Digital Commons Network^™

End-To-End Authorization, Jon Howell, David Kotz

Dartmouth Scholarship

Many boundaries impede the flow of authorization information, forcing applications that span those boundaries into hop-by-hop approaches to authorization. We present a unified approach to authorization. Our approach allows applications that span administrative, network, abstraction, and protocol boundaries to understand the end-to-end authority that justifies any given request. The resulting distributed systems are more secure and easier to audit. \par We describe boundaries that can interfere with end-to-end authorization, and outline our unified approach. We describe the system we built and the applications we adapted to use our unified authorization system, and measure its costs. We conclude that our system …

A Formal Semantics For Spki, Jon Howell, David Kotz

Dartmouth Scholarship

We extend the logic and semantics of authorization due to Abadi, Lampson, et al. to support restricted delegation. Our formal model provides a simple interpretation for the variety of constructs in the Simple Public Key Infrastructure (SPKI), and lends intuition about possible extensions. We discuss both extensions that our semantics supports and extensions that it cautions against.

Performance Analysis Of Mobile Agents For Filtering Data Streams On Wireless Networks, David Kotz, Guofei Jiang, Robert Gray, George Cybenko, Ronald A. Peterson

Dartmouth Scholarship

Wireless networks are an ideal environment for mobile agents, because their mobility allows them to move across an unreliable link to reside on a wired host, next to or closer to the resources they need to use. Furthermore, client-specific data transformations can be moved across the wireless link, and run on a wired gateway server, with the goal of reducing bandwidth demands. In this paper we examine the tradeoffs faced when deciding whether to use mobile agents to support a data-filtering application, in which numerous wireless clients filter information from a large data stream arriving across the wired network. We …

Reducing Mass Degeneracy In Sar By Ms By Stable Isotopic Labeling, Chris Bailey-Kellogg, John J. Kelley Iii, Cliff Stein, Bruce Randall Donald

Dartmouth Scholarship

Mass spectrometry (MS) promises to be an invaluable tool for functional genomics, by supporting low-cost, high-throughput experiments. However, large-scale MS faces the potential problem of mass degeneracy -- indistinguishable masses for multiple biopolymer fragments (e.g. from a limited proteolytic digest). This paper studies the tasks of planning and interpreting MS experiments that use selective isotopic labeling, thereby substantially reducing potential mass degeneracy. Our algorithms support an experimental-computational protocol called Structure-Activity Relation by Mass Spectrometry (SAR by MS), for elucidating the function of protein-DNA and protein-protein complexes. SAR by MS enzymatically cleaves a crosslinked complex and analyzes the resulting mass spectrum …

Trading Risk In Mobile-Agent Computational Markets, Jonathan Bredin, David Kotz, Daniela Rus

Dartmouth Scholarship

Mobile-agent systems allow user programs to autonomously relocate from one host site to another. This autonomy provides a powerful, flexible architecture on which to build distributed applications. The asynchronous, decentralized nature of mobile-agent systems makes them flexible, but also hinders their deployment. We argue that a market-based approach where agents buy computational resources from their hosts solves many problems faced by mobile-agent systems. \par In our earlier work, we propose a policy for allocating general computational priority among agents posed as a competitive game for which we derive a unique computable Nash equilibrium. Here we improve on our earlier approach …

The Noesy Jigsaw: Automated Protein Secondary Structure And Main-Chain Assignment From Sparse, Unassigned Nmr Data, Chris Bailey-Kellogg, Alik Widge, John J. Kelley Iii, Marcelo J. Berardi, John H. Bushweller, Bruce Randall Donald

Dartmouth Scholarship

High-throughput, data-directed computational protocols for Structural Genomics (or Proteomics) are required in order to evaluate the protein products of genes for structure and function at rates comparable to current gene-sequencing technology. This paper presents the Jigsaw algorithm, a novel high-throughput, automated approach to protein structure characterization with nuclear magnetic resonance (NMR). Jigsaw consists of two main components: (1) graph-based secondary structure pattern identification in unassigned heteronuclear NMR data, and (2) assignment of spectral peaks by probabilistic alignment of identified secondary structure elements against the primary sequence. Jigsaw's deferment of assignment until after secondary structure identification differs greatly from traditional approaches, …

Restricted Delegation: Seamlessly Spanning Administrative Boundaries, Jon Howell, David Kotz

Dartmouth Scholarship

Historically and currently, access control and authentication is managed through ACLs. Examples include:

• the list of users in /etc/password, the NIS passwd map, or an NT domain

• permissions on Unix files or ACLs on NT objects

• a list of known hosts in .ssh/known hosts

• a list of IP addresses in .rhosts (for rsh) or .htaccess (http)

The limitations of ACLs always cause problems when spanning administrative domains (and often even inside administrative domains). The best example is the inability to express transitive sharing. Alice shares read access to object X with Bob (but not access to …

Mobile Agents: Motivations And State-Of-The-Art Systems, Robert S. Gray, George Cybenko, David Kotz, Daniela Rus

Dartmouth Scholarship

A mobile agent is an executing program that can migrate, at times of its own choosing, from machine to machine in a heterogeneous network. On each machine, the agent interacts with stationary service agents and other resources to accomplish its task. In this chapter, we first make the case for mobile agents, discussing six strengths of mobile agents and the applications that benefit from these strengths. Although none of these strengths are unique to mobile agents, no competing technique shares all six. In other words, a mobile-agent system provides a single general framework in which a wide range of distributed …