Upgrading Transport Protocols using Untrusted Mobile Code

Parveen Patel (University of Utah)
Andrew Whitaker (University of Washington)
David Wetherall (University of Washington)
Jay Lepreau (University of Utah)
Tim Stack (University of Utah)

ppatel@cs.utah.edu, andrew@cs.washington.edu, djw@cs.washington.edu, lepreau@cs.utah.edu, and stack@cs.utah.edu


In this paper, we present STP, a system in which communicating end hosts use untrusted mobile code to remotely upgrade each other with the transport protocols that they use to communicate. New transport protocols are written in a type-safe version of C, distributed out-of-band, and run in-kernel. Communicating peers select a transport protocol to use as part of a TCP-like connection setup handshake that is backwards-compatible with TCP and incurs minimum connection setup latency. New transports can be invoked by unmodified applications. By providing a late binding of protocols to hosts, STP removes many of the delays and constraints that are otherwise commonplace when upgrading the transport protocols deployed on the Internet. STP is simultaneously able to provide a high level of security and performance. It allows each host to protect itself from untrusted transport code and to ensure that this code does not harm other network users by sending significantly faster than a compliant TCP. It runs untrusted code with low enough overhead that new transport protocols can sustain near gigabit rates on commodity hardware. We believe that these properties, plus compatibility with existing applications and transports, complete the features that are needed to make STP useful in practice.

Full appears in Proceedings of the 19th ACM Symposium on Operating System Principles, October 19-22, 2003:

The slides from the SOSP talk: