XML-based services with flexible and intelligent structures for data expression and exchange are quickly gaining popularity. Enterprises are deploying XML-based services as a central component of the application integration. As the application data are crucial to the enterprises, the XML messages must be secured to ensure the reliability of these services. This paper presents the design of an embedded XML firewall with XML identification, XML validation, XML encryption and decryption, XML signature and signature verification, which is implemented on Intel IXP425, an embedded network processor for small and medium enterprise solutions. Suitable for enterprises to deploy XML security for their IT infrastructure, the XML firewall provides confidentiality, integrity and authenticity for XML-based services. Improvements are introduced and evaluated, including schema preprocessing and hardware acceleration for security processing. Ideas about future work of XML firewall based on this platform are also proposed.
{"title":"An XML Firewall on Embedded Network Processor","authors":"Wei Wang, Jun Li","doi":"10.1109/ICNS.2008.15","DOIUrl":"https://doi.org/10.1109/ICNS.2008.15","url":null,"abstract":"XML-based services with flexible and intelligent structures for data expression and exchange are quickly gaining popularity. Enterprises are deploying XML-based services as a central component of the application integration. As the application data are crucial to the enterprises, the XML messages must be secured to ensure the reliability of these services. This paper presents the design of an embedded XML firewall with XML identification, XML validation, XML encryption and decryption, XML signature and signature verification, which is implemented on Intel IXP425, an embedded network processor for small and medium enterprise solutions. Suitable for enterprises to deploy XML security for their IT infrastructure, the XML firewall provides confidentiality, integrity and authenticity for XML-based services. Improvements are introduced and evaluated, including schema preprocessing and hardware acceleration for security processing. Ideas about future work of XML firewall based on this platform are also proposed.","PeriodicalId":180899,"journal":{"name":"Fourth International Conference on Networking and Services (icns 2008)","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115285761","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Congestion control algorithms are traditionally evaluated in contrast to ideal capacity allocations that specify instantaneous efficient fair rates for application sessions but ignore time. While the latter is tenable for local networks and networks where all application sessions last long, instantaneous ideal allocations are inadequate standards for congestion control evaluation in dynamic wide-area networks. In this paper, we propose an alternative ideal of an effair allocation that explicitly accounts for unavoidable propagation delay. We develop an algorithm for computing the effair allocation and present a metric of effairness that quantifies how close the actual network services are to the effair allocation on the receiver, session, and network levels.
{"title":"Effairness: Dealing with Time in Congestion Control Evaluation","authors":"Sergey Gorinsky, H. Vin","doi":"10.1109/ICNS.2008.45","DOIUrl":"https://doi.org/10.1109/ICNS.2008.45","url":null,"abstract":"Congestion control algorithms are traditionally evaluated in contrast to ideal capacity allocations that specify instantaneous efficient fair rates for application sessions but ignore time. While the latter is tenable for local networks and networks where all application sessions last long, instantaneous ideal allocations are inadequate standards for congestion control evaluation in dynamic wide-area networks. In this paper, we propose an alternative ideal of an effair allocation that explicitly accounts for unavoidable propagation delay. We develop an algorithm for computing the effair allocation and present a metric of effairness that quantifies how close the actual network services are to the effair allocation on the receiver, session, and network levels.","PeriodicalId":180899,"journal":{"name":"Fourth International Conference on Networking and Services (icns 2008)","volume":"1998 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125595184","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Service level agreements (SLAs) have been introduced into the grid in order to build a basis for its commercial uptake. The challenge for Grid providers in agreeing and operating SLA-bound jobs is to ensure their fulfillment even in the case of failures. Hence, fault-tolerance mechanisms are an essential means of the provider's SLA management. The high utilization of commercial operated clusters leads to scenarios in which typically a job migration effects other jobs scheduled. The effects result from the unavailability of enough free resources which would be needed to catch all resource outages. Consequently before initiating a migration, its effects for other jobs have to be compared and the initiation of fault- tolerance (FT-) mechanisms have to be evaluated recursively. This paper presents a measurement for the benefit of initiating a FT-mechanism, the recursive evaluation, and termination condition. Performing such an impact evaluation of an initiated chain of FT-mechanisms is often more profitable than performing a single FT-mechanism and accordingly this is important for the Grid commercialization.
{"title":"Recursive Evaluation of Fault Tolerance Mechanisms for SLA Management","authors":"K. Voß","doi":"10.1109/ICNS.2008.22","DOIUrl":"https://doi.org/10.1109/ICNS.2008.22","url":null,"abstract":"Service level agreements (SLAs) have been introduced into the grid in order to build a basis for its commercial uptake. The challenge for Grid providers in agreeing and operating SLA-bound jobs is to ensure their fulfillment even in the case of failures. Hence, fault-tolerance mechanisms are an essential means of the provider's SLA management. The high utilization of commercial operated clusters leads to scenarios in which typically a job migration effects other jobs scheduled. The effects result from the unavailability of enough free resources which would be needed to catch all resource outages. Consequently before initiating a migration, its effects for other jobs have to be compared and the initiation of fault- tolerance (FT-) mechanisms have to be evaluated recursively. This paper presents a measurement for the benefit of initiating a FT-mechanism, the recursive evaluation, and termination condition. Performing such an impact evaluation of an initiated chain of FT-mechanisms is often more profitable than performing a single FT-mechanism and accordingly this is important for the Grid commercialization.","PeriodicalId":180899,"journal":{"name":"Fourth International Conference on Networking and Services (icns 2008)","volume":"121 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121458287","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Mohsen Baratvand, M. Tabandeh, A. Behboodi, A. Fotowat-Ahmady
VoIP over WLAN is a promising technology as a powerful replacement for current local wireless telephony systems. Packet timing Jitter is a constant issue in QoS of IEEE802.11 networks and exploiting an optimum jitter handling algorithm is an essential part of any VoIP over WLAN (VoWiFi) devices especially for the low cost devices with limited resources. In this paper two common algorithms using buffer as a method for Jitter handling are analyzed with relation to different traffic patterns. The effect of different buffer sizes on the quality of voice will be assessed for these patterns. Various traffic patterns were generated using OPNET and Quality of output voice was evaluated based on ITU PESQ method. It was shown that an optimum voice quality can be attained using a circular buffer with a size of around twice that of a voice packet.
基于WLAN的VoIP是一种很有前途的技术,可以有力地替代当前的本地无线电话系统。分组定时抖动是IEEE802.11网络QoS中一个持续存在的问题,开发最佳抖动处理算法是任何VoIP over WLAN (VoWiFi)设备的重要组成部分,特别是对于资源有限的低成本设备。本文分析了两种常用的利用缓冲区处理抖动的算法,并结合不同的通信模式进行了分析。对于这些模式,将评估不同缓冲大小对语音质量的影响。使用OPNET生成各种流量模式,并基于ITU PESQ方法对输出语音质量进行评估。结果表明,使用大小约为语音包的两倍的圆形缓冲区可以获得最佳的语音质量。
{"title":"Jitter-Buffer Management for VoIP over Wireless LAN in a Limited Resource Device","authors":"Mohsen Baratvand, M. Tabandeh, A. Behboodi, A. Fotowat-Ahmady","doi":"10.1109/ICNS.2008.17","DOIUrl":"https://doi.org/10.1109/ICNS.2008.17","url":null,"abstract":"VoIP over WLAN is a promising technology as a powerful replacement for current local wireless telephony systems. Packet timing Jitter is a constant issue in QoS of IEEE802.11 networks and exploiting an optimum jitter handling algorithm is an essential part of any VoIP over WLAN (VoWiFi) devices especially for the low cost devices with limited resources. In this paper two common algorithms using buffer as a method for Jitter handling are analyzed with relation to different traffic patterns. The effect of different buffer sizes on the quality of voice will be assessed for these patterns. Various traffic patterns were generated using OPNET and Quality of output voice was evaluated based on ITU PESQ method. It was shown that an optimum voice quality can be attained using a circular buffer with a size of around twice that of a voice packet.","PeriodicalId":180899,"journal":{"name":"Fourth International Conference on Networking and Services (icns 2008)","volume":"210 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115956925","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Adrian Knoth, Christian Kauhaus, D. Fey, L. Schneidenbach, Bettina Schnor
The message passing interface (MPI) [17] is the most widely used message passing library for parallel applications on compute clusters. Here, we present our experiences in developing an IPv6 enabled MPI version for both most popular implementations, the MPICH2 and the Open MPI implementations. Further, we discuss how these IPv6 enabled MPI implementations can be used within multi-cluster and grid topologies.
{"title":"Challenges of MPI over IPv6","authors":"Adrian Knoth, Christian Kauhaus, D. Fey, L. Schneidenbach, Bettina Schnor","doi":"10.1109/ICNS.2008.27","DOIUrl":"https://doi.org/10.1109/ICNS.2008.27","url":null,"abstract":"The message passing interface (MPI) [17] is the most widely used message passing library for parallel applications on compute clusters. Here, we present our experiences in developing an IPv6 enabled MPI version for both most popular implementations, the MPICH2 and the Open MPI implementations. Further, we discuss how these IPv6 enabled MPI implementations can be used within multi-cluster and grid topologies.","PeriodicalId":180899,"journal":{"name":"Fourth International Conference on Networking and Services (icns 2008)","volume":"228 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133167223","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The topology of the packet radio network changes dynamically. The initial slot assignments may cause interferences among the nodes while transmitting. In this paper, the author propose a new adaptive transmission scheduling to packet radio networks that computes the transmission assignments according to the changes in the topology. The node gathers information from its local neighborhood. In addition, this information is useful to reconstruct the slot assignments. The NATS consists of two stages. During the first stage, it obtained a minimal TDMA frame length and the corresponding transmission assignments. In the second stage, the NATS finds the maximum node transmissions. Results show that this method improves the guaranteed throughput and outperforms a 10% improvement over [Vhong and Huynh] .It is also shown that NATS outperforms TTR .
{"title":"A New Adaptive Transmission Scheduling in Packet Radio Networks","authors":"S. Madhavi","doi":"10.1109/ICNS.2008.49","DOIUrl":"https://doi.org/10.1109/ICNS.2008.49","url":null,"abstract":"The topology of the packet radio network changes dynamically. The initial slot assignments may cause interferences among the nodes while transmitting. In this paper, the author propose a new adaptive transmission scheduling to packet radio networks that computes the transmission assignments according to the changes in the topology. The node gathers information from its local neighborhood. In addition, this information is useful to reconstruct the slot assignments. The NATS consists of two stages. During the first stage, it obtained a minimal TDMA frame length and the corresponding transmission assignments. In the second stage, the NATS finds the maximum node transmissions. Results show that this method improves the guaranteed throughput and outperforms a 10% improvement over [Vhong and Huynh] .It is also shown that NATS outperforms TTR .","PeriodicalId":180899,"journal":{"name":"Fourth International Conference on Networking and Services (icns 2008)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126673250","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper presents a traffic distribution forecasting model in packet-switching networks with mapping these networks into multi-commodity networks. Firstly, the radial basis function (RBF) networks is applied to monitor and learn the real traffic distribution at present time. Then, a quadratic model is used to calibrate these functions for precise traffic distribution forecasting. The implementation of the proposed model is demonstrated through the use of a numerical example.
{"title":"Traffic Distribution Forecasting in Packet-Switching Networks","authors":"F. Zandi","doi":"10.1109/ICNS.2008.16","DOIUrl":"https://doi.org/10.1109/ICNS.2008.16","url":null,"abstract":"This paper presents a traffic distribution forecasting model in packet-switching networks with mapping these networks into multi-commodity networks. Firstly, the radial basis function (RBF) networks is applied to monitor and learn the real traffic distribution at present time. Then, a quadratic model is used to calibrate these functions for precise traffic distribution forecasting. The implementation of the proposed model is demonstrated through the use of a numerical example.","PeriodicalId":180899,"journal":{"name":"Fourth International Conference on Networking and Services (icns 2008)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125628909","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Security and privacy become mandatory requirements for VoIP communications that needs security services such as confidentiality, integrity, authentication, non-replay and non- repudiation. The available solutions are generic and do not respect voice specificities and constraints. Thus, QoS of the voice is affected by delay, jitter, and packet loss. New security solutions must take into account the real-time constraint of voice service and their mechanisms should address possible attacks and overhead associated with it. Nowadays, VPNs (Virtual Private Networks) is considered the strongest security solutions for communications over IP networks. Most VPN solutions are implemented to tunnel data traffic while the trend toward a converged data and voice network, however, places new demands on VPNs to support real time traffic. In this paper we compare the VPN security protocols presenting their advantage and drawbacks. Then we present our new solution to secure voice over IPSec VPNs while guaranteeing the performance and quality of services, without reducing the effective bandwidth. We use the AVISPA model to analyze the security vulnerabilities of exchange messages to initiate session and establish VPN.
{"title":"VPN Analysis and New Perspective for Securing Voice over VPN Networks","authors":"W. B. Diab, S. Tohmé, C. Bassil","doi":"10.1109/ICNS.2008.8","DOIUrl":"https://doi.org/10.1109/ICNS.2008.8","url":null,"abstract":"Security and privacy become mandatory requirements for VoIP communications that needs security services such as confidentiality, integrity, authentication, non-replay and non- repudiation. The available solutions are generic and do not respect voice specificities and constraints. Thus, QoS of the voice is affected by delay, jitter, and packet loss. New security solutions must take into account the real-time constraint of voice service and their mechanisms should address possible attacks and overhead associated with it. Nowadays, VPNs (Virtual Private Networks) is considered the strongest security solutions for communications over IP networks. Most VPN solutions are implemented to tunnel data traffic while the trend toward a converged data and voice network, however, places new demands on VPNs to support real time traffic. In this paper we compare the VPN security protocols presenting their advantage and drawbacks. Then we present our new solution to secure voice over IPSec VPNs while guaranteeing the performance and quality of services, without reducing the effective bandwidth. We use the AVISPA model to analyze the security vulnerabilities of exchange messages to initiate session and establish VPN.","PeriodicalId":180899,"journal":{"name":"Fourth International Conference on Networking and Services (icns 2008)","volume":"49 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122456426","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The amount of audiovisual data available on the Internet and thus of multimedia communication over today's networks is increasing at a rapid pace. Despite the availability of specific media transport protocols like RTP, most content providers make use of the well-established and reliable TCP protocol to deliver audiovisual content over the Internet. The reason is that TCP-based data delivery in general is much less complicated for the clients to be served and over today's networks traversed (including proxies and firewalls), than making use of UDP-based RTP connections. However, in case of network bandwidth fluctuations and packet losses, TCP-based media delivery may lead to annoying jerky playback at the client side, due to retransmissions and late arrival of media data. This papers deals with TCP-based perceptual QoS improvement mechanisms for increasing the media experience for the consumer under unstable network conditions. Our approach is based on media content adaptation (transcoding) to fit the actual network bandwidth continuously monitored by the sender. The proposed mechanisms are applied at the application level at the server side, leaving the existing TCP implementation untouched and therefore enabling transparent use of existing media players. An evaluation of a realistic use case is presented which underlines the efficacy of our approach.
{"title":"Towards QoS Improvements of TCP-Based Media Delivery","authors":"M. Prangl, Ingo Kofler, H. Hellwagner","doi":"10.1109/ICNS.2008.10","DOIUrl":"https://doi.org/10.1109/ICNS.2008.10","url":null,"abstract":"The amount of audiovisual data available on the Internet and thus of multimedia communication over today's networks is increasing at a rapid pace. Despite the availability of specific media transport protocols like RTP, most content providers make use of the well-established and reliable TCP protocol to deliver audiovisual content over the Internet. The reason is that TCP-based data delivery in general is much less complicated for the clients to be served and over today's networks traversed (including proxies and firewalls), than making use of UDP-based RTP connections. However, in case of network bandwidth fluctuations and packet losses, TCP-based media delivery may lead to annoying jerky playback at the client side, due to retransmissions and late arrival of media data. This papers deals with TCP-based perceptual QoS improvement mechanisms for increasing the media experience for the consumer under unstable network conditions. Our approach is based on media content adaptation (transcoding) to fit the actual network bandwidth continuously monitored by the sender. The proposed mechanisms are applied at the application level at the server side, leaving the existing TCP implementation untouched and therefore enabling transparent use of existing media players. An evaluation of a realistic use case is presented which underlines the efficacy of our approach.","PeriodicalId":180899,"journal":{"name":"Fourth International Conference on Networking and Services (icns 2008)","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131760095","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
J. Kosinski, D. Radziszowski, K. Zielinski, Sławomir Zieliński, Grzegorz Przybylski, Pawel Niedziela
The paper presents an analysis of the possibilities of defining penalty functions to be used in SLA management frameworks. As a basis for the analysis, a brief survey of metrics used in SLA contracts is presented. Next, several definitions of penalty functions are proposed. The definitions are then analyzed in context of embedding them in a working SLA management framework.
{"title":"Definition and Evaluation of Penalty Functions in SLA Management Framework","authors":"J. Kosinski, D. Radziszowski, K. Zielinski, Sławomir Zieliński, Grzegorz Przybylski, Pawel Niedziela","doi":"10.1109/ICNS.2008.32","DOIUrl":"https://doi.org/10.1109/ICNS.2008.32","url":null,"abstract":"The paper presents an analysis of the possibilities of defining penalty functions to be used in SLA management frameworks. As a basis for the analysis, a brief survey of metrics used in SLA contracts is presented. Next, several definitions of penalty functions are proposed. The definitions are then analyzed in context of embedding them in a working SLA management framework.","PeriodicalId":180899,"journal":{"name":"Fourth International Conference on Networking and Services (icns 2008)","volume":"123 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133319491","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: