Anindya Neogi

Aggregate TCP congestion control using multiple network probing

Extensive research in TCPs congestion control mechanism has resulted in an effective algorithm that gives fairly precise estimates on the available bandwidth on a given network path (J. Postel, 1981; V. Jacobson, 1988). However, most past efforts focused on enhancing the accuracy and robustness of the path bandwidth estimation algorithms for individual TCP connections. Relatively fewer attempts have been made to further improve data transport efficiency by sharing path bandwidth information among concurrent TCP connections with the same sources and destinations. The paper proposes an aggregate TCP-based congestion control algorithm (ATCP) that allows individual TCP connections to reach their fair shares of the available network path bandwidth more quickly, while still observing TCPs congestion control semantics. In addition, the proposed algorithm is guaranteed to perform no worse than current TCP congestion control algorithm in all cases, and is designed to be implemented in a way that is completely transparent to both ends of a TCP connection. ATCP is particularly useful for TCP connections that are short-lived and yet have a long round-trip delay, such as Web page transfers using HTTP 1.0. Our trace-driven simulation study shows that the aggregate congestion control algorithm can reduce the normalized transaction latency by a factor of up to 2, compared to standard TCP.

Performance analysis of an RSVP-capable router

RSVP is a bandwidth reservation protocol that allows distributed real time applications such as videoconferencing software to make bandwidth reservations over packet switched networks. Coupled with real time scheduling mechanisms built into packet routers, the network guarantees to provide the reserved bandwidth throughout the lifetime of the applications. Although guaranteed services (S. Shenker et al., 1997) are of great value to both end users and carrier providers, their performance cost, due to additional control and data processing overhead, can potentially have a negative impact on the packet throughput and latency of the RSVP capable routers. The goal of the paper is to examine the performance cost of RSVP based on measurements from an industry strength RSVP implementation on a commercial IP router. The focus is on the detailed evaluation of the performance implications of various architectural decisions in RSVP, as well as the effectiveness of RSVP in the presence of network faults. We found that RSVPs control messages do not incur significant overhead in terms of processing delay and bandwidth consumption. However, the performance overhead of real time packet scheduling is noticeable in the presence of a large number of real time connections. In extreme cases, the performance guarantees of existing real time connections may not be kept, and some best effort packets are actually dropped, although the overall bandwidth requirement from these connections is smaller than the available link bandwidth.

Spout: a transparent distributed execution engine for Java applets

The advent of executable contents such as Java applets exposes WWW users to a new class of attacks that were not possible before. Serious security breach incidents due to implementation bugs arose repeatedly in the past several years. Without a provably correct implementation of Javas security architecture specification, it is difficult to make any conclusive statements about the security characteristic of current Java virtual machines. The Spout project takes an alternative approach to address Javas security problems. Rather than attempt a provably secure implementation, we aim to confine the damages of malicious Java applets to selective machines, thus protecting resources behind an organizations firewall from attacks by malicious or buggy applets. Spout is essentially a distributed Java execution engine that transparently decouples the processing of an incoming applets application logic from that of the graphical user interface (GUI), such that the only part of an applet that is actually running on the requesting users host is the harmless GUI code. A unique feature of the Spout architecture that does not exist in other similar systems, is that it is completely transparent to and does not require any modifications to WWW browsers or class libraries on the end hosts. This paper describes the design, implementation, and performance measurements of the first Spout prototype, which also incorporates run-time resource monitoring mechanisms to counter denial-of-service attacks.

Zodiac: a history-based interactive video authoring system

Abstract. Easy-to-use audio/video authoring tools play a crucial role in moving multimedia software from research curiosity to mainstream applications. However, research in multimedia authoring systems has rarely been documented in the literature. This paper describes the design and implementation of an interactive video authoring system called Zodiac, which employs an innovative edit history abstraction to support several unique editing features not found in existing commercial and research video editing systems. Zodiac provides users a conceptually clean and semantically powerful branching history model of edit operations to organize the authoring process, and to navigate among versions of authored documents. In addition, by analyzing the edit history, Zodiac is able to reliably detect a composed video streams shot and scene boundaries, which facilitates interactive video browsing. Zodiac also features a video object annotation capability that allows users to associate annotations to moving objects in a video sequence. The annotations themselves could be text, image, audio, or video. Zodiac is built on top of MMFS, a file system specifically designed for interactive multimedia development environments, and implements an internal buffer manager that supports transparent lossless compression/decompression. Shot/scene detection, video object annotation, and buffer management all exploit the edit history information for performance optimization.

Phoenix: a low-power fault-tolerant real-time network-attached storage device

Phoenix is a real-time network-attached storage device (NASD) that guarantees real-time data delivery to network clients even across single disk failure. The service interfaces that Phoenix provides are best-effort/real-time reads/writes based on unique object identifiers and block offsets. Data retrieval from Phoenix can be serviced in server push or client pull modes. Phoenixs real-time disk subsystem performance results from a standard cycle-based scan-order disk scheduling mechanism. However, the disk I/O cycle of Phoenix is either completely active or completely idle. This on-off disk scheduling model effectively reduces the power consumption of the disk subsystem, without increasing the buffer size requirement. Phoenix also exploits unused disk storage space and maintains additional redundancy beyond the generic RAID5-style parity. This extra redundancy, typically in the form of block replication, reduces the time to reconstruct the data on the failed disk. This paper describes the design, implementation, and evaluation of Phoenix, one of the first, if not the first, NASDs that support fault-tolerant, real-time, and low-power network storage service.

Spout: a transparent proxy for safe execution of Java applets

The advent of executable contents such as Java applets exposes World Wide Web (WWW) users to a new class of attacks that were not possible before. Despite an array of security checking, detection, and enforcement mechanisms built into the language model, the compiler, and the run-time system of Java, serious security breach incidents due to implementation bugs still arose repeatedly in the past several years. Without a provably correct implementation of Javas security architecture specification, it is difficult to make any conclusive statements about the security characteristic of current Java virtual machines. The Spout project takes an alternative approach to address Javas security problems. Rather than attempt a provable secure implementation, we aim to confine the damages of malicious Java applets to selective machines, thus, preventing the machines behind an organizations firewall from being attacked by malicious or buggy applets. More concretely, Spout is a distributed Java execution engine that transparently decouples the processing of an incoming applets application logic from that of graphical user interface (GUI), such that the only part of an applet that is actually running on the requesting users host is the harmless GUI code. A unique feature of the Spout architecture that does not exist in other similar systems, is that it is completely transparent to and does not require any modifications to WWW browsers or class libraries on the end hosts. This paper describes the detailed design, implementation, and performance measurements of the first Spout prototype, which also incorporates run-time resource monitoring mechanisms to counter denial-of-service attacks.

Sago: a network resource management system for real-time content distribution

Content replication and distribution is an effective technology to reduce the response time for Web accesses and has been proven quite popular among large Internet content providers. However, existing content distribution systems assume a store-and-forward delivery model and is mostly based on static content. This paper describes the design, implementation, and initial evaluation of a network resource management system for real-time Internet content distribution called Sago, which provides facilities to provision and allocate network resources so that multiple bandwidth-guaranteed and fault-tolerant multicast connections can be multiplexed on a single physical network. Sago includes a novel network resource mapping algorithm that takes into account both physical network topology and dynamic traffic demands, a network-wide fault tolerance mechanism that supports both node-level and link-level fault tolerance, and a hierarchical network link scheduler that provides performance protection among multicast connections sharing the same physical network link. Moreover, Sago does not require any IP multicasting support from underlying network routers because it performs application-level multicasting. The technologies underlying Sago are important building blocks for real-time content distribution networks, end-to-end quality of service guarantee over global corporate intranets, and application-specific adaptation of wide-area network services.