Maria Apostolaki: Networked Systems Group @ ETH Zürich

I am an Assistant Professor at Princeton University, and am leading the NetSyn Lab.

I completed my PhD under the guidance of Prof. Dr. Laurent Vanbever in the amazing NSG group! During my studies, I had been a visiting student at MIT and a research intern at Microsoft Research and Google.

After my PhD, I spent a year at Carnegie Mellon University working with Vyas Sekar as a postdoctoral researcher. I earned my diploma in Electrical and Computer Engineering at the National Technical University of Athens, Greece.

My research draws from networking, security, blockchain and ML. Overall, my goal is design and build networked systems that are secure, reliable and performant. More information about my current research can be found here.

Mass Surveillance of VoIP Calls in the Data Plane

Paper

Abstract

BibTeX

Ege Cem Kirci, Maria Apostolaki, Roland Meier, Ankit Singla, Laurent Vanbever

ACM SOSR 2022. Online (October 2022).

ABM: Active Buffer Management in Datacenters

Paper

Code

Abstract

BibTeX

Vamsi Addanki, Maria Apostolaki, Manya Ghobadi, Stefan Schmid, Laurent Vanbever

ACM SIGCOMM 2022. Amsterdam, Netherlands (August 2022).

Performance-Driven Internet Path Selection

Paper

Poster

Video

Slides

Abstract

BibTeX

Maria Apostolaki, Ankit Singla, Laurent Vanbever

ACM SIGCOMM Symposium on SDN Research 2021. Online (October 2021).

Routing Security of Cryptocurrencies

Paper

Abstract

Maria Apostolaki

Doctoral dissertation. ETH Zurich. July 2021.

Cryptocurrencies are digital money operated by a set of nodes. The oldest and most widely-used cryptocurrency today, namely Bitcoin, gained its popularity thanks to its security properties: its openness, immutability, and anonymity. Indeed, Bitcoin offers all users an open platform to perform immutable transactions while hiding their real-world identity. Instead of relying on a central authority, Bitcoin nodes build an extensive overlay network between them and use consensus to agree on a set of transactions that are recorded within Bitcoin’s core data structure: the blockchain.

Bitcoin nodes communicate over the Internet infrastructure, which is composed of multiple networks called Autonomous Systems (ASes). In effect, any AS on the Internet forwarding path between two nodes can access the messages they exchange. The Bitcoin protocol does not specify how the Bitcoin peer-to- peer overlay network should be mapped to the Internet to maintain its security properties. As a result, Bitcoin’s security properties are in practice at risk. In this thesis, we aim at shedding light on the interactions between the application and the network layer by answering two questions.

Attack surface: What could be the impact of an AS-level adversary on the security properties of cryptocurrencies and Bitcoin in particular?

Defense: How can we shield such systems from an AS-level adversary?

In response to the first question, we prove that a single AS is able to compromise Bitcoin’s immutability, anonymity, and openness. In response to the second question, we show that we can protect cryptocurrencies from AS-level adversaries by leveraging Internet policies, state-of-the-art networking hardware and cross- layer awareness.

We start these efforts by analyzing the Bitcoin network from the routing perspective. Our findings contradict a core assumption about the Bitcoin network, namely its decentralization. From the application perspective, Bitcoin is indeed decentralized, as it is an open network of thousands of independent nodes that establish random connections. From the routing perspective, though, the Bitcoin network is highly centralized, as few ASes intercept a disproportionately large amount of Bitcoin traffic. Driven by this insight, we introduce a new attack vector, namely routing attacks. We uncover and ethically performed in the wild three novel routing attacks against Bitcoin: the partition, the delay, and the perimeter attack. These attacks generalize to other cryptocurrencies such as Ethereum. Other than the attacker’s goal, the three attacks differ in terms of their effectiveness and detectability. On the one hand, the partition attack is extremely powerful – even against the Bitcoin network as a whole – but it can be easily detected. On the other hand, the delay and the perimeter attacks are only effective against a targeted set of nodes, yet they are very hard to be detected.

To shield Bitcoin against the partition attack we design SABRE, a relay network that keeps the Bitcoin network connected even in the presence of an AS- level attacker. SABRE achieves this by leveraging Internet routing policies and emerging networking hardware. Notably, SABRE’s design is general and can be used to protect any blockchain system from such attacks.

Finally, to shield Bitcoin from harder-to-detect attacks such as the delay and the perimeter attack, we suggest a set of cross-layer countermeasures. In particular, we revisit the design and deployment choices of the Bitcoin (and the Ethereum) system to account for the risk of an AS-level adversary.

Securing Internet Applications from Routing Attacks

Paper

Abstract

BibTeX

Yixin Sun, Maria Apostolaki, Henry Birge-Lee, Laurent Vanbever, Jennifer Rexford, Mung Chiang, Prateek Mittal

Communications of the ACM. (June 2021).

Perimeter: A network-layer attack on the anonymity of cryptocurrencies

Paper

iPoster

Video

Abstract

BibTeX

Maria Apostolaki, Cedric Maire, Laurent Vanbever

Financial Cryptography and Data Security 2021. Grenada (March 2021).

FB: A Flexible Buffer Management Scheme for Data Center Switches

Paper

Abstract

Maria Apostolaki, Vamsi Addanki, Manya Ghobadi, Laurent Vanbever

Under Submission.

P2GO: P4 Profile-Guided Optimizations

Paper

Video

Slides

Abstract

BibTeX

Patrick Wintermeyer, Maria Apostolaki, Alexander Dietmüller, Laurent Vanbever

ACM HotNets 2020. Chicago, Illinois, USA (November 2020).

FAB: Toward Flow-aware Buffer Sharing on Programmable Switches

Paper

Slides

Abstract

BibTeX

Maria Apostolaki, Laurent Vanbever, Manya Ghobadi

ACM Workshop on Buffer Sizing. Stanford, CA, USA (December 2019).

Blink: Fast Connectivity Recovery Entirely in the Data Plane

Paper

Video

Website

Slides

Code

Abstract

BibTeX

Thomas Holterbach, Edgar Costa Molero, Maria Apostolaki, Alberto Dainotti, Stefano Vissicchio, Laurent Vanbever

USENIX NSDI 2019. Boston, Massachusetts, USA (February 2019).

SABRE: Protecting Bitcoin against Routing Attacks

Paper

Slides

Video

Website

Abstract

BibTeX

Maria Apostolaki, Gian Marti, Jan Müller, Laurent Vanbever

NDSS Symposium 2019. San Diego, CA, USA (February 2019).

Hijacking Bitcoin: Routing Attacks on Cryptocurrencies.

Paper

Website

Video

Slides

Abstract

BibTeX

Maria Apostolaki, Aviv Zohar, Laurent Vanbever

2018 IETF/IRTF Applied Networking Research Prize

IEEE Symposium on Security and Privacy 2017. San Jose, CA, USA (May 2017).

Gauging Risk in Resource Optimizations on Stateful Packet-Processing Devices (M)

Patrick Wintermeyer

Supervisors: Dr. Maria Apostolaki, Alexander Dietmüller, Edgar Costa Molero, Prof. Laurent Vanbever

Traffic-Aware Compilation

Thesis

Patrick Wintermeyer

Supervisors: Dr. Maria Apostolaki, Alexander Dietmüller, Prof. Laurent Vanbever

Meta Congestion Control (S)

Thesis

Boya Wang

Supervisors: Dr. Maria Apostolaki, Alexander Dietmüller, Prof. Laurent Vanbever

Ensuring Transport Fairness with Smart Networks (S)

Thesis

Long He

Supervisors: Alexander Dietmüller, Dr. Maria Apostolaki, Prof. Laurent Vanbever

Multi-path routing (S)

Manuel Pulfer

Supervisors: Dr. Maria Apostolaki, Prof. Laurent Vanbever

Protecting Blockchain Applications with Programmable Networks (S)

Jan Müller

Supervisors: Dr. Maria Apostolaki, Prof. Laurent Vanbever

Load balancing in a data center using the data plane (M)

Andreas Pantelopoulos

Supervisors: Dr. Maria Apostolaki, Edgar Costa Molero, Prof. Laurent Vanbever

Detecting and mitigating network attacks on Bitcoin (S)

Floyd Basler

Supervisors: Dr. Maria Apostolaki, Prof. Laurent Vanbever

Data-Driven Performance Correlation (S)

Jan-Philipp Schulze

Supervisors: Dr. Maria Apostolaki, Prof. Laurent Vanbever

Dr. Maria Apostolaki