About
73
Publications
4,373
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
6,704
Citations
Citations since 2017
Publications
Publications (73)
GENI’s goal of wide-scale collaboration on infrastructure owned by independent and diverse stakeholders stresses current access control systems to the breaking point. Challenges not well addressed by current systems include, at minimum, support for distributed identity and policy management, correctness and auditability, and approachability. The At...
This chapter describes the DETER Project and its centerpiece facility DETERLab. DETERLab is a large-scale, shared, and open modeling, emulation, and experimentation facility for networked systems, developed and operated as a national resource for cyber-security experimentation. The Project itself has three major components:
It is widely argued that today's largely reactive, "respond and patch" approach to securing cyber systems must yield to a new, more rigorous, more proactive methodology. Achieving this transformation is a difficult challenge. Building on insights into requirements for cyber science and on experience gained through 8 years of operation, the DETER pr...
We present a dynamic and adaptive decision model for an autonomous user agent whose task is to dynamically negotiate and procure wireless access for a mobile user. A user is assumed to have cognitive and motivational costs associated to providing subjective preference in-formation to the agent. Therefore the task of the per-sonal agent is to dynami...
Elicitation of user preferences has been recognized to be one the most important goals of user-centered AI systems. Solutions to this problem have been cast as a utility function construction problem to adaptive classi£cation given classes of utility func-tions, to sequential decision making. In this pa-per we present the preference elicitation pro...
Effective analysis of raw data from networked systems requires bridging the semantic gap between the data and the user's high-level understanding of the system. The raw data represents facts about the system state and analysis involves identifying a set of semantically rel-evant behaviors, which represent "interesting" relation-ships between these...
This note describes the use of the RSVP resource reservation protocol with the Controlled-Load and Guaranteed QoS control services. The RSVP protocol defines several data objects which carry resource reservation information but are opaque to RSVP itself. The usage and data format of those objects is given here. Status of this Memo This document is...
Since 2004, the DETER Cybersecurity Testbed Project has worked to create the necessary infrastructure - facilities, tools, and processes-to provide a national resource for experimentation in cyber security. The next generation of DETER envisions several conceptual advances in testbed design and experimental research methodology, targeting improved...
Contains reports on seven research projects.
We describe an architecture for creating experimental environments across multiple cooperating Emulab-based testbeds, called the DETER federation architecture (DFA). The system uses cooperative resource allocation and multiple-level testbed access to create a cohesive environment for experimentation. Testbeds that contribute resources continue to e...
From its inception in 2004, the DETER testbed facility has provided effective, dedicated experimental resources and expertise to a broad range of academic, industrial and government researchers. Now, building on knowledge gained, the DETER developers and community are moving beyond the classic "testbed" model and towards the creation and deployment...
Modern day sensor network technology has shown great promise to transform environmental data collection. However, despite the promise, these systems have remained the purview of the engineers and computer scientists who design them rather than a useful tool for the environmental scientists who need them. SensorKit is conceived of as a way to make w...
Testbed experiments are a challenge to manage manually, because they involve multiple machines and their correctness depends on the correct operation of testbed infrastructure that is often hidden from the experimenter. Testbed experiments that recreate security events add management challenges of scale - they are often very large; complexity - man...
This paper describes a resource access control system for federation of Emulab-based testbeds within the DETER federation architecture. The system is based on three levels of principals and uses generalizations of the Emulab project system to assign access rights. A prototype implementation is described.
The DETER testbed provides infrastructure for conducting medium-scale repeatable experiments in computer security, especially experiments that involve malicious code. Built using Utah's EMULAB, the DETER testbed has been configured and extended to provide ...
The Global Environment for Network Innovations is a major planned initiative of the US National Science Foundation to build an open, large-scale, realistic experimental facility for evaluating new network architectures. The facility's goal is to change the way we design networked and distributed systems, creating over time new paradigms that integr...
This paper proposes an isolation layer -- a shim -- betweeninter-domain routing and packet forwarding. The job of this layer isto coordinate between Autonomous Systems (AS's) on when and how tomodify the forwarding state to ensure inter-domain routing loops donot cause forwarding loops. The benefits of a consistency layer aretwofold. First, it prev...
In recent years, we have seen the emergence of numerous types of so-called "overlay" networks in the internet. There are many diverse examples of such overlay networks including the content-delivery-caching networks, implemented by companies like Akamai, the peer-to-peer file sharing networks associated with applications such as BitTorrent, the voi...
How might the computing and communications world be materially different in 10 to 15 years, and how might we define a research agenda that would get us to that world?
This report describes an effort to understand how the Internet might be designed today if we could make a fresh start. The goal is to understand the current set of requirements that drive the Internet, and to offer long-term directions to help guide the evolution of the Internet in response to these requirements.
The problem of interest is how to dynamically allocate wireless access services in a competitive market which implements a take-it-or-leave-it allocation mechanism. In this paper we focus on the subproblem of preference elicitation, given a mechanism. The user, due to a number of cognitive and technical reasons, is assumed to be initially uninforme...
This report describes an effort to understand how the Internet might be designed today if we could make a fresh start. The goal is to understand the current set of requirements that drive the Internet, and to offer long-term directions to help guide the evolution of the Internet in response to these requirements.
Connectivity is central to pervasive computing environments. We seek to catalyze a world of rich and diverse connectivity through technologies that drastically simplify the task of providing, choosing, and using wireless network services; creating a new and more competitive environment for these capabilities. A critical requirement is that users ac...
This document is the final report for Project LCS-Marine, carried out by MIT Laboratory for Computer Science and the MicroDisplay Corporation. The goals of the project were to design and evaluate the usefulness of an integrated information delivery system utilizing a) multimodal human-oriented conversational applications and b) a compact handheld w...
The problem of interest is how to dynamically allocate wireless access services in a competitive market which implements a take-it-or-leave-it allocation mechanism. In this paper we focus on the subproblem of preference elicitation, given a mechanism. The user, due to a number of cognitive and technical reasons, is assumed to be initially uninforme...
Routing on the Internet today is as much about money as it is traffic. The business relationships of an ISP largely dictate its routing policy and drive the work of its engineers. In today's routing mechanism, this leads to a number of well-known pathologies. This structure is further challenged by the emergence of user-directed routing.This paper...
Introduction Our poster considers the use of machine learning agents to autonomously and continually select among wireless access services available to a user. Our context is the Personal Router project; a technical research program aimed at reshaping the wireless network access market towards greater competition and diversity [CW00]. By allowing p...
The architecture of the Internet is based on a number of principles, including the self-describing datagram packet, the end to end arguments, diversity in technology and global addressing. As the Internet has moved from a research curiosity to a recognized component of mainstream society, new requirements have emerged that suggest new design princi...
One of the Internet's greatest strengths is that it does not know or care what its applications are or what they are doing: it simply forwards data. Yet network users experience the network through the functioning and performance of applications. This divergence of perspective leads to a number of problems. For example, a user whose local DNS servi...
A system as complex as the Internet can only be designed effectively if it is based on a core set of design principles, or tenets, that identify points in the architecture where there must be common understanding and agreement. The tenets of the original Internet architecture [6] arose as a response to the technical, governmental, and societal envi...
A system as complex as the Internet can only be designed effectively if it is based on a core set of design principles, or tenets, that identify points in the architecture where there must be common understanding and agreement. The tenets of the original Internet architecture arose as a response to the technical, governmental, and societal environm...
In order to ensure proper quality of service for real-time communication in a mobile wireless Internet environment, it is essential to minimize the transient packet loss when the mobile host (MH) is moving between different cells (subnets) within a domain. ...
The architecture of the Internet is based on a number of principles, including the self-describing datagram packet, the end to end arguments, diversity in technology and global addressing. As the Internet has moved from a research curiosity to a recognized component of mainstream society, new requirements have emerged that suggest new design princi...
The Integrated Services (Intserv) architecture provides a means for the delivery of end-to-end Quality of Service (QoS) to applications over heterogeneous networks. To support this end-to-end model, the Intserv architecture must be supported over a wide variety of different types of network elements. In this context, a network that supports Differe...
This document defines a general use Differentiated Services (DS) [Blake] Per-Hop-Behavior (PHB) Group called Assured Forwarding (AF).
This document describes an approach for providing RSVP protocol services over IP tunnels. We briefly describe the problem, the characteristics of possible solutions, and the design goals of our approach. We then present the details of an implementation which meets our design goals.
This document describes mappings of IETF Integrated Services over LANs built from IEEE 802 network segments which may be interconnected by IEEE 802.1D MAC Bridges (switches). It describes parameter mappings for supporting Controlled Load and Guaranteed Service using the inherent capabilities of relevant IEEE 802 technologies and, in particular, 802...
The Personal Router is a mobile personal user agent whose task is to dynamically model the user, update its knowledge of a market of wireless service providers and select providers that satisfies the user' s expected prefer- ences. The task of seamlessly managing the procure- ment and execution of short or long term connection for a mobile user is...
The world is evolving from one in which almost all access to the
Internet comes through personal computers, to one in which so-called
Internet appliances are expected to make up a growing share of end user
equipment. Focusing on consumer-oriented appliances, we consider whether
this shift has implications for the pace of Internet innovation. We
con...
Bringing networked computing to new users and new contexts entails a disruptive decrease in the level of user patience for
complexity. This paper discusses the tensions involved in making devices as easy to use as traditional appliances, within the
context of the open and rapidly changing Internet. It distinguishes class 1 appliances, whose functio...
The world is evolving from one in which almost all access to the Internet comes from personal computers (PCs) to one in which so-called Internet appliances (IAs) will make up a greater share of end-user equipment. Today's PC is a general-purpose, highly configurable and extensible device ? an "intelligent end-node" of the sort the Internet's design...
An Integrated Services (int-serv) router performs admission control and resource allocation based on the information contained in a TSpec (among other things). As currently defined, TSpecs convey information about the data rate (using a token bucket) and range of packet sizes of the flow in question. However, the TSpec may not be an accurate repres...
This paper proposes GIA, a scalable architecture for global IPanycast. Existing designs for providing IP-anycast must either globally distribute routes to individual anycast groups, or confine each anycast group to a pre-configured topological region. The first approach does not scale because of excessive growth in the routing tables, whereas the s...
The Integrated Services (Intserv) architecture provides a means for the delivery of end-to-end Quality of Service (QoS) to applications over heterogeneous networks. To support this end-to-end model, the Intserv architecture must be supported over a wide variety of different types of network elements. In this context, a network that supports Differe...
A global IP-Anycast service is desirable for service location and auto-configuration. However, known approaches either broadcast all anycast routes causing significant increase in the routing tables, or confine each anycast address to a pre-configured topological region, which severely limits the service utility. This paper presents a novel solutio...
This document defines a general use Differentiated Services (DS) [Blake] Per-Hop-Behavior (PHB) Group called Assured Forwarding (AF). The AF PHB group provides delivery of IP packets in four independently forwarded AF classes. Within each AF class, an IP packet can be assigned one of three different levels of drop precedence. A DS node does not reo...
This memo presents two recommendations to the Internet community concerning measures to improve and preserve Internet performance. It presents a strong recommendation for testing, standardization, and widespread deployment of active queue management in routers, to improve the performance of today's Internet. It also urges a concerted effort of rese...
This memo defines a set of general control and characterization parameters for network elements supporting the IETF integrated services QoS control framework. General parameters are those with common, shared definitions across all QoS control services.
This paper describes a new at-most-once message passing protocol that provides guaranteed detection of duplicate messages even when the receiver has no state stored for the sender. It also discusses how to use at-most-once messages to implement higher-level primitives such as at-once-remote procedure calls and sequenced bytestream protocols. Our pe...
This paper describes a new message passing protocol that provides guaranteed detection of duplicate messages even when the receiver has no state stored for the sender. It also discusses how to use these messages to implement higher-level primitives such as at-most-once remote procedure calls and sequenced bytestream protocols, and describes an impl...
A novel message-passing protocol that guarantees at-most-once message delivery without requiring communication to establish connections, is described. The authors discuss how to use these messages to implement higher level primitives such as at-most-once remote procedure calls (RPC) and describe an implementation of at-most-once RPCs using their me...
Over the past several years, we have seen the emergence of numerous types of so-called "overlay" networks in the Internet. There are many diverse examples of such overlay networks including the content-delivery-caching networks, implemented by companies like Akamai, the peer-to-peer file sharing networks associated with applications such as BitTorr...
We describe the Personal Router project, a program of research currently underway within the Advanced Network Architecture group at the MIT Laboratory for Computer Science.
This document discusses goals and directions for a research effort aimed at developing a next-generation Internet architecture.
