Modern data centres provide large aggregate network capacity and multiple paths among servers. Traffic in data centres is very diverse; most of the data is produced by long, bandwidth hungry flows but the large majority of flows, which commonly come with stringent deadlines regarding their completion time, are short. It has been shown that TCP is not efficient for any of these types of traffic in modern data centres. MultiPath TCP (MPTCP) employs multipath data transport and is efficient for long flows but ill-suited for short flows.

In this paper, we present Maximum MultiPath TCP (MMPTCP), a novel transport protocol which extends MPTCP and, compared to TCP and MPTCP, reduces short flows’ completion times, while providing excellent goodput to long flows. To do so, MMPTCP runs in two phases; initially, it randomly scatters packets in the network under a single congestion window exploiting all available paths. This is beneficial to latency-sensitive flows. After a specific amount of data is sent, MMPTCP switches to a regular MultiPath TCP mode. MMPTCP is incrementally deployable in existing data centres as it does not require any modifications outside the transport layer and behaves well when competing with MPTCP flows. We also present a topology-specific extension of MMPTCP that adjusts the numbers of subflows during the second phase of the protocol based on knowledge about the location of the receiver in the data centre.

We present extensive evaluation that shows that MMPTCP’s design objectives are met. We have implemented MMPTCP (along with MPTCP and packet spraying) in ns-3 and evaluated our protocol in simulated FatTree topologies. We have evaluated how MMPTCP performs compared to TCP and MPTCP and how its performance is affected by transient hotspots in the network. We have also experimented with different thresholds for duplicate acknowledgements and fast retransmissions and shown that MMPTCP performs well when the size of short flows is widely ranged. Finally, we have evaluated how MMPTCP performs under conditions that result in Incast, when different congestion control algorithms are used in its second phase and when varying the overall network load.

Combinatoric measures of entropy capture the complexity of a graph but rely upon the calculation of its independent sets, or collections of non-adjacent vertices. This decomposition of the vertex set is a known NP-Complete problem and for most real world graphs is an inaccessible calculation. Recent work by Dehmer et al. and Tee et al. identified a number of vertex level measures that do not suffer from this pathological computational complexity, but that can be shown to be effective at quantifying graph complexity. In this paper, we consider whether these local measures are fundamentally equivalent to global entropy measures. Specifically, we investigate the existence of a correlation between vertex level and global measures of entropy for a narrow subset of random graphs. We use the greedy algorithm approximation for calculating the chromatic information and therefore Körner entropy. We are able to demonstrate strong correlation for this subset of graphs and outline how this may arise theoretically.

With the proliferation of smartphones and their advanced connectivity capabilities, opportunistic networks have gained a lot of traction during the past years; they are suitable for increasing network capacity and sharing ephemeral, localised content. They can also offload traffic from cellular networks to device-to-device ones, when cellular networks are heavily stressed. Opportunistic networks can play a crucial role in communication scenarios where the network infrastructure is inaccessible due to natural disasters, large-scale terrorist attacks or government censorship. Geocasting, where messages are destined to specific locations (casts) instead of explicitly identified devices, has a large potential in real world opportunistic networks, however it has attracted little attention in the context of opportunistic networking.

In this paper we propose Geocasting Spray And Flood (GSAF), a simple and efficient geocasting protocol for opportunistic networks. GSAF follows an elegant and flexible approach where messages take random walks towards the destination cast. Messages that are routed away from the destination cast are extinct when devices’ buffers get full, freeing space for new messages to be delivered. In GSAF, casts do not have to be pre-defined; instead users can route messages to arbitrarily defined casts. GSAF does that in a privacy-preserving fashion. We also present DA-GSAF, a Direction-Aware extension of GSAF in which messages are forwarded to encountered nodes based on whether a node is moving towards their destination cast. In DA-GSAF only the direction of a mobile node is revealed to other devices. We experimentally evaluate our protocols and compare their performance to prominent geocasting protocols in a very wide set of scenarios, including different maps, mobility models and user populations. Both GSAF and DA-GSAF perform significantly better compared to all other studied protocols, in terms of message delivery ratio, latency and network overhead. DA-GSAF is particularly efficient in sparse scenarios minimising network overhead compared to all other studied protocols. Both GSAF and DA-GSAF perform very well for a wide range of device/user populations indicating that our proposal is viable for crowded and sparse opportunistic networks.

Barab´asi-Albert’s ‘Scale Free’ model is the starting point for much of the accepted theory of the evolution of real world communication networks. Careful comparison of the theory with a wide range of real world networks, however, indicates that the model is in some cases, only a rough approximation to the dynamical evolution of real networks. In particular, the exponent γ of the power law distribution of degree is predicted by the model to be exactly 3, whereas in a number of real world networks it has values between 1.2 and 2.9. In addition, the degree distributions of real networks exhibit cut offs at high node degree, which indicates the existence of maximal node degrees for these networks. In this paper we propose a simple extension to the ‘Scale Free’ model, which offers better agreement with the experimental data. This improvement is satisfying, but the model still does not explain why the attachment probabilities should favor high degree nodes, or indeed how constraints arrive in non-physical networks. Using recent advances in the analysis of the entropy of graphs at the node level we propose a first principles derivation for the ‘Scale Free’ and ‘constraints’ model from thermodynamic principles, and demonstrate that both preferential attachment and constraints could arise as a natural consequence of the second law of thermodynamics.

Understanding which node failures in a network have more impact is an important problem. Current understanding, motivated by the scale free models of network growth, places emphasis on the degree of the node. This is not a satisfactory measure; the number of connections a node has does not capture how redundantly it is connected into the whole network. Conversely, the structural entropy of a graph captures the resilience of a network well, but is expensive to compute, and, being a global measure, does not attribute any specific value to a given node. This lack of locality prevents the use of global measures as a way of identifying critical nodes. In this paper we introduce local vertex measures of entropy which do not suffer from such drawbacks. In our theoretical analysis we establish the possibility that our local vertex measures approximate global entropy, with the advantage of locality and ease of computation. We establish properties that vertex entropy must have in order to be useful for identifying critical nodes. We have access to a proprietary event, topology and incident dataset from a large commercial network. Using this dataset, we demonstrate a strong correlation between vertex entropy and incident generation over events.

Opportunistic networks can increase network capacity, support collaborative downloading of content and offload traffic from a cellular to a cellular-assisted, device-to-device network. They can also support communication and content exchange when the cellular infrastructure is under severe stress and when the network is down or inaccessible. Fountain coding has been considered as espe- cially suitable for lossy networks, providing reliable multicast transport without requiring feedback from receivers. It is also ideal for multi-path and multi- source communication that fits exceptionally well with opportunistic networks. In this paper, we propose a content-centric approach for disseminating con- tent in opportunistic networks efficiently and reliably. Our approach is based on Information-Centric Networking (ICN) and employs fountain coding. When tied together, ICN and fountain coding provide a comprehensive solution that overcomes significant limitations of existing approaches. Extensive network simulations indicate that our approach is viable. Cache hit ratio can be increased by up to five times, while the overall network traffic load is reduced by up to four times compared to content dissemination on top of the standard Named Data Networking architecture.

With the proliferation of smartphones and their advanced connectivity capabilities, opportunistic networks have gained a lot of traction during the past years; they are suitable for increasing network capacity and sharing ephemeral, localised content. They can also offload traffic from cellular networks to device-to-device ones, when cellular networks are heavily stressed. Opportunistic networks can play a crucial role in communication scenarios where the network infrastructure is inaccessible due to natural disasters, large-scale terrorist attacks or government censorship. Geocasting, where messages are destined to specific locations (casts) instead of explicitly identified devices, has a large potential in real world opportunistic networks, however it has attracted little attention in the context of opportunistic networking. In this paper we propose Geocasting Spray And Flood (GSAF), a simple but efficient and flexible geocasting protocol for opportunistic, delay-tolerant networks. GSAF follows a simple but elegant and flexible approach where messages take random walks towards the destination cast. Messages that follow directions away from the cast are extinct when the device buffer gets full, freeing space for new messages to be delivered. In GSAF, casts do not have to be pre-defined; instead users can route messages to arbitrarily defined casts. Our extensive evaluation shows that GSAF is efficient, in terms of message delivery ratio and latency as well as network overhead.

A key objective of monitoring networks is to identify potential service threatening outages from events within the network before service is interrupted. Identifying causal events, Root Cause Analysis (RCA), is an active area of research, but current approaches are vulnerable to scaling issues with high event rates. Elimination of noisy events that are not causal is key to ensuring the scalability of RCA. In this paper, we introduce vertex-level measures inspired by Graph Entropy and propose their suitability as a categorization metric to identify nodes that are a priori of more interest as a source of events. We consider a class of measures based on Structural, Chromatic and Von Neumann Entropy. These measures require NP-Hard calculations over the whole graph, an approach which obviously does not scale for large dynamic graphs that characterise modern networks. In this work we identify and justify a local measure of vertex graph entropy, which behaves in a similar fashion to global measures of entropy when summed across the whole graph. We show that such measures are correlated with nodes that generate incidents across a network from a real data set.

Modern data centres provide large aggregate network capacity and multiple paths among servers. Traffic is very diverse; most of the data is produced by long, bandwidth hungry flows but the large majority of flows, which commonly come with strict deadlines regarding their completion time, are short. It has been shown that TCP is not efficient for any of these types of traffic in modern data centres. More recent protocols such MultiPath TCP (MPTCP) are very efficient for long flows, but are ill-suited for short flows. In this paper, we present MMPTCP, a novel transport protocol which, compared to TCP and MPTCP, reduces short flows' completion times, while providing excellent goodput to long flows. MMPTCP runs in two phases; initially, it randomly scatters packets in the network under a single congestion window exploiting all available paths. This is beneficial to latency-sensitive flows. After a specific amount of data is sent, MMPTCP switches to a regular MPTCP mode. MMPTCP is incrementally deployable in existing data centres as it does not require any modifications outside the transport layer and behaves well when competing with legacy TCP and MPTCP flows. Our extensive experimental evaluation shows that all design objectives for MMPTCP are met.

In this paper, we introduce MMPTCP, a hybrid transport protocol which aims at unifying the way data is transported in data centres. MMPTCP runs in two phases; initially, it randomly scatters packets in the network under a single congestion window exploiting all available paths. This is beneficial to latency-sensitive flows. During the second phase, MMPTCP runs in Multi-Path TCP mode, which has been shown to be very efficient for long flows. Initial evaluation shows that our approach significantly improves short flow completion times while providing high throughput for long flows and high overall network utilisation.

In this paper we present our work on designing and implementing an NS3 model for MultiPath TCP (MPTCP). Our MPTCP model closely follows MPTCP specifications, as described in RFC 6824, and supports TCP NewReno loss recovery on a per subflow basis. Subflow management is based on MPTCP's kernel implementation. We briefly describe how we integrate our MPTCP model with NS3 and present example simulation results to showcase its working state.

Recently secure device pairing has had significant attention from a wide community of academic as wellas industrial researchers and a plethora of schemes and protocols have been proposed, which use various forms of out-of-band exchange to form an association between two unassociated devices. These protocolsand schemes have different strengths and weaknesses - often in hardware requirements, strength againstvarious attacks or usability in particular scenarios. From ordinary user's point of view, the problem then becomes which to choose or which is the best possible scheme in a particular scenario. We advocate that in a world of modern heterogeneous devices and requirements, there is a need for mechanisms that allowautomated selection of the best protocols without requiring the user to have an in-depth knowledge of the minutiae of the underlying technologies. Towards this, the main argument forming the basis of this research work is that the integration of a discovery mechanism and several pairing schemes into a single system is more efficient from a usability point of view as well as security point of view in terms of dynamic choice of pairing schemes. In pursuit of this, we have proposed a generic system for secure device pairing by demonstration of physical proximity. The contributions presented in this paper include the design and prototype implementation of the proposed framework along with a novel Co-Location protocol.

Football stadia present a difficult environment for the deployment of digital services, due to their architectural design and the capacity problems from the numbers of fans. We present preliminary results from deploying an Android app building an ad hoc network amongst the attendees at matches at Brighton and Hove Albion's AMEX stadium, so as to share the available capacity and supply digital services to season
ticket holders. We describe the protocol, how we engaged our users in service design so that the app was attractive to use and the problems we encountered in using Android.

Mobile computing and public interactions together open
up a new range of challenges in interaction design. To
date a very gregarious model of interaction has been
assumed. However, the public setting will invoke feelings
of shyness and a desire to control the personal exposure
associated with interactions. In this paper we discuss
these issues and our initial tests of a system which affords
a control beyond "engage or don't engage".

When people are connected together over ad hoc social networks, it is possible to ask questions and retrieve answers using the wisdom of the crowd. However, locating a suitable candidate for answering a specific unique question within larger ad hoc groups is non-trivial, especially if we wish to respect the privacy of users by providing deniability. All members of the net- work wish to source the best possible answers from the network, while at the same time controlling the levels of attention required to generate them by the collective group of individuals and/or the time taken to read all the answers. Conventional expert retrieval approaches rank users for a given query in a cen- tralised indexing process, associating users with material they have previously published. Such an approach is antithetical to privacy, so we have looked to distribute the routing of questions and answers, converting the indexing pro- cess into one of building a forwarding table. Starting from the simple operation of flooding the question to everyone, we compare a number of different routing options, where decisions must be made based on past performance and exploitation of the knowledge of our immediate neighbours. We focus on fully decentralised protocols using ant inspired tactics to route questions towards members of the network who may be able to answer them well. Simultaneously, privacy concerns are acknowledged by allowing both question asking and answering to be plausibly deniable. We have found that via our routing method, it is possible to improve answer quality and also reduce the total amount of user attention required to generate those answers.

Networking research often relies on simulation in order to test and evaluate new ideas. An important requirement of this process is that results must be reproducible so that other researchers can replicate, validate and extend existing work. We look at the landscape of simulators for research in peer-to-peer (P2P) networks by conducting a survey of a combined total of over 280 papers from before and after 2007 (the year of the last survey in this area), and comment on the large quantity of research using bespoke, closed-source simulators. We propose a set of criteria that P2P simulators should meet, and poll the P2P research community for their agreement. We aim to drive the community towards performing their experiments on simulators that allow for others to validate their results.

Publish/Subscribe systems assume that clients and brokers abide by the matching and forwarding protocols. Such an assumption implies implicit trust between all components of the system and has led to security issues being largely ignored. As publish/subscribe is increasingly used in applications where implicit trust can not be assumed, an approach is required to mitigate misbehaviour. We propose the construction and reconfiguration of the event forwarding topology, the publish/subscribe tree (PST), with respect to the trust requirements of the clients. The principal contribution of this paper is a trust metric for PSTs, which aggregates each client’s trust evaluation of a PST to give a socially acceptable trust evaluation and allows for the ordering of PSTs. Additionally, we define the PST trust maximisation problem with overhead budget, which is solved by the PST that maximises trust within an overhead budget for a given advertisement. A tabu search based algorithm for this problem is presented and is shown to scale to large problem instances and give good approximations of the optimal solutions.

With almost four billion sensor-equipped mobile devices on the planet, the way is open for a variety of new context-based applications and services. However, this new opportunity creates concerns over privacy and access control and necessitates a robust and scalable solution. We propose the MediateSpace middleware which is a decentralised tuple space with contextual mediation capabilities for both data distributors and consumers. Distributors may restrict access by requiring the satisfaction of a contextual condition and consumers may restrict which data enters their computer (tuple conditions). Distributed X-Trees (a development of R-Trees) are used to achieve decentralisation.

The system also provides Restricted Context Sharing, Triggers (performing actions upon matching certain conditions or data pat- terns), Module Handlers (simplifying the processing of received messages), Context Scripting (allowing the dynamic addition, re- moval or augmentation of structures such as triggers) and State Management (allowing state to be read and stored semi-persistently).

MediateSpace could be used to support a myriad of possible applications such as context dependent data collection, collaborative tools for geographically co-located individuals and context-aware file-sharing.

There are a number of P2P overlay simulators developed by various research groups for use by the P2P academic community, however many still opt to use their own custom-built simulator. Having surveyed the area of Peer-to-Peer simulators in previous work, we believe that this is due to the simulators lacking key functionality such as mechanisms to gather statistical data from simulation runs. The use of custom built simulators gives rise to a number of problems that include an increase in the difficulty to reproduce and validate results and comparison of similar simulated systems and their associated results. In this paper, we discuss the current situation with respect to simulation usage in P2P research and our work towards creating a new simulator that will meet the requirements of P2P researchers. It is our hope that this paper will give rise to further discussion and knowledge sharing among those of the P2P and simulation research communities, so that a simulator that meets the needs of the P2P community can be developed.

We believe that the problems of safety, security and resource usage combine to make it unlikely that programmable networks will ever be viable without mechanisms to transfer risk from the platform provider to the user and the programmer. However, we have well established mechanisms for managing risk - markets. In this paper we argue for the establishment of markets to manage the risk in running a piece of software and to ensure that the risk is reflected on all the stakeholders. We describe a strawman architecture for third party computation in the programmable network. Within this architecture, we identify two major novel features:- Dynamic price setting, and a reputation service. We investigate the feasibility of these features and provide evidence that a practical system can indeed be built. Our contributions are in the argument for markets providing a risk management mechanism for programmable networks, the development of an economic model showing incentives for developing better software, and in the first analysis of a real transaction graph for reputation systems from an Internet commerce site.

Facilitating navigation through commercial spaces by third party systems is a likely step in pervasive computing. For these applications to fully engage people they must build trust relationships in a natural manner. We hypothesize that the use of an explicit trust model in the design of the application would improve the rate at which trust is generated. To investigate this hypothesis, we have taken as a case study the design of a shopping guide for a local trading association. We have created an explicit trust model and incorporated this into our design. We have evaluated both our model and our application. The results of this confirmed our hypothesis and provided additional insight into how to model trust in the design of applications.

Due to the open nature of the Internet, the abuse of the provided services has become widespread. Recent research has been con- ducted on behavioural profiling and reputations, mostly at the network level, to aid detection of malicious clients. We build on this research and propose a novel generalised framework for developing and globally sharing client reputations formed from behavioural histories. Promising initial simulations show a high level of success of our framework.

In client-server interaction scenarios over a network the problem of unsolicited network transactions is often encountered. In this paper, we propose a reputation model based on the behavioural history of long-lived network client identities as a solution to this problem. The reputations of clients are shared between trusted servers anonymously through global reputation analysers. Shared global reputations and local reputations help servers to infer local opinions of clients and control service levels in attempts to reduce unsolicited network transactions.

The language within user interfaces should match the language of the user. However, there has been very little work on how to capture this language and in particular, the lexicon of the user. In this paper we describe how the tools from discourse analysis can be used to capture these lexicons, and show how they vary according to the function of the text. We conducted semi-structured interviews and questionnaires to collect texts for analysis. Analysis showed a variety of repertoires used to describe typical network applications, such as email and Web use. We present these repertoires and describe how they can be used in the design of the user interface

It appears that some degree of programmability is inevitable within the network, whether it be through active networks, active services, or programmable middleware. We argue that programming network elements with languages designed for use within a single machine is inappropriate, since the only defense for the shared resource of the network is through the use of sandboxes, which are prone to performance problems and are difficult to implement correctly. Instead, we believe that new languages should be designed for programmable networks, using type systems that ensure safe programs, and encourage correct programs. We have designed and provided the full semantics for such a language, SafetyNet. Building upon this, we have implemented a compiler, run time environment and a simulation environment for our language. In this paper we describe the major features of the language that protect the network: abstracted locations; located objects; volatile routing; thread and class loading; and enforced resource counting. We show how these features are used in a number of small case studies, and in implementing optimised communication libraries. We describe the implications of the language design for the implementation of the run time support environment. The ease with which these demonstrations have been built and debugged shows the potential for enforcing network programming models with well-typed languages.

In this paper, we describe the rationale for the initial user research carried out as part of the Natural Habitat project. This project is exploring the extent to which an approach centred on the use of natural language processing can support user control over the pervasive environments that they inhabit. Overviews of four initial user studies are described and some of the wider implications to this area of research are presented.

Ad-hoc interactions between devices over wireless networks present a security problem: the generation of shared secrets to initialize secure communication over a medium that is inherently vulnerable to various attacks. However, these scenarios also offer the potential for physical security of spaces and the use of protocols in which users must visibly demonstrate their involvement to generate an association. The various protocols have different strengths and weaknesses, which make them suitable in different situations. The problem then becomes which to choose. In this chapter we survey the security challenges and some of these protocols, which use various forms of out-of-band exchange to form an association.

The pervasive computing environment will be composed of heterogeneous services. In this work, we have explored how a domain specific language for service composition can be implemented to capture the common design patterns for service composition, yet still retain a comparable performance to other systems written in mainstream languages such as Java. In particular, we have proposed the use of the method delegation design pattern, the resolution of service bindings through the use of dynamically adjustable characteristics and the late binding of services as key features in simplifying the service composition task. These are realised through the Scooby language, and the approach is compared to the use of APIs to define adaptable services.

We report on designing augmented reality (AR) applications to support the practices of going shopping, using an accompanied shopping and reflection technique to assess the key points of engagement among shoppers and producers at a farmers market. Our goal was to deploy innovative mobile technology in a low-tech context so that it supported everyday behaviour. The paper documents how a short research intervention was decisive in shaping the applications designed for the AR tool and explores how stories told as part of the market and in interview were used to help organise our insights.

Ad-hoc interactions between devices over wireless networks present a security problem: the generation of shared secrets to initialize secure communication over a medium that is inherently vulnerable to various attacks. However, these scenarios can also build on physical security of spaces by using protocols in which users visibly demonstrate their presence to generate an association. As a consequence, secure device pairing has received significant attention. A plethora of schemes and protocols have been proposed, which use various forms of out-of-band exchange to form an association between two devices. These protocols and schemes have different strengths and weaknesses - often in hardware requirements, strength against various attacks or usability in particular scenarios. From an ordinary user's pointof view, the problem then becomes which to choose or which is the best possible scheme in a particular scenario. This problem could be relieved by automation. We advocate that the integration of a discovery mechanism, several pairing schemes and a selection protocol into a single system is more efficient for users. In this paper, we present such a system along with its implementation details.

We have examined a Twitter data set, focusing on temporal patterns observed in users' tweets and in the conversations formed by interacting users - rather than a network described by follows relations, or aggregate patterns. We have found the bursty behaviour predicted by Barabasi, but with complex patterns to the bursts. By using a clustering algorithm to group intervals between tweets, we have found that conversations show a different pattern of inter-tweet intervals to individuals, tending to: have a higher volume of quick replies; take shorter breaks; and that the timing is more variable.

In this paper, we discuss the current situation with respect to simulation usage in P2P research, testing the available P2P simulators against a proposed set of requirements, and surveying over 280 papers to discover what simulators are already being used. We found that no simulator currently meets all our requirements, and that simulation results are generally reported in the literature in a fashion that precludes any reproduction of results. We hope that this paper will give rise to further discussion and knowledge sharing among those of the P2P and network simulation research communities, so that a simulator that meets the needs of rigorous P2P research can be developed.

Originality: Explored how language design can be used to ease the problems of composing services within the pervasive environment. Described a specialised language for service composition, using several orginal features such as decoration as the primary technique for class extension. Rigour: This was the initial report. Subsequent work exploring performance and software engineering metrics across a number of scenarios, comparing our language to the API-based approach of one.world showed that we produced higher quality code using fewer lines of code (results in a pending publication). Significance: The first example of a domain specific langauge for service composition. Impact: Google Scholar citations: 13 Outlet: This workshop is part of ACM Middleware, the major conference discussing distributed middleware systems, and fully reviews each submission by at least three reviewers.

In order to understand the evolution of online identities, we measured the correlation between past and the current representations of self on My Space social network. We applied several techniques and proposed a personality classifier to calculate the level of honesty and accountability for over 2 million users. We formulized a transformation algorithm to measure both static and dynamic features of identity traits over time. This experiment provides evidence of the dynamic nature of profiles' information, the social network structure and the group similarities. In this paper, we will discuss how online identities progress during one year time frame and what impact it may have to determine user's characteristics. This analysis can be used to develop a technology to predict the taxonomy of identities and the direction of online social representation.

In this paper we describe the middleware that has evolved from our attempt to capture user descriptions of policies controlling devices and services from natural language. Description Logic (DL) provides a formal link between the natural language processing, the ontology and the middleware. We show that the use of a formalism such as DL opens useful avenues to detecting and resolving conflicts in policies, both in formulation and when resolving them against incoming events and requests. We finish by arguing that pervasive middleware needs to move closer to the users' abstractions to provide a service for what will be a highly dynamic environment.

Since pervasive computing applications are mostly designed to enhance existing social situations, such applications should take ac- count of the trust relationships within the situation in their design. In this paper we describe the ethnographic approach we used to explore how trust is formed and maintained within a farmers market, and how this understanding can be applied in the design of supporting applica- tions. We then evaluate the applications using the same ethnographic approach, uncovering problems which would not have been visible with other evaluation techniques.

It appears that some degree of programmability is inevitable within the network, whether it be through active networks, active services, or programmable middleware. We argue that programming network elements with languages designed for use within a single machine is inappropriate, since the only defense for the shared resource of the network is through the use of sandboxes? which are prone to performance problems and are difficult to implement correctly. Instead, we believe that new languages should be designed for programmable networks, using type systems that ensure safe programs, and encourage correct programs. We have designed and provided the full semantics for such a language, SafetyNet. Building upon this, we have implemented a compiler, run time environment and a simulation environment for our language. In this paper we describe the major features of the language that protect the network: abstracted locations; located objects; volatile routing; thread and class loading; and enforced resource counting. We show how these features are used in a number of small case studies, and in implementing optimised communication libraries. We describe the implications of the language design for the implementation of the run time support environment. The ease with which these demonstrations have been built and debugged shows the potential for enforcing network programming models with well-typed languages. (C) 2001 Elsevier Science B,V, All rights reserved.

In this paper, we outline an approach to the identification of entities for access control that is based on the membership of groups, rather than individuals. By using group membership as a level of indirection between the individual and the system, we can increase privacy and provide incentives for better behaviour. Privacy comes from the use of pseudonyms generated within the group and which can be authenticated as belonging to the group. The incentives for better behaviour come from the continuous nature of groups - members may come and go, but the group lives on, and groups are organised so as to ensure group-longevity, and prevent actions which may harm the groups reputation. We present a novel pseudonym generation mechanism suitable for use in groups without a centralised administration. Finally, we argue that the use of group membership as the basis for formulating policies on interaction is more efficient for disconnected operation, facilitating proxies and the efficient storage of revoked membership and distrusted organisations within bloom filters for small memory footprints.

This is a book about multimedia communication using the Internet. Since very early research experiments in the 1970s until the 1990s, multimedia has grown rapidly as a presence on the network, even though the Internet was originally developed to support data communications between computers. The whole definition of `data' has broadened, and we can now capture, compress, store, decompress, replay, send and receive digital audio and video almost as easily as files of text. We have started using computers and the Internet increasingly as a means of communication, as a replacement for the telephone, for conferencing and for delivering classes and seminars to remote participants. Internetworking Multimedia describes the technologies and systems that make this possible. It is not only descriptive, but prescriptive in that it gives a models for developing multimedia distributed systems which as well as being suited for many purposes is also fun. An ideal read for engineers and students at Master's level, both implementing and studying multimedia on the Internet, as well as essential reference reading for network managers and administrators handling both public and private systems, computer industry product developers and IS managers.

In this paper, we describe the middleware that has evolved from our attempt to capture user descriptions of policies controlling devices and services from natural language. Description logic (DL) provides a formal link between the natural language processing, the ontology and the middleware. We show that the use of a formalism such as DL opens useful avenues to detecting and resolving conflicts in policies, both in formulation and when resolving them against incoming events and requests. We finish by arguing that pervasive middleware needs to move closer to the users' abstractions to provide a service for what will be a highly dynamic environment.

We believe that the problems of safety, security and resource usage combine to make it unlikely that programmable networks will ever be viable without mechanisms to transfer risk from the platform provider to the user and the programmer. However, we have well established mechanisms for managing risk - markets. In this paper we argue for the establishment of markets to manage the risk in running a piece of software and to ensure that the risk is reflected on all the stakeholders. We describe a strawman architecture for third party computation in the programmable network. Within this architecture, we identify two major novel features:- Dynamic price setting, and a reputation service. We investigate the feasibility of these features and provide evidence that a practical system can indeed be built. Our contributions are in the argument for markets providing a risk management mechanism for programmable networks, the development of an economic model showing incentives for developing better software, and in the first analysis of a real transaction graph for reputation systems from an Internet commerce site.

Dynamic pages and the increasing number of functions that websites can perform are changing users' relations with the Web. Little has been reported on how the experience of using this kind of interactive site differs from the ‘point and click’ interactivity of the early Web. This paper reports on a qualitative study of users who entered text while visiting a website of their choice. It shows how the process brought with it two levels of awareness: that of the interface, and that of the social context beyond the interface. The paper goes on to describe the perception of audience that emerged from analysing users' accounts. It also gives details of the data collection method, which is based on the work of Vermersch and has not been widely used outside France for analysing interaction with computers. The implications for website design are considered.