Kota Abe

NFS‐based secure file sharing over multiple administrative domains with minimal administration

Although several schemes of file sharing for Unixes have been proposed so far, file sharing by these schemes between different administrative domains is difficult and imposes enormous burden on the administrators even if file sharing is possible since the user information differs by such computers in general. In this paper, the file system PNFS (Proxy/Private Network File System), which makes file sharing based on NFS easy between different administrative domains, is proposed. With PNFS, a user can share files of a server that has his account without intervention of its administrator. Although, in general, a decrease in security occurs when intervention of an administrator is omitted, security is enhanced by encryption and the like by the PNFS. In addition, the efficacy of the proposed system has been verified by performance evaluation of a prototype system, which shows a practically sufficient throughput even with simultaneous accesses from a multiple number of clients.

A LOTOS Compiler Generating Multi-threaded Object Codes

In this paper, we propose an implementation method of LOTOS specifications using a portable multithread mechanism. Based on the method, we have developed a LOTOS compiler generating efficient and portable object codes. In a generated object code, multiple run-time units in a behaviour expression are executed as threads where run-time units correspond to concurrently executable sub-expressions in the behaviour expression. To keep the temporal ordering of events among run-time units, we create a control area referred by all run-time units in the object code. Each unit refers the area to decide whether each event can be executed or not. If executable, the unit executes the event after modifying the control area. Otherwise, it kills itself when it need not execute the event. Our compiler can also generate efficient codes for a sub-class of the abstract data types (ADTs) in the LOTOS specifications. If the ADT part can be treated as functional programs, the compiler generates as efficient object codes as those written in C language directly. From some experimental results, we show our method is efficient to implement a wide class of LOTOS specifications.

Extension of SMIL with QoS control and its implementation

We propose a language called QOS-SMIL where some QoS guarantee statements are added to a subclass of SMIL, and give its implementation technique. In QOS-SMIL, in addition to standard facilities of SMIL, dynamic media-scaling of each multimedia object and explicit inter-media synchronization among objects, can be specified. In the proposed implementation technique, we use real-time LOTOS as an intermediate language so that we convert a given QOS-SMIL description to the corresponding real-time LOTOS specification, and implement it with our real-time LOTOS compiler. Through some experiments, we have confirmed that our approach has some advantages w.r.t. development cost of multimedia systems with QoS control.

Toward Fault-Tolerant P2P Systems: Constructing a Stable Virtual Peer from Multiple Unstable Peers

P2P systems must handle unexpected peer failure and leaving, and thus it is more difficult to implement than server-client systems. In this paper, we propose a novel approach to implement P2P systems by using virtual peers. A virtual peer consists of multiple unstable peers. A virtual peer is a stable entity; application programs run on a virtual peer are not compromised unless a majority of the peers fail within a short time duration. If a peer in a virtual peer fails, the failed peer is replaced by another (non-failed) one to restore the number of working peers. The primary contribution of this paper is to propose a method to form a stable virtual peer over multiple unstable peers. The major challenges are to maintain consistency between multiple peers and to replace a failed peer with another one. For the first issue, the Paxos consensus algorithm is used. For the second issue, the process migration technique is used to replicate and transfer a running process to a remote peer. Furthermore, the relation between the reliability of a virtual peer and the number of peers assigned to a virtual peer is evaluated. The proposed method is implemented in our musasabi P2P platform. An overview of musasabi and its implementation is also given.

Constructing distributed doubly linked lists without distributed locking

A distributed doubly linked list (or bidirectional ring) is a fundamental distributed data structure commonly used in structured peer-to-peer networks. This paper presents DDLL, a novel decentralized algorithm for constructing distributed doubly linked lists. In the absence of failure, DDLL maintains consistency with regard to lookups of nodes, even while multiple nodes are simultaneously being inserted or deleted. Unlike existing algorithms, DDLL adopts a novel strategy based on conflict detection and sequence numbers. A formal description and correctness proofs are given. Simulation results show that DDLL outperforms conventional algorithms in terms of both time and number of messages.

An Efficient Management Method of Access Policies for Hierarchical Virtual Private Networks

VPN (virtual private network) is one of the most important technologies on the Internet. With VPN, we can securely access to resources in the organizational network via the Internet. In VPNs having hierarchical structure, since each VPN domain has different access policy (whether VPN gateway should perform authentication, data encryption, and so on or not), an administrator of a VPN domain may need to configure access policies which are different from every VPN sub-domain. However, in the existing VPN methods, since access policies are stored in a static configuration file of each VPN gateway, an administrator of a VPN domain has to cooperate with the other administrators of its sub-domains. Therefore, management cost of access policies becomes considerably large if the organization has large and complicated structure. In this paper, we propose an efficient management method of access policies for hierarchical VPNs. In order to reduce management cost, we introduce a database with hierarchical structure to represent access policies easily and policy servers to get access policies automatically. The effectiveness of our proposed method is confirmed by an experiment on an actual network using policy servers based on the proposed method.

Design and implementation of an efficient I/O method for a real-time user level thread library

We have developed a portable user level thread library RT-PTL on UNIX, which is intended to be used for soft real time processing, such as multimedia systems. A user level thread is known to be more efficient than a kernel level one because of its small context switch overhead. However user level thread has a restriction that if one thread issues a system call that forces the calling process to be entirely blocked (such as disk I/O operation), no other thread is runnable until the system call has completed. This characteristic is undesirable for real time processing. We present a method to overcome this restriction. Using this method, if one thread requests a system call such as disk I/O operation, only the thread that issues the request is blocked and other threads can continue execution. We have implemented this method and have confirmed by some experiments that the method is widely usable and is also efficient.

A secure private network file system with minimal system administration

In this paper, the design and implementation of PNFS, a secure private network file system is demonstrated. On PNFS each user who has an account on a remote machine is permitted to mount remote files without the assistance of the system administrator. This mount operation and the access to the mounted files are kept secured. The evaluation of PNFS is also discussed.

Integration of QoS guarantees into SMIL and its flexible implementation

In this paper, we propose a flexible implementation technique for QoS control mechanisms where they are implemented as separate modules using the constraint oriented style of real time LOTOS. For an application, we define and implement QOS-SMIL with: (1) dynamic switching, and (2) explicit inter-media synchronization facilities. Experimental results show that the proposed technique has some advantages with respect to development cost for QoS control mechanisms.

New Approach for Configuring Hierarchical Virtual Private Networks Using Proxy Gateways

VPN is one of key technologies on the Internet that allows users to access securely to resources in a domain via unsecure networks. For hierarchically nested security domains, such as an RD and by incorporating a proxy gateway to accommodate communication between clients and the security gateway, this permits secure and highly efficient communications without modifying the client or server.