LeftOver projects 2010 - 2011

#	title summary	supervisor contact students	R P	1 / 2
1 SN	Virtual slices in FEDERICA/PlanetLab. Virtualization in the networking world means that users have access and control of dedicated virtual (network) resources. A common usage scenario provides network slices in a physical infrastructure. The FEDERICA project (http://www.fp7-federica.eu), funded by the EU, has created an infrastructure that supports this model. We are looking at an evaluation of the current FEDERICA/PlanetLab functionalities, usability and performance tests. The end result is a recommendation document and implementation plan for the creation of a FEDERICA node in the SNE lab here in Amsterdam.	Jeroen van der Ham <vdham=>uva.nl>, Paola Grosso <p.grosso=>uva.nl> Unavailable at this time	R P
3 S	Dynamic Adaptation of Cloud Resources. With the advance of virtualization technology and experience in their management, complete hardware infrastructures can now be created and managed in the Cloud. One of the virtues of the resource virtualization is that virtual resources can be dynamically reconfigured to application-specific or management requirements. To reduce energy costs, for example, it is possible to move virtual machines to locations with cheap energy. Currently however, there is little or no intelligence in the adaptation of virtual computing facilities to metrics, such as energy cost, CPU resources and network usage. The purpose of this research is to investigate how current Cloud technologies support dynamic adaptation and to implement a use case that solves an optimization issue in Clouds. We will provide access to our various private Clouds in the Netherlands.	Rudolf Strijkers <strijkers=>uva.nl>, Paola Grosso <p.grosso=>uva.nl>
4 SN	Advanced Cloud networks. How can virtual networks be supported in clouds? How will the network fabric of clouds look like? In the recent years machine virtualization and system management evolved into Clouds, i.e. systems that support commercial on-demand access to potentially infinite computational resources. With many users and with many varying resource demand, it is unreasonable to assume that a best effort network service will suffice in the future. However, managing Cloud networks and Cloud inter-connectivity for different application demands presents many problems. Does network virtualization provide a solution to the resulting network management problems? The student gains insight in the problems by creating a proof of concept of a virtual network management system using Eucalyptus. The student is expected to familiarize Eucalyptus [1], an existing open-source cloud software suite. Previous research done at SURFnet by OS3 students had already categorized and evaluated different cloud computing software suites [2], and could be used as a starting point. We are in particular interested in evaluating the implementation and extension of VDE [3] within Eucalyptus. Further investigation could involve the study of other open source cloud software such as OpenNebula[4]. Refs: [1]http://open.eucalyptus.com/ [2]http://staff.science.uva.nl/~delaat/sne-2009-2010/p32/report.pdf [3]http://vde.sourceforge.net/ [4]http://www.opennebula.org/about:about	Rudolf Strijkers <strijkers=>uva.nl>, Paola Grosso <p.grosso=>uva.nl>	R P
5 S	SmartGrids. A survey study in the field of Smart Grids, in particular aimed at application of Advanced Metering Infrastructures. This research starts with a literature study to determine the current status of such infrastructures in The Netherlands. The research question is a broad and practical one: "How can KPMG best contribute to this field?". Hence the literature study will be extended with a practical part to demonstrate the feasibility of the proposed opportunities for KPMG. If time permits, creation a test setup or proof of concept environment is part of the assignment.	Sander Klous <Klous.Sander=>kpmg.nl>
6 S	SOA performance engineering. A study aimed at performance engineering of complex SOA landscapes with discrete event models. The research question is: "Is it feasible to perform such an analysis for our customers? The student will implement a discrete event model to reproduce the performance related behavior of one of our customer environments (or an environment closely reflecting our customer environments). If time permits a cost-benefit analysis of a performance engineering proposition is part of the assignment.	Sander Klous <Klous.Sander=>kpmg.nl>
7	Bus stop location The goal of the assignment is to develop a better systems to determine whether a bus has reached its stop (bushalte). Currently GPS is used, with buses periodically transmitting their GPS location. However, the simple approach to compare the GPS location transmitted by the bus with a map with GPS locations of bus stops within an error circle of appropriate radius, is experiencing the following operational difficulties, which make the ‘approprate radius’ too high to be practically usable. How to deal with curved roads combined with the situation where the “instaphalte” is different from the “uitstaphalte”; How to deal with a situation when there is already a bus waiting at the bus stop and passengers get out/in behind the stop; How to deal with the situation when the bus is driving by at maximum speed a stop (when there are no passengers to get out/ or in) and the GPS transmission indicate once the bus is “before the stop” and once “after the stop”. Would it be a better approach to indicate a stop by a rectangle centered at the bus stop? Are there other solutions? Additional info: p07/Bus-stop-location-C00.doc	Maurits de Graaf <maurits.degraaf=>nl.thalesgroup.com>
14 N	Advanced naming service in Clouds. In the recent years machine virtualization and system management evolved into Clouds, i.e. systems that support commercial on-demand access to potentially infinite computational resources. The underlying Internet technologies and concepts remained largely unchanged, however. One limitation of current Internet technologies is that robust distributed applications need special network services to support mobility, load balancing, and failover. In these cases, changing the association of a network address with the application service causes a problem. Here, we focus on the implementation of an extension to DNS that put applications in a Cloud environment in control of their network address mapping.	Rudolf Strijkers <strijkers=>uva.nl>, Paola Grosso <p.grosso=>uva.nl>
15 S	Trustworthiness of Cyber Infrastructure for e-Science The 'trustworthiness' of systems in a large-scale Grid system depends on many factors. A Grid consists of many different systems, spread over multiple administrative domains. This has an impact on security and reliability of the system. For medical applications, a large degree of assurance is required that systems cannot be hacked, because the data and computations running on those systems can be very privacy sensitive. Hospitals are legally responsible for providing the highest possible degree of assurance that data concerning their patients remains well protected, which makes named aspects very important in practice. For more information, see for example http://www.science.uva.nl/~noordend/publications/ccgrid08.pdf In this project, you should analyze how you can construct machine-readable descriptions of systems in such a way, that it becomes possible to reason over this system's level of security, in particular the system's ability to withstand attack. For this, a description of all the software running on this machine, from the operating system version up to the version numbers of all relevant (network-accessible or otherwise security critical) software packages, and configuration aspects of the system, should be generated. Next, this description should be compared with information obtained from (public or private) vulnerability report databases. In this project, you should explore the possibilities for generating host descriptions, as well as potential difficulties in obtaining information from vulnerability databases and comparing this information with the generated host descriptions.	Guido van 't Noordende <guido=>science.uva.nl>
16 N	Multi-layer Failure Recovery in Computer Networks Computer networks implement all kinds of mechanisms to improve end-to-end Quality of Service. In case of high robustness requirements, network operators can choose to implement failure recovery mechanisms at any layer in the OSI reference model or even stack failure recovery mechanisms at multiple layers. The lower such recovery mechanisms are implemented in the network stack, the faster a network reacts to failure. However, the network service manager at the highest layer has a global network overview, which allows many more options to deal with failures. Do multilayer failure recovery mechanisms improve overall robustness? What about the recovery time? What is a good approach to combine the recovery speed of lower layer failure recovery mechanisms with high-level failure recovery mechanisms?	Rudolf Strijkers <strijkers=>uva.nl>
18 SN	DNSSEC Mobile browser extension. Tools like Firesheep are clearly showing the growing issue with trust roaming users of internet are having. Increasing, end users depend on untrustworthy (wifi) networks ("Free Public Wifi"), which means that for starters they cannot trust the DNS provider within that network. DNSSEC is an internet standard that provides a cryptographic seal of authenticity on domain names, giving real proof of the validity of the domain name you use when you visit a website, chat or send an email. Your project is to enable mobile users to profit from DNSSEC - where available - so they can at least establish the desired destination of their packets. You will build a proof of concept Mozilla Fennec/Opera Mobile/Chromium extension that checks whether a domain name in displayed page address is secured by DNSSEC. The users should be able to easily visually (or auditively, if they are blind) recognize whether the page was loaded from the authentic server or whether the page could have been spoofed.	Michiel Leenaars <michiel=>nlnet.nl>
22 N	Real Time Text. Real Time Text (RFC 4103) RTT is conversational text that is sent and received on a character by character basis, rather than stanza (paragraph) based. The characters are sent immediately once typed and also displayed immediately to the receiving person or people. This allows text to be used in the same conversational mode as voice. RTT is suited for both streaming text (conference subtitling) as well as direct user interaction. Particularly among the deaf community RTT can make a huge difference - imagine not having to wait half a minute when someone is typing a longer line of text, but being able to read what they type when they type it. In your project you will integrate the T.140 Real-Time Text protocol over RTP into the open source into the open source PJSIP framework. In your project you will write a proof of concept RTT codec as described in RFC 4103 that will allow to transmit and receive text over RTP (written in C). Sending and receiving of RTP and RTCP packets is already implemented in PJSIP and will be reused. The actual RTT codec must be written in C similar to an audio stream implementation and pushed to PJSIP project repository. If possible, you will look at how to integrate this into the open source SIP SIMPLE client library.	Michiel Leenaars <michiel=>nlnet.nl>	R P
23 N	SIP Hotline. Experienced internet users regularly find themselves in the situation where they have a novice user at the other end in non-optimal situations (such as behind a NAT, or on a mobile IP address that does not allow certain forms of incoming traffic) that urgently has to send them some large files. In most cases, this is solved by using a remote service like Dropbox to exchange the files. However, this comes at a rather hefty price: both speed and privacy suffer from relying on this man in the middle. In this project you will implement an elegant P2P solution to this problem, reusing the existing P2P file transfer capabilities of the SIP protocol and the versatile open source sipsimple client SDK (sipsimpleclient.com) to provide a single purpose 'drag and drop' application (desktop widget) that can send specific files or directories to a chosen SIP endpoint without any setup - truly one click. You look at the possible ways in which applications such as Blink (icanblink.com) could distinguish such incoming files from SPIM (spam over IM). You investigate what basic services could be useful in the given scenario, such as the possibility to monitor for new files in a directory once the app is running, or pushing remote shell access to the sysadmin.	Michiel Leenaars <michiel=>nlnet.nl>
24 S	Optimization of distributed automation systems. Current automation systems are distributed due to the large variety of sensors and actuators needed to monitor & control different processes over a field (e.g, smart buildings, industrial factories). Designing such of automation systems deals with various factors (e.g., location of sensors/actuators, communication possibilities, costs of materials, automation constrains). In an architecture of an automation system composed of distributed nodes, how an assistant-designer tool would optimize&verify the design parameters of a certain automation project such as: maximum time for input/output process data to be exchanged in the network, failover possibilities, energy consumption, etc.?	Mihai Cristea <m.l.cristea=>uva.nl>
28 S	Reverse Engineering of Patches/Updates. With new reverse engineering tools it is possible to determine the purpose of patches released by companies like Microsoft, Oracle, Cisco, etc. This creates a potential problem because hackers can quickly reverse engineer a patch, determine what the patch does and which vulnerability it fixes and then develop an exploit to take advantage of the vulnerability before the majority of systems have been patched properly. Research the problem and develop strategies to counter the threat. Is it possible to hinder the reverse engineering process or should we hinder the effectiveness of reverse engineering?	Lourens Bordewijk <lbordewijk=>deloitte.nl>, Derk Wieringa <dwieringa=>deloitte.nl>
30 SN	A lightweight QoS query language for network resources. Problem context: Network services play an important role in the e-Science workflows in which data movement between processes are the main performance bottleneck of the application. Including the QoS of network services in the tuning loop of the application performance extends the application level quality optimization. The Network QoS aware workflow planning is a research line in the SNE group, we proposed an agent based solution to describing application level quality requirements, searching network resources, and composing data movement workflows and network provisioning plans. Problem description: Leightweight QoS query language for network resources”. To simplify the usage of QoS abstract workflow (QoSAWF) schema, a lightweight QoS query language is needed for users/software agents to describe application quality requirements for underlying resources. The main tasks of the project include: defining a query language based on the QoSAWF ontology, and developing an interpreter for the language. 2) “Visualization of the network candidates”. A intuitive representation of the network resources discovered by the resource discovery agent allows human users to view the differences between results and to perform further selection. The goal of the project is to develop a service which can be invoked by both standalone applications as well as web interface to visualize network resources discovered by the search engine.	Zhiming Zhao <z.zhao=>uva.nl>
31 N	Visualization of the network candidates. Problem context: Network services play an important role in the e-Science workflows in which data movement between processes are the main performance bottleneck of the application. Including the QoS of network services in the tuning loop of the application performance extends the application level quality optimization. The Network QoS aware workflow planning is a research line in the SNE group, we proposed an agent based solution to describing application level quality requirements, searching network resources, and composing data movement workflows and network provisioning plans. Problem description: A intuitive representation of the network resources discovered by the resource discovery agent allows human users to view the differences between results and to perform further selection. The goal of the project is to develop a service which can be invoked by both standalone applications as well as web interface to visualize network resources discovered by the search engine.	Zhiming Zhao <z.zhao=>uva.nl>
34 F	DFRWS Forensics Challenge 2011 The DFRWS 2011 Challenge primarily focuses on the development of tools and research techniques for analysing <TO BE FILLED IN>. http://www.dfrws.org/2011/challenge/index.shtml	Hans Wim Tinholt <Tinholt.HansWim=>kpmg.nl>
35 SN	Optimization of distributed automation systems Current automation systems are distributed due to the large variety of sensors and actuators needed to monitor & control different processes over a field (e.g, smart buildings, industrial factories). Designing such of automation systems deals with various factors (e.g., location of sensors/actuators, communication possibilities, costs of materials, automation constrains). In an architecture of an automation system composed of distributed nodes, how an assistant-designer tool would optimize&verify the design parameters of a certain automation project such as: maximum time for input/output process data to be exchanged in the network, failover possibilities, energy consumption? The students would be using an infrastructure of interconnected nodes deployed in one of our Clouds to design, implement, and deploy a distributed application that would exchange network data based on certain automation system requirements (requirements that may change over time). Next, a controller (a centralised application) would analyse&report the correctness of the distributed application runtime by monitoring the infrastructure.	Mihai Cristea <m.l.cristea=>uva.nl>
36 SN	World IPv6 day monytoring&analysis&wild idea's! As you probably are aware there will be a big IPv6 World Day on June 8, 2011. For more information have a look at <http://isoc.org/wp/worldipv6day/> and <http://ipv6day.nl/> On that day we will also organise a big event here at Science Park in cooperation with HvA, ISOC.nl, SURFnet, RIPE NCC, NLnet Labs en SIDN. This might be an excellent opportunity to define an RP2 project in relation to IPv6 (measurements, security, routing, DNS, stability, reachabillity, load,...). I would like to invite you to think about possible projects in this area and submit your proposals. Start looking on the websites of the organisations mentioned above for some ideas. We can help you get into contact with people from those organisations to supervise your projects, if needed. But first we need you to come up with some ideas. Some idea's out of the top (or bottom) of my head (CdL): monitoring the Internet before, during and after june 8th and look for changes+explain monitoring&compairing routes in ipv4 and ipv6 throughput performances from/to clients/servers in the different protocols probing asic or general processor handling of IPv6 packets in routers in the path (microtiming) visualisation of ipv4 versus ipv6 using playstation or kinect innovative tools ipv6 configuration for dummies innovative tools for managing hybrid ipv4/6 nets etc......... For several reasons (including the contest published on the ipv6day.nl page): more students can choose this subject but you have to work individually!	Karst Koymans <karst=>os3.nl>
37 SN	Monityor # of IPv6 users on Federated Identity Portal WAYF. Het gaat om het opzetten van een systeem om het aantal (potentiële) IPv4/IPv6 gebruikers vast te stellen voor de Federated identity portal (WAYF, 'where are you from'). Deze dienst wordt door een aantal NREN's gedraaid. De Deense WAYF is IPv4 only, omdat men daar het idee post heeft gevat dat er tot 2% users problemen gaan krijgen als ze IPv6 aanzetten... De Nederlandse WAYF (SURFnet) is al tijden 4+6, en daar zijn weinig tot geen problemen mee (Joost klopt dat?), Maar weten we niet echt zeker, het zijn allemaal aannames. Quote from Brook Schofield: Some people fail to see the value in IPv6 therefore we should offer the following: vhosts on the one box: img6.terena.org/1pixel.png img4.terena.org/1pixel.png imgDS.terena.org/1pixel.png img6 would be an IPv6 only host. img4 would be an IPv4 only host. imgDS would be a Dual-Stack host. the host would then correlate http/https requests (possibly embedded in a wayf (WAYF.dk wayf or other wayf)) and based on: referrer => determine which federation/organisation it is from remote_addr => which organisation/region it is from and based on whether there is 1-3 requests determine whether: client supports only v4 OR v6 (unlikely) client supports v4 AND v6 whether the client prefers v6 OR v4 (DS host preferred mechanism) Then generate some interface based on the logs which displays % of IPv6 users vs IPv4 users. Locations of IPv6 users. Finally allow the filtering of referrer so you can see IPv6 usage within a particular federation. This could be run as a REFEDS service. Or even eduGAIN - but eduGAIN doesn't have centralised WAYF. But it could be added to websites such as edugain.org eduroam.org refeds.org terena.org :-). Could be our IPv6 Day project. Some possible extensions: not limited to federations could be more complex with a distributed architecture and linked via message queues. use of CDN to make the service more resilient UI could include options for Browser matching + Operating System Matching. Could match MAC address for non-privacy controlled IPv6 addresses. reporting interface.	Dyonisius Visser <visser=>terena.org>
38 SN	Efficient transport from multiple ssd to multiple ssd server on high rtt network Internet protocols designed 30 years ago, such as TCP, are still widely used and it is amazing that those still work. However, more and more it becomes clear that in networks with 100 Gb/s speed and 100 ms RTT packet loss and other congestion avoidance protocols can cause a very inefficient behavior of the transport. The current TCP protocol keeps a buffer in memory on both the sending and receiving side to allow retransmission for lost data. The protocol makes sure that when received data is successfully processed on the receiving side this data is also removed from the buffer on the sending side and makes room for new data. This so called sliding window protocol becomes very inefficient in extreme situations with high speed and round trip time. Lost packets cause the retransmission of data but also block the sending side from removing old data and filling its buffer with new data. Due to the round trip time it will take a while before the sender is notified from success or failure. One of the reasons for this buffering system is the inability or high cost for the sending side protocol to re-read the data that got lost. Obviously in interactive applications (telnet alike) asking the user to type the last line again is a no-go. In case of file transfer one could propose to re-read data from the source media (disk or tape). That was considered an expensive operation as the device needs to mechanically reposition itself what takes considerable time compared with the speeds in the network. However, solid state disks do not have moving parts and read operations have no seek time. Given the low cost of (re-)reading data from ssd's make a file transfer protocol that reads data, that is lost in the network, again from the source media. In essence this places the sliding window in TCP completely on the file. If we also assume or know that we are operating inside a private lightpath or vlan environment with dedicated capacity one could also study network behavior where the congestion avoidance is completely absent. The senders always transmit at maximum rate and don't care when packets get dropped in the network under the assumption that retransmission is a low cost operation. This assignment is to study the behaviour of new transport protocols on high rtt network eventually with also some serious packet loss. Some avenues to study: bittorrent kind of behaviour rdudp like protocols own developed protocols Note that we seek a file transport protocol that is optimized for single source/destination single socket. Parallel sockets with highly statistical behavious is already studies elsewhere an proven more or less to work, although hard to tune. See also: http://www.delaat.net/ssdtcp/index.html	Jaap van Ginkel <J.A.vanGinkel=>uva.nl>
45 N	DNS Services. Whereas DNS has been originally been built as a part of the internet infrastructure to resolve host names, some companies are using DNS as basis for value-added services ("monetizing DNS"). Some examples are dynamic DNS for hosts with dynamic IP addresses (e.g. assigned via DHCP, like dyndns.com, opendns.com), user and infrastructure ENUM, blacklists (email), parental control, SW version updating, redirect to search page in case of non-valid lookup ("Google suggest" alike feature), non-ISP DNS (e.g. Google's Public DNS), DNS as public key infrastructure, ... The purpose of this Research Project is to achieve a better understanding how "DNS services" relates to "DNS as vital part of the internet infrastructure". The following activities could be part of the Research Project. -Make an overview of ways that DNS can be used creatively, different from its original intended use -Model the different ways of using DNS Analyse the impact of these alternative uses of DNS on the global internet Built a prototype that illustrates the impact of alternative DNS use	Oskar van Deventer <oskar.vandeventer=>tno.nl>

LeftOver projects 2010 - 2011

Virtual slices in FEDERICA/PlanetLab.

Dynamic Adaptation of Cloud Resources.

Advanced Cloud networks.

SmartGrids.

SOA performance engineering.

Advanced naming service in Clouds.

Trustworthiness of Cyber Infrastructure for e-Science

Multi-layer Failure Recovery in Computer Networks

DNSSEC Mobile browser extension.

Real Time Text.

SIP Hotline.

Optimization of distributed automation systems.

Reverse Engineering of Patches/Updates.

A lightweight QoS query language for network resources.

Visualization of the network candidates.

DFRWS Forensics Challenge 2011

Optimization of distributed automation systems

World IPv6 day monytoring&analysis&wild idea's!

Monityor # of IPv6 users on Federated Identity Portal WAYF.

Efficient transport from multiple ssd to multiple ssd server on high rtt network

DNS Services.