From: Chandrika N Jayant (chandrika@nyu.edu)
Date: Sun Nov 14 2004 - 23:48:13 PST
“Upgrading Transport Protocols using Untrusted Mobile Code”
Written by Patel, Whitaker, Wetherall, Lepreau, Stack
Reviewed by Chandrika Jayant
The Internet is constantly evolving, and transport layer improvements are a large part of this growth. Deployment is a serious issue, however, since most transport extensions up to the time this paper was written (2003) require changing both endpoints, a process that can take years. This can discourage innovation or early implementation, or lead to substandard improvements.
The authors in this paper present Self-spreading Transport Protocols (STP), a system which allows just one of the hosts to upgrade the transport protocol used by its peer. This is done using untrusted mobile code; however, using a safe API in the kernel, safety is still preserved. The authors propose that this system could be rapidly deployed with little effort, using only one host even when both ends need the protocol for it to be truly useful. The system addresses the problems of compatibility, incentive, and delay that are inherent in current transport protocol extensions. The authors claim their system provides high levels of security and performance with low overhead. (The authors show that using Cyclone has significant costs- future versions could help to further decrease overhead.) Safety is a main concern as hosts and network resources could be at risk with untrusted mobile code. This is taken care of by using type-safe languages, memory, and CPU control.
I am impressed with the idea of STP, but concerned about how safe it really is. I would have liked to see more discussion on how safe the security provided really is- it would have been good to show a bunch of potential security problems that the safety controls in STP could take care of. Practical implementation versus theory would be useful here. If something unsecure was spotted, how would STP handle it? Perhaps there could be priorities of what parts of the protocol must be the most secure, to parts that the system could possibly tolerate some failure in.
The authors do a good job talking about STP’s flexibility and limitations. They mention that they surveyed a large number of TCP extensions in detail, and fully implemented 3 of those. They should have shown general results stemming from all the extensions they evaluated with STP, or at least expected trends, for a more global picture.
The authors claim that STP would be useful in practice and that it would ease future deployments of new transport protocols. While STP is compatible with many transports and applications already in existence, there are others like wireless protocols or protocols with UDP-style socket interfaces, that cannot be implemented with STP. How prevalent are those protocols? Also, how easy will it be to realistically deploy STP? What would be the first steps, and how can we be convinced it would not take years as well?
This archive was generated by hypermail 2.1.6 : Sun Nov 14 2004 - 23:48:18 PST