Upgrading Transport Protocols using Untrusted Mobile Code
Parveen Patel (University of Utah)
Andrew Whitaker (University of Washington)
David Wetherall (University of Washington)
Jay Lepreau (University of Utah)
Tim Stack (University of Utah)
ppatel@cs.utah.edu,
andrew@cs.washington.edu,
djw@cs.washington.edu,
lepreau@cs.utah.edu, and
stack@cs.utah.edu
Abstract
In this paper, we present STP, a system in which communicating end hosts use
untrusted mobile code to remotely upgrade each other with the transport
protocols that they use to communicate. New transport protocols are written in
a type-safe version of C, distributed out-of-band, and run
in-kernel. Communicating peers select a transport protocol to use as part of a
TCP-like connection setup handshake that is backwards-compatible with TCP and
incurs minimum connection setup latency. New transports can be invoked by
unmodified applications. By providing a late binding of protocols to hosts,
STP removes many of the delays and constraints that are otherwise commonplace
when upgrading the transport protocols deployed on the Internet. STP is
simultaneously able to provide a high level of security and performance. It
allows each host to protect itself from untrusted transport code and to ensure
that this code does not harm other network users by sending significantly
faster than a compliant TCP. It runs untrusted code with low enough overhead
that new transport protocols can sustain near gigabit rates on commodity
hardware. We believe that these properties, plus compatibility with existing
applications and transports, complete the features that are needed to make STP
useful in practice.
Full appears in Proceedings of the
19th ACM Symposium on Operating System Principles,
October 19-22, 2003:
The slides from the SOSP talk: