Presentation is loading. Please wait.

Presentation is loading. Please wait.

Anetd and the Abone SRI International Livio Ricciulli.

Published byMiles Norton Modified over 9 years ago

Similar presentations

Presentation on theme: "Anetd and the Abone SRI International Livio Ricciulli."— Presentation transcript:

1 Anetd and the Abone SRI International Livio Ricciulli

2 ANCORS Http://www.csl.sri.com/ancors

3 Scalability Flexibility Merging of Technologies Fidelity Software Reuse Design support

4 Advantages of Merging Enhanced functionality –Simulation as a network resource –Load and fault models can be derived from real network Software reuse –Common deployment mechanism –Reuse NM to retrieve and analyze simulation results –Management of models through NM infrastructure

5 Open Problems Interoperable specification, modeling and simulation of networks Simulation scalability Adaptive monitoring and control Maximizing reuse of existing software

6 Three basic classes of deployable services Execution Environments (ANTS, PLAN, NetScript ….) Monitoring and Control (SNMP agents, Emerald monitors, RSVP....) Engineering (new) (ANCORS’s virtual kernel, Xkernel ….)

7 Engineering Control & Monitoring Execution Env. Network Services Assessment Services Adaptive Learning Heuristic Assessment Control Services Automatic Response Network Engineering and Management Hierarchy Anetd

8

9 ANCORS Deploys, Configures and Controls Network Services in an Integrated and Extensible Fashion. ANCORS Daemon Network Management Client Services Trusted HTTP Server Load (Digitally Signed) EE fork Control & Monitoring fork Engineering fork Alarms

10 Security Reuse Unix security mechanisms to specify and enforce: –Access to local resources (files, devices, CPU) –non-interference Use public key cryptography (RSA) to authenticate who is pushing (client) Restrict where code comes from –clients are not allowed to upload code directly but can only specify a trusted code servers

11 ANEP demultiplexing If ANEP packet is type 51 signature is verified and Anetd commands are executed –If command=Load a new EE is spawned, If T=id is present, future ANEP packets with Type=id will be forwarded to standard input of this EE if T is not present EE is just spawned; EE is on its own If ANEP packet is not type 51 try to forward to previously spawned EE For each Anetd, each ANEP type can only map to one EE

12 EE Requirements EE code should be placed on a trusted code server (ex. sequoia.csl.sri.com) If EE wants demultiplexing, it should read ANEP data from standard input and should be able to parse ANEP

13 EE requirements (cont.) Java –All native methods calls should be grouped in a small set of classes to be explicitly preloaded through Anetd together with the native libraries. –Need to use Anetd’s class loader http://sequoia.csl.sri.com:7000/netscript-0.10/src/netscript/kernel/Box.java –Since code comes from trusted code server we are liberal about Java security checks (almost everything is allowed) Native –Portable code, statically linked and compiled for Linux 2.x FreeBSD 2.x or 3.x and Solaris

14 SRI Abone registration site www.csl.sri.com/ancors/abone EE developers register their public keys and their intent of using the Abone. Node administrators register Abone nodes and pick EE developers to authorize. EE developers can find out (in real-time) which Abone nodes authorize them and pick nodes to build overlay networks. –Question: How do we let node administrators know about new EE developers that come along later?

15 Anetd-based ABONE today Anetd is deployed at: Columbia, Bellcore, CNR, ISI, MIT, SRI, TIS, UPM, Utah, Virginia Tech, Navy, Aerospace, Upenn, Hanyang, INRIA,U Washington, KU, UCLA. Students are beginning to do homework with Anetd and some EEs Anetd can build networks with the following EEs ANTS (Pure Java) (3 versions) PLAN (Ocaml) ARP (Java+Native) NetScript (Java+Native) ANCORS (Java+Native)

16 Abone Connectivity

17 y z x x x x x Overlay networks through Anetd Port x Anetd EE x Each Abone node runs multiple Anetd daemons each listening on ports x,y,z, etc.. Deamons can deploy and manage one-another including themselves! When an EE developer wants to build an overlay network he/she chooses an available port x, y, z, etc.. Since different EEs types can share the same input port through Anetd’s demultiplexing, EE developers can share same ports.

18 Anetd in the protocol stack IP TCP UDP ICMPANEP Anetd’s Functionality User-level EEs (today) EEs AN Native Anetd’s Functionality User-level EEs EEs Option 1 Option 2 ANEP

19 Anetd’s TODO list More documentation Make Anetd enforce persistence so that, after reboot, EEs are restarted automatically. Log all Anetd commands. Use HTTP caching to avoid downloading the same code. Authenticate code. Add debugging support. Port Anetd to more platforms. Public key update. Anetd as a component of the protocol stack.

20 Anetd+Xbone+VAN IP XBone Anetd UDP/TCP VAN Other EE ANEP

Download ppt "Anetd and the Abone SRI International Livio Ricciulli."

Similar presentations

InterScan AppletTrap Zhang Hong Trend Micro, AppletTrap Team 2001.09.18 (Nanjing)

InterScan AppletTrap Zhang Hong Trend Micro, AppletTrap Team (Nanjing)
PKIX BASED CERTIFICATION INFRASTRUCTURE IMPLEMENTATION ADAPTED TO NON PERSONAL END ENTITIES Jacob E., Liberal F., Unzilla J. {jtpjatae, jtplimaf,

PKIX BASED CERTIFICATION INFRASTRUCTURE IMPLEMENTATION ADAPTED TO NON PERSONAL END ENTITIES Jacob E., Liberal F., Unzilla J. {jtpjatae, jtplimaf,
Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
Gong Su Mar. 22, 2000. Columbia University, DCC Lab, March 2000 Multi-Edged Network Applications  Traditional net apps: end-end computing  Client-server.

Gong Su Mar. 22, Columbia University, DCC Lab, March 2000 Multi-Edged Network Applications  Traditional net apps: end-end computing  Client-server.
® IBM Software Group © 2010 IBM Corporation What’s New in Profiling & Code Coverage RAD V8 April 21, 2011 Kathy Chan

® IBM Software Group © 2010 IBM Corporation What’s New in Profiling & Code Coverage RAD V8 April 21, 2011 Kathy Chan
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
IWay Service Manager 6.1 Product Update Scott Hathaway iWay Software Copyright 2010, Information Builders. Slide 1.

IWay Service Manager 6.1 Product Update Scott Hathaway iWay Software Copyright 2010, Information Builders. Slide 1.
Network-Attached Storage

Network-Attached Storage
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Java Parallel Processing Framework. Presentation Road Map What is Java Parallel Processing Framework JPPF Features JPPF Requirements JPPF Topology JPPF.

Java Parallel Processing Framework. Presentation Road Map What is Java Parallel Processing Framework JPPF Features JPPF Requirements JPPF Topology JPPF.
© 2009 Research In Motion Limited Advanced Java Application Development for the BlackBerry Smartphone Trainer name Date.

© 2009 Research In Motion Limited Advanced Java Application Development for the BlackBerry Smartphone Trainer name Date.
Contiki A Lightweight and Flexible Operating System for Tiny Networked Sensors Presented by: Jeremy Schiff.

Contiki A Lightweight and Flexible Operating System for Tiny Networked Sensors Presented by: Jeremy Schiff.
1 DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S. TANENBAUM MAARTEN VAN STEEN Chapter 3 Processes Skip 3.1-3.3.

1 DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S. TANENBAUM MAARTEN VAN STEEN Chapter 3 Processes Skip
Rob Jaeger, University of Maryland, Department of Computer Science 1 Active Networking “ The active network provides a platform on which network services.

Rob Jaeger, University of Maryland, Department of Computer Science 1 Active Networking “ The active network provides a platform on which network services.
Beth Johnson April 27, 1998. What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.

Beth Johnson April 27, What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.

ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.

Similar presentations

Ads by Google