Abstract not found

The Internet protocols were designed to emphasize simple routing elements and intelligent hosts. However, there are applications that benefit from allowing hosts to customize or program routers, a concept known as active networking. Since routers are shared, this raises challenges with delivering sufficient flexibility while preserving or improving performance, security, and safety. PLAN (Packet Language for Active Networks) is a language designed for the SwitchWare active network architecture. This architecture comprises active packets containing PLAN programs that invoke service routines over an active OS. PLAN is based on the polymorphic lambda calculus and provides a restricted set of primitives and datatypes that enables reasoning about its impact on network resources based on features of the language design. This paper focuses on the PLAN language with the aim of consolidating a variety of studies that were carried out in the years after its introduction in 1998. These studies include the requirements for PLAN, its design, programming in PLAN, the specification and theory of PLAN, and its use in networking applications.

Active networks must balance the flexibility of a programmable network infrastructure against the safety and security requirements inherent in sharing that infrastructure. Furthermore, this balance must be achieved while maintaining the usability of the network. The SwitchWare active network architecture is a novel approach to achieving this balance using three layers: active packets, which contain mobile programs that replace traditional packets; active extensions, which provide services on the network elements, and which can be dynamically loaded, and; a secure active router infrastructure, which forms a high integrity base upon which the security of the other layers depends. In addition to integrity-checking and cryptography-based authentication, security in our architecture depends heavily on verification techniques from programming languages, such as strong type checking.

In this article we discuss the potential uses of mobile agents in network management and define software agents and a navigation model that determines agent mobility. We list a number of potential advantages and disadvantages of mobile agents and include a short commentary on the ongoing standardization activity. The core of this article comprises descriptions of several actual and potential applications of mobile agents in the five OSI functional areas of network management. A brief review of other research activity in the area and prospects for the future conclude the presentation. SURVEYS IEEE# COMMUNICATIONS www.comsoc.org/pubs/surveys IEEE Communications Surveys . http://www.comsoc.org/pubs/surveys . Fourth Quarter 1998 . Vol. 1 No. 1 IEEE Communications Surveys . http://www.comsoc.org/pubs/surveys . Fourth Quarter 1998 . Vol. 1 No. 1 3 [13]. Examples of the former approach include AgentTCL [14, 15] and Telescript [16], and the latter, Aglets [17]. To make use of mo...

... This paper examines this emerging field to classify wireless micro-sensor networks according to different communication functions, data delivery models, and network dynamics. This taxonomy will aid in defining appropriate communication infrastructures for different sensor network application sub-spaces, allowing network designers to choose the protocol architecture that best matches the goals of their application. In addition, this taxonomy will enable new sensor network models to be defined for use in further research in this area.

Mobile code technology has become a driving force for recent advances in distributed systems. The concept of mobility of executable code raises major security problems. In this paper we deal with the protection of mobile code from possibly malicious hosts. We conceptualize on the specific cryptographic problems posed by mobile code. We are able to provide a solution for some of these problems: We present techniques how to achieve "non--interactive computing with encrypted programs" in certain cases and give a complete solution for this problem in important instances. We further present a way how an agent might securely perform a cryptographic primitive, digital signing, in an untrusted execution environment. Our results are based on the use of homomorphic encryption schemes and function composition techniques. ii 1 Introduction The security of the execution environment is a basic cornerstone of cryptographic systems: the parties which perform a cryptographic protocol require a tru...

The Internet's core routing infrastructure, while arguably robust and e#cient, has proven to be di#cult to evolve to accommodate the needs of new applications. Prior research on this problem has included new hard-coded routing protocols on the one hand, and fully extensible Active Networks on the other. In this paper, we explore a new point in this design space that aims to strike a better balance between the extensibility and robustness of a routing infrastructure. The basic idea of our solution, which we call declarative routing, is to express routing protocols using a database query language. We show that our query language is a natural fit for routing, and can express a variety of well-known routing protocols in a compact and clean fashion. We discuss the security of our proposal in terms of its computational expressive power and language design. Via simulation, and deployment on PlanetLab, we demonstrate that our system imposes no fundamental limits relative to traditional protocols, is amenable to query optimizations, and can sustain long-lived routes under network churn and congestion.

This paper introduces the notion of “universal interaction,” allowing a device to adapt its functionality to exploit services it discovers as it moves into a new environment. Users wish to invoke services — such as controlling the lights, printing locally, or reconfiguring the location of DNS servers — from their mobile devices. But aprioristandardization of interfaces and methods for service invocation is infeasible. Thus,the challenge is to develop a new service architecture that supports heterogeneity in client devices and controlled objects, and which makes minimal assumptions about standard interfaces and control protocols. There are five components to a comprehensive solution to this problem: 1) allowing device mobility, 2) augmenting controllable objects to make them network-accessible, 3) building an underlying discovery architecture, 4) mapping between exported object interfaces and client device controls, and 5) building complex behaviors from underlying composable objects. We motivate the need for these components by using an example scenario to derive the design requirements for our mobile services architecture. We then present a prototype implementation of elements of the architecture and some example services using it, including controls to audio/visual equipment, extensible mapping, server autoconfiguration, location tracking, and local printer access.

Many de nitions of fairness for multicast networks assume that sessions are single-rate, requiring that eachmulticast session transmits data to all of its receivers at the same rate. These de nitions do not account for multi-rate approaches, such aslayering, that permit receiving rates within a session to be chosen independently. Weidentify four desirable fairness properties for multicast networks, derived from properties that hold within the max-min fair allocations of unicast networks. We extend the de nition of multicast max-min fairness to networks that contain multi-rate sessions, and show that all four fairness properties hold in a multirate max-min fair allocation, but need not hold in a single-rate max-min fair allocation. We then show thatmulti-rate max-min fair rate allocations can be achieved via intra-session coordinated joins and leaves of multicast groups. However, in the absence of coordination, the resulting max-min fair rate allocation uses link bandwidth ine ciently, and does not exhibit some of the desirable fairness properties. We evaluate this ine ciency for several layered multi-rate congestion control schemes, and nd that, in a protocol where the sender coordinates joins, this ine ciency has minimal impact on desirable fairness properties. Our results indicate that sender-coordinated layered protocols show promise for achieving desirable fairness properties for allocations in largescale multicast networks. 1

Currently the Internet has only one level of name resolution, DNS, which converts user-level domain names into IP addresses. In this paper we borrow liberally from the literature to argue that there should be three levels of name resolution: from user-level descriptors to service identifiers; from service identifiers to endpoint identifiers; and from endpoint identifiers to IP addresses. These additional levels of naming and resolution (1) allow services and data to be first class Internet objects and (2) facilitate mobility and provide an elegant way to integrate middleboxes into the Internet architecture. We further argue that flat names are a natural choice for the service and endpoint identifiers. Hence, this architecture requires scalable resolution of flat names, a capability that distributed hash tables (DHTs) can provide.