Back to TIK home page


Da CaPo++ - A Framework for Dynamic Configuration of Communication Systems


Table of Content of the project description:

Introduction

The project Da CaPo++ develops an application framework for high-speed networks. In addition, a number of real-world applications, such as a tele-banking scenario, an extended World Wide Web browser, and a video conference, are developed. Multimedia-applications are intended to be used for cooperating persons, working with interconnected workstations. A main focus is on sales suport, customer information and consulting, and banking retail business. The basic idea of applying re-useable application elements within the framework lead to the development of a modular approach. Therefore, the application framework encompasses in a three-layer model application components, applications, and application scenarios.

Furthermore, these applications require a certain degree of security , concerning transactions within banking applications or considering credit card identification numbers to be used within a Web page. These degrees of required security may vary by strong or low authentication, unnecessary or demanded privacy. According to these requirements a number of different algorithms may be used. For this reason, a configurable degree of parametrizable security is developed within the project Da CaPo++. As well as further communication relevant information are expressed in Quality-of-Service (QoS) attributes, a set of security QoS are developed.

Delivering this variety of service to another variety of applications leads to the design of an application programming interface that hides all communication relevant details form the application programmer, that offers a simple set of straightforward procedures, and that provides an efficient performance behavior.

The underlying communication system is based on a configurable approach of communication protocols that are adapted to application requirements, which in turn are expressed as QoS attributes. Previous work in this area has been done within an ETH-Project on configurable communication protocols. Therefore, the Da CaPo core system is applied as a suitable development platform for above mentioned applications. In addition, the core system is extended to provide secure communication protocols according to different levels of specification. As many multimedia-applications require a one-to many communication association, e.g., for a video conference, instead of a simple one-to-one association, e.g., for a ftp application, the core system is sustained by reliable multicasting features and communication protocol functions.

Related Work and Background

Due to the range of relevant topics that are integrated in the presented approach, a variety of different areas of related work is important. Main aspects are covered by the following areas. Flexible communication subsystems have been designed to support high-performance applications, such as F-CSS /ZSTa93/ or ADAPTIVE /ScSu93/. In addition, QoS concepts have been designed and evaluated in /Dant94/, /CCHu94/, and /Stil96a/ to allow for sophisticated characterizations of applications and specification of communication requirements. In detail, security issues are dealt by a number of approaches, e.g., basic work in /VoKe83/, specific algorithms and protocols are presented in /Schn96/. A good overview of security relevant policies and solutions may be found in /Purs93/. Many algorithms handle multicast communications, such as initial work in /Deer91/ and /CaDe92/ detects. Additionally, an ample spectrum of projects deal with the handling of multi-media applications. Amongst others, examples comprise transmission of continuous media via the World Wide Web /WFWe96/, /Soo94/ or video conference applications /IsTa93/. Finally, application programming interfaces in object-oriented environments have been studied, e.g., in /Schm92/. However, throughout this paper the presented approach handles multi-media applications in an integrated manner, including a close cooperation between them, the application programming interface, Quality-of-Service concepts, and the communication subsystem itself.

Application Framework

The basics for defining the application framework for the Da CaPo++-Project comprise a layered hierarchy /Stil96b/. Especially a defined three-layer hierarchy allows for a very flexible and modular design and implementation of a variety of application scenarios.

The lowest layer comprise application components that are placed directly via a specified application programming interface on top of the Da CaPo core system. In the middle layer, applications are constructed out of application components in addition to special application functionality and a separatley useable graphical user interface. In the upper layer application scenarios are used to consolidate multiple applications. They provide extensive functionality and features for complex user requirements, including a specifically designed graphical user interface for control and meta-control purposes. All these elements (application components, applications, and application scenarios) are placed in one of the layers based on their specific objectives and features.

The application component - just component in short - forms the basic building block for the application framework. It defines in the lowest level of the hierarchy differentiated and separately useable parts of traditional applications. They provide a separated functionality only, a set of tightly bound features including an application programming interface, but no graphical user interface. Examples include but are not limited to, audio/video presentation, messaging service, or application sharing. Traditional applications, such as picture (video) or standard (voice) phone or video conferencing, have been placed in the middle of the hierarchy. However, within the framework they are functionally structured out of single or multiple application components. Additionally, application provide a separate graphical user interface for controling exactly this one only. Specific user control features to run this application sufficiently is provided. Nevertheless, an application in this sense is able to run stand alone. Finally, a huge variety of applications may be combined for designing complex application scenarios - scenario in short - that provide functionality, graphical user interfaces, and meta control interfaces to fulfill emerging user requirements in tele-operating environments. In the defined terminology, modern applications such as teleseminar or teleteaching belong to the layer of application scenarios.

Extending the Communication Subsystem

The basis for a flexible communication subsystem has been established within a previos project at ETH Zürich called Da CaPo. This subsystem is being extended to allow a flexible and efficient approach in communication support for real-world applications. This is as explained above the focus on an application framework including a sophisticated and efficient application programming interface as well as security and multicast capabilities.

The Application Programming Interface

The Da CaPo++ communication subsystem is implemented as a modular system, including a native application programming interface. This internal interface does not provide the functionality an application programmer would expect. To correct this situation, the presented solution provides a set of high-level abstractions that hide all communication subsystem internal details from applications. These high-level abstractions introduce an additional processing layer between the application and the communication subsystem, which may be coupled with a loss of efficiency, if no care is taken in the design phase. Thus, the main challenge in designing the application programming interface (API) for Da CaPo++ has been a convenient trade-off between 'ease-of-use' and efficiency. On one hand the offered abstractions allow for a better understanding of the communication subsystem features and make the application code more readable. On the other hand, they guarantee that the application programmer is only granted access to necessary information. As an important advantage these abstractions provide a greater security and reliability by strictly restricting accesses.

Security and Multicast Issues

Security and multicasting are both elements that are gaining significance in today's networks. Multicasting is especially useful in the context of high-volume multimedia applications, where a group of users wants to share the same information, e.g., follow the same documentary movie, or participate in a teleconference. Efficient multicasting saves considerable ressources in the sending end system and in the network infrastructure. Up to now, 'reliable' multicasting was not an integral part of advanced communication systems, and its QoS aspects have not been fully valued. Additionally, security is gaining importance due to the increased commercial use of todays open networks. Data protection and the authentication of participants have to be provided by modern approaches to form the basis for real-world applications.

Assessing Security Capabilities

Securing communication with Da CaPo++ is achieved by defining protocols that include encrypting and authenticating modules. Depending on abstract security requirements that may be specified by the application, the configuration process will employ these modules, taking into account that security may be provided by the underlying infrastructure, e.g., secure IP. A static key and certificate database allows for the application-independant storage and retrieval of public keys and related information. The actual control of security in Da CaPo++ is done by the Security Manager which consists of several building blocks. Security capabilities of the Da CaPo++ communication subsystem cover four different areas. Firstly, users have to identify themselves to Da CaPo++ and have to prove their identity. Secondly, applications that want to use Da CaPo++ in a secure fashion have to be identified and authenticated by Da CaPo++. Another important area is the machine-machine authentication that allows two Da CaPo++ endsystems to communicate in an authenticated and secure manner even if no security aware application or end-user is available. Finally, the fourth area covers the actual encryption and authentication of data that is transmitted over an unprotected network. The second and third area may be coalesced into one, if user authentication is done through the application. Such behavior is not encouraged, as it leads to the necessity of a multitude of ‘logins’ for the user. All four areas show different behavior depending on whether a delegation of the respective identity to the Da CaPo++ communication subsystem takes place. For simplicity, this is assumed to be the case.

The functionality of the Security Manager can be separated into three interoperating blocks, which comprises the association and authentication of users and applications, the attribute translation for QoS requirements, and protocol management consisting of module rekeying, event propagation, reconfiguration, and key management. To handle time dependant actions and check the current state of a running protocol the Security Manager possesses its private controlling thread in the Da CaPo++ communication subsystem. Over a dedicated application users may directly influence the behavior of Da CaPo++, independently from the application that they are currently using. They may induce actions like rekeying, switching security for one particular protocol graph on or off, generally controlling the behavior of protocols, and they are able to authenticate themselves and security-unaware applications over that interface.

Assessing Multicast Capabilities

The Da CaPo++ communication subsytem offers unidirectional point-to-multipoint multicasting based on a multicast capable infrastructure. Multicast flows are created by the application programing interface of the Da CaPo++ communication subsystem that wants to send user data. Similar to unicast sessions, multicast flows are part of sessions, however, multicast sessions are exclusively controlled by the creator of the session which is exactly the only sender. The Da CaPo++ multicast paradigm uses receiver initiated join. New participants are allowed to join a running session, while joining automatically all flows inside this session. During the set-up phase multicast connections are supported by a multicast-capable Connection Manager and they are supported by multicast error control C-modules within the configured communication protocol.

Technical Approach

In progress.

Just in short about the implementation platform. SUN SPARCstations are used to implement the complete scenario. They run Solaris 2.5.1 and are supported by SUN video-boards, cameras, and microphones.

Initial Experiences

To be written.

References

/CaDe92/ S. Casner, S. E. Deering: First IETF Internet Audiocast; ACM Computer Communication Review, Vol. 22, No. 3, July 1992, pp 92 - 97.
/CCHu94/ A. Campbell. G. Coulson, D. Hutchison: A Quality-of-Service Architecture; ACM Computer Communication Review, Vol. 24, No. 2, April 1994, pp 6 - 27.
/Dant94/ A. Danthine: The OSI'95 Transport Service with Multimedia Support - Reserach Reports ESPRIT, Project 5341, Volume No. 1; Springer, Berlin, Germany, 1994.
/Deer91/ S. E. Deering: Multicast Routing in a Datagram Internetwork; Ph.D. Thesis, Stanford University, California, U.S.A., December 1991.
/IsTa93/ E. Isaacs, J. Tang: What Video Can and Can't do for Collabortaion: A Case Study; ACM Multimedia, June 1993, pp 199 - 206.
/Purs93/ M. Purser: Secure Data Networking; Artech House, Boston, Massachusetts, U.S.A., 1993.
/Schm92/ D. C. Schmidt: IPC_SAP: An Object-Oriented Interface to Interprocess Comunication Services; C++ Report, November/December 1992.
/Schn96/ B. Schneier: Applied Cryptography; John Wiley & Sons Inc. New York, New York, U.S.A., 1994.
/ScSu93/ D. C. Schmidt, T. Suda: An Object-Oriented Framework for Dynamically Configuring Extensible Distributed Systems; BSC/IEE Distributed System Engineering Journal, Vol. 1, No. 5, 1995.
/Soo94/ J. Soo: Live Multimedia over HTTP: 2nd International World Wide Web Conference, Mosaic and the Web, Chicago, Illinois, U.S.A., October 1994.
/Stil96a/ B. Stiller: Quality-of-Service - Dienstgüte in Hochgeschwindigkeitsnetzen; International Thomson Publishing, TAT No. 21, Bonn, Germany, 1996.
/Stil96b/ B. Stiller: An Application Framework for the Da CaPo++ Project; 5th Open Workshop for High Speed Networks, ENST Paris, France, March 20-21, 1996, pp 4-17 - 4-24
/VoKe83/ V. Voydock, S. Kent: Security Mechanisms in High-Level Protocols; ACM Computing Surveys, Vol. 15, No. 2, June 1983, pp 135 - 171.
/WFWe96/ K. Wolf, K. Froitzheim, M. Weber: Interactive Video and Remote Control via the World Wide Web: in European Workshop on Interactive Distributed Multimedia Systems and Services, IDMS`96, Berlin, Germany, March 1996, pp 91 - 104.
/ZSTa93/ M. Zitterbart, B. Stiller, A. N.Tantawy: A Model for Flexible High-Performance Communication Subsystems; IEEE Journal on Selected Areas in Communications, Vol. 11, No. 4, May 1993, pp 507 - 518.

Project Schedule

Project StartJuly 1, 1995
Intermediate Demo (internal)July 1, 1996
Final Demo (internal)July 1, 1997
Project FinishJune 30, 1997

Contact Persons

The KWF-Da CaPo++-Project No. 2984.1 is funded by three institutions. This is in the first place the Swiss federal support coming from Kommission für Technologie und Innovation KTI (Commission for Technology and Innovation), formerly Kommission zur Förderung der wissenschaftlichen Forschung KWF (Commission for Supporting Research) . Besides the Eidgenössische Technische Hochschule ETH, Institut für Technische Informatik und Kommunikationsnetze TIK, Schweizerischer Bankverein SBV, Basel (Swiss Bank Corporation) and XMIT AG, Zürich are active projectc partners and support the project.

ETH Zürich, TIK:

Swiss Bank Corporation, Basel:

  • Dr. Thomas Gutekunst
  • Julia Fominaya
  • Markus Soland

XMIT AG, Zürich:

  • Dr. Erich Rütsche


Back to TIK home page Last updated April 22, 1996 by stiller@tik.ee.ethz.ch