Alexander Poylisher

Policy-based mobile ad hoc network management for drama

Ad hoc networking is the basis of the future military network-centric warfare architecture. Such networks are highly dynamic in nature, as mobile ad hoc networks are formed over wireless links that are susceptible to failure. Strict requirements on security and reliability combined with the dynamic nature of the network provide a strong motivation for self-forming, self-configuring, and self-healing capabilities in the network. This paper describes a policy-based mobile ad hoc network management system that addresses these needs. The system provides the capability to express networking requirements in the form of policies at a high level and have them automatically realized in the network by intelligent agents. Our system provides the following capabilities: flexible monitoring and reporting that enables collection of management information from network elements at configurable intervals; automated configuration and re-configuration of network elements based on reported network status; user-definable aggregation and filtering of monitored management information at the source of the data so as to reduce management station processing and network transmission overhead.

An integrated testbed for Virtual Ad Hoc Networks

Testing of applications for ad hoc networks poses a special technical challenge due to the difficulty of conducting experiments in an ad hoc network environment at a scale larger than a few nodes. One approach is to conduct experiments in a testbed that can imitate an ad hoc network. This requires the development of technologies that enable multiple instances of unmodified application software on a set of hosts to communicate via a simulated network that behaves like a real ad hoc network. In this paper, we describe the testbed developed under the Virtual Ad hoc Network (VAN) project1 for testing applications over ad hoc networks, with a special focus on network management applications. The testbed employs Xen-based virtualization to achieve resource scalability. The infrastructure for the testbed provides an integrated platform consisting of virtual nodes running the actual software under test, augmented with a simulated network environment. Our goal is to enable software testing over large-scale (500–1000 nodes) ad hoc networks using the VAN Testbed.

PECAN: policy-enabled configuration across networks

The Internet is growing to the point of needing more serious, scalable management infrastructure. Telecommunications companies and Internet service providers alike face the pressures of upgrading and provisioning their networks while constraining their infrastructure costs to maintain profitability and to stay competitive in an industry that is financially stressed with tight profit margins. In order to be financially successful in this environment, service providers will have to support a variety of services and applications on a combined packet infrastructure, carrying increased varieties of traffic with different performance characteristics and predictable levels of managed quality of service (QoS). Multi-protocol label switching (MPLS) traffic engineering enables service providers to engineer their networks to provide such QoS; however, this task brings along with it a plethora of management challenges. We discuss these management challenges and our experience with the design and implementation of a policy-based management system, PECAN, for managing MPLS networks. PECAN provides the ability for a network operator to define high-level policies that control the operation of the management system. These high-level policies control admission of traffic into the network based on the QoS guarantees required; placement of traffic flows on MPLS traffic engineered paths; and the feedback loop between network fault/performance monitoring and reconfiguration of the network to alleviate the effects of any observed problems.

Scalable policy management for ad hoc networks

The characteristics of mobile ad hoc networks (commonly called MANETs) are sufficiently different from commercial wireline networks to have generated a great deal of work in alternate management paradigms. The task of managing MANETs involves frequent reconfiguration, due to node mobility and consequently dynamically changing network topology. Network nodes often have limited battery power and storage capacity, and wireless radio link capacity and quality varies dynamically based on environmental conditions (weather, terrain, foliage, etc.). These differences have resulted in a need for paradigms particularly suited for managing MANETs. In this paper, we describe a distributed, hierarchical management system that implements policy-based control of a MANET. Policies are used to enable flexible composition of diverse management actions based on network conditions and external events. A policy conflict detection mechanism based on event calculus is used to detect certain types of policy conflicts. The rapidly changing network topology and link characteristics typical of a MANET are managed by an adaptive, self-forming hierarchy of policy agents that implement the appropriate management actions based on their management role. The system described in this paper has been prototyped and demonstrated in a laboratory environment

On Automated Policy Generation for Mobile Ad Hoc Networks

In this paper we describe an approach to the problem of automated policy generation for mobile ad hoc networks. The automated policy generation problem is difficult in its own right. It becomes even more challenging when the context environment to consider is a mobile ad hoc network. We have designed an optimization-based, utility-driven approach aimed at generating optimal policies with respect to the given network objectives. The main novelty of this approach is in the combination of optimization heuristics and network simulation to solve the problem. We describe this approach, present the software architecture of our implementation, and illustrate the approach with a case study on automated generation of DiffServ-based QoS policies for a 50-node mobile ad hoc network.

Leveraging social network for predicting demand and estimating available resources for communication network management

Computer networks exist to provide a communication medium for social networks, and information from social networks can help in estimating their communication needs. Despite this, current network management ignores the information from social networks. On the other hand, due to their limited and fluctuating bandwidth, mobile ad hoc networks are inherently resource-constrained. As traffic load increases, we need to decide when and how to throttle the traffic to maximize user satisfaction while keeping the network operational. The state-of-the-art for making these decisions is based on network measurements and so employs a reactive approach to deteriorating network state by reducing the amount of traffic admitted into the network. However, a better approach is to avoid congestion before it occurs, by (a) monitoring the network for early onset signals of congestive phase transition, and (b) predicting future network traffic using user and application information from the overlaying social network. We use machine learning methods to predict the amount of traffic load that can be admitted without transitioning the network to a congestive phase and to predict the source and destination of near future traffic load. These two predictions when fed into an admission control component ensure better management of constrained network resources while maximizing the quality of user experience.

Novel software agent framework with embedded policy control

In general, agent frameworks allow the functionality of their agents to be augmented with plug-ins, and agents in a multi-agent system collaborate with other agents to achieve their collective and/or individual goals. This model poses a few issues in terms of function coordination: (i) to allow the insertions of plug-ins on-the-fly, an agent framework needs to properly schedule the execution of plug-ins in a timely, coordinated fashion; (ii) plug-ins may conflict with each other in their behavior; and (in) agents may need to adapt their behavior based on their environments, in addition to coordinating their actions according to their objectives. Recent advances in policy-based management research suggest a promising direction to remedy the deficiency of existing software agent frameworks. We envision that the coordination between the plug-ins within an agent as well as the compliance of agents with environmental requirements can be achieved via policy control. With policy control, agents can adapt their behavior dynamically to meet the ever-changing environmental requirements such as those posed by military wireless ad hoc networks. In this paper, we present a novel software agent framework with seamlessly integrated policy control. We first describe the concept of policy control and how it is integrated into this framework. Next we explain the process of policy in action, discuss in detail the functions and benefits of policy control, and elaborate on the agent behavior adaptation that enables agents to achieve their goals while meeting dynamic environmental requirements.

On the Feasibility of Deploying Software Attestation in Cloud Environments

We present XSWAT (Xen SoftWare ATtestation), a system that makes use of timing based software attestation to verify the integrity of cloud computing platforms. We believe that ours is the first instance of a system that uses this attestation technique in a cloud environment and results obtained indicate the feasibility of its deployment. An overview of the XSWAT system and the associated threat model, along with a study of cloud environment impacts on performance, is presented. Environmental parameters include types of interconnects between the XSWAT verifier and measurement agent as well as the number of concurrently executing virtual machines on the platform being verified. Conversely, we also study the impact of XSWAT execution using well known system benchmarks and find this to be insignificant, thereby strengthening the case for XSWAT. We also discuss novel XSWAT mechanisms for addressing TOCTOU attacks.

Reliability estimation in mobile ad hoc networks

We describe a system for estimating the reliability of nodes in a mobile ad hoc network. The goal of the system is to detect insider attacks on the control plane of wireless protocols at the link and network layers, and to generate and propagate corresponding reliability estimates for nodes across the network. Our contributions are two-fold: first, we implement a cross-layer invariant-based technique for attack detection, where rules about correct combined behavior of protocols are specified based on data collected from multiple layers of the protocol stack. Next, we use the results of our attack detection techniques to compute reliability estimates for network nodes, where a reliability estimate represents the estimate of a node N for another node M. The form of our reliability estimate for a node is expressed as (t, c), where t indicates the trust for that node, and c indicates the confidence in this trust value. Reliability estimates are propagated across the network in a manner that is resilient to malicious nodes that propagate false reliability estimates, and minimizes network overheads. Our simulation results show that the above techniques result in highly accurate reliability estimates even in the presence of multiple malicious nodes in the network.

The Zodiac Policy Subsystem: A Policy-Based Management System for a High-Security MANET

Zodiac (Zero Outage Dynamic Intrinsically Assurable Communities) is an implementation of a high-security MANET, resistant to multiple types of attacks, including Byzantine faults. The Zodiac architecture poses a set of unique system security, performance, and usability requirements to its policy-based management system (PBMS). In this paper, we identify theses requirements, and present the design and implementation of the Zodiac Policy Subsystem (ZPS), which allows administrators to securely specify, distribute and evaluate network control and system security policies to customize Zodiac behaviors. ZPS uses the Keynote language for specifying all authorization policies with simple extension to support obligation policies.