Research Interests

  • Computer System Architecture
  • High-speed Network Intrusion Detection
  • ML-RSIM System Simulator
    •

    Computer System Architecture

    I am interested in research at the intersection of computer architecture and software. Concurrently exploring both domains exposes problems that otherwise would remain hidden or difficult to identify. In addition, this system-level approach facilitates novel and unique solutions that are unavailable when working in either field alone.

    As part of the Cascade Project I am investigating shared DRAM-based cache organizations and thread scheduling techniques for chip multiprocessors.

    SPANIDS: A Scalable Platform for High-speed Network Intrusion Detection

    This project focuses on developing a scalable architecture for high-speed network intrusion detection systems. We are developing scalable loadbalancing techniques that exploit concurrency in network traffic to significantly improve the throughput of advanced network intrusion detection systems. A hash-based packet routing approach allows us to forward all packets belonging to a connection to the same sensor. At the same time, the absense of a conventional routing table avoids the systems vulnerability to a denial-of-service attack. The loadbalancer incorporates feedback from the sensor nodes to adapt to changes in network traffic characteristics to avoid packet loss due to overload.

    We recently completed designing and implementing a prototype system that is able to process IP traffic on Gigabit network links with minimal packet loss. Below are some pictures of the system, consisting of a custom FPGA loadbalancer, a commodity Ethernet switch that implements the routing data plane, and 16 dual-processor Opteron nodes running Linux and Snort 2.3.


    The complete prototype System.
    FPGA board, host and console.
    Load balancer and external switches.
    FPGA board closeup.

    16 Opteron nodes as sensors.
    Wiring in back of rack.
    Performance monitoring software user interface.
    Configuration panel.

    This project is funded by the National Science Foundation.

    ML-RSIM: Accurate and Detailed System-level Simulation

    ML-RSIM is an execution-driven system simulator that combines detailed processor, cache, memory hierarchy and I/O device models with a Unix-compatible operating system. It provides a unique tool that allows researchers to study the interaction of computer architecture, I/O activity, system software and applications.

    ML-RSIM/Lamix simulates statically linked SPARC V8 binaries that in many cases also run on native SPARC/Solaris hosts without modifications. The simulation system is available in source-code form at no charge.

    System Measurement and Modelling

    Understanding the performance of current and emerging applications from an architectural point of view is an important foundation of most computer architecture research. I am interested in developing portable methodologies that measure various aspects of modern computer systems, such as the overhead of I/O operations. In addition, I am working on improving our understanding of the accuracy required of architectural simulators.

    lambert@cs.utah.edu l.schaelicke@computer.org