George Kesidis - US grants

This proposed research project aims to explore several unanswered questions in the area of differentiated services for next generation Internet. In particular, the issue of routing SLAs in the presence of multiple alternative physical paths is a topic that has been seldom researched
upon. It is an important issue since the objective is to maximize the probability of success for an SLA without opting for over-provisioning. Also, in the presence of multiple physical paths, which is typical in large networks, there is a need to choose the optimal path based on appropriate criteria. The proposed research directly addresses this critical issue. Currently, there are no standard schemes for hierarchical QoS routing. One of the most crucial problems in hierarchical QoS routing is to make intelligent decisions in the presence of out-of-date or stale network stateinformation. The proposed research will address this issue by making use of local statistics collected at each router and obtaining a time history of the network state information. Furthermore, every domain will have a finite traffic handling capacity. This capacity is bound above by the domain topology and the maximum link bandwidth. For computing feasible paths, current QoS routing schemes take only the individual link bandwidth into account as a constraint but not the domain capacity as a whole. The research will address this shortcoming by incorporating the domain capacity as a constraint in the path computation algorithms. Additionally, this research project will also study the problem of splitting aggregated flows in a transit domain with the goal of maximizing the domain resource utilization. The motivation comes from the fact that splitting of aggregated flows will lead to better utilization of the network bandwidth.

Networks and computer systems are becoming increasingly attractive targets to large-scale programmed
attacks such as worms and Distributed Denial of Service attacks (DDoS), which can compromise a vast
number of vulnerable targets in a few minutes. Critical end-user applications vulnerable to such attacks
include e-commerce, e-medicine, command-and-control applications, video surveillance and tracking, and
many other applications. While there is a growing body of research techniques, prototypes, and commercial
products that purport to protect these applications and the network infrastructure on which they rely, there
is little existing scientific methodology by which to objectively evaluate the merits of such claims. Moreover,
thorough testing of a defense system for worms or for attacks on the infrastructure cannot be evaluated
safely on a live network without affecting its operation.

To make rapid advancements in defending against these and future attacks, the state of the art in the
evaluation of network security mechanisms must be improved. This will require the emergence of large-scale
security testbeds coupled with new standards for testing and benchmarking that can make these testbeds
truly useful. Current shortcomings and impediments to evaluating network security mechanisms include lack
of scientific rigor;lack of relevant and representative network data;inadequate models of defense mechanisms;
and inadequate models of both the network and the transmitted data (benign and attack traffic). The latter
is challenging because of the complexity of interactions among traffic, topology and protocols.

The researchers propose to develop thorough, realistic,and scientifically rigorous testing frameworks and methodologies for particular classes of network attacks and defense mechanisms. These testing frameworks will be adapted for different kinds of testbeds, including simulators such as NS, emulation facilities such as Emulab, and both small and large hardware testbeds. They will include attack scenarios; attack simulators;
generators for topology and background traffic; data sets derived from live traffic; and tools to monitor and
summarize test results. These frameworks will allow researchers to experiment with a variety of parameters representing the network environment, attack behaviors, and the configuration of the mechanisms under test.

In addition to developing testing frameworks, the researchers propose to validate them by conducting tests on representative network defense mechanisms. Defense mechanisms of interest include network-based Intrusion Detection Systems (IDS); automated attack traceback mechanisms;t raffic rate-limiting to control DDoS attacks; and mechanisms to detect large-scale worm attacks. Conducting these tests will require incorporating real defense mechanisms into a testbed, and applying and evaluating frameworks and methodologies. Conducting these tests will also help us to ensure that the testbed framework allows other researchers to easily integrate and test network defense echanisms of their own.

The research team includes experts in security, networking, data analysis, software engineering, and operating systems who are committed to developing these challenging integrated testing frameworks.

Intellectual Merit: The development of testing methodologies for network defense mechanisms requires
significant advances in our understanding of network attacks and the interactions between attacks and their
environment including:deployed defense technology, traffic, topology, protocols, and applications. It will
also require advances in our understanding of metrics for evaluating defenses.

Education: The research into testing methodologies for network defense mechanisms will involve
graduate students and provide new curriculum material for universities.

Broader Impact: By providing new testing frameworks, the work will accelerate improvements in
network defense mechanisms and facilitate their evaluation and deployment. The researchers will hold yearly workshops to disseminate results and obtain community feedback.

Abstract

Proposal ID: 0312558
Institution: Pennsylvania State University
Principal Investigator: Octavia Camps

This project focuses on problems of distributed active vision - a confluence of computer vision, ad-hoc networking and control. The objectives are to develop a paradigm for systematically designing provably robust distributed active vision systems and to characterized the performance of the resulting systems. Progress in this area offers significant benefits to a variety of application areas, such as intelligent activity monitoring systems and smart environments, aware of user activities. While prototype systems have been developed in several laboratories, these suffer from shortcomings that limit their application and testing outside of research environments. This project will build on some of that work to achieve robust systems built on sound system theoretic concepts, a common mathematical language and usable set of tools.

Traditional sensor networks have limitations when applied to support multiple missions or when the network conditions change. Mobile sensors can be used to address these problems as mobility can significantly increase the capability of the sensor network by making it resilient to failures, reactive to events, and be able to support disparate missions with a common set of sensors. To support mobility in sensor networks, this project investigates various research issues in mobility assisted sensing, network monitoring, mobility assisted routing, and integrated mobility management for sensing and routing. The expected results from this project are: (i) Significant theoretical and technical advances in supporting mobility in sensor networks; (ii) Understanding various performance and power tradeoffs in designing and implementing sensor relocation protocols; (iii) Development of network monitoring protocols, coverage hole estimation and failure effect estimation protocols; (iv) Theoretical advances on mobility assisted routing; and (v) Understanding of how sensing and routing interact and how to satisfy different mission requirements and maximize the network capability. The success of this project is likely to have a broader impact on making sensor networks more affordable and amenable to commercial, civilian, and military applications. The results of the project will be disseminated widely and in a timely manner through high quality publications, talks, and interactions with industrial teams. The project is also closely integrated with the education curricula at Penn State by developing new courses on sensor and ad hoc networks.

Proposal Number: 0524402
Title: Protecting TCP Congestion Control: Tools for Design, Analysis and Emulation
PI: George Kesidis

The increasing volume of non-conforming and malicious traffic flows poses a serious challenge to the stability of the Internet. Such traffic flows could significantly throttle the data rates sustainable by TCP flows, and could affect millions of users who rely on the Internet for their daily business. The following three types of misbehaving flows: unresponsive TCP sessions, low-rate TCP-targeted attacks, and randomly scanning TCP worms, can be easy to launch and are enormously damaging.

This research takes an ambitious step in systematically developing: (i) dynamic router-based quarantine schemes to penalize unresponsive TCP flows; (ii) defense strategies for low-rate TCP-targeted attacks; (iii) router-based designs to effectively control indiscriminate TCP worms; and (iv) tools and methodologies for the evaluation of the proposed schemes, specifically using the DETER/Emulab emulation platform. The research will enable in-depth characterization of the misbehaving flows and the design of effective solutions for minimizing the vulnerability of the Internet to such flows.

This work will have an enormous practical impact, will foster new research directions towards a trustworthy Internet, will accelerate security research by streamlining the experimental process, and will train security students in both theory and hands-on experimentation.

A global regulatory effort is underway to allow secondary spectrum trading by license holders and flexible access by end-users. Preliminary evidence in early incarnations of secondary spectrum markets indicates a sophisticated market structure and suggests that realizing full potential of deregulated spectrum entails overcoming fundamental technical and economic challenges.

This project has the following research objectives: (i) Development of pricing strategies that capture network-wide effects of interference and that render secondary spectrum markets profitable for license holders; (ii) Design of market rules that facilitate new entrants and improve end-user perception in economic and performance terms; (iii) Development of resource discovery and monitoring algorithms that allow market participants to efficiently and securely utilize network services. These objectives are pursued in an integrated analytical framework that includes techniques of dynamic stochastic optimization, game theory, incentive engineering and tractable teletraffic modeling of large wireless networks.

This project promotes healthy deregulation of the wireless communication sector and shows promise for societal impact in view of the attendant economic activity and effective utilization of an important national resource. The educational component involves curriculum innovation aimed at facilitating the interaction between regulatory and technical communities, extracurricular activities in amateur radio, and outreach to members of minority and under-represented groups.

National Science Foundation
NSF Cyber Trust Program

Proposal Number: 0831068
Principal Investigator: George Kesidis
Institution: Pennsylvania State University
Proposal Title: CT-ISG: Collaborative Research: Router Models and Downscaling Tools for Scalable Security Experiments

Project Summary


It is critical to protect the Internet from attacks such as denial of service, and attacks on inter-domain routing. Although several defenses have been proposed, actual deployments have been limited. A primary reason for this lack of deployment is that most defenses have not been validated under realistic conditions, or at sufficiently large scales. Many attacks also have second-order effects that are not well understood. This is because it is difficult to incorporate all the protocols involved at any reasonable scale in analytical, simulation, or emulation models or testbeds. This project includes two complementary efforts to address both the fidelity and scale challenges in security experiments by designing the following: (1) Router models: High-fidelity yet scalable models for routers and other devices will be designed that are based on simple device measurements under a few well-crafted scenarios. Both the queueing behavior in the data plane and resource consumption in the control plane will be considered. (2) Downscaling tools: Techniques will be developed to simplify experimental scenarios before studying them using simulation, emulation, or testbed experiments. Algorithms that can downscale an experimental scenario while still preserving the important queueing or routing characteristics of this scenario will be devised. Broader Impact: Development and public dissemination of general- purpose experimental tools, large-scale testing techniques, methodologies for the use of testing frameworks, and related graduate- level courseware will be undertaken. Significant outreach is planned to simulation and testbed teams, e.g., ns-3, C-BGP, and DETER (based on Emulab), and to industry, specifically Cisco, Intel, and AT&T. Students from under-represented minority groups in computer science and electrical engineering will be actively involved.

0915928 - NeTS: Small: Collaborative Research: Supporting unstructured peer-to-peer social networking

09/01/09-08/31/12

G. de Veciana, PI, U.T. Austin, and G. Kesidis, PI, Penn State

Award Abstract:

Peer-to-peer systems have seen continued growth, in terms of traffic volume, and as the architecture of choice to build new applications and network services ? notable benefits lie in their distributed design leading to higher reliability and flexibility. However as users/peers increasingly become content providers, and generally conduct more of their business on the network, privacy is a critical concern.

By leveraging peers? trust relationships through referral mechanisms based on underlying reputation systems, applications that deliver a new standard of privacy are being devised. Peer-to-peer systems that dynamically adapt, in a distributed and scalable manner, based on the outcomes of peer transactions, are being modeled and analyzed. The focus is on unstructured networks where peer-membership correlations among communities of interest can be learned to improve the search performance of reputation-biased random walks and limited-scope flooding. Content-sharing applications are being designed based that leverage this framework to incentivize cooperative behavior while enabling collaborative filtering and content pushing.

Expected results include the development analysis and testing of a new framework for privacy-preserving search for large-scale, unstructured, on-line, peer-to-peer networks. Complementary incentive mechanisms resulting in improve file sharing and promoting honest referrals will be devised. The results will be disseminated through peer-reviewed venues and, where possible, industry concerns, while data and simulation tools are made available on the web.

The efforts impact will lie in contributing new ways to improve privacy and promote more honest and efficient cooperation in large-scale on-line peer-to-peer systems, for content sharing, as well as a broader set of social networking applications.

Operators of large-scale enterprises and ISPs need to understand the type of traffic that their networks handle, and emergent applications and traffic behavior, in order to better service them and detect anomalies. Also, better assessment of the carried traffic will inform network planning and security. Particularly for private enterprise networks, monitoring methods can be used to detect inappropriate traffic classes indicating unprofessional (or at least unauthorized) activity. This work will adapt and innovate methods of unsupervised machine learning to classify traffic flows to ascertain the types of end-user applications which are active in an enterprise network.

The broader impact of the project will include explaining networking concepts to a wider audience of machine learning researchers, and vice versa so that the newly developed techniques will have wide dissemination to the networking community, as well as to other domains in science and engineering. Also, cross-disciplinary graduate-level courseware on applications of machine learning to network flow data and related concepts will be developed and disseminated. More practical developments will be achieved through collaboration with industrial partners. Finally, the project will aim to support graduate students from under-represented groups in computer science and engineering, particularly women.

The primary technical merit of the research to be conducted will pertain to the high-volume and considerably complex network data under consideration, including prevalent short flows, given limited computing and communication resources to do so.

This EAGER project will carry out three classes of experiments on GENI, all related to security and privacy and all involving low-level network facilities. Of particular interest is the issue of adoptability: will real users (system administrators) accept novel security solutions and under what circumstances? Three experiments are proposed to address these challenges.

The first experiment focuses on a monitoring system to detect infrastructure attacks: Currently, the protocol WATCHERS is known to be able to detect almost all attacks on routers, but its behavior under realistic network traffic is unknown. This experiment will ask questions like: What is the effect of monitoring on the infrastructure itself? How do the benefits of monitoring weighed against the cost of monitoring affect the adoption of the service by autonomous network entities?

The second experiment is focused on attack mitigation with modified infrastructure services. Specifically, they will investigate how incremental adoption of a DNS protocol modification might affect the global domain name service when both standard and modified protocols operate simultaneously. Key questions are: Does a new infrastructure attack mitigation scheme interfere with the vulnerable service in widespread use? How do the new and old services compete with one another during the adoption phase?

The third experiment focuses on distributed private online social networking. The PIs propose to explore deployment of secure and privacy-flexible p2p-client platforms for migrating from a centralized to a decentralized peer-to-peer social on-line network. The PIs are proposing to develop a social caching/name-resolution server, analogous to DNS for IP networks, to assist the p2p clients (or super peers) connected through GENI as they manage their privacy settings for their communities of interest. Key questions are: how can superpeers identify communities of interest and other social groups? Can they interface with centralized social networking frameworks, like facebook? Can they aid in the protection of privacy of their constituent clients?

As for the broader impacts, GENI will be used for experimentation in six security-related university classes. The PIs also participate in the UC Davis COSMOS (Computer Security, Privacy, and Cybervillainy) program, which provides high achieving high school students the opportunity to explore advanced topics in math and science in a university setting. Laboratory experimentation is 30% of the COSMOS program curricula for which GENI will serve as an ideal platform.

Over the past five years, the network neutrality debate involving for-profit ISPs and "content" providers, together with security-related issues, has figured most prominently in the Western media's coverage of the Internet and in government regulatory hearings in both North America and Europe. The two principal issues have to do with equitable treatment of applications (application neutrality) and side payments between independent content and service providers.

The four research thrusts of this grant are: the development of unbiased, parsimonious models of macro-economic and networking dynamics of all parties involved; analyzing these models with an aim to assess the relative benefit of different pricing regimes, provider alliances, and service-differentiation strategies; acquiring current, real-world data and practical lessons-learned to inform these models; and focusing in particular on comparing neutral to non-neutral frameworks.

In a preliminary example study, a passive model of end-user demand was used to define a game between multiple ISPs and multiple content providers. The users could engage in two types of applications: one delay sensitive, the other throughput sensitive. The fraction of users engaged with a particular provider depended on the provider?s current prices, subject to a customer inertia model when competitors? prices were close. A regulated side-payment between providers of different types was considered. A surprising finding at stable Nash equilibrium was that monopolistic providers (say a single ISP) receiving side payments actually had less income than the 'neutral' scenario without side-payments (side payments result in increased end-user prices by the payee which lowers end-user demand). Revenues from the application types which consumed the most bandwidth were naturally affected the most.

The primary intellectual merit of this research has to do with the challenge of formulating tractable though realistic mathematical models of the cross-disciplinary elements of the macroscopic interactions among different entities participating in the Internet economy. Identified near-optimal strategies are tracked in the presence of naturally time-varying system parameters. Though a model may be simple, it often yields unexpectedly complex behavior (e.g., multiple Nash equilibria with differing stability qualities). Important real-world data and practical lessons will be identified in this research through the study of sensitivity of derived results to the different model parameters in play.

One aspect of the broader impact of this research pertains to the enormous financial stakes involved in the network neutrality debate, and therefore the potential of this research to influence significantly Internet operations and architectural development even in the near term. Industry outreach is a significant part of this research, not only to keep abreast of current developments, but also to obtain first-hand relevant data that hopefully can be disseminated to the broader research community. Another aspect of the broader impact of this research is the development and dissemination of related "economics" teaching modules suitable for networking graduate courses, and the recruitment and training of students from under-represented minority groups in Computer Science and Electrical and Computer Engineering.

For nearly 40 years, the United States has faced a critical problem: increasing demand for energy has outstripped the ability of the systems and markets that supply power. Today, a variety of promising new technologies offer a solution to this problem. Clean, renewable power generation, such as solar and wind are increasingly available. Hybrid and plug-in electric vehicles offer greater energy efficiency in transportation. The power grid that manages the generation, transmission and distribution of electric power, however, was designed and constructed in the 1960?s and is ill-suited to handle these emerging energy technologies. Operating the electrical grid using power sources with random and uncertain availability, like solar and wind, requires new sensing and control methods. Widespread use of plug-in/hybrid electric vehicles (PHEV) will not only require far greater power capacity, but will also radically change the peak usage profile, with large evening demand that cannot be shifted. To address this problem, our current power grid must be upgraded with a control system that uses the full power of modern sensor and computing technology to increase efficiency. This new power grid, with an integrated, modern IT control plane is commonly referred to as the Smart Grid, which uses distributed control, customer integration and market based control mechanisms.

It is critical to build security features into this Smart Grid from the beginning to ensure fairness, to provide warnings of misuse, to provide control algorithms that minimize damage from malicious behavior, and most importantly, to provide robustness and high-availability of power delivery even in the presence of bad-faith actors. This project develops methods to achieve security in power and market delivery. This entails a study of economic market models with stability as one objective but also in consideration of new sources of power and usage, both on the producer and the consumer sides. To achieve security, the following techniques are used synergistically: vulnerability discovery by formal analysis; on-line monitoring, anomaly and specification-based intrusion detection; and recovery and reconstitution by feedback control. Unique to this project, it is emphasized that the security enhancements take place at both the market level and the system level, requiring separate state-estimation models. These seemingly disparate domains are unified through mapping functions among the states of the respective models. By integrating the two control models, future Smart Grids can detect and respond to activity, either malicious or caused by natural disturbances, that threaten either level; the unification of the models permits the investigation of attacks that possibly impact both levels. Results of this work would lead to a secure and reliable Smart Grid architecture that is robust in the face of attacks on both the power delivery and market control systems. The inherent cross-disciplinary nature of the research will educate future researchers to be conversant in both cyber-security and associated economic issues, through co-advising between the departments of Computer Science and Economics at both UC Davis and Pennsylvania State University and through course modules developed under this work, again involving both campuses. Results will be transitioned to partnership with PG&E, SMUD, the West Davis Village, and other utilities in California, Pennsylvania, and Connecticut.

The network neutrality debate has raised many issues of fair competition, revenue generation, 
and the role of emerging technology. In the current public-commodity, data-networking marketplace, different competing Internet Service Providers (ISPs) presently have the option to act neutrally with respect to content and application-services 
from remote 'content providers' (CPs). Also, competition and cooperation issues not directly
 related to neutrality need to be addressed, e.g., roaming charges for small entrant cellular-wireless ISPs. These issues have direct bearing on availability and prices that ordinary consumers face. To better understand these important issues, this project aims to investigate models of competition and cooperation that integrate economic, regulatory and networking factors, particularly those of the still growing cellular-wireless context with its complex channel quality dynamics.

One research thrust is to assess if there are any real economic advantages for an ISP when acting non-neutrally for different models of interaction between ISPs and CPs. To this end, this project will jointly consider different types of cellular wireless data-plans typically involving some type of quota, subscription frameworks and advertising revenues of CPs, side-payments between ISPs and remote CPs manifest through service-level agreements at gateways to the (last-mile) ISP, and the physical-layer controls (e.g., transmission power) enacted by the ISP to service the wireless traffic according to different priorities and quality-of-service requirements. It will also consider the problem of promotion of competition between like providers to reduce consumer costs, particularly how to regulate roaming charges to encourage entrant cellular-wireless access providers. In addition, the project aims to investigate how best to leverage available types of real-world operational data, both econometric and workload (packet-traffic), to inform the investigators' models.

Public cloud providers are exploring the use of resource overbooking for improving their profitability. As overbooking in the airline industry helps companies sell more tickets and thereby ensure fuller flights, overbooking in the public cloud helps providers create and sell more virtual machines (instances). While such instances are cheaper, they are more difficult to use because their resource capacities vary over time. The goal of this project is to develop an understanding of such burstable instances - so called due to the sporadic or "bursty" nature of their capacities - and help tenants run their workloads cost-effectively. The project will engage in outreach to industry, particularly to continue active collaborations with IBM, Google, and Amazon. Efforts will be made to convey enhancements to provider-side consolidation techniques to these industrial partners via student internships, talks, and complementary proposals for research/teaching credits. The project will involve under-represented minorities in computer science and engineering, particularly women graduate students. Finally, the work-product of the project will be publicly disseminated on the web, together with developed code, to ease experimental reproduction and validation by other parties.

The project will develop fundamentally novel methodologies for inferring undisclosed parameters governing resource regulators (e.g., variants of token buckets) for burstable instances. Integrating such situational awareness of effective capacity and employing it in application programming platforms (memcached, Spark, and Hadoop) would pose significant challenges since a plurality of resource management strategies in these platforms will now need to co-exist. A final set of research contributions will address novel provider-side concerns related to enriching future burstable instances with more diversity and flexibility for tenants taking into account their more careful usage of these instances. A website for the project will be created at the following URL: http://www.cse.psu.edu/~bhuvan/burstables.html. This website will contain all source code (tenant workload enhancements, provider-side enhancements in Apache Mesos or kubernetes, scripts for running and interpreting experiments, etc.), data, and documents (technical reports, code descriptions, papers at conferences and journals) resulting from the project. The contents will remain available for researchers well beyond the duration of the project.

Many high-performance computing (HPC) applications of national importance (e.g., nuclear simulations, climate modeling, drug discovery, epidemiology, and finance) process enormous datasets and have significant resource demands and strict performance/accuracy/power constraints. Ever-changing hardware elements (e.g., emerging new compute elements) and systems software (continuous fixes to operating systems, compilers and runtime systems) make hosting such HPC applications in locally-managed compute platforms increasingly less attractive. A promising alternate approach is to host these applications in the cloud. However, making legacy HPC applications cloud-ready and identifying the best blend of cloud services for a given application are significant challenges that need to be addressed. In this project, a holistic, cross-layer approach is taken to address the problem of securely mounting such HPC applications in the cloud with high efficiency, low cost, and good performance. A key distinguishing aspect of this project is that it combines both compile-time and run-time innovations and makes contributions to both client and cloud-provider sides.

This project spans the following five complementary thrusts, all of which are made challenging by the increasing complexity and scale of the HPC applications of interest, and by the complexity of cloud service offerings and application service-level objectives: (i) characterizing HPC application behavior on myriad cloud infrastructural options; (ii) compiler support for HPC application cloudization; (iii) novel programming language support -- Object-as-a-Service (OaaS); (iv) workload placement and scheduling support; and (v) systems software support for PaaS/SaaS on heterogeneous hardware. The ultimate goal of this project is to devise systematic methodologies for mapping HPC applications to different types of services (spanning IaaS, SaaS, FaaS, OaaS) in multi/hybrid-cloud. This research facilitates improvements in the costs of running HPC applications. This project also enables easy transitioning of HPC applications from one cloud to another and provides data for cloud architecture designers to tune their systems better for current and future HPC workloads. In addition to its technical contributions, this project involves various educational and outreach activities as well. In particular, a new graduate curriculum for cloud computing focusing on HPC applications is created and freely disseminated. Finally, the code being developed and experimental results collected are documented and open-sourced.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

A growing number of individuals and organizations rely on public cloud providers for their information technology (IT) needs. Many of these cloud users are budget-constrained and, therefore, interested in ways to reduce their cloud bills while still meeting their applications' performance needs. Cloud providers offer myriad service types (spanning infrastructure-, platform-, and software-as-a-service and diversity within each of these) and blending these can offer significant cost savings to users over prevalent techniques that tend to be limited to a small number of service types. However, getting such blending right is non-trivial and may itself pose significant effort and cost. This project aims to help users overcome such hurdles by significantly automating the process of cost-effectively blending and sizing cloud services. In particular, this automation will be realized via a cloud cost optimizing compiler called CoCo. A framework for application code annotation will allow users to convey blending-related hints based on their domain expertise. CoCo will require fundamentally novel optimization techniques and heuristics to transform user code into its cloud-ready form which will be cost-effective while meeting performance requirements. Finally, a runtime system for continual adaptation to dynamic workload changes will also be developed. All of these ideas will be prototyped on state of the art public cloud platforms and open-sourced.

This project has the potential to significantly simplify the task of migrating user applications to the public cloud with attendant cost savings. Perhaps more importantly, the transformed code is expected to incur lower recurring cloud bills owing to careful blending and sizing of cloud service types that adapts to dynamic conditions. These innovations are likely to be especially useful to small/medium-sized users for whom cloud migration can pose significant technical and cost hurdles. The educational and outreach components of the project will create awareness of such cost savings offered by service blending and, in combination with our open-source prototypes, will help spur further innovations on related themes within the cloud computing research community.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

Interactive Virtual Reality (VR) on wirelessly-connected and resource-constrained devices has important applications in education and healthcare. Supporting such VR applications is challenging due to the high data volume and stringent latency requirements. This project takes a novel holistic approach towards robust and manageable multi-user VR application support. The project jointly develops data representations, algorithms, protocols, and a prototype system that enhance the user quality of experience in collaborative, wireless VR applications, while reducing the requirements for network bandwidth, and for device storage and computation. Central to the approach is exploiting "edge cloud" resources that are near a user or group of users. The edge cloud works in concert with user devices and the more remote cloud to optimize user experience, with robustness to network variability and temporary outages. The processing tasks among the edge, remote cloud, and user devices are orchestrated to best exploit the lower latency between the users and the edge.<br/><br/>The project makes high-quality VR accessible to more users, with fewer hardware and network requirements, enabling interactive visualization in domains such as education and healthcare at scales not previously possible. The proposed research will contribute to the general area of increasing user quality of experience at a low cost for high-volume, latency-critical workloads. The work will contribute strategies for data representation, caching, and transport among wirelessly-connected thin clients, a nearby edge cloud, and a remote cloud. The project will disseminate well-documented software and educational material. The software prototypes will be used to recruit under-represented minorities in computer science and engineering at all levels, and to support joint research projects and summer internships for undergraduates.<br/><br/>This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.