Using Active Networks to Enable Universal ...

Special Issue

Using Active Networks to Enable Universal Personal Computing MÁRIA TÖRÖ AND VICTOR C.M. LEUNG Department of Electrical and Computer Engineering The University of British Columbia 2356 Main Mall, Vancouver, BC, Canada V6T 1Z4 {mariat, vleung}@ece.ubc.ca

Abstract. Active networking is an emerging research area aimed at providing flexible and user definable services by employing switches and routers capable of executing user supplied programs and performing computations on user data in transit. This networking environment can be customized on a per user application basis. As the use of network computing applications becomes globally pervasive, users will demand new services which allow network access by nomadic users not only using their own portable computers, but using also any locally available networked computers or workstations, while providing each user with a personalized computing environment regardless of access location or computing equipment. This form of service, called universal personal computing, is also an emerging research area. In this paper, we review the capabilities of active networks as proposed in recent papers, and discuss the issues of implementing universal personal computing. By examining how these issues are addressed by active networks, we propose that active networks present an excellent platform for realizing universal personal computing service.

1 INTRODUCTION With the ubiquitous availability of network facilities, one does not question any longer whether or not one can access these facilities. Instead, the qualitative aspects of network access have become the dominating considerations: what kind of access one can have, what kind of services are available, etc. The providers are hard pressed to keep pace with the increasing variety of user demands. Much ongoing research is related to these qualitative aspects, such as research on: active networking, mobile agents, digital objects, electronic currency, nomadic computing, etc. In this paper we focus on how the capabilities and functions of active networks (ANs) [1-3] facilitate the realization of universal personal computing (UPC) services, which provides nomadic users with personalized network computing environments regardless of the point of network access or computing equipment employed. Active networking [1-3] is a relatively new research area. It revises the traditional model of communication systems where a layered protocol stack provides the required services. Each layer in the stack utilizes the service of the underlying layer, and enhances it with its own functions. These functions are standardized and applied to the control part of any protocol data unit (PDU) passed through the layer, while the user data is passed Submission

transparently. The standardization of these functions is time consuming, and results in a relatively small, fixed set of services. Hence such a system can hardly adapt to the quickly changing requirements of modern users and applications. In contrast, nodes or switches of an AN are programmable to perform computation on both the control and user data part of PDUs. Users may specify the computation executed by the node on the data in transit by providing the required programs. Network administrators, on the other hand, can also easily introduce new services that the users can combine in a variety of ways. This results in a networking environment where the data processing can be customized on a per user or per application basis. Besides, the network can be easily tuned to different conditions to provide better performances [4]. It is said [1] that "Active networks will provide the building blocks for a shared information infrastructure that transcends many administrative domains." It is anticipated that this information infrastructure will provide a new perspective in the support of mobile or nomadic computing as described in [5, 6]. Currently, mobility support in the Internet addresses the mobility of user terminals only, employing the recently standardized mobile-IP extension [7]. However, with additional capabilities provided by the network, mobile users can

1

M. Törö and V. C. M. Leung make use of their portable or any other available computing equipment, ranging from personal digital assistants, palmtops, to powerful laptops and fixed network computers and workstations, to access computing and communication services transparently, independently of their current location. Moreover, in many cases, especially when a foreign terminal is being used, it is desirable for the mobile user to be able to access a personalized computing environment and any necessary resources. This requires an additional level of mobility support above the currently available terminal mobility support, which we call user mobility support. The concept of user mobility exists in the ITU-T Universal Personal Telecommunication (UPT) standard [8]. UPT is one of the applications of the Intelligent Networks, which enables users to access a user-defined set of subscribed services, including initiation and reception of calls, on the basis of unique personal network-transparent UPT numbers, irrespective of their current geographic locations or terminal equipment employed. This access is limited only by the terminal and network capabilities. UPC [9] is a similar concept, which however targets the network computing rather than the telecommunications domain. With UPC a user would be able to access her personal computing environment adjusted to the local facilities from any location using any locally available computing equipment, even during migration [10-12]. As UPC is a relatively new area of research, many challenges exist in realizing its full capabilities. In this paper, we consider how ANs may be useful in meeting some of these challenges. We start by giving an overview of the properties and capabilities of ANs as proposed in the recent literature. We then review the basic properties of UPC, and identify some important issues in UPC implementation. We examine the suitability of ANs to address these issues, and propose that ANs provide an excellent platform for the realization of UPC services. It is our intention, through the discussions in this paper, to contribute to the identification of future applications of ANs.

2 REVIEW OF ACTIVE NETWORKS The idea behind ANs is that the network nodes are enabled to perform computation on the PDUs in transit instead of simply forwarding them to the destination. This can be achieved in a discrete manner or in an integrated way [1]. The discrete approach supplies the program for the computation separately from the injection of the data on which the computation is performed. The capsules of the integrated approach carry both: the program and the data to which it should be applied. In any case this implies solutions for interoperability, meta-data specification, and security.

2

2.1

INTEROPERABILITY MODEL

The interoperability should be provided at two levels: the computational and the communication level. The computational level deals with issues of programming of active nodes [2, 13]. Mainly this level is exposed to the users. The communication level supports the computational level by providing basic means of exchanging programs and data between the nodes. The two together compose a homogenous programmable networking environment. Computational level. To provide a wide range of computations according to the various user demands, instead of standardizing the computations themselves as performed in network nodes, the computational model has to be standardized, i.e., the instruction set which can be used to program an active node. This should deal with such aspects as encoding of network programs, primitives available at each-node, and the description and allocation of resources. Standardizing the instruction set will provide the required portability between different platforms. This means that both the syntax and the semantics of the instructions have to be specified. It is desirable to define the instruction set at a relatively high level of abstraction (e.g., a high-level scripting language). This would give enough freedom to adopt these instructions on different platforms. Even at this level of abstraction an average user may not be able or willing to use the instruction set directly. Rather, a set of basic components (or foundation components [13]) could be defined which can then be combined freely in applications according to the user's needs. It is also desirable to remove the redundancy of the transmissions of the same program over and over again, when many users require the same computation, by extending the computational model with a class hierarchy of (basic) components. They would provide secure access to the node's embedded operating system, while facilitating reuse. Communication level. The AN still needs to deliver the required information to the right place. Since the network environment is in general heterogeneous with possibly dynamically changing topology, it is not trivial to determine where is the "right place" and how two arbitrary nodes communicate to each other a given program and related data. Therefore ANs need a common communication model to support the computational model. To be able to specify the "right place", there must be an established addressing convention. While the addressing convention should be unified for the whole network, and be reflected in the supporting directory system, the routing based on it is an internal matter of the

ETT

Using Active Networks to Enable Universal Personal Computing subnetworks. The routing can even be programmed under different circumstances. Current research on ANs does not address this issue. It usually presupposes the Internet addressing convention and the related routing and directory services. The other important issue is how to transfer the required information between arbitrary, possible different platforms. A transfer syntax (including transfer unit definition) and a mapping (encoding/decoding) to the transfer syntax have to be standardized to enable instructions and data to be transmitted between the nodes and interpreted consistently. The most important requirement on the transfer syntax is that it should provide an effective transmission and encoding-decoding. In existing AN test-beds, the IP packets are used as the transfer unit to carry the capsules. There is no single transfer syntax for the instructions. These conventions have to be implemented at each node to bring the different platforms up to a common level, so they can be viewed as a homogenous communication environment with a basic (minimal) set of communication services providing at least a best effort delivery. Further communication services will take advantage of the programmability of active nodes. It is extremely desirable to provide them as basic program components in the active nodes to avoid, e.g., dead-lock or live-lock situations in the network. 2.2

META-DATA SPECIFICATION

In the shared infrastructure of ANs, both the client and the provider in a contract [13, 14] should agree on: (1) which are the preconditions of a given computation to be executed, i.e., what data should be provided by the client and in what environment it is meaningful; (2) what a client can expect after the computation is executed by the network or which are the postconditions. The provider takes the responsibility for any computation and delivers the postconditions only if at least the preconditions are met by the client and the environment. This type of metaspecification supports automated verification of programs [14] that is required for safety reasons [3]. Furthermore, based on the pre- and postconditions alternate operations can be invoked. It is possible that when some of the preconditions are not met, the network will be able to replace the computation with another one or with a chain of computations, however at a different, possibly higher cost. Such a specification also describes the computational abilities of the network. It allows the user to discover new resources or services provided by basic or compound components. All these functions require a high level specification, i.e., meta-data specification, in the sense that it specifies an acceptable range of behaviour rather than a single one. These specifications form the basis for mutual

Submission

understanding at negotiation of services between a client user and a network provider. 2.3

SECURITY ISSUES

Since the computational model is common and used by both the network administration and the users to provide the required customization, the possibility of intentional or unintentional attacks is trivial. Hence the security functions are fundamental in ANs and should be designed into the system [3]. Naturally the providers have concerns mainly about the safety of the infrastructure. They want to make sure that they have full control over the resources a user may access, in order to prevent the monopolization or malicious use of these resources. Certain resources have limited access by trusted users only, which requires user authentication and authorization even after chained actions. On the other hand, certain programs also have to be trusted although they may be available to any user. In these cases the origin of the program is required to authenticate the program to ensure that it has not been changed. Beside the network, an attack may target other users as well. Users want to be sure that their personal rights and interests are maintained by the network, therefore the AN has to provide means for that. Data sent through the AN have to arrive at the right time at the right destination. This is true for any network, but the openness of ANs leaves more opportunities for attacks. So while the traditional networks may provide some security by their closed environment, users of ANs will need to use security services on a regular basis and will expect the network to support such services. Agents involve a new type of threat providers have to deal with, as described in [15]. An AN is ideal for mobile agents since it serves without modification as an agent execution environment and starts the migrated agent automatically. However, since agents act autonomously, they can generate offsprings, migrate, etc., possibly resulting in agent invasion or endless migration. Since there is no guarantee that an agent is correct, the network must take steps to avoid these undesirable possibilities.

3 UNIVERSAL PERSONAL COMPUTING 3.1

GOAL

The goal of UPC is to deliver a personal computing environment (PCE) to a user regardless of her location in the network, even during migration. In our understanding the term user reflects the context in what one is willing to appear to the system rather than a single person [6]. A user’s PCE is described by her user profile (i.e., the context) which is the registered set of resources,

3

M. Törö and V. C. M. Leung applications, and services adjusted to the user's personal preferences. UPC delivers this PCE to any location, e.g., over many network domains, and offers it on a continuous basis so that (1) any time the user logs in she will find the default environment she had previously specified or the same environment as the one she left at the last log-out; (2) it is maintained during migration of the user and her terminal over the network; (3) it is adapted to the available resources at a foreign terminal and network where applicable. The last feature distinguishes UPC from other similar works such as the BARWAN project at Berkeley [17]. At the same time UPC does not pursue active detection of the user as, for example, in Olivetti's Active Badge system [18]. 3.2

PRINCIPAL ISSUES OF UPC

Personal mobility. To allow a user to access the network from any geographical location, the user and the location where her PCE should be delivered need to be identified, and the relationship between the user and her user profile needs to be specified. Since the user-terminal/device binding does not mean a physical binding, a user can have multiple simultaneous bindings. Migration. In the case where the user logs onto a portable device/terminal she is able to migrate with the terminal. UPC interprets user migration through the user-terminal binding. Any terminal migration implies user migration. This means the location of the user/device needs to be tracked. During migration the computing environment can change due to different network platforms, different services/resources, location specific services, etc. Variety of devices/terminals. The user may access the network from any device available, such that the capabilities of these devices and the available link to the network may vary. This implies a need for the identification and description of the device/terminal and its communication capabilities. In case of a portable device employing a wireless link, further issues arise due to the low bandwidth, high latency, unreliability, and intermittent connectivity of the link. Security, accountability, charging. Since the user is allowed to access services at any location, she will be unknown to a visited network, and her identity needs to be authenticated by the home network. Also providers would like to charge users for their services, which requires usage accounting and charging. Both of these functions need security services for correctness. 4

3.3

THE MODEL OF UPC

To address many of the issues above, a virtually homogeneous distributed computing environment is needed for UPC. Since UPC entities need to make many autonomous decisions, we base our model on agents, which act on behalf of the user or the provider. Here we discuss our model at a high level of abstraction based on the entities involved in UPC: The User. In a UPC system each user is uniquely identified in the system by her logical user identifier (LUI) which is composed of the user's home domain address and a unique user name at that domain. The user is represented in the system by a user agent. The user agent is bound to the user's LUI and to the user profile describing her PCE. The user agent maintains the user location information, which is the terminal identifier(s) if applicable. When the user is not logged in, the user agent acts on her behalf. When the user is on-line, the user agent compares the user's PCE with the capabilities of the terminal the user currently is associated with. It defines the terminal specific user profile which will be maintained by the user-terminal agent for the given user-terminal association until the end of the session. The most efficient place for the user-terminal agent is the terminal itself; however this may not be possible in every case depending on the capabilities of the terminal. In the latter case the user-terminal agent resides on the network side (i.e. it runs on the server that the terminal is connected to and not on the terminal itself) and migrates as the user roams around. The Terminal. Each terminal has an identifier (an address). For mobile terminals location management is involved to maintain their correct location during migration. The terminal/device communication and other capabilities are contained in the terminal profile. We assume that a terminal can be bound only to a single user at a time. We assume that a terminal provides at least means for a user to log in with her LUI. To gain access to the system, the terminal or the provider, through the terminal, supplies the initial agent. The initial agent initiates the authentication and authorization of the user to establish the correct user-terminal binding. It finds the user agent based on the LUI and passes to it the terminal profile. The established user-terminal association is handled further by the user-terminal agent. However, if the user-terminal agent is on the network side, the initial agent maintains the connection with it during migration. The Provider (Network) The provider offers services through the provider agent. The provider agent decides who is eligible, and for ETT

Using Active Networks to Enable Universal Personal Computing what kind of services. It is contacted by the user-terminal agent, using a well-known (standard) procedure, to gain access to any service, resource, or facility in the network. It is also contacted by the initial agent to enable a visiting user to gain initial access to the network.

in figure 1.

4 UPC IN ACTIVE NETWORKS 4.1

The User-terminal Association The login procedure results in a user-terminal association. The user’s PCE, the terminal capabilities, and the services offered by the network, have to be coordinated at the user’s current location. In case of a stationary terminal this coordination is done once at logging in, while for a portable device it has to be done dynamically as the user migrates. This is the task of the user-terminal agent. It maintains the user’s terminal specific computing environment. In case of migration the user-terminal agent contacts the provider agent to discover if any facility is available at a visited domain. In case of a terminal with limited capabilities, the user-terminal agent is a mobile agent residing in the network. In this case it is able to move with the user, to handle the case when it loses contact with the user, to decide whether there is any ongoing computation which should be moved with the user and to move it, to provide means for any ongoing computation left at the location to deliver the results to the user agent for subsequent retrieval, and to retrieve them later. The user-terminal agent starts an application manager to manage each requested computation. Finally, in all cases the user-terminal agent is responsible for closing the user-terminal association. This means that when the user logs out it synchronizes the user’s PCE with the profile maintained at the home domain by the user agent, and releases any resource used by the user. The overall relationship among these agents is shown USER 1. initiation of a login Initial Agent

terminal profile

2. user authentication, authorization UserTerminal Agent

5. migration information (if they are at different sides) 3. supported subset of the user profile

user profile

UserTerminal Agent

Provider Agent 4. negotiation of local services local facilities local facilities local

facilities terminal specific user profile

Figure 1: Objects in the UPC framework

Submission

SDL DESIGN OF UPC

The discussed model is reflected in the design of UPC. For the design of UPC we have been using SDL (Specification and Description Language) [19], the standard extended finite-state machine based objectoriented specification language of ITU, which was developed for the description of interactive, real-time and distributed systems. SDL is supported by many commercial and in-house tools from which we selected ObjectGEODE [20]. It offers, among others, facilities for graphic system editing, manual or automatic random simulation, random or exhaustive verification. SDL suits very well the top-down design. It allows different levels of abstraction in the specification. The simplified system-level SDL specification of UPC is shown in figure 2, which groups the system components into five blocks (the five boxes in the figure): The User Home and the Visited Domain blocks represent the network providers; accordingly they contain a Provider Agent process. The User Home also includes the User Agent process. The User Terminal block describes the mobile terminal. It contains the Initial Agent process and a process called Mobility that imitates mobility as shown by figure 3, and forwards messages accordingly. The two Terminal Agent blocks are identical (figure 4 presents the simplified Terminal Agent 1) and separate the mobile User-Terminal Agent (UTA) from the rest of the specification, since it may run on either the terminal or the network side. The blocks are connected to each other and to the environment via channels (represented by lines with arrowheads). For each channel a list of conveyed messages is shown for each direction separately in square brackets next to the appropriate arrowhead. We have listed only the messages that are important for our discussion. The Initial Agent process of the User Terminal block (see figure 3) provides the interface to the user (channel named "User" leading to the environment). It initiates the authorization procedure with the current Provider Agent when a login is requested by a user and any time the Mobility process signals a migration. During these periods of pending connection to the UTA the Initial Agent saves all of the user messages. For authorization the Provider Agent contacts the User Agent. For the last step of a successful authorization, the Initial Agent requests for the creation of a new UTA or for migration of the existing UTA to the current location. The User Agent maintains the user profile and information about the user current location (the current terminal) and the UTA address. The User Agent is also

5

M. Törö and V. C. M. Leung

Caller

system UPC

User

[login, logout,…] Home

User Home

[authorization,…]

User Terminal

[authorize, migrate,…]

[lookup,…]

[authorize,…]

Direct2

HomeProvider Direct1 [service_list]

Terminal Agent 1

[authorization,…]

MigrationRequest

VisitorHome

AskHome

[logout,…]

[migrate]

[logout,…]

[create_UTA] Migration

[create_UTA]

[migrate,…] ForeignProvider [lookup]

Visited Domain

Terminal Agent 2 [service_list]

Network

[authorize, migrate,…]

Figure 2: The simplified system-level specification of UPC

prepared to act on behalf of the user while she is away or off-line. For example, it forwards incoming calls of interactive applications to the on-line user via the UTA. User Block UserTerminal

(1,1) authorize, migrate, logout,….

[authorization,…]

block TerminalAgent1

[authorization,…]

Mobility (1,1)

Home

User

InitialAgent

Manager (1,1) [create_UTA]

[authorization,…]

[authorize, migrate,…] [authorize, migrate,…]

Network

Figure 3: The simplified UserTerminal block

6

[logout,…]

Direct2 [logout,…]

Direct1

[logout,…]

[login, logout…]

Figure 4 gives the structure of the Terminal Agent. The Terminal Agent block contains three processes represented as boxes and interconnected by signal routes (represented by uni- and bidirectional solid lines). Connections of signal routes to the appropriate channel of the system level diagram are marked at the edges of the block frame. The processes are: the Manager, the already

UserTerminal Agent(0,1) [service_list]

Application Manager(0,20)

[migrate,…]

lookup, create_UTA ForeignProvider, Migration

VisitorHome

Figure 4: The simplified TerminalAgent1 block

ETT

Using Active Networks to Enable Universal Personal Computing mentioned User-Terminal Agent and the Application Manager. The two numbers after each process name give the initial number of process instances and their maximum number, respectively. Initially only the Manager process is instantiated. Its only function is to create (creation depicted as a directed dashed line from the creator to the created process) the User-Terminal Agent upon a request of the Provider Agent after a successful authorization of a new user. If the UTA is located in the terminal the Manager’s function can be added to the Initial Agent, otherwise to the Provider Agent’s implementation. When a new UTA is created it is based on the user profile provided by the User Agent. The migration request initiated by the User Terminal is forwarded by the current Provider to the UTA. At migration the required information for re-instantiation of the process is included in the message "create_UTA" issued by the UTA before termination. The initialization of a new or migrated UTA instance includes the notification to the User Agent of the new location and the Initial Agent about the UTA’s readiness to process user requests. The UTA serves the user requests forwarded by the Initial Agent of the User Terminal. This includes creating an Application Manager for each requested service based on the user profile. First the UTA looks up information for local services with the Provider process. In the SDL specification the Provider returns a list of process identifiers in the message "service_list" as a reference to the potential service providers. If a requested service is not available locally, the necessary code can be downloaded from the user’s home, the user profile contains the required reference information. Some application may require both a local server and a client process downloaded from the user’s home to deliver the familiar user interface. Started applications can be migrated together with the UTA. Otherwise the Application Manager will report the results of the computation to the User Agent, which may immediately forward them to the user or save them until the user requests them. Services, the user profile and the terminal capabilities are specified as SDL abstract data types. 4.2

MAPPING THE UPC DESIGN TO ACTIVE NODES

Features of active networks, which allow codes to move around and execute in the network nodes in a nonpredetermined pattern, offer excellent support for universal personal computing. Here we describe how our design can be supported by ANs. It is necessary that the user’s home and the terminal are prepared to provide UPC service, i.e., support functions specified for the User Agent and the Initial Agent. Additionally UPC requires from ANs the support of a global access to the network.

Submission

Global access to the network In order to provide global access for users, any active node serving as an access point for mobile users should recognize the logical user identifier (LUI) and should perform the authentication and authorization procedure. These functions are defined as part of the Provider process of the SDL model. Such a node should be able to resolve the LUI possibly in cooperation with other active nodes based on the communication model of ANs. Our design offers a solution similar to the DNS system: Each domain knows its own users. For a foreign user the LUI is resolved in two steps: first the domain name is resolved, then the domain is contacted and resolves the user name. The authentication and authorization should be based on the communication and security model of ANs. In our SDL model an authorization is valid to access a domain, therefore it is executed each time the user moves to a new domain. The authorization may range from a simple networking permission to the authorization to use selected or all local resources and may require different authorization procedures. Based on the gained permission the Provider Agent controls the correct access each time a service is requested, i.e., this function of the Provider should also be implemented in active nodes. UPC agents The definition of the AN and its computational model provides the advantage that there is no need for a special execution environment for mobile agents. If these agents are written according to the computational model they can run on any active node, and an active node starts them at arrival by definition, i.e., the functions of the Manager process of the Terminal Agent block are provided by active nodes. This provides a suitable environment for a mobile User-Terminal Agent when it resides on the network side. Application Managers representing services can also be implemented as mobile agents, and be delegated to different locations upon user request. The specification of the UTA and Application Managers as individual processes shows that they can be distributed over several nodes. As we mentioned, at the last step of the authorization procedure the Initial Agent requests for the creation (or migration) of the UTA. An active node may or may not be prepared to run UPC. In the first case the required functions are available at the node. Otherwise they need to be downloaded from the user’s home or any other node where they are available. The necessary information is included in the "create_UTA" request, i.e., it is a capsule delivering the data and the program (or a reference to the program). Computing environment As soon as the user gains an authorization to use local resources the question is how to provide her familiar PCE.

7

M. Törö and V. C. M. Leung For this UPC requires comparable computing environments. ANs' common interoperability model consisting of the computational and the communication models is such a homogenous environment. The user profile and the terminal profile of UPC should be based on the interoperability model, so all three entities: the user's PCE, the terminal capabilities and the network services will be comparable. UPC requires an extension of the set of available facilities at active nodes. While the current AN research focuses mainly on the communication related resources, UPC addresses any available facility. In our design the user profile describes, on the one hand, the services registered for a user and her preferences for each service. On the other hand, it also includes for each registered service the required software and hardware resources so they can be compared with and mapped into the terminal resources and the resources of the local node. It also includes searching criteria for those services which can be replaced with a locally available service. Software components supporting a variety of services we expect to be provided as basic components in ANs:

the remote access can be avoided. As the first step, the User-Terminal Agent needs to be able to find information on the available facilities. The Provider agent preemptive function is the access control, but it also can provide this meta-information or a reference to it, such as the Interface Repository of CORBA [16]. The UTA checks the set of locally available resources to determine if any part of the user's PCE can be supported by them. To be able to select or negotiate any service on this basis the UTA uses the searching criteria of the user profile. Since other services not contained in the user profile may also be interesting to the user, the User-Terminal Agent will also deliver the metainformation about the available local services to the user. For requested application level services the UserTerminal Agent starts up an Application Manager, which is also an agent that takes care of the needs of a given application: initiates the appropriate configuration of components, environment etc. and maintains the contact first of all with the User-Terminal Agent, and as necessary with the User Agent and Initial Agent.

Basic components. To implement UPC at least the different supporting communication services have to be defined, implemented according to the computational model and supplied as a public library as basic components in ANs. Based on these services, UPC agents, which are similar programs, select and compose the appropriate combination of components according to the available communication resources and service requirements. This would allow flexible tuning for cases where a wired or wireless link is used, or where different service qualities are required, for example, by a real-time video vs. transaction applications. Services required may include terminal location management (as described in [7]), error detection/correction, flow control, routing/tunneling, etc. The correct set of services can be defined only after the communication model of AN and the guaranteed services have been established.

Currently security issues on ANs are mainly related to the safety of the network, i.e., ensuring that an erroneous program will not cause damage to the node. There is no access policy. More precisely, any capsule may access anything accessible through the computational model. In the open environment of UPC this approach is not enough. The question of security is much more critical because UPC assumes user accessibility to any resource/facility in a node. The programmable environment of ANs allows software solutions for different security issues. For example, in [15] agents are suggested to implement firewalls. In our UPC model, we have vested the initial and the provider agents with the authority to grant a user with access. From the viewpoint of the provider different users may be granted with different access permissions, such as networking only, networking and reading, networking and reading and writing, etc. UPC requires a hierarchical security solution to enable distinguishing different levels of trust, in order for visiting users in foreign networks to gain certain rights while protecting more sensible information at the same time. Solutions to some of these issues may be more effective if included in the computational model of the AN.

Application level services. Application level services and their execution/searching criteria are specified in the user profile. The meta-data specifications allow this and negotiations between clients and the providers, and discovery of new services. We assume a kind of repository composed of the meta-specifications of available facilities in ANs. An application level service will be looked up locally or downloaded at a user request and it will be run locally in the active node if the user is authorized to use the required resources. This means that for many applications

8

4.3

4.5

CRUCIAL ISSUE: SECURITY

AN EXAMPLE

We have shown that ANs are excellent environments for mobile agents, and UPC relies on them extensively. Here we demonstrate a further benefit UPC can have from an AN environment due to the awareness and direct handling of communication resources. We compare the

ETT

Using Active Networks to Enable Universal Personal Computing possible UPC routing of a call to a nomadic user in the current Internet environment and in an AN environment. At the UPC level User_1 calls User_2, who is nomadic. The user agent of User_2 forwards the call to the current location. User_2 is logged in at mobile foreign terminal. In the current Internet environment terminal mobility is handled at the IP level and is transparent to the layers above, hence to UPC. User_2 registers with the user agent the permanent IP address of the foreign mobile terminal. According to the mobile-IP (MIP) [7], the mobile terminal obtains a temporary address at the foreign location and registers it with the MIP home agent and the MIP foreign agent. This means that when User_1 calls User_2, the user agent will receive and forward the call to the current location of User_2, which is the permanent address of the terminal. At the terminal’s home network the MIP home agent will intercept the packet and tunnel it to the real location of the terminal, i.e., to the MIP foreign agent, which finally delivers the packet to the user as shown in figure 5. In addition, if this is the beginning of an interactive application at the UPC level, the path can be modified only one way: by providing to User_1 for "direct interaction" the registered address of User_2 at the user agent, which is the permanent IP address of the mobile terminal. At the IP level it results in a modified path avoiding the user’s home server (see dashed line in figure 5). In the AN environment (with the assumption that IP addresses and IP packets are used) a different, per application customization of the registration is possible. The communication functions are selected on behalf of the user by the user-terminal agent. For applications based on the user identifier the temporary address can be registered, beside the terminal’s home agent, with the user agent as well since it is not hidden from UPC any more.

(Recall in the design the UTA communicates its new location to the User Agent.) In this case the transmission path of the call can be changed as shown in figure 6. The caller calls the user agent at the user’s home server, from where the terminal (foreign) agent is reached directly. As a result the detour to the terminal’s (MIP) home agent is eliminated from the delivery path. It can even be modified by issuing to the caller the current terminal (foreign) agent’s address, so the caller will address directly the terminal foreign agent and the user’s home server will also be omitted from the path. This alternative registration can be initiated by UPC. Afterwards the user agent is able to pass the temporary location to the caller User_1 for direct

User_1

call

User agent call forwarded User_2 direct interaction

caller’s packet (call) terminal

user’s home server

mobile terminal

packet (call forwarded) modified path

packet (call forwarded) terminal foreign agent

Figure 6: Transmission path of a call in AN environment

interaction. The location will be updated by the userterminal agent.

5 CONCLUSIONS User_1

call

User agent call forwarded

User_2

direct interaction user mobility level terminal mobility level caller’s packet (call) terminal

user’s home server mobile terminal

packet (call forwarded) modified path MIP home agent packet(packet(call forwarded))

packet (call forwarded) MIP foreign agent

Figure 5: Transmission path of a call to the mobile user

Submission

We have considered that implementation of UPC would greatly benefit from the flexibility of active networking. Both to support user programmable computational capabilities in the global network, and to provide a globally accessible continuous personal computing environment for the users require a homogenous computing environment. ANs’ solution of a common interoperability model resolves the problem for UPC as well. Furthermore the adaptability, which is essential and a major advantage of ANs, enables UPC to provide services over a wide range of devices. The adaptation is done by mobile agents in the UPC model. ANs are an excellent execution environment for mobile agents. Although we have only discussed in detail the user-terminal agent as a mobile agent, many other issues may involve agent delegation or migrating agents. A further convenience of the AN model is the meta-data specifications, which give a high-level description of the

9

M. Törö and V. C. M. Leung computation services, enabling such functions as contracting, match-making, etc. We expect that users will use mainly this high level information. Research on UPC is at present at an early stage, and many challenges exist in refining the concept and implementing experimental systems for proof-of-concept. While our current implementation effort is focussed on using CORBA and JAVA to realize the various agents and their interactions, as prototype systems and development tools become more widely available for ANs, we anticipate ANs to be an excellent platform for demonstrating the powerful concepts of UPC. The above discussions suggest that UPC presents an interesting set of applications that may be implemented to demonstrate the flexibility and adaptability of ANs.

ACKNOWLEDGMENT This work was supported by a grant from Motorola Wireless Data Group, Richmond, B.C., Canada.

REFERENCES [1] David L.Tennenhouse, David J. Wetherall. Towards an Active Network Architecture, SIGCOMM - Computer Communication Review, Vol. 26, No 2, pages 5-18, April 1996 [2] David L. Tennenhouse, Jonathan M. Smith, W. David Sincoskie, David J Wetherall, Gary J Minden. A Survey of Active Network Research. IEEE Communications Magazine, Vol. 35, No 1, pages 80-87, January 1997.

[8] CCITT SG1. Recommendation F.851 Universal personal telecommunication (UPT) - Service description (Service set 1). Geneva, February 1995. [9] Yalun Li, Victor C. M. Leung. Supporting personal mobility for nomadic computing over Internet. ACM Mobile Computing and Communications Review, Vol. 1, No.1, ppages 22-31, April 1997. [10] Yalun Li, Victor C.M. Leung. Protocol architecture for universal personal computing. IEEE Journal of Selected Areas in Communication, October 1997. [11] Yalun Li, Victor C. M. Leung. Object oriented model for universal personal computing. Technical Report, University of British Columbia, May 1997. [12] Jinsong Zhu, Maria Törö, Victor C. M. Leung, Son T. Vuong: Supporting Universal Personal Computing on Internet with Java and CORBA. In Proceedings of ACM Workshop on Java for High-Performance Network Computing, Palo Alto, CA, pages 271-275, March 1998. [13] D. L. Tennenhouse, S. J. Garland, L. Shrira, and M. F. Kaashoek. From Internet to ActiveNet. Request for Comments, Laboratory for Computer Science, MIT, January 1996, http://www.tns.lcs.mit.edu [14] Bertrand Meyer. Object Oriented Software Construction. Prentice Hall 1997 [15] Oliver J. Huber, Laurent Toutain. Mobile Agents in Active Networks. In ECOOP’97 Workshop on Mobile Object Systems, Jyvaskyla, Finland, June 1997 [16] CORBA V2.0, The Common Object Request Broker: Architecture and Specification, OMG, July 1995.

[3] J. M. Smith, D. J. Farbert, C. A. Gunter, S. M. Nettles, D. C. Feldmeier and W. D. Sincosie. SwitchWare: Accelerating Network Evolution (White Paper). June 1996, http://www.cis.upenn.edu/~switchware/home.html

[17] Todd D. Hodes, Randy H. Katz, Edouard Servan-Schreider, and Larry Rowe. Composable Ad hoc Location-based Services for Universal Interaction. In Proceedings of 3rd ACM/IEEE Mobicom, Budapest, Hungary, September 1997.

[4] Samrat Bhattacharjee, Kenneth L. Calvert, Ellen W. Zegura and A. Tantawy. An Architecture for Active Networking. In Seventh International Conference on High Performance Networking (HPN’97), Chapman & Hall, London, UK, pages 265-279, 1997.

[18] M. G. Brown, J. L. Encarnacao, and J.M. Rabey. Supporting User Mobility. In IFIP World Conference on Mobile Communication, Chapman & Hall, London, UK 1996, pages 69-77

[5] Leonard Kleinrock. Nomadic Computing - An Opportunity. ACM SIGCOMM, Computer Communication Review, Vol. 25, pages 36-40, January 1995.

[19] ITU-T Z.100: Specification and Description Language (SDL) [20] ObjectGEODE documentation, Verilog, Inc., 1997.

[6] XIWT, Cross Industry Working Team, Leonard Kleinrock, Chair. Nomadicity in the NII. June 1995 http://www.xiwt.org/documents/Nomads_doc/NomadsTOC .html [7] RFC2002 IP Mobility Support. IETF, October 1996.

10

ETT