Large Language Models (LLMs) have shown impressive performance in various domains, including software engineering. Code generation, a crucial aspect of software development, has seen significant improvements with the integration of AI tools. While existing LLMs have show very good performance in generating code for everyday tasks, their application in industrial settings and domain-specific contexts remains largely unexplored. This thesis investigates the potential of LLMs to generate code in proprietary, domain-specific environments, with a specific focus on the leveling department at ASML. The primary goal of this research is to assess the ability of LLMs to adapt to a domain they have not encountered before and to generate complex, interdependent code in a domain-specific repository. This involves evaluating the performance of LLMs in generating code that meets the specific requirements of ASML. To achieve this, the thesis investigates various prompting techniques, compares the performance of generic and code-specific LLMs, and examines the impact of model size on code generation capabilities. To evaluate the code generation capabilities of LLMs in repository-level scenarios, we introduce a new performance metric, build@k, designed to measure the effectiveness of generated code in compiling and building projects. The results showed that both prompting techniques and model size have a substantial influence on the code generation capabilities of LLMs. However, the performance difference between code-specific and generic LLMs was less pronounced and varied substantially across different model families.

Frequent route changes in modern SDN-based net works are known to severely degrade the performance of TCP Cubic. This degradation is caused by two factors: sudden RTT changes, and packet reordering which Cubic misinterprets as congestion. This research investigates how a modern alter native, BBRv3, performs under these same conditions. Using ns-3 simulations with rerouting intervals of 3, 5, and 10seconds, we show that BBRv3is significantly more resilient. While Cubic through put is reduced by nearly 50% at 3-second intervals, BBRv3 performance degrades by less than 10%, as its probing mechanism does not use packet re ordering as a congestion signal. We also examined a second scenario where a flow leaves a saturated link. We concluded Cubic flows take much longer to fill the newly freed up bandwidth, as much as 8 seconds for a 25% increase in available bandwidth. BBR performs much better as its able to recognize that the link is not saturated during its next probing phase and mediately fill it. Therefore, we conclude that BBRv3 is better suited for the dynamic network conditions found in SDN environments

Most TCP data transfers in the Internet are short. This makes the startup algorithms an important factor that impacts TCP performance. Several startup algorithms have been developed. However, not a lot of research has been conducted into how these behave and interact when used for short flows. This paper aims to provide a thorough evaluation of these algorithms and their interactions under different network conditions, focusing on short flows and using ns-3. We have observed that JumpStart seems to outperform the other algorithms used when it comes to flow completion time for short flows. That is likely because it starts to send data with an aggressive initial congestion window and the flow is finished after the first few RTTs. However, JumpStart performs more poorly when the flows are longer. We have shown that JumpStart has a great potential to make communication more efficient in the Internet but further research has to be conducted into its behavior in more adversarial conditions that represent real life situations better.

The Low-Latency, Low-Loss, ScalableThroughput (L4S) service aims to support real-time applications by enabling high throughput with sub-millisecond queueing delay. It combines
scalable ECN-based congestion control (e.g., TCP Prague) with a Dual-Queue AQM such as DualPI2 to separate low-latency and classic traffic.
This paper evaluates how L4S behaves under stressful network conditions using an extended ns-3
testbed with DualPI2, TCP Prague, and ECNenabled BBRv3. We test five scenarios: RTT jitter, bandwidth shifts, mixed traffic, wireless loss, and scalable-to-scalable coexistence.
Our results show that TCP Prague consistently delivers low delay and stable throughput, whereas
legacy TCP Cubic shows elevated and more variable delay—especially under jitter and in shared
queues. ECN-BBRv3 coexists cleanly with Prague, but when Cubic and Prague share a queue, Prague dominates bandwidth. L4S thus meets its latency goals, but fairness with classic TCP remains an open issue.

The Transmission Control Protocol (TCP) remains the cornerstone of modern network communication, enabling reliable and ordered data delivery across a wide range of network environments. Despite its ubiquity, TCP’s variants’ performance under extreme and highly variable network conditions remains insufficiently explored. This paper investigates the behavior of two common TCP variants - CUBIC and BBRv1 - when subjected to dynamic bandwidth and delay fluctuation. Such conditions are increasingly common in real-world wireless networks and can have a significant impact on TCP flows. We conduct a series of tests using the ns-3 framework, employing a dumbbell topology to simulate wireless connections. The results of 6 different testing scenarios are presented. They showcase that both algorithms experience significant packet loss in the event of bandwidth variance in-transmission, with BBRv1 adapting to these changes better, but not dominating over CUBIC in a multi-flow connection. In addition, both TCP variants experience harsh throughput drops and lose very few packets in the event of delay spikes. When faced with both delay and bandwidth variance, BBRv1 experiences high packet loss while CUBIC’s connection remains stable.

Modern TCP congestion control algorithms rely on timely ACK feedback to adjust their parameters. However, some networks deliberately suppress ACKs. This study uses the ns-3 simulator to experiment with the impact of suppressing ACKs on the reverse path on four TCP variants (BBRv3, Cubic, NewReno, Vegas) in both wired and wireless dumbbell topologies. In wired experiments, we implement a custom queue that allows us to test fixed aggregation ratios at the transport-layer. In wireless scenarios, we utilize the IEEE 802.11n standard’s MAC-layer aggregation schemes (A-MSDU, A-MPDU), both individually and in combination, and also evaluate varying maximum A-MPDU aggregation sizes. Our results show that while transport-layer aggregation can degrade performance and fairness, especially for BBRv3 and Cubic, MAC-layer aggregation consistently improves throughput without destabilizing TCP behaviour. NewReno demonstrates strong resilience across both setups, while Vegas exhibits highly inconsistent performance. These findings highlight the importance of aligning aggregation
mechanisms with congestion control strategies carefully.

The inability to check how our Internet traffic is being handled and routed poses all kinds of security and privacy risks. Yet, for the typical end-user, the Internet indeed is such a black box. This thesis, adheres to the call for an Internet that is more transparent, and as a step forward proposes a mechanism that carefully balances the desire to share transparency information with the necessity to not expose all internal details of a network. Presented work realises this by building on the framework of multi-party computation. Proposed architecture and corresponding proof-of-concept is evaluated via experiments and demonstrates the feasibility of the concept to improve Internet transparency.

Online gaming is the world’s largest entertainment industry by revenue, and supports over 3 billion consumers worldwide. Many of the world’s most popular online games must manage millions of concurrent players through a single unified service. Achieving performant and scalable online games is challenging. Online games are subject to stringent quality of service requirements, notably extremely low response times, with at most 50ms being considered acceptable. Unlike many other types of applications, the performance of online games depends to a large degree on the resources available on end-user devices. These devices are typically heterogeneous, limited in compute and network resources, and subject to unpredictable changes in resource availability.
Addressing this challenge, we propose in this work the concept of differentiated deployment, which allows online games to selectively manage and scale online-game systems with fine granularity in response to changes in available resources. We design Polka, a framework for online games which supports differentiated deployment. We then implement PolkaDOTS, an open-source proof of concept of the Polka framework built in an industry standard game development ecosystem.
We evaluate our approach using Dither, a custom-built experiment runner for large scale distributed experiments on online games. We use Dither to perform real-world experiments on a representative Minecraft-like Game, Opencraft 2, built on the PolkaDOTS stack, and analyze the impact of various differentiated deployment scenarios. From these experiments, we find that differentiated deployment can decrease performance variability of online-game servers, and decrease the response time experienced by players by up to 32%. Most importantly, we show that differentiated deployment enables novel deployment techniques, including switching from local rendering to cloud-based rendering (i.e., cloud gaming) at runtime.

The versatility of the internet enables many applications that play an increasingly bigger role in our society. However, users have little control over the route that their internet traffic takes, which prevents them from controlling who sees their packets and how their traffic is handled. Researchers have proposed an extension to the internet, called the responsible internet, that aims to provide users with control over the route that their internet traffic takes.
Providing this control is the aim of this thesis. Users can control their route by specifying requirements that their route has to fulfill. This thesis defines the Maximum Path Requirement Intersection (MPRI) problem as the problem of finding the route that satisfies as many of the user’s requirements as possible, and this thesis proves that MPRI is NP-hard. Subsequently, both a heuristic to solve the problem in a reasonable amount of time as well as an exact algorithm that guarantees to find the globally best path are introduced. The performance of the heuristic is measured relative to the globally optimal solution given by the exact algorithm. Results show that less features allow the heuristic to have a larger search space, which improves the results; that the runtime of the heuristic scales polynomially in the number of hops between the start and end node; that the heuristic is most effective in graphs that have a power-law degree distribution and least effective in grid-like graphs; and that in a realistic setting the heuristic runs quickly while performing close to optimal.

The rapid evolution of 5G technology has paved the way for the proliferation of resource-constrained Internet of Things (IoT) devices, collectively known as ambient IoT. While these devices offer unprecedented opportunities for connectivity and data collection, their limited computational capabilities present significant challenges in implementing robust security measures. This thesis addresses these challenges by proposing two novel lightweight security protocols tailored for ambient IoT devices within 5G networks.

The first protocol, "Lightweight security protocol instantiated using ASCON", leverages the ASCON family of cryptographic functions to ensure essential security properties while adhering to the constraints of ambient IoT devices. The protocol’s effectiveness is evaluated through simulations, focusing on computational efficiency compared to existing solutions.

The second protocol, "Data container-based security protocol", adopts a container-based approach to enhance interoperability and standardization across diverse ambient IoT device applications. This protocol facilitates seamless integration and compatibility among ambient IoT systems by encapsulating authentication and communication data within generic containers. The benefits of this approach are analyzed theoretically, highlighting its potential for standardization in heterogeneous 5G environments.

Together, these lightweight security protocols contribute to developing a secure and efficient ecosystem for ambient IoT devices within 5G networks. By addressing the challenges posed by resource-constrained devices and promoting interoperability, this thesis aims to enhance security and facilitate the widespread adoption of ambient IoT technologies in our increasingly connected world.

An all-important step in the ambitious pursuit towards autonomous networks has been the introduction of Software Defined Networking which has advocated the concept of separating a network’s control plane from the data plane and creating a programmable controller with a wider view of the network. This innovation proved to be very promising, but the non-programmable data plane quickly became a limitation. 
The next step was brought by the emergence of the programmable switch architecture and P4, a language specifically designed for defining the behaviour of programmable network devices. P4 is a remarkably powerful language that allows the software developer to define almost any packet-processing functionality, all while abstracting away from the specifics of the target’s hardware architecture.
Despite its many benefits, P4 brings with it an additional layer of complexity for the network administrators, which may find themselves overwhelmed by having to learn a new programming language.
This report tackles this issue by presenting a prototype that is capable of synthesizing small P4 programs from pairs of input & output packets. Under the hood, the proposed solution uses a bottom-up enumerative synthesizer called Probe. This synthesizer was re-implemented, improved, and tailored to leverage the particularities of the problem domain.

The ongoing digitalization of the world, estimated to reach a yearly data generation of 200 Zettabytes by 2025, is putting increasing pressure on system developers to provide systems capable of scaling with future needs. Of particular importance are the data storage systems, providing the means of storing and retrieving the vast amounts of data. One widely adopted storage technology, predicted to become the leading media for future data storage, is flash-based solid state drives (SSD). The complex architecture of flash SSD however introduces several challenges, such as necessary garbage collection, for managing the flash storage. To readily integrate flash SSD into storage systems, the flash management idiosyncrasies are hidden inside the storage device. The hiding of the flash management idiosyncrasies has however been identified to have significant performance implications. As a result, numerous efforts have pushed towards more open flash storage interfaces, with the most recent addition of Zoned Namespace (ZNS) flash SSD. ZNS SSD presents a unique opportunity for storage software and the flash SSD to coordinate the flash management responsibilities.

While the open flash storage interface of ZNS presents a plethora of opportunity in software optimization, current software support is in its early stages, leaving much of its potentials yet to be explored. In this work, we present msF2FS (multi-streamed F2FS), a file system with optimized ZNS integration, based on the de facto standard flash file system F2FS. msF2FS enhances the ZNS integration by leveraging the parallelism capabilities of ZNS SSD, and increasing the coordination between the file system and applications for data placement decision-making. The data placement coordination between file system and application reduces the sub-optimal data placement decisions made by the file system. Evaluations of msF2Fs show the benefit of the application and file system coordination, with the RocksDB application achieving up to 23.19% higher throughput as a result of optimized data placement. We make all developed code of msF2FS publicly available at https://github.com/nicktehrany/msF2FS.

Intent-based Networking (IBN) is one of the hot topics of research in the modern field of networking. Abstracting the complexity of network management away from the network operator through automation is the cornerstone of the IBN concept. However, a lot of current research on intent-based networking is concentrated towards programmable software defined networks (SDN), rather than traditional non-programmable network devices which still hold a large market share in modern networks. Moreover, when it comes to traditional network devices, network validation becomes very crucial as it needs a endoragnostic environment to evaluate the network. This thesis studies the important aspects necessary for IBN adaptation for legacy devices and provides a solution for adaptation into modern networks, while being vendor-agnostic. Based on the design, the results obtained from the proofs-of-concept are then analyzed and concluded upon, ending by elucidating avenues of future work.

As a result of a global pandemic, there has been an increasing interest in tools for remote video conferencing and collaboration. One of these new innovations is social eXtended Reality (XR). By combining Virtual Reality (VR) and Augmented Reality (AR) technologies, social XR can provide a more immersive experience than any other VR application by giving users at different locations the chance to virtually gather in real-time. But such applications impose enormous requirements on computational and communication resources. 5th Generation (5G) mobile networks are targeted as solution to provide ultra-low latency and ultra-high throughput for social XR. In current research, many optimisations are aimed at VR applications such as on-demand streaming, while there is a lack of solutions for real-time user-interactive applications like social XR. In this graduation project we develop and assess cross-layer solutions for optimised scheduling of social XR applications in 5G networks. An existing framework for simulating social XR conference applications serves as the basis for our modelling approach. We devise different schedulers, that utilise cross-layer information in the form of the video frametype and frame-level End-to-End (E2E) latency budgets rather than packet-level latency budgets purely within the Radio Access Network (RAN). In contrast to previous work, we create the VR traffic based on real video data and develop tools to model the packet dispersion caused by multi-hop transmission over the internet towards the RAN. We study the effect of various system and traffic parameters on the Quality of Service (QoS) and perceived Quality of Experience (QoE) in the context of social XR applications through an extensive sensitivity analysis. Herein we also assess the performance impact of different types of cross-layer packet schedulers. Further, we gain insights into the correlation between the network QoS and perceived QoE by end users which are the key in future cross-layer implementations for social XR.

In software defined networking a controller can control where the data-plane routes packets to. Programmable data-planes make networks even more flexible, as the algorithms on the data-plane can be updated. The P4 programming language can be used to program data-planes, and the P4Runtime data-plane API can be used for controller to data-plane communication. The possibility of man-in-the-middle attacks when using P4Runtime was investigated. Man-in-the-middle attacks are possible either between the controller and data-plane, or between two hosts on the network. A virtual network in Mininet was used to try and demonstrate the difference between secure and insecure channels in these two scenarios. A malicious controller can take control of a switch in order to use it for man-in-the-middle attacks when the P4Runtime channel is insecure, but not in a secure channel. The man-in-the-middle attack between the controller and switch was not achieved due to the switches in Mininet only running on localhost and not being able to run the controller in-band. It was concluded that it is indeed recommended to only use secure P4Runtime channels, and possible extensions to this research could be to attempt the same experiment using a different setup or to research the effects that a successful man-in-the-middle attack can have.

Data planes are responsible for forwarding packets in a network. The P4 language is used for programming programmable data planes. Such data planes give more flexibility to programmers by allowing them to define how the packets should be processed. However, these data planes might also be more vulnerable to malicious attacks than traditional (non-programmable) data planes. That is because software is usually more prone to errors as compared to the hardware. Different research has already analyzed various aspects of the security of the P4 language. However, the security vulnerabilities of P4 programs have not been researched in depth. The main contribution of this paper is providing examples of attacks on P4 programs by using manipulated packet data. In this research, it was attempted to corrupt three P4 programs by manipulating packet data. Two of the three attempts were successful. The paper concludes that some P4 programs can be corrupted by malicious packets.

P4 programmable data-planes provide operators with a flexible method to set up data-plane forwarding logic. To deploy networks with confidence, a switch's forwarding logic should correspond with its intended behavior. Programs loaded onto programmable data-planes don't necessarily go through as much testing as traditional fixed-function devices from large manufacturers. Security is therefore of utmost importance.

The main question this research attempts to answer, is whether a single compromised P4 switch can corrupt the entire (P4) network. In this scenario the attacker already has access to the compromised switch, and the assumption is made that all devices blindly trust each other. Two load balancing schemes are investigated, Clove-ECN and HULA. The former performs load balancing on the hosts, and results show that switches can transparently influence traffic flow by manipulating the ECN bits. The latter is designed for implementation on the data-plane, e.g. using P4, and we can conclude that HULA is susceptible to attacks by spoofing probe packets with false data.

DDoS attacks are becoming more common and sophisticated. Only recently, in 2017, Google claims they have mitigated an attack which sent 2.54 Tbps of traffic to their servers. In order to prevent these attacks, more and more robust defence mechanisms need to be put in place to withstand the malicious traffic and secure the networks. Programmable data planes allow the users to specify which rules the headers of a packet need to follow and what happens if they are different. With this freedom, achieving more secure networks becomes possible. The use of the programming language P4 makes it easy to modify the functionality of the switches and limit the behaviour of the network in order to reduce the attack surface.
This paper describes certain attacks and mitigation techniques for them, such as DoS attacks and SYN-flood attacks. The paper will list existing defence techniques and enumerate their advantages and drawbacks. There will be two proof of concept detection and mitigation techniques in P4, and these implementations will be compared to already existing ones. The P4 implementations will be provided as well as comparison and performance graphs.

After software defined networking (SDN) separated the control-plane from the dataplane, P4 was proposed as a solution to be able to program the data-plane. The programmable data plane (PDP) is very useful to alter the behaviour of programmable network devices. The drawback, however, is that without virtualization only one single P4 program can run at a time on the PDP. Compiler based and hypervisor based approaches can be used to virtualize the P4 data-plane to let P4 programs run alongside each other. This increases the flexibility when compared to P4, but can potentially come with added risks. Hypervisor based approaches share resources, while compiler based approaches try to minimize the sharing of resources. This opens up hypervisor based approaches, like HyperVDP and Hyper4, to attacks from a corrupt P4 program. Because of the resource sharing, when one of the virtualized P4 programs in HyperVDP is corrupted, there potentially is a risk that the other virtualized programs also get influenced. This paper will attempt to answer the question; can a malicious P4 program corrupt behaviour of another P4 program while running alongside each other. This will be done by laying out a method to answer this question using HyperVDP. A repository containing the updated source code of HyperVDP will also be created and provided to allow for a stable framework.