Linux XIA: an interoperable meta network architecture

With the growing number of clean-slate redesigns of the Internet, the need for a medium that enables all stakeholders to participate in the realization, evaluation, and selection of these designs is increasing. We believe that the missing catalyst is a meta network architecture that welcomes most, if not all, clean-state designs on a level playing field, lowers deployment barriers, and leaves the final evaluation to the broader community. This thesis presents the eXpressive Internet (Meta) Architecture (XIA), itself a clean-slate design, as well as Linux XIA, a native implementation of XIA in the Linux kernel, as a candidate. As a meta network architecture, XIA is highly flexible, leaving stakeholders to choose an expressive set of network principals to instantiate a given network architecture within the XIA framework. Central to XIA is its novel, non-linear network addressing format, from which derive key architectural features such as evolvability, intrinsically secure identifiers, and a low degree of principal isolation. XIP, the network layer protocol of XIA, forwards packets by navigating these structured addresses and delegating the decision-making and packet processing to appropriate principals, accordingly. Taken together, these mechanisms work in tandem to support a broad spectrum of interoperable principals. We demonstrate how to port four distinct and unrelated network architectures onto Linux XIA, none of which were designed for interoperability with this platform. We then show that, notwithstanding this flexibility, Linux XIA's forwarding performance remains comparable to that of the more mature legacy TCP/IP stack implementation. Moreover, the ported architectures, namely IP, Serval, NDN, and ANTS, empower us to present a deployment plan for XIA, to explore design variations of the ported architectures that were impossible in their original form due to the requirement of self-sufficiency that a standalone network architecture bears, and to substantiate the claim that XIA readily supports and enables network evolution. Our work highlights the benefits of specializing network designs that XIA affords, and comprises instructive examples for the network researcher interested in design and implementation for future interoperability

Software Defined Application Delivery Networking

In this thesis we present the architecture, design, and prototype implementation details of AppFabric. AppFabric is a next generation application delivery platform for easily creating, managing and controlling massively distributed and very dynamic application deployments that may span multiple datacenters. Over the last few years, the need for more flexibility, finer control, and automatic management of large (and messy) datacenters has stimulated technologies for virtualizing the infrastructure components and placing them under software-based management and control; generically called Software-defined Infrastructure (SDI). However, current applications are not designed to leverage this dynamism and flexibility offered by SDI and they mostly depend on a mix of different techniques including manual configuration, specialized appliances (middleboxes), and (mostly) proprietary middleware solutions together with a team of extremely conscientious and talented system engineers to get their applications deployed and running. AppFabric, 1) automates the whole control and management stack of application deployment and delivery, 2) allows application architects to define logical workflows consisting of application servers, message-level middleboxes, packet-level middleboxes and network services (both, local and wide-area) composed over application-level routing policies, and 3) provides the abstraction of an application cloud that allows the application to dynamically (and automatically) expand and shrink its distributed footprint across multiple geographically distributed datacenters operated by different cloud providers. The architecture consists of a hierarchical control plane system called Lighthouse and a fully distributed data plane design (with no special hardware components such as service orchestrators, load balancers, message brokers, etc.) called OpenADN . The current implementation (under active development) consists of ~10000 lines of python and C code. AppFabric will allow applications to fully leverage the opportunities provided by modern virtualized Software-Defined Infrastructures. It will serve as the platform for deploying massively distributed, and extremely dynamic next generation application use-cases, including: Internet-of-Things/Cyber-Physical Systems: Through support for managing distributed gather-aggregate topologies common to most Internet-of-Things(IoT) and Cyber-Physical Systems(CPS) use-cases. By their very nature, IoT and CPS use cases are massively distributed and have different levels of computation and storage requirements at different locations. Also, they have variable latency requirements for their different distributed sites. Some services, such as device controllers, in an Iot/CPS application workflow may need to gather, process and forward data under near-real time constraints and hence need to be as close to the device as possible. Other services may need more computation to process aggregated data to drive long term business intelligence functions. AppFabric has been designed to provide support for such very dynamic, highly diversified and massively distributed application use-cases. Network Function Virtualization: Through support for heterogeneous workflows, application-aware networking, and network-aware application deployments, AppFabric will enable new partnerships between Application Service Providers (ASPs) and Network Service Providers (NSPs). An application workflow in AppFabric may comprise of application services, packet and message-level middleboxes, and network transport services chained together over an application-level routing substrate. The Application-level routing substrate allows policy-based service chaining where the application may specify policies for routing their application traffic over different services based on application-level content or context. Virtual worlds/multiplayer games: Through support for creating, managing and controlling dynamic and distributed application clouds needed by these applications. AppFabric allows the application to easily specify policies to dynamically grow and shrink the application\u27s footprint over different geographical sites, on-demand. Mobile Apps: Through support for extremely diversified and very dynamic application contexts typical of such applications. Also, AppFabric provides support for automatically managing massively distributed service deployment and controlling application traffic based on application-level policies. This allows mobile applications to provide the best Quality-of-Experience to its users without This thesis is the first to handle and provide a complete solution for such a complex and relevant architectural problem that is expected to touch each of our lives by enabling exciting new application use-cases that are not possible today. Also, AppFabric is a non-proprietary platform that is expected to spawn lots of innovations both in the design of the platform itself and the features it provides to applications. AppFabric still needs many iterations, both in terms of design and implementation maturity. This thesis is not the end of journey for AppFabric but rather just the beginning

Engineering a semantic web trust infrastructure

The ability to judge the trustworthiness of information is an important and challenging problem in the field of Semantic Web research. In this thesis, we take an end-to-end look at the challenges posed by trust on the Semantic Web, and present contributions in three areas: a Semantic Web identity vocabulary, a system for bootstrapping trust environments, and a framework for trust aware information management. Typically Semantic Web agents, which consume and produce information, are not described with sufficient information to permit those interacting with them to make good judgements of trustworthiness. A descriptive vocabulary for agent identity is required to enable effective inter agent discourse, and the growth of trust and reputation within the Semantic Web; we therefore present such a foundational identity ontology for describing web-based agents.It is anticipated that the Semantic Web will suffer from a trust network bootstrapping problem. In this thesis, we propose a novel approach which harnesses open data to bootstrap trust in new trust environments. This approach brings together public records published by a range of trusted institutions in order to encourage trust in identities within new environments. Information integrity and provenance are both critical prerequisites for well-founded judgements of information trustworthiness. We propose a modification to the RDF Named Graph data model in order to address serious representational limitations with the named graph proposal, which affect the ability to cleanly represent claims and provenance records. Next, we propose a novel graph based approach for recording the provenance of derived information. This approach offers computational and memory savings while maintaining the ability to answer graph-level provenance questions. In addition, it allows new optimisations such as strategies to avoid needless repeat computation, and a delta-based storage strategy which avoids data duplication.<br/

Descubrimiento dinámico de servidores basado en información de localización usando una tabla de Hash distribuida balanceada

The current Internet includes a large number of distributed services. In order to guarantee the QoS of the communications in these services, a client has to select a close-by server with enough available resources. To achieve this objective, in this Thesis, we propose a simple and practical solution for Dynamic and Location Aware Server Discovery based on a Distributed Hash Table (DHT). Specifically, we decide to use a Chord DHT system (although any other DHT scheme can be used). In more detail, the solution works as follows. The servers offering a given service S form a Chord-like DHT. In addition, they register their location (topological and/or geographical) information in the DHT. Each client using the service S is connected to at least one server from the DHT. Eventually, a given client C realizes that it is connected to a server providing a bad QoS, then, it queries the DHT in order to find an appropriate server (i.e. a close-by server with enough available resources). We define 11 design criteria, and compare our solution to the Related Work based on them. We show that our solution is the most complete one. Furthermore, we validate the performance of our solution in two different scenarios: (i) NAT Traversal Server Discovery and (ii) Home Agent Discovery in Mobile IP scenarios. The former serves to validate our solution in a highly dynamic environment whereas the latter demonstrates the appropriateness of our solution in more classical environments where the servers are typically always-on hosts. The extra overhead suffered from the servers involved in our system comes from their participation in the Chord DHT. Therefore, it is critical to fairly balance the load among all the servers. In our system as well as in other P2P systems (e.g. P2PSIP) the stored objects are small, then routing dominates the cost of publishing and retrieving objects. Therefore, in the second part of this Thesis, we address the issue of fairly balancing the routing load in Chord DHTs. We present an analytical model to evaluate the routing fairness of Chord based on the well accepted Jain’s Fairness Index (FI). Our model shows that Chord performs poorly. Following this observation, we propose a simple enhancement to the Chord finger selection algorithm with the goal of mitigating this effect. The key advantage of our proposal as compared to previous approaches is that it adds a neglible overhead to the basic Chord algorithm. We validate the goodness of the proposed solution analytically and by large scale simulations.-------------------------------------------------------------------------------------------------------------------------------------------------------------En los últimos años un gran número de servicios distribuídos han aparecido en Internet. Para garantizar la Calidad de Servicio de las comunicaciones en estos servicios sus clientes deben conectarse a un servidor cercano con suficientes recursos disponibles. Para alcanzar este objetivo, en esta Tesis, se propone una solución simple y práctica para el Descubrimiento Dinámico de Servidores basado en Información de Localizació usando una Tabla de Hash Distribuída (DHT). En concreto, hemos decidido usar una DHT de tipo Chord (aunque cualquier otro tipo de DHT puede usarse). A continuación describimos brevemente nuestra solución. Los servidores que ofrecen un servicio específico S forman una DHT tipo Chord donde registran su información de localización (topológica y/o geográfica). Cada cliente que usa el servicio S está conectado al menos a un servidor de la DHT. En caso de que un cliente C perciba que el servidor al que está conectado está ofreciendo una mala Calidad de Servicio, C consulta la DHT para encontrar un servidor más apropiado (p.ej. un servidor cercano con suficientes recursos disponibles). En la Tesis se definen 11 criterios de diseño y se compara nuestra solución con las soluciones existentes en base a ellos, demostrando que la nuestra es la solución más completa. Además, validamos el rendimiento de nuestra solución en dos escenarios diferentes: (i) Descubrimiento de Servidores para atravesar Traductores de Direcciones de Red (NATs) y (ii) Descubrimiento de Agentes Hogar (HAs) en escenarios de Movilidad IP. El primero sirve para validar el rendimiento de nuestra solución en escenarios altamente dinámicos mientras que el segundo demuestra la validez de la solución en un escenario más clásico donde los servidores son máquinas que están ininterrumpidamente funcionando. Los servidores involucrados en nuestro sistema sufren una sobrecarga debido a su participación en la DHT tipo Chord. Desafortunadamente, esta sobrecarga es inherente al sistema anteriormente descrito y no se puede eliminar. En cambio lo que sí podemos hacer es balancear la carga de la manera más justa posible entre todos los servidores. En nuestro sistema, al igual que en otros sistemas P2P (p.ej. P2PSIP) los objetos almacenados tienen un tamaño pequeño, produciendo que sea la tarea de enrutamiento la que domina el coste de publicar y obtener objetos. Por lo tanto, en la segunda parte de esta Tesis abordamos el reparto equilibrado de la carga de enrutamiento en DHTs tipo Chord. En primer lugar, definimos un modelo analítico para evaluar el reparto de la carga de enrutamiento entre los nodos que forman una DHT tipo Chord. Para ello nos basamos en una métrica aceptada por la comunidad investigadora como es el Jain’s Fairness Index (FI). El modelo resultante demuestra que Chord tiene un rendimiento pobre en el reparto justo de la carga de enrutamiento. Basándonos en esta observación proponemos una modificación simple al algoritmo de selección de punteros de Chord para mejorar el reparto de la carga de enrutamiento. La ventaja fundamental de nuestra solución en comparación con otras propuestas anteriores es que nuestra solución añade un coste despreciable al algoritmo básico de Chord. Finalmente, validamos el rendimiento de nuestra solución analíticamente y por medio de simulaciones a gran escala

Earth Observation Open Science and Innovation

geospatial analytics; social observatory; big earth data; open data; citizen science; open innovation; earth system science; crowdsourced geospatial data; citizen science; science in society; data scienc

Scaling up VoIP: Transport Protocols and Controlling Unwanted Communication Requests

Millions of people worldwide use voice over IP (VoIP) services not only as cost-effective alternatives to long distance and international calls but also as unified communication tools, such as video conferencing. Owing to the low cost of new user accounts, each person can easily obtain multiple accounts for various purposes. Rich VoIP functions combined with the low cost of new accounts and connections attract many people, resulting in a dramatic increase in the number of active user accounts. Internet telephony service providers (ITSPs), therefore, need to deploy VoIP systems to accommodate this growing demand for VoIP user accounts. Attracted people also include bad actors who make calls that are unwanted to callees. Once ITSPs openly connect with each other, unwanted bulk calls will be at least as serious a problem as email spam. This dissertation studies how we can reduce load both on ITSPs and end users to ensure continuing the success of VoIP services. From ITSPs' perspective, the scalability of VoIP servers is of importance and concern. Scalability depends on server implementation and the transport protocol for SIP, VoIP signaling. We conduct experiments to understand the impact of connection-oriented transport protocols, namely, TCP and SCTP, because of the additional costs of handling connections. Contradicting the negative perception of connection-oriented transport protocols, our experimental results demonstrate that the TCP implementation in Linux can maintain comparable capacity to UDP, which is a lightweight connection-less transport protocol. The use of SCTP, on the other hand, requires improving the Linux implementation since the not-well-tested implementation makes a server less scalable. We establish the maximum number of concurrent TCP or SCTP connections as baseline data and suggest better server configurations to minimize the negative impact of handling a large number of connections. Thus, our experimental analysis will also contribute to the design of other servers with a very large number of TCP or SCTP connections. From the perspective of end users, controlling unwanted calls is vital to preserving the VoIP service utility and value. Prior work on preventing unwanted email or calls has mainly focused on detecting unwanted communication requests, leaving many messages or calls unlabeled since false positives during filtering are unacceptable. Unlike prior work, we explore approaches to identifying a "good" call based on signaling messages rather than content. This is because content-based filtering cannot prevent call spam from disturbing callees since a ringing tone interrupts them before content is sent. Our first approach uses "cross-media relations.'' Calls are unlikely to be unwanted if two parties have been previously communicated with each other through other communication means. Specifically, we propose two mechanisms using cross-media relations. For the first mechanism, a potential caller offers her contact addresses which might be used in future calls to the callee. For the second mechanism, a callee provides a potential caller with weak secret for future use. When the caller makes a call, she conveys the information to be identified as someone the callee contacted before through other means. Our prototype illustrates how these mechanisms work in web-then-call and email-then-call scenarios. In addition, our user study of received email messages, calls, SMS messages demonstrates the potential effectiveness of this idea. Another approach uses caller's attributes, such as organizational affiliation, in the case where two parties have had no prior contact. We introduce a lightweight mechanism for validating user attributes with privacy-awareness and moderate security. Unlike existing mechanisms of asserting user attributes, we design to allow the caller to claim her attributes to callees without needing to prove her identity or her public key. To strike the proper balance between the ease of service deployment and security, our proposed mechanism relies on transitive trust, through an attribute validation server, established over transport layer security. This mechanism uses an attribute reference ID, which limits the lifetime and restricts relying parties. Our prototype demonstrates the simplicity of our concept and the possibility of practical use

A Cognitive TV White Space Access Framework

Given the current boom in applications and services for mobile devices, data traffic is rapidly expanding, with the consequence that increasing spectrum capacity is being mandated. Following the switchover from analogue to digital platforms, Television White Space (TVWS) affords a fertile opportunity to supplement existing licensed spectrum to ease this scarcity. There are however, a number of obstacles to wide-scale TVWS adoption, including the accurate detection of primary users (PU), the hidden node problem and bandwidth availability for unlicensed secondary users (SU). Regulatory and industry bodies have sought to address some of these issues using a static database for spectrum access decisions, though this involves manual maintenance and accuracy can be compromised due to a lack of real-time information. While the new IEEE802.11af wireless local area network (WLAN) standard attempts to resolve some SU access issues, there remain many challenges, such as the critical asymmetry between mobile and base station power resources. This thesis presents a new cognitive TVWS access framework encompassing a real-time sensing paradigm for TVWS deployment that uses a spectrum-efficient scheme to uphold quality-of-service (QoS) for both PU and SU. A novel dynamic spectrum allocation (DSA) model has been formulated allied with a resilient interference management system which exploits the unique way digital terrestrial TV channels are allocated in different geographical areas. A margin strategy has been framed to support efficient TVWS channel reuse, with an exclusion zone established to overcome the hidden node problem, while an innovative routing algorithm using cross-layer information, both extends coverage capacity and maximises QoS provision by ensuring a more balanced resource allocation. Critical evaluation of the new access framework confirms that significant QoS improvements for SU are achieved compared to existing TVWS techniques. It importantly embodies a generic, practical, resource-efficient solution for TVWS deployment, which is compliant with current PU regulatory requirements

Scaling up VoIP: Transport Protocols and Controlling Unwanted Communication Requests

Millions of people worldwide use voice over IP (VoIP) services not only as cost-effective alternatives to long distance and international calls but also as unified communication tools, such as video conferencing. Owing to the low cost of new user accounts, each person can easily obtain multiple accounts for various purposes. Rich VoIP functions combined with the low cost of new accounts and connections attract many people, resulting in a dramatic increase in the number of active user accounts. Internet telephony service providers (ITSPs), therefore, need to deploy VoIP systems to accommodate this growing demand for VoIP user accounts. Attracted people also include bad actors who make calls that are unwanted to callees. Once ITSPs openly connect with each other, unwanted bulk calls will be at least as serious a problem as email spam. This dissertation studies how we can reduce load both on ITSPs and end users to ensure continuing the success of VoIP services. From ITSPs' perspective, the scalability of VoIP servers is of importance and concern. Scalability depends on server implementation and the transport protocol for SIP, VoIP signaling. We conduct experiments to understand the impact of connection-oriented transport protocols, namely, TCP and SCTP, because of the additional costs of handling connections. Contradicting the negative perception of connection-oriented transport protocols, our experimental results demonstrate that the TCP implementation in Linux can maintain comparable capacity to UDP, which is a lightweight connection-less transport protocol. The use of SCTP, on the other hand, requires improving the Linux implementation since the not-well-tested implementation makes a server less scalable. We establish the maximum number of concurrent TCP or SCTP connections as baseline data and suggest better server configurations to minimize the negative impact of handling a large number of connections. Thus, our experimental analysis will also contribute to the design of other servers with a very large number of TCP or SCTP connections. From the perspective of end users, controlling unwanted calls is vital to preserving the VoIP service utility and value. Prior work on preventing unwanted email or calls has mainly focused on detecting unwanted communication requests, leaving many messages or calls unlabeled since false positives during filtering are unacceptable. Unlike prior work, we explore approaches to identifying a "good" call based on signaling messages rather than content. This is because content-based filtering cannot prevent call spam from disturbing callees since a ringing tone interrupts them before content is sent. Our first approach uses "cross-media relations.'' Calls are unlikely to be unwanted if two parties have been previously communicated with each other through other communication means. Specifically, we propose two mechanisms using cross-media relations. For the first mechanism, a potential caller offers her contact addresses which might be used in future calls to the callee. For the second mechanism, a callee provides a potential caller with weak secret for future use. When the caller makes a call, she conveys the information to be identified as someone the callee contacted before through other means. Our prototype illustrates how these mechanisms work in web-then-call and email-then-call scenarios. In addition, our user study of received email messages, calls, SMS messages demonstrates the potential effectiveness of this idea. Another approach uses caller's attributes, such as organizational affiliation, in the case where two parties have had no prior contact. We introduce a lightweight mechanism for validating user attributes with privacy-awareness and moderate security. Unlike existing mechanisms of asserting user attributes, we design to allow the caller to claim her attributes to callees without needing to prove her identity or her public key. To strike the proper balance between the ease of service deployment and security, our proposed mechanism relies on transitive trust, through an attribute validation server, established over transport layer security. This mechanism uses an attribute reference ID, which limits the lifetime and restricts relying parties. Our prototype demonstrates the simplicity of our concept and the possibility of practical use