Peter Clutterbuck

Increased availability and scalability for clustered services via the wait time calculation, trust based filtering and redirection of TCP connection requests

The paper describes two new transport layer (TCP) options and an expanded transport layer queuing strategy that facilitate three functions that are fundamental to the dispatching-based clustered service. A transport layer option has been developed to facilitate. the use of client wait time data within the service request processing of the cluster. A second transport layer option has been developed to facilitate the redirection of service requests by the cluster dispatcher to the cluster processing member. An expanded transport layer service request queuing strategy facilitates the trust based filtering of incoming service requests so that a graceful degradation of service delivery may be achieved during periods of overload - most dramatically evidenced by distributed denial of service attacks against the clustered service. We describe how these new options and queues have been implemented and successfully tested within the transport layer of the Linux kernel.

Spyware Security Management via a Public Key Infrastructure for Client-Side Web Communicating Applications

Internet technologies continue to revolutionize the legitimate collection of information from targeted host machines and its transmission to remote servers. The term ‘spyware’ refers to that subset of information collection software that operates illicitly and non-consensually. Two fundamental issues continue to complicate spyware legislation development and operational control strategies. Firstly, unlike the clearly criminal distribution of virus infections, the distribution of spyware is mainly a commercial venture. Secondly, spyware utilizes the same technologies that underpin essential, legitimate information collection applications. This paper describes a security framework to manage these two issues. The security framework, at its core, requires the authentication by the host operating system of each outgoing Web session initiated by each software application running on that host machine. This authentication requires that each software application initiating Web communications be uniquely named via a Public Key Infrastructure digital certificate – and must use this name in all initiated Web communications. This framework facilitates the user-management of all Web communication streams emanating from the host – and this in turn supports the identification of software that engages in the deceptive, misleading, and fraudulent practices already proscribed in existing technology-focused legislation.

Cluster scheduling and load balancing via TCP options

This paper describes an experiment in designing, implementing and testing a transport layer cluster scheduling and dispatching architecture. The motivation for the experiment was the hypothesis that a transport layer clustering solution may offer advantages over the existing industry-standard network layer and data link layer approaches. The critical success factors initially established to guide and evaluate the experiment were reduced dispatcher work load, reduced dispatcher internal state memory requirements, distributed denial of service resilience, and cluster software design simplicity. The functional design stage of the experiment produced a Transport layer strategy for scheduling and load balancing based on the specification of two new TCP options. Implementation required the introduction of the newly specified TCP options into the Linux (2.4) kernel. The implementation produced an extended Linux Socket API to facilitate user-process access to the additional TCP capability. The testing stage of the experiment confirmed the operational efficiency of the solution