Seamless live migration of virtual machines over the MAN/WAN
Future Generation Computer Systems - IGrid 2005: The global lambda integrated facility
Token based networking: experiment NL-101
Future Generation Computer Systems - IGrid 2005: The global lambda integrated facility
Dynamic security context management in Grid-based applications
Future Generation Computer Systems
Using Workflow for Dynamic Security Context Management in Grid-based Applications
GRID '06 Proceedings of the 7th IEEE/ACM International Conference on Grid Computing
Secure User-Controlled Lightpath Provisioning with User-Controlled Identity Management
AIMS '09 Proceedings of the 3rd International Conference on Autonomous Infrastructure, Management and Security: Scalability of Networks and Services
Authorisation infrastructure for on-demand network resource provisioning
GRID '08 Proceedings of the 2008 9th IEEE/ACM International Conference on Grid Computing
A market-based bandwidth charging framework
ACM Transactions on Internet Technology (TOIT)
The token based switch: per-packet access authorisation to optical shortcuts
NETWORKING'07 Proceedings of the 6th international IFIP-TC6 conference on Ad Hoc and sensor networks, wireless networks, next generation internet
Extending the inter-domain PCE framework for authentication and authorization in GMPLS networks
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Hi-index | 0.25 |
We realize an open, programmable paradigm for application-driven network control by way of a novel network plane - the "service plane" - layered above legacy networks. The service plane bridges domains, establishes trust, and exposes control to credited users/applications while preventing unauthorized access and resource theft. The authentication, authorization, and accounting subsystem and the dynamic resource allocation controller are the two defining building blocks of our service plane. In concert, they act upon an interconnection request or a restoration request according to application requirements, security credentials, and domain-resident policy. We have experimented with such service plane in an optical, large-scale testbed featuring two hubs (NetherLight in Amsterdam, StarLight in Chicago) and attached network clouds, each representing an independent domain. The dynamic interconnection of the heterogeneous domains occurred at Layer 1. The interconnections ultimately resulted in an optical end-to-end path (lightpath) for use by the requesting grid application.