Hajime Tazaki

Direct code execution: revisiting library OS architecture for reproducible network experiments

We describe the first capability, to our knowledge, to execute nearly unmodified applications and Linux kernel code in the context of a widely-used open source discrete event networking simulator (ns-3). We propose Direct Code Execution (DCE), a framework that dramatically increases the number of available protocol models and realism available for ns-3 simulations. DCE meets the goals recently proposed for fully reproducible networking research and runnable papers, with the added benefits of 1) the ability of completely deterministic reproducibility, 2) the scalability that simulation time dilation offers, 3) capabilities supporting automated code coverage analysis, and 4) improved debuggability via execution within a single address space. In this paper, we describe in detail DCE, report on packet processing benchmarks and showcase key features of the framework with different use cases. We reproduce a previously published Multipath TCP (MPTCP) experiment and highlight how code coverage testing can be automated by showing results achieving 55-86% coverage of the MPTCP implementation. Then we demonstrate how network stack debugging can be easily performed and reproduced across a distributed system. Our first benchmarks are promising and we believe this framework can benefit the network community by enabling realistic, reproducible experiments and runnable papers.

DCE: Test the real code of your protocols and applications over simulated networks

We present the Direct Code Execution (DCE) environment for ns-3, notable for being the first free open source framework for integrating Linux kernel and application code within a leading discrete-event network simulator. This new approach has many potential advantages over virtual-machine-based frameworks in terms of realism, reproducibility, avoidance of realtime execution constraints, configuration management, and the ability to debug a network-wide experiment from a single address space using common debugging tools. We provide an overview of DCE and illustrate some key features of this framework with two use cases, one involving thttpd, an HTTP server implementation, and another one involving the udp-perf traffic generator.

MATATABI: Multi-layer Threat Analysis Platform with Hadoop

Threat detection and analysis are indispensable processes in todays cyberspace, but current state of the art threat detection is still limited to specific aspects of modern malicious activities due to the lack of information to analyze. By measuring and collecting various types of data, from traffic information to human behavior, at different vantage points for a long duration, the viewpoint seems to be helpful to deeply inspect threats, but faces scalability issues as the amount of collected data grows, since more computational resources are required for the analysis. In this paper, we report our experience from operating the Hadoop platform, called MATATABI, for threat detections, and present the micro-benchmarks with four different backends of data processing in typical use cases such as log data and packet trace analysis. The benchmarks demonstrate the advantages of distributed computation in terms of performance. Our extensive use cases of analysis modules showcase the potential benefit of deploying our threat analysis platform.

Demo abstract: realistic evaluation of kernel protocols and software defined wireless networks with DCE/ns-3

We propose to demonstrate Direct Code Execution (DCE), a framework that enables to execute nearly unmodified applications and Linux Kernel code jointly with the ns-3 simulator. DCE allows therefore fully deterministic reproducibility of network experiments. DCE also supports larger scale scenarios than real-time emulators by using simulation time dilatation. In this demonstration, we will showcase two main scenarios: (1) a basic example describing how to integrate in DCE the Data Center TCP (DCTCP) Linux kernel patch, and then how to customize this protocol and run it on different scenarios; (2) a more advanced use case demonstrating how to benefit from DCE to build a rich and realistic evaluation environment for Software Defined Wireless Networks based on Open vSwitch and the NOX SDN controller.

MSWIM demo abstract: direct code execution: increase simulation realism using unmodified real implementations

We propose to demonstrate Direct Code Execution (DCE), a ns-3 simulation framework that enables reproducible network experiments using real Linux kernel space protocol stacks along with POSIX socket based protocol implementations. In addition to increased experimentation realism, it offers a highly configurable topology environment and allows easy debugging of communication protocols distributed other multiple nodes. Our demonstration will showcase two typical use cases of DCE: information-centric networking over mobile ad hoc network using the PARC CCNx code, and a seamless handoff experiment based on a Linux Multipath TCP (MPTCP) implementation.

NECOMAtter: curating approach for sharing cyber threat information

In this paper, we design and implement a novel system for connecting cyber threat information. The objective is to improve the information and its analysis results with machine intelligence assisted by human intelligence. This paper illustrates the system named NECOMAtter based on these assumptions, and summarizes our contributions in order to develop actionable knowledge.

A Trusted Knowledge Management System for Multi-layer Threat Analysis

In recent years, we have seen a surge of cybersecurity incidents ranging fromwidespread attacks e.g., large-scale attacks against infrastructures or end points [1] to new technological advances i.e., new generations of malicious code are increasingly stealthy, powerful and pervasive [2]. Facing these incidents, the European Union, Japan, the United States or China have developed national cybersecurity programs, including training of professionals, development of roadmaps for new tools and services, and organization of national interest groups on the topic. There is thus a shared need for a better understanding of this kind of large-scale threats. Some of the basic requirements to better understand these large-scale incidents include handling large volumes of data collected from distributed probes and performing efficient cross-layer analysis.