Ubiquitous Computing, Pervasive Computing, and Smart Spaces refer to an emerging interdisciplinary field, where numerous embedded mobile wireless computing nodes interact with one another, as well as with stationary nodes in the environment. An individual's computing platform will consist of a number of distributed processing nodes, I/O devices, and sensors. Individuals will want to communicate with one another, with the fixed resources in smart rooms such as display devices and printers, and with resources providing various services on the Internet. These nodes must become aware of one another, self-organise into federations and maintain secure, private sessions among groups.

There are significant issues in wireless communications, mobile networking, protocols at various layers, QoS, and security. Scaling is a problem, not only in the conventional sense, but in density where millions of nodes may be in range of one another. This presentation will provide an overview of problems, issues, and research areas.

The design principle of restricting local autonomy only where necessary for global robustness has led to a scalable Internet. Unfortunately, this scalability and capacity for distributed control has not been achieved in the mechanisms for specifying and enforcing security policies. With the increasing size and complexity of networks, security management is becoming a more serious problem.

This thesis proposes the first completely automated solution to this problem, STRONGMAN. STRONGMAN demonstrates three new approaches to providing efficient local policy enforcement complying with global security policies. First is the use of a compliance checker to provide great local autonomy within the constraints of a global security policy. Second is the ability to compose policy rules into a coherent enforceable set, {\it e.g.,} at the boundaries of two locally autonomous domains or between two protocols. Third is the ``lazy binding'' of policies to reduce resource consumption.

Our proposed architecture uses these three components to provide scalable security policy management for large networks. A large part of the STRONGMAN architecture has been implemented, and some early results are presented.

Increasing demand for new services in the Internet has motivated research into "active", or programmable, networks. One of the most aggressive approaches to active networking is the use of *active packets* that contain a program instead of a traditional packet header. While active packets offer potentially per-packet customizability, no existing active packet system has been fully practical--namely, safe, efficient, and flexible.

Our thesis is that practical active packets are possible; we present a new active packet system, SNAP (Safe and Nimble Active Packets) and then demonstrate that it satisfies three main practicality properties:

1. Safety: SNAP packets cannot subvert or crash a node (robustness); SNAP packets cannot interfere with other packets without permission (isolation); and SNAP packets cannot consume an untoward amount of resources, thus denying them to other packets (resource safety).

2. Efficiency: SNAP does not add significant execution overhead over traditional packet schemes. In particular, IP-like functionality is available at IP-like performance.

3. Flexibility: It is possible to express useful and interesting active applications with SNAP. In particular, SNAP offers more flexibility than traditional passive packet schemes.

Increasing demand for new services in the Internet has motivated research into "active", or programmable, networks. One of the most aggressive approaches to active networking is the use of *active packets* that contain a program instead of a traditional packet header. While active packets offer potentially per-packet customizability, no existing active packet system has been fully practical--namely, safe, efficient, and flexible.

Our thesis is that practical active packets are possible; we present a new active packet system, SNAP (Safe and Nimble Active Packets) and then demonstrate that it satisfies three main practicality properties:

1. Safety: SNAP packets cannot subvert or crash a node (robustness); SNAP packets cannot interfere with other packets without permission (isolation); and SNAP packets cannot consume an untoward amount of resources, thus denying them to other packets (resource safety).

2. Efficiency: SNAP does not add significant execution overhead over traditional packet schemes. In particular, IP-like functionality is available at IP-like performance.

3. Flexibility: It is possible to express useful and interesting active applications with SNAP. In particular, SNAP offers more flexibility than traditional passive packet schemes.

Many important applications must run continuously and without interruption, yet must be changed to fix bugs or upgrade functionality. To date, no existing dynamic updating system has achieved a practical balance between flexibility, correctness, ease-of-use, and low overhead.

We present a new approach that provides type-safe dynamic updating of native code in an extremely flexible manner (functions and types may be updated, and at any time) and permits the use of automated tools to aid the programmer in the updating process. Our system is based around {\em dynamic patches} made up of proof-carrying code that both contain the updated code and the code needed to transition from the old version to the new. We discuss how patches are generated using a semiautomatic tool, how they are applied using dynamic-linking technology, and how code is compiled to make it updateable.

To concretely illustrate our system, we have implemented a dynamically-updateable web server, FlashEd. We discuss our experience building and maintaining FlashEd. Performance experiments show that updateable FlashEd runs between 2\% and 6\% slower than a static one.

In this talk I describe ABLE++, an active network architecture that optimizes the interaction of the active component and managed device for efficient and secure monitoring and control functions without sacrificing application flexibility and ease of programming.

Active networks introduce flexibility into a network by moving computation from the edges to the core of the network. Allowing computation in the core also provides a framework for distributed computation. Network management applications can take advantage of the flexible, distributed active network environment. Pushing management functions closer to the managed device lends a more efficient use of network resources, provides a shorter application response time and alleviates the single point of failure common to the current centralized polling model.

Using active networks to perform management tasks requires that active code be aware of local state information in the managed device. For example, a load balancing application requires access to the forwarding table and a congestion-avoidance application requires performance metrics on the router interfaces. Efficient access to local state is needed but without sacrificing ease of programming, application flexibility or node security.

In this talk, I will describe extensions to the ABLE (Active Bell Labs Engine) architecture, ABLE++, present performance results and an example congestion avoidance application.

The primary goal of active networking is to increase the pace of network evolution. Evolution is typically achieved via extensibility; that is, typical active network implementations provide an interface to extend network nodes with dynamically loaded code. Most implementations employ plug-in extensibility , a technique for loading code characterized by a concrete, pre-defined abstraction of future change. While flexible and convenient, we argue that plug-in extensibility alone is not sufficient for true network evolution. Instead, we propose dynamic software updating , a technique that reduces the a priori assumptions of plug-in extensibility, improving flexibility and eliminating the need to pre-plan extensions. However, this additional flexibility creates issues involving validity and security. We discuss these issues, and describe the state-of-the-art in systems that support dynamic software updating, thus framing the problem for researchers developing next-generation active networks.

As more processing power becomes available at the edges of today's network, it becomes possible to process data flowing through network elements. This raises the question of how to best schedule scarce on-switch resources. This talk presents eXpert, an operating system designed to offer isolation between different traffic flows being processed on such a system. This talk outlines the major decisions taken in eXpert's design, and the rationale behind them. eXpert is work in progress, so no results will be presented at this time.

Many important applications must run continuously and without interruption, yet must be changed to fix bugs or upgrade functionality. To date, no existing dynamic updating system has achieved a practical balance between flexibility, correctness, ease-of-use, and low overhead.

We present a new approach that provides type-safe dynamic updating of native code in an extremely flexible manner (functions and types may be updated, and at any time) and permits the use of automated tools to aid the programmer in the updating process. Our system is based around {\em dynamic patches} made up of proof-carrying code that both contain the updated code and the code needed to transition from the old version to the new. We discuss how patches are generated using a semiautomatic tool, how they are applied using dynamic-linking technology, and how code is compiled to make it updateable.

To concretely illustrate our system, we have implemented a dynamically-updateable web server, FlashEd. We discuss our experience building and maintaining FlashEd. Performance experiments show that updateable FlashEd runs between 2\% and 6\% slower than a static one.