Tuplespace Abstraction

The central abstraction for disseminating network information in NetQuery is that of a tuplespace. The tuplespace presents to applications a tuple-based representation of a network, wherein network participants correspond to tuples that encode information about it, such as its external connections, internal configuration, and run-time state. Together, the contents of the tuplespace describe the topology and configuration of a whole network. The tuplespace is extensible and decentralized: any network participant can extend the tuple representation of another participant.

Tuplespace overview
Sample network and its tuplespace representation.

Every tuple is named by an opaque, globally unique tuple ID (TID), and stores data within typed attribute/value pairs, which are attributed to a source. This source information enables applications to establish the verity of any fact in the tuplespace by establishing the trustworthiness of its source. This allows for extensibility, while making NetQuery applications robust against inaccurate statements.

Attribute format
An attribute/value pair and its associated metadata.

Applications can query the tuplespace for information about the current network state, and use it to detect properties of interest. Compared with probes, the NetQuery programming model enables applications to directly extract low-level network properties through attributes, rather than resort to inferring these through measurements.

Detecting initial property
Attested traceroute, an analysis of the network state that determines the path traversed by network packets using only information exported from trustworthy network devices. In this example, the application can derive the assurance that no packet sniffers are present on the path.

Changes to network state can potentially invalidate previously detected properties. NetQuery provides a trigger mechanism to notify applications of such changes. A trigger is composed of a standing predicate describing a set of tuplespace changes, along with a network endpoint. The endpoint receives a notification whenever a state change that matches the predicate takes place.

Maintaining properties over time
Using triggers to extend attested traceroute with long-term guarantees. The installed triggers notify an application when a network change changes the detected path.