ARPA Workshop on Active Networks

New project talks

• PANDA - Peter Reiher, UCLA
  • One sentence summary: help us deploy GloMo ideas in AN environment.
  • deploy/combine active network services
  • recognize data types, transparently adapt data in transit at AN nodes. Legacy: GloMo traveller project
  • Apps: multicase videoconf, URL remapping, caching in the network, mobile computer replication support. Caching with Lixia Zhiang
  • want to adapt encrypted data
  • want advice on which AN system they should use as their base. want advice on sample applications

• Active Network Aplications - Tom Anderson, UW
  • One sentence summary: help us deploy WebOS ideas in AN environment.
  • apps:
    • active naming: name = mobile code to flexibly access service/data. Unifies URNs, replica load balancing, distillation, mobility, etc.
    • internet measurement: coordinated multipoint measurement to determine link latency, bandwidth, drop rate, queueing delay, and policy, etc.
    • detour: intelligent border routers for aggregated congestion control and adaptive multipath routing. Improve latency, bandwidth, drop rate, predictability, etc.
  • naming: dynamic binding to service/data. Active name is program that invokes a service or acquires data. Network version of continuation-passing (3-way RPC). Goal: rent-a-server selection, etc.
  • packing routing: is indirect path better? Want to replicate Vern Paxson traceroute measurements to see if indirect route A->X->B is better than direct route A->B.
  • border routers: multipath adapting routing based on measurements. Accumulate knowledge of network behaviour, as opposed to individual clients discovering (slowstart).
  • Tom's analogy: IBM FS that contiguously allocated files. People built own FS on top of IBM's. Demonstrate how much Internet is losing, demonstrate better with AN. Revolution will follow.

• Active Networking for Storage - David Nagle, CMU
  • One sentence summary: help us deploy NASD ideas in AN environment.
  • want to merge AN and network storage
  • network storage (NASD):
    • eliminate FS server - fundamental bottleneck
    • object store interface (SCSI-4) to drive. Objects supported by in-drive FS. Drive itself understands crypto capabilities.
    • file manager (separate node) provides policy
    • active disks: ship code to disks to exploit device cycles.
  • AN + NASD: dynamically composed, adaptive storage protocols. Net components aware of NASD objects: caching, reliability, security, etc.

• Agent Base Architecture for supporting Aware Security - Roy Cambell, UC Berkeley
  • One sentence summary: security!
  • oooohh...active nets are scary places....need powerful, flexible, reactive security architectures.
  • blah blah, policy representation framework.
  • global vs. local capabilities - access to node resources, independent of execution environment.
  • this guy said absolutely nothing of substance. Point dave wagner and ian goldberg to this guy.

• Scalable, High PErformance Active Network Node - Dan Decasper and Guru Parulkar, ARL Washington U, TIK ETH Zurich
  • One sentence summary: we want to build AN hardware.
  • goal: platform for AN supporting gigabit traffic
  • platform: scalable hardware platform, distributed code caching, streamlined software platform.

• Enabling High-Performance Active Networks using Secure Exokernel Implementation - Stephen Schwab, TIS Labs at Network Associates
  • One sentence summary: we will use exokernel to build high-performance, secure, flexible AN nodes.
  • Goal: build high-performance node, look at system software (ensure solid security base, flexible security mechanisms, but maintain performance (gigabit++)). Exokernel gives them good enough starting point.
  • approach: build specialized AN node OS. Features: control access to AN resources, separation between distinct active protocol invocations, mechanisms for controlled sharing, enforce resource usage limits.
  • exokernel: user-level apps manage physical resources. (library OS.)
  • Concentrate on mapping of active protocol packets/sessions to resource rights. Keep mapping in security cache, that security validator can use for subsequent packets or even protocol invocations.
  • security subsystem:
    • security manager: import active code, map external authentication/authorization into local access rights based on policy.
    • resource control: CPU, bandwidth, memory.
  • Plan: check out xok. prototype on xok.

• New Cryptographic Techniques for Active Networks - Sandra Murhpy, TIS Labs at Network Associates
  • One sentence summary: break end-to-end crypto so we can do smart things in AN?
  • Ian and Dave: Sandra is responsible for the AN security architecture document. Track it down and debunk?
  • old world: if any part of path needs protection, do cryptography end-to-end. Firewalls starting to break that. Even so, protection rigidly placed in network on predetermination of risk.
  • Claim: clashes with dynamic/flexible nature of AN.
    • intermediate nodes need access to the contents of packet, so need to be involved in cryptographic association
    • can be done if can establish circuit with stored state in intermediate nodes - securing a flow of packets.
    • circuits can't be assumed - AN: path through net determined as packets in flight
    • crypto must deal with common paths with some wandering packets, datagram-like packet forwarding.
  • Observation: active code can do crypto computing as well as net service computing. Crypto can adapt to environment it encounters. boundaries can be defined from POV of packet, and dealt with automatically.
  • crypto associations: source-to-dest, per-hop, source-to-each-hop, all nodes. When do we do key transers? Considerations: performance. Who all agrees on keys?
  • develop new techniques for: doing encrypt/crypto along the way. Use to build new security services.

• From Internet to Active Net - John Guttag, MIT
  • One sentence summary: programming model for AN, plus lots of application ideas.
  • activities: programming model for AN (dynamic deployment, security, multiplexing, soft state, ...), infrastructures to support model (binary checking/transforming, ANTS, PAN, PANTS...).
  • performance matters on end-to-end basis, not per-router performance.
  • Services/apps (Jon Santos, Ulana Legedza):
    • online auction: auctioneer notifies network of bidding status, network stores info at some routers, routers reject irrelevant bids, rather than forcing auctioneer to do it - less bandwidth, faster response.
    • quote server: ARs cache quotes, and return if quote satisfies client-specified freshness criteria.
    • web caching for warm pages...
    • "radioactive networks" - adapt protocols based on transmission layer, and to needs of protocol (eg. broadcast headers at higher power). Configuration of ad hoc networks? Security? Dynamic resource allocation (power, spectrum, computation)? Demo: mobile remote access point - secure data, voice, and video.

• Active Signaling Protocols - Bob Braden, ISI/USC
  • One sentence summary: portable, active signaling software.
  • Apply active net ideas to signaling: portable signaling software, dynamic installation of new versions, customization of features for users/classes
  • Java foo
  • versioning of protocols, version tree, etc.

• SwitchWare - Carl A. Gunter, UPenn
  • One sentence summary: formal methods for AN.
  • Domain Specific Languages (DSLs) make format methods (more) feasible
    • PLAN - packet language for AN - script instead of packet header
    • keynote - language for trust management compliance verification
    • Query Certificate Manager (QCM) - language for policy-directed certificate retrieval