Tutorials

Abstract: 
In this session, we examine the inner details of running a large network.  Details such as practical aspects of traffic engineering, network hierarchy, data center and PoP design are presented and rationale for making the decisions are discussed.  A detailed look at designing the routing architecture for scaling is presented. 

Along with the technical aspects of the ISP core design, a brief overview of the organizational structures that been proven to work in the field are also given. 

 Vijay Gill is currently Manager of Architecture at Metromedia Fiber Network. Prior positions held by Vijay Gill include systems development and analysis at University of Maryland, and Senior Network Architect/Senior Member of the Technical Staff at UUNET.  Vijay is an active participant in the IETF in the areas of IDR (BGP), OSPF/ISIS, and Traffic Engineering. He is the co-chair of the CCAMP working group.

[top]

Abstract: 
This tutorial focuses on the important aspects of security and privacy on the web.  What are the threats?  What are the key technologies for protecting resources and personal privacy?  The first part of the talk will focus on the client.  Careless design, implementation and deployment of browsers has led to some interesting and subtle vulnerabilities.  Several strategies for protecting resources are be presented.  Next, mechanisms for protecting transactions on the web, namely SSL and IPsec will be explored in some detail.  We then look at some tradeoffs in the protection of web servers.  Finally, we explore the growing loss of privacy on the web and the technologies that can be used as countermeasures.   

[top]

Abstract: 
Recent innovations in optical components and networking protocols are driving today’s network technology to be faster and more resilient than ever.  Emerging technologies such as Dense Wavelength Division Multiplexing (DWDM), allow existing transmission media to carry increasingly higher amounts of data.  Today, a single optical fiber can carry data rates of up to tera-bits per second. In keeping up with the growth of transmission systems, high-speed optical switching devices such as optical cross connects (OXCs) are being developed to make the transport network more flexible and dynamic. The result of these new classes of switching and transmission devices will be to provide the network transport infrastructure with enormous transport capacity and simultaneously enable new services.

As network capacity grows, the consequences of a failure become more pronounced. Even a brief outage of either transmission or switching equipment can result in the loss of very large amounts of, potentially time sensitive, information. In the event of such equipment failures, network protection and automatic restoration can minimize or completely eliminate losses. Such protection mechanisms are generally implemented at several protocol layers.

This tutorial will address the state-of-the-art in service protection and restoration at various protocol layers in modern intelligent optical networks. It will: (1) provide a comprehensive and in-depth survey of traditional SONET layer ring protection mechanisms, (2) describe the recent research and development on mesh restoration protocols at the optical layer, (3) describe how MPLS-based mechanisms and signaling protocols can be used for restoration of MPLS Label Switched Paths (LSPs), (4) elaborate on restoration techniques used in the emerging Resilient Packet Ring (RPR) technology (5) explain how restoration mechanisms at different layers interact and (6) present performance results for different restoration mechanisms and discuss their impact  on various network services. Various representative protocols, algorithms and their relative performance will also be examined during this tutorial.

Subir Biswas is a principal architect at Tellium. In this role, he is the lead architect for optical network management and advanced application development using Tellium's Aurora™ family of optical switches. Subir was instrumental in Tellium’s StarNet restoration protocol design and its performance calibration. Prior to joining Tellium, Subir worked for NEC's C&C Research Laboratories, Princeton, NJ, where he worked on wireless ATM, IP multicast and IP traffic engineering problems. Subir holds a Ph.D. from the University of Cambridge, U.K. He has more than 10 years of experience in telecommunications industry and has published several journal articles and registered several patents in this area.

Dimitrios Pendarakis received the Diploma in Electrical Engineering from the National Technical University of Athens in 1990 and the M.S. and Ph.D. degrees from Columbia University in 1992 and 1996, respectively. He is currently a principal architect at Tellium where he is leading the work on IP-optical internetworking and distributed control protocols for intelligent optical networks. Dimitrios is an active contributor in various standardization bodies and has served as editor of several OIF implementation agreements. From 1995 to 2000 he was with the IBM T.J. Watson Research Center, Yorktown Heights, NY, where he worked in the areas of IP-ATM integration, IP policy control and network security. Dr. Pendarakis has taught several graduate classes in computer networking at Polytechnic University and Columbia University and has authored numerous technical publications.

[top]

Abstract: 
This technical course covers Java security, from basic architecture, to JVM configuration management and cryptography.

The first part of the tutorial illustrates the Java 2 security architecture.  Only through understanding of the architecture will a Java developer be able to correctly exploit the strengths of Java's security features.  The three legs of Java security, ClassLoader, class file verifier, and SecurityManager, are explored.  Attendees will learn how to write a new ClassLoader, taking advantage of the delegation model, and see how to write a new SecurityManager.  It will be clear how the class file verifier helps prevent security and reverse engineering attacks. 

The second part of the course describes how to manage the security configuration on a Java 2 platform.  This part explains how to use the security tools and APIs provided on the Java 2 platform.  Attendees will also learn how to configure and manage security resources.  The Java 2 keystore, security properties and policy files are described in detail.  Through specific examples and scenarios, attendees learn how to use the Permission API and how to implement their own Permissions.  In addition, attendees will learn about an innovative research activity conducted by the speaker that shows how to automatically determine, through static analysis of the bytecode, the Permissions required by a program or library.  A demonstration of this new technology will be given. 

The third part of the course covers cryptography APIs in Java 2, with a focus on the Java Cryptography Architecture (JCA).  Through scenarios and examples, attendees will learn how to create and verify message digests and digital signatures.  Attendees will become familiar with the concept of security provider, and learn how to install and configure a provider statically and dynamically.  This part of the tutorial also explores the new exportable version of the Java Cryptography Extension (JCE). 

The tutorial is organized as follows:

Please note: Due to the technical nature of this course, attendees should be already familiar with Java programming. 

 Marco Pistoia is an advisory security specialist at the IBM T.J.  Watson Research Center, Hawthorne, NY.  He has written nine books on all areas of Java and e-business security.  His latest book, "Java 2 Network Security", was published by Prentice-Hall.  He is currently the leading author on his tenth book, "Enterprise Java security", which will be published by Addison Wesley in 2002.  He has presented at several conferences worldwide, such as the O'Reilly Conference on Java, Sun Microsystems' JavaOne, OOPSLA, and Colorado Software Summit.  He has been invited to teach a graduate course on Java security at Polytechnic University, Brooklyn, NY and to present at the New York State Center for Advanced Technology in Telecommunications, Brooklyn, NY.  Mr.  Pistoia is currently working towards a PhD in Computer Science from Polytechnic University.  His interests are in mobile code security, component software, and object-oriented languages. 

[top]

Abstract: 
Traffic measurement is an essential tool to guide the operators of large IP networks in detecting and diagnosing performance problems, and evaluating potential control actions.  Measurements help operators identify under provisioned links, denial-of-service attacks, flash crowds, and shifts in user demands.  This tutorial focuses on measurement techniques and traffic models that provide a comprehensive view of large IP networks where the operator has full administrative control.  The tutorial starts with a brief overview of the basic tasks involved in operating a large IP network and derives requirements for network measurement.  We argue that the very properties responsible for the Internet's success also make it difficult to control and manage. 

Matt Grossglauser received his diploma from the Swiss Federal Institute of Technology (EPFL) and his M.Sc.  degree from the Georgia Institute of Technology, both in 1994, and his Ph.D.  from the University of Paris 6, in 1998.  He did most of his thesis work at INRIA Sophia Antipolis, France.  He is currently a member of the IP Network Management and Performance Department at AT&T Labs -- Research in Florham Park, New Jersey.  His research interests are in network traffic modeling and measurement, resource allocation, network management, and mobile communications. 

Jennifer Rexford received her B.S.E.  degree in electrical engineering at Princeton University in 1991 and her M.S.E.  and PhD degrees in electrical engineering and computer science at the University of Michigan in 1993 and 1996, respectively.  She is currently a member of technical staff in the IP Network Management and Performance Department at AT&T Labs -- Research in Florham Park, New Jersey.  Her research focuses on routing protocols, traffic engineering, and network measurement.  Jennifer is co-author (with Balachander Krishnamurthy) of the book "Web Protocols and Practice: HTTP/1.1, Network Protocols, Caching, and Traffic Measurement", published by Addison-Wesley in May 2001.  

[top]

Abstract: 
A variety of services and functions are now offered over the Internet using the World-Wide Web.  Web servers, which provide the infrastructure for these functions, are a critical point-of-presence for organizations in order to reach a wide audience and supply reliable, scalable services.  The size and growth of the Web puts dramatic performance demands on these servers, which are responsible for responding to client requests.  Web site and web server performance is thus a central issue in providing ubiquitous, reliable, and efficient services over the Internet. 

This tutorial covers the design, implementation, and performance of Web sites and Web servers.  It focuses on real-world problems in the design of large Web sites.  It covers HTTP and TCP basics, server architectures, operating system support, I/O abstractions, workload characteristics and generators, HTTP and TCP dynamics, load balancing (both local and wide-area), content distribution, and case studies of real servers and web sites.  It concludes with a description of some of the emerging standards for Web Services and the underlying protocols such as SOAP, UDDI, XML, etc. 

The tutorial is targeted at researchers and practitioners who are interested in learning more about how web servers and services work and what issues affect performance.  The intended audience should have a basic knowledge of computer systems and network protocols. 

Dilip D.  Kandlur heads the Networking Software & Services department at the IBM T.  J.  Watson Research Center.  His research has covered various aspects of providing quality of service in hosts and networks and their application to multimedia systems, network and server performance, web caching, etc.  He has been awarded an IBM Outstanding Technical Achievement Award, holds 10 U.S. patents and has been recognized as an IBM Master Inventor.  Dr. Kandlur received the M.S.E. and Ph.D. degrees in Computer Science and Engineering from the University of Michigan, Ann Arbor.  He is a member of the IEEE Computer Society and currently vice-chair of the IEEE Technical Committee on Computer Communications. 

Erich Nahum is a Research Staff Member at the IBM T.J.  Watson Research Center in Yorktown Heights, New York, USA.  His research interests focus on network software performance, including WWW servers, TCP, clusters, and multiprocessors.  He has been awarded an IBM Outstanding Technical Achievement Award and an IBM Server Division Teamwork Award.  He received his M.S. and Ph.D. from the University of Massachusetts in Amherst, and is a member of the IEEE Computer and Communication Societies. 

[top]

Abstract: 
This 3.5-hour tutorial will provide an overview of computer system security, to provide an understanding of both the modern threats and the available defenses. Threat trends will be analyzed to predict future problem areas, and new hardware defenses, particularly the TCPA chip, will be discussed as a strategic defense method for these threat trends. The goal is to provide a broad technical understanding, which will help in analyzing your specific situation and needs. The tutorial will discuss:

Threats:

Defenses:

References:

 David Safford works at IBM's T.J. Watson Research Center, where he directs research on computer security, including operating system, application, and network security, security analysis tools, and ethical hacking techniques. His current research, in conjunction with IBM's Linux Technology Center, is the design and implementation of kernel modules to enhance Linux security. Before coming to IBM, he served as Director of Supercomputing and Networking at Texas A&M University.

[top]

Abstract: 
One of the biggest challenges Service Providers are facing today is that IP transport networks are becoming a commodity and as a result, margins are shrinking, and consequently, the Service Providers are hard pressed for generating additional revenue.

The solution seems to be adding intelligence into the network to enable introduction, provisioning, and management of new value-added services. Infonetics Research predicts that the world-wide VPN service expenditures will grow 283% from $10.7B to $41B between 2001 and 2005 and as a result, Service Providers are gearing up to provide VPN services to corporations in a cost-effective manner and get a piece of the huge addressable market. Just as there are value-added IP services, such as, VPN managed services, there are also content-based services, such as, content filtering, content billing, content transformation or content hosting and distribution that can be leveraged by the Service Providers for generating additional revenue.

This tutorial will focus on various aspects of technology needed by the Service Providers to offer Managed Secure VPN services, Managed Firewall, Managed QoS and Bandwidth services and Managed value-added content-based services. The first part of the tutorial will discuss Managed Virtual Private Networks and related IP services while the second part will focus on content-based services. Topics that will be covered in Managed VPN services include tunneling mechanisms like L2TP, PPTP, IPSEC, GRE; Differentiated Services (DiffServ) with policing/metering/marking/shaping; MPLS architectures and MPLS Traffic Engineering; Multicast MPLS label distribution and support for multicast in VPNs; alternative architectures for mobile VPNs in 3G/4G networks; the role of Mobile IP and micro-mobility. Topics that will be covered in Managed content-based services will include architectures for content distribution networks; protocols to support proxy-based services, such as, ICAP, BEEP and SOAP; potential content-based services, such as, content filtering, content billing, ad-insertion, and content transformation. Both parts of the tutorial will have a mix of research and industry flavor. The research part will be a survey of seminal research ideas in VPN and content services while the industry angle will concentrate on the state-of-the-art in VPN and content services currently offered by the Service Providers.

Sanjoy Paul is currently the Director of Networking Software Research at Bell Laboratories where he is leading Research and Development efforts in next-generation IP services. Prior to that he was the Vice President of Technology at Edgix Corporation where he was responsible for technology vision and new “edge” services for content distribution networks. He has over ten years of technology expertise, specifically in the areas of multicasting, streaming, intelligent caching, mobile networking, and secure commerce. Prior to joining Edgix, Sanjoy was a Distinguished Member of Technical Staff at the Bell Laboratories Research, where he was the chief architect and visionary of Lucent's IPWorX (later called Imminet) caching and content distribution product line. He is well regarded in the technical community for his contributions to the field of Internetworking: designing the Reliable Multicast Transport Protocol (RMTP), holding twelve U.S patents, publishing a book on Multicasting and numerous papers, and receiving the 1997 William R. Bennett award from IEEE Communications Society for the best original paper published in IEEE/ACM Transactions on Networking. Sanjoy is in the editorial board of IEEE/ACM Transactions on Networking, and is a frequent speaker in conferences and seminars worldwide. He holds a Bachelor of Technology degree from Indian Institute of Technology, Kharagpur, India and both an M.S and a Ph.D. degree from the University of Maryland, College Park. Sanjoy is an adjunct faculty of the Computer Science Department at Rutgers University, a senior member of IEEE and a voting member of ACM.

[top]

Abstract: 
Market forces are accelerating the pace of wireless technology innovation. Faster, cheaper, and power-efficient alternatives for wide-area and indoor wireless communication are rapidly evolving. Several standards organizations and consortiums are racing against time to deliver specifications to meet pent up demand for "ubiquitous wireless access". In the unlicensed ISM band 802.11, Hyperlan, and Bluetooth are vying to gain market acceptance. Likewise WCDMA, CDMA200, and EDGE are competing in the licensed spectrum to gain 3G market share. These efforts are catalyzing market growth, but their plurality is also threatening to fragment the very market they aim to unify.

This tutorial will explain the key design aspects of 802.11, Bluetooth, and 3G radio link standards and illustrate how technology innovation and market forces are shaping their evolution. This tutorial is intended for researchers and practitioners who want to track new developments, but who don't have time or patience to read all specifications. Computer professionals who want to develop better understanding of technology trends and identify new market opportunities in the area of wireless networking will also benefit from this tutorial. Basic understanding of layered network architecture is expected. No background in analog radio, signal processing, or wireless communication is required. Researchers who want to identify open research problems in the area of wireless networking will also find this tutorial useful.

Pravin Bhagwat is an entrepreneur and an active researcher in the area of wireless and mobile networking. Currently, he is directing a large-scale 802.11 deployment project in India and also working as a visiting professor in the computer science department, IIT Kanpur. He was the principal architect at Reefedge, Inc., a wireless networking infrastructure and software company based in NJ. He played an active role in the standardization of Bluetooth PAN profile and also served as the chair of the Internet Engineering Task Force BOF on IP over Bluetooth. Prior to working for ReefEdge, he worked as technology consultant in the Networking Research group at AT&T Labs-Research, and as a member of research staff at IBM Thomas J. Watson Research Center. He is the chief architect of BlueSky, an indoor wireless networking system for palmtop computers, and the co-inventor of TCP splicing, a technique for building fast application layer proxies. He actively serves on program committees of networking conferences and has published numerous technical papers and patents in the area of mobile computing and wireless communication. He received his Ph.D. in computer science from the University of Maryland, College Park. He also holds and adjunct faculty appointment at Winlab, Rutgers University.