Excessive power consumption is deemed one of the major drawbacks of TCAM-based IP search engines. This paper proposes a simple and yet efficient forwarding table partitioning algorithm aiming to achieve significant TCAM power savings. Our algorithm partitions the IP address space into a set of adjoining but non-overlapping search ranges comprising an exactly identical number of prefixes to be accommodated in a TCAM segment, dubbed exact table partitioning (ETAP). During a search operation, only one single range is examined to reduce overall TCAM power consumption substantially.
{"title":"Exact Forwarding Table Partitioning for Efficient TCAM Power Savings","authors":"Gesan Wang, N. Tzeng","doi":"10.1109/NCA.2007.20","DOIUrl":"https://doi.org/10.1109/NCA.2007.20","url":null,"abstract":"Excessive power consumption is deemed one of the major drawbacks of TCAM-based IP search engines. This paper proposes a simple and yet efficient forwarding table partitioning algorithm aiming to achieve significant TCAM power savings. Our algorithm partitions the IP address space into a set of adjoining but non-overlapping search ranges comprising an exactly identical number of prefixes to be accommodated in a TCAM segment, dubbed exact table partitioning (ETAP). During a search operation, only one single range is examined to reduce overall TCAM power consumption substantially.","PeriodicalId":135395,"journal":{"name":"Sixth IEEE International Symposium on Network Computing and Applications (NCA 2007)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-07-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134405005","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The attacking of the infrastructure of the computer network is seems to be one of the major problems. The increasing number of the Internet user all over the world comes with the risk that occurs from many network threats. One of the major tools for protecting the network attacking is the intrusion detection system (IDS), which make the system being the first target that will be attacked by the intruder. As we cannot avoid them, the problem is when there is an attack, how does the intrusion detection system survived. In this research, we show the restriction of the present intrusion detection system architecture and propose the new architecture that can handle the attack via the network and survive from it, using the mobile agent technology with the network topology design that hides the main resource of the network behind the intrusion detection system which separates network resource into segments and installs the monitored host onto each of network segment for robustness from all pattern of the attacking. The design avoid the single point of failure, shadow agent, together with proxy agent, fast backup and recovery mechanism, multicast group and the encryption of the communication between all the IDS for the network security.
{"title":"Survival Architecture for Distributed Intrusion Detection System (dIDS) using Mobile Agent.","authors":"S. Vongpradhip, Wichet Plaimart","doi":"10.1109/NCA.2007.47","DOIUrl":"https://doi.org/10.1109/NCA.2007.47","url":null,"abstract":"The attacking of the infrastructure of the computer network is seems to be one of the major problems. The increasing number of the Internet user all over the world comes with the risk that occurs from many network threats. One of the major tools for protecting the network attacking is the intrusion detection system (IDS), which make the system being the first target that will be attacked by the intruder. As we cannot avoid them, the problem is when there is an attack, how does the intrusion detection system survived. In this research, we show the restriction of the present intrusion detection system architecture and propose the new architecture that can handle the attack via the network and survive from it, using the mobile agent technology with the network topology design that hides the main resource of the network behind the intrusion detection system which separates network resource into segments and installs the monitored host onto each of network segment for robustness from all pattern of the attacking. The design avoid the single point of failure, shadow agent, together with proxy agent, fast backup and recovery mechanism, multicast group and the encryption of the communication between all the IDS for the network security.","PeriodicalId":135395,"journal":{"name":"Sixth IEEE International Symposium on Network Computing and Applications (NCA 2007)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-07-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126998000","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A. Basu, L. Mounier, Marc Poulhiès, J. Pulou, J. Sifakis
We apply a model construction methodology to TinyOS- based networks, using the behavior-interaction-priority (BIP) component framework. The methodology consists in building the model of a node as the composition of a model extracted from a nesC program describing the application, and models of TinyOS components. Models for networks are obtained by composition of models for nodes by using BIP connectors implementing different types of radio chan- nels. This opens the way for enhanced analysis and early error detection by using verification techniques.
{"title":"Using BIP for Modeling and Verification of Networked Systems -- A Case Study on TinyOS-based Networks","authors":"A. Basu, L. Mounier, Marc Poulhiès, J. Pulou, J. Sifakis","doi":"10.1109/NCA.2007.52","DOIUrl":"https://doi.org/10.1109/NCA.2007.52","url":null,"abstract":"We apply a model construction methodology to TinyOS- based networks, using the behavior-interaction-priority (BIP) component framework. The methodology consists in building the model of a node as the composition of a model extracted from a nesC program describing the application, and models of TinyOS components. Models for networks are obtained by composition of models for nodes by using BIP connectors implementing different types of radio chan- nels. This opens the way for enhanced analysis and early error detection by using verification techniques.","PeriodicalId":135395,"journal":{"name":"Sixth IEEE International Symposium on Network Computing and Applications (NCA 2007)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-07-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132809174","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Exponentially growing bandwidth requirements and slowing gains in processor speeds have led to the popularity of multiprocessor architectures. Network stack parallelism is increasingly important to support such architectures. In this paper, we present techniques to improve network stack concurrency using our previous work, TCPServers, a system architecture for offloading network processing within an SMP system. TCPServers dedicates a subset of processors as packet processing engines (PPEs), which handle all asynchronous network events and perform receive processing. We introduce Receive Queues, data structures associated with each socket that store incoming network packets and are accessed exclusively at the PPEs. Using Receive Queues, we modify TCPServers based network stacks to incorporate early packet demultiplexing. We also present an efficient proportional fair scheduling algorithm, which processes incoming packets at the priority of the destination socket. Our experimental evaluation demonstrates that our modifications reduce the scheduling and synchronization overheads and improve the aggregate TCP/IP throughput by up to 75% compared against the default SMP stack. We also show that our system sustains this throughput, even when a large number of short lived connections are present.
{"title":"Improving Network Processing Concurrency using TCPServers","authors":"A. Bohra, L. Iftode","doi":"10.1109/NCA.2007.31","DOIUrl":"https://doi.org/10.1109/NCA.2007.31","url":null,"abstract":"Exponentially growing bandwidth requirements and slowing gains in processor speeds have led to the popularity of multiprocessor architectures. Network stack parallelism is increasingly important to support such architectures. In this paper, we present techniques to improve network stack concurrency using our previous work, TCPServers, a system architecture for offloading network processing within an SMP system. TCPServers dedicates a subset of processors as packet processing engines (PPEs), which handle all asynchronous network events and perform receive processing. We introduce Receive Queues, data structures associated with each socket that store incoming network packets and are accessed exclusively at the PPEs. Using Receive Queues, we modify TCPServers based network stacks to incorporate early packet demultiplexing. We also present an efficient proportional fair scheduling algorithm, which processes incoming packets at the priority of the destination socket. Our experimental evaluation demonstrates that our modifications reduce the scheduling and synchronization overheads and improve the aggregate TCP/IP throughput by up to 75% compared against the default SMP stack. We also show that our system sustains this throughput, even when a large number of short lived connections are present.","PeriodicalId":135395,"journal":{"name":"Sixth IEEE International Symposium on Network Computing and Applications (NCA 2007)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-07-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125212328","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Structured P2P networks are a promising alternative for engineering new distributed services and for replacing existing distributed services like DNS. Providing competitive performance with traditional distributed services is however very difficult because existing services like DNS are highly tuned using a combination of caching and localized communication. Typically, P2P systems use randomized host IDs which destroys any locality that might have been inherent in the IP addresses or the names of the hosts. In this way, P2P communication can result in a high stretch. We propose a locality preserving structured P2P system that supports efficient local communication and low stretch. While this system was optimized for resolving domain names, it will also provide a low stretch to other applications and it can be combined with existing replication schemes to optimize the response times even further.
{"title":"Exploiting Host Name Locality for Reduced Stretch P2P Routing","authors":"G. Pfeifer, C. Fetzer, Thomas Hohnstein","doi":"10.1109/NCA.2007.22","DOIUrl":"https://doi.org/10.1109/NCA.2007.22","url":null,"abstract":"Structured P2P networks are a promising alternative for engineering new distributed services and for replacing existing distributed services like DNS. Providing competitive performance with traditional distributed services is however very difficult because existing services like DNS are highly tuned using a combination of caching and localized communication. Typically, P2P systems use randomized host IDs which destroys any locality that might have been inherent in the IP addresses or the names of the hosts. In this way, P2P communication can result in a high stretch. We propose a locality preserving structured P2P system that supports efficient local communication and low stretch. While this system was optimized for resolving domain names, it will also provide a low stretch to other applications and it can be combined with existing replication schemes to optimize the response times even further.","PeriodicalId":135395,"journal":{"name":"Sixth IEEE International Symposium on Network Computing and Applications (NCA 2007)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-07-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129276864","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The exponential increase in the deployment of IEEE 802.11-based wireless LAN (WLAN) technology has transformed it into an essential building block of the networking infrastructure of commercial enterprises. How to effectively manage these WLAN networks and stop malicious intruders are the two main barriers for further spread of this technology. At the same time, the enormous economies of scale behind IEEE 802.11-based WLAN products also result in rapid technological advances and astounding pricing efficiencies. Today, the street price of a low-end 802.11g access point is as low as $50 USD, with an estimated manufacturing cost of less than $25. In this paper, we describe the design, implementation, and evaluation of a scalable wireless LAN traffic monitoring system called wireless network sentry (Wintry), which provides real-time visibility of the usage of an enterprise's wireless links in a way that is completely transparent to the monitored WLAN networks. Moreover, Wintry is able to leverage low-cost programmable WLAN access points and reduce the total hardware cost to the minimum. A key feature of Wintry is an accurate radio channel busy time estimation algorithm that correctly takes into account both back-off delay and corrupted packets in WLAN traffic load computation without requiring any modification to monitored WLAN devices.
{"title":"Transparent and Accurate Traffic Load Estimation for EnterpriseWireless LAN","authors":"Gang Wu, F. Guo, T. Chiueh","doi":"10.1109/NCA.2007.50","DOIUrl":"https://doi.org/10.1109/NCA.2007.50","url":null,"abstract":"The exponential increase in the deployment of IEEE 802.11-based wireless LAN (WLAN) technology has transformed it into an essential building block of the networking infrastructure of commercial enterprises. How to effectively manage these WLAN networks and stop malicious intruders are the two main barriers for further spread of this technology. At the same time, the enormous economies of scale behind IEEE 802.11-based WLAN products also result in rapid technological advances and astounding pricing efficiencies. Today, the street price of a low-end 802.11g access point is as low as $50 USD, with an estimated manufacturing cost of less than $25. In this paper, we describe the design, implementation, and evaluation of a scalable wireless LAN traffic monitoring system called wireless network sentry (Wintry), which provides real-time visibility of the usage of an enterprise's wireless links in a way that is completely transparent to the monitored WLAN networks. Moreover, Wintry is able to leverage low-cost programmable WLAN access points and reduce the total hardware cost to the minimum. A key feature of Wintry is an accurate radio channel busy time estimation algorithm that correctly takes into account both back-off delay and corrupted packets in WLAN traffic load computation without requiring any modification to monitored WLAN devices.","PeriodicalId":135395,"journal":{"name":"Sixth IEEE International Symposium on Network Computing and Applications (NCA 2007)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-07-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116120452","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Many unstructured overlay-based peer-to-peer (P2P) applications require techniques that can effectively send messages to various topological regions of the overlay. While searching in unstructured P2P networks has been widely studied in literature, the problem of diffusing messages to various parts of an arbitrary overlay network has received surprisingly little research attention. In this paper we analyze the message diffusion problem and make two technical contributions towards addressing it. First, we propose a novel message propagation technique called the cluster resilient random walk (CRW). While the CRW technique preserves the overall framework of random walks, at each step of message forwarding, it favors the neighbors that are more likely to send the message deeper into the network. Second, in order to ensure effective message diffusion in networks with small cuts, we introduce a unique message fission technique in which messages are split when they reach peers connecting two or more topological regions of the network. Our experiments show that the proposed technique are very effective in diffusing messages across overlay networks of various topologies.
{"title":"Message Diffusion in Unstructured Overlay Networks","authors":"Jianxia Chen, Lakshmish Ramaswamy, Archana Meka","doi":"10.1109/NCA.2007.32","DOIUrl":"https://doi.org/10.1109/NCA.2007.32","url":null,"abstract":"Many unstructured overlay-based peer-to-peer (P2P) applications require techniques that can effectively send messages to various topological regions of the overlay. While searching in unstructured P2P networks has been widely studied in literature, the problem of diffusing messages to various parts of an arbitrary overlay network has received surprisingly little research attention. In this paper we analyze the message diffusion problem and make two technical contributions towards addressing it. First, we propose a novel message propagation technique called the cluster resilient random walk (CRW). While the CRW technique preserves the overall framework of random walks, at each step of message forwarding, it favors the neighbors that are more likely to send the message deeper into the network. Second, in order to ensure effective message diffusion in networks with small cuts, we introduce a unique message fission technique in which messages are split when they reach peers connecting two or more topological regions of the network. Our experiments show that the proposed technique are very effective in diffusing messages across overlay networks of various topologies.","PeriodicalId":135395,"journal":{"name":"Sixth IEEE International Symposium on Network Computing and Applications (NCA 2007)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-07-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132502448","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We present FRAC, a Framework for role-based access control in network file systems. FRAC is a reference monitor that controls the message flow between file system clients and servers. FRAC supports role hierarchies, user sessions, and static and dynamic separation of duty constraints. It also allows administrators to define dynamic policies based on access history and the environment, e.g., time of day. FRAC introduces a virtual control namespace (VCN) that provides an interface to query and update the state of the access control framework over the standard file system protocol. This namespace eliminates the need for executing specialized user agents either at the client or at the server. Therefore, FRAC does not require any modification to either the file system client or the file server. We have implemented FRAC for the widely deployed NFS protocol using FileWall, a file system proxy previously developed by us. Our experimental evaluation shows that FRAC imposes minimal overheads for the common file system operations.
{"title":"FRAC: Implementing Role-Based Access Control for Network File Systems","authors":"A. Bohra, Stephen Smaldone, L. Iftode","doi":"10.1109/NCA.2007.25","DOIUrl":"https://doi.org/10.1109/NCA.2007.25","url":null,"abstract":"We present FRAC, a Framework for role-based access control in network file systems. FRAC is a reference monitor that controls the message flow between file system clients and servers. FRAC supports role hierarchies, user sessions, and static and dynamic separation of duty constraints. It also allows administrators to define dynamic policies based on access history and the environment, e.g., time of day. FRAC introduces a virtual control namespace (VCN) that provides an interface to query and update the state of the access control framework over the standard file system protocol. This namespace eliminates the need for executing specialized user agents either at the client or at the server. Therefore, FRAC does not require any modification to either the file system client or the file server. We have implemented FRAC for the widely deployed NFS protocol using FileWall, a file system proxy previously developed by us. Our experimental evaluation shows that FRAC imposes minimal overheads for the common file system operations.","PeriodicalId":135395,"journal":{"name":"Sixth IEEE International Symposium on Network Computing and Applications (NCA 2007)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-07-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127346179","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We study the effects of bursty Internet traffic through simulations. Both short-range dependency (SRD) traffic and long-range dependency (LRD) traffic are simulated over different burst parameters. The results are collected for 10 different 24 hour simulated periods in order to study and measure day-to-day statistical fluctuation. Effects of employing different traffic admission constraints are examined. An alternative for improving network throughput and utilization is proposed. Finally, a case when arrival patterns of traffic are correlated is explored.
{"title":"Study of Bursty Internet Traffic","authors":"Kannikar Siriwong, L. Lipsky, R. Ammar","doi":"10.1109/NCA.2007.45","DOIUrl":"https://doi.org/10.1109/NCA.2007.45","url":null,"abstract":"We study the effects of bursty Internet traffic through simulations. Both short-range dependency (SRD) traffic and long-range dependency (LRD) traffic are simulated over different burst parameters. The results are collected for 10 different 24 hour simulated periods in order to study and measure day-to-day statistical fluctuation. Effects of employing different traffic admission constraints are examined. An alternative for improving network throughput and utilization is proposed. Finally, a case when arrival patterns of traffic are correlated is explored.","PeriodicalId":135395,"journal":{"name":"Sixth IEEE International Symposium on Network Computing and Applications (NCA 2007)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-07-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134211243","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A. Correia, J. Pereira, L. Rodrigues, N. Carvalho, R. Vilaça, R. Oliveira, Susana Guedes
Database replication has been a common feature in database management systems (DBMSs) for a long time. In particular, asynchronous or lazy propagation of updates provides a simple yet efficient way of increasing performance and data availability and is widely available across the DBMS product spectrum. High end systems additionally offer sophisticated conflict resolution and data propagation options as well as, synchronous replication based on distributed locking and two-phase commit protocols. This paper presents GORDA architecture and programming interface (GAPI), that enables different replication strategies to be implemented once and deployed in multiple DBMSs. This is achieved by proposing a reflective interface to transaction processing instead of relying on-client interfaces or ad-hoc server extensions. The proposed approach is thus cost-effective, in enabling reuse of replication protocols or components in multiple DBMSs, as well as potentially efficient, as it allows close coupling with DBMS internals.
{"title":"GORDA: An Open Architecture for Database Replication","authors":"A. Correia, J. Pereira, L. Rodrigues, N. Carvalho, R. Vilaça, R. Oliveira, Susana Guedes","doi":"10.1109/NCA.2007.26","DOIUrl":"https://doi.org/10.1109/NCA.2007.26","url":null,"abstract":"Database replication has been a common feature in database management systems (DBMSs) for a long time. In particular, asynchronous or lazy propagation of updates provides a simple yet efficient way of increasing performance and data availability and is widely available across the DBMS product spectrum. High end systems additionally offer sophisticated conflict resolution and data propagation options as well as, synchronous replication based on distributed locking and two-phase commit protocols. This paper presents GORDA architecture and programming interface (GAPI), that enables different replication strategies to be implemented once and deployed in multiple DBMSs. This is achieved by proposing a reflective interface to transaction processing instead of relying on-client interfaces or ad-hoc server extensions. The proposed approach is thus cost-effective, in enabling reuse of replication protocols or components in multiple DBMSs, as well as potentially efficient, as it allows close coupling with DBMS internals.","PeriodicalId":135395,"journal":{"name":"Sixth IEEE International Symposium on Network Computing and Applications (NCA 2007)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2007-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130239991","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}