7.29.2009

Zero Config Residential Gateway Experiences for Next Generation Smart Homes

Zero Config Residential Gateway Experiences for Next Generation Smart Homes

Home networks and home environments are developing so fast that a new generation of residential gateways is needed in order to allow emerging services and the huge amount of available bandwidth to take advantage of this evolution. New protocols, applications, devices and services are appearing day after day and in order to properly cope with them, gateways must continuously be evolved. This article presents a novel architecture developed so as to allow the automatic update and configuration of residential gateways.

While data flows are treated following a conventional procedure, it is for signaling messages that the architecture proposes an application layer processing. This allows for an easier deployment of new modules capable of understanding the different signaling protocols that are needed to set up the corresponding services. These different modules (Configuration Agents) can be dynamically installed or uninstalled by Service Providers and can also interact with the rest of the layers of the architecture in order to configure the whole platform. This architecture has been validated by means of experiences within a SIP enabled environment to allow the automatic provisioning of QoS guaranteed services to next generation smart homes.

Tag : Sciencedirect.com

7.27.2009

Rate control of multi class priority flows with end-to-end delay and rate constraints for QoS networks

Rate control of multi class priority flows with end-to-end delay and rate constraints for QoS networks

To address end-to-end quality of service (QoS) requirements, we derive a novel distributed combined rate and end-to-end delay control in a network serving multi-class flows with priority packet scheduling. We show that the control is globally asymptotically stable without information time lags. The stable flows attain the end-to-end delay requirements and have no packet loss.

We also show that by enhancing the network with bandwidth reservation and admission control, minimum rate is also guaranteed. The stability with very long time lags of a discrete time version control with non-greedy flows and random packet arrivals is studied numerically by an NS2 packet-based simulation of the Australian Academic and Research Network.

Tag : Sciencedirect.com

7.25.2009

Change design and planning in networked systems based on reuse of knowledge and automation

Change design and planning in networked systems based on reuse of knowledge and automation

Proper management of Information Technology (IT) resources and services has become imperative for the success of modern organizations. The IT Infrastructure Library (ITIL) represents, in this context, the most widely accepted framework to help achieve this end. Among the processes that compose ITIL, change management has an important role in defining best practices and processes for the efficient and prompt handling of IT changes. In practice, however, such changes are usually described and documented in an ad hoc fashion, due to the lack of proper support to assist the design process.

This hampers knowledge acquired when specifying, planning, and carrying out previous changes to be reused in subsequent requests, even though such reuse may result in fewer incidents and faster specification of change plans. To address this problem, in this paper we present a conceptual solution to support the design and planning of IT changes and explore the concept of change templates as a mechanism to formalize, preserve, and (re)use knowledge in the specification of (recurrent and similar) IT changes.

To prove concept and technical feasibility of the proposed solution, we have developed a prototypical implementation of a change management system called ChangeLedge and used it to carry out a set of experiments, considering typical IT changes. The results obtained indicate the effectiveness and efficiency of the system, which is able to generate accurate and actionable change plans in substantially less time than would be spent by a skilled human operator.

Tag : sciencedirect.com

7.23.2009

Firewall Policy Verification and Troubleshooting

Firewall Policy Verification and Troubleshooting

Firewalls are important elements of enterprise security and have been the most widely adopted technology for protecting private networks. The quality of protection provided by a firewall mainly depends on the quality of its policy (i.e., configuration). However, due to the lack of tools for verifying and troubleshooting firewall policies, most firewalls on the Internet have policy errors.

A firewall policy can error either create security holes that will allow malicious traffic to sneak into a private network or block legitimate traffic disrupting normal traffic, which in turn could lead to diestrous consequences. We propose a firewall verification and troubleshooting tool in this paper. Our tool takes as input a firewall policy and a given property, then outputs whether the policy satisfies the property.

Furthermore, in the case that a firewall policy does not satisfy the property, our tool outputs which rules cause the verification failure. This provides firewall administrators a basis for how to fix the policy errors. Despite of the importance of verifying firewall policies and finding troublesome rules, they have not been explored in previous work. Due to the complex nature of firewall policies, designing algorithms for such a verification and troubleshooting tool is challenging.

In this paper, we designed and implemented a verification and troubleshooting algorithm using decision diagrams, and tested it on both real-life firewall policies and synthetic firewall policies of large sizes. The performance of the algorithm is sufficiently high that they can practically be used in the iterative process of firewall policy design, verification, and maintenance. The firewall policy troubleshooting algorithm proposed in this paper is not limited to firewalls. Rather, they can be potentially applied to other rule-based systems as well.

Tag : sciencedirect.com

7.21.2009

A Distributed Addressing and Routing System for Large Scale Wireless Sensor and Actor Networks

A Distributed Addressing and Routing System for Large Scale Wireless Sensor and Actor Networks

Wireless Sensor and Actor Networks (WSANs) are made up of a large number of sensing devices which are resource-impoverished nodes and powerful actuation devices: both are equipped with computation and communication capabilities. These devices cooperate to manage sensing and perform acting tasks. Numerous work conducted in the field of WSANs assumes the existence of addresses and routing infrastructure to validate their proposals.

However, assigning addresses and delivering detected events in these networks remains highly challenging, specifically due to the sheer number of nodes. To address these issues, this paper proposes SubCast, a novel distributed address assignment and routing scheme based on a Topic Clustering System and fractal theory Iterated Function Systems.

In order to minimize data delivery costs among actors, the proposed architecture first builds an actor overlay network before allocating addresses to network nodes. Location information in the allocated addresses allows establishing data delivery paths. Simulation results confirm that the proposed system efficiently guarantees the allocation of unique addresses and performs efficient data delivery while reducing communication costs, delays as well as the impact of imprecise locations.

Tag : sciencedirect.com