Who's your Daddy?

Home | Research | Publications | Teaching | Coursework | Software | Contact


mOS networking stack provides elegant abstractions for stateful flow processing tailored for middlebox applications. Our API allows developers to focus on the core application logic instead of dealing with low-level packet/flow processing themselves. Under the hood, the stack implements an efficient event system derived from mTCP, a high-performance user-level TCP/IP stack. Our evaluation demonstrates that the mOS API enables modular development of stateful middleboxes, often significantly reducing development efforts represented by the source lines of code, while introducing little performance overhead. [CCR 2015, NSDI 2017] [Project Webpage].


mTCP is a high-performance user-level TCP stack for multicore systems. It addresses the inefficiencies of current Linux-based TCP/IP stack from the ground up - from packet I/O and TCP connection management to the application interface. In addition to adopting well-known techniques, mTCP (1) allows efficient flow-level event aggregation, and (2) performs batch processing of RX/TX packets for high I/O efficiency. mTCP improves the performance of small message transactions by a factor 25 than that of latest Linux TCP stack. [NSDI 2014] [Project Webpage].


A device framework under development in which input keystroke events are securely coupled with actual textual content typed by humans for reliable network payload delivery. This scheme is based on trusted computing principles that places the root of trust on a customized input device running a trusted platform module (TPM) chip and a small attester daemon within it. Each input event generates a cryptographic hash that attests to human activity and the combined message attestation (derived from such events) gets a third-party verifiable digital signature. These human attestations are then attached to the actual messages which ultimately assist in reducing false positive rates in the recipients' filter modules. Please email in case you wish to read the technical report. [APSYS 2010, NSDI 2011]


Intrusion attempts on the Internet have consistently risen in the last few years. As the link bandwidths of large campus & meteropolitan area networks reach 10 Gbps, network administrators have employed high-performance intrusion detection systems (IDSes) that use dedicated network processors and specialized memory to cope with the increasing ingress traffic rates. Unfortunately, the deployment and maintainence costs of such solutions are inevitably high, and the hardware design is often too inflexible to adopt new analysis algorithms. Kargus is a highly-scalable software-based IDS that runs on commodity PCs and its performance is comparable to hardware-based IDSes. It effectively exploits the potentials of modern hardware innovations such as multicore CPUs, heterogeneous GPUs and multi-queue interface of NICs that drives its monitoring rate by up to 33 Gbps in real time. [CCS 2012] [Project Webpage].


DDoS attacks increasingly use normal-looking application-layer requests to waste HTTP server CPU or disk resources. CAPTCHAs attempt to distinguish bots from human clients and are often used to avoid such attacks. However, CAPTCHAs themselves consume resources and are frequently defeated. Bobuster is an extensible ebtables module that pushes client authentication in the kernel while overcoming several limitations in Kill-Bots (NSDI 2005). It can easily be deployed as a bridge in front of server farms, modularly accepts a variety of present and future authentication schemes, and can do server-directed client authentication and packet classification. [ICCCN 2008, LCN 2010]

Muhammad Jamshed 2010 - 2017

Originally designed by sitewriters.co.uk