By Topic

DARPA Active NEtworks Conference and Exposition, 2002. Proceedings

Date 30-30 May 2002

Filter Results

Displaying Results 1 - 25 of 39
  • Proceedings DARPA Active Networks Conference and Exposition

    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (356 KB)  

    The following topics were dealt with: active network programming; active node architectures; active network architecture; active network security; execution environments; active services; and active network testbed. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Author index

    Page(s): 555 - 556
    Save to Project icon | Request Permissions | PDF file iconPDF (187 KB)  
    Freely Available from IEEE
  • An active networking approach to service customization

    Page(s): 305 - 318
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (309 KB) |  | HTML iconHTML  

    Active networking is a powerful technology to insert new functionality into networking. We look at how active networking technology can be used to customize network services. We observe that users often want slightly different versions of network services such as multicast and network quality of service. We propose to implement these services as a base service that provides the basic service functionality and a customization code module that allows users to customize the service. The customization module uses a service-specific API to modify service behavior. We compare this architecture with the traditional active networking architecture based on execution environments and active applications. We also present several examples of customizable network services View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • SANDS: Specialized Active Networking for Distributed Simulation

    Page(s): 356 - 365
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (286 KB) |  | HTML iconHTML  

    We provide an overview of SANDS (Specialized Active Networking for Distributed Simulation), a DARPA-ITO sponsored research project that is using active networking to develop a new approach to real-time, content-based information dissemination. Our approach is based on the use of active interest filtering, a publish/subscribe mechanism that uses active networks technology to install and control dynamically-established content-based filters in intermediate active routers in an IP multicast distribution tree. Active filters prune unneeded information as early as possible in the distribution tree, ensuring that only data desired (i.e., subscribed to) by a receiver actually reaches that receiver. We describe active interest filtering, the per-node algorithms that implement active filtering, and the signaling protocol that installs interest filter state in the active routers. We describe our prototype implementation effort and present measurements from a working prototype that demonstrate the advantages of active interest filtering in a large-scale ModSAF distributed simulation scenario View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Application deployment in virtual networks using the X-Bone

    Page(s): 484 - 491
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (399 KB) |  | HTML iconHTML  

    This paper describes a framework for application deployment within virtual networks using X-Bone. The framework supports deployment of arbitrary applications and allows users to configure the runtime environment by executing user-provided scripts instead of hard-coding application commands into the system. It also automates the process of constructing virtual networks and deploying applications by using X-Bone. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Panda: middleware to provide the benefits of active networks to legacy applications

    Page(s): 319 - 332
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (430 KB) |  | HTML iconHTML  

    Panda is middleware designed to bring the benefits of active networks to applications not written with active networks in mind. This paper describes the architecture and implementation of Panda, and provides data on the overheads incurred and performance benefits achieved. The paper also discusses some of the key issues of automatically and transparently intercepting data streams and converting them into active streams, including interception mechanisms, automated planning facilities, and allowing user and application control of the middleware View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Active network based DDoS defense

    Page(s): 193 - 203
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (334 KB) |  | HTML iconHTML  

    Prior research on active networks has outlined a vision of broad applicability. We present rationale and techniques for applying active network concepts and technology to the automated intrusion response problem domain, and in particular, automated defense against distributed denial-of-service (DDoS) attacks. We describe our experience exploring these ideas via prototyping using the Secure ANTS execution environment in a deployment scenario that requires active programs to migrate across network administration boundaries. From this experience, observations are drawn on the suitability of active networks for this problem domain. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Active Names: flexible location and transport of wide-area resources

    Page(s): 291 - 304
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (291 KB) |  | HTML iconHTML  

    We explore flexible name resolution as a way of supporting extensibility for wide-area distributed services. Our approach, called Active Names, maps names to a chain of mobile programs that can customize how a service is located and how its results are transformed and transported back to the client. To illustrate the properties of our system, we implemented prototypes of server selection based on end-to-end performance measurements, location-independent data transformation, and caching of composable active objects and demonstrate up to a five-fold performance improvement to end users relative to protocols in widespread use. We show how these new services are developed, composed, and secured in our framework. Finally, we develop a set of algorithms to control how mobile Active Name programs are mapped onto available wide-area resources to optimize performance and availability View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Maude as a wide-spectrum framework for formal modeling and analysis of active networks

    Page(s): 494 - 510
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (324 KB) |  | HTML iconHTML  

    Modeling and formally analyzing active network systems and protocols is quite challenging, due to their highly dynamic nature and the need for new network models. We propose a wide-spectrum methodology using executable rewriting logic specifications to address this challenge. We also show how, using the Maude rewriting logic language and tools, active network systems, languages, and protocols can be formally specified and analyzed using a wide range of formal methods. Benefits include precise documentation of designs, early discovery of many bugs and omissions, and higher assurance of correct behavior. In this paper we illustrate these methods and their practical usefulness through two case studies: the AER/NCA protocol suite and the PLAN active networks language View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Composite protocols for innovative active services

    Page(s): 157 - 164
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (268 KB) |  | HTML iconHTML  

    We define a modular approach for specifying and implementing network protocols. Our approach partitions protocols into single function modules called protocol components. Each protocol component is specified in terms of finite state machines, action functions, memory, memory operations, and properties. This specification is amenable to rapid definition of protocol components, rapid composition of protocol components into protocols, and automatic analysis and manipulation of complete protocols. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Resource adaptive netcentric systems on active network: a self-organizing video stream that auto morphs itself while in transit via a quasi-active network

    Page(s): 427 - 443
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (752 KB) |  | HTML iconHTML  

    We discuss the issues that a network adaptive application faces on current network infrastructure and the role a programmable network such as the active network can play in facilitating them. We present a novel cognizant video transcoding system, which is capable of negotiating local network state based rate and let the video propagate over an extreme network with highly asymmetric link and node capacities. For core operation of rate transformation it utilizes knowledge at three levels - about the network, about the content protocol and about the content itself. As a platform the stream uses the computing power of a quasi-active network. As a result the passing video stream appears as a self-organizing stream, which automatically senses the network asymmetry and adapts itself as the packets diffuse via the active subnet. We discuss the issues of network adaptation with the exposition of this novel diffusion computing over a quasi-active network. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Practical active network services within content-aware gateways

    Page(s): 344 - 354
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (476 KB) |  | HTML iconHTML  

    The Internet has seen an increase in complexity due to the introduction of new types of networking devices and services, particularly at points of discontinuity known as network edges. As the networking industry continues to add revenue generating services at network edges, there is an increasing need to provide a systematic method for dynamically introducing and providing these new services in lieu of the ad-hoc approach that is in use today. To this end we support a phased approach to "activating" the Internet and suggest that there exists an immediate need for realizing active networks concepts at the network edges. In this context, we present our efforts towards the development of a content-aware active gateway (CAG) architecture. With the help of two practical services running on our initial prototype, built from commercial networking devices, we give a qualitative and quantitative view of the CAG potential View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Scalable time management algorithms using active networks for distributed simulation

    Page(s): 366 - 378
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (844 KB) |  | HTML iconHTML  

    This paper investigates time management for distributed simulations in active networks. Time management is essentially the computation of the Lower Bound Time Stamp (LBTS) across federates in a distributed simulation, including in-transit (in-flight) messages. We show that the LBTS computation is an instance of the Distributed Termination Detection (DTD) problem and how DTD algorithms can be applied to LBTS in an active network. These algorithms are potentially much more efficient than traditional LBTS algorithms that rely on point-to-point communication. We introduce the Distinguished Root Node algorithm that can compute LBTS in O(log n) time in general network topologies using a prototype implemented in Java. Experimental results are reported for the Active Time Management Daemon prototype implementation in (1) a simple testbed configuration, (2) a larger cluster environment, (3) an ns-2 simulation of very large configurations, and (4) integrated into an actual HLA-compliant run-time and simulation. While active network algorithms have the potential for improved functionality and superior performance, this potential will only be fully realized when "native" implementations are possible. For wide-scale deployment, real-world issues such as reliable delivery dynamic routing topologies, security and fault tolerance will have to be systematically addressed Also, in the area of distributed computing known as grid computing, the management of distributed resources is a key issue. Hence, we plan to use the grid computing infrastructure to manage overlays and facilitate the use of active networks by large-scale, distributed grid applications. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Secure active network prototypes

    Page(s): 166 - 181
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (442 KB) |  | HTML iconHTML  

    Active networking is a promising new technology that promises to provide powerful and flexible networking services, with services deployed by packets as they traverse the network. Security for both network operator and user is one of the most challenging aspects in this new network paradigm. This paper describes our experiences in developing security solutions that meet the requirements for three different increasingly complex network environments. Our solutions provide for authorization control, with strong end-end authentication, consideration for the protection of packets that may change in transit, and a flexible policy mechanism that was, in the third prototype, dynamic as well. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Extensible routers for active networks

    Page(s): 92 - 116
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (491 KB) |  | HTML iconHTML  

    This paper describes our effort to build an extensible router in support of active networks. Our work is driven by two goals: (1) supporting the injection of new functionality into a router, and (2) exploiting commercially available hardware. Our approach is a hierarchical architecture, in which packet flows traverse a range of processing/forwarding paths. This paper both presents the architecture, and describes our experiences implementing the architecture across a combination of general-purpose and network processors. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Evolution of an active networks testbed

    Page(s): 446 - 465
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (319 KB) |  | HTML iconHTML  

    This paper explores the requirements for a network testbed designed specifically to support research in active networking. It also describes the design of the wide-area active networks testbed named the ABone. The ABone provides a virtual and real network infrastructure for active network experiments, using a diverse set of OS platforms. Its design embodies a tradeoff among the testbed goals of scalability, availability, security, heterogeneity, and modularity. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The RadioActive networking architecture

    Page(s): 394 - 408
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (607 KB) |  | HTML iconHTML  

    This paper describes the activities in application level active networks (ALAN) under the DARPA-funded RADIOACTIVE Project; this is closely related to work carried out under a European Commission project ANDROID. The ALAN infrastructure was developed mainly under other projects; it is summarized mainly for background. The version used relies on separate active applications driven by policies, with the policies expressed in XML. There are two principal applications carried through in this project: adaptation of multicast, multimedia conferencing tools (M-Bone) and Virtual Private Networks (VPNs). The former were developed in other projects; the latter derives from the X-Bone overlay networks of ISI. It is an important aspect of the project that the final activity all works in the context of IPv6. The paper describes the measures that were required to make the applications into ALAN ones, and the problems encountered in moving all the components to work in the IPv6 environment. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Towards self-configuring networks

    Page(s): 143 - 156
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (532 KB) |  | HTML iconHTML  

    Current networks require ad-hoc operating procedures by expert administrators to handle changes. These configuration management operations are costly and error prone. Active networks involve particularly fast dynamics of change that cannot depend on operators and must be automated. This paper describes an architecture called NESTOR that seeks to replace labor-intensive configuration management with one that is automated and software-intensive. Network element configuration state is represented in a unified object-relationship model. Management is automated via policy rules that control change propagation across model objects. Configuration constraints assure the consistency of model transactions. Model objects are stored in a distributed repository supporting atomicity and recovery of configuration change transactions. Element adapters are responsible for populating the repository with configuration objects, and for pushing committed changes to the underlying network elements. NESTOR has been implemented in two complementary versions and is now being applied to automate several configuration management scenarios of increasing complexity, with encouraging results View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Active virtual network management prediction: complexity as a framework for prediction, optimization, and assurance

    Page(s): 534 - 553
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (710 KB) |  | HTML iconHTML  

    The paper considers the blending of computation and communication by means of complexity. The specific service examined is network self-prediction enabled by active virtual network management prediction. Computation/communication is analyzed via Kolmogorov complexity. The result is a mechanism to understand and improve the performance of active networking and active virtual network management prediction in particular The active virtual network management prediction mechanism allows information, in various states of algorithmic and static form, to be transported in the service of prediction for network management. The results are generally applicable to algorithmic transmission of information. Kolmogorov Complexity is used and experimentally validated as a theory describing the relationship among algorithmic compression, complexity, and prediction accuracy within an active network. Finally, the paper concludes with a complexity-based framework for information assurance that attempts to take a holistic view of vulnerability analysis. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The ASP EE: an active network execution environment

    Page(s): 238 - 254
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (301 KB) |  | HTML iconHTML  

    This paper describes the ASP Execution Environment (EE), a prototype general-purpose active network execution environment that initiates and controls the execution of Java-based active applications. Features of the ASP EE include support for persistent active applications, fine-grained network I/O control, security, resource protection and timing services View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Enabling active flow manipulation in silicon-based network forwarding engines

    Page(s): 65 - 76
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (545 KB) |  | HTML iconHTML  

    A significant challenge arising from today's increasing Internet traffic is the ability to flexibly incorporate intelligent control in high performance commercial network devices. The paper tackles this challenge by introducing the active flow manipulation (AFM) mechanism to enhance traffic control intelligence of network devices through programmability. With AFM, customer network services can exercise active network control by identifying distinctive flows and applying specified actions to alter network behavior in real-time. These services are dynamically loaded through Openet by the CPU-based control unit of a network node and are closely coupled with its silicon-based forwarding engines, without negatively impacting forwarding performance. AFM is exposed as a key enabling technology of the programmable networking platform Openet. The effectiveness of our approach is demonstrated by four active network services on commercial network nodes View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Developing dynamic security policies

    Page(s): 204 - 215
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (344 KB) |  | HTML iconHTML  

    In this paper we define and provide a general construction for a class of policies we call dynamic policies. In most existing systems, policies are implemented and enforced by changing the operational parameters of shared system objects. These policies do not account for the behavior of the entire system, and enforcing these policies can have unexpected interactive or concurrent behavior. We present a policy specification, implementation, and enforcement methodology based on formal models of interactive behavior and satisfiability of system properties. We show that changing the operational parameters of our policy implementation entities does not affect the behavioral guarantees specified by the properties. We demonstrate the construction of dynamic access control policies based on safety property specifications and describe an implementation of these policies in the Seraphim active network architecture. We present examples of reactive security systems that demonstrate the power and dynamism of our policy implementations. We also describe other types of dynamic policies for information flow and availability based on safety, liveness, fairness, and other properties. We believe that dynamic policies are important building blocks of reactive security solutions for active networks. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Janos: a Java-oriented OS for active network nodes

    Page(s): 117 - 129
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (276 KB) |  | HTML iconHTML  

    Janos is an operating system for active network nodes whose primary focus is strong resource management and control of untrusted active applications written in Java. Janos includes the three major components of a Java-based active network operating system: the low-level NodeOS, a resource-aware Java Virtual Machine, and an active network protocol execution environment. Each of these components is separately usable. This article lays out the Janos design and its rationale. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Modeling CPU demand in heterogeneous active networks

    Page(s): 511 - 533
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (661 KB) |  | HTML iconHTML  

    Active-network technology envisions deploying execution environments in network elements so that application-specific processing can be applied to network traffic. To provide safety and efficiency, individual nodes must include mechanisms to manage resource use. This implies that nodes must understand resource demands associated with specific traffic. Well-accepted metrics exist for expressing bandwidth (bits per second) and memory (bytes) in units independent of particular nodes. Unfortunately, no well-accepted, platform-independent metric exists to express processing demands. This paper describes and evaluates an approach to model processing demand for active packets in a form interpretable among heterogeneous nodes in an active network. The paper applies the model in two applications: controlling the use of CPU and predicting CPU demand. The model yields improved performance when compared against the approach currently used in many execution environments. The paper also discusses the limits of the proposed model, and outlines future research that might lead to improved outcomes View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An adaptable network control and reporting system (ANCORS)

    Page(s): 466 - 483
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (544 KB) |  | HTML iconHTML  

    We present ANCORS, an adaptable network control and reporting system that merges technology from network management and distributed simulation to provide a unified paradigm for assessing, controlling, and designing active networks. ANCORS introduces a framework to assist in managing the substantial complexities of software reuse and scalability in active network environments. Specifically, ANCORS provides an extensible approach to the dynamic integration, management, and runtime assessment of various network protocols in live network operations. We present some of the advantages that can be obtained by merging technology from network management, distributed simulation, and active networking, and describe how ANCORS leverages complementary elements of each. We describe ANCORS's network engineering support to enable efficient, high-fidelity distributed simulation of networking software. We then use ANCORS to perform a quantitative study of the Random Drop SYN attack defense mechanism. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.