% % This file was created by the TYPO3 extension % bib % --- Timezone: CEST % Creation date: 2024-04-18 % Creation time: 09-47-17 % --- Number of references % 41 % @Inproceedings { 2024-wagner-madtls, title = {Madtls: Fine-grained Middlebox-aware End-to-end Security for Industrial Communication}, year = {2024}, month = {7}, day = {1}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-wagner-madtls.pdf}, booktitle = {19th ACM ASIA Conference on Computer and Communications Security (ACM AsiaCCS '24), Singapur}, event_place = {Singapur}, event_name = {ACM ASIA Conference on Computer and Communications Security (AsiaCCS)}, event_date = {July 1-5, 2024}, state = {unpublished}, reviewed = {1}, author = {Wagner, Eric and Heye, David and Serror, Martin and Kunze, Ike and Wehrle, Klaus and Henze, Martin} } @Inproceedings { 2024-kunze-spintrap, title = {SpinTrap: Catching Speeding QUIC Flows}, year = {2024}, month = {5}, day = {7}, publisher = {IEEE/IFIP}, booktitle = {Proceedings of the 2024 IEEE/IFIP Network Operations and Management Symposium (NOMS '24)}, event_name = {2024 IEEE/IFIP Network Operations and Management Symposium}, state = {accepted}, reviewed = {1}, author = {Kunze, Ike and Sander, Constantin and Tissen, Lars and Bode, Benedikt and Wehrle, Klaus} } @Inproceedings { 2024-kunze-civic, title = {In-Situ Model Validation for Continuous Processes Using In-Network Computing}, year = {2024}, month = {5}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2024/2024-kunze-civic.pdf}, booktitle = {Proceedings of the 7th IEEE International Conference on Industrial Cyber-Physical Systems (ICPS '24)}, state = {accepted}, reviewed = {1}, author = {Kunze, Ike and Scheurenberg, Dominik and Tirpitz, Liam and Geisler, Sandra and Wehrle, Klaus} } @Inproceedings { 2023-kunze-spin-bit-in-the-wild, title = {Does It Spin? On the Adoption and Use of QUIC’s Spin Bit}, year = {2023}, month = {10}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-kunze-spin-bit-in-the-wild.pdf}, publisher = {ACM}, booktitle = {Proceedings of the Internet Measurement Conference (IMC '23)}, event_name = {Internet Measurement Conference 2023}, DOI = {10.1145/3618257.3624844}, reviewed = {1}, author = {Kunze, Ike and Sander, Constantin and Wehrle, Klaus} } @Inproceedings { 2023-sander-quic-ecn, title = {ECN with QUIC: Challenges in the Wild}, year = {2023}, month = {10}, tags = {legato}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-sander-quic-ecn.pdf}, web_url = {https://arxiv.org/abs/2309.14273}, publisher = {ACM}, booktitle = {Proceedings of the Internet Measurement Conference (IMC '23)}, event_name = {Internet Measurement Conference 2023}, ISBN = {979-8-4007-0382-9/23/10}, DOI = {10.1145/3618257.3624821}, reviewed = {1}, author = {Sander, Constantin and Kunze, Ike and Bl{\"o}cher, Leo and Kosek, Mike and Wehrle, Klaus} } @Inproceedings { 2023-dahlmanns-docker, title = {Secrets Revealed in Container Images: An Internet-wide Study on Occurrence and Impact}, year = {2023}, month = {7}, day = {10}, pages = {797-811}, abstract = {Containerization allows bundling applications and their dependencies into a single image. The containerization framework Docker eases the use of this concept and enables sharing images publicly, gaining high momentum. However, it can lead to users creating and sharing images that include private keys or API secrets—either by mistake or out of negligence. This leakage impairs the creator's security and that of everyone using the image. Yet, the extent of this practice and how to counteract it remains unclear. In this paper, we analyze 337,171 images from Docker Hub and 8,076 other private registries unveiling that 8.5\% of images indeed include secrets. Specifically, we find 52,107 private keys and 3,158 leaked API secrets, both opening a large attack surface, i.e., putting authentication and confidentiality of privacy-sensitive data at stake and even allow active attacks. We further document that those leaked keys are used in the wild: While we discovered 1,060 certificates relying on compromised keys being issued by public certificate authorities, based on further active Internet measurements, we find 275,269 TLS and SSH hosts using leaked private keys for authentication. To counteract this issue, we discuss how our methodology can be used to prevent secret leakage and reuse.}, keywords = {network security; security configuration; secret leakage; container}, tags = {ven2us, internet-of-production,}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-dahlmanns-asiaccs.pdf}, publisher = {ACM}, booktitle = {Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security (ASIACCS '23), July 10-14, 2023, Melbourne, VIC, Australia}, event_place = {Melbourne, VIC, Australia}, event_name = {ASIA CCS '23}, event_date = {July 10-14, 2023}, ISBN = {979-8-4007-0098-9/23/07}, DOI = {10.1145/3579856.3590329}, reviewed = {1}, author = {Dahlmanns, Markus and Sander, Constantin and Decker, Robin and Wehrle, Klaus} } @Inproceedings { 2023-grote-mvca-fairness, title = {Instant Messaging Meets Video Conferencing: Studying the Performance of IM Video Calls}, year = {2023}, month = {6}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-grote-mvca-fairness.pdf}, publisher = {IFIP/IEEE}, booktitle = {Proceedings of the Network Traffic Measurement and Analysis Conference (TMA '23)}, ISBN = {978-3-903176-58-4}, DOI = {10.23919/TMA58422.2023.10199019}, reviewed = {1}, author = {Grote, Laurenz and Kunze, Ike and Sander, Constantin and Wehrle, Klaus} } @Incollection { 2023_pennekamp_crd-a.i, title = {Evolving the Digital Industrial Infrastructure for Production: Steps Taken and the Road Ahead}, year = {2023}, month = {2}, day = {8}, pages = {35-60}, abstract = {The Internet of Production (IoP) leverages concepts such as digital shadows, data lakes, and a World Wide Lab (WWL) to advance today’s production. Consequently, it requires a technical infrastructure that can support the agile deployment of these concepts and corresponding high-level applications, which, e.g., demand the processing of massive data in motion and at rest. As such, key research aspects are the support for low-latency control loops, concepts on scalable data stream processing, deployable information security, and semantically rich and efficient long-term storage. In particular, such an infrastructure cannot continue to be limited to machines and sensors, but additionally needs to encompass networked environments: production cells, edge computing, and location-independent cloud infrastructures. Finally, in light of the envisioned WWL, i.e., the interconnection of production sites, the technical infrastructure must be advanced to support secure and privacy-preserving industrial collaboration. To evolve today’s production sites and lay the infrastructural foundation for the IoP, we identify five broad streams of research: (1) adapting data and stream processing to heterogeneous data from distributed sources, (2) ensuring data interoperability between systems and production sites, (3) exchanging and sharing data with different stakeholders, (4) network security approaches addressing the risks of increasing interconnectivity, and (5) security architectures to enable secure and privacy-preserving industrial collaboration. With our research, we evolve the underlying infrastructure from isolated, sparsely networked production sites toward an architecture that supports high-level applications and sophisticated digital shadows while facilitating the transition toward a WWL.}, keywords = {Cyber-physical production systems; Data streams; Industrial data processing; Industrial network security; Industrial data security; Secure industrial collaboration}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-pennekamp-iop-a.i.pdf}, publisher = {Springer}, series = {Interdisciplinary Excellence Accelerator Series}, booktitle = {Internet of Production: Fundamentals, Applications and Proceedings}, ISBN = {978-3-031-44496-8}, DOI = {10.1007/978-3-031-44497-5_2}, reviewed = {1}, author = {Pennekamp, Jan and Belova, Anastasiia and Bergs, Thomas and Bodenbenner, Matthias and B{\"u}hrig-Polaczek, Andreas and Dahlmanns, Markus and Kunze, Ike and Kr{\"o}ger, Moritz and Geisler, Sandra and Henze, Martin and L{\"u}tticke, Daniel and Montavon, Benjamin and Niemietz, Philipp and Ortjohann, Lucia and Rudack, Maximilian and Schmitt, Robert H. and Vroomen, Uwe and Wehrle, Klaus and Zeng, Michael} } @Incollection { 2023_rueppel_crd-b2.ii, title = {Model-Based Controlling Approaches for Manufacturing Processes}, year = {2023}, month = {2}, day = {8}, pages = {221-246}, abstract = {The main objectives in production technology are quality assurance, cost reduction, and guaranteed process safety and stability. Digital shadows enable a more comprehensive understanding and monitoring of processes on shop floor level. Thus, process information becomes available between decision levels, and the aforementioned criteria regarding quality, cost, or safety can be included in control decisions for production processes. The contextual data for digital shadows typically arises from heterogeneous sources. At shop floor level, the proximity to the process requires usage of available data as well as domain knowledge. Data sources need to be selected, synchronized, and processed. Especially high-frequency data requires algorithms for intelligent distribution and efficient filtering of the main information using real-time devices and in-network computing. Real-time data is enriched by simulations, metadata from product planning, and information across the whole process chain. Well-established analytical and empirical models serve as the base for new hybrid, gray box approaches. These models are then applied to optimize production process control by maximizing the productivity under given quality and safety constraints. To store and reuse the developed models, ontologies are developed and a data lake infrastructure is utilized and constantly enlarged laying the basis for a World Wide Lab (WWL). Finally, closing the control loop requires efficient quality assessment, immediately after the process and directly on the machine. This chapter addresses works in a connected job shop to acquire data, identify and optimize models, and automate systems and their deployment in the Internet of Production (IoP).}, keywords = {Process control; Model-based control; Data aggregation; Model identification; Model optimization}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-rueppel-iop-b2.i.pdf}, publisher = {Springer}, series = {Interdisciplinary Excellence Accelerator Series}, booktitle = {Internet of Production: Fundamentals, Applications and Proceedings}, ISBN = {978-3-031-44496-8}, DOI = {10.1007/978-3-031-44497-5_7}, reviewed = {1}, author = {R{\"u}ppel, Adrian Karl and Ay, Muzaffer and Biernat, Benedikt and Kunze, Ike and Landwehr, Markus and Mann, Samuel and Pennekamp, Jan and Rabe, Pascal and Sanders, Mark P. and Scheurenberg, Dominik and Schiller, Sven and Xi, Tiandong and Abel, Dirk and Bergs, Thomas and Brecher, Christian and Reisgen, Uwe and Schmitt, Robert H. and Wehrle, Klaus} } @Incollection { 2023_klugewilkes_crd-b2.iv, title = {Modular Control and Services to Operate Line-less Mobile Assembly Systems}, year = {2023}, month = {2}, day = {8}, pages = {303-328}, abstract = {The increasing product variability and lack of skilled workers demand for autonomous, flexible production. Since assembly is considered a main cost driver and accounts for a major part of production time, research focuses on new technologies in assembly. The paradigm of Line-less Mobile Assembly Systems (LMAS) provides a solution for the future of assembly by mobilizing all resources. Thus, dynamic product routes through spatiotemporally configured assembly stations on a shop floor free of fixed obstacles are enabled. In this chapter, we present research focal points on different levels of LMAS, starting with the macroscopic level of formation planning, followed by the mesoscopic level of mobile robot control and multipurpose input devices and the microscopic level of services, such as interpreting autonomous decisions and in-network computing. We provide cross-level data and knowledge transfer through a novel ontology-based knowledge management. Overall, our work contributes to future safe and predictable human-robot collaboration in dynamic LMAS stations based on accurate online formation and motion planning of mobile robots, novel human-machine interfaces and networking technologies, as well as trustworthy AI-based decisions.}, keywords = {Lineless mobile assembly systems (LMAS); Formation planning; Online motion planning; In-network computing; Interpretable AI; Human-machine collaboration; Ontology-based knowledge management}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2023/2023-klugewilkes-iop-b2.iv.pdf}, publisher = {Springer}, series = {Interdisciplinary Excellence Accelerator Series}, booktitle = {Internet of Production: Fundamentals, Applications and Proceedings}, ISBN = {978-3-031-44496-8}, DOI = {10.1007/978-3-031-44497-5_13}, reviewed = {1}, author = {Kluge-Wilkes, Aline and Baier, Ralph and Gossen, Daniel and Kunze, Ike and M{\"u}ller, Aleksandra and Shahidi, Amir and Wolfschl{\"a}ger, Dominik and Brecher, Christian and Corves, Burkhard and H{\"u}sing, Mathias and Nitsch, Verena and Schmitt, Robert H. and Wehrle, Klaus} } @Inproceedings { 2022-kunze-coin-transport, title = {Evolving the End-to-End Transport Layer in Times of Emerging Computing In The Network (COIN)}, year = {2022}, month = {11}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-kunze-coin-transport.pdf}, booktitle = {Proceedings of the 1st Workshop on New IP and Beyond, co-located with the 30th IEEE International Conference on Network Protocols}, event_place = {Lexington, Kentucky, USA}, event_name = {1st Workshop on New IP and Beyond, co-located with the 30th IEEE International Conference on Network Protocols}, event_date = {30 October, 2022}, DOI = {10.1109/ICNP55882.2022.9940379}, reviewed = {1}, author = {Kunze, Ike and Trossen, Dirk and Wehrle, Klaus} } @Inproceedings { 2022-sander-h3-prio-hol, title = {Analyzing the Influence of Resource Prioritization on HTTP/3 HOL Blocking and Performance}, year = {2022}, month = {6}, day = {27}, tags = {legato}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-sander-h3-prio-hol.pdf}, web_url2 = {https://tma.ifip.org/2022/wp-content/uploads/sites/11/2022/06/tma2022-paper28.pdf}, publisher = {IFIP}, booktitle = {Proceedings of the Network Traffic Measurement and Analysis Conference (TMA '22)}, event_place = {Enschede}, event_name = {Network Traffic Measurement and Analysis Conference}, event_date = {27.06.22-30.06.22}, ISBN = {978-3-903176-47-8}, reviewed = {1}, author = {Sander, Constantin and Kunze, Ike and Wehrle, Klaus} } @Article { 2022_brauner_iop, title = {A Computer Science Perspective on Digital Transformation in Production}, journal = {ACM Transactions on Internet of Things}, year = {2022}, month = {5}, day = {1}, volume = {3}, number = {2}, abstract = {The Industrial Internet-of-Things (IIoT) promises significant improvements for the manufacturing industry by facilitating the integration of manufacturing systems by Digital Twins. However, ecological and economic demands also require a cross-domain linkage of multiple scientific perspectives from material sciences, engineering, operations, business, and ergonomics, as optimization opportunities can be derived from any of these perspectives. To extend the IIoT to a true Internet of Production, two concepts are required: first, a complex, interrelated network of Digital Shadows which combine domain-specific models with data-driven AI methods; and second, the integration of a large number of research labs, engineering, and production sites as a World Wide Lab which offers controlled exchange of selected, innovation-relevant data even across company boundaries. In this article, we define the underlying Computer Science challenges implied by these novel concepts in four layers: Smart human interfaces provide access to information that has been generated by model-integrated AI. Given the large variety of manufacturing data, new data modeling techniques should enable efficient management of Digital Shadows, which is supported by an interconnected infrastructure. Based on a detailed analysis of these challenges, we derive a systematized research roadmap to make the vision of the Internet of Production a reality.}, keywords = {Internet of Production; World Wide Lab; Digital Shadows; Industrial Internet of Things}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-brauner-digital-transformation.pdf}, publisher = {ACM}, ISSN = {2691-1914}, DOI = {10.1145/3502265}, reviewed = {1}, author = {Brauner, Philipp and Dalibor, Manuela and Jarke, Matthias and Kunze, Ike and Koren, Istv{\'a}n and Lakemeyer, Gerhard and Liebenberg, Martin and Michael, Judith and Pennekamp, Jan and Quix, Christoph and Rumpe, Bernhard and van der Aalst, Wil and Wehrle, Klaus and Wortmann, Andreas and Ziefle, Martina} } @Techreport { draft-irtf-coinrg-use-cases-02, title = {Use Cases for In-Network Computing}, year = {2022}, month = {3}, number = {draft-irtf-coinrg-use-cases-02}, note = {expires: 8 September 2022 (work in progress)}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/draft-irtf-coinrg-use-cases-02.pdf}, web_url = {https://datatracker.ietf.org/doc/draft-irtf-coinrg-use-cases/}, misc2 = {Online}, publisher = {IETF Trust}, series = {Internet Drafts}, organization = {Internet Engineering Task Force}, institution = {Internet Engineering Task Force}, author = {Kunze, Ike and Wehrle, Klaus and Trossen, Dirk and Montpetit, Marie-Jos{\'e} and de Foy, Xavier and Griffin, David and Rio, Miguel} } @Inproceedings { 2021_pennekamp_laser, title = {Collaboration is not Evil: A Systematic Look at Security Research for Industrial Use}, year = {2021}, month = {12}, day = {21}, abstract = {Following the recent Internet of Things-induced trends on digitization in general, industrial applications will further evolve as well. With a focus on the domains of manufacturing and production, the Internet of Production pursues the vision of a digitized, globally interconnected, yet secure environment by establishing a distributed knowledge base. Background. As part of our collaborative research of advancing the scope of industrial applications through cybersecurity and privacy, we identified a set of common challenges and pitfalls that surface in such applied interdisciplinary collaborations. Aim. Our goal with this paper is to support researchers in the emerging field of cybersecurity in industrial settings by formalizing our experiences as reference for other research efforts, in industry and academia alike. Method. Based on our experience, we derived a process cycle of performing such interdisciplinary research, from the initial idea to the eventual dissemination and paper writing. This presented methodology strives to successfully bootstrap further research and to encourage further work in this emerging area. Results. Apart from our newly proposed process cycle, we report on our experiences and conduct a case study applying this methodology, raising awareness for challenges in cybersecurity research for industrial applications. We further detail the interplay between our process cycle and the data lifecycle in applied research data management. Finally, we augment our discussion with an industrial as well as an academic view on this research area and highlight that both areas still have to overcome significant challenges to sustainably and securely advance industrial applications. Conclusions. With our proposed process cycle for interdisciplinary research in the intersection of cybersecurity and industrial application, we provide a foundation for further research. We look forward to promising research initiatives, projects, and directions that emerge based on our methodological work.}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-pennekamp-laser-collaboration.pdf}, publisher = {ACSA}, booktitle = {Proceedings of the Workshop on Learning from Authoritative Security Experiment Results (LASER '20), co-located with the 36th Annual Computer Security Applications Conference (ACSAC '20), December 7-11, 2020, Austin, TX, USA}, event_place = {Austin, TX, USA}, event_name = {Learning from Authoritative Security Experiment Results (LASER '20)}, event_date = {December 8, 2020}, ISBN = {978-1-891562-81-5}, DOI = {10.14722/laser-acsac.2020.23088}, reviewed = {1}, author = {Pennekamp, Jan and Buchholz, Erik and Dahlmanns, Markus and Kunze, Ike and Braun, Stefan and Wagner, Eric and Brockmann, Matthias and Wehrle, Klaus and Henze, Martin} } @Inproceedings { 2021-krude-nfp-pred, title = {Determination of Throughput Guarantees for Processor-based SmartNICs}, year = {2021}, month = {12}, day = {7}, tags = {maki}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-krude-nfp-pred.pdf}, publisher = {ACM}, booktitle = {The 17th International Conference on emerging Networking EXperiments and Technologies (CoNEXT '21)}, ISBN = {978-1-4503-9098-9/21/12}, DOI = {10.1145/3485983.3494842}, reviewed = {1}, author = {Krude, Johannes and R{\"u}th, Jan and Schemmel, Daniel and Rath, Felix and Folbort, Iohannes-Heorh and Wehrle, Klaus} } @Inproceedings { 2021-kunze-spin-tracker, title = {Tracking the QUIC Spin Bit on Tofino}, year = {2021}, month = {12}, day = {7}, pages = {15–21}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-kunze-spin-tracker.pdf}, publisher = {ACM}, booktitle = {Proceedings of the 2021 Workshop on Evolution, Performance and Interoperability of QUIC (EPIQ '21)}, ISBN = {9781450391351}, DOI = {10.1145/3488660.3493804}, reviewed = {1}, author = {Kunze, Ike and Sander, Constantin and Wehrle, Klaus and R{\"u}th, Jan} } @Inproceedings { 2021-sander-shardingrevisited, title = {Sharding and HTTP/2 Connection Reuse Revisited: Why Are There Still Redundant Connections?}, year = {2021}, month = {11}, day = {2}, tags = {legato}, url = {/fileadmin/papers/2021/2021-sander-sharding-revisited.pdf}, web_url = {https://arxiv.org/abs/2110.14239}, publisher = {ACM}, booktitle = {Proceedings of the Internet Measurement Conference (IMC '21)}, event_name = {Internet Measurement Conference 2021}, event_date = {02.11.21 - 04.11.21}, ISBN = {978-1-4503-9129-0/21/11}, DOI = {10.1145/3487552.3487832}, reviewed = {1}, author = {Sander, Constantin and Bl{\"o}cher, Leo and Wehrle, Klaus and R{\"u}th, Jan} } @Techreport { draft-kunze-coinrg-transport-issues-05, title = {Transport Protocol Issues of In-Network Computing Systems}, year = {2021}, month = {10}, number = {draft-kunze-coinrg-transport-issues-05}, note = {Expires: 28 April 2022 (work in progress)}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/draft-kunze-coinrg-transport-issues-05.pdf}, web_url = {https://datatracker.ietf.org/doc/draft-kunze-coinrg-transport-issues/}, publisher = {IETF Trust}, series = {Internet Drafts}, organization = {Internet Engineering Task Force}, institution = {Internet Engineering Task Force}, author = {Kunze, Ike and Wehrle, Klaus and Trossen, Dirk} } @Inproceedings { 2021-kunze-efm-evaluation, title = {L, Q, R, and T - Which Spin Bit Cousin Is Here to Stay?}, year = {2021}, month = {7}, pages = {22 - 28}, url = {/fileadmin/papers/2021/2021-kunze-efm-evaluation.pdf}, publisher = {ACM}, booktitle = {ANRW '21: Proceedings of the Applied Networking Research Workshop}, event_place = {Virtual Event}, event_name = {Applied Networking Research Workshop (ANRW '21)}, event_date = {July 2021}, DOI = {10.1145/3472305.3472319}, reviewed = {1}, author = {Kunze, Ike and Wehrle, Klaus and R{\"u}th, Jan} } @Inproceedings { 2021-kunze-signal-detection, title = {Detecting Out-Of-Control Sensor Signals in Sheet Metal Forming using In-Network Computing}, year = {2021}, month = {6}, day = {10}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-kunze-signal-detection.pdf}, publisher = {IEEE}, booktitle = {Proceedings of the 2021 IEEE 30th International Symposium on Industrial Electronics (ISIE)}, ISBN = {978-1-7281-9023-5}, ISSN = {2163-5145}, DOI = {10.1109/ISIE45552.2021.9576221}, reviewed = {1}, author = {Kunze, Ike and Niemietz, Philipp and Tirpitz, Liam and Glebke, Ren{\'e} and Trauth, Daniel and Bergs, Thomas and Wehrle, Klaus} } @Inproceedings { 2021-glebke-service-based-forwarding, title = {Service-based Forwarding via Programmable Dataplanes}, year = {2021}, month = {6}, day = {10}, tags = {reflexes}, url = {/fileadmin/papers/2021/2021-glebke-service-based-forwarding.pdf}, publisher = {IEEE}, booktitle = {Proceedings of the 2021 IEEE International Conference on High Performance Switching and Routing: Workshop on Semantic Addressing and Routing for Future Networks (SARNET-21)}, ISBN = {978-1-6654-4005-9}, ISSN = {2325-5609}, DOI = {10.1109/HPSR52026.2021.9481814}, reviewed = {1}, author = {Glebke, Ren{\'e} and Trossen, Dirk and Kunze, Ike and Lou, David and R{\"u}th, Jan and Stoffers, Mirko and Wehrle, Klaus} } @Inproceedings { 2021-kunze-coordinate-transformation, title = {Investigating the Applicability of In-Network Computing to Industrial Scenarios}, year = {2021}, month = {5}, day = {11}, pages = {334-340}, keywords = {in-network computing; latency; approximation}, tags = {internet-of-production,reflexes}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-kunze-coordinate-transformation.pdf}, publisher = {IEEE}, booktitle = {Proceedings of the 4th IEEE International Conference on Industrial Cyber-Physical Systems (ICPS '21)}, ISBN = {978-1-7281-6207-2}, DOI = {10.1109/ICPS49255.2021.9468247}, reviewed = {1}, author = {Kunze, Ike and Glebke, Ren{\'e} and Scheiper, Jan and Bodenbenner, Matthias and Schmitt, Robert H. and Wehrle, Klaus} } @Article { 2021_buckhorst_lmas, title = {Holarchy for Line-less Mobile Assembly Systems Operation in the Context of the Internet of Production}, journal = {Procedia CIRP}, year = {2021}, month = {5}, day = {3}, volume = {99}, pages = {448-453}, abstract = {Assembly systems must provide maximum flexibility qualified by organization and technology to offer cost-compliant performance features to differentiate themselves from competitors in buyers' markets. By mobilization of multipurpose resources and dynamic planning, Line-less Mobile Assembly Systems (LMASs) offer organizational reconfigurability. By proposing a holarchy to combine LMASs with the concept of an Internet of Production (IoP), we enable LMASs to source valuable information from cross-level production networks, physical resources, software nodes, and data stores that are interconnected in an IoP. The presented holarchy provides a concept of how to address future challenges, meet the requirements of shorter lead times, and unique lifecycle support. The paper suggests an application of decision making, distributed sensor services, recommender-based data reduction, and in-network computing while considering safety and human usability alike.}, note = {Proceedings of the 14th CIRP Conference on Intelligent Computation in Manufacturing Engineering (ICME '20), July 14-17, 2020, Gulf of Naples, Italy}, keywords = {Internet of Production; Line-less Mobile Assembly System; Industrial Assembly; Smart Factory}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-buckhorst-holarchy.pdf}, publisher = {Elsevier}, event_place = {Gulf of Naples, Italy}, event_date = {July 14-17, 2020}, ISSN = {2212-8271}, DOI = {10.1016/j.procir.2021.03.064}, reviewed = {1}, author = {Buckhorst, Armin F. and Montavon, Benjamin and Wolfschl{\"a}ger, Dominik and Buchsbaum, Melanie and Shahidi, Amir and Petruck, Henning and Kunze, Ike and Pennekamp, Jan and Brecher, Christian and H{\"u}sing, Mathias and Corves, Burkhard and Nitsch, Verena and Wehrle, Klaus and Schmitt, Robert H.} } @Inproceedings { 2021-kunze-aqm-tofino-p4, title = {Tofino + P4: A Strong Compound for AQM on High-Speed Networks?}, year = {2021}, month = {5}, pages = {72-80}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-kunze-aqm-tofino-p4.pdf}, publisher = {IFIP/IEEE}, booktitle = {Proceedings of the International Symposium on Integrated Network Management (IM '21)}, event_place = {Virtual Event}, event_name = {International Symposium on Integrated Network Management (IM '21)}, event_date = {May 2021}, ISBN = {978-1-7281-9041-9}, reviewed = {1}, author = {Kunze, Ike and Gunz, Moritz and Saam, David and Wehrle, Klaus and R{\"u}th, Jan} } @Inproceedings { 2021-sander-zoom-cc, title = {Video Conferencing and Flow-Rate Fairness: A First Look at Zoom and the Impact of Flow-Queuing AQM}, year = {2021}, month = {3}, tags = {internet-of-production}, url = {/fileadmin/papers/2021/2021-sander-zoom-fairness-aqm.pdf}, web_url = {https://arxiv.org/abs/2107.00904}, publisher = {Springer}, booktitle = {Proceedings of the Passive and Active Measurement Conference (PAM '21)}, event_name = {Passive and Active Measurement Conference (PAM 2021)}, DOI = {10.1007/978-3-030-72582-2_1}, reviewed = {1}, author = {Sander, Constantin and Kunze, Ike and Wehrle, Klaus and R{\"u}th, Jan} } @Article { 2020_niemietz_stamping, title = {Stamping Process Modelling in an Internet of Production}, journal = {Procedia Manufacturing}, year = {2020}, month = {7}, day = {11}, volume = {49}, pages = {61-68}, abstract = {Sharing data between companies throughout the supply chain is expected to be beneficial for product quality as well as for the economical savings in the manufacturing industry. To utilize the available data in the vision of an Internet of Production (IoP) a precise condition monitoring of manufacturing and production processes that facilitates the quantification of influences throughout the supply chain is inevitable. In this paper, we consider stamping processes in the context of an Internet of Production and the preliminaries for analytical models that utilize the ever-increasing available data. Three research objectives to cope with the amount of data and for a methodology to monitor, analyze and evaluate the influence of available data onto stamping processes have been identified: (i) State detection based on cyclic sensor signals, (ii) mapping of in- and output parameter variations onto process states, and (iii) models for edge and in-network computing approaches. After discussing state-of-the-art approaches to monitor stamping processes and the introduction of the fineblanking process as an exemplary stamping process, a research roadmap for an IoP enabling modeling framework is presented.}, note = {Proceedings of the 8th International Conference on Through-Life Engineering Service (TESConf '19), October 27-29, 2019, Cleveland, OH, USA}, keywords = {Stamping Process; Industry 4.0; Fine-blanking; Internet of production; Condition monitoring; Data analytics}, tags = {internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-niemietz-stamping-modelling.pdf}, publisher = {Elsevier}, event_place = {Cleveland, OH, USA}, event_date = {October 27-29, 2019}, ISSN = {2351-9789}, DOI = {10.1016/j.promfg.2020.06.012}, reviewed = {1}, author = {Niemietz, Philipp and Pennekamp, Jan and Kunze, Ike and Trauth, Daniel and Wehrle, Klaus and Bergs, Thomas} } @Inproceedings { 2020-mann-ur-weldseamstudy, title = {Study on weld seam geometry control for connected gas metal arc welding systems}, year = {2020}, month = {6}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2020/2020-mann-weld-seam-geometry-control.pdf}, booktitle = {Proceedings of the 2020 Internal Conference on Ubiquitous Robots}, event_name = {Internal Conference on Ubiquitous Robots}, event_date = {June 22-26, 2020}, DOI = {10.1109/UR49135.2020.9144839}, reviewed = {1}, author = {Mann, Samuel and Glebke, Ren{\'e} and Kunze, Ike and Scheurenberg, Dominik and Sharma, Rahul and Reisgen, Uwe and Wehrle, Klaus and Abel, Dirk} } @Article { 2019-kunze-ccwild-tnsm, title = {Congestion Control in the Wild - Investigating Content Provider Fairness}, journal = {IEEE Transactions on Network and Service Management}, year = {2019}, month = {12}, day = {27}, volume = {17}, number = {2}, pages = {1224 - 1238}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-kunze-ccwild-tnsm.pdf}, ISSN = {1932-4537}, DOI = {10.1109/TNSM.2019.2962607}, reviewed = {1}, author = {Kunze, Ike and R{\"u}th, Jan and Hohlfeld, Oliver} } @Inproceedings { 2019-krude-online-reprogramming, title = {Online Reprogrammable Multi Tenant Switches}, year = {2019}, month = {12}, day = {9}, tags = {maki}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-krude-online-reprogramming.pdf}, publisher = {ACM}, booktitle = {1st ACM CoNEXT Workshop on Emerging in-Network Computing Paradigms (ENCP '19)}, ISBN = {978-1-4503-7000-4/19/12}, DOI = {10.1145/3359993.3366643}, reviewed = {1}, author = {Krude, Johannes and Hofmann, Jaco and Eichholz, Matthias and Wehrle, Klaus and Koch, Andreas and Mezini, Mira} } @Inproceedings { 2019-glebke-in-network-cv, title = {Towards Executing Computer Vision Functionality on Programmable Network Devices}, year = {2019}, month = {12}, day = {9}, tags = {reflexes,maki,internet-of-production}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-glebke-in-network-cv.pdf}, misc2 = {Online}, publisher = {ACM}, booktitle = {1st ACM CoNEXT Workshop on Emerging in-Network Computing Paradigms (ENCP '19)}, language = {en}, ISBN = {978-1-4503-7000-4/19/12}, DOI = {10.1145/3359993.3366646}, reviewed = {1}, author = {Glebke, Ren{\'e} and Krude, Johannes and Kunze, Ike and R{\"u}th, Jan and Senger, Felix and Wehrle, Klaus} } @Inproceedings { 2019-krude-chain-opt, title = {Optimizing Data Plane Programs for the Network}, year = {2019}, month = {8}, day = {23}, abstract = {With the move of Software-defined networking from fixed to programmable data planes, network functions are written with P4 or eBPF for targets such as programmable switches, CPU based flow processors and commodity CPUs. These data plane programs are, however, limited in per-packet time budget (e.g., 67.2 ns at 10GbE) and program size, making program optimization imperative. Existing approaches focus on optimizing the distribution of flow rules in fixed data planes or they are limited to a single switch. We see great potential in integrating the network topology into program optimization.}, tags = {maki}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-krude-chain-opt.pdf}, publisher = {ACM}, booktitle = {NetPL '19: ACM SIGCOMM Workshop on Networking and Programming Languages}, event_place = {Beijing, China}, ISBN = {978-1-4503-6877-3/19/08}, DOI = {10.1145/3341561.3349590}, reviewed = {1}, author = {Krude, Johannes and Eichholz, Matthias and Winck, Maximilian and Wehrle, Klaus and Mezini, Mira} } @Inproceedings { 2019-sander-depcci, title = {DeePCCI: Deep Learning-based Passive Congestion Control Identification}, year = {2019}, month = {8}, day = {18}, tags = {maki}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-sander-deepcci.pdf}, web_url2 = {https://arxiv.org/abs/1907.02323}, publisher = {ACM}, booktitle = {In Proceedings of the ACM SIGCOMM Workshop on Network Meets AI \& ML (NetAI '19)}, event_place = {Beijing, China}, event_name = {Workshop on Network Meets AI \& ML}, event_date = {18.08.2019}, DOI = {10.1145/3341216.3342211}, reviewed = {1}, author = {Sander, Constantin and R{\"u}th, Jan and Hohlfeld, Oliver and Wehrle, Klaus} } @Inproceedings { 2019-hohlfeld-bpfperf, title = {Demystifying the Performance of XDP BPF}, year = {2019}, month = {6}, day = {25}, tags = {maki,reflexes}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-hohlfeld-bpfperf.pdf}, publisher = {IEEE}, booktitle = {IEEE International Conference on Network Softwarization (NetSoft)}, event_name = {IEEE International Conference on Network Softwarization}, DOI = {10.1109/NETSOFT.2019.8806651}, reviewed = {1}, author = {Hohlfeld, Oliver and Krude, Johannes and Reelfs, Jens Helge and R{\"u}th, Jan and Wehrle, Klaus} } @Inproceedings { 2019-rueth-ccfness, title = {An Empirical View on Content Provider Fairness}, year = {2019}, month = {6}, day = {19}, tags = {maki}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-rueth-ccfness.pdf}, web_url2 = {https://arxiv.org/abs/1905.07152}, publisher = {IFIP/IEEE}, booktitle = {In Proceedings of the Network Traffic Measurement and Analysis Conference (TMA '19)}, event_place = {Paris, France}, event_name = {Network Traffic Measurement and Analysis Conference}, event_date = {19.06.2019 - 21.06.2019}, DOI = {10.23919/TMA.2019.8784684}, reviewed = {1}, author = {R{\"u}th, Jan and Kunze, Ike and Hohlfeld, Oliver} } @Article { rueth:iw:TNSM19, title = {TCP’s Initial Window – Deployment in the Wild and its Impact on Performance}, journal = {IEEE Transactions on Network and Service Management}, year = {2019}, month = {1}, day = {30}, volume = {16}, number = {2}, pages = {389--402}, tags = {maki}, url = {http://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-rueth-iwtnsm.pdf}, ISSN = {1932-4537}, DOI = {10.1109/TNSM.2019.2896335}, reviewed = {1}, author = {R{\"u}th, Jan and Kunze, Ike and Hohlfeld, Oliver} } @Inproceedings { 2018-krude-circuit, title = {Circuit Switched VM Networks for Zero-Copy IO}, year = {2018}, month = {8}, day = {20}, pages = {1-7}, tags = {maki}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-krude-xocks.pdf}, publisher = {ACM}, booktitle = {Proceedings of the 2018 Afternoon Workshop on Kernel Bypassing Networks (KBNets'18)}, event_place = {Budapest, Hungary}, event_name = {Afternoon Workshop on Kernel Bypassing Networks}, event_date = {20.8.2018}, DOI = {10.1145/3229538.3229539}, reviewed = {1}, author = {Krude, Johannes and Stoffers, Mirko and Wehrle, Klaus} } @Inproceedings { 2017-teubert-secuware-hugin, title = {Hugin: A Scalable Hybrid Android Malware Detection System}, year = {2017}, month = {9}, pages = {168-176}, abstract = {Mobile operating systems are a prime target of today’s malware authors and cyber criminals. In particular, Google’s Android suffers from an ever increasing number of malware attacks in the form of malicious apps. These typically originate from poorly policed third-party app stores that fail to vet the apps prior to publication. In this paper, we present Hugin, a machine learning-based app vetting system that uses features derived from dynamic, as well as static analysis and thus falls into the scarcely studied class of hybrid approaches. Hugin is unique with respect to using IPC/RPC monitoring as source for dynamically extracted features. Furthermore, Hugin uses a short (and yet effective) feature vector that leads to a high efficiency in training as well as classification. Our evaluation shows that Hugin achieves a detection accuracy of up to 99.74\% on an up-to- date data set consisting of more than 14,000 malware samples and thus, is easily capable of competing with other current systems.}, keywords = {mobile malware detection; app vetting; machine learning}, url = {http://www.thinkmind.org/download.php?articleid=securware_2017_10_20_30067}, publisher = {IARIA}, booktitle = {SECUWARE 2017}, event_name = {The Eleventh International Conference on Emerging Security Information, Systems and Technologies Hugin: A Scalable Hybrid Android Malware Detection Syste}, event_date = {September 2017}, ISBN = {978-1-61208-582-1}, extern = {1}, reviewed = {1}, author = {Teubert, Dominik and Krude, Johannes and Sch{\"u}ppen, Samuel and Meyer, Ulrike} } @Proceedings { 2017-SymPerfPoster, title = {SymPerf: Predicting Network Function Performance}, year = {2017}, month = {8}, day = {21}, tags = {spp,erc,symbiosys,reflexes}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-rath-sym-perf-poster.pdf}, publisher = {ACM}, event_place = {Los Angeles, USA}, event_name = {ACM SIGCOMM 2017 Poster}, event_date = {21.8.2017 - 25.8.2017}, language = {en}, ISBN = {978-1-4503-5057-0/17/08}, DOI = {10.1145/3123878.3131977}, reviewed = {1}, author = {Rath, Felix and Krude, Johannes and R{\"u}th, Jan and Schemmel, Daniel and Hohlfeld, Oliver and Bitsch Link, J{\'o} Agila and Wehrle, Klaus} } @Article { 2017-ziegeldorf-bmcmedgenomics-bloom, title = {BLOOM: BLoom filter based Oblivious Outsourced Matchings}, journal = {BMC Medical Genomics}, year = {2017}, month = {7}, day = {26}, volume = {10}, number = {Suppl 2}, pages = {29-42}, abstract = {Whole genome sequencing has become fast, accurate, and cheap, paving the way towards the large-scale collection and processing of human genome data. Unfortunately, this dawning genome era does not only promise tremendous advances in biomedical research but also causes unprecedented privacy risks for the many. Handling storage and processing of large genome datasets through cloud services greatly aggravates these concerns. Current research efforts thus investigate the use of strong cryptographic methods and protocols to implement privacy-preserving genomic computations. We propose FHE-Bloom and PHE-Bloom, two efficient approaches for genetic disease testing using homomorphically encrypted Bloom filters. Both approaches allow the data owner to securely outsource storage and computation to an untrusted cloud. FHE-Bloom is fully secure in the semi-honest model while PHE-Bloom slightly relaxes security guarantees in a trade-off for highly improved performance. We implement and evaluate both approaches on a large dataset of up to 50 patient genomes each with up to 1000000 variations (single nucleotide polymorphisms). For both implementations, overheads scale linearly in the number of patients and variations, while PHE-Bloom is faster by at least three orders of magnitude. For example, testing disease susceptibility of 50 patients with 100000 variations requires only a total of 308.31 s (\(\sigma\)=8.73 s) with our first approach and a mere 0.07 s (\(\sigma\)=0.00 s) with the second. We additionally discuss security guarantees of both approaches and their limitations as well as possible extensions towards more complex query types, e.g., fuzzy or range queries. Both approaches handle practical problem sizes efficiently and are easily parallelized to scale with the elastic resources available in the cloud. The fully homomorphic scheme, FHE-Bloom, realizes a comprehensive outsourcing to the cloud, while the partially homomorphic scheme, PHE-Bloom, trades a slight relaxation of security guarantees against performance improvements by at least three orders of magnitude.}, note = {Proceedings of the 5th iDASH Privacy and Security Workshop 2016}, keywords = {Secure outsourcing; Homomorphic encryption; Bloom filters}, tags = {sscilops; mynedata; rfc}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-ziegeldorf-bmcmedgenomics-bloom.pdf}, misc2 = {Online}, publisher = {BioMed Central}, event_place = {Chicago, IL, USA}, event_date = {November 11, 2016}, language = {en}, ISSN = {1755-8794}, DOI = {10.1186/s12920-017-0277-y}, reviewed = {1}, author = {Ziegeldorf, Jan Henrik and Pennekamp, Jan and Hellmanns, David and Schwinger, Felix and Kunze, Ike and Henze, Martin and Hiller, Jens and Matzutt, Roman and Wehrle, Klaus} } @Inproceedings { 2013-krude-ccsw-sandbox, title = {A Versatile Code Execution Isolation Framework with Security First}, year = {2013}, month = {11}, pages = {1-10}, abstract = {In PaaS architectures, code execution needs to be isolated to protect tenants from unauthorized access to their data by other tenants and to protect the host system from any type of intrusion by other tenants. In this paper we propose a simple and lightweight framework that provides such code execution isolation units. All design decisions taken for our framework follow well-established design principles for protection mechanisms, such that in our design we put security first. Our framework uses the process barrier and the seccomp filter mechanism to restrict access to memory and to the system call interface. For access to additional resources a request delegation scheme is used. We evaluate our implementation on a small PaaS example architecture. For plain computations, the applied techniques do not introduce any overhead. In general, setup time for isolation units is negligible and the framework achieves acceptable throughput for broad network access. Our work brings tight and versatile isolation units to current unmodified Linux operating systems.}, publisher = {ACM}, booktitle = {Proceedings of the 2013 ACM workshop on Cloud computing security workshop (CCSW '13)}, ISBN = {978-1-4503-2490-8}, DOI = {10.1145/2517488.2517499}, extern = {1}, reviewed = {1}, author = {Krude, Johannes and Meyer, Ulrike} }