Habib Mostafaei

Dominik Roy George, Wouter van Hoof, Habib Mostafaei et al.

The IETF standard Manufacturer Usage Description (MUD) enables manufacturers to equip IoT devices with certified URLs that provide traffic profiles for those devices, helping administrators enforce network access control. However, MUD assumes devices operate on full IP stacks and therefore does not account for constrained IoT devices running Thread--the dominant low-power mesh networking standard--which lacks complete TCP/IP functionality. While prior work proposes extensions to support MUD in Thread environments, these approaches are limited to simple topologies with a single border router and do not scale to realistic deployments with multiple, heterogeneous border routers. We introduce MeshGuard, a framework enabling MUD-based access control in complex Thread networks, with any number of border routers. MeshGuard extends the Mesh Link Establishment (MLE) protocol to deliver MUD information from constrained devices to border routers regardless of network topology. Moreover, MeshGuard leverages Software-Defined Networking (SDN) to synchronize access control lists across all routers. Experiments on our proof-of-concept with real devices (nRF5340, nRF52833, Raspberry-Pi 3) demonstrate enhanced security, minimal overhead, and linear scalability compared to state-of-the-art approaches.

Krishna Agarwal, Muhamad Rizka Maulana, Vamsi Addanki et al.

Modern datacenter switches share packet buffers across ports to boost overall throughput and reduce packet loss. However, as buffer availability per-port-per-bandwidth unit continues to decrease, existing buffer-sharing strategies face increasing performance challenges. Recent efforts have attempted to integrate Buffer Management (BM) with Active Queue Management (AQM) to harness the advantages of both BM and AQM approaches to improve performance. While these hybrid solutions show promise, their complexity of dynamically calculating multiple factors for integration hinders generalization and efficiency. This paper presents BShare, a simple buffer sharing mechanism that uses packet queueing delay. BShare requires only a single operator-configurable parameter. Our simulation results show that BSHARE improves the flow completion time (FCT) performance of advanced transport protocols, such as PowerTCP, by up to 45.07% compared to ABM, particularly under burst-heavy datacenter workloads.