLS protocol suite constitutes the key building block of today’s Internet security, providing encryption and authentication for end-to-end communication with the help of an associated global X.509 public key infrastructure. However, from its first version in 1994 until today, researchers and practioners keep discovering TLS deficiencies undermining the protocol’s security on a regular basis.

Towards a Science of Censorship Resistance

This project focuses on establishing a science of censorship resistance. Recent years have seen significant efforts on the part of both practitioners and researchers in countering large-scale Internet censorship imposed by nation-states. Driven by an active arms race, much of the research work in the field has been reactive in nature, lacking solid and methodical foundations.

Previous Work: Security and Privacy for Wearable and Continuous Sensing Platforms

In this collaborative project, researchers at ICSI, UC Berkeley, and University of Washington are systematically exploring the security and privacy issues brought up by the increasing popularity of wearable computers. The recent demand for devices like Google Glass, smart watches, and wearable fitness monitors suggests that wearable computers may become as ubiquitous as cellphones.