Keynote 1

Radia Perlman
Intel Labs



Cloud Fabric: Myths, Missteps, and Mysteries

Everyone introduces the ISO reference model of networks with the 7 layer model. We are told that IP is layer 3 and Ethernet is layer 2. What does that mean, really? And what, exactly, is Ethernet? It bears little resemblance to the CSMA/CD protocol invented decades ago. This talk discusses the evolution of Ethernet, from CSMA/CD to spanning tree, and now TRILL. Now that TRILL is routing Ethernet, even using basically the same protocol as is used in many ISPs for routing IP, why isn't Ethernet considered a layer 3 protocol? And why do we need both Ethernet and IP? We examine these mysteries, along with how a bunch of new proposed protocols, such as NVGRE, VXLAN, and shortest paths bridging relate.

[PDF presentation ] [PPT presentation ]

Biography
Radia Perlman is a Fellow at Intel Labs. Her contributions to layers 2 and 3 of networking include making link state routing stable and scalable, and the specific protocol she designed for DECnet in the 1980's (IS-IS) remains deployed in many ISPs today. She also designed the spanning tree protocol which has been the backbone of Ethernet technology for several decades, as well as the more recent TRILL technology, which has been standardized by IETF. Dr. Perlman has taught at MIT and Harvard, and is currently an affiliate professor at University of Washington and adjunct professor at Chinese University of Hong Kong. She is the author of the textbook "Interconnections: Bridges, Routers, Switches and Internetworking Protocols", and coauthor of "Network Security: Private Communication in a Public World". She holds over 100 issued patents, a PhD in computer science from MIT, an honorary doctorate from KTH, and numerous industry awards including lifetime achievement awards from Usenix and ACM SIGCOMM.

Keynote 2

Charlie Kaufman
Microsoft

Cloud Network Security: Challenges and Opportunities

Engineering a network for a large public cloud computing facility presents some unique challenges. Addressable entities like virtual machines need to migrate from place to place while keeping their network connections alive, which would tend to require a highly dynamic routing algorithm with fast convergence. But a primary goal of cloud computing is to reduce costs by pushing all components to their limits, which means maximizing bandwidth, avoiding bottlenecks, and load splitting across parallel paths - all of which argues for a highly tuned highly static configuration. Security challenges take on new forms in a public cloud because the attackers may be inside your network and you can't profile what are "normal" usage patterns because your customers don't have to tell you what they are doing. Even diagnosing problems can be made difficult because you have to respect the privacy of your customers even as you try to determine whether they are trying to intentionally harm your network.
Fortunately, with these challenges come new tools. Data centers are large and homogeneous, without the need (or ability) to rewire things to deal with some new hardware rolling in. Management is largely automated, avoiding the problems of administrators working at cross purposes without knowing of one another's existence. Perhaps most importantly, no untrusted software is directly on the network. Because all network access is funneled through network monitors beyond the reach of even privileged users on a VM, many types of mischief can be blocked, monitored, profiled, and rate limited. This talk will describe some early experiences in this brave new world.

[PDF presentation ] [PPT presentation ]

Biography
Charlie Kaufman is security architect for Windows Azure - Microsoft's Public Cloud offering - where he is involved with all aspects of cloud security from design through responding to ongoing attacks. He has been involved with networking and security issues for over 20 years, first as Network Security Architect at Digital, then as the Chief Security Architect for Lotus Notes and Domino, and most recently as a member of Microsoft's Windows Core Architecture Group focusing on security issues. He has contributed to a number of IETF standards efforts including IPsec and S/MIME, and served as a member of the Internet Architecture Board. He is co-author of the book "Network Security: Private Communication in a Public World", and served on the National Academy of Sciences expert panel whose members wrote the book "Trust In Cyberspace". He holds over 40 patents in the fields of computer security and computer networking.

Keynote 3

Tarik Taleb
NEC Europe

Mobile Cloud Networking: Why and How?

Abstract

Mobile operators are in need of means to cope with the ever-increasing mobile data traffic, introducing minimal additional capital expenditures on existing infrastructures, principally due to the falling Average Revenues per User (ARPU). Network vitalization and cloud computing techniques, along with the principles of the latter in terms of service elasticity, on-demand, and pay-per-use, could be important enablers for various mobile network enhancements and cost reduction.

This keynote will touch upon the recent trends the mobile telecommunications market is experiencing, showcasing some of the emerging consumer products that are facilitating such trends. The keynote will also discuss the challenges these trends are representing to mobile network operators. The keynote will then touch upon the possibility of extending cloud computing beyond data centers towards the mobile end-user, providing end-to-end mobile connectivity as a cloud service. The keynote will introduce a set of technologies and methods for the on-demand provision of a decentralized and elastic mobile network as a cloud service over a distributed network of cloud-computing data centers. The novel business opportunities behind the envisioned mobile cloud architecture and service will be also discussed, considering various multi-stakeholder scenarios. The concept of Follow-Me-Cloud whereby not only data but also mobile services are intelligently following their respective users will be also introduced.

Biography
Dr. Tarik Taleb is currently working as Senior Researcher and 3GPP Standardization Expert at NEC Europe Ltd, Heidelberg, Germany. Prior to his current position and till Mar. 2009, he worked as assistant professor at the Graduate School of Information Sciences, Tohoku University, Japan. From Oct. 2005 till Mar. 2006, he was working as research fellow with the Intelligent Cosmos Research Institute, Sendai, Japan. He received his B. E degree in Information Engineering with distinction, MSc and PhD degrees in Information Sciences from GSIS, Tohoku Univ., in 2001, 2003, and 2005, respectively.

His research interests lie in the field of architectural enhancements to 3GPP networks (i.e., LTE), mobile cloud networking, mobile multimedia streaming, wireless and ad-hoc networking, inter-vehicular communications, satellite and space communications, congestion control protocols, handoff and mobility management, and network security. His recent research has also focused on on-demand media transmission in multicast environments. Dr. Taleb is also directly engaged in the development and standardization of the Evolved Packet System as a member of 3GPP's System Architecture Working Group.

Dr. Taleb is on the editorial board of the IEEE Transactions on Vehicular Technology, IEEE Wireless Communications Magazine, IEEE Communications Surveys & Tutorials, and a number of Wiley journals. He is serving as secretary of the Wireless Communications Technical Committee, the largest in IEEE Communications Society (ComSoc). He also served as Secretary and then as Vice Chair of the Satellite and Space Communications Technical Committee of the IEEE Communication Society (ComSoc) (2006 - 2010). He has been on the technical program committee of different IEEE conferences, including Globecom, ICC, and WCNC, and chaired some of their symposia. He is the recipient of the 2009 IEEE ComSoc Asia-Pacific Young Researcher award (Jun. 2009), the 2008 TELECOM System Technology Award from the Telecommunications Advancement Foundation (Mar. 2008), the 2007 Funai Foundation Science Promotion Award (Apr. 2007), the 2006 IEEE Computer Society Japan Chapter Young Author Award (Dec. 2006), the Niwa Yasujirou Memorial Award (Feb. 2005), and the Young Researcher's Encouragement Award from the Japan chapter of the IEEE Vehicular Technology Society (VTS) (Oct. 2003). Dr. Taleb is a senior IEEE member.

Keynote 4

David Bernstein
IEEE Cloud Standards,
EC FP7 eInfrastructure,
US NIST, Cloudscaling.

IEEE P2302 Intercloud Standard and Testbed project

Abstract

Unlike the "telephony cloud", the "compute and storage clouds" are currently not run by the Telcos, and as a result they are decidely not interoperable or roamable. They also don't function at all like a utility in the regulated sense, slowly becoming more evil as alternatives simply don't exist. Or don't they? This talk speaks to the forces at work in the marketplace and using historical analogies, predicts that the Telcos will become huge Cloud players and that the Intercloud will be as much a game-changer in Cloud Computing as the Internet was to the online services of the 80's. The talk goes on to detail the IEEE P2302 Intercloud Standard and Testbed project, which came out of the predictions of this market dynamic. The standard is now in first working draft, and will be explained in some detail, including the root and exchange architecture, the conversational substrate protocols, the semantic services directory and semantic services matching solver approaches, and so on. The emerging IEEE Intercloud testbed will also be detailed. The talk concludes with ways that interested attendees can participate in the standard or the testbed.

Biography
David Bernstein is VP of Strategy for Cloudscaling. David is also Founder/Working Group Chairman for IEEE P2300 Cloud Standards, Special Adviser to the United States Dept. of Commerce/NIST IT Lab Cloud Project, and Expert Group for the European Commission FP-7 Standards for eInfrastructure. David was an executive at Cisco, AT&T, Siebel, Pluris, Intertrust, and Santa Cruz Operation (SCO). At SCO David created the first widely successful UNIX on a PC - XENIX. David holds several patents, speaks in IEEE and Industry conferences, and has been a key contributor to many standards such as OpenSOA.org, OASIS SCA, WS-I, and IEEE POSIX.

Tutorial speakers

Tutorial Speaker 1

Olivier Bonaventure
UCL, Belgium



Multipath TCP

The Transmission Control Protocol (TCP) is used by the vast majority of applications to transport their data reliably across the Internet and in the cloud. TCP was designed in the 1970s and has slowly evolved since then. Today's networks are multipath: mobile devices have multiple wireless interfaces, datacenters have many redundant paths between servers, and multihoming has become the norm for big server farms. Meanwhile, TCP is essentially a single-path protocol: when a TCP connection is established, the connection is bound to the IP addresses of the two communicating hosts and these cannot change. Multipath TCP (MPTCP) is a major modification to TCP that allows multiple paths to be used simultaneously by a single transport connection. Multipath TCP circumvents the issues mentioned above and several others that affect TCP. The IETF is currently finalising the Multipath TCP RFC and an implementation in the Linux kernel is available today.

This tutorial will present in details the design of Multipath TCP and the role that it could play in cloud environments. We will start with a presentation of the current Internet landscape and explain how various types of middleboxes have influenced the design of Multipath TCP. Second we will describe in details the connection establishment and release procedures as well as the data transfer mechanisms that are specific to Multipath TCP. We will then discuss several use cases for the deployment of Multipath TCP including improving the performance of datacenters,
mobile WiFi offloading on smartphones and IPv4/IPv6 coexistence. All these use cases are key when both accessing cloud-based services or when providing them. We will end the tutorial with some open research issues.

[PDF presentation ] [PPT presentation ]


Biography
Olivier Bonaventure is Professor at Université catholique de Louvain where he leads the IP Networking Lab. His research interests include Internet protocols, traffic engineering, routing, Internet measurements and network management. He is interested in both fundamental and applied research. His PhD students have developed several open-source software packages including the C-BGP simulator, OpenLISP and the shim6 and Multipath TCP implementations in the Linux kernel. He has published more than eighty papers in various scientific journals and conferences and has directed ten PhD thesis. He also contributes to the IETF and has been granted several patents.

Olivier Bonaventure received several awards as a researcher (Alcatel-Bell prize, IEEE INFOCOM 2007 best paper award, USENIX NSDI 2012 community award) and teacher (Wernaers prize for the development of online courses, Saylor.org prize for the open textbook Computer Networking : Principles, Protocols and Practice). He currently serves on the editorial board of IEEE/ACM Transactions on Networking, on the steering committee of ACM Conext, chairs the IEEE Internet award committee and is education Director of ACM SIGCOMM.

Tutorial Speaker 2

Dijiang Huang
ASU, USA



Enhancing Cloud Security Through Software Defined Networking Approaches

Abstract

Software Defined Networking (SDN) is an emerging research area that has attracted a lot of attention from academia, industry, and government. It is an innovation that allows us to control and program the network in a way to make it responsive to networking events in a more proactive fashion., for example, events caused by vulnerability explorations and security breaches,
SDN approach, by providing easy access to flow tables, gives a real-time control over the network switches and allows administrators to monitor and control the route of packets flowing through the network. Thus the packets, which otherwise flow according to fixed and firmware defined rules, can now be analyzed and controlled according to user defined rules. Using this traffic reshaping capability of SDN, security can be improved by controlling of traffic flow in the network such as by redirecting the packets from a suspicious node to an inspection node where in-depth inspection of these packets can be performed.
SDN can help in implementation of other techniques for improving security in a cloud environment such as reconfiguring the network dynamically to enforce packet forwarding, blocking, redirection, reflection, MAC or IP address changing, limiting the packet flow rate etc. This can be considered as a less intrusive alternative to security countermeasures taken at the host level.
In this tutorial, we will introduce the basic features of SDN technologies and explain how to deploy a secure cloud computing system based on SDN solutions. The technical areas that will be presented include: (1) cloud computing and security issues; (2) cloud computing virtual networking systems and SDN management architecture; and (4) dynamic and adaptive security mechanisms based on SDN and case studies.

Biography
Dr. Dijiang Huang received his B.S. degree from Beijing University of Posts & Telecommunications, China 1995. He received his M.S., and Ph.D. degrees from the University of Missouri–Kansas City, in 2001 and 2004, respectively. He joined Arizona State University (ASU) in 2005 as an assistant professor. He is currently an Associate Professor in the School of Computing Informatics and Decision System Engineering at ASU. His current research interests are computer networking, security, and mobile cloud computing. Dr. Huang is currently leading a team to develop a secure mobile cloud computing infrastructure sponsored by ONR. His team is also working on a programmable network infrastructure for future Internet and developing a cloud platform for network security education that are sponsored by NSF.

Dr. Huang is an associate editor of the Journal of Network and System Management (JNSM) and an editor of the IEEE Communications Surveys & Tutorials. He has served as an organizer for many International conferences and workshops. Dr. Huang’s research is supported by NSF, ONR, ARO, Intel, and HP. He is a recipient of ONR Young Investigator Program (YIP) Award 2010 and HP Innovation Research Program (IRP) award 2011 and 2012. He is a senior member of IEEE.