Secure Active Networks

SAINT: SECURE AND ACTIVE INTERNETWORKING

The Secure and Active INTernetworking (SAINT) project is funded by DARPA / ITO at the University of California, Santa Cruz (UCSC).

This project is part of the DARPA Active Networks program. *broken link

At UCSC, this project is part of the research carried out within the Computer Communication Research Group (CCRG) of the Baskin School of Engineering.

The principal investigator of this project is J.J. Garcia-Luna-Aceves.


Objective

Supporting real-time multimedia applications in such dynamic environments as the joint tactical internet cannot be done simply by applying existing Internet protocols and architectures. First, today’s Internet routing and multicasting protocols provide few mechanisms, if any, to protect the exchange of control information or the provision of qualities of service to user applications. By contrast, in the tactical internet, nodes and links may be compromised and routing protocols must adapt to drastic changes in link quality and connectivity much more frequently than in the quasi-static routing structure of ATM networks and the IP Internet. Second, all the approaches proposed to date for supporting quality of service in IP or ATM internetworks are based on establishing connections (i.e., associations of sources and destinations for which resources are allocated by nodes in the internetwork) in one way or another \cite{tenet,clark,rsvp}; in contrast, the constituency and resources of the path supporting a connection from source to destination or a pre-established multicast routing tree cannot be guaranteed in the tactical internet. This project will develop new communication protocols for a secure, survivable, and active internetworking architecture in which “active packets” are used to modify the behavior of nodes or inject new services. Active packets can contain data, invocations to procedures, or control procedures. They allow the “state” of programmable nodes to be modified proactively to take advantage of knowledge of the environment and application requirements.


Approach

Our approach consists of advancing the state of the art in the following areas:

  • Trusted Dissemination of Active Packets: Active packets that modify the behavior of nodes must be disseminated reliably and in a trusted manner among multiple nodes. An active-packet dissemination protocol will be defined that can be used as the building block for trusted interaction among active (i.e., programmable) nodes.
  • Composite Protocols: To permit active packets to modify the behavior of programmable nodes, it must be ensured that the protocol state or protocol rule changes introduced in the packets do not lead to incorrect protocol behavior at any node. Protocol composition from “atomic” algorithms will be investigated, with the goal of verifying the atomic algorithms to be correct by themselves and whose composition into larger modules can also be verified to be correct.
  • Active and Secure Routing and Multicasting: Active networking concepts will be applied to develop new protocols for secure and active routing and unreliable and reliable multicasting. These protocols will be secure and support quality-of-service requirements efficiently by maintaining “active states,” with which a node can: use different protocol rules for packets from different user groups or domains, overlay virtual topologies on the physical topology to expedite packet processing.
  • Active destination-oriented QoS support: A new Internet protocol architecture will be implemented to provide end users with different qualities of service, without maintaining connections inside the network. To accomplish this, our protocols will: (a) divide traffic for different sessions on an end-to-end basis, (b) shape traffic at the input of the network much like leaky buckets do in a connection-oriented architecture, (c) separate and schedule traffic on a per-destination basis (rather than on a source-destination basis) inside the network, and (d) maintain multiple loop-free paths at every instant that can provide upper bounds on delay, congestion, and jitter on packets accepted in the network.

Recent Accomplishments

This project just started. We are very active now, though! 🙂


Current Plans

Our research and development plans over the next year are the following:

  • A protocol for the reliable concurrent multicast of active packets will be defined, simulated, and implemented under FreeBSD. Protocol composition from “atomic” algorithms will be investigated, where the atomic algorithms can be verified to be correct by themselves and whose composition into larger modules can also be verified to be correct.
  • New protocols for routing, multicast routing, and end-to-end reliable multicasting will be developed, simulated, and implemented that are secure even when routing nodes are compromised and take advantage of active packets to make more efficient use of network resources.
  • The protocols of a new Internet protocol architecture will be implemented to provide end users with different qualities of service, without maintaining connections inside the network, and allowing routers to change their behavior depending on network conditions in order to meet QoS requirements.

Technology Transition

This is a new start. We are collaborating with Pepe Meseguer of SRI International.


Publications

In progress.