A Heartbeat Mechanism and its Application in Gigascope.

Abstract Data stream management systems often rely on ordering properties of tuple attributes in order to implement non-blocking operators. However, query operators that work with multiple streams, such as stream merge or join, can often still block if one of the input stream is very slow or bursty. In principle, punctuation and heartbeat mechanisms have been proposed to unblock streaming operators. In practice, it is a challenge to incorporate such mechanisms into a highperformance stream management system that is operational in an industrial application. In this paper, we introduce a system for punctuation-carrying heartbeat generation that we developed for Gigascope, a high-performance streaming database for network monitoring, that is operationally used within AT&T's IP backbone. We show how heartbeats can be regularly generated by low-level nodes in query execution plans and propagated upward unblocking all streaming operators on its way. Additionally, our heartbeat mechanism can be used for other applications in distributed settings such as detecting node failures, performance monitoring, and query optimization. A performance evaluation using live data feeds shows that our system is capable of working at multiple Gigabit line speeds in a live, industrial deployment and can significantly decrease the query memory utilization

RadioProphet: Intelligent Radio Resource Deallocation for Cellular Networks

Abstract. Traditionally, radio resources are released in cellular networks by statically configured inactivity timers, causing substantial resource inefficiencies. We propose a novel system RadioProphet (RP), which dynamically and intelligently determines in real time when to deallocate radio resources by predicting the network idle time based on traffic history. We evaluate RP using 7-month-long real-world cellular traces. Properly configured, RP correctly predicts 85.9 % of idle time instances and achieves radio energy savings of 59.1 % at the cost of 91.0 % of signaling overhead, outperforming existing proposals. We also implement and evaluate RP on real Android devices, demonstrating its negligible runtime overhead.

Proceedings of the Sixth International Workshop on Web Caching and Content Distribution

OVERVIEW The International Web Content Caching and Distribution Workshop (WCW) is a premiere technical meeting for researchers and practitioners interested in all aspects of content caching, distribution and delivery on the Internet. The 2001 WCW meeting was held on the Boston University Campus. Building on the successes of the five previous WCW meetings, WCW01 featured a strong technical program and record participation from leading researchers and practitioners in the field. This report includes all the technical papers presented at WCW'01. Note: Proceedings of WCW'01 are published by Elsevier. Hardcopies of these proceedings can be purchased through the workshop organizers. As a service to the community, electronic copies of all WCW'01 papers are accessible through Technical Report BUCS‐TR‐2001‐017, available from the Boston University Computer Science Technical Report Archives at http://www.cs.bu.edu/techreps. [Ed.note: URL outdated. Use http://www.bu.edu/cs/research/technical-reports/ or http://hdl.handle.net/2144/1455 in this repository to access the reports.]Cisco Systems; InfoLibria; Measurement Factory Inc; Voler

Escort: Securing scout paths

It is becoming increasingly common to find special-purpose communication devices--Information Appliances--attached to the Internet. Information appliances include network-attached disks, cameras, and displays; web and file servers; set-top boxes; application routers and firewalls. Many of these systems perform mission critical functions, like company web servers or firewalls, but are built on general purpose operating systems that do not protect them with adequate security measures. This work introduces Escort, a security architecture for the Scout operating system. Escort provides a set of mechanisms designed to protect information appliances. It uses Scout's path abstraction to provide accurate accounting over multiple protection domains, thereby protecting privacy and integrity while enabling the defense against denial of service attacks. Escort also provides a configuration interface that allows the designer of the Information Appliance to configure the functional specification and security policy needed for a given environment. The performance penalty of many secure systems is a deterrent for their deployment. Therefore, an additional goal of Escort is to provide high performance. To achieve this goal, Escort introduces novel mechanisms for shared buffer management and thread migration without introducing security holes. Again, the path abstraction is a major enabling factor for these mechanisms. This work also presents two example Information Appliances, a web server and a TCP forwarder (firewall). They show how secure high performance system's can be built using Escort's mechanisms. The web server shows, in particular, how to deal with denial of service attacks using a path-based resource revocation mechanism, while the firewall demonstrates a path-based optimization enabled by Escort

Defending against Denial of Service Attacks in Scout

We describe a two-dimensional architecture for defending against denial of service attacks. In one dimension, the architecture accounts for all resources consumed by each I/O path in the system; this accounting mechanism is implemented as an extension to the path object in the Scout operating system. In the second dimension, the various modules that define each path can be configured in separate protection domains; we implement hardware enforced protection domains, although other implementations are possible. The resulting system---which we call Escort---is the first example of a system that simultaneously does end-to-end resource accounting (thereby protecting against resource based denial of service attacks where principals can be identified) and supports multiple protection domains (thereby allowing untrusted modules to be isolated from each other). The paper describes the Escort architecture and its implementation in Scout, and reports a collection of experiments that measure the c..

Escort: A Path-Based OS Security Architecture

Escort is the security architecture for Scout, a configurable operating system designed for network appliances. Scout is unique in that it is designed around paths---a communication-centric abstraction that encapsulates information flows through the system---rather than the more traditional processes and servers. Scout uses paths to make end-to-end resource allocation decisions. Escort extends this idea to isolate these information flows, as well as to provide end-to-end accountability. This paper introduces the Escort security architecture, shows how it can be used to enforce common security policies, and evaluates its design according to several well-established criteria. November 26, 1997 Department of Computer Science The University of Arizona Tucson, AZ 1 Introduction The ability to secure a computing system depends greatly on the design of its operating system. Saltzer and Schroeder [14] introduced a set of criteria by which one can evaluate the secure design of a computer sys..