Fault Tolerant Application-Enhanced Networks
This project advances the use of active network technology to build networks, systems, and applications that tolerate faults and denial-of-service attacks. Active networks allow high-level functionality to be embedded in the network, improving the network's ability to detect and react to failures and attacks. Rather than provide generic fault-tolerant protocols or middleware, the network can handle attacks and faults in an application-specific fashion. We call this embedding of application-specific fault handling application-enhanced fault tolerance. We pursue three main research thrusts:
Local Resource Management. Each node of an active network contains resources that legitimate applications can exploit, but that malicious applications can attack. Faults and denial-of-service attacks can be viewed as a resource allocation and scheduling problem. As part of our research we are developing techniques for accurately accounting for all of a node's resources. Accurate accounting is important for developing interfaces that allow code running on the node to access resources in a controlled and restricted, yet useful, fashion. We then intend to develop scheduling algorithms that allocate multiple resources to the code in a meaningful way. Finally, we intend to distribute these mechanisms across the network, to make the node more fault-tolerant. A prototype active network node will be developed that demonstrates the usefulness of these mechanisms, and will be available to the active network research community.
Related Work: Extensible Routers, Liquid Software
Distributed Terrain Navigation. We use these local resource management mechanisms in the remaining two research thrusts, both of which will demonstrate the usefulness of application-enhanced fault tolerance. The first of these is distributed terrain navigation. This application supports the collection of terrain data from servers, and its dissemination to clients that are navigating or visualizing the terrain. Rather than rely on traditional fault-tolerant network protocols or middleware, this system embeds terrain-navigation-specific functionality into the network, enabling the system as a whole to tolerate denial-of-service attacks and faults better. For example, a client can attempt a denial-of-service attack by repeatedly requesting large, disparate portions of the terrain database. This attack can be thwarted by recognizing the abnormal reference pattern at the active node on the periphery of the network, which then refuses to forward the request. We use the local resource management mechanisms described above to adjust the application’s resource usage in response to attacks and faults, for example, by compressing data when the available bandwidth drops. A prototype is being developed that demonstrates these principles, and will be available to the active network research community.
Related Work: Topovista
Network-Resident Storage. Traditionally, networks only provide applications with communication; active networks make resources such as computation and memory available within the network as well. In this research effort we will investigate the benefits of persistent storage within the network. The resulting network-resident storage system has several benefits over existing architectures, in terms of performance, fault tolerance, and resistance to attacks. Moving storage-specific resource management functions into the network allows faults and attacks to be handled at the periphery of the network, mitigating their effects. Many distributed storage system functions, such as data replication, reconstruction, and synchronization are also best handled in the network because they involve filtering and merging network traffic, thus also improving the system's overall performance. For this research effort we intend to develop a prototype that will be available to the rest of the active network research community.
Related Work: Swarm
DARPA Joint IA&S PI meeting July 19, 2000