Robert Braden

From protocol stack to protocol heap: role-based architecture

Questioning whether layering is still an adequate foundation for networking architectures, this paper investigates non-layered approaches to the design and implementation of network protocols. The goals are greater flexibility and control with fewer feature interaction problems. The paper further proposes a specific non-layered paradigm called role-based architecture.

Experience with DETER: a testbed for security research

The DETER testbed is shared infrastructure designed for medium-scale repeatable experiments in computer security, especially those experiments that involve malicious code. The testbed provides unique resources and a focus of activity for an open community of academic, industry, and government researchers working toward better defenses against malicious attacks on our networking infrastructure, especially critical infrastructure. This paper presents our experience with the deployment and operation of the testbed, highlights some of the research conducted on the testbed, and discusses our plans for continued development, expansion, and replication of the testbed facility

Computing the internet checksum

This memo discusses methods for efficiently computing the Internet checksum that is used by the standard Internet protocols IP, UDP, and TCP.An efficient checksum implementation is critical to good performance. As advances in implementation techniques streamline the rest of the protocol processing, the checksum computation becomes one of the limiting factors on TCP performance, for example. It is usually approapriate to carefully hand-craft the checksum routine, exploiting every machine-dependent trick possible; a fraction of a microsecond per TCP data byte can add up to significant CPU time savings overall.

The DETER project: Advancing the science of cyber security experimentation and test

Since 2004, the DETER Cybersecurity Testbed Project has worked to create the necessary infrastructure — facilities, tools, and processes-to provide a national resource for experimentation in cyber security. The next generation of DETER envisions several conceptual advances in testbed design and experimental research methodology, targeting improved experimental validity, enhanced usability, and increased size, complexity, and diversity of experiments. This paper outlines the DETER projects status and current R&D directions.

Making the world (of communications) a different place

How might the computing and communications world be materially different in 10 to 15 years, and how might we define a research agenda that would get us to that world?

The ASP EE: an active network execution environment

This paper describes the ASP Execution Environment (EE), a prototype general-purpose active network execution environment that initiates and controls the execution of Java-based active applications. Features of the ASP EE include support for persistent active applications, fine-grained network I/O control, security, resource protection and timing services.

A pseudo-machine for packet monitoring and statistics

This paper concerns the design of a flexible and efficient packet monitoring program for analyzing traffic patterns and gathering statistics on a packet network. This monitor operates in real time, using an analyzer which is an interpretive pseudo-machine driving object-oriented data collection programs. The pseudo-program for the interpreter is “compiled” from configuration commands written in a monitoring control language.

Evolution of an active networks testbed

This paper explores the requirements for a network testbed designed specifically to support research in active networking. It also describes the design of the wide-area active networks testbed named the ABone. The ABone provides a virtual and real network infrastructure for active network experiments, using a diverse set of OS platforms. Its design embodies a tradeoff among the testbed goals of scalability, availability, security, heterogeneity, and modularity.

An autonomic routing framework for sensor networks

Current routing services for sensor networks are often designed for specific applications and network conditions, thus have difficulty in adapting to application and network dynamics. This paper proposes an autonomic framework to promote the adaptivity of routing services in sensor networks. The key idea of this framework is to maintain some feature functions that are decoupled from originally-integrated routing services. This separation enables significant service changes to be done by only tuning these functions. Measures including parameterization are taken to save the energy for changing these functions. Further, this framework includes a monitoring module to support a policy-based collaborative adaptation. This paper shows an example autonomic routing service conforming to this framework.

First steps toward scientific cyber-security experimentation in wide-area cyber-physical systems

This extended abstract reports on steps towards an environment for repeatable and scalable experiments on wide-area cyber-physical systems. The cyber-physical systems that underlie the worlds critical infrastructure are increasingly vulnerable to attack and failure. Our work has focused on secure and resilient communication technology for the electric power grid, a subset of the general cyber-physical problem. We have demonstrated tools and methodology for experimentation with GridStat, a middleware system designed to provide enhanced communication service for the grid, within the DETERlab cyber-security testbed. Experiment design tools for DETERlab and for GridStat will ease the creation and execution of relatively large experiments, and they should make this environment accessible to users inexperienced with cluster testbeds. This abstract presents brief overviews of DETERLab and of GridStat and describes their integration. It also describes a large scale GridStat/DETERlab experiment.