C. Jason Chiang

Cognitive Radio Rides on the Cloud

Cognitive Radio (CR) is capable of adaptive learning and reconfiguration, promising consistent communications performance for C4ISR1 systems even in dynamic and hostile battlefield environments. As such, the vision of Network-Centric Operations becomes feasible. However, enabling adaptation and learning in CRs may require both storing a vast volume of data and processing it fast. Because a CR usually has limited computing and storage capacity determined by its size and battery, it may not be able to achieve its full capability. The cloud2 can provide its computing and storage utility for CRs to overcome such challenges. On the other hand, the cloud can also store and process enormous amounts of data needed by C4ISR systems. However, todays wireless technologies have difficulty moving various types of data reliably and promptly in the battlefields. CR networks promise reliable and timely data communications for accessing the cloud. Overall, connecting CRs and the cloud overcomes the performance bottlenecks of each. This paper explores opportunities of this confluence and describes our prototype system.

GNU Radio-Based Digital Communications: Computational Analysis of a GMSK Transceiver

Significant progress has been made in the past twenty years on the implementation of software-defined radios (SDRs) based on general purpose processors (GPPs). In contrast, there has been limited work on the analysis of the computational requirements of such SDRs. Quantifying the signal processing complexity in SDR is critical to ensuring that the system has sufficient computational resources to support reliable digital communications. Our contribution is to analyze and measure the computational cost of a Gaussian minimum shift keying (GMSK) transceiver based on GNU Radio, a widely used GPP-based SDR. Further, we introduce GNU Radios working mechanism. To the best of our knowledge, our work is the first to provide detailed computational analysis of digital communications based on GNU Radio.

Sophisticated Access Control via SMT and Logical Frameworks

We introduce a new methodology for formulating, analyzing, and applying access-control policies. Policies are expressed as formal theories in the SMT (satisfiability-modulo-theories) subset of typed first-order logic, and represented in a programmable logical framework, with each theory extending a core ontology of access control. We reduce both request evaluation and policy analysis to SMT solving, and provide experimental results demonstrating the practicality of these reductions. We also introduce a class of canonical requests and prove that such requests can be evaluated in linear time. In many application domains, access requests are either naturally canonical or can easily be put into canonical form. The resulting policy framework is more expressive than XACML and languages in the Datalog family, without compromising efficiency. Using the computational logic facilities of the framework, a wide range of sophisticated policy analyses (including consistency, coverage, observational equivalence, and change impact) receive succinct formulations whose correctness can be straightforwardly verified. The use of SMT solving allows us to efficiently analyze policies with complicated numeric (integer and real) constraints, a weak point of previous policy analysis systems. Further, by leveraging the programmability of the underlying logical framework, our system provides exceptionally flexible ways of resolving conflicts and composing policies. Specifically, we show that our system subsumes FIA (Fine-grained Integration Algebra), an algebra recently developed for the purpose of integrating complex policies.

QoS-aware Adaptive Middleware (QAM) for tactical MANET applications

Developing distributed applications for MANETs is a complex task due to the latters bandwidth constrained nature. Further, in tactical MANETs, there is a need to prioritize traffic generated by distributed applications so that high priority traffic gets preferential access to the bandwidth constrained communication medium. Finally, applications must be designed to accommodate network bandwidth and traffic loads that vary with time. It is unrealistic to expect individual application developers to be able to accommodate these constraints which essentially cut across multiple applications that share the MANET. In this paper we describe a communication middleware system: QoS-aware Adaptive Middleware (QAM) that shields distributed application developers from the complexities of tactical MANETs1. QAM resolves the problem of bandwidth contention between multi-priority applications by providing an adaptive, priority aware, middleware layer that acts as an intermediary between an application and the network protocols it uses. QAM adapts to current network conditions by providing a reliable data transfer mechanism that is capable of adapting data transfer rates in response to changing network conditions. The adaptations performed by QAM attempt to limit the use of network bandwidth by applications when network bandwidth is diminished. Moreover, QAM limits network use more aggressively for lower priority applications than for higher priority applications, thus giving preferential treatment to the latter. Existing network layer mechanisms such as priority queuing and bandwidth provisioning are either inadequate or inapplicable for addressing traffic prioritization needs in tactical MANETs. QAM provides capabilities that are complementary to existing QoS mechanisms and is better suited for tactical MANETs. Our paper provides a description of the QAM architecture and early evaluations of a QAM prototype.

Managing network security policies in tactical MANETs using DRAMA

Military networks are required to adapt their access control policies to the Information Operations Condition (INFOCON) levels to minimize the impact of potential malicious activities. Such adaptations must be automated to the extent possible, consistent with mission requirements, and applied network-wide. In this paper, we present a Policy-Based Network Security (PBNS) management approach for tactical MANETs. This approach leverages the DRAMA policy based network management system and the Smart Firewall system to meet the above requirement. It allows administrators to specify low-level network access control policies for each INFOCON level using high-level policies (adapted from the Smart Firewalls approach). The high-level policies are securely distributed to all the policy decision points in the network, which evaluate and enforce policies in a distributed manner. As a consequence of enforcing policies in response to INFOCON level changes, appropriate access control policies will be derived and applied to local firewall devices without human intervention. Thus, operator burden can be significantly reduced and inadvertent errors can be avoided.

Automated Policy Analysis

Static analysis of access-control policies is becoming increasingly important. Such analysis can reveal errors and vulnerabilities in the policies, as well as logical inconsistencies, unintended effects, and discrepancies between different policies or different versions of the same policy. In the process, it helps policy developers to better understand the effects of their policies. Policy analysis has typically been done by hand. For instance, when a bug is discovered and corrected, the resulting policy is manually inspected to ensure that the fix works and that it does not introduce any new problems. But when the policies are large or their logical structure non-trivial, performing such analysis manually is tedious and error-prone. In this paper we show how to automate a wide array of useful policy analyses. This is accomplished by representing policies as logical formulas in the SMT (satisfiability-modulo-theory) subset of first-order logic, and couching analysis questions as SMT problems, which are then solved by efficient off-the-shelf SMT solvers. Because SMT solvers can reason about arithmetic and inductive data types, in addition to Boolean constraints, our system can handle many policies that cannot be analyzed by existing policy engines. We describe the formulation of a number of useful analyses (consistency, completeness, and observational equivalence), and report experimental results on the efficiency of our implementation for analyzing policies of various sizes and kinds of logical structure.

Policy-controlled dynamic spectrum access in multitiered mobile networks

Managed mobile ad hoc networks, such as tactical networks, are frequently implemented using multiple subnets, or tiers, so that nodes in one tier can communicate to nodes in another tier only through gateways that can communicate in both tiers. This structure imposes an extra burden on network planning personnel to plan and configure appropriate nodes as gateways between tiers taking into account the connectivity between tiers required to meet communication needs and the robustness required to deal with failures and mobility. This paper presents Net Communication Goals—a policy for specifying connectivity between tiers—and an implementation of a system for enforcing these policies. Using Net Communication Goals, or net goals, network planning personnel need only specify the required number of connections between tiers. These policies are then dynamically enforced within each tier, reconfiguring the frequencies used by network nodes to provide dynamic access to different parts of the available spectrum, thereby automatically maintaining the needed connectivity without manual intervention.

On the Feasibility of Deploying Software Attestation in Cloud Environments

We present XSWAT (Xen SoftWare ATtestation), a system that makes use of timing based software attestation to verify the integrity of cloud computing platforms. We believe that ours is the first instance of a system that uses this attestation technique in a cloud environment and results obtained indicate the feasibility of its deployment. An overview of the XSWAT system and the associated threat model, along with a study of cloud environment impacts on performance, is presented. Environmental parameters include types of interconnects between the XSWAT verifier and measurement agent as well as the number of concurrently executing virtual machines on the platform being verified. Conversely, we also study the impact of XSWAT execution using well known system benchmarks and find this to be insignificant, thereby strengthening the case for XSWAT. We also discuss novel XSWAT mechanisms for addressing TOCTOU attacks.

Gateway selection in multitiered mobile ad hoc networks

Mobile ad-hoc networks, such as tactical networks, are frequently implemented using multiple subnets, or tiers, so that nodes in one tier can communicate to nodes in another tier only through gateways that can communicate in two of the tiers. The selection of the gateway nodes affects the robustness and performance of the connected subnets. This paper presents an algorithm for selecting gateways in multitiered networks. The algorithm selects gateway nodes based on the performance impact, both current and predicted, to the network traffic. The algorithm is tunable to respond to restrictions on the number of permitted gateways and the number of standby gateways desired. This paper describes an implementation of the algorithm that controls nodes in a simulated network and presents directions for future research.

QAM: A comprehensive QoS-aware Middleware suite for tactical communications

QAM (QoS-aware Adaptive Middleware) is a software framework for developing distributed applications intended to operate in tactical MANET environments1. Developing distributed applications for tactical MANETs is challenging due to the dynamic network capacity and competing priorities across multiple applications. QAM allows a developer to focus on the processing aspects of the application by abstracting out the details of bandwidth constrained communication and relative application priorities. QAM enforces sharing of dynamic network capacity by application flows by allocating bandwidth use in proportion to application priority.