Have a Question?
Ask the Graduate
College at our new
Doctoral Dissertation Announcement
Candidate: Ma’en Saleh Saleh
Doctor of Philosophy
Department: Electrical and Computer Engineering
Title: Adaptive Security-Aware Scheduling for Packet Switched Networks Using Real-Time Multi-Agent Systems
Dr. Liang Dong, Chair
Dr. Ikhlas Abdel-Qader
Dr. Janos L. Grantner
Dr. Kapseong Ro
Date: Thursday, May 17, 2012 1:30 p.m. to 3:30 p.m.
College of Engineering and Applied Sciences, Room D-210
Conventional real-time scheduling algorithms are in care of timing constraints; they do not pay any attention to enhance or optimize the real-time packet’s security performance. In this work, we propose an adaptive security-aware scheduling with congestion control mechanisms for packet switching networks using real-time agent-based systems. The proposed system combines the functionality of real-time scheduling with security service enhancement, where the real-time scheduling unit uses the differentiated-earliest-deadline-first (Diff-EDF) scheduler, while the security service enhancement scheme adopts a congestion control mechanism based on a resource estimation methodology.
The security service enhancement unit was designed based on two models: single-layer and weighted multi-layer design models. For single-layer, the design provides an enhancement for a single security service: confidentiality, integrity, or authentication, while the weighted multi-layer design provides an enhancement for multiple security services with different weights. The proposed system provides the required QoS guarantees for different classes of real-time data flows (video, audio), while adaptively enhancing the packet’s security service levels according to a feedback from the congestion control model, which efficiently utilizes the buffering system at the edge network, and thus protects the network from being congested by heavy traffic loads.
Our agent-based system eliminates the overhead of the security association phase performed by the internet protocol security (IPsec). Such elimination had been achieved by overloading the priority code point (PCP) fields of the IEEE 802.1Q tagged frame format for the single-layer scheme, while repeated single-layer and modifying the IEEE 802.1Q tagged frame format fields were the adopted methodologies by the weighted multi-layer security design model.
By using the Diff-EDF scheduler, the proposed system minimizes the flow’s miss rates and the flow’s average total delays compared to the earliest-deadline-first (EDF) and the first-come-first-served (FCFS) schedulers. Additionally, our adaptive security enhancement scheme minimizes the buffer consumption, the average total packet delays, and the pending packets for the end users compared to the IPsec protocol. It was also compared to an implemented feedback-IPsec, where our adaptive system eliminated the repeated security associations performed by the feedback-IPsec, hence less overhead and increased the chance to meet the flow’s QoS requirements.