Abstract: Security in collaborative peer groups is an active research topic. Most previous work focused on key management without addressing an important pre-requisite: admission control, i.e., how to securely admit a new member. This paper represents an initial attempt to sketch out an admission control framework suitable for different flavors of peer groups and match them with appropriate cryptographic techniques and protocols. Open problems and directions for future work are identified and discussed.

Abstract: A successful source-end DDoS (distributed denial-of-service) defense enables early suppression of the attack and minimizes collateral damage However, such an approach faces many challenges: (a) distributing the attack hinders detection; (b) defense systems must guarantee good service to legitimate traffic during the attack; and (c) deployment costs and false alarm levels must be sufficiently small and effectiveness must be high to provide deployment incentive We discuss each of the challenges and describe one successful design of a source-end DDoS defense system-the D-WARD system D-WARD was implemented in a Linux router We include experimental results to illustrate D-WARD's performance

Abstract: This paper studies the optimal placement of web files for en-route web caching. It is shown that existing placement policies are all solving restricted partial problems of the file placement problem, and therefore give only sub-optimal solutions. A dynamic programming algorithm of low complexity which computes the optimal solution is presented. It is shown both analytically and experimentally that the file-placement solution output by our algorithm outperforms existing en-route caching policies. The optimal placement of web files can be implemented with a reasonable level of cache coordination and management overhead for en-route caching; and importantly, it can be achieved with or without using data prefetching.

Abstract: This paper presents the ADHOCFS file system for mobile users, which realizes transparent, adaptive file access according to the users' specific situations (e.g., device in use, network connectivity, etc). The paper concentrates more specifically on the support of ADHOCFS for collaborative file sharing within ad hoc groups of trusted nodes that are in the local communication of each other using the underlying ad hoc network, which has not been addressed in the past.

Abstract: This paper addresses the problem of how to service web requests quickly in order to minimize the client response time. Some of the recent work uses the idea of the shortest remaining processing time scheduling (SRPT) in Web servers in order to give preference to requests for short files. However by considering only the size of the file for determining the priority of requests, the previous works lack in capturing potentially useful scheduling information contained in the interaction between networks and end systems. To address this, this paper proposes and implements an algorithm, SWIFT that focuses on both server and network characteristics in conjunction. Our approach prioritizes requests based on the size of the file requested and the distance of the client from the server The implementation is at the kernel level for a finer-grained control over the packets entering the network. We present the results of the experiments conducted in a WAN environment to test the efficacy of SWIFT The results show that for large-sized files, SWIFT shows an improvement of 2.5% - 10% over the SRPT scheme for the tested server loads.

Abstract: This paper presents a new protocol named "Link State Over MAC" (LSOM) for Optical Ethernet switches to allow the use of active loop topologies, like meshes, in Metropolitan Area Networks (MAN) or even Wide Area Networks (WAN) backbone. In this respect, LSOM is an alternative to a ring topology as proposed in draft IEEE 802.17 Resilient Packet Ring (RPR) or a tree topology using IEEE802. 1D Rapid Spanning Tree Protocol (RSTP). LSOM provides higher scalability and is able to achieve better bandwidth utilization and lower latency than RSTP and RPR. Simulation results for 4-node and 9-node topologies show that LSOM can improve throughput over RPR by a factor of up to 1.7. Furthermore, full freedom to choose any MAN active topology allows an effective use of the available dark fiber resources.

Abstract: Embedded systems have become commonplace in recent years, and are increasingly being networked Middleware offers many advantages to the distributed application programmer, yet there exist very few middleware frameworks for the low end of the embedded systems market. In this paper we describe MicroQoSCORBA. It represents a fundamental, bottom-up rethinking of what middleware can and should support for resource-constrained devices. This middleware is tailorable, with a fine degree of granularity, to both the device and the application program's constraints. We describe the multiple Quality of Service domains that MicroQoSCORBA supports, and present an evaluation of our working framework.

Abstract: The Real-time Transport Control Protocol (RTCP) is a crucial mechanism used, amongst other things, for synchronisation and feedback control in multimedia sessions. However as groups grow to large numbers, it faces two serious challenges: the growing deployment of unidirectional and asymmetric broadcast architectures, such as Source-Specific Multicast and satellite networks, eliminate the shared control backchannel on which RTCP relies; the per-receiver RTCP reporting frequency diminishes prohibitively due to the bandwidth-sharing algorithm. We present new algorithmic techniques that enable RTCP to combat these issues, allowing it to function in a wider range of environments and to scale to larger groups.

Abstract: In publish-subscribe systems, multicast is an efficient way to propagate information from the publishers to a group of subscribers. This paper studies the problem of mapping a large set of subscriptions into a fixed, smaller set of multicast groups in order to support efficiently the dissemination of events. Given the large search space, it is infeasible to obtain the optimal solution in reasonable time. To address this difficulty, the paper proposes and evaluates a genetic search solution for the mapping problem.

Abstract: In recent years, wide bandwidth and low cost wireless LAN (WLAN) technology has emerged as a competitive choice for high speed wireless Internet access. To support the Internet mobility for the frequently moving mobile nodes in the local WLAN environment, Mobile IP has been found to be inefficient due to its high location update and packet delivery cost. This paper proposes an alternative architecture for network-layer mobility support using dynamic client configuration and transparent proxy mechanism. The attractive feature of our solution is that it requires no change in the legacy network infrastructure. We have implemented a prototype of the proposed architecture, and have taken experimental measurements to evaluate its performance. Experimental results show that the proposed architecture is capable of supporting IP mobility with the handoff delay less than a second. In addition, we have done an analytical study to test the scalability of the proposed architecture. Results show that performance of the architecture is not severely affected by the user mobility and a commonplace router is capable of supporting a considerable number of such users.

Abstract: Locally distributed Web server systems represent a cost-effective solution to the performance problems due to high traffic volumes reaching popular Web sites. In this paper we focus on architectures based on layer-7 Web switches because they allow a much richer set of possibilities for the Web site architecture, at the price of a scalability much lower than that provided by a layer-4 switch. In this paper we compare the performance of three solutions for layer-7 Web switch: a two-way application-layer architecture, a two-way kernel-based architecture, and a one-way kernel-based architecture. We show quantitatively how much better the one-way architecture performs with respect to a two-way scheme, even if implemented at the kernel level. We conclude that an accurate implementation of a layer-7 Web switch may become a viable solution to the performance requirements of the majority of cluster-based information systems.

Abstract: Attacks against distributed systems frequently start at the network layer by gathering network related information (such as open TCP ports) and continue on by exhausting resources, or abusing protocols. Defending against network-based attacks is a major focus area in the APOD (Application That Participate in Their Own Defense) project, which set out to develop technologies that increase an application's resilience against cyber attacks. This paper gives an overview of APOD's current set of network-level defenses. Specific network-based defense mechanisms are described first, followed by a discussion on how to use them in local defensive behavior. Defense strategies, which specify coordinated defensive behavior across a distributed system, are discussed next, followed by results from initial experimental evaluation.

Abstract: Policy-Based Networking (PBN) is a novel technology that facilitates the management and operation of networks. The paper reports on the application of Policy-Based mechanisms for QoS control in the IP Multimedia Subsystem (IMS) of the 3/sup rd/ generation UMTS networks. The IMS was introduced in UMTS to provide high quality IP-based Multimedia Services in Mobile Networks. After an introduction into PBN technology and a generic network architecture to support end-to-end QoS control, the Policy Decision Function as specified in UMTS is shown. The limitations of the current state of the standardization are explained and extensions to provide Policy-Based end-to-end QoS control in single and multi-operator environments are proposed.

Abstract: In this paper we consider the problem of designing load balancing protocols in distributed systems where the participants (e.g. computers, users) are capable of manipulating the load allocation algorithm in their own interest. Using techniques from mechanism design theory we design a mechanism for fair load balancing in heterogeneous distributed systems. We prove that our mechanism is truthful and satisfies the voluntary participation condition. Based on the proposed mechanism we derive a fair load balancing protocol called FAIR-LBM. Finally, we study the effectiveness of our protocol by simulations.

Abstract: Web++ is a prototype system that supports user transparent wide area replication of resources in order to improve the response time and reliability of the HTTP service. Our architecture is based on smart clients, and can be dynamically downloaded as mobile code into a user's application, presents a number of advantages. Clients keep track of the average HTTP latency that they experience from various servers and use that information in order to make to choose the replica of a resource that is expected to deliver the best response time for them. The clients also provide feedback on the observed request latencies to the servers, which allows helps the servers to determine which resources should be replicated and what would be the best locations for the replicas. We describe in this paper a distributed server-initiated approach for resource replication in which all servers can decide autonomously whether to replicate resources and the locations where the replicas should be allocated. In addition to the novel use of smart clients, our algorithm also avoids keeping track of complex network topologies by using the concept of logical segments. We present the results of experiments that show that our algorithm for resource allocation scale well with respect to the number of servers and the number of replicated resources.

Abstract: Due to the popularity of high-speed networks and advances in packaging and interface technologies, there has been significant efforts for providing high performance applications as network services that can be accessed remotely across the network, thus promoting sharing of both software and hardware. For high-demand network services, in particular, it will often be the case that the network services are installed at multiple sites so that each participating site can handle parts of client requests. We label such services as grid-enabled network services. In this paper, we present two adaptive site selection heuristics that do not depend on accurate predictions of completion times of service requests: weight queue length based heuristic and multi-level queue based selection.

Abstract: While group communication systems have been proposed for some time, they are still not used much in actual systems. We believe that one reason for this is the lack of standardisation of group communication system interfaces. The paper proposes an architecture, using the standard decomposition into services, where services are based on standard interfaces: both interactions between services and interactions with the application use existing, open standards. A decomposition of the group communication into services is presented, along with a description of applicable standards. As an example, a group membership service based on the LDAP standard is discussed.

Abstract: Numerous research efforts have produced a large number of algorithms and mechanisms for web proxy caches. In order to build powerful web proxies and understand their performance, one must be able to appreciate the impact and significance of earlier contributions and how they can be integrated To do this we employ a cache replacement algorithm, 'CSP, which integrates key knowledge from previous work. CSP utilizes the communication Cost to fetch web objects, the objects' Sizes, their Popularifies, an auxiliary cache and a cache admission control algorithm. We study the impact of these components with respect to hit ratio, latency, and bandwidth requirements. Our results show that there are clear performance gains when utilizing the communication cost, the popularity of objects, and the auxiliary cache. In contrast, the size of objects and the admission controller have a negligible performance impact. Our major conclusions going against those in related work are that (i) LRU is preferable to CSP for important parameter values, (ii) accounting for the objects' sizes does not improve latency and/or bandwidth requirements, and (iii) the collaboration of nearby proxies is not very beneficial. Based on these results, we chart the problem solution space, identifying which algorithm is preferable and under which conditions. Finally, we develop a dynamic replacement algorithm that continuously utilizes the best algorithm as the problem-parameter values (e.g., the access distributions) change with time.

Abstract: This paper reports a systematic approach for detecting software defects in multicast protocol implementations. We deploy a fault-oriented methodology and an integrated test system targeting software robustness vulnerabilities. The primary method is to assess protocol implementation by non-traditional interface fault injection that simulates network attacks. The test system includes a novel packet driving engine, a PDU generator based on Strengthened BNF notation and a few auxiliary tools. We apply it to two multicast protocols, IGMP and PIM-DM, and investigate their behaviors under active functional attacks. Our study proves its effectiveness for promoting production of more reliable multicast software.

Abstract: Information change monitoring services are becoming increasingly useful as more and more information is published on the Web. A major research challenge is how to make the service scalable to serve millions of monitoring requests. Such services usually use soft triggers to model users' monitoring requests. We have developed an effective trigger grouping scheme to optimize the trigger processing. The main idea behind this scheme is to reduce repeated computation by grouping monitoring requests of similar structures together. In this paper, we evaluate our approach using both measurements on real systems and simulations. The study shows significant performance gains using the trigger grouping approach. Moreover, the gains are critically dependent on group size and group size distribution (e.g., Zipf). We also discuss the benefit, trade-off, and runtime characteristics of the proposed approach.

Abstract: Currently, many bandwidth-intensive applications require multicast services for efficiency purposes. In particular, as wavelength division multiplexing (WDM) technique emerges as a promising solution to meet the rapidly growing demands on bandwidth in present communication networks, supporting multicast at the WDM layer becomes an important yet challenging issue. In this paper, we present a new analytical model to compute blocking probabilities for multicast connections in WDM switching networks. Due to the non-uniform nature of multicast traffic, calculating blocking probability in a WDM multicast switching network becomes much more challenging than that under unicast traffic. Based on the link independence and wavelength independence assumptions, our model can calculate the blocking probability of any multicast connection from a single source to multiple destinations in WDM switching networks with various types of wavelength conversion capabilities, ranging from no wavelength conversion, to limited wavelength conversion, to full wavelength conversion. Our analytical results indicate that similar to unicast traffic, a significant improvement in the blocking performance of the network under multicast traffic can be achieved by limited wavelength conversion. We view that utilizing limited wavelength conversion with relatively small conversion degrees in WDM multicast switching networks is a more cost-effective choice. We also validate the analytical model through extensive simulations.

Abstract: This paper proposes a new receiver-based rate-adaptation protocol for multicasting video, called Split-Layer Video Multicast (SPLIT). Unlike existing receiver-based rate-adaptation protocols, such as Receiver-driven Layered Multicast (RLM), the SPLIT protocol is specifically designed to take advantage of existing packet loss concealment techniques to provide end-users with increased quality of video. In an effort to gauge the performance of the SPLIT protocol, a number of experiments using the NS-2 network simulator were conducted and the results were compared with those of the RLM protocol. The results show that the proposed SPLIT protocol utilizes the available bandwidth in a more efficient way than the RLM protocol does.

Abstract: Packet delay variation (or delay jitter) measurements are used by applications to estimate the service quality received from the network, or by network operators to monitor network operation states. Since a single jitter measurement takes two delay samples to calculate, the time scale over which the two delay samples are taken may affect the statistics of measured jitter. The current common practice of calculating jitter statistics is by treating all measurements as valid samples of the same sampling space. In this paper, we perform scaling analyses on measured delay sequences to show that the proper way of conducting jitter statistic analysis is by first grouping jitter samples into different clusters each containing samples that are taken over the same or similar time scales, and then carrying out statistic analysis separately on these clusters. This special treatment is desired due to the existence of strong short-range dependency among packet delays, which is introduced by queueing effect. The tool selected to perform the scaling analysis is called Deviation-Lag Function (DLF). We show that some congestion-related information of congested end-to-end paths can be derived from their DLF plots. We also discuss the potential usage of DLF for bottleneck queue detection.

Abstract: A distributed application that operates in an ad hoc network formed by mobile nodes must limit its use of all-to-all communication since the overall capacity of such a network is severely constrained. To address this problem, we describe an algorithm that allows an application to impose a hierarchical structure on the participating nodes. A simple tree is maintained as hosts join and leave the ad hoc network. We evaluate this algorithm in the context of a collaboration tool for a network of Linux laptops using IEEE 802.11b network cards. Preliminary performance results from our mobile test-bed indicate that the application responds well to connectivity changes and is sufficiently agile to run in a highly mobile environment.

Abstract: In this paper, we propose and analyze a methodology for providing statistical guarantees within the diffserv model in a network, that uses static-priority schedulers. We extend the previous work on statistical delay analysis and develop a method that can be used to derive delay bounds without specific information on flow population. With this new method, we are able to successfully employ a utilization-based admission control approach for flow admission. This approach does not require explicit delay computation at admission time and hence is scalable to large systems. We systematically analyze the performance of our approaches in terms of system utilization. As expected, our experimental data show that statistical services can achieve much higher utilization than deterministic services.

Abstract: Scalable information retrieval systems are crucial to meeting the growing volumes of data. We describe work done to facilitate scalability by reducing duplication, providing integration with structured data, and supporting integration and question answering via an intranet mediator. All examples given are taken directly from prior and on-going efforts in the IIT Information Retrieval Laboratory in collaboration with AOL and NCR.

Abstract: A lot of research work has recently focused on the exploitation of the DiffServ framework towards building reliable networking services that provide deterministic quality guarantees. In this work we are attempting to devise a DiffServ-based service model for relative differentiation of traffic in a network serving aggregated traffic. The service model proposed aims at providing a minimum capacity during congestion and a bounded average end-to-end delay to profile-conforming traffic, obtaining thus a relatively better performance when compared to the best-effort service. We provide the framework on which the proposed service model is based and we present results from its deployment in a simulation environment.

Abstract: A highly dependable embedded fault-tolerant memory architecture for high performance massively parallel computing applications and its dependability assurance techniques are proposed and discussed in this paper. The proposed fault tolerant memory provides two distinctive repair mechanisms: the permanent laser redundancy reconfiguration during the wafer probe stage in the factory to enhance its manufacturing yield and the dynamic BIST/BISD/BISR (built-in-self-test-diagnosis-repair)-based reconfiguration of the redundant resources in field to maintain high field reliability. The system reliability which is mainly determined by hardware configuration demanded by software and field reconfiguration/repair utilizing unused processor and memory modules is referred to as HW/SW Co-reliability. Various system configuration options in terms of parallel processing unit size and processor/memory intensity are also introduced and their HW/SW Co-reliability characteristics are discussed. A modeling and assurance technique for HW/SW Co-reliability with emphasis on the dependability assurance techniques based on combinatorial modeling suitable for the proposed memory design is developed and validated by extensive parametric simulations. Thereby, design and Implementation of memory-reliability-optimized and highly reliable fault-tolerant field reconfigurable massively parallel computing systems can be achieved.

Abstract: The long-term success of Grids depends critically on three issues: open standards, open software, and open infrastructure. As interest in Grids continued to grow., and in particular as industrial interest emerged, the importance of true standards increased.