September 21
(note: not usual time):
Iliaj Hadzic

Much research has been recently directed towards building flexible and reconfigurable network infrastructures which provide better functionality and allow faster evolution. Two classes of reconfigurable networks have been investigated: adaptive protocols and programmable (active) networks.

An adaptive protocol can modify itself in the face of changing network conditions and dynamically optimize its structure. The motivation for such protocols is the intuition that a system specialized to the current set of conditions will perform better than the one designed for the common case. In addition, adaptive systems can offer greater functionality than statically architected systems.

Programmable or active networks have been proposed as a way of accelerating the deployment and support of new services. The rationale is that if the network were programmable, the protocol support for the new service could be rapidly implemented without the need for standardization process at the service level. Once the service is adopted, its implementation can be easily distributed over the network as long as interoperability exists at the programming level. Non-adoption of unattractive or poorly implemented services also becomes less costly than in traditional approach.

Several software-only prototypes of active networks have been built. Performance limitations and a tacit assumption that protocol flexibility requires software has generated a considerable amount of skepticism about applicability when the network performance is climbing rapidly.

We make two major contributions in this thesis. First, we demonstrate how results in the field of Reconfigurable Computing can be applied in constructing a reconfigurable network protocol, improving the performance by delegating ``bit-intensive'' functions to hardware. Second, we extract the safety and security issues addressed in this concept and project them to general system utilizing programmable logic and thus open the new subfield of Reconfigurable Computing, namely security of reconfigurable systems.

The methodology we use is a proof-of-concept through experimentation. We have identified the existence of bit-intensive functions in network protocols and built the run-time reconfigurable system to accelerate these functions. Our experimental platform, the Programmable Protocol Processing Pipeline (P4) is optimized for network processing and composes a set of field-programmable logic arrays (FPGA) into a processing engine achieving the processing performance of a special purpose hardware with the software-like flexibility. Using this platform and one of the proposed frameworks for building adaptive and programmable protocols, we demonstrate that the reconfigurable hardware can be used for building reconfigurable networks. This demonstrates that on-the-fly hardware programmability can be applied in many settings such as line cards, switches, routers, etc.

September 27:
Emre Ucok

Performance issues in Reporting Systems Design

In corporations who have a very large flow of information, reporting issues are often addressed by systems implemented out of a collection of independent off-the-shelf components. Does it always pay to convert to a single integrated tool that is aimed more narrowly at your problem, but is potentially less customizable? I report on my experience evaluating just such a change at the Regulatory Technology Department, Goldman Sachs and Company.

The department processes the incoming data streams (with different rates and periods) from many upstream systems and consolidates it to maintain detailed information on all of the firm's current and past positions. A very critical portion of Goldman Sachs' business depends on the timely flow and processing of this information. These are monitored by analyzing the batch, feed, processing time and other data stored in the main database (LEW-Legal Entity Workstation) in the Regulatory department.

This analysis is currently done by a collection of independent tools such as Excel and Sybase. The senior staff believed that converting this monitoring to a single, object-oriented, integrated query, analysis, and reporting tool (Business Objects) would have several advantages:

1. a better front end
2. more sophisticated reporting and analysis features
3. would allow controllers to rapidly define their own queries

October 25

November 1

No seminar today

December 6
Micheal Greenwald

December 13
Angelos Keromytis
Strongman

The increasing complexity and scale of networks make security management difficult. STRONGMAN (Scalable TRust Of Next Generation MANagement) addresses this issue by introducing a security policy interoperability layer based on a trust management system, and a high level specification language. In this talk I will give an overview of the architecture and the system, as well as some thoughts on future directions.

December 20
Sotiris Ioannidis
Sub-Operating Systems: A New Approach to Application Security

In the current highly interconnected computing environments, users regularly use insecure software. Many popular applications, such as Netscape Navigator and Microsoft Word, are targeted by hostile applets or malicious documents, and might therefore compromise the integrity of the system. Current operating systems are unable to protect their users from this kind of attacks, since the hostile software is running with the user's privileges and permissions.

We introduce the notion of the SubOS, a process-specific protection mechanism. Under SubOS, any application that might deal with incoming, possibly malicious objects, behaves like an operating system. It views those objects the same way an operating system views users- it assigns sub-user id's-and restricts their accesses to the system resources.

October 25

November 1

No seminar today

December 6
Micheal Greenwald

December 13
Angelos Keromytis
Strongman

The increasing complexity and scale of networks make security management difficult. STRONGMAN (Scalable TRust Of Next Generation MANagement) addresses this issue by introducing a security policy interoperability layer based on a trust management system, and a high level specification language. In this talk I will give an overview of the architecture and the system, as well as some thoughts on future directions.

December 20
Sotiris Ioannidis
Sub-Operating Systems: A New Approach to Application Security

In the current highly interconnected computing environments, users regularly use insecure software. Many popular applications, such as Netscape Navigator and Microsoft Word, are targeted by hostile applets or malicious documents, and might therefore compromise the integrity of the system. Current operating systems are unable to protect their users from this kind of attacks, since the hostile software is running with the user's privileges and permissions.

We introduce the notion of the SubOS, a process-specific protection mechanism. Under SubOS, any application that might deal with incoming, possibly malicious objects, behaves like an operating system. It views those objects the same way an operating system views users- it assigns sub-user id's-and restricts their accesses to the system resources.

Feb. 3
Mike Hicks

Feb. 10
Jon Moore

SNAP: Safe Networking with Active Packets

We describe a new language for encoding active, or programmable, packets. SNAP is an expression-limited bytecode language, permitting both safety proofs about resource usage as well as efficient evaluation. SNAP is the first active packet system to be both safe *and* efficient. We describe an in-kernel implementation (with some preliminary benchmark results) and talk about applications for SNAP.

Feb. 17
Improving network utilization
Danny Raz raz@research.bell-labs.com

This talk has two parts, each dealing with a different aspect of improving network utilization and end to end performance.

The first one studies network cache placement, with a special emphasis on transparent caches. The goal is to minimize the overall flow or the average delay by optimally placing a given number of caches in the network. We present a model that captures the essentials of the cache location problem, and present a computationally efficient dynamic-programming algorithm for the single server case. We experimentally study and validate our model and algorithms using real web data. We observe that a small number of caches are sufficient to reduce the network traffic significantly. Furthermore, there is a surprising consistency over time in the relative amount of web traffic from the server along a path, lending a stability to this type of cache location solutions.

The second part of the talk addresses one of the substantial drawbacks of current network management systems. Many of these systems perform periodic polling that imposes a significant load on the network. We propose methods for efficient monitoring of data network. In this work we present a new model that allows quantifying the efficiency of polling, and develop new heuristics for efficient polling.

This talk is based on joint work with J. Jiao, P. Krishnan, S. Naqvi, Y. Shavitt, and B. Sugla. About the speaker: Danny Raz received his doctoral degree from the Weizmann Institute of Science, Israel, in 1995. From 1995 to 1997 he was a post-doctoral fellow at the International Computer Science Institute, (ICSI) Berkeley, CA, and a visiting lecturer at the University of California, Berkeley. Since October 1997 he is with the Network and Service Management Research Department at Bell-Labs. His primary research interest is the theory and application of management related problems in IP networks.

Mar. 2
William Arbaugh

TBD

March 9
No seminar

March 16
No seminar - Spring Break

March 23
Mike Hicks