Andreas Heiner

Secure software installation in a mobile environment

Software security in mobile devices today is done by granting privileges to software, usually based on code signing. The cost of obtaining signatures and meeting strict quality requirements deters hobbyist developers from participating and contributing to application development. If a certain piece of software does not come with an acceptable signature, the mobile device may give the user the option of deciding whether that software should be granted the requested privileges. Naturally, designing the user interaction for this step without hampering usability and security is tricky. When users are simply prompted whether they want to grant certain privileges to some software, they often do not have enough information to understand the implications of this action. We propose that using community feedback can be an effective way of helping the user to decide whether to grant privileges to software. Community feedback includes opinions and ratings on both security and functionality attributes of software. We argue that users will use community feedback to decide whether they want to use a piece of software and that the decisions to download, install, and grant necessary privileges are implied by the decision to use.

Dynamic localized load balancing

Traditionally dynamic load balancing is applied in resource-reserved connection-oriented networks with a large degree of managed control. Load balancing in connectionless networks is rather rudimentary and is either static or requires network-wide load information. This paper presents a fully automated, traffic driven dynamic load balancing mechanism that uses local load information. The proposed mechanism is easily deployed in a multi-vendor environment in which only a subset of routers supports the function. The Dynamic Localized Load Balancing (DLLB) mechanism distributes traffic based on two sets of weights. The first set is fixed and is inverse proportional to the path cost, typically the sum of reciprocal bandwidths along the path. The second weight reflects the utilization of the link to the first next hop along the path, and is therefore variable. The ratio of static weights defines the ideal load distribution, the ratio of variable weights the node-local load distribution estimate. By minimizing the difference between variable and fixed ratios the traffic distribution, with the available node-local knowledge, is optimal. The above mechanism significantly increases throughput and decreases delay from a network-wide perspective. Optionally the variable weight can include load information of nodes downstream to prevent congestion on those nodes. The latter function further improves network performance, and is easily implemented on top of the standard OSPF signaling. The mechanism does not require many node resources and can be implemented on existing router platforms.

OSPF protocol and statistical tools for network simulations in NS-2

Network simulations have become a popular method to study network behavior. However, relevant and consistent results can be obtained only if the model has sufficient details and the simulation and analysis procedures meet high enough quality criteria. The solution space of simulations may have several clearly separate, but equally probable optimal minima. This together with the stochastic nature of simulations typically necessitates several long simulations. Here we describe implementations of the OSPF protocol and a novel random generator in NS-2 simulator. Additionally, we describe a tool that enables efficient statistical analysis of the simulation results. The power of these tools is demonstrated with a simple scenario.

Closed equation to incorporate quality of service criteria in network planning

We have developed a closed equation that allows calculation of the optimal bandwidth based on estimates of volume and quality of service criteria of user traffic. The basic assumption underlying the equation is that traffic to be dropped at a bottleneck link should not be sent to that link in the first place. Instead, such traffic should be dropped as early as possible. The equation was validated with simulations using a topology and a traffic mix typical for 3G radio access networks. The quality of service of user traffic to the routers on either side of the backup link was considerably better compared to standard methods. The equation uses only a few parameters based on the traffic demand matrix and is easily incorporated in a network-planning tool to calculate backup links or bandwidth requirements for logical pipes. It can also be used as basis for complete network planning.

Improved network convergence and quality of service by strict priority queuing of routing traffic

During the transient period after a link failure the network cannot guarantee the agreed service levels to user data. This is due to the fact that forwarding tables in the network are inconsistent. Moreover, link states can inadvertently be advertised wrong due to protocol time outs, which may result in persistent route flaps. Reducing the probability of wrongly advertised link states, and the time during which the forwarding tables are inconsistent, is therefore of eminent importance to provide consistent and high level QoS to user data. By queuing routing traffic in a queue with strict priority over all other (data) queues, i.e. assigning the highest priority in a Differentiated Services model, we were able to reduce the probability of routing data loss to almost zero, and reduce flooding times almost to their theoretical limit. The quality of service provided to user traffic was considerable higher than without the proposed modification. The scheme is independent of the routing protocol, and can be used with most differentiated service models. It is compatible with the current OSPF standard, and can be used in conjunction with other improvements in the protocol with similar objectives.