Current Work & Interests

 

I am in my third year as a graduate student at Carnegie Mellon University in the PhD program of the Computer Science Department. I am lucky enough to be co-advised by both Adrian Perrig and Dave Andersen . My main areas of interest are networking and security, focusing on network architectures that are more secure and reliable. I also have a strong interest in policy and economic issues related to the Internet.

During the summer of 2006 I worked at Princeton University with Jen Rexford on incrementally deployable solutions for secure interdomain routing.

Perspectives: Distributed Network Probing for Better SSH Key Security

What do you do when SSH pops up a warning saying that it cannot establish the trust of a servers key? If you're like most people, you just assume it is correct and accept it.

Perspectives extends the basic SSH security model by using a network of distributed servers that monitor the public keys of SSH hosts over time. When a client wishes to connect to a host but cannot authenticate its key (perhaps it has no key cached, or the key has changed), it can contact several of these remote monitoring servers and get additional information that helps detect attacks or identify that a key is valid.

For more information, see the Perspectives: SSH key authentication page.

Incrementally Effective Interdomain Routing Security

My current work focuses on practical architectures for improving the robustness of interdomain routing. Any viable solution must provide security benefits even to intial adoptors to motivate deployment, and should be flexible enough to help operators manage the cost/complexity vs. security benefit trade-off of protecting interdomain traffic. We recently had two papers on this topic published in ACM Hotnets V:

Don't Secure Routing, Secure Data Delivery
Dan Wendlandt, Ioannis Avramopoulos, David Andersen, and Jennifer Rexford
( pdf )

(R)Evolutionary Bootstrapping of a Global PKI for Secure BGP
Yih-Chun Hu, David McGrew, Adrian Perrig, Brian Weis, Dan Wendlandt
( pdf )

See my Incrementally Secure Interdomain Routing project page for more details.

FastPass: A Next-Generation Internet Availability Architecture to handle DDoS

FastPass Project Page
Fastpass looks at how we would design a network to guarantee high availability in the face of DDoS attacks if we could start completely from scratch.  The particular issue we are dealing with right now is how to handle attacks such as packet-floods that require filtering by the infrastructure itself, since the attack often overwhelms the link leading up to the destination.  Router-based capability systems such as TVA or SIFF provide a promising building block, but suffer from the fact that a setup packet must reach the destination without any protection in order to bootstrap the system. We solve this problem by having router's give strict priority to all packets containing authorization tokens that have been granted by the destination, perhaps at an earlier time or through an out-of-band mechanism.

The Clack Graphical Router

Clack Graphical Router Site
My undergraduate honors thesis, the modular and extensible Clack Graphical Router has now been successfully used at more than 7 different universities.  Clack is a tool for teaching about network infrastructure and protocols.  The site includes a Live Clack Demo (Java Plugin required) as well as video demos, instructor resources and a developer page.    For more details, take a look at my undergraduate Clack Honors Thesis .

Our Clack paper got into ACM Softvis:
The Clack Graphical Router: Visualizing Network Software
Dan Wendlandt, Martin Casado, Paul Tarjan, and Nick McKeown.
(pdf)

Past Research & Work Activities

 

For a fall '05 class project we prototyped a centrally scheduled combined MAC and Routing layer for static multi-hop networks. The main deployment target are community wireless networks which already rely on a centralized point to provide wireless access. USSR aims to utilize multiple non-overlapping channels and inter-node interference detection to provided better throughput and fairness in static multi-hop environments. A class project paper on the design and initial evaluation of USSR is available (USSR Paper).

In summer '05 I completed an internship at Google, which I worked on detecting "Adspam", which occurs when people maliciously click on ads provided by either Google Adwords or Google Adsense. I cannot talk specifically about what I did with the group, but the experience was a great one and I highly recommend an internship there.

In June '05 graduated from Stanford's Computer Science Dept. where I was a member of the High Performance Networking Group (HPN).   I wrote a senior honors thesis with Professor Nick McKeown, creating a graphical user-space router named Clack to work within the group's Virtual Network System (VNS).  Clack will be used as an educational tools allowing students to learn about router internals by graphically controlling a router handling real Internet traffic.  Previously I also helped out with HPN's NetFPGA project.

Summer of 2004, I worked at Lawrence Livermore National Labs (LLNL), doing research within the Information Assurance and Operations Center (IOAC).  My research focused on geographic properties of Internet routing, with particular interest in understanding and quantifying the causes of geographically circuitous paths and how they map onto geo-political boundaries.  My technical mentor and I wrote a paper on the work entitled : "Quantifying National Information Leakage".

I have a strong interest in the intersection of policy/economic and Internet security.  I did work with Prof. Michael May at Stanford's Center for International Security and Cooperation (CISAC) that looks at the incentives of Internet Service Providers (ISPs) to provide services that have potential to improve the security of the Internet.  I have a blog called In-Security where I catalog articles related to this work and write about general issues of Internet security policy & economics. 

During the spring of 2004 and again during fall of 2004, I was one of the student coordinators of a new Stanford student initiated course (SIC) called MS&E 91SI: US National Cybersecurity.  The course is sponsored by William Perry and brings in guest speakers who are experts in computer science, law, and economics and how they pertain to the Internet.