Jonathan M. Smith - US grants

This award is for the acquisition of teleconferencing and multimedia technology, and for curriculum changes to expand a curriculum in Telecommunications. The University of Pennsylvania will use a new instructional delivery system, the "video wall", to develop "Telementoring" as a long distance learning technique. The video wall is already being used in research projects by members of the AURORA Gigabit Testbed which is being supported by both NSF, DARPA and a consortium of industrial research partners. Educational materials developed will be made available to other academic institutions through Internet, and results of the educational experiments will be disseminated through publications and presentations at educational and professional meetings. The University of Pennsylvania plans to use a state of the art instructional delivery system, the "video wall", to provide multimedia and teleconferencing support for undergraduate courses in telecommunications. The video wall is an experimental video conferencing terminal with two large screen projection televisions mounted side-by-side creating the illusion of one large screen. Two cameras, co-located with the screens, are arranged to produce a single blended life- size image which is combined with high-quality directional sound. The results of the curriculum and materials development will be disseminated through Internet, and publications and presentations at educational and professional meetings.//

9451190 Lee A research platform developed at the University of Pennsylvania, "teleconferenced workstations", expands a cutting-edge curriculum in Telecommunications and Systems at Penn. "Teleconferenced workstations" are a unique mode of communication currently being used by members of the AURORA Gigabit Testbed, which connects Penn, MIT, IBM Research, and Bell Communications Research. The test bed service provision includes support for multimedia and Teleconferencing. We will use and experiment with this technology as part of a new course entitled "Distributed and Real-time Systems", as well as in an existing course entitled "Telecommunications networks". The courses not only discuss the principles behind the technology, but have a carefully constructed laboratory component with projects that apply the concepts covered in lectures to components of the prototyped system at Penn. This will not only augment our current curriculum in Telecommunications and Systems, but will serve as an excellent vehicle to evaluate the effectiveness of the teleconferenced workstation environment.

This award, in the Small Grants for Exploratory Research mode, provides seed funding for initial exploration of a national virtual laboratory (NVL) in robotics research. The Laboratory will take advantage of the emerging National Information Infrastructure by connecting research facilities across the country to design joint experiments in robotics. These will be geographically distributed experiments, using different agents at separate sites, such that perception/action modules will interact physically with their local environments, but will communicate over the network to coordinate their accomplishment of a common task. Initially the NVL will develop an infrastructure for sharing resources among geographically distributed university and industry research laboratories. This infrastructure will consist of communication capabilities for video, voice and data links offering high-quality real-time excange and remote operation capabilities. This will enable the researchers to share and test all their software and hardware resources under diverse environmental conditions.

9601861 Hollebeek, Robert Smith, Jonathon University of Pennsylvania Academic Research Infrastructure: Development of a Wide Area Scaleable Infrastructure for Data Intensive Computing: Consortium Proposal This Academic Research Infrastructure award supports the acquisition of equipment to enhance the National Scaleable Cluster Project. The equipment will be sited at 3 universities to further the development of a national meta computing center. The equipment consists of large fast disk arrays, high performance computer cluster enhancements, ATM network switches to OC-12 capabilities, network connections, and associated software. The research projects supported by the equipment include: 1. Applications computing that is data intensive including data mining of particle physics data, digital library development of the linguistics data consortium, digital library development of astrophysics, gravitational lenses data maps, galactic large structure simulations, and the development of numerical and statistical digital libraries. 2. Real time computing applications including collecting reduced astronomical data, medical imaging, and telepresence. 3. Parallel compute intensive applications including liquid crystal imaging, phase transition simulations, crystal surface computational studies, and vortex flow studies. 4. High speed network research including network striping and the inclusion of tertiary store in high performance memory hierarchies. 5. Computer science research on scaleable object stores, research on caching, transforming, and replicating data, and software tools for cluster management.

CDA-9703220 Bajcsy, Ruzena University of Pennsylvania Asymmetric Bandwidth Channels: Applications to Real-Time Computing and Robotics This award is for the acquisition of infrastructure to support research which is to investigate a cost-effective and broadly deployed communication model, Asymmetric Bandwidth Channels, for which few abstractions in computer science are available. Research into the application of systems characterized by low-bandwidth interactive channels between clients and server, and a high-bandwidth broadcast from server to clients will be conducted. The proposed work will develop communications abstractions that applications can effectively use for such an infrastructure, and computational models for these abstractions. Model performance will then be evaluated on a testbed of multiple semi-autonomous robotic agents. The challenging problems to be addressed in this project include: (1) selecting which path to take from server to client; (2) determining the degree of broadcast channel sharing possible in a computer communications environment; and (3) scheduling transmissions from the shared broadcast terminal. The research will also target three fundamental problems underlying coordination of robotic agents: (1) development of world models based on observations of individual agents and exploration of an unknown or a partially known environment to build a complete model; (2) task planning based on the world model while accounting for possible uncertainties and latencies; and (3) control of robotic agents based on visual and other sensory information.

The 1998 ACM SIGCOMM Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication will be held in Vancouver, British Columbia, from September 2-4, 1998. This conference is the premier technical meeting that examines the state-of-the-art in computer networks and communications. This proposal request funding to assist fourteen United States-based graduate students in attending this meeting. Participation in conferences such as SIGCOMM is an extremely important part of the graduate school experience, providing the opportunity to interact with more senior researchers and be exposed to leading edge work in the field. The support requested in this proposal will enable the participation of students who would otherwise be unable to attend SIGCOMM'98.

We are requesting $100,000 of NSF ILI support for LIVE: The Laboratory for Visual Environments at the University of Pennsylvania. With the requested NSF ILI support and School of Engineering and Applied Science matching funds, we would purchase 24 OpenGL Windows NT systems and networking infrastructure to support undergraduate teaching and projects in computer graphics, visual and virtual environments, and high speed multi-computer networking. Direct manipulation and programming of these concepts is the ideal setting for teaching and learning about complex phenomena. LIVE will upgrade an aging SGI facility, serve Computer and Information Science curriculum needs, and enhance the computer science aspects of a new undergraduate program in Digital Media Technology spanning the Engineering, Fine Arts, and Communications Schools at the University of Pennsylvania.

The focus of this proposal is on problems that arise in the context of QoS enabled networks and their use by applications. In particular, the main theme of the proposal, is the development of a greater
synergy between potential users of network QoS capabilities, i.e., applications, and the design and implementations of those QoS capabilities within the network. In order to accomplish such a goal, work will be carried out along the following three major axes:

1. Use and selection of network QoS services and parameters by applications. The goal here is to identify performance parameters that are of most significance to applications, and translate that knowledge into {\em
utility} curves that can then be used by both applications to select the appropriate network service, and by the network to make intelligent decisions on how to best handle an application's traffic in case of resources contention. This includes not only assessing sensitivity to traditional QoS parameters such as bandwidth, loss, delay, and jitter of different types of applications traffic, e.g., transactions, audio, video, etc., but also considering more complex scenarios involving applications with multiple traffic streams which
might involve different (dynamic) resource sharing rules depending on the availability of network resources.

2. Algorithms for performance monitoring, resource sharing, and dynamic resource allocation in support of both network and applications requirements. The goal here is to design and evaluate specific network level
mechanisms in support of applications requirements for dynamic sharing of resources and service monitoring. For example, access to a ``high quality'' service by certain traffic streams might be predicated on the presence or absence of other streams. Devising and assessing mechanisms allowing the specification and implementation of such functionality can greatly improve the ability of networks to deliver services that are useful to applications. The challenges are not only to design mechanisms capable of supporting applications requirements, but also to integrate them with existing network services and capabilities. For example, it may require coupling between services above and beyond what is currently supported, e.g., ensure small delay to an audio stream, but only as long as a given floor rate can be guaranteed to data transfers.

3. Design and implementation of programmability in network devices in support of applications requirements and new service models. The goal of this last dimension of the proposal is to investigate the possibility of supporting applications needs and some of the above associated mechanisms, by leveraging some of the programmability that is being made available in a number of new network devices. The benefits of such an approach, if feasible, are that it can foster incremental deployment as well as facilitate the introduction of new capabilities if and when required by new applications. The challenges are to identify the appropriate trade-off between functionality and the implementation constraints that the technology imposes.

The investigation of the above topics will be carried out through both experimental and analytical efforts. Experimentation will take place in the context of a newly established lab devoted to multimedia and
networking, that includes end-systems as sources of application traffic, and networking equipment made available by several vendors. Furthermore, work on the design and implementation of new mechanisms
to better support application service requirements, will be done in close collaboration with equipment vendors so as to facilitate their incorporation and testing on the available platforms. Finally, participation in the QBone Internet2 testbed will allow us to carry out end-to-end experiments that would not be feasible with only a local testbed. In particular, the QBone environment provides a representative sample of the type of network QoS services that will be initially available, and the experiments that will be carried out over
it will offer the opportunity to investigate not only how applications should use them, but also to identify related problems that may arise in their initial deployment.

Advanced applications of Active Networks require support for robust configurable Quality of Service (QoS), and to also prevent or mitigate sophisticated "denial of service" attacks on security. A major unsolved problem for active networks is mapping application requirements into a distributed resource multiplexing strategy. Since this problem bedevils the Internet community as well (viz., IP Telephony, RSVP, etc.) a solution would have broad and immediate impact on the networking community beyond Active Networks.

The Penn/Bellcore SwitchWare active networks project uses programming-language restrictions to balance flexibility, security, usability and performance. In contrast to operating system enforced memory protection, the programming language approach can be viewed as restricting the addresses which can be generated by programs. The advantage of this approach is that some restrictions can be enforced once, at compilation time, versus repeatedly at run-time. In addition, programming language technologies such as ML provide strong type-checking, a key to automated checks of program behavior. The SwitchWare project has used the Caml-lite ML dialect to build an active bridge and an ultralightweight Programming Language for Active Networks (PLAN) appropriate for capsules.

The Cambridge Nemesis Operating System supports "soft" real-time continuous media traffic. To avoid QoS crosstalk, it performs processor multiplexing at a single point, the lowest possible layer in the system, so that even a large portion of interrupt handler execution is performed under scheduler control. Nemesis is an
operational single-address space operating system, providing protection by means of virtual-address permissions. Protocols on Nemesis are "vertically-structured", meaning that applications are responsible for resources involved in their own protocol processing, using either default shared libraries or private
libraries.

Resource Controlled Active Network Elements (RCANE) can be constructed with a synthesis of SwitchWare and Nemesis. This synthesis will entail: (1) extending the QoS management of Nemesis to be managed by
programming language stubs; (2) supporting Caml-lite under Nemesis; (3) developing Caml support for specifying QoS; and (4) developing robust support for co-scheduling based on multiple resources, e.g.,
CPU cycles, real memory, network bandwidth. This co-scheduling is particularly relevant to Active Networks, where new resources are exposed to users of the network element. RCANE will produce a novel
active network element able to support QoS for multimedia traffic and limit or resist denial-of-service attacks of many forms, including "receive-livelock" and TCP SYN-ACK attacks.

The two research groups have broadly similar interests, a tradition of excellence in experimental systems work, and a history of cooperation, personnel exchanges and collaborations. RCANE is a unique opportunity
to provide secure, controlled virtualization of active network elements. This proposal requests funds for the U.S. (Penn) portion of this collaborative effort; Cambridge is applying for funds from European analogues of the National Science Foundation.

The fundamental project hypothesis is that management and control of the Internet is the ideal
application of active networks; the researchers propose a system architecture to test this.
Active Networks are constructed from elements, such as packet routers, allowing programmability
on a per-user or even per-packet basis. With the new software capabilities available from systems such as Caml and Java, active networks offer the promise of more rapid adaptation to changes in technology or requirements, and more rapid introduction of new services. These potential advantages come with the disadvantages of increased complexity, and its consequences for performance and security.
Early prototype systems (ANTS, CANES, Smart Packets, SwitchWare and others) illustrated
various points in the design space, trading off among usability, performance, and security. The
prototypes demonstrated first, that such systems could be built, that applications did indeed exist,
(e.g., Active Bridging and Active Reliable Multicast), and second, that they performed well enough
(10-100 Mbps) to handle the throughputs of almost all current Internet access points. Thus much
of the "edge" of the Internet can add active network capabilities with minimal performance impact.
A more interesting possibility exists, that of using active networking technology to incrementally
activate the IP Internet. The researchers believe this can be achieved, as described within the proposal, by
co-locating programmable elements with IP routers capable of fast packet forwarding. The researchers have
experimented with this idea on a small scale and it offers considerable promise for increasing the
manageability of the Internet with its exponential increases in scale.
The Global Active IP Network (GAIN) project represents the University of Pennsylvania's
research program as part of a larger 10M Euro research effort (FAIN). FAIN was considered and
top-ranked within the E.U. IST Programme competition. European members were funded, with the
expectation that Penn would seek funding from U.S. sources. The consortium includes University
College London (UK), the Jozef Stefan Institute (Slovenia), the National Technical University of
Athens (Greece), the Universitat Politecnica de Catalunya (Spain), Deutsche Telekom Berkom
(Germany), France Telecom/CNET (France), KPN (Netherlands), Hitachi Europe Ltd. (UK),
Hitachi Ltd. (Japan), SAG ICN (Germany), ETH Zurich (Switzerland), GMD Forschungszentrum
Informationstechnik (Germany), IKV++ (Germany), INTEGRASys (Spain), and U. Penn in the
United States. This proposal to NSF is a request for funds to support Penn in this international
consortium.
Penn's focus with GAIN is applications of Active Networks to IP network resource management
and security. The researchers will investigate the prevention and mitigation of sophisticated "denial of service" attacks on security. The researchers are playing a strong role in experiment definition and evaluation for FAIN. This proposal to NSF provides background on Active Networking, outlines the research goals for an active IP network, sets this work with the context of FAIN, and argues the importance of providing U.S. participation in a truly global consortium with European and Japanese collaborators.
( The FAIN proposal has been provided to NSF.)

The Internet is used by a rapidly expanding and changing set of applications. The need for the network to evolve and even to provide application specific processing is significant. However the current network infrastructure is hard to evolve and does not readily support customizability. The goal of Active Networking [21, 3, 2] is to facilitate this evolution and customization by making the network infrastructure programmable. One way of adding programability is to allow code to be down-loaded into the routers, thus enabling the addition or modification of services. A more radical approach is to allow the packets themselves to carry programs to be executed selectively on the network's routers. Among other issues, these two approaches increase the possibility of denial of service attacks whereby a user places excessive demands on network resources in order to deny access to another user. However, they also enable new approaches to handling such attacks and to addressing the general problem of allocating resources within the network.

The proposed research focuses on issues involving programmable, or active, packets. Active packets facilitate denial of service attacks in several ways. First, unlike conventional data transport packets, an active packet may require processor cycles and memory at the routers beyond those needed to simply forward the packet. Second, in general, the execution of an active packet at a router may cause more than one active packet to be transmitted from the router. Such behavior is useful, since it allows a packet to fan out across the network, but it is potentially dangerous since it can lead to an exponential growth in the resources used by a single initial packet. Experience with active packet-based systems [9, 8, 23, 22, 24] suggests that denial of service is the single biggest obstacle which must be overcome before such systems are feasible.

The proposed research tackles this problem along various fronts. First, the researchers propose to design packet programming languages that make some types of behavior intrinsically impossible. For example, in PLAN [9], packet programs are guaranteed to terminate and thus can never use an un-bounded number of router cycles. The researchers will explore tradeoffs between restricting behavior in terms of resource requirements and limiting the expressibility and thus the flexibility of active packets. However, not all potentially harmful behaviors can be eliminated in this manner. Thus, on a second front, the researchers will consider mechanisms that explicitly account for a packet's resource usage in the network. For example, each packet may carry a resource bound, which is decremented as resources are used, and which triggers termination when the bound is used up. The proposed research combines both implicit and explicit mechanisms for controlling resource usage, with algorithms to control the flow of traffic into the network to decrease the likelihood of denial of service. More generally, one can envisage assessing costs to active packets that execute on congested resources. Thus, on a third front, the researchers propose to investigate mechanisms based on congestion costs to achieve more efficient resource allocations and how they can be facilitated via active packets.

Three methodologies will be used to validate proposed solutions. First, the researchers will draw on mathematical modeling to motivate the benefits and investigate the characteristics of the proposed solutions. Second, the researchers will leverage expertise and past work on implementing active networks to demonstrate what is feasible to build, and explore the constraints each solution will place on eventual applications. Finally, the researchers will use network simulation to investigate systems on a scale not achievable on the experimental testbeds.

The 2001 International Working Conference on Active Networking (IWAN) will be held in
Philadelphia, Pennsylvania, from September 30, October 2nd, 2001. This conference is the pre-mier
international workshop in the emerging field of active and programmable networking. This
proposal requests funding to assist fourteen United States-based graduate students in attending this
meeting. Participation in workshops such as IWAN is an extremely important part of the gradu-ate
school experience, providing the opportunity to interact with more senior researchers and be
exposed to leading edge work in the field. In addition, IWAN offers the opportunity to interact
with international researchers in this area, as both the presenters and the attendees have had strong
European and Asian presences. The support requested in this proposal will enable the participation
of students who would otherwise be unable to attend IWAN 2001.

Mobile computing and wireless telephony are increasing converging, with many
handheld devices (e.g., PALM Treos and RIM Blackberries) able to assume roles as
either cellular telephones or as computers. A key research question that arises as a
consequence of this convergence is whether the strategies such as virtualization used for
isolation and resource sharing in larger cabled computers will be applicable to machines
that are limited by size, computational power and battery life. This question also has great
bearing on the extent to which NSF's proposed GENI initiative will impact the most
numerous network endpoints (there are more than 2 billion GSM mobile phones in use,
for example).

The project focuses on an experimental effort to anticipate this need and provide a definitive
answer to the question of resource division and isolation in handheld devices. Our
candidate devices are HP iPaq handhelds, although if time permits we will also
investigate a cellphone platform that uses a reduced version of the Linux operating
system. The experiment will be to demonstrate virtualization of a handheld node that
allows it to be used as a MANET (i.e., as a packet relay) concurrently with its use as a
VoIP edge device. The performance will be evaluated using the e-Model for voice
quality. Maintaining voice quality will demonstrate the effectiveness of the resource
management and isolation.

Summary Statement, Biometric Identification Red Team (BIRT)
The BIRT methodology will aid biometric system designers in making effective refinements in their systems. The measurement of biological characteristics (biometrics) such as fingerprints and facial images provides a means of identification that neither needs to be carried nor remembered. Evaluation of biometrics has traditionally been focused on the ability of biometric systems to identify members from a population, e.g., for purposes of authentication. As these systems come into more widespread use, attempts will naturally be made to test and frustrate their ability to identify individuals. Understanding these attempts requires a fundamental new analytic approach, based on modeling the capabilities of an adversary with full generality. BIRT develops the adversary model using the information controlled by the adversary, e.g., for recognition, the clothing, glasses and makeup they wear. BIRT uses disinformation theory to abstractly model the adversary capabilities to mask their identity from an interested observer. Disinformation theory is inspired by Shannon's information theoretic model for communications systems, but views the ?noise source? as controlled by the adversary, abstractly modeling the capacity of the adversary to control the noise in the channel (for example, by transforming the image ?signal?) between the biometric sender being identified and the biometric system receiving the identifying information. Face recognition systems will be used to gain experience with and refine the disinformation theory models, with a variety of disguises used as disinformation sources.

Mobility has created an increasing demand for information local to the user in a challenging and information-rich environment, demanding new capabilities from information services and network protocols. The Wireless Knowledge Infrastructure (WiKI) project develops an extensible general-purpose system layer based on new ideas for applying concepts from programming languages and database systems - the use of declarative languages and composable views of router, network and host state - to allow monitoring, event detection and triggering based on extant network conditions and policies. Declarative routing algorithms take into account application, session and network state information to set up adaptive routes among mobile devices and wired infrastructure nodes. Cross-layer and cross-domain integrated views of data streams expose and abstract data from different subsystems and layers, providing a step towards a "Knowledge Plane" for networks. WiKI takes an exploratory approach, namely building a small-scale software infrastructure using 802.11 to understand the wireless challenges of heavily populated urban areas in Philadelphia, and to develop prototype services based on a WiKI model. WiKI services are incrementally refined as the research progresses.

Broader Impact: The end goal is incorporation of WiKI platforms, software and services into the "Wireless Philadelphia" municipal WiFI effort, notable for its integral Digital Inclusion program which attempts to reach economically disadvantaged households in our city.

The goal of the BlueChip project is to develop security defenses against malicious hardware. Hardware and software are functional equivalents. To date, computer security problems have generally been attacks or exploitations of software systems. However, the sophistication and complexity of hardware systems is now great enough that many opportunities for malice exist in the path from design to realization.

This project will be the first to demonstrate the feasibility of Intelligent Malicious Processors (IMPs). Initial investigations indicate that small hardware alterations can be used to bootstrap many varieties of malicious behavior into existence, such as hardware supported access to privileged operation. Such misbehaving hardware has outsized system effects, because software designers depend on (i.e., trust) hardware to perform correctly, and therefore do not defend against malicious hardware. One may address these problems, in principle, by tightly controlling each step and handoff in the path from design to realization (sometimes called the "supply chain''). A superior solution is to presume that attackers will overcome these technical and procedural hurdles, and to build defenses. BlueChip will develop new architectural approaches to defending against a wide variety of malicious hardware. For example, BlueChip will develop a family of anomaly detection schemes for processors that can detect malicious hardware and trigger remediations.

Cloud computing provides economic advantages from shared resources, but security is a major risk for remote operations and a major barrier to the approach, with challenges for both hosts and the network. NEBULA is a potential future Internet architecture providing trustworthy networking for the emerging cloud computing model of always-available network services. NEBULA addresses many network security issues, including data availability with a new core architecture (NCore) based on redundant connections to and between NEBULA core routers, accountability and trust with a new policy-driven data plane (NDP), and extensibility with a new control plane (NVENT) that supports network virtualization, enabling results from other future Internet architectures to be incorporated in NEBULA. NEBULA?s data plane uses cryptographic tokens as demonstrable proofs that a path was both authorized and followed. The NEBULA control plane provides one or more authorized paths to NEBULA edge nodes; multiple paths provide reliability and load-balancing. The NEBULA core uses redundant high-speed paths between data centers and core routers, as well as fault-tolerant router software, for always-on core networking. The NEBULA architecture removes network (in) security as a prohibitive factor that would otherwise prevent the realization of many cloud computing applications, such as electronic health records and data from medical sensors. NEBULA will produce a working system that is deployable on core routers and is viable from both an economic and a regulatory perspective.

This project covers travel and lodging support for graduate students to attend the workshop on Future Internet Architectures. The Future Internet Workshop (FIW) is focused on presentations from students on their new work on questions of Future Internet Architecture, providing an opportunity for students to interact with both other students and with senior people from the telecommunications industry (e.g., Cisco, Deutsche Telekom, Comcast, etc.). The workshop to be held on June 9th and 10th at the University of Pennsylvania in Philadelphia, PA hosts 22 students.

INTELLECTUAL MERIT: Twelve of the students attending are presenting talks exploring various technical approaches to architecture of a future internet, including fault􀍲tolerance, malware detection, new forms of multicast, and new approaches to debugging distributed software systems.

BROADER IMPACT: The Internet has impacts far beyond the technologies, and the values inherent in the design of a Future Internet will strongly affect the uses and applications of that Internet. An example would be healthcare data, a kind of information that many people are uncomfortable putting on the Internet today, and may be even less comfortable with in a cloud-based future Internet. Approaches to security and availability and other technical issues must be consistent with societal, governing and economic issues. The workshop has technology leaders from the Internet service providers as invited speakers and provides students (a population from which future technology leaders will be drawn) with an opportunity to hear these speakers and interact with them to understand issues beyond the technology.

GNU Radio is an open source software radio project used extensively in industry, academia, and government for research, development, rapid prototyping, and deployment of wireless services. As an open source project, it has a wide-spread and disparate community of developers and users. Bringing members of this community together for a yearly conference helps to build a strong cohesion of ideas and identify and define the goals of the project. This conference also addresses the issues of increasing the development community of the project by getting to know potential developers and educating them on structure, style, and etiquette of a large, world-wide project used by thousands of people.

Computer and network security is currently challenged by the need to secure diverse network environments including clouds and data-centers, PCs and enterprise infrastructures. This diversity of environments is coupled to increased attack sophistication. Today's tools for securing network and computing infrastructures can be painstakingly composed and configured using available components, but fail to automatically learn from their environment and actively protect it. This research introduces Active Security, which is an architectural approach with fundamental advantages for network defenders; Active Security continuously senses threats and adapts defenses to those threats, including those previously unseen.

Active Security prototyping and applications incorporate a novel high-rate decision procedure that avoids manual intervention. The project addresses: (1) the characteristics of network 'sensors' most useful to an observe-orient-decide-act (OODA) loop; (2) decision and control algorithms for determining appropriate actions based on sensed events; (3) the infrastructure required for robust and trustworthy systems requiring minimal human-in-the-loop interaction; (4) automated defense approaches viable in diverse network settings that do no harm and are recoverable; and (5) metrics for performance assessment of an Active Security system such as responsiveness and accuracy.

Active Security's central themes of network security, network sensing, and automated defenses integrate naturally into both graduate and undergraduate education at participating institutions, including both midshipmen at the United States Naval Academy and cadets at the United States Military Academy. Network security is an increasing concern for society at large, and an Active Security implementation is straightforward to deploy on networks equipped with programmable software defined networking (SDN) controllers, a technology increasingly present in data center, carrier and enterprise networks.

To address today's environment of constant security challenges and cyber-threats, the Hardware-Assisted Lightweight Capability Optimization (HALCYON) research explores novel techniques to make the performance of more secure system designs acceptable to users. Conventional system designs have achieved acceptable performance, but have evolved from hardware and software designs that carry forward compromises in security that made sense in the past, but not with modern hardware resources in today's security climate. HALCYON uses an approach, called "capabilities", that provides better control of information sharing and protection in computer systems than today's architectures. Capability access control is preferred by many security experts, but conventional wisdom holds that it is too slow to be used in practice. If HALCYON is successful, a new generation of fundamentally more secure software systems will be enabled, at little to no cost in performance.

HALCYON research explores hardware acceleration of selected operations in the use of per-object access controls in an object-oriented programmer-controlled protection model based on capabilities. The measurement and data driven exploration is based on understanding the quantitative benefits of hardware acceleration on microkernels such as L4 that are used in mobile phones and other devices. Examples of hardware accelerations include lightweight support for fat pointers ("low-fat pointers"), object pointers with associated access control specifications. Such fat pointers, which have been designed, validated and implemented, can protect units as small as individual memory words. As an initial example, the project is using measurements to identify the impact of this hardware acceleration. Measurement data from the quantitative exploration allows the researchers to identify both worthwhile hardware accelerations and opportunities for operating system restructuring that exploit those accelerations.