David Raymond

Clustered Adaptive Rate Limiting: Defeating Denial-of-Sleep Attacks in Wireless Sensor Networks

The potential for wide-spread use of wireless sensor networks (WSN) in military monitoring, homeland security, and other areas continues to expand. There are, however, security concerns that must be addressed before this potential is realized. One threat to WSNs is the denial-of-sleep attack, a particular type of denial-of-service attack that rapidly drains sensor node batteries by keeping radios active when they should be sleeping to conserve energy. Simple denial-of-sleep attacks involving unauthenticated or replayed packets are difficult to distinguish from bursty data and can force network devices to incorrectly remain in receive mode. This research introduces Clustered Adaptive Rate Limiting, or CARL, a rate limiting approach based on current host-based intrusion detection techniques that is designed to defeat denial-of-sleep attacks. We use simulation to examine tradeoffs and to demonstrate the potential benefits of the CARL mechanism. Providing support for adaptive rate-limiting at the MAC layer, especially in networks that might encounter bursty data, is essential if WSN are to achieve their full potential for mission-critical applications.

Annotated Memory References: A Mechanism for Informed Cache Management

As the importance of cache performance increases, allowing software to assist in cache management decisions becomes an attractive alternative. This paper focuses primarily on a mechanism for software to convey information to the memory hierarchy. We introduce a single instruction--called TAG--that can annotate subsequent memory references with a number of bits, thus avoiding major modifications to the instruction set. Simulation results show that annotating all memory reference instructions in the SPEC95 benchmarks increases execution time between 0% and 2% for both statically and dynamically scheduleded processors. We show that exposing cache management mechanisms to software can decrease the execution time of three media benchmarks (epic, pegwit, ijpeg) between 11% and 17% speedups on a 4-issue dynamically scheduled processor.

Location Privacy for Users of Wireless Devices through Cloaking

The continued growth in online services that provide users with content based on location presents a unique privacy concern for the user. Since the user cannot control the use of the data included in his network transactions once they leave the device, nor can he control the response from the location-based system (LBS), he must assume that information is available to an unknown observer who could use the information to estimate the users location. This paper presents a cloaking system that preserves a users location privacy by submitting multiple requests from disparate false locations to the LBS in rapid succession in order to confuse the observer and meet the users pre-determined location privacy threshold.

Spark on the ARC: Big data analytics frameworks on HPC clusters

In this paper we document our approach to overcoming service discovery and configuration of Apache Hadoop and Spark frameworks with dynamic resource allocations in a batch oriented Advanced Research Computing (ARC) High Performance Computing (HPC) environment. ARC efforts have produced a wide variety of HPC architectures. A common HPC architectural pattern is multi-node compute clusters with low-latency, high-performance interconnect fabrics and shared central storage. This pattern enables processing of workloads with high data co-dependency, frequently solved with message passing interface (MPI) programming models, and then executed as batch jobs. Unfortunately, many HPC programming paradigms are not well suited to big data workloads which are often easily separable. Our approach lowers barriers of entry to HPC environments by enabling end users to utilize Apache Hadoop and Spark frameworks that support big data oriented programming paradigms appropriate for separable workloads in batch oriented HPC environments.

MARCS: mobile augmented reality for cybersecurity

Network analysts have long used two-dimensional security visualizations to make sense of overwhelming amounts of network data. As networks grow larger and more complex, two-dimensional displays can become convoluted, compromising user cyber-threat perspective. Using augmented reality to display data with cyber-physical context creates a naturally intuitive interface that helps restore perspective and comprehension sacrificed by complicated two-dimensional visualizations. We introduce Mobile Augmented Reality for Cybersecurity, or MARCS, as a platform to visualize a diverse array of data in real time and space to improve user perspective and threat response. Early work centers around CovARVT and ConnectAR, two proof of concept, prototype applications designed to visualize intrusion detection and wireless association data, respectively.