Bharat Doshi

Abstract In this paper we discuss new visual modeling and analysis tools and techniques as well as some concepts and approaches to the design and implementation of communication protocols. The example chosen here is the IEEE 802.6 MAN DQDB protocol. Concepts of fairness are introduced, preliminary evaluations are given and proposals for improvement are made.

We consider an M/G/1 queue in which the service rate is subject to control. The control is exercised continuously and is based on the observations of the residual workload process. For both the discounted cost and the average cost criteria we obtain conditions which are sufficient for a stationary policy to be optimal. When the service cost rate and the holding cost rates are non-decreasing and convex it is shown that these sufficient conditions are satisfied by a monotonic policy, thus showing its optimality.

Asynchronous transfer mode (ATM) networks carry fixed-size cells within the network irrespective of the applications being supported. At the network edge or at the end equipment, an ATM adaptation layer (AAL) maps the services offered by the ATM network to the services required by the application. Many trunking applications that have voice compression and silence suppression require transmission of small delay-sensitive packets. Existing AALs are very inefficient for this purpose. In this paper, we discuss a new AAL called the AAL Type 2 (AAL-2), which allows very high efficiency for carrying small packets. We describe the basic principles and compare several alternatives with respect to transmission error performance, bandwidth efficiency, and delay/jitter performance. The results show that the AAL-2 adds significant value to packet telephony applications over ATM networks. We discuss the desirability of additional rebundling in the network and the need for a signaling protocol to communicate changes in native connections (voice calls) within the same ATM connection. We also describe how the principles of the AAL-2 are being used to define multiplexing protocols over the Internet and frame-relay networks.

Deterministic rule based traffic descriptors in general and leaky bucket based (LBB) traffic descriptors in particular, offer advantages for specifying and monitoring traffic in ATM based B-ISDN. However, these traffic descriptors do not specify the traffic patterns uniquely. This poses new challenges to be addressed. Two of the important ones are: (i) definition of the worst case behavior and characterization

The SLA is an essential tool for delivering mission critical networking services over a Global Information Grid (GIG) network infrastructure that will be designed and operated by many different entities. The GIG integrates Network Service Domains (NSD) created by many ...

Abstract The public Internet and corporate intranets have been growing at a phenomenal rate in recent years. Today, the public switched telephone network (PSTN) is the most common mechanism for accessing the Internet and intranets from home. Thus, much of ...

Anytime, anywhere, and any media communications and information transfer across multiple jurisdictions within and between public safety, emergency response, national security and emergency preparedness (PS/ER/NS/EP) communities are becoming increasingly important in preventing and responding to crises. The diversity of networking technologies and network services used by these jurisdictions poses serious interoperability challenges and hinders information sharing in a multijurisdictional coalition. In this paper, we discuss interoperability challenges and proposed approaches to address these challenges. In particular, we discuss solutions based on common backbone technologies and several types of interoperability gateways. We illustrate the approach using several scenarios. We are testing some of these scenarios in our lab.

ABSTRACT Networks of queues with finite and infinite source customers have been used to study the interaction between the batch jobs and interactive jobs in computer systems. Earlier Kaufman ([1], PP-345-348) developed accurate approximations for a simple nonproduct form network of this type. In this paper we offer exact solutions for the same model with one finite source customer. We study both FIFO and LIFO disciplines at the contention node. The results are derived for the case where the finite source think time and service time distributions are generalized hyperexponential.

This chapter discusses Situation Awareness (SA)—science, technology and practice of human perception, comprehension and projection of events and entities in the relevant environment—in our case cyber defense of ICS. The chapter delves into SA’s scope, and its roles in the success of the mission carried out by the cyber-physical-human system (CPHS) and processes that an Industrial Control System (ICS) or Supervisory Control and Data Acquisition (SCADA) system supports. Such control systems provide the cyber-physical-human couplings needed to collect information from various sensors and devices and provide a reporting and control interface for effective human-in-the-loop involvement in managing and securing the physical elements of production and critical infrastructure. ICS implementations are involved at various scales necessary for the proper functioning of our society, including water distribution, electrical power, and sewage systems (Smith 2014). Civil society depends upon such systems to be properly operated, and malicious cybersecurity threats to ICS have the potential to cause great harm. The characteristics of ICS environments add additional considerations and challenges for defenders. Cybersecurity operations typically require a human analyst to understand the network environment and the attackers. In defending an ICS environment, however, an analyst must also understand the physical dimension of the ICS environment. This poses serious challenges to maintaining cybersecurity and SA as it spans the human, cyber, and physical dimensions and a myriad of possible interactions and exploits. Maintaining SA is critical to the cybersecurity of an ICS. This chapter addresses the specific challenges posed by the physical, cyber, and human dimensions that must be considered and understood in order for human analysts to best assess and understand the requirements to successfully defend against potential attacks. We demonstrate that these requirements can be defined as focal features for developing and maintaining SA for the cyber analyst in ICS environments.

Adversaries are conducting attack campaigns with increasing levels of sophistication. Additionally, with the prevalence of out-of-the-box toolkits that simplify attack operations during different stages of an attack campaign, multiple new adversaries and attack groups have appeared over the past decade. Characterizing the behavior and the modus operandi of different adversaries is critical in identifying the appropriate security maneuver to detect and mitigate the impact of an ongoing attack. To this end, in this paper, we study two characteristics of an adversary: Risk-averseness and Experience level. Risk-averse adversaries are more cautious during their campaign while fledgling adversaries do not wait to develop adequate expertise and knowledge before launching attack campaigns. One manifestation of these characteristics is through the adversary's choice and usage of attack tools. To detect these characteristics, we present multi-level machine learning (ML) models that use network data generated while under attack by different attack tools and usage patterns. In particular, for risk-averseness, we considered different configurations for scanning tools and trained the models in a testbed environment. The resulting model was used to predict the cautiousness of different red teams that participated in the Cyber Shield ‘16 exercise. The predictions matched the expected behavior of the red teams. For Experience level, we considered publicly-available remote access tools and usage patterns. We developed a Markov model to simulate usage patterns of attackers with different levels of expertise and through experiments on CyberVAN, we showed that the ML model has a high accuracy.

Abstract : This report documents our work in support of transition of the capabilities and tools developed within the Defense Advanced Research Project Agency (DARPA) Information Program Technology Office (IPTO) Network Modeling and Simulation (NMS) Program to the greater Department of Defense (DoD) community. We chose to use the efforts to design and architect the Global Information Grid (GIG) as a test case. We then identified a set of performance studies of interest to GIG engineers and architects, compared the set of tools and capabilities derived within the DARPA NMS program against the needs of these performance studies, and identified a software architecture (based upon these and related tools) for a reusable GIG simulation platform. In the process we identified a set of gaps in tool sets that require further work, i.e., capabilities software development and integration.

Rate and window controls are used by the users of packet networks to adapt to the congestion level in the network and to maintain a high performance level in the face of changing network conditions. Increasing network and application speeds imply that the transmission times on links are becoming small in comparison with the (load independent) propagation delays and that the latter need to be modeled explicitly in evaluation of controls. When multiple users share such networks, natural questions arise as to the relative merits of socially optimal controls (rate or window) and individually optimal controls. In addition, the performance impact of one or more greedy users deviating from the prescribed (socially optimal) behavior needs to be understood. In this paper, we formulate open and closed networks of queues models capturing the essence of the issues mentioned above. We use the "power" as the objective function to be maximized and consider two service disciplines at a queueing point: FIFO and 1-limited Cyclic (Head-of-the-Line-Processor Sharing). We analyse these models to provide characterization of the relative performance of the two control approaches (rate and window) under social, individual, and greedy optimization. Special attention is given to the behavior of the solutions as the ratio of the mean propagation delay to the mean service time becomes large.<<ETX>>

Virtual private networks (VPNs) are the used by enterprises to secure sensitive traffic going over public network infrastructure like the Internet. In VPNs, geographically separated networks belonging to the same community of interest (COI) are connected through virtual links (security associations) between VPN gateways. VPN gateways authenticate traffic, encrypt packets, and decrypt packets so that only encrypted packets from VPN customers travel the public network infrastructure. Each of these encrypted packets has the entire original IP packet encrypted and has a new IP header added to route the packet from the source gateway to the destination gateway. Of course, this implies that the source gateway needs to map the destination network prefix to the plain and cipher text addresses of the destination gateway. This mapping is used to create a security association between VPN gateways when the first packet carrying the destination network prefix arrives at the source gateway. In the currently deployed VPNs, each VPN gateway is configured manually with a table containing mapping from each network prefix to the IP address(es) of the VPN gateway that fronts that prefix. Manual configuration process cannot scale to VPNs with large number of plain text (trusted) networks and cannot handle situations where entire (trusted) networks move frequently and attach to different VPN gateways. In particular, the Global Information Grid (GIG) vision of the future network for DoD communities indicates the need for VPNs with several tens of thousands to a million gateways and similar number of trusted networks. For such networks, we need discovery mechanism for a VPN gateway to automatically find out which peer VPN gateway currently fronts for a given network (prefix) so a security association can be established for transmitting encrypted packets to that prefix. We would like this discovery mechanism to require minimal information transfer from plain text (PT) to cipher text (CT) side. Several discovery approaches have been proposed and investigated. In this paper, we discuss key elements and organization of a new discovery mechanism, which uses a system of servers. The server organization is based on partitioning the space of prefixes and is designed to allow scalability and mobility support while keeping communication between these servers simple. We describe key ideas and key information exchange, and show how the solution scales to millions of prefixes. We also discuss how these ideas can be extended to add hierarchies and take advantage of sub communities of interest. Hierarchies may also be useful in dealing with multiple levels of cipher text networks separated by CT-PT-CT gateways.