My current research interests are in the areas of distributed and ubiquitous systems, and mobile computing. I am a member of the Laboratory for Advanced Systems Research (LASR) research group, headed by Dr. Peter Reiher.

Policy Negotiation in Panoply (PhD Dissertation)

I am currently involved in the Panoply project, which aims to create a scalable and secure middleware for ubiquitous computing interactions. Panoply units are called spheres of influence, which are devices or groups of devices united by a shared set of characteristics, such as location, task or social organization. Spheres can be related to each other as parents, children or siblings; the transitiveness of the relationship properties also creates ancestral and descendant relations. We generally use the child relationship to describe membership within a group sphere. Spheres scope policy and context; this allows interactions among heterogeneous ubiquitous computing entities (real or virtual) in a decentralized manner without the help of a global authority. Macro-level sphere functions include discovery of location spheres to connect to, negotiation for membership and access permissions for resources and information, and event dissemination.
            My research focus within Panoply lies in policy management and negotiation among spheres. This is an important problem in its own right, and its scope is not limited to Panoply spheres but to a general class of interactions among heterogeneous domains that participate in a ubiquitous computing environment. The problem in a nutshell is to allow disparate entities with differing knowledge about the world and diverse security and access control policies to interact with each other, share resources and offer services in an automated manner. We approach this problem from a security-conscious point of view, so that entities must evaluate the security risks of performing or permitting any action before those actions take place. Often in ubiquitous computing, security information and policies will not be absolute or completely specified, and a negotiation process aims to provide the users of computing devices the functions he desires while maintaining his security requirements to the utmost. Not only should users be free from having to make frequent security decisions, they would often not be in a position to make suitable decisions about issues that computers can handle, given a formal policy language, a resource description framework and a decision-making engine.

            I am currently a PhD candidate, having passed my PhD. oral qualifying examination on November 18^th, 2005.

Quarantine, Examination and Decontamination (part of Panoply Project)

Earlier on in my PhD research, I was involved in the design and implementation of a system called QED, which performed integrity analysis of devices as a prerequisite for membership within a Panoply sphere. There are three parts to QED, namely quarantine, examination and decontamination, which collectively provide a comprehensive security solution for mutual interaction among nomadic devices and networks.

Threat Detection in an Intel IXP-based Stateful Firewall (Internship at Intel Corporation, Chandler, Arizona)

My summer internship project at Intel (June-September 2004) involved research and design in pattern matching, the aim being a fast, effective stateful firewall that could detect and filter a range of threats, which include viruses, worms and intrusion attempts. Such threats cannot be averted by using basic firewalling techniques that only look at packet headers; deep packet inspection (or inspection of packet content) must be performed. Since the content could be any arbitrary sequence of bytes and the patterns (virus signatures, well-known executables and commands) not known in advance, doing such inspection and simultaneously delivering the performance expected of a commercial router poses numerous challenges. The benefits are not limited to threat detection; these techniques can be used for content routing and screeing of sensitive content that might cross enterprise firewalls.
            Theoretically, the problem was conceived as the detection of one among a set of given patterns strings within an input text string. Practically, the solution was designed to be added as a module to the Condition-Action framework of an already existing firewall built for Intel IXP 2400 and 2800 routers. Since the target was to investigate whether such pattern matching could be done at line speeds, it was necessary to design effective data structures and efficient algorithms.
            The algorithms chosen were adaptations and extensions of the DAWG-Match and the Wu-Manber algorithms. Extensions involved checking with case dependence, offset and depth within a packet and matching patterns spanning multiple packets. The algorithms so designed were implemented and tested on the IXP Developers Workbench v3.51. The algorithmic contributions resulted in the publication of multiple Invention Disclosures (IDFs in Intel parliance), two of which have resulted in patents.
            My experience at Intel was both enjoyable and rewarding, and I gained invaluable lessons that will guide me throughout my research career.

Active Networks (Master of Science project)

Prior to my Phd research, I was involved in the field of active networks, which contributed towards by Master of Science degree.

I was one of the members of the Panda Active Networks project, funded by DARPA, which was completed in July 2002.

Based on the ideas we had demonstrated and observed in action with Panda, we demonstrated through a separate project how active networks could be used to efficiently manage and adapt real world distributed applications; multiplayer games over the Internet. The target application I worked on involved multiplayer DOOM. Click here for more details.

Other projects that I have been involved in during the course of my graduate study in UCLA are:

• Comparing schemes that enhance fault-tolerance in bi-directional multicast trees using redundant links: This project involved simulation of bi-directional multicast trees, designing of evaluation metrics and testing. Three schemes for fault tolerance were compared: link protection, path protection and dual tree.
• Providing security for on-demand routing in Mobile Ad-hoc Networks (MANET): A reputation-based framework for estimating trustworthiness of nodes was designed and implemented as an extension of the Dynamic Source Routing (DSR) protocol, in the NS-2 network simulator.
• Quantitative evalaution of wireless channel characteristics for development of an efficient packet scheduling algorithm: We were able to gather a huge amount of data that could be useful for correlating wireless channel throughput and the signal quality perceived by individual nodes.
• Investigating load balancing algorithms for wide-area multiplayer games on a heterogeneous network: An actual multiplayer game (based on Tag) was designed and implemented on a multicomputer using the MPI library. Various load balancing algorithms were incorporated and tested using this framework.

Click here to view my list of publications.

[Home] | [Department] | [Resume] | [Current Work] | [Publications] | [Pictures]

 

[Contact Address] | [E-Mail]