The tradeoffs between consistency, performance, and availability are well understood. Traditionally, however, designers of replicated systems have been forced to choose from either strong consistency guarantees or none at all. This paper explores the semantic space between traditional strong and optimistic consistency models for replicated services. We argue that an important class of applications can tolerate relaxed consistency, but benefit from bounding the maximum rate of inconsistent access in an application-specific manner. Thus, we develop a set of metrics, Numerical Error, Order Error, and Staleness, to capture the consistency spectrum. We then present the design and implementation of TACT, a middleware layer that enforces arbitrary consistency bounds among replicas using these metrics. Finally, we show that three replicated applications demonstrate significant semantic and performance benefits from using our framework.

The goal of this work is to support replicated network services that accept updates to numerical records from multiple wide-area locations. Given the

gzipped PostScript format via anonymous FTP from the areaftp.cs.unibo.it:/pub/TR/UBLCS or via WWW at

The Internet architecture was developed to support a number of key goals. Security was not among them. Indeed, in David Clark’s classic paper, “The Design Philosophy of the DARPA Internet Protocols, ” the word security is not used once. By any accounting, security mechanisms have been added to the Internet in a fashion both post hoc and ad hoc, with minimal accommodations from the surrounding communications framework. Inevitably, these mechanisms have provided only an approximation to the security properties motivating their creation and have frequently conflicted with the existing network architecture in which they operate. The network firewall represents a classic example of this tension. A firewall is expected to help enforce an access control policy on traffic traversing its links and yet is unable to make any strong statements about the sender of a piece of traffic or the import of the content it contains. Moreover, in enforcing crude controls, firewalls routinely violate the end-to-end properties of protocols that traverse them. We contend that many of these problems result from a mismatch between the level of abstraction provided by today’s network architecture and the level necessary to describe real security properties. Real-world security policies are invariably about “who ” and “what, ” while the Internet’s architecture answers “where” and “how. ” For example, Internet addresses describe topological endpoints that are inherently virtual. Due to hot spots, spoofing, route hijacking, etc., an IP address in a packet may have only a transient relationship

We accept this essay as conforming

Some of the most dynamic systems being built today consist of physically mobile hosts and logically mobile agents. Such systems exhibit frequent configuration changes and a great deal of resource variability. Applications executing under these circumstances need to react continuously and rapidly to changes in operating conditions and must adapt their behavior accordingly. Applications with these capabilities are referred to as context-aware. Much of the current work on context-aware computing relies on information directly available to an application via context sensors on its local host, e.g., user profile, host location, time of day, resource availability, and quality of service measurements. The goal of this proposal is to develop a new perspective on context-awareness, in which the context includes, in principle, any information available in the ad hoc network but is restricted, in practice, to specific projections of the overall context. This work aims to design and implement a middleware model that brings this notion of context to the application programmer. The unique features of this middleware model will be: (a) the declarative abstract specification of task-specific views of the global context; (b) the ability to redefine these views dynamically; (c) the continuous maintenance of the desired contextual information despite the fact that interactions among hosts in the underlying network are transient and disconnections are frequent; and (d) flexible support for a range of context-aware interactions. This proposal outlines the specific goals of the research, the issues expected to be encountered, and the intended ultimate results of the research. 1

Use of any trademarks in this report is not intended in any way to infringe on the rights of the trademark holder. Internal use. Permission to reproduce this document and to prepare derivative works from this document for internal use is granted, provided the copyright and “No Warranty ” statements are included with all reproductions and derivative works. External use. Requests for permission to reproduce this document or prepare derivative works of this document for external and commercial use should be addressed to the SEI Licensing Agent.