home | publications | talks | projects | teaching | resume | attic | personal

Willem de Bruijn | Projects

Active Projects

Nexus: An OS for Trustworthy Applications

Nexus enables mutually distrusting parties to run code and share storage on the same machine. It can (but does not have to) take advantage of Trusted Platform Modules (TPMs) to establish trust in the OS. Above this, processes set policies in a constructive authorization logic that can express arbitrary constraints on access control subject, object and the system environment. The OS enables meaningful application level attestations, unlike the hash-based approaches directly offered by the TPM. Such 'active' attestation can, for example, ensure that once a browser has handled credit card details for a purchase at one site, it cannot make connections to any other domains. Or, it is possible to only release files when the network timeserver says that it is between 9 and 5 EST. As the example shows, trust in Nexus is not absolute, but always explicitly delegated (here, to the time server).

Nexus is a classical microkernel operating system with user-level drivers, system servers, interprocess messaging channels, and partial POSIX support. On top of it we are building privacy-enforcing cloud servers and secure voting machines.

Streamline: Fast Unix-inspired Operating System I/O

Networking and multimedia throughput is often limited by inefficient application of hardware such as caches, co-processors and interconnects. Extracting maximal throughput across diverse systems requires applications to adapt. This talk presents Streamline, a programmable operating system I/O stack that integrates all processing from device hardware up to user processes to be able to optimize throughput end-to-end. Streamline presents developers with well known Unix abstractions, such as pipelines and a virtual filesystem, to process and access volatile I/O streams. Underneath, it transports data efficiently through shared-memory channels and adapts operation to system parameters such as cache size. Streamline is open source software that integrates with Linux.

Archived Projects

BetaGIS (2004, archived)

Our goal is to move from the current practice of complex and brittle manual administration to a more reliable, automated style. The method we're using to achieve this is well established model-based reasoning. The actions taken by the automated reasoner (actuators) are innovative in that they are constructed on-demand from the tools at hand. Our prototype interacts with legacy applications in the same way as a human administrator, freeing this person from everyday micro-management tasks.

The main questions we will try to answer in the next few months (or years) are how we can encode administrator knowledge in such a way that his low level chores can be taken over by a search algorithm, how we can scale this solution to global grid environments and how well the chosen methods are suited to tackle this problem. A challenge will be to show why this more complex solution should be preferred over scripting -- the standard management automation method.

The current state of the project (as of april 15th, 2005) is that we've finished a testcase in monitoring and managing the unstable OpenPBS cluster environment. I still have to do a write-up of this, however. The methodology, together with some preliminary results, will be presented at the first IEEE workshop on Autonomous Communications and Computing (ACC2005, June 13th-16th, Taormina, Italy). See the publications page for more information.

Network Inference Engine (2003, archived)

From the project report:

The NIE is the result of a brief introductory study in expert systems tailored to a specific problem, namely that of increasing network adaptivity. The overall research initiative within which the NIE research is embedded is called Application Private Networks or APNets. APNets tries to overcome certain limiting factors in today's networks by increasing the flexibility of the network stack. For this purpose it projects to replace or supplement the existing network stack, most notably the TCP/IP stack, with more modular, special purpose protocols that are created on the fly from a set of `mini'-protocols.

Splash: SNMP plus a lightweight API for SNAP handling (2002/2003, archived)

From the website:

SPLASH can serve as a drop-in replacement for a standard snmpd daemon. The application is based on an active network environment named SNAP. It supports all existing SNMP-based management applications at no extra cost in performance. At the same time, SPLASH provides much richer functionality by permitting SNAP-based management agents to roam around the managed objects, gather information, or even fix problems without necessarily `reporting back to base'. With SPLASH, network managers are able either to issue simple SNMP requests to the network elements, or to distribute part of the management load to the nodes themselves via SNAP. Both models are useful and which one is the most suitable will depend entirely on the application. As a side note, SPLASH's seamless support for SNMP may well make it a good vehicle for more widespread deployment of Active Networking technology.

Atomsnet (2001, archived)

From the project report's summary:

Peer to peer networking is currently in its infancy. It is, however, expected to become widespread in the near future. The problem facing us is that these applications will become unusable as their popularity increases. I present a selection of technologies that control the flow of information by utilizing metadata. The characteristics of these methods and what problems a developer can expect during implementation are discussed in depth. Finally, a combination of methods is suggested to maximize usability in a practical manner.