Biblio

Filters: Author is Zhou, Wenchao  [Clear All Filters]
2019-10-30
Demoulin, Henri Maxime, Vaidya, Tavish, Pedisich, Isaac, DiMaiolo, Bob, Qian, Jingyu, Shah, Chirag, Zhang, Yuankai, Chen, Ang, Haeberlen, Andreas, Loo, Boon Thau et al..  2018.  DeDoS: Defusing DoS with Dispersion Oriented Software. Proceedings of the 34th Annual Computer Security Applications Conference. :712-722.

This paper presents DeDoS, a novel platform for mitigating asymmetric DoS attacks. These attacks are particularly challenging since even attackers with limited resources can exhaust the resources of well-provisioned servers. DeDoS offers a framework to deploy code in a highly modular fashion. If part of the application stack is experiencing a DoS attack, DeDoS can massively replicate only the affected component, potentially across many machines. This allows scaling of the impacted resource separately from the rest of the application stack, so that resources can be precisely added where needed to combat the attack. Our evaluation results show that DeDoS incurs reasonable overheads in normal operations, and that it significantly outperforms standard replication techniques when defending against a range of asymmetric attacks.

2018-02-14
Zhang, Yuankai, O'Neill, Adam, Sherr, Micah, Zhou, Wenchao.  2017.  Privacy-preserving Network Provenance. Proc. VLDB Endow.. 10:1550–1561.
Network accountability, forensic analysis, and failure diagnosis are becoming increasingly important for network management and security. Network provenance significantly aids network administrators in these tasks by explaining system behavior and revealing the dependencies between system states. Although resourceful, network provenance can sometimes be too rich, revealing potentially sensitive information that was involved in system execution. In this paper, we propose a cryptographic approach to preserve the confidentiality of provenance (sub)graphs while allowing users to query and access the parts of the graph for which they are authorized. Our proposed solution is a novel application of searchable symmetric encryption (SSE) and more generally structured encryption (SE). Our SE-enabled provenance system allows a node to enforce access control policies over its provenance data even after the data has been shipped to remote nodes (e.g., for optimization purposes). We present a prototype of our design and demonstrate its practicality, scalability, and efficiency for both provenance maintenance and querying.
2017-05-16
Chen, Ang, Wu, Yang, Haeberlen, Andreas, Zhou, Wenchao, Loo, Boon Thau.  2016.  The Good, the Bad, and the Differences: Better Network Diagnostics with Differential Provenance. Proceedings of the 2016 ACM SIGCOMM Conference. :115–128.

In this paper, we propose a new approach to diagnosing problems in complex distributed systems. Our approach is based on the insight that many of the trickiest problems are anomalies. For instance, in a network, problems often affect only a small fraction of the traffic (e.g., perhaps a certain subnet), or they only manifest infrequently. Thus, it is quite common for the operator to have “examples” of both working and non-working traffic readily available – perhaps a packet that was misrouted, and a similar packet that was routed correctly. In this case, the cause of the problem is likely to be wherever the two packets were treated differently by the network. We present the design of a debugger that can leverage this information using a novel concept that we call differential provenance. Differential provenance tracks the causal connections between network states and state changes, just like classical provenance, but it can additionally perform root-cause analysis by reasoning about the differences between two provenance trees. We have built a diagnostic tool that is based on differential provenance, and we have used our tool to debug a number of complex, realistic problems in two scenarios: software-defined networks and MapReduce jobs. Our results show that differential provenance can be maintained at relatively low cost, and that it can deliver very precise diagnostic information; in many cases, it can even identify the precise root cause of the problem.