Multimedia data are usually very large. Fragmentation of multimedia data units is inevitable when they are transmitted through networks. Active networks are becoming popular, and active technologies are being applied to various interesting problems. When applying active technologies to multimedia data, however, the problem of fragmenting large packets still exists. Furthermore, new issues emerge when active capsules are fragmented. In this paper, we propose a new fragmentation scheme which addresses the unique needs of active networks and which utilizes the special properties of active networks. We propose an algorithm to fragment the data at the transport layer, which can minimize the overhead. Preliminary experimental results show that the scheme works well under realistic scenarios, with an overhead of less than 5%

We present the design and prototype of GnuStream, a peer- to-peer (P2P) and receiver-driven media streaming system. GnuStream is built on top of Gnutella, and it integrates dynamic peer location and streaming capacity aggregation. Each GnuStream streaming session is controlled by the receiver peer and involves a dynamic set of peer senders instead of one fixed sender. The receiver aggregates streaming bandwidth from the multiple senders, achieving load distribution and fast reaction to sender capacity and on/off-line status changes. The effectiveness of GnuStream is demonstrated by our experiments with its prototype, which serves as the basis for real-world development and evaluation of resilient P2P media streaming services.

In active network environments, the data packets can carry active programs to enable specialized processing on them. We quantify the effectiveness of general capsule programs vs. specialized processing functions for multimedia data through four experiments. These experiments deal with the comparison of Java vs. C implementation of a MPEG video decoder, the identification of the time-consuming modules in a Java MPEG video decoder, the effectiveness of combining Java methods and native methods, and the size of the bytecode for each module in a Java MPEG video decoder. We found that a Java MPEG decoder can be 2.6 times to 10 times slower than an equivalent C implementation. We identified the Huffmann decoding module as the most time-consuming module. We also found that the Native Method Interface (NMI) is complex and not efficient enough for use in active routers and the size of the bytecodes for most of the modules is too big to fit into a single packet even after compression. We draw certain conclusions about the trade-off between the general programming model and the specialized functions provided by the router for the active capsules

Recent software systems usually feature an automated failure reporting component, with which a huge number of failures are collected from software end-users. With a proper support of failure indexing, which identifies failures due to the same fault, the collected failure data can help developers prioritize failure diagnosis, among other utilities of the failure data. Since crashing failures can be effectively indexed by program crashing venues, current practice has seen great success in prioritizing crashing failures. A recent study of bug characteristics indicates that as excellent memory checking tools are widely adopted, semantic bugs and the resulting noncrashing failures have become dominant. Unfortunately, the problem of how to index non-crashing failures has not been seriously studied before. In previous study, two techniques have been proposed to index noncrashing failures, and they are T-Proximity and R-Proximity. However, as T-Proximity indexes failures by the profile of the entire execution, it is generally not effective because most information in the profile is fault-irrelevant. On the other hand, although R-Proximity is more effective than T-Proximity, it relies on a sufficient number of correct executions that may not be available in practice. In this paper, we propose a dynamic slicing-based approach, which does not require any correct executions, and is comparably effective as R-Proximity. A detailed case study with gzip is reported, which clearly strates the advantages of the proposed approach.

We have designed an adaptable network architecture, called ADNET, which provides mechanisms to allow an application to adapt to resource constraints to achieve improved QoS. In our experiments we compare three schemes (IP fragmentation, ACTP fragmentation with or without active program) of video transmissions. We find QoS is improved in the ACTP scheme with active programs. Our design aims to unify different QoS control mechanisms together to provide a wide range of network services to all users and meet their specific needs

Recent distributed denial of service attacks have demonstrated the difficulty with tracing network attackers on the Internet and simultaneously led to calls for development of systems to track network traffic to its source. Tracking network traffic is difficult because of two basic techniques used to obfuscate the source of the traffic: spoofing and redirection. In this paper, we examine the desirable properties of network traffic tracking systems (NTTS) from both the technical and social perspectives. An analysis of the feasibility of a system with these properties in a number of increasingly open network models leads us to a number of conclusions. First, NTTS may be very successful in relatively closed environments where there is strong control of the infrastructure, and there is no expectation of privacy. Second, in an open, global Internet, it is not be feasible to deploy a perfect NTTS. Third, if a perfect NTTS for the Internet is not possible, how do we evaluate the consequences of deployment of an evadeable NTTS.

Distributed systems with multiple interacting services, especially e-commerce systems, are suitable targets for malicious attacks because of the potential financial impact. Compared to intrusion detection, automated response has received relatively less attention. In this paper, we present the design of automated response mechanisms in an intrusion tolerant system called ADEPTS. Our focus is on enforcing containment in the system, thus localizing the intrusion and allowing the system to provide service, albeit degraded. ADEPTS uses a graph of intrusion goals, called IGRAPH, as the underlying representation in the system. In response to alerts from an intrusion detection framework, ADEPTS executes algorithms to determine the spread of the intrusion and the appropriate responses to deploy. A feedback mechanism evaluates the success of a deployed response and uses that in guiding future choices. ADEPTS is demonstrated on a distributed e-commerce system and evaluated using a survivability metric.

Event reconstruction plays a critical role in solving physical crimes by explaining why a piece of physical evidence has certain characteristics. With digital crimes, the current focus has been on the recognition and identification of digital evidence using an object’s characteristics, but not on the identification of the events that caused the characteristics. This paper examines digital event reconstruction and proposes a process model and procedure that can be used for a digital crime scene. The model has been designed so that it can apply to physical crime scenes, can support the unique aspects of a digital crime scene, and can be implemented in software to automate part of the process. We also examine the differences between physical event reconstruction and digital event reconstruction.

General-purpose operating systems provide a rich computing environment both to the user and the attacker. The declining cost of hardware and the growing security concerns of software necessitate a revalidation of the many assumptions made in network service architectures. Enforcing sound design principles while retaining usability and flexibility is key to practical security. Poly/sup 2/ is an approach to build a hardened framework for network services from commodity hardware and software. Guided by well-known security design principles such as least common mechanism and economy of mechanism, and driven by goals such as psychological acceptability and immediate usability, Poly/sup 2/ provides a secure platform for network services. It also serves as a testbed for several security-related research areas such as intrusion detection, forensics, and high availability. This paper discusses the overall design and philosophy of Poly/sup 2/, presents an initial implementation, and outlines future work.

Even casual observers can see that our society’s computing infrastructure has significant security problems. Technical sources such as CERT, BugTraq, and the Risks Digest - not to mention the popular media - regularly catalog critical vulnerabilities in deployed software. Unless we figure out how to build trustworthy systems in the real world, we’re in trouble. Recognizing that fact, the Computing Research Association (CRA, www.cra.org), with support from the US National Science Foundation, recently drafted its Grand Research Challenges in security and assurance, intent on galvanizing the field by focusing attention and stimulating progress on these problems.