Advanced applications of Active Networks require support for robust configurable Quality of Service (QoS), and to also prevent or mitigate sophisticated "denial of service" attacks on security. A major unsolved problem for active networks is mapping application requirements into a distributed resource multiplexing strategy. Since this problem bedevils the Internet community as well (viz., IP Telephony, RSVP, etc.) a solution would have broad and immediate impact on the networking community beyond Active Networks.
The Penn/Bellcore SwitchWare active networks project uses programming-language restrictions to balance flexibility, security, usability and performance. In contrast to operating system enforced memory protection, the programming language approach can be viewed as restricting the addresses which can be generated by programs. The advantage of this approach is that some restrictions can be enforced once, at compilation time, versus repeatedly at run-time. In addition, programming language technologies such as ML provide strong type-checking, a key to automated checks of program behavior. The SwitchWare project has used the Caml-lite ML dialect to build an active bridge and an ultralightweight Programming Language for Active Networks (PLAN) appropriate for capsules.
The Cambridge Nemesis Operating System supports "soft" real-time continuous media traffic. To avoid QoS crosstalk, it performs processor multiplexing at a single point, the lowest possible layer in the system, so that even a large portion of interrupt handler execution is performed under scheduler control. Nemesis is an operational single-address space operating system, providing protection by means of virtual-address permissions. Protocols on Nemesis are "vertically-structured", meaning that applications are responsible for resources involved in their own protocol processing, using either default shared libraries or private libraries.
Resource Controlled Active Network Elements (RCANE) can be constructed with a synthesis of SwitchWare and Nemesis. This synthesis will entail: (1) extending the QoS management of Nemesis to be managed by programming language stubs; (2) supporting Caml-lite under Nemesis; (3) developing Caml support for specifying QoS; and (4) developing robust support for co-scheduling based on multiple resources, e.g., CPU cycles, real memory, network bandwidth. This co-scheduling is particularly relevant to Active Networks, where new resources are exposed to users of the network element. RCANE will produce a novel active network element able to support QoS for multimedia traffic and limit or resist denial-of-service attacks of many forms, including "receive-livelock" and TCP SYN-ACK attacks.
The two research groups have broadly similar interests, a tradition of excellence in experimental systems work, and a history of cooperation, personnel exchanges and collaborations. RCANE is a unique opportunity to provide secure, controlled virtualization of active network elements. This proposal requests funds for the U.S. (Penn) portion of this collaborative effort; Cambridge is applying for funds from European analogues of the National Science Foundation.
