Azer Bestavros

• Boston University

The traffic load sent to key-value (KV) stores varies over long timescales of hours to short timescales of a few microseconds. Long-term variations present the opportunity to save power during low or medium periods of utilization. Several techniques exist to save power in servers, including feedback-based controllers that right-size the number of a...

Clouds inherit CPU scheduling policies of operating systems. These policies enforce fairness while leveraging best-effort mechanisms to enhance responsiveness of all schedulable entities, irrespective of their service level objectives (SLOs). This leads to unpredictable performance that forces cloud providers to enforce strict reservation and isola...

High performance computing clusters are increasingly operating under a shared/buy-in paradigm. Under this paradigm, users choose between two tiers of services: shared services and buy-in services. Shared services provide users with access to shared resources for free, while buy-in services allow users to purchase additional buy-in resources in orde...

In hosting environments such as IaaS clouds, desirable application performance is usually guaranteed through the use of Service Level Agreements (SLAs), which specify minimal fractions of resource capacities that must be allocated for use for proper operation. Arbitrary colocation of applications with different SLAs on a single host may result in i...

Secure Multi-Party Computation (MPC) allows mutually distrusting parties to run joint computations without revealing private data. Current MPC algorithms scale poorly with data size, which makes MPC on "big data" prohibitively slow and inhibits its practical use. Many relational analytics queries can maintain MPC's end-to-end security guarantee wit...

Little innovation has been made to low-level attitude flight control used by unmanned aerial vehicles, which still predominantly uses the classical PID controller. In this work we introduce Neuroflight, the first open source neuro-flight controller firmware. We present our toolchain for training a neural network in simulation and compiling it to ru...

Many research institutions are deploying computing clusters based on a shared/buy-in paradigm. Such clusters combine shared computers, which are free to be used by all users, and buy-in computers, which are computers purchased by users for semi-exclusive use. The purpose of this paper is to characterize the typical behavior and performance of a sha...

An essential component of initiatives that aim to address pervasive inequalities of any kind is the ability to collect empirical evidence of both the status quo baseline and of any improvement that can be attributed to prescribed and deployed interventions. Unfortunately, two substantial barriers can arise preventing the collection and analysis of...

IaaS cloud providers typically leverage virtualization technology (VT) to multiplex underlying physical resources among virtual machines (VMs), thereby enhancing the utilization of physical resources. However, the contention on shared physical resources brought about by VT is one of the main causes of the performance variability that acts as a barr...

large-scale online services parallelize sub-operations of a user's request across a large number of physical machines (service components) so as to enhance the responsiveness. Even a temporary spike in latency of any service component can notably inflate the end to end delay; therefore, the tail of the latency distribution of service components has...

Autopilot systems are typically composed of an "inner loop" providing stability and control, while an "outer loop" is responsible for mission-level objectives, e.g. way-point navigation. Autopilot systems for UAVs are predominately implemented using Proportional, Integral Derivative (PID) control systems, which have demonstrated exceptional perform...

Increasingly, commercial content providers (CPs) offer streaming solutions using peer-to-peer (P2P) architectures, which promises significant scalability by leveraging clients’ upstream capacity. A major limitation of P2P live streaming is that playout rates are constrained by clients’ upstream capacities – typically much lower than downstream capa...

Whether teaching in a classroom or a Massive Online Open Course it is crucial to present the material in a way that benefits the audience as a whole. We identify two important tasks to solve towards this objective, 1 group students so that they can maximally benefit from peer interaction and 2 find an optimal schedule of the educational material fo...

How can cryptography empower users with sensitive data to access large-scale computing platforms in a privacy-preserving manner?

Companies, government agencies, and other organizations have been analyzing data pertaining to their internal operations with great effect, such as in evaluating performance or improving efficiency. While each organization’s own data is valuable internally, aggregate data from multiple organizations can have value to the organizations themselves, p...

We introduce a Markov-model-based framework for Moving Target Defense (MTD) analysis. The framework allows modeling of a broad range of MTD strategies, provides general theorems about how the probability of a successful adversary defeating an MTD strategy is related to the amount of time/cost spent by the adversary, and shows how a multilevel compo...

Secure multi-party computation (MPC) allows multiple parties to perform a joint computation without disclosing their private inputs. Many real-world joint computation use cases, however, involve data analyses on very large data sets, and are implemented by software engineers who lack MPC knowledge. Moreover, the collaborating parties -- e.g., sever...

Providing resource allocation with performance predictability guarantees is increasingly important in cloud platforms, especially for data-intensive applications, for which performance depends greatly on the available rates of data transfer between the various computing/storage hosts underlying the virtualized resources assigned to the application....

Network scanners are a valuable tool for researchers and administrators, however they are also used by malicious actors to identify vulnerable hosts on a network. Upon the disclosure of a security vulnerability, scans are launched within hours. These opportunistic attackers enumerate blocks of IP addresses in hope of discovering an exploitable host...

Openflow provides a standard interface for separating a network into a data plane and a programmatic control plane. This enables easy network reconfiguration, but introduces the potential for programming bugs to cause network effects. To study OpenFlow switch behavior, we used Alloy to create a software abstraction describing the internal state of...

We describe and present a prototype of a distributed computational infrastructure and associated high-level programming language that allow multiple parties to leverage their own computational resources capable of supporting MapReduce [1] operations in combination with multi-party computation (MPC). Our architecture allows a programmer to author an...

Existing mobile devices roaming around the mobility field should be considered as useful resources in geotemporal request satisfaction. We refer to the capability of an application to access a physical device at particular geographical locations and times as Geo-Presence, and we presume that mobile agents participating in geo-presence-capable appli...

Providing resource allocation with performance predictability guarantees is increasingly important in cloud platforms, especially for data-intensive applications, for which performance depends greatly on the available rates of data transfer between the various computing/storage hosts underlying the virtualized resources assigned to the application....

In this paper we propose an end-to-end approach to the VM allocation problem using policies based uniquely on round-trip time measurements between VMs. We propose and implement end-to-end algorithms for VM selection that cover desirable profiles of communications between VMs in distributed applications in a cloud setting. The use of informed VM sel...

The problem of efficiently computing the betweenness centrality of nodes has been researched extensively. To date, the best known exact and centralized algorithm for this task is an algorithm proposed in 2001 by Brandes. The contribution of our paper is Brandes++, an algorithm for exact efficient computation of betweenness centrality. The crux of o...

The effectiveness of service provisioning in large-scale networks is highly dependent on the number and location of service facilities deployed at various hosts. The classical, centralized approach to determining the latter would amount to formulating and solving the uncapacitated k-median (UKM) problem (if the requested number of facilities is fix...

Recent work on integration of SDNs with application-layer systems like Hadoop has created a class of system, SDN-Enabled Applications, which implement application-specific functionality on the network layer by exposing network monitoring and control semantics to application developers. This requires domain-specific knowledge to correctly reason abo...

Cloud computing's transition from a subject of research and innovation to a critical infrastructure is proceeding incredibly quickly. One potentially dangerous consequence of this speedy transition is the premature adoption and ossification of the models, technologies, and standards underlying this critical infrastructure. Further exacerbating this...

The increasing deployment of networked mobile embedded devices leads to unique challenges communications security. This is especially true for embedded biomedical devices and robotic materials handling, in which subversion or denial of service could result in loss of human life and other catastrophic outcomes. In this paper we present the Learning...

Arguably, the most effective technique to ensure wide adoption of a concept (or product) is by repeatedly exposing individuals to messages that reinforce the concept (or promote the product). Recognizing the role of repeated exposure to a message, in this paper we propose a novel framework for the effective placement of content: Given the navigatio...

Have formal methods in computer science come of age? While the contributions to this special issue of Mathematical Structures in Computer Science attest to their importance in the design and analysis of particular software systems, their relevance to the field as a whole is far wider. In recent years, formal methods have become more accessible and...

The papers included in this special issue of Mathematical Structures in Computer Science were selected from a larger set we solicited from leading research groups on both sides of the Atlantic. They cover a wide spectrum of tutorials, recent results and surveys in the area of lightweight and practical formal methods in the design and analysis of sa...

Openflow provides a standard interface for partitioning a network into a data plane and a programmatic control plane. While providing easy network reconfiguration, Openflow introduces the potential for programming bugs, causing network deficiency. To study the behavior of OpenFlow switchs, we used Alloy to create a software abstraction, describing...

Openflow provides a standard interface for partitioning a network into a data plane and a programmatic control plane. While providing easy network reconfiguration, Openflow introduces the potential for programming bugs, causing network deficiency. To study the behavior of OpenFlow switchs, we used Alloy to create a software abstraction, describing...

Computer science researchers in the programming languages and formal verification communities, among others, have produced a variety of automated assistance and verification tools and techniques for formal reasoning. While there have been notable successes in utilizing these tools on the development of safe and secure software and hardware, these l...

Next generation cyber-physical systems (CPS) are expected to be deployed in domains which require scalability as well as performance under dynamic conditions. This scale and dynamicity will require that CPS communication networks be programmatic (i.e., not requiring manual intervention at any stage), but still maintain iron-clad safety guarantees....

Infrastructure as a Service pricing models for resources are meant to reflect the operational costs and profit margins for providers to deliver virtualized resources to customers subject to an underlying Service Level Agreements (SLAs). While the operational costs incurred by providers are dynamic – they vary over time depending on factors such as...

Infrastructure as a Service pricing models for resources are meant to reflect the operational costs and profit margins for providers to deliver virtualized resources to customers subject to an underlying Service Level Agreements (SLAs). While the operational costs incurred by providers are dynamic -- they vary over time depending on factors such as...

ICCVE 2012 - the first International Conference on Connected Vehicles and Expo, addresses the rapidly evolving area "Connected Vehicles" which crosses multiple disciplines and industries including automotive, travel & transportation, information technology, communications, consumer electronics, industrial electronics, media & entertainment, energy...

To leverage the elastic nature of cloud computing, a solution provider must be able to accurately gauge demand for its offering. For applications that involve swarm-to-cloud interac-tions, gauging such demand is not straightforward. In this paper, we propose a general framework, analyze a mathematical model, and present a prototype implementation o...

In this paper, we propose a general framework and present a prototype implementation of peer-assisted content delivery application. Our system – called Cyclops – dynamically adjusts the bandwidth consumed by content servers (which represents the bulk of content delivery costs) to feed a set of swarming clients, based on a feedback signal that gauge...

In hosting environments such as IaaS clouds, desirable application performance is usually guaranteed through the use of Service Level Agreements (SLAs), which specify minimal fractions of resource capacities that must be allocated for unencumbered use for proper operation. Arbitrary colocation of applications with different SLAs on a single host ma...

Network-analysis literature is rich in node-centrality mea- sures that quantify the centrality of a node as a function of the (shortest) paths of the network that go through it. Existing work focuses on defining instances of such mea- sures and designing algorithms for the specific combinato- rial problems that arise for each instance. In this work...

Increasingly, commercial content providers (CPs) offer streaming and IPTV solutions that leverage an underlying peer-to-peer (P2P) stream distribution architecture. The use of P2P protocols promises significant scalability and cost savings by leveraging the local resources of clients -- specifically, uplink capacity. A major limitation of P2P live...

In many information networks, data items -- such as updates in social networks, news flowing through interconnected RSS feeds and blogs, measurements in sensor networks, route updates in ad-hoc networks -- propagate in an uncoordinated manner: nodes often relay information they receive to neighbors, independent of whether or not these neighbors rec...

We propose Trade & Cap (T&C), an economics-inspired mechanism that incentivizes users to voluntarily coordinate their consumption of the bandwidth of a shared resource (e.g., a DSLAM link) so as to converge on what they perceive to be an equitable allocation, while ensuring efficient resource utilization. Under T&C, rather than acting as an arbiter...

A foundational issue underlying many overlay network applications ranging from routing to peer-to-peer file sharing is that of the network formation, i.e., folding new arrivals into an existing overlay, and rewiring to cope with changing network conditions. Previous work has considered the problem from two perspectives: devising practical heuristic...

We define a domain-specific language (DSL) to inductively assemble flow networks from small networks or modules to produce arbitrarily large ones, with interchangeable functionally-equivalent parts. Our small networks or modules are "small" only as the building blocks in this inductive definition (there is no limit on their size). Associated with o...

Desirable application performance is typically guaranteed through the use of Service Level Agreements (SLAs) that specify fixed fractions of resource capacities that must be allocated for unencumbered use by the application. The mapping between what constitutes desirable performance and SLAs is not unique: multiple SLA expressions might be function...

We consider a mobile sensor network monitoring a spatio-temporal field. Given limited caches at the sensor nodes, the goal is to develop a distributed cache management algorithm to efficiently answer queries with a known probability distribution over the spatial dimension. First, we propose a novel distributed information theoretic approach assumin...

Leveraging client upload capacity through peer assisted content distribution was shown to decrease the load on content providers, while also improving average distribution times. These benefits, however, are limited by the disparity between client upload and download speeds, especially in scenarios requiring a minimum distribution time (MDT) of a f...

Scheduling of delay-tolerant jobs has been proposed as a mechanism to alleviate pressure on congested network resources. However, when multiple competing users share these resources, they may not be willing to reveal how flexible is the schedule for their jobs. This work presents a trading system that enables the users to trade their finite allowan...

Network Security Systems are heavily anchored in the digital plane of “cyber space” and hence cannot be used effectively to derive the physical identity of an intruder in order to prevent further malicious wireless broadcasts (i.e., escorting an intruder off the premises based on physical evidence). Embedded Sensor Networks (SNs) can be used to bri...

Numerous domains exist in which systems can be mod-eled as networks with constraints that regulate the flow of traffic. Smart grids, vehicular road travel, computer net-works, and cloud-based resource distribution, among oth-ers all have natural representations in this manner. As these systems grow in size and complexity, analysis and certifi-catio...

Information exchange across domains is essential for today's asymmetric warfare environment to make mission-critical infor-mation available to war fighters, no matter where it exists and when it becomes available. Dissemination of new information needs to carefully balance the need-to-know by consumers with the responsibility-to-share by providers....

In an n-way broadcast application, each one of n overlay nodes wants to push its own distinct large data file to all other n-1 destinations as well as download their respective data files. BitTorrent-like swarming protocols are ideal choices for handling such massive data volume transfers. The original BitTorrent targets one-to-many broadcasts of a...

Desirable application performance is typically guaranteed through the use of Service Level Agreements (SLAs) that specify fixed fractions of resource capacities that must be allocated for unencumbered use by the application. The mapping between what constitutes desirable performance and SLAs is not unique: multiple SLA expressions might be function...

Controlling the mobility of mobile nodes (e.g., robots) to monitor a given field is a well-studied problem in sensor networks. In this setup, absolute control over the nodes' mobility is assumed. In this paper, we address a more general setting in which mobility of each node is externally constrained by a schedule consisting of a list of locations...

By colocating with other tenants of an Infrastructure as a Service (IaaS) offering, IaaS users could reap significant cost savings by judiciously sharing their use of the fixed-size instances offered by IaaS providers. This paper presents the blueprints of a Colocation as a Service (CaaS) framework. CaaS strategic services identify coalitions of se...

NetSketch is a tool for the specification of constrained-flow applications and the certification of desirable safety properties imposed thereon. NetSketch is conceived to assist system integrators in two types of activities: mod- eling and design. As a modeling tool, it enables the abstraction of an existing system while retaining sucient informati...

We propose Trade & Cap (T&C), an economics-inspired mechanism that incentivizes users to voluntarily coordinate their consumption of the bandwidth of a shared network link so as to converge on what they perceive to be an equitable allocation, while ensuring efficient resource utilization. Under T&C, rather than acting as an arbiter, a service provi...

Commonly, research work in routing for delay tolerant networks (DTN) assumes that node encounters are predestined, in the sense that they are the result of unknown, exogenous processes that control the mobility of these nodes. In this paper, we argue that for many applications such an assumption is too restrictive: while the spatio-temporal coordin...

snBench is a platform on which novice users compose and deploy distributed Sense and Respond programs for simultaneous execution on a shared, distributed infrastructure. It is a natural imperative that we have the ability to (1) verify the safety/correctness of newly submitted tasks and (2) derive the resource requirements for these tasks such that...

Routing protocols for ad-hoc networks assume that the nodes forming the network are either under a single authority, or else that they would be altruistically forwarding data for other nodes with no expectation of a return. These assumptions are unrealistic since in ad-hoc networks, nodes are likely to be autonomous and rational (selfish), and thus...

A shared Sense-and-Respond infrastructure that is em- bedded into a physical environment requires considerable run-time support to facilitate the dynamic dispatch and exe- cution of new service instances. Such an infrastructure must also be able to statically analyze new services in order to verify their safety and derive their specific resource re...

this paper, we present a more re ned and quanti able understanding of the marginal utility of performing wide-area measurements. We focus on problems in Internet topology discovery, namely, discovering the set of nodes and links which comprise the Internet backbone, discovering the degree distribution of these nodes, and classifying nodes according...

The advent of virtualization and cloud computing technologies necessitates the development of effective mechanisms for the estimation and reservation of resources needed by content providers to deliver large numbers of video-on-demand (VOD) streams through the cloud. Unfortunately, capacity planning for the QoS-constrained delivery of a large numbe...

Current computing systems employ different mech- anisms to deal with overload conditions. Of those widely deployed are content adaptation mechanisms whereby the quality level of the content is adapted dynamically to mitigate overload conditions. Serving degraded content reduces strain on resources and enables them to cater for a larger set of clien...

We introduce Colocation Games as the basis of a general framework for modeling, analyzing, and facilitating the interactions between the various stakeholders in distributed/cloud computing environments, where resources are offered in an open marketplace to independent, rational parties interested in setting up their own applications. Virtualization...

We present a thorough characterization of the access patterns in blogspace, which comprises a rich interconnected web of blog postings and comments by an increas-ingly prominent user community that collectively define what has become known as the blogosphere. Our characterization of over 35 million read, write, and manage-ment requests spanning a 2...

A foundational issue underlying many overlay net-work applications ranging from routing to peer-to-peer file sharing is that of connectivity management, i.e., folding new arrivals into an existing overlay, and re-wiring to cope with changing network conditions. Pre-vious work has considered the problem from two per-spectives: devising practical heu...

Personal communication devices are increasingly equipped with sensors for passive monitoring of encounters and surroundings. We envision the emergence of services that enable a community of mobile users carrying such resource-limited devices to query such information at remote locations in the field in which they collectively roam. One approach to...

We consider a mobile sensor network monitoring a spatio-temporal field. Given limited caches at the sensor nodes, the goal is to develop a distributed cache management algorithm to efficiently answer queries with a known probability distribution over the spatial dimension. First, we propose a novel distributed information theoretic approach assumin...

In an n-way broadcast application each one of n overlay nodes wants to push its own distinct large data file to all other n-1 destinations as well as download their respective data files. BitTorrent-like swarming protocols are ideal choices for handling such massive data volume transfers. The original BitTorrent targets one-to-many broadcasts of a...

Emerging configurable infrastructures (large-scale overlays, grids, distributed testbeds, and sensor networks among others) comprise diverse sets of computing resources and network conditions. The distributed applications to be deployed on these infrastructures exhibit increasingly complex constraints and requirements on the resources they require....

A foundational issue underlying many overlay network ap- plications ranging from routing to P2P file sharing is that of connectivity management, i.e., folding new arrivals into an existing overlay, and re-wiring to cope with changing net- work conditions. Previous work has considered the problem from two perspectives: devising practical heuristics...

Wireless IntrusionDetection Systems (WIDS)monitor 802.11 wire- less frames (Layer-2) in an attempt to detect misuse. What dis- tinguishes a WIDS from a traditional Network IDS is the ability to utilize the broadcast nature of the medium to reconstruct the physical location of the offending party, as opposed to its possi- bly spoofed (MAC addresses)...

Traditionally, slotted communication protocols have employed guard times to delineate and align slots. These guard times may expand the slot duration significantly, especially when clocks are allowed to drift for longer time to reduce clock synchronization overhead. Recently, a new class of lightweight protocols for statistical estimation in wirele...

Although cooperation generally increases the amount of resources available to a community of nodes, thus improving individual and collective performance, it also allows for the appearance of potential mistreatment problems through the exposition of one node's resources to others. We study such concerns by considering a group of independent, rationa...

The distributed partitioning of autonomous, self-aware nodes into cooperative groups, within which scarce resources could be effectively shared for the benefit of the group, is increasingly emerging as a hallmark of many newly-proposed overlay and peer-to-peer applications. Distributed caching protocols in which group members cooperate to satisfy l...

In the future, continuous vital sign data collection will be an integral part of every patient's electronic medical record. The sensors that collect this information will become smaller, wireless and potentially more heterogeneous. They will need to be smart, scalable and extensible to accommodate large patient populations. In this paper, we propos...

In many networked applications, independent caching agents cooperate by servicing each other's miss streams, without revealing the operational details of the caching mechanisms they employ. Inference of such details could be instrumental for many other processes. For example, it could be used for optimized forwarding (or routing) of one's own miss...

One key adaptation mechanism often deployed in networking and computing systems is dynamic load balancing. The goal from employing dynamic load balancers is to ensure that the offered load would be judiciously distributed across resources to optimize the overall performance. To that end, this paper discovers and studies new instances of Reduction o...

Modern cellular channels in 3G networks incorporate sophisticated power control and dynamic rate adaptation which can have a significant impact on adaptive transport layer protocols, such as TCP. Though there exists studies that have evaluated the performance of TCP over such networks, they are based solely on observations at the transport layer an...

Internet end-systems employ various adaptation mechanisms that enable them to respond adequately to legitimate requests in overload situations. Today, these mechanisms are incorporated in most scalable end-systems through the use of one or more component subsystems such as admission controllers, traffic shapers, content transcoders, QoS Controllers...