Modern networked computing environments and applications often require---or can benefit from---the use of multiple communication substrates, transport mechanisms, and protocols, chosen according to where communication is directed, what is communicated, or when communication is performed. We propose techniques that allow multiple communication methods to be supported transparently in a single application, with either automatic or user-specified selection criteria guiding the methods used for each communication. We explain how communication link and remote service request mechanisms facilitate the specification and implementation of multimethod communication. These mechanisms have been implemented in the Nexus multithreaded runtime system, and we use this system to illustrate solutions to various problems that arise when implementing multimethod communication. We also illustrate the application of our techniques by describing a multimethod, multithreaded implementation of the Message Pas...

We present an I/O architecture, called Swift, that addresses the problem of data rate mismatches between the requirements of an application, storage devices, and the interconnection medium. The goal of Swift is to support high data rates in general purpose distributed systems. Swift uses a high-speed interconnection medium to provide high data rate transfers by using multiple slower storage devices in parallel. It scales well when using multiple storage devices and interconnections, and can use any appropriate storage technology, including high-performance devices such as disk arrays. To address the problem of partial failures, Swift stores data redundantly. Using the UNIX operating system, we have constructed a simplified prototype of the Swift architecture. The prototype provides data rates that are significantly faster than access to the local SCSI disk, limited by the capacity of a single Ethernet segment, or in the case of multiple Ethernet segments by the ability of the client to drive them. We have constructed a simulation model to demonstrate how the Swift architecture can exploit advances in processor, communication and storage technology. We consider the effects of processor speed, interconnection capacity, and multiple storage agents on the utilization of the components and the data rate of the system. We show that the data rates scale well in the number of storage devices, and that by replacing the most highly stressed components by more powerful ones the data rates of the entire system increase significantly.

This dissertation explores an immunological model of distributed detection, called negative detection, and studies its performance in the domain of intrusion detection on computer networks. The goal of the detection system is to distinguish between illegitimate behaviour (nonself ), and legitimate behaviour (self ). The detection system consists of sets of negative detectors that detect instances of nonself; these detectors are distributed across multiple locations. The negative detection model was developed previously; this research extends that previous work in several ways. Firstly, analyses are derived for the negative detection model. In particular, a framework for explicitly incorporating distribution is developed, and is used to demonstrate that negative detection is both scalable and robust. Furthermore, it is shown that any scalable distributed detection system that requires communication (memory sharing) is always less robust than a system that does not require communication...

An attractive target for a computer system attacker is the router. An attacker in control of a router can disrupt communication by dropping or misrouting packets passing through the router. We present a protocol called WATCHERS that detects and reacts to routers that drop or misroute packets. WATCHERS is based on the principle of conservation of ow in a network: all data bytes sent into a node, and not destined for that node, are expected to exit the node. WATCHERS tracks this ow, and detects routers that violate the conservation principle. We show that WATCHERS has several advantages over existing network monitoring techniques. We argue that WATCH-ERS ' impact on router performance and WATCHERS' memory requirements are reasonable for many environments. We demonstrate that in ideal conditions WATCHERS makes no false-positive diagnoses. We also describe how WATCHERS can be tuned to perform nearly as well in realistic conditions. c 1998 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE. Kirk Bradley's current a liation is SRI International, 333

Security in computer systems is important so as to ensure reliable operation and to protect the integrity of stored information. Faults in the implementation of critical components can be exploited to breach security and penetrate a system. These faults must be identified, detected, and corrected to ensure reliability and safeguard against denial of service, unauthorized modification of data, or disclosure of information. We define a classification of security faults in the Unix operating system. We state the criteria used to categorize the faults and present examples of the different fault types. We present the design and implementation details of a prototype database to store vulnerability information collected from different sources. The data is organized according to our fault categories. The information in the database can be applied in static audit analysis of systems, intrusion detection, and fault detection. We also identify and describe software testing methods that should be effective in detecting different faults in our classification scheme.

Ad hoc networks are completely wireless networks of mobile hosts, in which the topology rapidly changes due to the movement of mobile hosts. This frequent topology change may lead to sudden packet losses and delays. Transport protocols like TCP, which have been designed for reliable fixed networks, misinterpret this packet loss as congestion and invoke congestion control, leading to unnecessary retransmissions and loss of throughput. To overcome this problem, a feedback scheme is proposed so that the source can distinguish between a route failure and network congestion. When a route is disrupted, the source is sent a Route Failure Notification packet, allowing it to invalidate its timers and stop sending packets. When the route is reestablished, the source is informed through a Route Reestablishment Notification packet, upon which it resumes packet transmissions. Simulation experiments show that in the event of route failures, as the route reestablishment time increases, the use of feedback provides significant improvements in performance.

As communication networks grow, existing fault handling tools that involve global measures such as global time-outs or reset procedures become increasingly unaffordable, since their cost grows with the size of the network. Rather, for a fault handling mechanism to scale to large networks, its cost must depend only on the number of failed nodes Žwhich, thanks to today’s technology, grows much more slowly than the networks.. Moreover, it should allow the nonfaulty regions of the networks to continue their operation even during the recovery of the faulty parts. This paper introduces the concepts fault locality and fault-locally mendable problems, which are problems for which there are correction algorithms Žapplied after faults. whose cost depends only on the Ž unknown. number of faults. We show that any input-output problem is fault-locally mendable. The solution involves a novel technique combining data structures and ‘‘local votes’ ’ among nodes, which may be of interest in itself. � 1999 Academic Press * Alexander Goldberg lecturer.

Due to advances in wireless communication technology there is a growing demand for providing continuous network access to the users of portable computers, regardless of their location. Existing network protocols cannot meet this requirement since they were designed with the assumption of a static network topology where hosts do not change their location over time. Based on IP's Loose Source Route option, we have developed a scheme for providing transparent network access to mobile hosts. Our scheme is easy to implement, requires no changes to the existing set of hosts and routers, and achieves optimal routing in most cases. An outline of the proposed scheme is presented and a reference implementation is described.

: : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 15 CHAPTER 1: INTRODUCTION : : : : : : : : : : : : : : : : : : : : : : : : : : 17 1.1 Introduction to Network Software : : : : : : : : : : : : : : : : : : : : : 17 1.2 Network Software is Evolving : : : : : : : : : : : : : : : : : : : : : : : 20 1.3 Existing Support for Network Software Development : : : : : : : : : : : 21 1.3.1 Protocol Frameworks : : : : : : : : : : : : : : : : : : : : : : 21 1.3.2 Formal Techniques : : : : : : : : : : : : : : : : : : : : : : : : 22 1.4 New Strategies for Supporting Protocol Development : : : : : : : : : : : 23 1.4.1 Simplifying Protocol Development by Imposing Constraints : : 24 1.4.2 Language Support for Protocol Development : : : : : : : : : : 25 1.5 Morpheus : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 26 1.5.1 Abstraction : : : : : : : : : : : : : : : : : : : : : : : : : : : : 26 1.5.2 Modularity : : : : : : : : : : : : : : : : : : : : : : : : : : : : ...

We present a solution to the denial of service problem for routing infrastructures. When a network suffers from denial of service, packets cannot reach their destinations. Existing routing protocols are not well-equipped to deal with denial of service; a misbehaving router -- which may be caused by software/hardware faults, misconfiguration, or malicious attacks -- may be able to disable entire networks. To protect network infrastructures from routers that incorrectly drop packets and misroute packets, we hypothesize failure models for routers and present protocols that detect and respond to those misbehaving routers. Based on realistic assumptions, we prove that our protocols have the following properties: (1) A well-behaved router never incorrectly claims another router as a misbehaving router; (2) If a network has misbehaving routers, one or more of them can be located; (3) Misbehaving routers will eventually be removed.