Technical Sessions

Session 1A

Cloud Computing and Data Center

10:45 AM — 12:05 PM HKT
Jun 14 Sun, 10:45 PM — 12:05 AM EDT

Revisiting Multipath Congestion Control for Virtualized Cloud Environments

Chi Xu, Jia Zhao and Jiangchuan Liu (Simon Fraser University, Canada); Fei Chen (Qingdao University, China)

Virtualized datacenters are often designed from scratch with multiple, redundant paths. Yet the majority of the existing congestion control schemes for virtual machines are variants based on single path TCP design. Lacking the capability of fully leveraging path diversity, these schemes cannot further improve the utilization of data center networks. Hotspot link emerges, as well. In this paper, we examine the performance of multipath congestion control design on typical hypervisor and container virtualization platforms. We observe that, the involvement of virtual switch, together with the multi-tenancy nature on these platforms, poses new challenges when handling multipath traffic. Through realworld experiments with production-grade applications, we further reveal that, while multipath congestion control increases per-connection throughput and achieves better load balancing, it experiences performance degradation when the number of connections is abruptly increased or there exist path-sharing subflows. These issues are due to the enforced QoS policies and interface mapping schemes applied by virtual switch. To this end, we present vMCC, a practical solution that incorporates explicit congestion notification (ECN) support on virtual switches and ECN-aware multipath congestion control algorithms. We show by comprehensive evaluations that vMCC improves throughput, round trip time, fairness, and energy efficiency for typical data center network traffic.

Leveraging Stragglers in Coded Computing with Heterogeneous Servers

Xiaodi Fan and Pedro Soto (Florida International University, USA); Xiaomei Zhong (East China Jiaotong University, China); Dan Xi (Florida International University, USA); Yan Wang (Fudan University & East China Jiaotong University, China); Jun Li (Florida International University, USA)

With the increasing sizes of models and datasets, it has become a common practice to split machine learning jobs as multiple tasks. However, stragglers are inevitable when running a job on multiple servers. Compared to replicating each tasks on multiple servers, running coded tasks can tolerate the same number of stragglers with much fewer servers. Nevertheless, additional results of tasks running on stragglers are typically disregarded in existing schemes of coded computing, incurring a waste of the resources on such servers.

In this paper, we leverage the results of partially finished tasks. In existing designs that utilize partially finished tasks, they have only considered servers with homogeneous performance. However, in a typical distributed infrastructure, {\em e.g.}, a cloud, servers with heterogeneous configurations are common. Therefore, we propose Spinner which utilizes the results of partially finished tasks on heterogeneous servers. Spinner works with existing coding schemes for matrix multiplication, a fundamental operation in various machine learning algorithms, and can efficiently assign the workload based on the performance of the corresponding server. Furthermore, Spinner can equivalently adapt the coding scheme for heterogeneous servers, aligned with the expected workload assigned to each server, and thus save the complexity of decoding.

Towards Lightweight Serverless Computing via Unikernel as a Function

Bo Tan and Haikun Liu (Huazhong University of Science and Technology, China); Jia Rao (The University of Texas at Arlington, USA); Xiaofei Liao, Hai Jin and Yu Zhang (Huazhong University of Science and Technology, China)

Serverless computing, also known as "Function as a Service (FaaS)", is emerging as an event-driven paradigm of cloud computing. In this FaaS model, applications are programmed in the form of functions that are executed and managed separately. The event-driven functions are triggered by requests of cloud users, and cloud providers dynamically provision containers or virtual machines (VMs) to execute the functions. The startup delays of containers or VMs usually lead to rather high latency of response to client users. Moreover, the communication between different functions generally relies on virtual net devices or shared memory, and thus may lead to extremely high performance overhead.

In this paper, we propose Unikernel as a Function (UaaF), a much more lightweight approach to serverless computing. Applications can be abstracted as a combination of different functions, and we program each function with an unikernel in which a function is linked with a specified minimum-sized library operating system (LibOS). UaaF offers extremely low startup latency to execute functions, and a more efficient communication model to speed up the interactions between functions within a single server. We exploit an existing hardware technique (namely VMFUNC) to invoke functions or access data in other unikernel-based VMs seamlessly (mostly like inter-process communications), without suffering performance penalty of VM Exits. We implement our proof-of-concept prototype based on KVM and deployed UaaF in three unikernels (MirageOS, IncludeOS, and Solo5). The experimental results show that UaaF can significantly reduce the startup latency and memory resource consumption of serverless cloud applications. Moreover, our VMFUNC-based communication model can also significantly improve the performance of function invocations between different unikernels.

GeoClone: Online Task Replication and Scheduling for Geo-Distributed Analytics under Uncertainties

Tiantian Wang and Zhuzhong Qian (Nanjing University, China); Lei Jiao (University of Oregon, USA); Xin Li (Nanjing University of Aeronautics and Astronautics, China); Sanglu Lu (Nanjing University, China)

The execution and completion of analytics jobs can be significantly inflated by the slowest tasks contained. Despite task replication is well-adopted to reduce such straggler latency, existing replication strategies are unsuitable for geo-distributed analytics environments that are highly dynamic, uncertain, and heterogeneous. In this paper, we firstly model the task replication and scheduling problem over time, capturing all the geo-analytics features. We then design an online algorithm, GeoClone, to select tasks to replicate and select sites to execute the task replicas on the fly through jointly considering the progress of each job and the resource performance of each site, while addressing all the aforementioned challenges. Afterwards, we formally prove the competitive ratio as the performance guarantee of GeoClone, against the offline optimum which knows all the inputs beforehand. Finally, we implement GeoClone with Spark and Yarn for experiments and also conduct extensive large-scale simulations, which all confirm GeoClone's practical superiority over multiple state-of-the-art replication strategies.

Session Chair

Baochun Li (Toronto)

Watch live stream Enter Zoom
Session 1B


1:30 PM — 2:50 PM HKT
Jun 15 Mon, 1:30 AM — 2:50 AM EDT

PFcrowd: Privacy-Preserving and Federated Crowdsourcing Framework by Using Blockchain

Chen Zhang and Yu Guo (City University of Hong Kong, Hong Kong); Hongwei Du (Harbin Institute of Technology, Shenzhen, China); Xiaohua Jia (City University of Hong Kong, Hong Kong)

Crowdsourcing is a promising computing paradigm that utilizes collective intelligence to solve complex tasks. While it is valuable, traditional crowdsourcing systems lock computation resources inside each individual system where tasks cannot reach numerous potential workers among the other systems. Therefore, there is a great need to build a federated platform for different crowdsourcing systems to share resources. However, the security issue lies in the center of constructing the federated crowdsourcing platform. Although many studies are focusing on privacy-preserving crowdsourcing, existing solutions require a trusted third party to perform the key management, which is not applicable in our federated platform. The reason is that it is difficult for a third party to be trusted by various systems.

In this paper, we present a secure crowdsourcing framework as our initial effort toward this direction, which bridges together the recent advancements of blockchain and cryptographic techniques. Our proposed design, named PFcrowd, allows different crowdsourcing systems to perform encrypted task-worker matching over the blockchain platform without involving any third-party authority. The core idea is to utilize the blockchain to assist the federated crowdsourcing by moving the task recommendation algorithm to the trusted smart contract. To avoid third-party involvement, we first leverage the re-writable deterministic hashing (RDH) technique to convert the problem of federated task-worker matching into the secure query authorization. We then devise a secure scheme based on RDH and searchable encryption (SE) to support privacy-preserving task-worker matching via the smart contract. We formally analyze the security of our proposed scheme and implement the system prototype on Ethereum. Extensive evaluations of real-world datasets demonstrate the efficiency of our design.

Uncontrolled Randomness in Blockchains: Covert Bulletin Board for Illicit Activity

Nasser Alsalami (Lancaster University, United Kingdom (Great Britain)); Bingsheng Zhang (Zhejiang University, China)

Public blockchains can be abused to covertly store and disseminate potentially harmful digital content which poses a~serious regulatory issue. In this work, we show the severity of the problem by demonstrating that blockchains can be exploited to surreptitiously distribute arbitrary content. More specifically, all major blockchain systems use randomized cryptographic primitives, such as digital signatures and non-interactive zero-knowledge proofs; we illustrate how the uncontrolled randomness in such primitives can be maliciously manipulated to enable covert communication and hidden persistent storage. To clarify the potential risk, we design, implement and evaluate our technique against the widely-used ECDSA signature scheme, the CryptoNote's ring signature scheme, and Monero's ring confidential transactions. Importantly, the significance of the demonstrated attacks stems from their undetectability, their adverse effect on the future of decentralized blockchains, and their serious repercussions on users' privacy and crypto funds. Finally, we present a generic framework to immunize blockchains against these attacks.

Age-aware Fairness in Blockchain Transaction Ordering

Yaakov Sokolik and Ori Rottenstreich (Technion, Israel)

In blockchain applications transaction latency is crucial for determining the quality of service (QoS). Transaction latency is observed by the time between its issuance to its inclusion in a block in the chain. When a blockchain network serves multiple applications, often each application likes to minimize its own transaction latency by prioritizing them over other applications transactions. In order to prevent such selfish behavior, the proposer of the block is supposed to select the transactions included in the block randomly providing each transaction similar chances to be included in the proposed block. The random selection might cause some transactions to experience high latency since this selection implies a high variance in the time it takes a transaction to be selected. We suggest an alternative age-aware approach towards fairness so that transaction priority is increased upon observing a large waiting time. The challenge with this approach is that the age of a transaction is not absolute due to transaction propagation. We consider three network restrictions on transaction propagation and explain how to enhance fairness in each one of them. In the general case with no restrictions on transaction propagation, we describe a declaration mechanism in which a node declares on its pending transactions providing the ability to validate transaction age. We present three transaction declaration schemes. We conduct experiments demonstrating the advantages of the solutions.

Preventing Spread of Spam Transactions in Blockchain by Reputation

Jiarui Zhang (Stony Brook University, USA); Yukun Cheng (Suzhou University of Science and Technology, China); Xiaotie Deng (Peking University, China); Bo Wang and Jan Xie (Cryptape Technology Co., Ltd., China); Yuanyuan Yang (Stony Brook University, USA); Mengqian Zhang (Shanghai Jiao Tong University, China)

As one of the fastest-growing applications in the P2P network, the development of blockchain technology is also accompanied by different attacks. The features of the blockchain network including anonymity, distributed, permissionless make it vulnerable to attacks, such as whitewashing, free-riding, and DDoS attacks. One common attack is to send a lot of spam transactions. Although the blockchain protocol requires each node to verify all received transactions, many nodes choose to forward transactions without verification to conserve their computational power, as there is no punishment for such a shirking. This leads to the spreading of spam transactions over the network and creates the extra burdens to all nodes in the network. To figure out this problem, we propose a reputation mechanism for the blockchain system, in which each node locally computes the reputations of its neighbors, and decide the probability to verify a received transaction based on the reputation value of the transaction sender. Under the reputation mechanism, a node shall conduct verification to keep a high reputation, and then the spam transactions can be blocked before reaching the miners. In addition, we design a complementary mechanism, such that those nodes without enough reputation can exchange their computation power for the services from others. This complementary mechanism can let some nodes, especially the new entries, get fair treatment. We also conduct a series of simulations, and the simulation results clearly demonstrate the advantage of our reputation mechanism.

Session Chair

Bin Xiao (Hong Kong PolyU)

Watch live stream Enter Zoom
Session 1C

Routing and Packets

3:10 PM — 4:30 PM HKT
Jun 15 Mon, 3:10 AM — 4:30 AM EDT

Incorporating Intra-flow Dependencies and Inter-flow Correlations for Traffic Matrix Prediction

Kaihui Gao and Dan Li (Tsinghua University, China); Li Chen (Huawei, Hong Kong); Jinkun Geng (Tsinghua University, China); Fei Gui (University of XiangTan, China); Yang Cheng and Yue Gu (Tsinghua University, China)

Traffic matrix (TM) prediction is essential for effective traffic engineering and network management. Based on our analysis of real traffic traces from Wide Area Network (WAN), the traffic flows in TM are both time-varying (i.e. with intra-flow dependencies) and correlated with each other (i.e. with inter-flow correlations). However, most existing works in TM prediction ignore inter-flow correlations.

In this paper, we propose a novel attention-based convolutional recurrent neural network (ACRNN) model to capture both intra-flow dependencies and inter-flow correlations. ACRNN mainly contains two components: 1) Correlational Modeling employs attention-based convolutional structures to capture the correlation of any two flows in TMs; 2) Temporal Modeling uses attention-based recurrent structures to model the long-term temporal dependencies of each flow, and then predicts TMs according inter-flow correlations and intra-flow dependencies. Experiments on two real-world datasets show that, when predicting the next TM, ACRNN model reduces the Mean Squared Error by up to 44.8% and reduces the Mean Absolute Error by up to 30.6%, compared to state-of-the-art method; and the gap is even larger when predicting the next multiple TMs. Besides, simulation results demonstrate that ACRNN's accurate prediction can help traffic engineering to mitigate traffic congestion.

Supporting Multi-dimensional and Arbitrary Numbers of Ranks for Software Packet Scheduling

Jiaqi Zheng, Ya-nan Jiang, Bingchuan Tian, Huaping Zhou, Chen Tian, Guihai Chen, and Wanchun Dou (Nanjing University, China)

Compared with hardware implementation, the software packet scheduler uses the packet queuing data structure and a ranking function according to different dimensions to flexibly determine the packet dequeue order, which can significantly shorten the renewal cycles and increase the function deployment flexibility. The key data structure in prior work either bounds the number of rank or suffers from high computation overhead. In addition, they only support a single dimension and do not scale well. In this paper, we present Proteus, a software packet scheduling system that supports multi-dimensional and arbitrary numbers of ranks. We design a $k$-dimension heap data structure and develop ``push'' and ``pop'' algorithms to perform ``enqueue'' and ``dequeue'' operations. Furthermore, we implement a prototype of Proteus in software switch. Extensive experiments on BESS and numerical simulations show that Proteus can decrease the computation overhead, save the storage space and run much faster than state of the art.

Towards the Construction of Global IPv6 Hitlist and Efficient Probing of IPv6 Address Space

Guanglei Song, Lin He, Zhiliang Wang and Jiahai Yang (Tsinghua University, China); Tao Jin (Tsinghua Shenzhen International Graduate School, China); Jieling Liu and Guo Li (Tsinghua University, China)

Fast IPv4 scanning has made sufficient progress in network measurement and security research. However, it is infeasible to perform brute-force scanning of the IPv6 address space. We can find active IPv6 addresses through scanning candidate addresses generated by the state-of-the-art algorithms, whose probing efficiency of active IPv6 addresses, however, is still very low.

In this paper, we aim to improve the probing efficiency of IPv6 addresses in two ways. Firstly, we perform a longitudinal active measurement study over four months, building a high-quality dataset called hitlist with more than 1.3 billion IPv6 addresses distributed in 45.2k BGP prefixes. Different from previous work, we probe the announced BGP prefixes using a pattern-based algorithm, which makes our dataset overcome the problems of uneven address distribution and low active rate. Secondly, we propose an efficient address generation algorithm DET, which builds a density space tree to learn high-density address regions of the seed addresses in linear time and improves the probing efficiency of active addresses. On the public hitlist and our hitlist, we compare our algorithm DET against state-of-the-art algorithms and find that DET increases the de-aliased active address ratio by 10%, and active address (including aliased addresses) ratio by 14%, by scanning 50 million addresses.

I Know If the Journey Changes: Flexible Source and Path Validation

Fan Yang, Ke Xu and Qi Li (Tsinghua University, China); Rongxing Lu (University of New Brunswick, Canada); Bo Wu (Huawei Technologies, China); Tong Zhang (Nanjing University of Aeronautics and Astronautics, China); Yi Zhao (Tsinghua University, China); Meng Shen (Beijing Institute of Technology, China)

Rich services for data transmission have been provided by current network, yet both users and network operators still cannot be fully confident whether the data transfer process is really consistent with their expectations. No matter from the perspective of detection or defense, source and path validations are fundamentally primitive in constructing security mechanisms, which greatly enhance network immunity in the face of malicious attacks, such as injection, traffic hijacking and hidden threats. While source authentication has been extensively studied, the verification of packets' actual path has been neglected by comparison. Some existing work targeting at adversarial and high-speed environments still generates a high operational overhead in routing nodes and lacks adjustment capability for path dynamic changes.
In this paper, we propose a flexible and convenient source and path validation protocol called PSVM, which uses an authentication structure PIC composed of ordered pieces to carry out packet verification. With basic PSVM, PIC (related to cryptographic computation) in the packet header does not require any update during packet verification, which enables a lower processing overhead in routers. Moreover, we can significantly decrease the communication cost of PIC and improve the operating efficiency while keeping an acceptable level of security in lightweight PSVM. To cope with the challenge of path policy changes in the running protocol, dynamic PSVM supports controllable adjustment and migration, especially in the case of avoiding a malicious node or region. Our evaluation of a prototype experiment on Click demonstrates that the verification efficiency of PSVM is barely influenced by payload size or path length. Compared to the baseline of normal IP routing, the throughput reduction ratio of the basic PSVM is about 13%, which is much better than 28% of existing best solution Origin and Path Trace (OPT). Taking the throughput of basic PSVM as a reference, lightweight PSVM's throughput performance is superior and grows by about 16.2% when carrying a piece of PIC. For a 35-hop path with 30 pieces of PIC needed to be adjusted in dynamic PSVM, the throughput reduction ratio of routing cross node performing the adjustment operation after normal verification is only 2.4%. Finally, we believe that PSVM is a worthy addition to high-speed core networks.

Session Chair

Jianping Wang (CityU Hong Kong)

Watch live stream Enter Zoom
Session 1D

Sensing for Human

4:50 PM — 6:10 PM HKT
Jun 15 Mon, 4:50 AM — 6:10 AM EDT

Mag-Barcode: Magnet Barcode Scanning for Indoor Pedestrian Tracking

Zefan Ge and Lei Xie (Nanjing University, China); Shuangquan Wang (College of William & Mary, USA); Xinran Lu and Chuyu Wang (Nanjing University, China); Gang Zhou (William & Mary, USA); Sanglu Lu (Nanjing University, China)

In typical scenarios for indoor pedestrian tracking, it is essential to accurately track the pedestrians when they are crossing the connections of different spaces. In this paper, we propose a magnet barcode scanning-based solution for indoor pedestrian tracking. We assemble multiple magnet bars into magnet arrays as a unique magnet barcode, and deploy different magnet barcodes at different connections. We embed an IMU into the pedestrian's shoes. When the pedestrian crosses these connections, the magnetometer from the IMU scans the magnet barcode and recognize its ID. Indoor pedestrian tracking is regarded as a process of continuously scanning different magnet barcodes. To build a unique magnet barcode based on the magnet bar arrays, we provide an optimized structure for building the magnet barcode. To tackle the diversities of the pedestrian's gait traces in identifying the magnet barcode, we provide a generalized model based on the space axis. As far as we know, this is the first work to use the magnet bar array to construct the magnet barcode for indoor pedestrian tracking. The real experiment results show that our system can achieve an average accuracy of 88.9% in identifying magnet barcodes and an average accuracy of 93.1% for indoor pedestrian tracking.

GroupCoach: Compressed Sensing Based Group Activity Monitoring and Correction

Yutong Liu, Linghe Kong, Fan Wu and Guihai Chen (Shanghai Jiao Tong University, China)

Group activities like group dance, military parade, or radio gymnastics have excellent ornamental value with its grand scale and uniform movements, while it also introduces difficulties in practice for coaches to monitor and correct the movements and locations for each participator. Wireless body area network (WBAN) is a promising direction for accurate motion tracking in the large-scale group activity. Light-weight sensors can be deployed on their bodies and transmit motion and channel sensing data through wireless spectrum for further analysis. To keep the high quality of service (QoS) of this WBAN on group activity monitoring and correction, three aspects should be achieved by carefully designing: (i) less energy consumption; (ii) higher analysis accuracy; and (iii) lower feedback latency.

Due to the low-rankness of motion and channel sensory data, we propose GroupCoach, a Compressed Sensing (CS) based group activity monitoring and correction system. The data is collected and reconstructed by CS, where the regularities of movements following the music melody are explored for a higher reconstruction accuracy. These reconstructed sensory data are further compared with their anchor values for faulty movement detection and correction. The channel attenuation impacted by body shielding is designed to be reduced by a near-to-far diffusion model. The correction suggestions are finally fed back to sensors for guidance. Evaluations based on the prototype deployed on real group activity participators prove the high QoS of the GroupCoach. It achieves low sensor energy consumption, high data reconstruction accuracy, accurate faulty motion detection and correction, together with fast alert.

PE-HEALTH: Enabling Fully Encrypted CNN for Health Monitor with Optimized Communication

Yang Liu, Yilong Yang and Zhuo Ma (Xidian University, China); Ximeng Liu (Fuzhou University, China); Zhuzhu Wang (Xidian University, China); Siqi Ma (Commonwealth Scientific and Industrial Research Organisation, Australia)

Cloud-based Convolutional neural network (CNN) is a powerful tool for the healthcare center to provide health condition monitor service. Although the new service has future prospects in the medical, patient's privacy concerns arise because of the sensitivity of medical data. Prior works to ease the concern have the following unresolved problems: 1) focus on data privacy but neglect to protect the privacy of the machine learning model itself; 2) introduce considerable communication costs for the CNN inference, which lowers the service quality of the cloud server. To push forward this area, we propose PE-HEALTH, a privacy-preserving health monitor framework that supports fully-encrypted CNN (both input data and model) and optimized communication. In PE-HEALTH, the medical Internet of Things (IoT) sensor serves as the health condition data collector. For protecting patient privacy, the IoT sensor additively shares the collected data and upload the shared data to the cloud server, which is efficient and suited to the energy-limited IoT sensor. To keep model privacy, PE-HEALTH allows the healthcare center to previously deploy and use an encrypted CNN on the cloud server. During the CNN inference process, PE-HEALTH does not need the cloud servers to exchange any extra messages for operating the convolutional operation, which can greatly reduce the communication cost. Experiment results show that compared with existing frameworks, the runtime and communication overheads of PE-HEALTH are extremely reduced compared with existing schemes.

Back-Guard: Wireless Backscattering based User Activity Recognition and Identification with Parallel Attention Model

Man Jiang Yin, Xiang-Yang Li, Yanyong Zhang and Panlong Yang (University of Science and Technology of China, China); Chengchen Wan (University of Science and Technolog of China, China)

With the rapid advance of smart home/office systems, it is now possible to provide a fine grained user activity tracking service that can accurately recognize user activities and their identities in a seamless and non-invasive manner. Such a system can find applications in many domains, such as elder safeguard, customized services, or simply personal activity diary. Recently, several radio frequency (RF) based sensing systems were proposed for human sensing, but most of them focus on limited scenarios and suffer from interference caused by other users or wireless devices. To tackle this challenge, we propose Back-Guard, which achieves accurate and non-intrusive user activity recognition and then user identification through battery-free wireless backscattering. Our proposed system carefully examines the backscatter spectrogram data and extracts high-level features from both spatial and temporal domains that can characterize the user's behaviors. Leveraging the parallel attention based deep learning model, our system can discriminate different motions and users accurately and robustly in various situations.
We implement a prototype system and collect data in actual scenarios from 25 users for over 2 months. Extensive experiments are conducted to demonstrate the the promising performance of our system. In particular, our system achieves 93.4% activity recognition accuracy and 91.5% user identification accuracy, respectively. Our experiments also demonstrate little accuracy reduction when multiple users are separated by around 2 meters.

Session Chair

Wei Dong (Zhejiang U)

Watch live stream Enter Zoom

Made with in Toronto · Privacy Policy · © 2020 Duetone Corp.