Potential Research Topics for Master and Ph.D. students
by C. Edward Chow

Advanced Content Switch, Web Systems, and Cluster

• Linxu-based Kernel Level Content Switch or Application Level Content Switch Design:
  We have developed Linux-based Content Switches (LCS and LACS) for routing packets based on IP/port/SSL Session ID/url/XML content of the incoming packets and a set of switching rules. Related research topics are:
  • Conflict detection of contet switching rules ( can be applied to network policies).
  • Use multiple content switches to speed up performance. It was found that SSL processing is the bottleneck in LACS but it requires additional support before the https requests can be redirected to another content switch. See the "Parallel Secure Content Switch" for more details.
  • Fast String Matching/Extraction techniques: Both in searching engine and HTTP/XML content extraction we have observed needs for matching specific string pattern and then extracting part of the string pattern, or string with position relative to the string pattern. This project will focus on fast or parallel techniques for such operations.
  • Thesis reports: Weihong Wong, Chandra Prakash, Ganesh Godavari.
    
• Content Switch Design Based on Network Processor.
  We are currently porting LACS to Intel IXP 1200 network processor. Learn about VxWork embedded OS and network processing. Related research topics are:
  • parallel processing the content extraction and rule matching tasks.
  • Porting and optimizing content switching code.
  • Security in embedded operating system such as VxWork.
• Parallel Secure Content Switch.
  SSL is a known security related protocol used as session layer for enhancing
  quite a lot of Internet network services.
  Ganesh Godavari have developed a Linux-based secure content switch based on
  OpenSSL. We have identified that the SSL processing in the content switch is
  the main bottleneck through extensive benchmarking. To speedup SSL processing,
  we are interested in
  • using SSL accelerators. We just got Intel equipment grant with 8 CEA7110 e-
    Commerce Accelerator. This project will be to explore the use of multiple SSL
    accelerators in improving the secure content switch performance.
  • explore the use server id parameter in OpenSSL0.7 so that multiple content
    switch (Linux PC) can be used as a unit.
    
• Packet Rewrite techniques
  They allow the web server to redirect web requests to other web servers when it is overloaded. Compare the performance with that of content switch based cluster.
• Achieving web cluster performance through web page rewrite.
  I have a patent in rewriting web pages for achieving load balancing and performance in web server cluster. I am interested in some students implementing the ideas and compare its performance with that of content switch-based web server cluster.
• Enhanced Web Service Systems
  We have obtained the donation from Intel, 4 CEA7280 XML Directors. I am interested in using these machines in projects that enhance the web services. The related projects will be to compare the perform of such systems with those of LACS and IXPCS.
• Apply our Linux kernel-based content switch in Storage Area Networks and explore the use 10Gigabit MetroEthernet in SAN.
  

Multipath Routing

• Design and implement protocol software and API for supporting mulitpath routing. The protocol involves entities such as multiple path sender, multiple path receiver, and connection relay server.
• Connection relay server location problem: Given a network topology (or Internet Topology), find the optimal locations for n connection relay server. Substitute connection relay server with edge cache server then this becomes a server location problem in the Content Delivery Network.
• Mirror sites selection problem. Given a set of mirror sites (say redhat mirror sites) and a client location, find the optimal subset of mirror sites for parallel download of a package. We need to choose faster servers with lighter load and bigger available bandwidth among them and the client.
• Parallel Download from Mirror Site. I have developed software for downloading software packages from multiple mirror sites concurrently. The scheduling of retrieval and merging of the data need some work.

Network Measurement

• Investigate bandwidth measurement techniques that require low overhead, few probing messages, and good estimation results of bottleneck and available bandwidth.
• The research can be based on Modified Bprobe, Cprobe, Aprobe, pathchar, ping, traceroute tools.
• The techniques are critical in server/ISP selection, billing, network control, network monitoring, and real-time streaming applications.

Scalable Collaborative Systems

• Improve features and performance of IRC (AIM and Messenger) and Group Support Systems to support thousands of collaborative users simultaneously.
• Investigate network architecture for supporting scalable collaborative system. Use multicast and concast (filter/merge) for reducing packet processing time and network load.
• Investigate ubiquitous web client/web server/cache server system
• Extending ESI for Collaborative Tasks.
  Extend the existing ESI tags to allow multiple sources, filtering, and merging of data. Based on Aparna Yeddula's master project that use JSP/servlet to implement subset of ESI for a dynamic cache server. Extend ESI for supporting customization of web page layout (fragments) and collaborative tools that generate those web pages.
• Aparna Yeddule's master project report on Generate Dynamic Content on Cache Server, ppt presentation.

Network Security

• Wireless Security: Investiage proposed wireless security standards, 802.1x/PEAP/TTLS, develop software support on Linux/Windows Clients and Servers. http://cs.uccs.edu/~chow/research/wlan/wirelessSecurity.htm
• Efficient Intrusion Detection Systems. Based on protocol behavior, Hekki's Dynamic Packet Filter work.
• Explore the use of multiple gateways for intrusion detection defense.

  DDOS attacks can flood an organization with quite a lot of packets. We are
  interested in exploring the alternative routes for normal/trusted users. The
  outgoing alternative routes can be easily established through those additional
  gateways, but we need to find ways (new protocol, new architectures, or new
  techniques) to route the legitimate traffic through those additional
  gateways. On such technique is the multiple path routing where traffic
  between a client and a server is going through a set of connection relay
  servers. It can be used to improve the performance (multiple route -> higher
  aggregated bandwidth), the reliability (duplicate packets over different
  routes), and the security (the sender choose the routes that is less
  congested.). Note that it is easy to reroute the outgoing traffic but it is harder to redirect existing or even future incoming traffic.
  

• Develop a secure runtime/programming environment for studying the behavior of the virus and network worms. Basedon User mode Linux (UML) and virtual machine similar to VMWare.
• Enhance web service security.

  Web service was original proposed platform/language independent
  interface/system for integrating web services at different
  organizations/servers through HTTP/SOAP/UDDI. Security is an after-thought.
  There are standards/groups that work very actively to specify protocols/APIs
  that will address the security issues. This project will focus on the security
  risks and their solutions that cannot be addressed by just SSL. Related
  article/discussion in http://zdnet.com.com/2100-1106-943051.html. IBM,
  Microsoft, Verisign has WS-Secure effort. http://www-
  106.ibm.com/developerworks/library/ws-secure/

• Hybrid CNA-CND Evaluation System.

  Simulator such as VNS proved to be an effective training tool for
  beginning security lessons. An interface from VNS to a small network security
  prototype such as A2D2 developed by Angela Cearns at UCCS will
  provide a more realistic learning, feedback, and evaluation environment for
  computer network security. This project will explore the design and
  development of such Hybrid system.

Wireless Multimedia

• Wireless Multimedia Gateway System
  improving exsiting Linux multimedia gateway.
  

Routing

• Routing protocols
  1) ospf graceful restart
  2) Traffic engineering extensions for OSPF
  3) BGP extensions
  - graceful restart
  - route reflectors
  - communities
  - VPN extensions for MPLS
  .
• MPLS related Research
  Add Traffic engineering extensions to RSVP
  (base RSVP is available from ISI)
  Implement LSP ping mechanism to MPLS