44,114 research outputs found
Identifying Native Applications with High Assurance
The work described in this paper investigates the problem
of identifying and deterring stealthy malicious processes on
a host. We point out the lack of strong application iden-
tication in main stream operating systems. We solve the
application identication problem by proposing a novel iden-
tication model in which user-level applications are required
to present identication proofs at run time to be authenti-
cated by the kernel using an embedded secret key. The se-
cret key of an application is registered with a trusted kernel
using a key registrar and is used to uniquely authenticate
and authorize the application. We present a protocol for
secure authentication of applications. Additionally, we de-
velop a system call monitoring architecture that uses our
model to verify the identity of applications when making
critical system calls. Our system call monitoring can be
integrated with existing policy specication frameworks to
enforce application-level access rights. We implement and
evaluate a prototype of our monitoring architecture in Linux
as device drivers with nearly no modication of the ker-
nel. The results from our extensive performance evaluation
shows that our prototype incurs low overhead, indicating the
feasibility of our model
Practical Evaluation of a Network Mobility Solution
IFIP International Workshop on Networked Applications, Colmenarejo, Madrid/Spain, 6–8 July, 2005As the demand of ubiquitous Internet access and the current trend of all-IP communications keep growing, the necessity of a protocol that provides mobility management increases. The IETF has specified protocols to provide mobility support to individual nodes and networks. The Network Mobility (NEMO) Basic Support protocol is designed for providing mobility at IP level to complete networks, allowing a Mobile Network to change its point of attachment to the Internet, while maintaining ongoing sessions of the nodes of the network. All the mobility management is done by the mobile router whilst the nodes of the network are not even aware of the mobility.
The main aim of this article is evaluating the performance of the NEMO Basic Support protocol by using our implementation. We also discuss the design of an implementation of the NEMO Basic Support protocol.Publicad
System Support for Bandwidth Management and Content Adaptation in Internet Applications
This paper describes the implementation and evaluation of an operating system
module, the Congestion Manager (CM), which provides integrated network flow
management and exports a convenient programming interface that allows
applications to be notified of, and adapt to, changing network conditions. We
describe the API by which applications interface with the CM, and the
architectural considerations that factored into the design. To evaluate the
architecture and API, we describe our implementations of TCP; a streaming
layered audio/video application; and an interactive audio application using the
CM, and show that they achieve adaptive behavior without incurring much
end-system overhead. All flows including TCP benefit from the sharing of
congestion information, and applications are able to incorporate new
functionality such as congestion control and adaptive behavior.Comment: 14 pages, appeared in OSDI 200
Hard Real-Time Networking on Firewire
This paper investigates the possibility of using standard, low-cost, widely used FireWire as a new generation fieldbus medium for real-time distributed control applications. A real-time software subsystem, RT-FireWire was designed that can, in combination with Linux-based real-time operating system, provide hard real-time communication over FireWire. In addition, a high-level module that can emulate Ethernet over RT-FireWire was implemented. This additional module enables existing IP-based real-time communication frameworks to work on top of FireWire. The real-time behavior of RT-FireWire was demonstrated with a simple control setup. Furthermore, an outlook of the future development on RT-FireWire is given
Linux XIA: an interoperable meta network architecture to crowdsource the future Internet
With the growing number of proposed clean-slate redesigns of the Internet, the need for a medium that enables all stakeholders to participate in the realization, evaluation, and selection of these designs is increasing. We believe that the missing catalyst is a meta network architecture that welcomes most, if not all, clean-state designs on a level playing field, lowers deployment barriers, and leaves the final evaluation to the broader community. This paper presents Linux XIA, a native implementation of XIA [12] in the Linux kernel, as a candidate. We first describe Linux XIA in terms of its architectural realizations and algorithmic contributions. We then demonstrate how to port several distinct and unrelated network architectures onto Linux XIA. Finally, we provide a hybrid evaluation of Linux XIA at three levels of abstraction in terms of its ability to: evolve and foster interoperation of new architectures, embed disparate architectures inside the implementation’s framework, and maintain a comparable forwarding performance to that of the legacy TCP/IP implementation. Given this evaluation, we substantiate a previously unsupported claim of XIA: that it readily supports and enables network evolution, collaboration, and interoperability—traits we view as central to the success of any future Internet architecture.This research was supported by the National Science Foundation under awards CNS-1040800, CNS-1345307 and CNS-1347525
SDN Architecture and Southbound APIs for IPv6 Segment Routing Enabled Wide Area Networks
The SRv6 architecture (Segment Routing based on IPv6 data plane) is a
promising solution to support services like Traffic Engineering, Service
Function Chaining and Virtual Private Networks in IPv6 backbones and
datacenters. The SRv6 architecture has interesting scalability properties as it
reduces the amount of state information that needs to be configured in the
nodes to support the network services. In this paper, we describe the
advantages of complementing the SRv6 technology with an SDN based approach in
backbone networks. We discuss the architecture of a SRv6 enabled network based
on Linux nodes. In addition, we present the design and implementation of the
Southbound API between the SDN controller and the SRv6 device. We have defined
a data-model and four different implementations of the API, respectively based
on gRPC, REST, NETCONF and remote Command Line Interface (CLI). Since it is
important to support both the development and testing aspects we have realized
an Intent based emulation system to build realistic and reproducible
experiments. This collection of tools automate most of the configuration
aspects relieving the experimenter from a significant effort. Finally, we have
realized an evaluation of some performance aspects of our architecture and of
the different variants of the Southbound APIs and we have analyzed the effects
of the configuration updates in the SRv6 enabled nodes
- …