Proceedings - International Conference on Distributed Computing Systems

Ubiquitous computing promotes the proliferation of various stationary, embedded and mobile devices interconnected by heterogeneous networks. It leads to a highly dynamic distributed system with many devices and services coming and going frequently. Many emerging distributed multimedia applications are being deployed in such a computing environment. In order to make the experience for a user truly seamless and to provide soft performance guarantees, we must meet the following challenges: (1) users should be able to perform tasks continuously, despite changes of resources, devices and locations; (2) users should be able to efficiently utilize all accessible resources within runtime environments to receive the best possible Quality-of-Service (QoS). In this paper, we propose an integrated QoS-aware service configuration model to address the above problems. The configuration model includes two tiers: (1) service composition tier, which is responsible for choosing and composing current available service components appropriately and coordinating arbitrary interactions between them to achieve the user's objectives; and (2) service distribution tier which is responsible for dividing an application into several partitions and distributing them to different available devices appropriately. Our initial experimental results based on both prototype and simulations show the soundness of our model and algorithms.

Group communication protocols greatly simplify the design of fault-tolerant distributed systems. Most of those protocols focus on node redundancy rather than on network redundancy. The totem redundant ring protocol allows the use of multiple redundant local-area networks. The partial or total failure of a network remains transparent to the application processes. The distributed system remains operational while an administrator reacts to an alarm raised by the totem redundant ring protocol. The user can choose between active, passive and active-passive replication of the network.

Presents a simple and robust mechanism called SYN-dog to sniff SYN flooding sources. We install SYN-dog as a software agent at leaf routers that connect stub networks to the Internet. The statelessness and low computation overhead of SYN-dog make itself immune to any flooding attacks. The core mechanism of SYN-dog is based on the protocol behavior of TCP SYN-SYN/ACK pairs, and is an instance of the sequential change detection. To make SYN-dog insensitive to site and access pattern, a non-parametric cumulative sum (CUSUM) method is applied, thus making SYN-dog much more generally applicable and its deployment much easier. Due to its proximity to the flooding sources, SYN-dog can trace the flooding sources without resorting to expensive IP traceback.

Version vectors and their variants play a central role in update tracking in optimistic distributed systems. Existing mechanisms for a variable number of participants use a mapping from identities to integers, and rely on some form of global configuration or distributed naming protocol to assign unique identifiers to each participant. These approaches are incompatible with replica creation under arbitrary partitions, a typical mode of operation in mobile or poorly connected environments. We present an update tracking mechanism that overcomes this limitation; it departs from the traditional mapping and avoids the use of integer counters, while providing all the functionality of version vectors in what concerns version tracking.

We present a method of timestamping messages and events in synchronous computations that capture the order relationship with vectors of size less than or equal to the size of the vertex cover of the communication topology of the system. Our method is fundamentally different from the techniques of Fidge (1989) and Mattern (1989). The timestamps in our method do not use one component per process but still guarantee that the order relationship is captured accurately. Our algorithm is online and only requires piggybacking of timestamps on program messages. It is applicable to all programs that either use programming languages based on synchronous communication such as CSP or use synchronous remote procedure calls.

distributed role-based access control (dRBAC) is a scalable, decentralized trust-management and access-control mechanism for systems that span multiple administrative domains. dRBAC utilizes PKI identities to define trust domains, roles to define controlled activities, and role delegation across domains to represent permissions to these activities. The mapping of controlled actions to roles enables their namespaces to serve as policy roots. dRBAC distinguishes itself from previous approaches by providing three features: (1) third-party delegation of roles from outside a domain's namespace, relying upon an explicit delegation of assignment; (2) modulation of transferred permissions using scalar valued attributes associated with roles; and (3) continuous monitoring of trust relationships over long-lived interactions. The paper describes the dRBAC model and its scalable implementation using a graph approach to credential discovery and validation.

Digital archives protect important data collections from failures by making multiple copies at other archives, so that there are always several good copies of a collection. In a cooperative replication network sites "trade" space, so that each site contributes storage resources to the system and uses storage resources at other sites. Here, we examine bid trading: a mechanism where sites conduct auctions to determine who to trade with. A local site wishing to make a copy of a collection announces how much remote space is needed, and accepts bids for how much of its own space the local site must "pay" to acquire that remote space. We examine the best policies for determining when to call auctions and how much to bid, as well as the effects of "maverick" sites that attempt to subvert the bidding system. Simulations of auction and trading sessions indicate that bid trading can allow sites to achieve higher reliability than the alternative: a system where sites trade equal amounts of space without bidding.

Multicasting can efficiently support a wide variety of applications that are characterized by a close degree of collaboration, typical for many mobile ad-hoc network (MANET) applications currently envisioned. To deal with the specific characteristics of MANETs, new multicast protocols that operate in an on-demand manner are being proposed and investigated. Our results show that a tree-based on-demand protocol is not necessarily the best choice. A mesh-based protocol can outperform tree-based protocols, due to the availability of alternative paths, which allow multicast datagrams to be delivered to all or most multicast receivers even if links fail.

Internet streaming applications are affected by adverse network conditions such as high packet loss rates and long delays. This paper aims at mitigating such effects by leveraging the availability of client-side caching proxies. We present a novel caching architecture and associated cache management algorithms that turn edge caches into accelerators of streaming media delivery. A salient feature of our caching algorithms is that they allow partial caching of streaming media objects and joint delivery of content from caches and origin servers. The caching algorithms we propose are both network-aware and stream-aware; they take into account the popularity of streaming media objects, their bit-rate requirements, and the available bandwidth between clients and servers. Using realistic models of Internet bandwidth derived from proxy cache logs and measured over real Internet paths, we have conducted simulations to evaluate the performance of various cache management alternatives. Our experiments demonstrate that network-aware caching algorithms can significantly reduce service delay and improve overall stream quality. Our experiments also show that partial caching is particularly effective when bandwidth variability is not very high.

The author index contains an entry for each author and coauthor included in the proceedings record.