Thomas J. Giuli

Mitigating routing misbehavior in mobile ad hoc networks

This paper describes two techniques that improve throughput in an ad hoc network in the presence of nodes that agree to forward packets but fail to do so. To mitigate this problem, we propose categorizing nodes based upon their dynamically measured behavior. We use a watchdog that identifies misbehaving nodes and a pathrater that helps routing protocols avoid these nodes. Through simulation we evaluate watchdog and pathrater using packet throughput, percentage of overhead (routing) transmissions, and the accuracy of misbehaving node detection. When used together in a network with moderate mobility, the two techniques increase throughput by 17% in the presence of 40% misbehaving nodes, while increasing the percentage of overhead transmissions from the standard routing protocols 9% to 17%. During extreme mobility, watchdog and pathrater can increase network throughput by 27%, while increasing the overhead transmissions from the standard routing protocols 12% to 24%.

The LOCKSS peer-to-peer digital preservation system

The LOCKSS project has developed and deployed in a world-wide test a peer-to-peer system for preserving access to journals and other archival information published on the Web. It consists of a large number of independent, low-cost, persistent Web caches that cooperate to detect and repair damage to their content by voting in “opinion polls.” Based on this experience, we present a design for and simulations of a novel protocol for voting in systems of this kind. It incorporates rate limitation and intrusion detection to ensure that even some very powerful adversaries attacking over many years have only a small probability of causing irrecoverable damage before being detected.

Informed mobile prefetching

Prefetching is a double-edged sword. It can hide the latency of data transfers over poor and intermittently connected wireless networks, but the costs of prefetching in terms of increased energy and cellular data usage are potentially substantial, particularly for data prefetched incorrectly. Weighing the costs and benefits of prefetching is complex, and consequently most mobile applications employ simple but sub-optimal strategies. Rather than leave the job to applications, we argue that the underlying mobile system should provide explicit prefetching support. Our prototype, IMP, presents a simple interface that hides the complexity of the prefetching decision. IMP uses a cost-benefit analysis to decide when to prefetch data. It employs goal-directed adaptation to try to minimize application response time while meeting budgets for battery lifetime and cellular data usage. IMP opportunistically uses available networks while ensuring that prefetches do not degrade network performance for foreground activity. It tracks hit rates for past prefetches and accounts for network-specific costs in order to dynamically adapt its prefetching strategy to both the network conditions and the accuracy of application prefetch disclosures. Experiments with email and news reader applications show that IMP provides predictable usage of budgeted resources, while lowering application response time compared to the oblivious strategies used by current applications.

Intentional networking: opportunistic exploitation of mobile network diversity

Mobile devices face a diverse and dynamic set of networking options. Using those options to the fullest requires knowledge of application intent. This paper describes Intentional Networking, a simple but powerful mechanism for handling network diversity. Applications supply a declarative label for network transmissions, and the system matches transmissions to the most appropriate network. The system may also defer and re-order opportunistic transmissions subject to application-supplied mutual exclusion and ordering constraints. We have modified three applications to use Intentional Networking: BlueFS, a distributed file system for pervasive computing, Mozillas Thunderbird e-mail client, and a vehicular participatory sensing application. We evaluated the performance of these applications using measurements obtained by driving a vehicle through WiFi and cellular 3G network coverage. Compared to an idealized solution that makes optimal use of all aggregated available networks but that lacks knowledge of application intent, Intentional Networking improves the latency of interactive messages from 48% to 13x, while adding no more than 7% throughput overhead.

2 P2P or not 2 P2P

In the hope of stimulating discussion, we present a heuristic decision tree that designers can use to judge how suitable a P2P solution might be for a particular problem. It is based on characteristics of a wide range of P2P systems from the literature, both proposed and deployed. These include budget, resource relevance, trust, rate of system change, and criticality.

AMC: verifying user interface properties for vehicular applications

Vehicular environments require continuous awareness of the road ahead. It is critical that mobile applications used in such environments (e.g., GPS route planners and location-based search) do not distract drivers from the primary task of operating the vehicle. Fortunately, a large body of research on vehicular interfaces provides best practices that mobile application developers can follow. However, when we studied the most popular vehicular applications in the Android marketplace, no application followed these guidelines. In fact, vehicular applications were not substantially better at meeting best practice guidelines than non-vehicular applications. To remedy this problem, we have developed a tool called AMC that uses model checking to automatically explore the graphical user interface (GUI) of Android applications and detect violations of vehicular design guidelines. AMC is designed to give developers early feedback on their application GUI and reduce the amount of time required by a human expert to assess an applications suitability for vehicular usage. We have evaluated AMC by comparing the violations that it reports with those reported by an industry expert for 12 applications. AMC generated a definitive assessment for 85% of the guidelines checked; for these cases, it had no false positives and a false negative rate of under 2%. For the remaining 15% of cases, AMC reduced the number of application screens that required manual verification by 95%.

Impeding attrition attacks in P2P systems

P2P systems are exposed to an unusually broad range of attacks. These include a spectrum of denial-of-service, or attrition, attacks from low-level packet flooding to high-level abuse of the peer communication protocol. We identify a set of defenses that systems can deploy against such attacks and potential synergies among them. We illustrate the application of these defenses in the context of the LOCKSS digital preservation system.

Prioritized gossip in vehicular networks

We propose using real world mobility traces to identify tractable theoretical models for the study of distributed algorithms in mobile networks. Specifically, we derive a vehicular ad hoc network model from a large corpus of position data generated by San Francisco-area taxicabs. Unlike previous work, our model does not assume global connectivity or eventual stability. Instead, we assume only that some subset of processes might be connected through transient paths (e.g., paths that exist over time). We use this model to study the problem of prioritized gossip, in which processes attempt to disseminate messages of different priority. We present CabChat, a distributed prioritized gossip algorithm that leverages an interesting connection to the classic Tower of Hanoi problem to schedule the broadcast of packets of different priorities. Whereas previous studies of gossip leverage strong connectivity or stabilization assumptions to prove the time complexity of global termination, in our model, with its weak assumptions, we instead analyze CabChat with respect to its ability to deliver a high proportion of high priority messages over the transient paths that happen to exist in a given execution.

Evaluating vehicular ad hoc networks for group applications

This paper identifies a class of potential vehicular network applications that are geographically localized and restricted to groups of vehicles. Applications such as group voice or text chat, periodic location updates and rear-seat gaming require content to be published and consumed by group members. In this framework, content delivery performance is the key metric. In this paper, we study the performance of such applications using the network simulation tool, ns-2 with realistic vehicle mobility traces. In order to mirror real-life vehicle mobility, we use vehicle location traces generated by a micro-traffic simulator that implements sophisticated vehicle mobility models like car-following, lane changing and passing. The goal of the simulations is to understand the impact of using two different MAC technologies, the amount of multi-hop forwarding, the size of the vehicle groups, and network density on the content delivery within the groups. The results are promising and indicate that group applications are feasible and can achieve high content delivery when network parameters are tuned appropriately.

The Case for Modeling Security, Privacy, Usability and Reliability (SPUR) in Automotive Software

During the past few years, there has been considerable growth in the practice of modeling automotive software requirements. Much of this growth has been centered on software requirements and its value in the context of specific functional areas of an automobile, such as powertrain, chassis, body, safety and infotainment systems. This paper makes a case for modeling four cross-functional attributes of software, namely security, privacy, usability, and reliability, or SPUR. These attributes are becoming increasingly important as automobiles become information conduits. We outline why these SPUR attributes are important in creating specifications for embedded in-vehicle automotive software. Several real-world use-cases are reviewed to illustrate both consumer needs and system requirements -- functional and non-functional system requirements. From these requirements the underlying architectural elements of automotive SPUR are also derived. Broadly speaking these elements span three software service domains: the off-board enterprise software domain, the nomadic (device or service) software domain and the embedded (in-vehicle) software domain, all of which need to work in tandem for the complete lifecycle management of automotive software.