1

DDoS Detection at the Scale of One Hundred Tbps

Defending against Distributed Denial-of-Service (DDoS) attacks is a critical priority for cloud providers, who must manage ever-growing volumes of both benign and malicious traffic. While state-of-the-art DDoS detection systems leverage programmable …

Secure Vickrey Auctions for Online Advertising

Online advertising is an essential part of the web ecosystem. When a user's browser lands on a webpage, advertisers bid for the ad space on the webpage. An auction algorithm (e.g., Vickrey/second-price auction) is executed to determine the winner and …

Cost-effective and Reliable Global Internet Peering with Programmable Switches

Large-scale cloud providers always deploy peering routing system at the Internet’s peering edge to route traffic between the cloud and the Internet. Traditional router-based peering systems fail to pace up to the fast-changing application …

An RDMA-First Object Storage System with SmartNIC Offload

AI training and inference impose sustained, fine-grained I/O that stresses host-mediated, TCP-based storage paths. We revisit POSIX-compatible object storage for GPU-centric pipelines and present ROS2, an RDMA-first design that offloads the DAOS …

SQUiD: Synthesizing Relational Databases from Unstructured Text

Relational databases are central to modern data management, yet most data exists in unstructured forms like text documents. To bridge this gap, we leverage large language models (LLMs) to automatically synthesize a relational database by generating …

Exposing RDMA NIC Resources for Software-Defined Scheduling

Remote Direct Memory Access (RDMA) is emerging as a critical utility for large-scale datacenters, delivering significant performance improvements over the traditional TCP networking stack. Recent studies indicate that numerous applications can …

PreAcher: Secure and Practical Password Pre-Authentication by Content Delivery Networks

In today's Internet, websites widely rely on password authentication for user logins. However, the intensive computation required for password authentication exposes web servers to Application-layer DoS (ADoS) attacks exploiting the login interfaces. …

Unlocking ECMP Programmability for Precise Traffic Control

ECMP (equal-cost multi-path) has become a fundamental mechanism in data centers, which distributes flows along multiple equivalent paths based on their hash values. Randomized distribution optimizes for the aggregate case, spreading load across flows …

OpenInfra: A Co-simulation Framework for the Infrastructure Nexus

Critical infrastructures like datacenters, power grids, and water systems are interdependent, forming complex "infrastructure nexuses" that require co-optimization for efficiency, resilience, and sustainability. We present OpenInfra, a co-simulation …

Conspirator: SmartNIC-Aided Control Plane for Distributed ML Workloads

Modern machine learning (ML) workloads heavily depend on distributing tasks across clusters of server CPUs and specialized accelerators, such as GPUs and TPUs, to achieve optimal performance. Nonetheless, prior research has highlighted the …