David Koll

On the state of OSN-based Sybil defenses

A Sybil attack can inject many forged identities (called Sybils) to subvert a target system. Because of the severe damage that Sybil attacks can cause to a wide range of networking applications, there has been a proliferation of Sybil defense schemes. Of particular attention are those that explore the online social networks (OSNs) of users in a victim system in different ways. Unfortunately, while effective Sybil defense solutions are urgently needed, it is unclear how effective these OSN-based solutions are under different contexts. For example, all current approaches have focused on a common, classical scenario where it is difficult for an attacker to link Sybils with honest users and create attack edges; however, researchers have found recently that a modern scenario also becomes typical where an attacker can employ simple strategies to obtain many attack edges. In this work we analyze the state of OSN-based Sybil defenses. Our objective is not to design yet another solution, but rather to thoroughly analyze, measure, and compare how well or inadequate the well-known existing OSN-based approaches perform under both the classical scenario and the modern scenario. Although these approaches mostly perform well under the classical scenario, we find that under the modern scenario they are vulnerable to Sybil attacks. As shown in our quantitative analysis, very often a Sybil only needs a handful of attack edges to disguise itself as a benign node, and there is only a limited success in tolerating Sybils. Our study further points to capabilities a new solution must possess; in particular, in defense against Sybils under the modern scenario, we anticipate a new approach that enriches the structure of a social graph with more information about the relations between its users can work more effectively.

The Good Left Undone: Advances and Challenges in Decentralizing Online Social Networks

Abstract Billions of users are now inter-connected in Online Social Networks (OSNs) and, as they interact with each other, massive amounts of potentially private data are collected at the OSN providers’ (e.g., Facebook or Twitter) premises. Unfortunately, provider-initiated privacy violations on this data are frequent and there is little chance that the providers will grant users effective data-protection means. To address these issues and to help users regain the control over their data, decentralized OSNs (DOSNs) have lately been introduced as a competitive paradigm to provider-controlled, centralized OSNs. DOSNs are built to function without the participation of a provider and with the intent to prevent any misuse of private user data. However, all proposed DOSNs still lack widespread adoption. While challenging the market-leading OSNs is difficult for many reasons, in this paper, we set out to understand the technical deficiencies behind the absence of a successful DOSN. We focus on the major technical challenge of DOSNs: they need to substitute the datacenter-based infrastructure of centralized OSNs. We first review recent advances in decentralizing OSNs based on how they approach that challenge. In a next step, we analyze the advantages and disadvantages each approach yields, and then derive a series of challenges that a successful DOSN will have to fulfill. Finally, we discuss options of moving forward in designing a new DOSN that could be successful in doing so.

SOUP: an online social network by the people, for the people

Concomitant with the tremendous growth of online social networking (OSN) platforms are increasing concerns from users about their privacy and the protection of their data. As user data management is usually centralized, OSN providers nowadays have the unprecedented privilege to access every users private data, which makes large-scale privacy leakage at a single site possible. One way to address this issue is to decentralize user data management and replicate user data at individual end-user machines across the OSN. However, such an approach must address new challenges. In particular, it must achieve high availability of the data of every user with minimal replication overhead and without assuming any permanent online storage. At the same time, it needs to provide mechanisms for encrypting user data, controlling access to the data, and synchronizing the replicas. Moreover, it has to scale with large social networks and be resilient and adaptive in handling both high churn of regular participants and attacks from malicious users. While recent works in this direction only show limited success, we introduce a new, decentralized OSN called the Self-Organized Universe of People (SOUP). SOUP employs a scalable, robust and secure mirror selection design and can effectively distribute and manage encrypted user data replicas throughout the OSN. An extensive evaluation by simulation and a real-world deployment show that SOUP addresses all aforementioned challenges.

Thank You For Being A Friend: An Attacker View on Online-Social-Network-Based Sybil Defenses

Online Social Networks (OSNs) have become a rewarding target for attackers. One particularly popular attack is the Sybil attack, in which the adversary creates many fake accounts called Sybils in order to, for instance, distribute spam or manipulate voting results. A first generation of defense systems tried to detect these Sybils by analyzing changes in the structure of the OSN graph---unfortunately with limited success. Based on these efforts a second generation of solutions enriches the graph-structural approaches with higher-level user features in order to detect Sybil nodes more efficiently. In this work we provide an in-depth analysis of these defenses. We describe their common design and working principles, analyze their vulnerabilities, and design simple yet effective attack strategies that an adversary could launch to circumvent these systems. In our evaluation we reveal that an miscreant can exploit the credulity of OSN users and follow a targeted attack strategy to successfully avoid detection by all existing approaches.

On the Security of Software-Defined Networks

To achieve a widespread deployment of Software-Defined Networks (SDNs) these networks need to be secure against internal and external misuse. Yet, currently, compromised end hosts, switches, and controllers can be easily exploited to launch a variety of attacks on the network itself. In this work we discuss several attack scenarios, which -- although they have a serious impact on SDN -- have not been thoroughly addressed by the research community so far. We evaluate currently existing solutions against these scenarios and formulate the need for more mature defensive means.

RConf(PD): Automated resource configuration of complex services in the cloud

Abstract Optimal deployment of complex services in a virtualized environment is still an open problem. These services typically consist of a set of connected components, and each component may consist of multiple instances. Each instance can in turn be run in different virtual flavors, while the service constructed by the combination of these instances must satisfy a customer Service Level Objective (SLO). While there have been efforts to answer the questions of when to provision additional resources in a running service, and how many resources are needed, the question of what (i.e., which combination of instances) should be provisioned has not been investigated yet. In this work, we offer to service providers, the first system that automatically deploys component instances for complex services such that the resource utilization at the provider’s premises is maximized in the presence of customer constraints. Our system consists of two key technologies ( RConf and RConfPD ), both of which build on an analytical model based on robust queueing theory to accurately model arbitrary components. With the help of this model, RConf proposes an algorithm to ultimately find the optimal combination of component instances. Our real-world experiments show that, compared to greedy approaches, RConf provisions 20% less resources in the first place, and can reduce resource wastage on live resources by up to 50%. At the same time, RConfPD trades-off some of the optimality of RConf for a computational expense 1–2 orders of magnitude below that of RConf to provision time-sensitive services. Based on a primal–dual algorithm framework RConfPD relaxes the optimality constraints of RConf and removes dominated combinations to determine an approximation for the optimal solution. Our evaluation shows that RConfPD allows for fast decisions (in many cases 1 m s ), while maintaining 80%–99% of the solution quality of RConf .

SocialGate: Managing large-scale social data on home gateways

Today, Online Social Networks (OSNs) are ubiquitous means of communication. In order to prevent the misuse of personal user data by OSN providers, various research efforts have produced a multitude of approaches to decentralize OSNs in the past decade. The most critical challenge for these systems is to replace the infrastructure of centralized OSNs. That is, they need to handle the large amounts of data uploaded by users on one end, and requests towards that data on the other end. Typically, existing approaches instrumentalize cloud facilities or user devices for this task. Unfortunately, they introduce either a monetary cost for users or have limited success in making data highly available. In this work we propose SocialGate, the first prototype that makes use of home routers of users as the infrastructure backbone of the OSN to avoid these shortcomings. Measurements and experiments based on real-world data support the feasibility and practicability of our approach.

RAERA: A Robust Auctioning Approach for Edge Resource Allocation

In edge computing, content and service providers aim at enhancing user experience by providing services closer to the user. At the same time, infrastructure providers such as access ISPs aim at utilizing their infrastructure by selling edge resources to these content and service providers. In this context, auctions are widely used to set a price that reflects supply and demand in a fair way. In this work, we propose RAERA, the first robust auction scheme for edge resource allocation that is suitable to work with the market uncertainty typical for edge resources---here, customers typically have different valuation distribution for a wide range of heterogeneous resources. Additionally, RAERA encourages truthful bids and allows the infrastructure provider to maximize its break-even profit. Our preliminary evaluations highlight that REARA offers a time dependent fair price. Sellers can achieve higher revenue in the range of 5%-15% irrespective of varying demands and the buyers pay up to 20% lower than their top bid amount.

On the effectiveness of sybil defenses based on online social networks

A Sybil attack can inject many forged identities (called Sybils) to subvert a target system. Among various defense approaches, of particular attention are those that explore the online social networks (OSNs) of users in a target system to detect or tolerate Sybil nodes. Albeit different in their working principle, all these approaches assume it is difficult for an attacker to create attack edges to connect Sybils with honest users. However, researchers have found that an attacker can employ simple strategies to obtain many attack edges. In this work we revisit the state-of-the-art, OSN-based Sybil defenses, and point out their strengths and weaknesses due to the impact of the new properties. We find these defense approaches are vulnerable to attackers under the new scenario, and in many cases a Sybil node only needs to obtain a handful of attack edges to disguise itself as a benign node.

Optimal Resource Configuration of Complex Services in the Cloud

Virtualization helps to deploy the functionality of expensive and rigid hardware appliances on scalable virtual resources running on commodity servers. However, optimal resource provisioning for non-trivial services is still an open problem. While there have been efforts to answer the questions of when to provision additional resources in a running service, and how many resources are needed, the question of what should be provisioned has not been investigated, in particular, for complex applications or services, which consist of a set of connected components, where each component in turn potentially consists of multiple component instances (e.g., VMs or containers). Each instance of a component can be run in different flavors (i.e., number of cores or amount of memory), while the service constructed by the combination of these component configurations must satisfy the customer Service Level Objective (SLO). In this work, we offer to service providers an answer to the what to deploy question by introducing Rconf, a system that automatically chooses the optimal combination of component instances for non-trivial network services. In particular, we propose an analytical model based on robust queuing theory that is able to accurately model arbitrary components, and develop an algorithm that finds the combination of their instances, such that the overall utilization of the running instances is maximized while meeting SLO requirements.