We find ourselves today often carrying numerous portable electronic devices, such as notebook computers, mobile phones, PDAs, digital cameras and mp3/MD/DVD players, used to help and entertain us in our professional life as well as in our private life. For the most part, these devices are used separately and their applications do not interact. Imagine, however, if they could interact directly and thus create a network where information may flow seamlessly between the devices such a network of personal devices is often referred to as a personal area network (PAN). Moreover, access to the Internet via a (public) wireless LAN access point and/or via a 3G UMTS mobile phone would enable the PAN to be constantly on-line. The strongest candidate to provide with the cheap, short-range radio links necessary to enable such networks is the Bluetooth wireless technology. Seen from a networking perspective, a PAN will be expected to have participants, both of its own devices and guest devices from other PANs, continuously moving in and out of its coverage. To cope with this volatile nature of the network, the concept of adhoc networking may be applied to create a robust and flexible connectivity. A major technical step is taken when the Bluetooth piconet network architecture, a strict star topology, is extended into a scatternet architecture, where piconets are interconnected. A consequence of creating scatternet based PANs is that some nodes will form gateways between piconets and these gateways must be capable of time sharing their presence in each piconet they are members of. While the Bluetooth standard defines the gateway nodes, the actual mechanisms and algorithms that accomplish the inter-piconet scheduling (IPS) is left rather open. Given the lack of research literature in ...

The Shield project relied on application protocol analyzers to detect potential exploits of application vulnerabilities. We present the design of a second-generation generic application-level protocol analyzer (GAPA) that encompasses a domain-specific language and the associated run-time. We designed GAPA to satisfy three important goals: safety, real-time analysis and response, and rapid development of analyzers. We have found that these goals are relevant for many network monitors that implement protocol analysis. Therefore, we built GAPA to be readily integrated into tools such as Ethereal as well as Shield. GAPA preserves safety through the use of a memorysafe language for both message parsing and analysis, and through various techniques to reduce the amount of state maintained in order to avoid denial-of-service attacks. To support online analysis, the GAPA runtime uses a streamprocessing model with incremental parsing. In order to speed protocol development, GAPA uses a syntax similar to many protocol RFCs and other specifications, and incorporates many common protocol analysis tasks as built-in abstractions. We have specified 10 commonly used protocols in the GAPA language and found it expressive and easy to use. We measured our GAPA prototype and found that it can handle an enterprise client HTTP workload at up to 60 Mbps, sufficient performance for many end-host firewall/IDS scenarios. At the same time, the trusted code base of GAPA is an order of magnitude smaller than Ethereal. 1

Packets sent using the IP protocol include the IP address of the sending host. The recipient directs replies to the sender using this source address. However, the correctness of this address is not verified by the protocol. The IP protocol specifies no method for validating the authenticity of the packet's source. This implies that an attacker can forge the source address to be any desired. This is almost exclusively done for malicious or at least inappropriate purposes. Given that attackers can exploit this weakness for many attacks, it would be beneficial to know if network traffic has spoofed source addresses. This knowledge can be particularly useful as an adjunct to reduce false positive from intrusion detection systems. This paper discusses attacks using spoofed packets and a wide variety of methods for detecting spoofed packets. These include both active and passive host-based methods as well as the more commonly discussed routing-based methods. Additionally, we present the results of experiments to verify the effectiveness of passive methods.

We compared the traffic from hosts connected to the network via a wired or wireless interface, emphasizing the impact of 802.11 on packet delay and loss. Our study uses only passive monitoring techniques, namely, inference from TCP header traces. This enabled us to study a population of several thousand hosts in a real production environment, in which more than 31 million TCP connections were made. Our first contribution is methodological. Passive methods always have some degree of uncertainty, and we overcome this limitation by mostly relying on relative differences between wired and wireless traffic. Our analysis revealed that wireless clients experienced substantially higher packet delay variability than wired clients but their loss rates are surprisingly similar. We found that both the number of unnecessary TCP retransmissions and, even more substantially, the number of interrupted connections are higher for the wireless LAN than for the wired LAN. To the best of our knowledge, this is the first research effort to directly contrast wired and wireless traffic of a large production network.

To deploy real-time services to mobile Internet users, providing low latency handover is an important issue. If a handover is performed across IP subnets, the mobile node generally needs to acquire a new care-of IP address to avoid losing ongoing connections. This paper describes existing alternatives to acquire a care-of address on a visited subnet, and evaluates the related protocols with respect to their effect on the handover latency. We have found that these protocols involve random wait times that can lead to delays in the order of seconds, even when performing a handover between high speed wireless networks. To decrease these delays, we suggest that some of the current recommendations and requirements should be changed in order to support low latency handover.

The basic system timer facilities used by applications and OS kernels for scheduling timeouts and periodic activities have remained largely unchanged for decades, while hardware architectures and application loads have changed radically. This raises concerns with CPU overhead, power management and application responsiveness. In this paper we study how kernel timers are used in the Linux and Vista kernels, and the instrumentation challenges and tradeoffs inherent in conducting such a study. We show how the same timer facilities serve at least five distinct purposes, and examine their performance characteristics under a selection of application workloads. We show that many timer parameters supplied by application and kernel programmers are somewhat arbitrary, and examine the potential benefit of adaptive timeouts. We also discuss the further implications of our results, both for enhancements to the system timer functionality in existing kernels, and for the clean-slate design of a system timer subsystem for new OS kernels, including the extent to which applications might require such an interface at all.

Using the Internet as an infrastructure for mobile, real-time communication is an attractive goal as well as a challenging task. The non-optimal routing, inherent in several proposed IP mobility schemes makes it harder to meet the requirement of low end-to-end delay. Mobile users may also perceive decreased performance when a handover between to access points is performed. In this study, common IP based mobility support schemes are evaluated according to their impact on the end-to-end delay and their IP level handover performance. Of the schemes considered, Mobile IPv6[15] shows the best characteristics. Mobile IPv4 with route optimization[16] is also promising, however, some enhancements are suggested.

Abstract — With recent advances in virtual computing and the revelation that compute-intensive tasks run well on system virtual machines (VMs), the ability to develop, deploy, and manage distributed systems has been ameliorated. This paper explores the design space of VM-based sandboxes where the following techniques that facilitate the deployment of secure nodes in Widearea Overlays of virtual Workstations (WOWs) are employed: DHCP-based virtual IP address allocation, self-configuring virtual networks supporting peer-to-peer NAT traversal, stacked file systems, and IPsec-based host authentication and end-to-end encryption of communication channels. Experiments with implementations of single-image VM sandboxes, which incorporate the above features and are easily deployable on hosted I/O VMMs, show execution time overheads of 10.6 % or less for a batchoriented CPU-intensive benchmark.

This paper describes the tools and techniques developed and deployed to address the problem of blocking unauthorized users on unprotected Ethernet jacks. Our solution is being deployed to control public labs at the University of Alberta during the summer of 1999. In this environment, we have a mix of "walk up" Ethernet connections used for laptop computers, and public Windows 95 and 98 workstations with fixed Ethernet connections. By themselves, none of these provide adequate facilities for preventing unauthorized Internet usage and enabling us to track Internet abuses originating from these networks. Prior to the deployment of our new access control system, these networks were not routed off of our campus due to these problems. Our access control system consists of MAC-locked switches behind a gateway at which an IP filter only allows Internet access when authenticated. Now we allow the authenticated users full access to the Internet, while preventing unauthorized people fro...

We describe a new control protocol called Adaptive Gateway Location Protocol (AGLP). In this protocol, a client requests a computation on a multimedia stream. AGLP discovers programmable Internet servers that process multimedia streams, and assigns the computation to one of these socalled gateways. AGLP continuously searches for alternate gateways, and, transparent to users, migrates computations between them to improve e#ciency. The AGLP protocol uses soft-states for robustness and scale. Simulation results support that our protocol quickly locates gateways and migrates computations while keeping the load on the network low. We also outline planned enhancements to AGLP.