Storage-Centric System Architectures for Networked, Resource-Constrained Devices

Digital Comprehensive Summaries of Uppsala Dissertations from the Faculty of Science and Technology 1331

NICOLAS TSIFTES

ACTA UNIVERSITATIS UPSALIENSIS ISSN 1651-6214 ISBN 978-91-554-9441-4 UPPSALA urn:nbn:se:uu:diva-267628 2016 Dissertation presented at Uppsala University to be publicly examined in ITC/2446, Lägerhyddsvägen 2, Uppsala, Thursday, 18 February 2016 at 13:15 for the degree of Doctor of Philosophy. The examination will be conducted in English. Faculty examiner: Professor Chenyang Lu (Washington University in St. Louis).

Abstract Tsiftes, N. 2016. Storage-Centric System Architectures for Networked, Resource- Constrained Devices. Digital Comprehensive Summaries of Uppsala Dissertations from the Faculty of Science and Technology 1331. 60 pp. Uppsala: Acta Universitatis Upsaliensis. ISBN 978-91-554-9441-4.

The emergence of the Internet of Things (IoT) has increased the demand for networked, resource-constrained devices tremendously. Many of the devices used for IoT applications are designed to be resource-constrained, as they typically must be small, inexpensive, and powered by batteries. In this dissertation, we consider a number of challenges pertaining to these constraints: system support for energy efficiency; flash-based storage systems; programming, testing, and debugging; and safe and secure application execution. The contributions of this dissertation are made through five research papers addressing these challenges. Firstly, to enhance the system support for energy-efficient storage in resource-constrained devices, we present the design, implementation, and evaluation of the Coffee file system and the Antelope DBMS. Coffee provides a sequential write throughput that is over 92% of the attainable flash driver throughput, and has a constant memory footprint for open files. Antelope is the first full-fledged relational DBMS for sensor networks, and it provides two novel indexing algorithms to enable fast and energy-efficient database queries. Secondly, we contribute a framework that extends the functionality and increases the performance of sensornet checkpointing, a debugging and testing technique. Furthermore, we evaluate how different data compression algorithms can be used to decrease the energy consumption and data dissemination time when reprogramming sensor networks. Lastly, we present Velox, a virtual machine for IoT applications. Velox can enforce application-specific resource policies. Through its policy framework and its support for high- level programming languages, Velox helps to secure IoT applications. Our experiments show that Velox monitors applications' resource usage and enforces policies with an energy overhead below 3%. The experimental systems research conducted in this dissertation has had a substantial impact both in the academic community and the open-source software community. Several of the produced software systems and components are included in Contiki, one of the premier open- source operating systems for the IoT and sensor networks, and they are being used both in research projects and commercial products.

Keywords: Internet of Things, wireless sensor networks, resource-constrained devices, file system, database management system, virtual machine, data compression, reprogramming, checkpointing

Nicolas Tsiftes, Department of Information Technology, Computer Systems, Box 337, Uppsala University, SE-75105 Uppsala, Sweden.

ISSN 1651-6214 ISBN 978-91-554-9441-4 urn:nbn:se:uu:diva-267628 (http://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-267628)

SICS Dissertation Series 74 ISSN 1101-1335 Acknowledgments

Personal Acknowledgments This adventure started when I ﬁrst came to SICS in the autumn of 2006 as a Master’s Thesis candidate, and was offered a position as a researcher after completing the Master’s Thesis. I subsequently enrolled as an industrial Ph.D. student at Uppsala University in 2010, which enabled me to conduct this thesis work as part of my research at SICS. Before ending up as a Mas- ter’s Thesis student at SICS, I had not considered becoming a researcher, but the creative and fun work environment, along with the encouragement of my Master’s Thesis advisors, convinced me to embark upon this long project, and I have not regretted it ever since. First and foremost, I would like to thank Prof. Thiemo Voigt, SICS and Uppsala University, who has been my main thesis advisor since the beginning. I also thank my co-advisor, Prof. Per Gunningberg, Uppsala University, who has provided valuable guidance on how to conduct the doctoral education and feedback on my work. Furthermore, I thank Dr. Adam Dunkels, who was my co-advisor at SICS until the middle of 2012, when he left to create a startup company in the Internet of Things ﬁeld. During my years at SICS, I received a great deal of encouragement and insight into experimental computer science from Prof. Voigt and Dr. Dunkels. Over the years, I have also been fortunate to work with a number of tal- ented colleagues in the Networked Embedded Systems (NES) group and its “parent”, the Computer Systems Laboratory (CSL) at SICS. I would like to thank Dr. Simon Duquennoy, Joakim Eriksson, Niclas Finne, Zhitao He, Joel Höglund, Dr. Sverker Janson (Director of CSL), Dr. Liam McNamara, Prof. Luca Mottola, Dr. Shahid Raza, Niklas Wirström, and Dr. Fredrik Österlind for many fruitful research collaborations and insightful discussions, and for helping to create a great work environment in general. I also thank my fellow members of the Uppsala Networked Objects group at Uppsala University, as well as our long-term research visitors at the NES group, including Dr. Wen Hu, Dr. Chamath Keppitiyagama, and Dr. Prasant Misra. Two academic visits were made during this thesis project, both of which left me with good memories and contacts with esteemed researchers. For this reason, I thank Dr. JeongGil Ko, who hosted me when I visited the Hopkins InterNetworking Research Group (HiNRG) at Johns Hopkins University for a week in February and March, 2012. Furthermore, I thank Dr. Matthias Kovatsch, who hosted me when I visited the Distributed Systems Group (DSG) and the Computer Engineering and Networks Laboratory (TIK) at ETH Zürich for a couple of days in February, 2013. Several external researchers have helped me immensely through the ex- change of ideas and research paper collaborations. Hence, I would like to express my gratitude to Dr. Carlo Alberto Boano and Prof. Kay Römer (TU Graz, earlier University of Lübeck), Andreas Löscher (Uppsala University), Dr. Marco Antonio Zúñiga (TU Delft), and Dr. James Brown and Prof. Utz Roedig (University of Lancaster). Lastly, and above all, I would like to thank my parents, Dimitris and Kristin, and the rest of my relatives for encouraging me throughout my education and professional career. This could not have happened without your support.

Funding Acknowledgments My research on this thesis has been funded by VINNOVA,the Swedish Agency for Innovation Systems; the Uppsala VINN Excellence Center for Wireless Sensor Networks WISENET, also partly funded by VINNOVA; CONET, the Cooperating Objects Network of Excellence, funded by the European Com- mission under FP7 with contract number FP7-2007-2-224053; GINSENG, funded by the European Commission under the contract FP7-ICT-224282; the Swedish Foundation for Strategic Research (SSF), through the Promos project; and the distributed environment E-care@Home, funded by the Swedish Knowl- edge Foundation. During all the time when working on this thesis, I have been employed as a researcher by SICS Swedish ICT AB (formerly known as Swedish Institute of Computer Science AB). SICS Swedish ICT is partly funded by Förenin- gen för Datateknisk Forskning (FDF), which had the following members in 2015: ABB, Bombardier Transportation, Ericsson, Green Cargo, Saab AB, and TeliaSonera.

Nicolas Tsiftes Stockholm, December 2015 List of papers

This thesis is based on the following papers, which are referred to in the text by their Roman numerals.

I N. Tsiftes, A. Dunkels, and T. Voigt. Efﬁcient Sensor Network Reprogramming through Compression of Executable Modules.In Proceedings of the 5th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks (SECON); June 16-20, 2008; San Francisco, California, USA. © 2008 IEEE. DOI: 10.1109/SAHCN.2008.51

II N. Tsiftes, A. Dunkels, Z. He, and T. Voigt. Enabling Large-Scale Storage in Sensor Networks with the Coffee File System.In Proceedings of the 8th ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN); April 13-16, 2009; San Francisco, California, USA. © 2009 ACM.

III N. Tsiftes and A. Dunkels. A Database in Every Sensor.In Proceedings of the 9th ACM Conference on Embedded Networked Sensor Systems (SenSys); November 1-4, 2011; Seattle, Washington, USA. © 2011 ACM. DOI: 10.1145/2070942.2070974

IV A. Löscher, N. Tsiftes, T. Voigt, and V. Handziski. Efﬁcient and Flexible Sensornet Checkpointing. In Proceedings of the 11th European Conference on Wireless Sensor Networks (EWSN); February 17-19, 2014; Oxford, United Kingdom. © 2014 Springer International Publishing. DOI: 10.1007/978-3-319-04651-8_4

V N. Tsiftes and T. Voigt. Velox: A Virtual Machine for IoT Software Security and Resource Protection. Manuscript in submission.

Reprints were made with permission from the publishers. Additional Peer-Reviewed Papers

During my almost eight years at SICS, I had the opportunity to work not only on my thesis topic but also on research projects in other adjacent research areas within the Internet of Things, cyber-physical systems, and wireless sensor networks. The following list of papers serves as a reference to the related ma- terial that has been co-authored by me, but which are omitted from this thesis.

Conference papers 1. C. A. Boano, K. Römer, and N. Tsiftes. Mitigating the Adverse Effects of Temperature on Low-Power Wireless Protocols.In11th IEEE Inter- national Conference on Mobile Ad Hoc and Sensor Systems (MASS); October 28-30, 2014; Philadelphia, Pennsylvania, USA. 2. F. Österlind, L. Mottola, T. Voigt, N. Tsiftes, and A. Dunkels. Straw- man: Resolving Collisions in Bursty Low-Power Wireless Networks.In 11th ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN); April 16-19, 2012; Beijing, China. 3. J. Ko, J. Eriksson, N. Tsiftes, S. Dawson-Haggerty, J. P. Vasseur, M. Durvy, A. Terzis, A. Dunkels, and D. Culler. Beyond Interoperabil- ity: Pushing the Performance of Sensor Network IP Stacks.In9th ACM Conference on Embedded Networked Sensor Systems (SenSys), Industry Track; November 1-4, 2011; Seattle, Washington, USA. 4. A. Dunkels, L. Mottola, N. Tsiftes, F. Österlind, J. Eriksson, and N. Finne. The Announcement Layer: Beacon Coordination for the Sensor- net Stack .In8th European Conference on Wireless Sensor Networks (EWSN); February 23-25, 2011; Bonn, Germany. 5. N. Finne, J. Eriksson, N. Tsiftes, A. Dunkels, and T. Voigt. Improving Sensornet Performance by Separating System Conﬁguration from Sys- tem Logic.In7th European Conference on Wireless Sensor Networks (EWSN); February 17-19, 2010; Coimbra, Portugal. 6. C. A. Boano, T. Voigt, N. Tsiftes, L. Mottola, K. Römer, M. A. Zuniga. Making Sensornet MAC Protocols Robust Against Interference.In7th European Conference on Wireless Sensor Networks (EWSN); February 17-19, 2010; Coimbra, Portugal. 7. J. Eriksson, F. Österlind, N. Finne, A. Dunkels, T. Voigt, and N. Tsiftes. Accurate, Network-Scale Power Proﬁling for Sensor Network Simula- tors.In6th European Conference on Wireless Sensor Networks (EWSN); February 11-13, 2009; Cork, Ireland. 8. F. Österlind, A. Dunkels, T. Voigt, N. Tsiftes, J. Eriksson, and N. Finne. Sensornet Checkpointing: Enabling Repeatability in Testbeds and Re- alism in Simulations.In6th European Conference on Wireless Sensor Networks (EWSN); February 11-13, 2009; Cork, Ireland.

Journal articles 1. O. Hahm, E. Baccelli, H. Petersen, and N. Tsiftes, Operating Systems for Low-End Devices in the Internet of Things: a Survey. Accepted for publication by IEEE Internet of Things Journal (Status as of December, 2015). 2. P. Misra, L. Mottola, S. Raza, S. Duquennoy, N. Tsiftes, J. Höglund, and T. Voigt. Supporting Cyber-Physical Systems with Wireless Sensor Networks: An outlook of Software and Services.InJournal of the Indian Institute of Science, Volume 93, Number 3, Pages 463-486. July, 2013. 3. C. A. Boano, N. Tsiftes, T. Voigt, J. Brown, and U. Roedig. The Impact of Temperature on Outdoor Industrial Sensornet Applications.InIEEE Transactions on Industrial Informatics, Volume 6, Number 3, Pages 451-459. August, 2010.

Workshop papers 1. J. Ko, J. Eriksson, N. Tsiftes, S. Dawson-Haggerty, A. Terzis, A. Dunkels, and D. Culler. ContikiRPL and TinyRPL: Happy Together.InExtend- ing the Internet to Low power and Lossy Networks (IP+SN), April 2011, Chicago, Illinois. 2. S. Duquennoy, N. Wirström, N. Tsiftes, and A. Dunkels. Leveraging IP for Sensor Network Deployment.InExtending the Internet to Low power and Lossy Networks (IP+SN), April 2011, Chicago, Illinois. 3. T. O’Donovan, N. Tsiftes, Z. He, T. Voigt, and C. Sreenan. Detailed Diagnosis of Performance Anomalies in Sensornets.InACM Workshop on Hot Topics in Embedded Networked Sensors (HotEMNETS), June 2010, Killarney, Ireland. 4. F. Österlind, N. Wirström, N. Tsiftes, N. Finne, T. Voigt, and A. Dunkels. StrawMAN: Making Sudden Trafﬁc Surges Graceful in Low-Power Wire- less Networks.InACM Workshop on Hot Topics in Embedded Net- worked Sensors (HotEMNETS), June 2010, Killarney, Ireland. 5. T. Voigt, F. Österlind, N. Finne, N. Tsiftes, Z. He, J. Eriksson, A. Dunkels, U. Båmstedt, J. Schiller, and K. Hjort. Sensor Networking in Aquatic Environments - Experiences and New Challenges.InSecond IEEE In- ternational Workshop on Practical Issues in Building Sensor Network Applications (SenseApp), October 2007, Dublin, Ireland. 6. A. Dunkels, F. Österlind, N. Tsiftes, Z. He. Software-based On-line Energy Estimation for Sensor Nodes.InIEEE Emnets IV, June 2007, Cork, Ireland. Software Releases

The research conducted within the scope of this dissertation has resulted in a number of open source software contributions. The software is written for Contiki, which is one of the most widely used open-source operating systems for the Internet of Things and sensor networks. The following list briefly describes the four main software contributions: Antelope, Coffee, SBZIP, and Velox. Antelope The Antelope database management system has been distributed with Contiki as an application since 2011. It is released under a 3-clause BSD license. Antelope was developed as part of the work on Paper III. Coffee The Coffee file system has been included in the Contiki OS as a core system module since 2009. It is released under a 3-clause BSD license. It is the only full-fledged file system in Contiki, and is enabled for a variety of hardware ports of Contiki with different storage types. Coffee was developed as part of the work on Paper II. SBZIP The SBZIP compression software is provided as a stand-alone application for the Contiki operating system. It is released under a 3-clause BSD license, and was developed as part of the work on Paper I. Velox At the time of writing, the Velox virtual machine and its accompany- ing tools are being prepared for an open-source release as a stand-alone application. The initial release of Velox will support the Contiki and POSIX programming environments. Velox was developed as part of the work on Paper V.

Contents

Part I: Dissertation Summary ...... 17

1 Introduction ...... 19 1.1 Research Areas ...... 19 1.1.1 Wireless Sensor Networks ...... 20 1.1.2 Internet of Things ...... 21 1.1.3 The Contiki Operating System ...... 21 1.1.4 Resource-Constrained Devices ...... 22 1.2 Scientiﬁc Method ...... 23 1.3 Dissertation Structure ...... 24

2 Challenges and Contributions ...... 26 2.1 Research Challenges ...... 26 2.1.1 System Support for Energy Efficiency ...... 26 2.1.2 Flash-based Storage Systems ...... 27 2.1.3 Programming, Testing, and Debugging ...... 27 2.1.4 Safe and Secure Application Execution ...... 27 2.2 Contributions and Results ...... 28 2.2.1 Efficient Sensornet Reprogramming and Checkpointing ...... 29 2.2.2 Storage-Centric Systems ...... 29 2.2.3 A Virtualized Runtime Environment for Software Security and Resource Protection ...... 30 2.3 Scientific Impact ...... 31

3 Summary of the Papers ...... 33 3.1 Paper I ...... 33 3.2 Paper II ...... 34 3.3 Paper III ...... 36 3.4 Paper IV ...... 37 3.5 Paper V ...... 39

4 Related Work ...... 41 4.1 Storage-Centric Sensor Networks ...... 41 4.1.1 File Systems ...... 41 4.1.2 Storage-Centric Programming Abstractions ...... 42 4.2 Runtime Environments and Programming Frameworks ...... 43 4.2.1 Virtualization ...... 43 4.2.2 Virtual Machines ...... 43 4.2.3 Domain-Speciﬁc Programming Frameworks ...... 44 4.3 Low-Power Wireless Communication ...... 45 4.3.1 Radio Duty Cycling ...... 45 4.3.2 Network Services ...... 46 4.3.3 Routing ...... 47

5 Conclusions and Future Work ...... 49

6 Summary in Swedish ...... 51

Part II: Research Papers ...... 63 7 Paper I: Efﬁcient Sensor Network Reprogramming through Compression of Executable Modules ...... 67 7.1 Introduction ...... 68 7.2 Background ...... 69 7.2.1 Data Compression ...... 69 7.2.2 Using Data Compression in Memory-Constrained Systems ...... 70 7.3 Decompression Algorithms ...... 71 7.3.1 SBZIP: BWT Compression for Sensor Nodes ...... 71 7.3.2 GZIP Decompressor ...... 72 7.3.3 Arithmetic Decoder ...... 74 7.3.4 VCDIFF Decoder ...... 74 7.4 Evaluation ...... 74 7.4.1 Experimental Method and Setup ...... 75 7.4.2 Single-hop Transmission ...... 75 7.4.3 Data dissemination in a multi-hop network ...... 75 7.4.4 Compression Factors ...... 77 7.4.5 CELF Compression ...... 78 7.4.6 Energy Model ...... 79 7.4.7 Execution Times ...... 82 7.4.8 Memory Footprints ...... 82 7.4.9 Summary of the Results ...... 83 7.5 Related Work ...... 84 7.6 Conclusions ...... 85 8 Paper II: Enabling Large-Scale Storage in Sensor Networks with the Coffee File System ...... 91 8.1 Introduction ...... 92 8.2 Storage in Sensor Networks ...... 93 8.2.1 Storage Centricity ...... 93 8.2.2 Using Storage as Virtual Memory ...... 94 8.2.3 Flash Memory Semantics ...... 94 8.2.4 Flash Semantics Affect File System Design ...... 95 8.3 Coffee ...... 95 8.3.1 Design Principles ...... 96 8.3.2 Page Structure ...... 97 8.3.3 Minimizing Metadata in the RAM ...... 97 8.3.4 Locating Files ...... 98 8.3.5 Determining the File Length ...... 99 8.3.6 Tunable Micro Logs ...... 99 8.3.7 Garbage Collection ...... 101 8.3.8 Wear Levelling Policy ...... 102 8.3.9 Fault Recovery ...... 102 8.4 Implementation ...... 103 8.5 Experimental Evaluation ...... 103 8.5.1 Micro Benchmark ...... 104 8.5.2 Sequential I/O Performance ...... 105 8.5.3 Micro Log Optimization ...... 105 8.5.4 Memory Footprint ...... 107 8.5.5 Energy Consumption ...... 108 8.6 A Networking Perspective ...... 109 8.6.1 Storing Routing Tables in Coffee ...... 110 8.6.2 Queuing Packets through Coffee ...... 111 8.7 Related Work ...... 112 8.8 Conclusions ...... 113

9 Paper III: A Database in Every Sensor ...... 119 9.1 Introduction ...... 119 9.2 Background ...... 121 9.2.1 Sensor Data Network Architectures ...... 121 9.2.2 Energy Cost ...... 122 9.2.3 Application Directions ...... 122 9.2.4 Technology Directions ...... 124 9.3 The Sensor Database Model ...... 124 9.3.1 Applications ...... 125 9.3.2 Challenges ...... 125 9.4 Antelope ...... 126 9.4.1 Terminology ...... 126 9.4.2 Query Language ...... 127 9.4.3 Database Kernel ...... 130 9.4.4 LogicVM ...... 131 9.4.5 Energy-Efficient Data Indexing ...... 133 9.5 Implementation ...... 136 9.6 Node-Level Evaluation ...... 138 9.6.1 Implementation Complexity ...... 138 9.6.2 Relational Selection ...... 139 9.6.3 Relational Join ...... 142 9.6.4 Energy Efficiency ...... 143 9.6.5 Execution Time Efficiency ...... 143 9.7 Network-Level Evaluation ...... 144 9.7.1 Local Querying ...... 144 9.7.2 Remote Querying ...... 145 9.8 Related Work ...... 147 9.9 Conclusion ...... 148

10 Paper IV: Efﬁcient and Flexible Sensornet Checkpointing ...... 155 10.1 Introduction ...... 155 10.2 Background ...... 157 10.3 Accelerated Checkpointing ...... 158 10.3.1 Compression ...... 158 10.3.2 Binary Diffs ...... 160 10.4 Selective Checkpointing ...... 161 10.4.1 Format ...... 162 10.4.2 Checkpoint Inspection ...... 163 10.5 Evaluation ...... 163 10.5.1 Compression ...... 165 10.5.2 Binary Diffs ...... 167 10.5.3 Selective Checkpointing ...... 167 10.6 Related Work ...... 169 10.7 Conclusions ...... 169 11 Paper V: Velox: A Virtual Machine for IoT Software Security and Resource Protection ...... 175 11.1 Introduction ...... 175 11.2 Related Work ...... 178 11.2.1 Resource Management ...... 178 11.2.2 Run-Time Environments ...... 179 11.3 Velox Overview ...... 180 11.3.1 Programming Languages ...... 180 11.3.2 Application Format ...... 182 11.4 Resource Monitoring and Control Framework ...... 183 11.4.1 Policy Speciﬁcation ...... 184 11.4.2 Policy Enforcement ...... 185 11.5 Design & Implementation ...... 187 11.5.1 Execution Model ...... 187 11.5.2 Error Handling with Exceptions ...... 190 11.5.3 Memory Management ...... 190 11.5.4 OS Adaptation Layer ...... 192 11.6 Evaluation ...... 193 11.6.1 Experimental Setup ...... 193 11.6.2 Micro Benchmark ...... 194 11.6.3 Implementation Complexity ...... 194 11.6.4 Virtualization Cost ...... 196 11.6.5 Power Policy Enforcement ...... 199 11.7 Conclusions ...... 200

Part I: Dissertation Summary

1. Introduction

Resource-constrained devices are a class of computers that in different aspects are limited compared to workstations, servers, and even smartphones. The reason for deliberately designing devices with these limitations is to adhere to various constraints such as energy consumption, physical dimensions, and economic cost. The emerging Internet of Things (IoT) has increased the demand for such resource-constrained devices immensely. Market analysts fore- cast that billions of devices will be connected to the Internet [43, 48]—many of which are small, untethered, and driven by batteries. The vast research that has been made involving resource-constrained devices, of which a large part can be credited to the sensor networking and embedded systems fields, has contributed to the disruptive technology that is now enabling a wide range of IoT applications that were unfeasible before. In this dissertation, we address a set of research problems related to system architectures for resource-constrained devices. Our research revolves around the use of local storage on the devices. In other words, we design and implement storage-centric system components that in different ways enhance resource-constrained devices with respect to energy efficiency, programming and debugging capabilities, and security. The primary constraint that we consider in this dissertation is that of energy. Because the devices are commonly operating on batteries, energy is a fundamental constraint. From this constraint, several other constraints follow, pertaining to random access memory, flash memory, communication range, and communication bit-rate. The work conducted in this dissertation is largely orthogonal to the vast literature on how to make such systems communicate efficiently over low- power wireless networks. Still, the systems research problems are affected by the same fundamental challenge as the communications research: the scarcity of energy available to the devices.

1.1 Research Areas This dissertation considers research problems in the contexts of two closely related research areas that depend on resource-constrained devices: Wireless Sensor Networks (WSN) and the Internet of Things (IoT). In the following, we will introduce each of these areas and brieﬂy describe how they overlap and how they differ.

19 1.1.1 Wireless Sensor Networks Wireless sensor networks is an enhancing technology for a wide range of application areas, including building automation [59, 93], healthcare [63], localization [58], structural health monitoring [15, 17, 84], and wildlife and environmental monitoring [62, 100]. A wireless sensor network consists of a number of sensor nodes that collaborate to perform a distributed sensing task—and in some cases also an actuation task. The main benefits of deploying wireless sensor networks come from the fact that they have low energy consumption, low economic cost, and small physical size. Although these benefits are considerable, there have also been a number of challenges associated with sensor networking, which have kept a relatively large research community occupied. As a research topic, wireless sensor networks have been studied for approximately 15 years. The research problems are diverse, with sub-topics such as hardware design, programming abstractions, energy-efficient communication, and information theory. While there are a large number of different types of wireless sensor networks, most share the salient traits that they perform a distributed sensing task, are powered by batteries, and communicate using low- power radio technology. A sensor network is typically coordinated by one or more sink nodes, which collect the sensor data sent by the other sensor nodes. In some applications, the sink node can either originate commands or forward commands from a user or an external application that are sent to nodes within the network. Because low-power radios typically have a highly limited range, the sensor networks may form routing topologies with multiple hops. In this case, some sensor nodes must not only forward their own sensor data to the sink but also that of other nodes. A variety of operating systems have been developed for wireless sensor networks [40]. The two most commonly used are Contiki [31] and TinyOS [68]. Both of these operating systems are released with an open source license and have large communities that have made code contributions over more than a decade. Several other sensor network operating systems have been developed as part of research projects, including LiteOS [12], Mantis [1], Pixie [70], RETOS [16], and SOS [56]. The software developed as part of this dissertation is implemented and evaluated in the Contiki operating system. We have, however, designed the software so that there is not a tight coupling with Contiki. In most cases where there is a need to use OS- or hardware-dependent functionality, we have fac- tored out such functionality into separate modules. Hence, we do not see any limitation for porting the software developed as part of this dissertation to other IoT and sensor network operating systems.

20 1.1.2 Internet of Things As a research area, the Internet of Things (IoT) has several similarities with sensor networks. An IoT network consists of a multitude of sensing and actuation nodes, with the typical hardware being a resource-constrained device powered by a battery. The main differences, however, are that the IoT has a focus on using standard IP-based protocols, and on enabling sensing and actuation devices with ubiquitous connectivity to the Internet. Additionally, the typical IoT deployment does not have a number of nodes that collaborate to perform a large, distributed sensing task, but instead each node has a more speciﬁc task, such as having one node controlling a light switch in a home, and another node sensing the outside temperature at a speciﬁc spot. The IoT, with its key trait of ubiquitous Internet connectivity for devices, introduces new issues that are either less prevalent or nonexistent in traditional sensor networking. In the Internet Society’s (ISOC) comprehensive survey on the IoT, the following issues are expounded upon: 1) security, 2) privacy, 3) interoperability and standards, 4) regulatory, legal, and rights, and 5) emerging economy and development [89]. Because of its inherent reliance on standard communication protocols, a large part of the IoT research is focused on adapting and implementing protocols for resource-constrained devices. Several low-power IPv6 stacks have been designed and implemented for this class of devices, including ArchRock’s IP stack [60], BLIP for TinyOS [22], OpenWSN [104], and μIPv6 for Con- tiki [37]. These stacks are designed primarily for lossy and low-power IEEE 802.15.4 networks, and employ 6LoWPAN header compression to reduce the energy cost and increase the attainable goodput for IoT applications [41, 73]. IETF standards such as 6TiSCH [98], the Constrained Application Protocol (CoAP) [91] and the routing protocol RPL [106] are additional building blocks for an IoT networking stack.

1.1.3 The Contiki Operating System For the software designed and implemented in this dissertation, we have used Contiki as the underlying operating system. Contiki is one of the most widely used operating systems for the Internet of Things and sensor networks. It orig- inated in 2003 as an operating system for resource-constrained sensor devices used by companies and researchers, and for legacy hardware used by computer enthusiasts. Contiki can also be regarded as one of the ﬁrst IoT operating systems, since it supported IP networking from the beginning through the μIP stack [27]. Through contributions from Cisco Systems in 2008, μIP was extended with IPv6 support, which sparked the Contiki community’s increasing involvement in the IoT. Contiki has a wide range of features, including a CoAP implementation [65], the radio duty cycling protocol ContikiMAC [28], the Cooja/MSPsim simu-

21 lator [81], a dynamic ELF loader [30], and an IPv6 multicast implementation [80]. As part of the work on this dissertation, I have contributed several software components to Contiki, such as the Coffee ﬁle system (Paper II) and the Antelope database management system (Paper III). When programming Contiki software, developers usually use standard C as the main language, but certain limitations stemming from Contiki’s process model have to be taken into account. Contiki processes are implemented as Protothreads, which is a lightweight, stackless thread library [34]. Processes are scheduled cooperatively, meaning that processes should yield control back to the scheduler explicitly. Yielding can only be done from the top-level function of the process, which entails that long-running computations must be bro- ken up in fragments manually by the developer. Furthermore, care must be taken when using stack variables in the top-level function of a process because Protothreads do not restore the values of those variables when yielding and later rescheduling the thread. These limitations are of minor importance, however, compared to the resource constraints that one faces when designing and implementing software for resource-constrained devices.

1.1.4 Resource-Constrained Devices Resource-constrained devices come in many varieties, tailored for different applications and network roles. The classes of devices that our research cov- ers are Class 1 and Class 2 devices, as specified by RFC 7228—Terminology for Constrained-Node Networks [8]. Class 1 devices have approximately a RAM capacity of 10 kB and a ROM capacity of 100 kB. Class 2 devices have approximately a RAM capacity of 50 kB and a ROM capacity of 250 kB. Although it is difficult to use the software artifacts developed as part of this dissertation in less capable devices than those belonging to these two classes, there are of course no inherent limitations on using the software on more capable devices. The majority of our experiments have been conducted using Moteiv’s Tmote Sky platform and Arago System’s WiSMote platform—both with real devices and emulated ones. Both of these devices are based on Texas Instrument’s MSP430 architecture, and equipped with IEEE 802.15.4 radio chips, which operate in the 2.4 GHz ISM band and have a 250 kbps data rate. The Tmote Sky is equipped with a TI MSP430F1611 micro-controller with an 8 MHz clock frequency, a TI CC2420 radio chip, a light sensor, and a combined humidity and temperature sensor chip. It has 10 kB RAM, 48 kB ROM, and a ST M25P80 external flash memory with a storage capacity of 1 MB. The Tmote Sky, and its predecessor the Telos B platform [87], have for over a decade been one of the most popular platforms in the sensor networking community. However, sensor networking systems have typically been employing custom-made software, optimized for a specific application.

22 With the IoT’s requirements for more generic networking stacks and operating system services, the Tmote Sky is becoming inadequate to accommodate the increased software complexity. It can barely fit a low-power IPv6 stack based on the 6LoWPAN architecture. A minimalistic configuration of Contiki OS 3.0 yields a firmware with a RAM size of approximately 7 kB and a ROM size of approximately 44 kB. This measurement is made by compiling the rpl- udp client software into a firmware, and obtaining the size of the text, data, and BSS segments of the resulting ELF file. Hence, to run larger applications, it is necessary to use more capable devices. In this dissertation, we make use of the WiSMote platform for our most complex system, the Velox virtual machine presented in Paper V. The WiS- Mote is equipped with a TI MSP430F5437 micro-controller with a 16 MHz clock frequency, a TI CC2520 radio chip, an ambient light sensor, a humidity and temperature sensor, and an optional accelerometer. It has 16 kB RAM, 250 kB ROM, and 2 MB ST M25P80 external flash memory. In this dissertation, we sometimes use the terms IoT devices, memory- constrained systems, motes, and sensor devices to refer to resource-constrained devices depending on the context and research area.

1.2 Scientific Method The method employed throughout the research conducted in this thesis is experimental computer science. Most of my work revolves around the construc- tion and study of software systems for wireless sensor networks and the IoT. Computer systems research is in large part based on software artifacts made in a novel manner to attain a specific objective. Culler formulated the systems research process in the following three high-level steps: “1. imagine a plau- sible future, 2. create an approximation of that vision using technology that exists, and 3. discover what is true in that world” [20]. Our approach has pre- dominantly been paper-driven, which means that we think of a hypothesis to explore in a paper first, and then create a system to test whether this hypothesis is true or false through a series of experiments. This approach is also iterative: sometimes, it is the case that the hypothesis has to be revised, as one gains new insights during the work. In the areas of wireless sensor networks and the IoT, the requirements on software systems differ considerably from those of general-purpose or high- end computing. Hence, the performance evaluations do not always target maximum performance using traditional metrics such as execution time or latency. The fundamental requirements with respect to energy consumption sometimes make other metrics more important. In essence, it depends on the particular application in which the software system is used. For an application where battery life is essential, one may accept a degradation of other performance metrics than energy consumption as a trade-off.

23 The experimental evaluations conducted in the papers of this thesis have certain elements in common that can be summarized here, and to some extent also elaborated upon. There are two types of experimental setups employed in this thesis. Real network experiments Several experiments that evaluate networking performance in this dissertation have been carried out in sensor network testbeds such as TU-Berlin’s TWIST [57], and smaller, local testbeds at SICS Swedish ICT. All of these testbeds comprise Telos B, Tmote Sky, or other compatible hardware clones. Through real network experiments, we are able to observe the execution of software systems and protocols in an environment where no details are left out. Testbeds, however, may be difﬁcult to control in order to produce repeatable experiments. Random effects from external interference, people walking by, or objects being placed in front of nodes may affect the networking conditions from one run to another. Cross-level simulation experiments This experimental setup can be used to simulate sensor networks at different levels of detail in a single simulation instance. Although simulators model the physical environment and thereby reduce the level of detail, they provide an improved visibility into what is actually happening and enhance the repeatability of experiments. In this dissertation, we use the Cooja simulator [81] for a variety of experiments. One of Cooja’s salient features is that it enables cross-level simulations, where different types of simulation can be combined at different levels in a single run of the simulator. Cooja makes it possible to inspect all the packets that are being transmitted, to view an accurate timeline of the events happening on each node [83], and to access any memory location of each node using the debugging interface of the embedded MSPsim emulator [45]. At the network level, Cooja interconnects simulated nodes through a radio medium, which provides a model of the physical environment. Different models exist, including the Directed Graph Radio Medium (DGRM) and the Unit Disk Graph Medium (UDGM). At the node level, Cooja can emulate each node by using the MSPsim emulator [44]. MSP- sim provides cycle-accurate emulation of a variety of hardware platforms based on Texas Instrument’s MSP430 architecture. MSPsim executes the same ﬁrmware as is executed on physical hardware platforms.

1.3 Dissertation Structure This dissertation is a comprehensive summary, which consists of two parts: Part I—Dissertation Summary and Part II—Research Papers. The dissertation summary part provides the context of the research within the dissertation, and connects the ideas of the ﬁve individual papers that are

24 included in the dissertation. In this chapter, we introduced the research areas and technology related to this dissertation. Chapter 2 describes the research challenges that we consider, and gives an overview of the scientific contributions and the impact of our research. Chapter 3 provides an overview of the included papers, and specifies my contribution to the papers. Chapter 4, cov- ers the related work with a high-level perspective, complementing the more detailed descriptions provided in the included papers. In Chapter 5, I give my conclusions to the work and outcome of this dissertation. The research papers part contains the five research papers that are the main outcome of the research conducted during my doctoral studies. Each paper has been adapted from its original template to the template of this dissertation. The original versions of four of these papers have been peer-reviewed and published in highly selective conferences, whereas the fifth paper is in submission to a conference at the time of writing. These papers are located in Chapters 7, 8, 9, 10, and 11.

25 2. Challenges and Contributions

In this chapter, we explain which challenges we have considered as part of the work on this disseration, and we give a high-level overview of the scientiﬁc contributions of the included research papers. Lastly, we discuss the impact that the research papers—and their associated software artifacts—have had both in academia and industry.

2.1 Research Challenges The challenges within the sensor networking and IoT ﬁelds are numerous, ranging from hardware design to programming abstractions. In the following, we describe the challenges that are most relevant for the research in this thesis.

2.1.1 System Support for Energy Efficiency Energy is a fundamental factor that affects the hardware and software design in sensor networks and the Internet of Things. Most commonly, the devices in these two application areas are driven by batteries, which can be drained quickly if energy-demanding hardware is active for too long. The radio is typically the primary energy consumer on a device, and network stacks therefore often need to use a duty cycling mechanism to shut off the radio as much as possible. Other parts of the devices, such as the micro-controller and sensors, may further contribute to high energy consumption. Software components designed and implemented for resource-constrained devices must therefore take their energy consumption into account. These considerations pertain to any network traffic that they generate, their amount of computations, and their use of peripheral hardware. Although some devices are equipped with energy harvesting capabilities, drawing energy from sources such as sunlight or wave motion, such devices are limited to operate where those sources exist. The energy is typically harvested in small quantities, which entails that energy efficiency is crucial also when using this type of energy source. An energy-efficient system will put less demanding requirements on the quantity of energy that needs to be harvested, and thus increase the feasibility of using such an energy source.

26 2.1.2 Flash-based Storage Systems A common trait of resource-constrained devices is that they are equipped with some type of flash memory. Hence, a variety of storage systems have been developed to make use of this flash memory. The challenge in this area is to provide system support for flash while having low energy and memory overhead. Flash memory requires different access patterns compared to disk drives: data is typically written to flash on a byte or page granularity, depending on the flash memory type, and cannot be overwritten before an erase is made on the data at a sector granularity. The sector size is usually considerably larger than a page, which entails that in-place modifications are difficult to handle. The use of flash memory contributes to the energy consumption of the devices, and it is thus important to maximize the performance of the storage systems—both through efficient data structures and indexing algorithms.

2.1.3 Programming, Testing, and Debugging Because of the aforementioned energy constraints, hardware platforms for sensor networks and the IoT are typically equipped with a low-power radio, a micro-controller of modest abilities, and limited storage capacities. These re- strictions have a direct effect on the possible complexity of the software used in the devices. Programming abstractions have in particular been studied to simplify the application and system development. Such abstractions can operate at different levels, taking either a macro perspective or a micro perspective. Macro programming of sensor networks entails that a single implementation of the high-level application logic is made to steer the distributed operation of the network. Such programming abstractions can be designed to make it simple to aggregate data over multiple nodes before reaching the sink, or to implement sensing and actuation rules that can be statically tested for correct- ness. On the other side of the scale is regular programming (or, micro programming) of individual applications that operate distinctly on each sensor device. Such programming is commonly conducted using low-level programming languages such as C, and the programming abstractions are designed to simplify the development of sensor network applications at the node level. While such low-level programming is more error-prone than what can be achieved by using high-level-languages—and possibly offers less potential for high productivity—it is also more ﬂexible as the developer is not tied to any particular abstraction that might not be an optimal ﬁt for the problem at hand.

2.1.4 Safe and Secure Application Execution The deployment of resource-constrained devices for IoT applications has increased the security and safety requirements compared to traditional sensor

27 network applications. IoT applications entail that there is some form of Inter- net connectivity, and thus a possibility of external attacks against vulnerable software. By contrast, sensor networks have typically been operating in isola- tion from the Internet, and using custom-made application software for each deployment. Hence, security has not been of paramount importance in the sensor networking community. Achieving safe and secure application execution on a resource-constrained device can be challenging for a number of reasons. Since the devices commonly lack sophisticated hardware-enforced memory protection and privilege separation, OS processes typically execute with the same privileges and in the same memory space as the OS kernel. In operating systems such as Contiki and TinyOS, there is no switch to a privileged execution mode when making a “system call” as it is essentially just a regular function call into a component belonging to the core OS. The consequences of an application that operates in an unsafe or insecure runtime environment can be catastrophic. A device may be attached to actuators controlling sensitive hardware, and if the actuator controls the hardware in an incorrect way, it may be destroyed or cause serious problems. The distributed operation of the networks can further prove to be vulnerable; a malfunctioning network protocol implementation may cause a degradation of performance, or even a complete halt of the network [67]. Hence, there is a need to improve the safety and security of IoT applications, despite any possible resource constraints on the devices. While a few system components and protocols have been developed to make use of cryptography to secure communication and data storage [5, 64], there is also a need for the software itself to execute in a safe and secure manner. Static analysis and symbolic execution help to reduce the risk of security bugs, but cannot catch all problems that can occur at runtime. One particular problem that is hard to catch through analysis at compile-time is whether the energy consumption of the application is always below a selected limit. Having the software execute in a virtual machine is a possible way to prevent applications from accessing system resources that they are not supposed to, and to prevent them from using too much energy. The main challenge with using a virtual machine, however, is to have a low overhead concerning execution time and energy consumption, as it must both interpret bytecode instructions, and at the same time monitor all of the resource consumption of each application.

2.2 Contributions and Results The contributions of this dissertation address the aforementioned challenges through ﬁve research papers. We make contributions in three different areas, each of which is elaborated on below: 1) efﬁcient sensornet reprogramming

28 and checkpointing, 2) storage-centric systems, and 3) a virtualized runtime environment for software security and resource protection.

2.2.1 Efficient Sensornet Reprogramming and Checkpointing For the purpose of programming, debugging, and testing IoT and sensor network applications, a plethora of methods have been proposed. The research in this area is concerned not only with attaining efficient software dissemination over the network but also with reducing the software size. This dissertation makes contributions that addresses the latter problem. Our first contribution is the design, implementation, and evaluation of a set of compression algorithms that improve the energy efficiency of sensornet reprogramming with executable modules (Paper I). We evaluate the energy- efficiency of common compression algorithms. Based on these insights, we also design and evaluate a variant of Burrows-Wheeler Transform [11] specifically for resource-constrained devices. In addition to reducing the energy cost of software upgrades, the use of compression has the added benefit that upgrades can be completed considerably faster. Moreover, there will be less interference generated from dissemination of software upgrades. Still, things are not so simple as to use the algorithm that achieves the highest compression, as there are also trade-offs with respect to execution time and implementation complexity. In our experiments, we show that it is possible to reduce the data size by up to 56%, and to reduce the energy consumption for the data dissemination and reprogramming by as much as 69%. To further enhance the capabilities of debugging and testing software on resource-constrained devices, we have made enhancements to a technique known as sensornet checkpointing. I was a co-author of the original sensornet checkpointing paper [82]. In this dissertation, we present methods to make sensornet checkpointing more efficient and flexible in order to improve the performance of using this technique (Paper IV). Through the use of data compression, we show that the checkpoint sizes can be reduced by 70-93%, and that the time of checkpointing operations can be reduced by 50%. Fur- thermore, the paper introduces selective checkpointing that enables extraction and injection of partial checkpoints. This feature makes it possible to delimit checkpoint state to specific software components without having to transmit the rest of the system state.

2.2.2 Storage-Centric Systems Programming storage-centric sensor network applications has been a tedious and error-prone task before the introduction of file systems. Application developers have resorted to implementing application-specific data layouts on top of flash storage. When switching the storage type, or the application re-

29 quirements regarding what is stored, this type of design has entailed that much of the storage components must be re-implemented. To mitigate the difficulty of developing energy-efficient, storage-centric applications, one of the main contributions of this dissertation is the design, implementation, and evaluation of the Coffee file system. Coffee is a flash file system that has a novel storage structure combining extents with micro log structures. This structure ensures that Coffee’s memory footprint for open files is O(1) in relation to file size, and that Coffee’s sequential write throughput is at least 92% of the flash driver’s capacity. The low memory requirement is particularly useful for large files, such as long sequences of stored sensor samples, since the memory is typically highly limited on sensor devices. Although a file system such as Coffee provides a generic application programming interface for the available storage of the devices, the need for more sophistic storage abstractions is apparent in sensor networking. Large sequences of sensor samples may need to be aggregated, indexed, and queried for with low execution time overhead, and low storage overhead. Achieving these objectives is challenging, however, since the underlying flash memory prevents common database indexing algorithms from being used. Hence, a key contribution of this dissertation is Antelope, a full-fledged database management system (DBMS) for resource-constrained devices in sensor networks (Paper III). Antelope raises the abstraction level for developers of storage-centric sensor network applications by allowing them to specify storage-based data structures and make queries using a high-level database language named AQL. It is designed to operate atop Coffee, but there is no inherent limitation that prevents it from being used with other file systems. Antelope makes it possible for sensor network operators or software to pull data from sensor devices over the network. Unlike sensor network query systems such as Cougar and TinyDB, Antelope enables querying for historical data, and aggregating such data on the devices. As part of the work on Ante- lope, we also contribute a new flash-based index algorithm, MaxHeap, which is built on a binary minimum heap structure. It provides O(N) space complexity and O(logN) search time complexity, where N is the number of indexed items. Antelope is the first relational DBMS in the context of sensor networks.

2.2.3 A Virtualized Runtime Environment for Software Security and Resource Protection Our ﬁnal contribution is made with regards to enhancing the security of IoT application software, and to protect system resources despite a lack of hardware features to support this objective. Hence, Paper V introduces a virtual machine, Velox, which provides a policy framework through which users can set different security and resource policies for the IoT applications. Unlike earlier resource policy frameworks, such as Pixie [70] and Levels [66], Velox

30 can enforce policies, rather than provide advisory information that can be ne- glected by a faulty or compromised application. Velox monitors each application’s execution at the bytecode instruction level, and traces their resource usage even when Velox is not executing. Velox modiﬁes Contiki’s Powertrace tool [29] to be able to query the energy consumption of IP trafﬁc based on source and destination ports. The resource monitoring has a low energy overhead, as it does not surpass 3% in any of our experiments. We further show that the energy overhead stemming from bytecode execution is below 3% in our case study of an event-driven IoT applications. These results show that an important class of IoT applications can execute in a virtualized environment at a low cost.

2.3 Scientific Impact The contributions of this dissertation are made in five research papers, four of which have been peer-reviewed and published in highly selective conferences, and the last paper is currently in submission. One of the papers has been published in the most prestigious conference in the field of sensor networking: The ACM Conference on Embedded Networked Sensor Systems (SenSys). Another paper has been published in a conference that is in the top tier with SenSys: the ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN). The first paper of this dissertation was published at IEEE International Conference on Sensing, Communication, and Networking (SECON). Lastly, one of the papers was published at The European Confer- ence on Wireless Sensor Networks, a selective conference that is organized in Europe each year, but which draws a world-wide attention from researchers. All of these conference have acceptance rates that are typically in the range of 15-25%. The four published papers had a total citation count of 162 at Google Scholar on December 7, 2015 [51]. The use of compression of executable modules for reprogramming sensor networks has been cited in over 40 papers, covering not only the subject of reprogramming but also data compression for other uses. It has been cited in highly regarded publications and venues such as ACM SenSys [96], ACM Transactions on Embedded Computing Systems [25], ACM Transactions on Sensor Networks [24], IEEE Transactions on Industrial Informatics [14], and IEEE Transactions on Mobile Computing [90]. The Coffee file system has had a strong impact on both the research community and in the open source community. At the time of writing, over 60 papers have employed Coffee for a variety of different uses, such as configuration storage [18], database systems (Paper III), delay-tolerant networking [101], debugging [79], interference trace recording [6], secure data storage [5], sensornet checkpointing [82], software storage [94, 97], and storage abstractions [75].

31 The impact of Antelope (Paper III) has been strong, and has extended beyond the sensor networking field into the IoT. It has been cited in the context of secure storage for the IoT [5], sensor databases [26, 103], and high-frequency event monitoring [2]. Furthermore, it has been cited by Anciaux et al. [3] in the Proceedings of the VLDB Endowment (PVLDB), which is a top-tier journal for the database research community. Efficient and Flexible Sensor Network Checkpointing (Paper IV) has not yet had a strong impact in the sensor network community, but it was published more recently (2014) than the aforementioned papers. The original sensornet checkpointing paper, which I am a co-author of, has 29 citations according to Google Scholar at the time of writing [51]. In addition to the software built directly for the research papers, I have been a core Contiki developer since 2008. During this time, I have been one of the main developers of a multitude of software modules for Contiki, including the widely used ContikiRPL [102] implementation of the low-power IPv6 routing protocol RPL [106]. ContikiRPL has been used as the routing protocol implementation for the networking experiments in Paper V, and it has been used to study the benefits of accelerated and selective sensornet checkpointing in Paper IV. The poster abstract presenting ContikiRPL [102] has been cited 86 times at the time of writing according to Google Scholar [51].

32 3. Summary of the Papers

3.1 Paper I Nicolas Tsiftes, Adam Dunkels, and Thiemo Voigt. Efﬁcient Sensor Network Reprogramming through Compression of Executable Modules. In Proceedings of the 5th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks (SECON); June 16-20, 2008; San Francisco, California, USA.

Summary Wireless sensor networks can be deployed for a long time, operating on battery power, to perform a sensing task. During this time, there may arise a need to update the software in the sensor network; for instance, to introduce new functionality or to fix faulty software. A plethora of methods for reprogramming wireless sensor networks have been developed over the years. Reprogramming can be done by distributing full system images, executable modules, binary file differences (deltas), virtual machine applications, and plaintext scripts. In each of these cases, the software must be distributed throughout a sensor network using low-power radio communication. Since sensor networks are regularly tuned for periodic, low-power radio communication, the considerable traffic increase incurred by software distribution manifests in increased energy consumption and interference. Hence, it is desirable to reduce the energy consumption, so as to prolong the network lifetime; and to reduce the dissemination time, so as to make the interference impact less disturbing on network operations. In this paper, we investigate various compression algorithms that can reduce the size of executable modules, and thereby reduce the cost of reprogramming wireless sensor networks. While this paper studies compression on executable modules, the compression algorithms are general and can be employed for other types of software representations as mentioned above, as long as the information entropy of the data is sufficiently low to make compression efficient. We implement different compression algorithms, and in some cases modify them to work on resource-constrained sensor devices. Our experimental evaluation quantifies the benefits and drawbacks of using the different algorithms. The results show that the GZIP algorithm has the best results on our dataset, saving on average 67% of the dissemination time and 69% of the energy in a multi-hop wireless sensor network.

33 Comments Finding methods to reprogram sensor networks efficiently was a topic that received relatively much attention at the time of writing the paper. The use of data compression for executable modules came as an idea shortly after my co-authors had written a paper about reprogramming sensor networks using runtime dynamic linking [30]. That paper demonstrated that one can achieve energy-efficient reprogramming with software modules stored in a standard binary format such as ELF [99]. This paper was a natural follow-up to that paper, as we asked the question whether we can improve the energy-efficiency further by using data compression. Indeed, we showed that the trade-off between increased computation energy for decompression on devices, and decreased radio transmission energy was highly favorable. Today, however, we find that commercial solutions are still regularly using full system upgrades, as robustness is often prioritized over efficiency. Still, the results of this paper have a direct impact also on this type of upgrades, as the full system images typically use the same data format with similar information entropies.

My Contribution The idea behind the paper came from my two co-authors, starting out as my Master’s project, and which later resulted in this paper. I implemented all of the compression algorithms, conducted most of the experiments, and wrote most of the paper. I presented the paper at IEEE SECON 2008. Adam Dunkels and Thiemo Voigt provided invaluable help along the way for this to become my ﬁrst peer-reviewed research paper. They helped with the writing of the paper and the planning of the experiments.

3.2 Paper II N. Tsiftes, A. Dunkels, Z. He, and T. Voigt. Enabling Large-Scale Stor- age in Sensor Networks with the Coffee File System. In Proceedings of the 8th ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN); April 13-16, 2009; San Francisco, California, USA.

Summary In this paper, we present the design implementation, and evaluation of the Coffee file system. Coffee is a small, yet efficient file system for resource- constrained sensor devices equipped with flash memory. We have designed Coffee specifically for external NOR flash memories, but it can also be used for other types of storage such as EEPROM. The challenge with using NOR flash, compared to disk drives, is that NOR flash is divided into large segments

34 of bits. Any particular bit in a segment can only be switched from its state once unless the whole segment is erased, which implies that all bits in the segment are reset to their initial state. Hence, the file system must handle in- place modification of files with different methods compared to traditional file systems for disk drives. The Coffee file system addresses the challenging write semantics of NOR flash, while having a low code complexity and memory footprint—as is desirable for sensor nodes. The main idea in Coffee is to have a file structure based on contiguous blocks. These blocks are statically allocated at the time of file creation. In many cases, the file owner can determine the file size ahead of creation, and request that Coffee allocates a block with a size that is at least that large. In other cases, Coffee allocates a block with a default size, and later creates a new larger one if a file write operation wishes to move the current file offset pointer beyond the original block size. Coffee also supports in-place modifications of files through a novel micro-log structure. The micro-log borrows the idea of log-structured file systems, but instead of having a log-structure for the entire file system, Coffee has a small log-structure for each file. Our experimental evaluation of Coffee shows that it has an I/O performance and memory requirements that makes it well-suited for resource-constrained sensor devices. The memory complexity is O(1) per open file, which is needed on such devices because the external flash memory can be several orders of magnitude larger than the RAM. The compiled code footprint in ROM is approximately 5 kB, and the RAM footprint is approximately 0.5 kB. For file append and file read operations, Coffee achieves 97% of flash memory’s maximum I/O performance.

Comments This paper provided important results for the subsequent design of large-scale storage systems, as the memory requirements of state-of-the-art file systems for sensor networks, such as ELF, were considerably higher. Coffee has been included in Contiki as its only file system since 2009, and has been ported to several of Contiki’s supported hardware platforms. Coffee has been used, and continues to be used, in multiple research projects using flash storage. This is evidenced by the fact that it has been cited 65 times according to Google Scholar [51]. Coffee is also a fundamental building block for Paper III in this dissertation.

My Contribution I came up with the idea behind the paper, designed and implemented the Cof- fee ﬁle system, conducted most of the experiments, and wrote most of the

35 paper. I presented the paper at ACM/IEEE IPSN 2009. Adam Dunkels and Thiemo Voigt provided insightful comments and suggestions that helped improve most aspects of the paper. Zhitao He conducted one of the experiments.

3.3 Paper III N. Tsiftes and A. Dunkels. A Database in Every Sensor. In Proceedings of the 9th ACM Conference on Embedded Networked Sensor Systems (SenSys); November 1-4, 2011; Seattle, Washington, USA.

Summary Sensor networks have traditionally been communication-centric, employing a push model of communication. This is exemplified by what is arguably the most common sensor network application: data collection. Sensor devices are expected to sense data, or in other ways produce data, that is forwarded over a low-power wireless medium to a sink. In this paper, we propose a storage-centric sensor network model, in which each sensor device executes an own instance of a DataBase Management Sys- tem (DBMS). To this end, we design and implement Antelope, a DBMS for resource-constrained devices equipped with some form of external storage, such as flash memory. Antelope enables queries in a language similar to SQL, and provides three data indexing components to increase the query performance. These components, which all have fundamentally different characteristics, are the MaxHeap index, the Inline index, and the Hash index. Antelope enables a pull model of communication, where an external source, such as a sink, can query each node within its network for either current or historical sensor data. A major benefit of this model is that sensor nodes only have to send information that is explicitly queried for, rather than sending all information. For example, if a user is interested in knowing the maximum temperature of a node during a certain day, the user will send this query to Antelope, which can quickly construct an answer by using a database index, and send it back in a packet with a single value to the user. By contrast, a typical data collection application would periodically send each sensor sample to the sink, typically requiring hundreds of packets to be sent during a single day. Hence, for some types of applications, a pull model can reduce the energy consumption of all sensor nodes, as well as reduce the internally generated interference in the sensor network. Our experimental evaluation of Antelope is split into a node-level evaluation and a network-level evaluation. The former is focusing on performance benchmarks, memory requirements, and implementation complexity. The latter is focusing on how Antelope performs in a real network, where individual nodes receive queries from a sink and respond to them. We show that through

36 the use of the included indexes, Antelope is able to query for data in 0.3% of the time of an unindexed query. Despite being a relatively complex system for resource-constrained devices, Antelope requires approximately 17 kB of ROM and 4 kB of RAM, which are ﬁgures well below the limits of the devices listed in Section 1.1.4.

Comments By being the ﬁrst relational DBMS for sensor networks, Antelope has opened the door for new use cases and storage-centric application designs. Its research impact has been strong, and either the full Antelope DBMS or sub-components have been one of the main systems of comparison in later research papers. New prototypes of database management systems, such as LittleD [26] and HybridStore [103], have been created—both of which make different choices than Antelope as to which characteristics and trade-offs to prioritize.

My Contribution I came up with the idea behind the paper, designed and implemented the An- telope database system, conducted most of the experiments, and wrote most of the paper. I presented the paper at ACM SenSys 2011. Adam Dunkels provided excellent feedback on the paper structure, its thesis, and the experiments. He also wrote most of the background section, and carried out the experiments presented in that section.

3.4 Paper IV A. Löscher, N. Tsiftes, T. Voigt, and V. Handziski. Efﬁcient and Flexible Sensornet Checkpointing. In Proceedings of the 11th European Conference on Wireless Sensor Networks (EWSN); February 17-19, 2014; Oxford, United Kingdom.

Summary The development and testing of software for wireless sensor networks has for long proven to be difﬁcult. One of the main reasons for this difﬁculty is that sensor devices can be deployed in remote areas with unique environments, which may not be easily reproducible in a test environment before deployment. In other words, the sensor devices can be subject to a large set of non- deterministic inputs. Sensornet checkpointing is a method for retrieving and replacing the state of deployed sensor devices. The retrieval of state is referred to as a checkpoint

37 operation, whereas the replacement of state is referred to as a rollback operation. By using these two operations, software developers can develop and test their software in a deployed network or a testbed. The system state of a deployed node can be inspected at a sink node, and it can also be modified. Not only does sensornet checkpointing aid in the development and testing process but it also enables other use cases such as automated testing and network vi- sualization. The latter two use cases require efficient transfer of system state back and forth between sink and sensor nodes. To improve the applicability of sensornet checkpointing for the aforementioned use cases, we present two methods for reducing the state that is needed to be transferred between the sensor device and the sink. Our first method, accelerated checkpointing, makes use of data compression algorithms to reduce the representation of the full system state. We design a memory-efficient variant of the Lempel-Ziv algorithm [108] that we use to compress the checkpoints files on resource-constrained sensor nodes. Our second method, selective checkpointing, makes it possible to checkpoint only a part of the system state that is of particular interest. For example, this partial state could cover a particular module, such as that belonging to an application process or a certain system service. In our experimental evaluation, we show how our proposed methods of accelerated and selective checkpointing reduce the checkpoint sizes by 70% to 93%. Furthermore, the time required to transfer checkpoints in a testbed is reduced by at least 50%. We make a case study of selective checkpointing, in which we perform fault injection into the system state of a node. In this case, the time for the rollback operation is reduced by 98% compared to what would be required for a regular sensornet checkpoint operation that achieves the same modification.

Comments Sensornet checkpointing is an interesting technique for debugging and testing, as it allows researchers and programmers to gain visibility into the state of a physical device. Similar to Paper I, this paper uses data compression to reduce the amount of data that needs to be transferred over the network or a serial bus. The difference, however, is that the nodes themselves must do the compression of the data, whereas the nodes in Paper I only need to decompress data. Hence, this paper uses other algorithms that prioritize memory-efficient compression. The original sensornet checkpointing software was distributed with Contiki for several years, but it was seldom used by people outside of the sensornet research community. We believe that improving the efficiency and flexibility of this technique may make it more compelling for a broader user base, and this paper is a step toward that end.

38 My Contribution I contributed to the planning of the paper’s structure, thesis, and experimental design. I wrote a minority of the paper text. I was also a co-author of the original Sensornet Checkpointing paper [82], upon which this paper is based on. Andreas Löscher implemented the software and wrote most of the paper, whereas Thiemo Voigt had a similar contribution to the paper as me.

3.5 Paper V N. Tsiftes and T. Voigt. Velox: A Virtual Machine for IoT Software Security and Resource Protection. Manuscript in submission.

Summary IoT devices are typically resource-constrained and lack hardware features that protect the system from compromised or malfunctioning software. In common IoT operating systems such as Contiki, RIOT, and TinyOS, application software executes with the same privilege level as the core OS modules. Hence, faulty application software may read from and write to any memory location or hardware register, and may even cause the energy consumption to increase. Although the software can be tested and analyzed thoroughly at compile-time; e.g., through static analysis and symbolic execution; such methods cannot guarantee that the software will be free of errors and security flaws. In this paper, we take a complementary approach to enhance the security of IoT devices. We present Velox, a virtual machine that has an ample feature set that ensures that applications can execute in a safe runtime environment. The main features of Velox are (1) a framework for specifying and enforcing fine- grained resource policies for applications, (2) support both for high-level functional programming and imperative script languages, and (3) a comprehensive application programming interface (API) for IoT software development. Velox applications are compiled from a source language to Velox bytecode, which is agnostic to the host hardware and operating system. Each application is associated with either a default resource policy or a custom policy set by a system administrator. We have been inspired by earlier resource policy frameworks for sensor networks, such as Pixie [70] and Levels [66]. These frameworks provide information to applications regarding how much of a specific resource they are using, and let them adjust their own resource usage to be within bounds. By contrast, Velox will enforce all policies set for the application. Once an application attempts to consume too much of a resource or access a resource that it is not allowed to use, Velox will immediately prevent this from happening either by 1) terminating the application, 2) throwing an exception, or 3) slowing down application.

39 Comments The research on Velox is still ongoing, and this ﬁrst paper on Velox is currently in submission. In this paper, we have presented and evaluated the core Velox functionality. We have identiﬁed several additional interesting research topics involving Velox, and expect to explore these topics in the near future. The Velox software is being prepared for release, and we are aware of several companies that have expressed interest in using it. Moreover, we expect to use it as a component in a number of research projects that are starting.

My Contribution I came up with the idea behind the paper, designed and implemented Velox, conducted all the experiments, and wrote most of the text. Thiemo Voigt helped with the planning of the experiments and the paper structure. He also provided highly valuable critique and suggestions to improve the paper.

40 4. Related Work

In this chapter, we give a broader perspective on related work compared to the research papers in this dissertation. We expand on the subjects by adding low- power wireless communication protocols, which we have used extensively for the experimental evaluations the papers. Moreover, the additional papers that I have co-authored, but which are not in this dissertation, are tackling communication problems to a higher degree. The related work is divided into three categories: 1) storage-centric sensor networks, 2) runtime environments and programming frameworks, and 3) low-power wireless communication.

4.1 Storage-Centric Sensor Networks The body of work within storage-centric sensor networks has influenced the research in this thesis. Originally, much focus in the sensor networking field was put on communication, presumably because the devices were simply so resource-constrained that they lacked the capacity for demanding computations and extensive node-local storage. Today, sensor devices are regularly equipped with flash memories, which has made it possible for sensor networks to be communication-centric, storage-centric [23], or a mixture of both. Unlike communication-centric sensor networks, which typically transmit sensor data to a sink, storage-centric sensor networks make use of local storage capabilities on the sensor devices. A simple use of storage is to make sequential logs of sensor samples coupled with time stamps, which can later be extracted after physically collecting the sensor devices. Another possible use is to process stored sensor samples and aggregate them into data packets, possibly employing compression to reduce transmitted data further.

4.1.1 File Systems Flash-based sensor network file system seek to provide a generic file manip- ulation interface similar to those existing in regular operating systems; e.g., POSIX. Paper II makes a contribution in this area with the introduction of the Coffee file system. Paper I, Paper III, Paper IV, and Paper V all use a file system in some manner, which makes it a key component for the software developed as part of this dissertation. There have been other types of file systems developed earlier for sensor devices. Matchbox [49] and ELF [21] are two file systems that are designed

41 for flash storage and implemented in TinyOS. Matchbox is a page-based flash file system, which entails that files are organized as a set of linked pages. The file pages contain a metadata structure, which holds an entry pointing to the next page of the file. ELF is a log-structured file system, which entails the flash memory is treated as a circular log of file modifications. Each log entry consists of a log page, which represents a certain area of a file. All log entries belonging to a file are linked, so that the file can be quickly traversed when reading it. This type of file structure is especially suitable for NAND flash memory, which has the characteristic that data pages must be written sequentially. When modifying a file, ELF copies the current page where file is being modified, and adds a new log entry with the updated page at the end of the log structure. Once the flash memory fills up, the first page in the log structure gets erased, and if it contains any pages without stale data, those pages are copied to the end of the log structure. To ensure that file I/O is quick, ELF stores file metadata in RAM. The drawback of this use of RAM, however, is that large files also require large memory footprints.

4.1.2 Storage-Centric Programming Abstractions Since sensor network applications regularly share the same need for storage functionality, the generic application programming interfaces offered by file systems may require application developers to re-implement the same common functionality. This functionality can pertain to high-level storage operations such as indexing, streaming, and sensor data aggregation. To enhance the productivity of sensor network application developers, storage-centric programming abstractions provide such common functionality. Capsule [72] provides a set of programming primitives designed specifically for sensor network applications. Application developers can combine these primitives to implement their storage-centric sensor network application. Capsule’s high-level storage abstractions reduce the burden of the developers to manually implement features such as indexing and streams. The cost of these abstractions, however, is that developing applications that use storage in other ways than for sensor data storage alone may become difficult. Squirrel is a stream-oriented programming framework in which one can create a chain of stream operators to implement an application [75]. Since one of Squirrel’s features is to completely hide the storage operations from the programmers, it provides a high abstraction level for storage-centric sensor network application developers. To implement the underlying storage operations, Squirrel made use of the Coffee file system, which is a contribution of this dissertation (Paper II). Additionally, various systems for efficient storage and querying of certain types of data have been proposed in the literature. MicroHash [107] and

42 FlashDB [77] are indexing algorithms for data stored in ﬂash memory. Such indexes can be of beneﬁt as a subcomponent to a DBMS such as Antelope (Paper III), since they increase the database querying performance. LittleD is a small DBMS that provides an SQL-like query language [26]. The paper uses Antelope (Paper III) as the primary system of comparison, and shows that LittleD uses less RAM, but requires on average longer execution times to complete queries because LittleD has limited indexing capability.

4.2 Runtime Environments and Programming Frameworks Resource-constrained devices for the Internet of Things and sensor networks typically lack sophisticated hardware features that protect resources from malfunctioning or compromised applications. For instance, the devices used in our experimental evaluations of the included research papers lack memory management units (MMUs) with support for virtual memory and memory protection. Furthermore, they regularly lack hardware-enforced privilege separation between the OS kernel and applications. In systems such as Contiki and TinyOS, the kernel and the applications are bundled together in a monolithic system with a shared memory space. Hence, a faulty application may cause a system crash, and may even control peripheral actuators in a adverse manner. Debugging is another problem that is aggravated by the regular lack of hardware features such as an MMU. Furthermore, in the case of remotely deployed devices, it may be difﬁcult to collect debugging information over radio as a bug may have caused a protocol implementation to malfunction. In this dissertation, we make contributions to mitigate the challenges regarding reprogramming (Paper I), debugging and testing (Paper IV), and software security and resource protection (Paper V).

4.2.1 Virtualization The t-kernel [52] addresses the problem of missing hardware support for safe execution by using a virtualization technique. Memory access instructions are replaced by calls into the t-kernel, which can check whether the application is allowed to read or write to a speciﬁc memory location. Thus, the t-kernel provides software-based virtual memory. Although this is a compelling qual- itative improvement of application safety, memory access instructions have a considerable execution time overhead.

4.2.2 Virtual Machines Darjeeling [9], TakaTuka [4], and leJOS [47] are Java Virtual Machines (JVMs) designed for resource-constrained devices. They implement subsets of the

43 Java language, and in the case of Darjeeling, introduce a modified Java bytecode format to make the code smaller. Hence, these virtual machines enable high-level programming for such devices, which have traditionally been pro- grammed using low-level languages such as C and assembler. PyFUNS provides a Python programming framework for IoT applications [7]. PyFUNS is based on PyMite, a Python bytecode interpreter designed for resource- constrained devices [88]. Similarly, ELIoT [92] provides an IoT programming framework based on the Erlang programming language. The virtual machines presented hitherto in the literature are primarily focused on supporting high-level programming. The targeted languages have not only been general-purpose languages but also domain-specific languages. The Velox virtual machine (Paper V) supports high-level programming in the Scheme programming language and a new IoT application development language named Iota. Unlike earlier virtual machines for resource-constrained devices, Velox has ample features to enhance the safety and security of applications. Velox introduces a policy framework through which a device owner can set specific resource and security policies for each application. When executing the application, Velox performs runtime monitoring of its actions and resource usage, and can effectively enforce the policies set for it.

4.2.3 Domain-Specific Programming Frameworks In the sensor networking field, domain-specific programming frameworks have increased the abstraction level for developers of sensor network applications. Some domain-specific programming frameworks are based on the traditional programming model in which the developer focuses on what each individual network node should do. Since programming distributed applications in sensor networks can be a difficult task, a number of macro programming languages have been proposed in the literature. Macro programming languages make it possible to design and implement applications on a network-level, where the source code expresses distributed operations in a succinct representation. A plethora of programming frameworks for sensor networks have been created for this purpose, including Abstract Regions [105], Flask [71], Kairos [53], and Regiment [78]. Raising the abstraction level further, the makeSense architecture supports generating sensor network application from a business process model [13]. It generates intermediate code in a language similar to Java, which is then trans- lated to C. As long as there is no expectation of highly processing-intensive applications, such domain-specific abstractions could benefit from using a virtual machine such as Velox as the final compilation target. By using Velox, more operating systems and hardware platforms can be supported because the VM bytecode is agnostic to differences in the host environment. Furthermore, complex implementations of memory management components, such as that

44 in makeSense, becomes considerably simpler by using Velox because Velox already provides memory management with garbage collection.

4.3 Low-Power Wireless Communication The research topic of low-power wireless communication has evolved immensely in the last couple of decades, mainly as part of the sensor networking ﬁeld. In this thesis, we evaluate our research in the context of low-power wireless communication. As the thesis papers themselves describe only succinctly which types of network protocols and low-power mechanisms are being used, we expound on this topic below. We go into higher detail when describing the protocols used in our research papers.

4.3.1 Radio Duty Cycling At the MAC layer, a large number of different protocols have been developed to decrease the radio’s energy consumption substantially. These protocols em- body different ideas of how to perform radio duty cycling; i.e., to switch off the radio as much as possible. There are three main classes of radio duty cycling mechanisms: low-power listening (LPL), low-power probing (LPP), and Time Division Multiple Access (TDMA). We describe each of these classes below. Low-Power Listening LPL protocols, such as WiseMAC [42], B-MAC [86], X-MAC [10], BoX-MACs [74], and ContikiMAC [28], are designed to periodically sample the channel for energy or packet preambles, and switch off the radio for the rest of the time. In the most basic form of LPL, a node wishing to transmit a packet to a neighbor node simply sends the same packet repeatedly until it receives an acknowledgment packet. The repeated transmissions occur for at most a wake-up interval. LPL protocols are highly energy-efficient when they are not transmitting packets since sampling the channel for energy above a certain threshold is a fast operation. The cost of sending a packet can be optimized further by remembering the wake-up schedule of each neighbor, as is done by WiseMAC [42] and ContikiMAC [28]. Low-Power Probing LPP protocols are based on the idea that each node sends out periodic probe packets to let neighboring nodes know that they are ready to receive a packet. After sending a probe, a node samples the channel for energy above a predetermined threshold, which is typically set to a few dB above the noise floor of the radio environment. If the threshold is surpassed, the node attempts to receive a data packet. The configured probing interval determines the base duty cycle of the radio, which like LPP can be further affected by the amount of traffic and

45 external interference in the network where it is used. Neighbor discovery comes with low overhead because of the periodic probing. A node that wishes to discover all its neighbors simply stays awake and collects incoming packets during a full probing interval. Probing, however, has a higher energy cost than simply sampling the channel for packets periodically as LPL does. The earliest examples of low-power probing in the context of sensor networking can be found in Koala/LPP [76] and RI-MAC [95]. A-MAC later advanced the idea further with the use of a synchronization prim- itive named backcast, and the possibility to use multiple channels for probe packets and data packets [39]. Backcast is a probe/ack frame ex- change that makes the check for inbound trafﬁc faster and more depend- able. The use of multiple channels decreases the interference caused by probes with respect to data packet transmissions. Time Division Multiple Access TDMA protocols are common in industrial applications, where there are high dependability requirements. Unlike LPL and LPP, nodes can have dedicated time slots in which to communicate with their neighboring nodes. Furthermore, different nodes and protocols can be allocated varying numbers of slots based on their trafﬁc requirements. Examples of prominent protocols that make use of TDMA techniques are 6TiSCH [36] and TSMP [85]. In this dissertation, we conduct the networking experiments using LPL, as this type of duty cycling is the most prevalent in common sensor network operating system such as TinyOS, with its LPL implementation based on BoX- MAC, and Contiki, with its LPL implementation based on ContikiMAC.

4.3.2 Network Services Network services such as neighbor discovery and data dissemination must be energy-efﬁcient when operating in low-power wireless networks. Since the radios are typically duty cycled, it is costly to wake up periodically to send packets asking all neighbors to respond. Disco is an energy-efﬁcient neighbor discovery method for duty-cycled radios [38]. Disco’s duty cycle is bounded by the maximum time allowed for neighbor discovery, and can be below 1%. Another approach, which is taken by the Announcement layer, is to enable MAC-layer piggybacking of information, for instance by augmenting probe packets in LPP protocols [32]. I am a co-author of this paper. The software implementation of the Announcement layer is part of the Rime network stack in Contiki, but it is typically not used in IoT networks because this service is not part of a standard. Data dissemination protocols are orthogonal to data compression techniques, such as the compressed ELF modules evaluated in Paper I. We use Deluge [61] for dissemination of executable modules in Paper I, which at the time was the

46 state of the art in the area of data dissemination. Deluge builds on the ideas of Trickle [69], which is a broadcast-based protocol that is able to conduct robust and scalable data dissemination in a network. Trickle achieves energy efficiency by suppressing transmission data and adjusting transmission windows based on overheard traffic. Later, protocols that make use of new techniques such as opportunistic flooding [54] and constructive interference, in which packets are intentionally allowed to collide [46], have proven to be more efficient in duty-cycled networks than regular broadcast-based protocols, both regarding energy consumption and dissemination time. Such protocols, however, require non-standard mechanisms at the lower layers of a networking stack, and are thus not suitable for IoT networks before such standards can be developed for the IoT.

4.3.3 Routing Multi-hop routing is common in sensor networks and the Internet of Things because low-power wireless typically has a short range, and the networks may have to cover a larger area. Attaining high reliability, low latency, and at the same time low energy consumption is challenging. It is also possible to employ mechanisms in conjunction with the routing protocol to control the network topology by adjusting the radio transmission power [55]. A number of different types of routing protocols have been proposed in the literature. In the sensor networking community, one of the most well-known routing protocols is the Collection Tree Protocol (CTP). This protocol is designed primarily for data collection applications. CTP forms a topology that is essentially a directed acyclic graph leading to a sink node [50]. When forming a topology, the sink node starts sending beacon packets containing a path metric, and other nodes start sending their own beacons once they have joined the network. The beacons are sent at time intervals regulated by the Trickle mechanism [69]. Once a node receives a beacon, it calculates its own rank by adding the parent’s rank with a link metric, which is typically the Estimated Number of Transmissions (ETX) [19] to the parent. CTP does not provide the means for downward communication, i.e., the sink node sending queries to another node—nor is arbitrary node-to-node communication over multiple hops supported. For the Internet of Things, the most prominent protocol is RPL, an IETF standard routing protocol for low-power and lossy IPv6-based networks [106]. Although CTP has inﬂuenced the design of RPL with its reliance on directed acyclic graph topologies and Trickle timers, RPL also supports downward traf- ﬁc. Opportunistic RPL Routing (ORPL) integrates the routing layer with a low-power listening mechanism in order to gain more performance and higher reliability [35].

47 For the multi-hop, low-power wireless networking experiments in our papers, we use Contiki Collect and Mesh routing, which are part of the Rime communication stack [33]; and ContikiRPL, which is part of the μIPv6 stack. The main reason for these selections is that the protocols are integrated and maintained in the Contiki operating system. I am also one of the main authors of Contiki’s RPL implementation, ContikiRPL [102].

48 5. Conclusions and Future Work

In this dissertation, we have tackled a number of systems research challenges concerning resource-constrained devices in the contexts of wireless sensor networks and the Internet of Things. In Paper I, we experimentally evaluated a set of data compression algorithms in the context of reprogramming sensor networks. We showed that it is possible to achieve a considerable reduction of energy consumption and data dissemination time through by using compression algorithms. Although we studied these algorithms for reprogramming with minor software modules, the results have a high relevance also for full system upgrades, which are common in commercial products. In the related problem of transferring system state for the purposes of debugging and testing, Paper IV presents a method to enhance sensornet checkpointing by using data compression. In both of these cases, we have shown that data compression algorithms have favorable trade-offs between the decreased energy consumption for communication, and the added energy consumption for node-local compression and decompression. Paper II and Paper III enhance the system support for developing storage- centric IoT and sensor network applications. By designing efficient data storage structures and indexing algorithms, we showed that energy-efficiency of such applications, while having memory requirements well within limits of highly resource-constrained devices. Both the Coffee file system and the An- telope database management system have had an impact not only in academia but also in industry. Paper V, our newest work, provides a virtualized runtime environment for safe and secure execution of IoT applications. Velox also raises the abstraction level for application developers by supporting high-level programming languages. In the paper, we showed that event-driven IoT applications can be executed in a virtual machine with a low overhead, and that the virtual machine can provide resource-protection for the host system. Today, almost all software for resource-constrained IoT devices is developed using low-level programming languages. It may be desirable to investigate into possibilities to program a substantial part of IoT systems in high- level languages, and execute these parts in a virtualized runtime environment. This is challenging, however, as such environments may increase the RAM and ROM footprints, as well as the execution time, of their hosted software compared to executing it in native binary mode. In the nearest future, we expect to continue our work on Velox in this direc- tion. One potential area of improvement is to substantially decrease the memory requirements of the applications by using a code offloading mechanism.

49 This idea entails that much of an application’s bytecode and working memory is stored in flash memory for most of the time. A considerable subset of IoT applications, such as periodic sensor data collection and actuation servers, are event-driven and mostly idle. Velox arranges individual expressions in a bytecode table, and it would be possible to load expressions from flash only when they are needed rather than keeping them in RAM all the time. By substantially reducing the memory requirements of VM applications, it becomes more feasible to implement large system components in Velox, and thereby make parts of the operating system and programming libraries benefit from the same type of protection that Velox applications have.

50 6. Summary in Swedish

Uppkomsten av Sakernas Internet (IoT) har ökat efterfrågan mycket på resurs- begränsade system som verkar i nätverk. Många av systemen som används för IoT-applikationer är skapade med begränsade resurser därför att de typiskt måste vara små, vara placerade fristående och drivas med batterier. I denna avhandling behandlar vi ett antal forskningsproblem som uppstår från dessa begränsningar: systemstöd för energi-effektivitet; flash-baserade lagringssys- tem; programmering, testning och avlusning; och säker applikationsexekver- ing. De vetenskapliga bidragen i denna avhandling är gjorda genom fem forskningsartiklar som griper sig an dessa problem. För att förbättra systemstödet för energi-effektiv datalagring i resursbegrän- sade system presentar vi designen, implementationen och utvärderingen av fil- systemet Coffee och databashanteringssystemet Antelope. Coffee är särskilt anpassat för flashminnen och bygger på en ny lagringsstruktur för filer som kombinerar blockallokeringar med en struktur som vi kallar för en mikrologg. Med hjälp av denna lagringsstruktur kan Coffee uppnå en hastighet för sekven- tiella filskrivningar som är 92% av det teoretiskt möjliga. Coffee har dessutom ett litet och konstant minneskrav för öppna filer, vilket skiljer sig från tidigare loggstrukturerade filsystem för sensornoder. Detta är särskilt viktigt eftersom man ibland behöver arbeta med stora filer på minnesbegränsade system. Antelope är det första fullständiga systemet för relationsdatabaser i sen- sornätverk. Det inkluderar två nya indexeringsalgoritmer för att kunna genom- föra snabba och energi-effektiva databassökningar. Antelope stödjer olika typer av databassökningar genom ett SQL-liknande språk kallat AQL. Lo- giska uttryck i sökbegreppen kompileras till bytekod för att de ska kunna exekveras snabbare i Antelopes virtuella logikmaskin, LVM. Genom att an- vända Antelope kan man förbättra prestandan för en mängd olika IoT- och sensornätsapplikationer eftersom det är möjligt att aggregera historisk data på nätverksnoderna och skicka korta summeringar i stället för att skicka all data till en insamlingsnod. På detta sätt kan man spara en betydande mängd energi, eftersom radiokommunikation kräver mycket mer energi än processor- beräkningar och flashminnesoperationer. Användningsområdena för Antelope omfattar även förseningstoleranta nätverk och dataloggningsnätverk, där data kan behöva lagras på sensornoderna under långa perioder. Vi bidrar vidare med ett ramverk som utökar funktionaliteten och prestandan för en avlusnings- och testningsteknik som kallas sensornet checkpointing. Vi visar hur man med hjälp av datakomprimering kan effektivisera över- föringen av checkpoint-data, vilket består av ett resursbegränsat systems kom- pletta minne och värdena av en mängd relevanta hårdvaruregister. Dessutom

51 gör vi det möjligt att hantera partiell checkpoint-data, för att på så vis kunna överföra data som hör till delar av systemet utan den extra energi- och tid- skostnad som krävs för att överföra det fullständiga minnet. Genom att göra överföringen snabbare kan man göra fler tester och samla in mer avlusningsin- formation från ett sensornätverk. Dessutom undersöker vi hur olika algoritmer för datakomprimering kan användas till att minska energiförbrukningen och uppladdningstiden för uppgraderingar av mjukvara i sensornätverk. Vi jämför de olika komprimeringsalgoritmernas energiförbrukning, minneskrav och ex- ekveringstid, samt visar vilka som lämpar sig bäst för resursbegränsade system i sensornätverk. Till sist presenterar vi Velox, en virtuell maskin för IoT-applikationer. Velox kan tvinga applikationer att följa säkerhets- och resursregler som specificeras av en administratör. Genom dess ramverk för säkerhets- och resursregler, samt stöd för programmering i högnivåspråk, hjälper Velox utvecklare och använ- dare av IoT-applikationer att kunna exekvera dem på ett säkert sätt. Genom att använda Velox kan applikationer dra nytta av omfattande funktionalitet som saknas i många operativsystem för resursbegränsade system. Denna funktionalitet inkluderar multitrådning, dynamisk minnesallokering och skräpsamling, samt undantagshantering. Velox tillhandahåller dessutom programmerings- gränssnitt och abstraktioner som har utformats särskilt för utveckling av IoT- applikationer. Vår experimentella utvärdering visar att Velox övervakar och kontrollerar resursförbrukningen med en energikostnad på 3% utöver det ap- plikationen annars skulle kräva utan denna funktionalitet. Vi visar dessutom att energikostnaden för att i en virtuell maskin exekvera händelsedrivna IoT- applikationer—som exempelvis periodisk insamling av sensordata—i många fall är försumbar. De vetenskapliga bidragen som presenteras i denna avhandling har haft ett betydande akademiskt inflytande och mjukvaran som har producerats som del av vår experimentella datorsystemforskning har fått god spridning inom IoT- och sensornätverksvärlden. Flera av de utvecklade mjukvarusystemen och mjukvarukomponenterna är inkluderade i Contiki, ett av de främsta opera- tivsystemen med öppen källkod för IoT och sensornätverk, och de används runtom i världen både i forskningsprojekt och kommersiella sammanhang.

52 References [1] H. Abrach, S. Bhatti, J. Carlson, H. Dai, J. Rose, A. Sheth, B. Shucker, J. Deng, and R. Han. Mantis: system support for multimodal networks of in-situ sensors. In Proceedings of the 2nd ACM international conference on Wireless sensor networks and applications, San Diego, CA, USA, 2003. [2] Md Zakirul Alam Bhuiyan, Guojun Wang, Jiannong Cao, and Jie Wu. Energy and bandwidth-efﬁcient wireless sensor networks for monitoring high-frequency events. In The IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks (IEEE SECON), pages 194–202, New Orleans, LA, USA, 2013. IEEE. [3] Nicolas Anciaux, Saliha Lallali, Iulian Sandu Popa, and Philippe Pucheral. A scalable search engine for mass storage smart objects. Proceedings of the VLDB Endowment, 8(9):910–921, 2015. [4] F. Aslam, L. Fennell, C. Schindelhauer, P. Thiemann, G. Ernst, E. Haussmann, S. Rührup, and Z. Uzmi. Optimized java binary and virtual machine for tiny motes. In DCOSS: International Conference on Distributed Computing in Sensor Systems, Santa Barbara, CA, USA, 2010. [5] Ibrahim Ethem Bagci, Shahid Raza, Taeyoung Chung, Utz Roedig, and Thiemo Voigt. Combined secure storage and communication for the internet of things. In The IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks (IEEE SECON), pages 523–531. IEEE, 2013. [6] C.A. Boano, T. Voigt, C. Noda, K. Römer, and M. Zúñiga. JamLab: Augmenting Sensornet Testbeds with Realistic and Controlled Interference Generation. In Proceedings of the 10th international conference on information processing in sensor networks (IPSN), 2011. [7] S. Bocchino, S. Fedor, and M. Petracca. PyFUNS: A Python Framework for Ubiquitous Networked Sensors. In Proceedings of the European Conference on Wireless Sensor Networks (EWSN), Porto, Portugal, February 2015. [8] C. Bormann, M. Ersue, and A. Keranen. RFC 7228: Terminology for Constrained-Node Networks, May 2014. [9] N. Brouwers, K. Langendoen, and P. Corke. Darjeling, a feature-rich vm for the resource poor. In SenSys: Proceedings of the 7th ACM Conference on Embedded Networked Sensor Systems, Berkeley, CA, USA, 2009. [10] M. Buettner, G. V. Yee, E. Anderson, and R. Han. X-MAC: a short preamble MAC protocol for duty-cycled wireless sensor networks. In Proceedings of the International Conference on Embedded Networked Sensor Systems (ACM SenSys), Boulder, CO, USA, 2006. [11] M. Burrows and D. Wheeler. A block-sorting lossless data compression algorithm. Technical Report 124, Digital Systems Research Center, May 1994. [12] Q. Cao, T. Abdelzaher, J. Stankovic, and T. He. The LiteOS operating system: Towards Unix-like abstractions for wireless sensor networks. In Proceedings of the International Conference on Information Processing in Sensor Networks (ACM/IEEE IPSN), 2008. [13] F. Casati, F. Daniel, G. Dantchev, J. Eriksson, N. Finne, S. Karnouskos, P. M. Montera, L. Mottola, F. J. Oppermann, G. P. Picco, A. Quartulli, K. Römer, P. Spiess, S. Tranquillini, and T. Voigt. Towards business processes

53 orchestrating the physical enterprise with wireless sensor networks. In 34th International Conference on Software Engineering (ICSE), Zürich, Switzerland, 2012. [14] J. Cecilio and P. Furtado. Architecture for uniform (re) configuration and processing over embedded sensor and actuator networks. IEEE Transactions on Industrial Informatics, 10(1):53–60, 2014. [15] M. Ceriotti, L. Mottola, G. P. Picco, A. Murphy, S. Guna, M. Corra, M. Pozzi, D. Zonta, and P. Zanon. Monitoring heritage buildings with wireless sensor networks: The torre aquila deployment. In Proceedings of the International Conference on Information Processing in Sensor Networks (ACM/IEEE IPSN), Washington, DC, USA, 2009. [16] H. Cha, S. Choi, I. Jung, H. Kim, H. Shin, J. Yoo, and C. Yoon. Retos: resilient, expandable, and threaded operating system for wireless sensor networks. In Proceedings of the International Conference on Information Processing in Sensor Networks (ACM/IEEE IPSN), 2007. [17] K. Chebrolu, B. Raman, N. Mishra, P. K. Valiveti, and R. Kumar. Brimon: a sensor network system for railway bridge monitoring. In Proceedings of The International Conference on Mobile Systems, Applications, and Services (MobiSys), Breckenridge, CO, USA, 2008. [18] P. Corke, T. Wark, R. Jurdak, D. Moore, and P. Valencia. Environmental wireless sensor networks. Proceedings of the IEEE, 98(11):1903–1917, 2010. [19] D. S. J. De Couto, D. Aguayo, J. Bicket, and R. Morris. A high-throughput path metric for multi-hop wireless routing. In Proceedings of the International Conference on Mobile Computing and Networking (ACM MobiCom), San Diego, CA, USA, 2003. [20] D. Culler. System Research Perspective - through a SenSys Lens (Soap box talk). In Proceedings of the International Conference on Embedded Networked Sensor Systems (ACM SenSys), Sydney, Australia, 2007. [21] H. Dai, Michael N., and R. Han. Elf: an efficient log-structured flash file system for micro sensor nodes. In Proceedings of the International Conference on Embedded Networked Sensor Systems (ACM SenSys), Baltimore, MD, USA, November 2004. [22] S. Dawson-Haggerty. Design, implementation, and evaluation of an embedded ipv6 stack. Master’s thesis, UC Berkeley, 2010. [23] Y. Diao, D. Ganesan, G. Mathur, and P. Shenoy. Rethinking data management for storage-centric sensor networks. In Proceedings of the Third Biennial Conference on Innovative Data Systems Research (CIDR), Asilomar, CA, USA, January 2007. [24] W. Dong, C. Chen, J. Bu, and W. Liu. Optimizing relocatable code for efficient software update in networked embedded systems. ACM Transactions on Sensor Networks (TOSN), 11(2):22, 2014. [25] W. Dong, Y. Liu, C. Chen, L. Gu, and X. Wu. Elon: Enabling efficient and long-term reprogramming for wireless sensor networks. ACM Transactions on Embedded Computing Systems (TECS), 13(4):77, 2014. [26] G. Douglas and R. Lawrence. LittleD: a SQL database for sensor nodes and embedded applications. In Proceedings of the 29th Annual ACM Symposium on Applied Computing, Gyeongju, South Korea, 2014.

54 [27] A. Dunkels. Full TCP/IP for 8-bit architectures. In Proceedings of The International Conference on Mobile Systems, Applications, and Services (MobiSys), San Francisco, CA, USA, May 2003. [28] A. Dunkels. The ContikiMAC Radio Duty Cycling Protocol. Technical Report T2011:13, Swedish Institute of Computer Science, December 2011. [29] A. Dunkels, J. Eriksson, N. Finne, and N. Tsiftes. Powertrace: Network-level power profiling for low-power wireless networks. Technical Report T2011:05, Swedish Institute of Computer Science, March 2011. [30] A. Dunkels, N. Finne, J. Eriksson, and T. Voigt. Run-time dynamic linking for reprogramming wireless sensor networks. In Proceedings of the International Conference on Embedded Networked Sensor Systems (ACM SenSys), Boulder, CO, USA, November 2006. [31] A. Dunkels, B. Grönvall, and T. Voigt. Contiki - a lightweight and flexible operating system for tiny networked sensors. In Proceedings of the IEEE Workshop on Embedded Networked Sensor Systems (IEEE Emnets), Tampa, FL, USA, November 2004. [32] A. Dunkels, L. Mottola, N. Tsiftes, F. Österlind, J. Eriksson, and N. Finne. The announcement layer: Beacon coordination for the sensornet stack. In Proceedings of the European Conference on Wireless Sensor Networks (EWSN), 2011. [33] A. Dunkels, F. Österlind, and Z. He. An adaptive communication architecture for wireless sensor networks. In Proceedings of the International Conference on Embedded Networked Sensor Systems (ACM SenSys), Sydney, Australia, November 2007. [34] A. Dunkels, O. Schmidt, T. Voigt, and M. Ali. Protothreads: Simplifying event-driven programming of memory-constrained embedded systems. In Proceedings of the International Conference on Embedded Networked Sensor Systems (ACM SenSys), Boulder, CO, USA, November 2006. [35] S. Duquennoy, O. Landsiedel, and T. Voigt. Let the tree bloom: scalable opportunistic routing with ORPL. In Proceedings of the International Conference on Embedded Networked Sensor Systems (ACM SenSys), Rome, Italy, 2013. [36] S. Duquennoy, B. Al Nahas, O. Landsiedel, and T. Watteyne. Orchestra: Robust Mesh Networks Through Autonomously Scheduled TSCH. In Proceedings of the International Conference on Embedded Networked Sensor Systems (ACM SenSys), Seoul, South Korea, 2015. [37] M. Durvy, J. Abeillé, P. Wetterwald, C. O’Flynn, B. Leverett, E. Gnoske, M. Vidales, G. Mulligan, N. Tsiftes, N. Finne, and A. Dunkels. Making Sensor Networks IPv6 Ready. In Proceedings of the International Conference on Embedded Networked Sensor Systems (ACM SenSys), Raleigh, NC, USA, November 2008. [38] P. Dutta and D. Culler. Practical asynchronous neighbor discovery and rendezvous for mobile sensing applications. In Proceedings of the International Conference on Embedded Networked Sensor Systems (ACM SenSys), Raleigh, NC, USA, 2008. [39] P. Dutta, S. Dawson-Haggerty, Y. Chen, C.-J. M. Liang, and A. Terzis. Design and Evaluation of a Versatile and Efficient Receiver-Initiated Link Layer for

55 Low-Power Wireless. In Proceedings of the International Conference on Embedded Networked Sensor Systems (ACM SenSys), Zurich, Switzerland, November 2010. [40] P. Dutta and A. Dunkels. Operating systems and network protocols for wireless sensor networks. Philosophical Transactions of the Royal Society A, 370(1958):68–84, January 2012. [41] J. Hui (Ed.) and P. Thubert. Compression Format for IPv6 Datagrams over IEEE 802.15.4-Based Networks. Internet proposed standard RFC 6282, September 2011. [42] A. El-Hoiydi, J.-D. Decotignie, C. C. Enz, and E. Le Roux. wiseMAC, an ultra low power MAC protocol for the wiseNET wireless sensor network. In Proceedings of the International Conference on Embedded Networked Sensor Systems (ACM SenSys), 2003. [43] Ericsson. Ericsson mobility report. http://www.ericsson.com/res/ docs/2015/ericsson-mobility-report-june-2015.pdf. June, 2015. [44] J. Eriksson, A. Dunkels, N. Finne, F. Österlind, and T. Voigt. Mspsim – an extensible simulator for msp430-equipped sensor boards. In Proceedings of the European Conference on Wireless Sensor Networks (EWSN), Delft, The Netherlands, January 2007. [45] J. Eriksson, F. Österlind, N. Finne, N. Tsiftes, A. Dunkels, T. Voigt, R. Sauter, and P. José Marrón. Cooja/mspsim: Interoperability testing for wireless sensor networks. In SIMUTools 2009, Rome, Italy, March 2009. [46] F. Ferrari, M. Zimmerling, L. Thiele, and O. Saukh. Efficient network flooding and time synchronization with glossy. In Proceedings of the International Conference on Information Processing in Sensor Networks (ACM/IEEE IPSN), 2011. [47] G. Ferrari, A. Gombos, S. Hilmer, J. Stuber, M. Porter, J. Waldinger, and D. Laverde, editors. Programming Lego Mindstorms with Java. Syngress Publishing, 2002. [48] Gartner, Inc. Gartner says 6.4 billion connected "things" will be in use in 2016, up 30 percent from 2015. Press release, http://www.gartner.com/newsroom/id/3165317/. November 10, 2015. [49] D. Gay. Design of matchbox, the simple filing system for motes. http://www.tinyos.net/tinyos-1.x/doc/matchbox-design.pdf, August 2003. Visited 2015-12-10. [50] O. Gnawali, R. Fonseca, K. Jamieson, D. Moss, and P. Levis. Collection tree protocol. In Proceedings of the International Conference on Embedded Networked Sensor Systems (ACM SenSys), Berkeley, CA, USA, 2009. [51] Google scholar. https://scholar.google.com/. [52] L. Gu and J. Stankovic. t-kernel: providing reliable OS support to wireless sensor networks. In SenSys: Proceedings of the 4th ACM Conference on Embedded Networked Sensor Systems, Boulder, CO, USA, November 2006. [53] R. Gummadi, O. Gnawali, and R. Govindan. Macro-programming wireless sensor networks using kairos. In Proceedings of Distributed Computing in Sensor Systems (DCOSS), Marina del Rey, CA, USA, June 2005. [54] S. Guo, L. He, Y. Gu, B. Jiang, and T. He. Opportunistic flooding in low-duty-cycle wireless sensor networks with unreliable links. IEEE

56 Transactions on Computers, 63(11):2787–2802, 2014. [55] G. Hackmann, O. Chipara, and C. Lu. Robust topology control for indoor wireless sensor networks. In Proceedings of the International Conference on Embedded Networked Sensor Systems (ACM SenSys), 2008. [56] C. Han, R. K. Rengaswamy, R. Shea, E. Kohler, and M. Srivastava. SOS: A dynamic operating system for sensor networks. In Proceedings of The International Conference on Mobile Systems, Applications, and Services (MobiSys), Seattle, WA, USA, 2005. [57] V. Handziski, A. Köpke, A. Willig, and A. Wolisz. TWIST: a scalable and reconﬁgurable testbed for wireless indoor experiments with sensor networks. In Proceedings of the 2nd international workshop on Multi-hop ad hoc networks: from theory to reality (REALMAN’06), 2006. [58] T. He, C. Huang, B. M. Blum, J. A. Stankovic, and T. Abdelzaher. Range-free localization schemes for large scale sensor networks. In Proceedings of the International Conference on Mobile Computing and Networking (ACM MobiCom), 2003. [59] T. Hnat, V. Srinivasan, J. Lu, T. Sookoor, R. Dawson, J. Stankovic, and K. Whitehouse. The hitchhiker’s guide to successful residential sensing deployments. In Proceedings of the International Conference on Embedded Networked Sensor Systems (ACM SenSys), 2011. [60] J. Hui and D. Culler. IP is Dead, Long Live IP for Wireless Sensor Networks. In Proceedings of the International Conference on Embedded Networked Sensor Systems (ACM SenSys), Raleigh, NC, USA, November 2008. [61] J. W. Hui and D. Culler. The dynamic behavior of a data dissemination protocol for network programming at scale. In Proceedings of the International Conference on Embedded Networked Sensor Systems (ACM SenSys), Baltimore, MD, USA, November 2004. [62] Philo Juang, Hidekazu Oki, Yong Wang, Margaret Martonosi, Li Shiuan Peh, and Daniel Rubenstein. Energy-efﬁcient computing for wildlife tracking: Design tradeoffs and early experiences with zebranet. ACM Sigplan Notices, 37(10):96–107, 2002. [63] J. Ko, C. Lu, M. Srivastava, J. Stankovic, A. Terzis, and M. Welsh. Wireless sensor networks for healthcare. Proceedings of the IEEE, 98(11):1947–1960, 2010. [64] T. Kothmayr, C. Schmitt, W. Hu, M. Brunig, and G. Carle. A dtls based end-to-end security architecture for the internet of things with two-way authentication. In IEEE International Workshop on Practical Issues in Building Sensor Network Applications (SenseApp), 2012. [65] M. Kovatsch, S. Duquennoy, and A. Dunkels. A Low-Power CoAP for Contiki. In Proceedings of the Workshop on Internet of Things Technology and Architectures (IEEE IoTech 2011), Valencia, Spain, October 2011. [66] A. Lachenmann, P. Marrón, D. Minder, and K. Rothermel. Meeting lifetime goals with energy levels. In Proceedings of the International Conference on Embedded Networked Sensor Systems (ACM SenSys), Sydney, Australia, 2007. [67] K. Langendoen, A. Baggio, and O. Visser. Murphy loves potatoes: experiences from a pilot sensor network deployment in precision agriculture. In Proceedings of the IEEE International Parallel and Distributed Processing

57 Symposium (IPDPS), Rhodes Island, Greece, April 2006. [68] P. Levis, S. Madden, J. Polastre, R. Szewczyk, K. Whitehouse, A. Woo, D. Gay, J. Hill, M. Welsh, E. Brewer, and D. Culler. TinyOS: An Operating System for Sensor Networks. In Ambient intelligence, pages 115–148. Springer, 2005. [69] P. Levis, N. Patel, D. Culler, and S. Shenker. Trickle: A self-regulating algorithm for code propagation and maintenance in wireless sensor networks. In Proceedings of the USENIX Symposium on Networked Systems Design & Implementation (NSDI), March 2004. [70] K. Lorincz, B. Chen, J. Waterman, G. Werner-Allen, and M. Welsh. Resource aware programming in the Pixie OS. In Proceedings of the International Conference on Embedded Networked Sensor Systems (ACM SenSys), Raleigh, NC, USA, 2008. [71] G. Mainland, G. Morrisett, and M. Welsh. Flask: Stages functional programming for sensor networks. In ICFP: Proceedings of the 13th ACM SIGPLAN International Conference on Functional Programming, Victoria, BC, Canada, September 2008. [72] G. Mathur, P. Desnoyers, D. Ganesan, and P. Shenoy. Capsule: an energy-optimized object storage system for memory-constrained sensor devices. In Proceedings of the International Conference on Embedded Networked Sensor Systems (ACM SenSys), Boulder, CO, USA, November 2006. [73] G. Montenegro, N. Kushalnagar, J. Hui, and D. Culler. Transmission of IPv6 Packets over IEEE 802.15.4 Networks. Internet proposed standard RFC 4944, September 2007. [74] D. Moss and P. Levis. BoX-MACs: Exploiting Physical and Link Layer Boundaries in Low-Power Networking. Technical Report SING-08-00, Stanford University, 2008. [75] L. Mottola. Programming storage-centric sensor networks with squirrel. In Proceedings of the International Conference on Information Processing in Sensor Networks (ACM/IEEE IPSN), Stockholm, Sweden, April 2010. [76] R. Musaloiu-E., C-J. M. Liang, and A. Terzis. Koala: Ultra-Low Power Data Retrieval in Wireless Sensor Networks. In Proceedings of the International Conference on Information Processing in Sensor Networks (ACM/IEEE IPSN), St. Louis, Missouri, USA, 2008. [77] S. Nath and A. Kansal. FlashDB: Dynamic self-tuning database for NAND ﬂash. In Proceedings of the International Conference on Information Processing in Sensor Networks (ACM/IEEE IPSN), Cambridge, MA, USA, April 2007. [78] R. Newton, G. Morrisett, and M. Welsh. The regiment macroprogramming system. In IPSN: Proceedings of the International Conference on Information Processing in Sensor Networks, Cambridge, MA, USA, 2007. [79] T. O’Donovan, N. Tsiftes, Z. He, T. Voigt, and C. J. Sreenan. Detailed diagnosis of performance anomalies in sensornets. In Proceedings of the Workshop on Hot Topics in Embedded Networked Sensor Systems (HotEmnets), Killarney, Ireland, June 2010.

58 [80] G. Oikonomou, I. Phillips, and T. Tryfonas. Ipv6 multicast forwarding in rpl-based wireless sensor networks. Wireless personal communications, 73(3):1089–1116, 2013. [81] F. Österlind. Improving Low-Power Wireless Protocols with Timing-Accurate Simulation. PhD thesis, Uppsala University, 2011. [82] F. Österlind, A. Dunkels, T. Voigt, N. Tsiftes, J. Eriksson, and N. Finne. Sensornet checkpointing: Enabling repeatability in testbeds and realism in simulations. In Proceedings of the European Conference on Wireless Sensor Networks (EWSN), Cork, Ireland, February 2009. [83] F. Österlind, J. Eriksson, and A. Dunkels. Demo abstract: Cooja timeline: a power visualizer for sensor network simulation. In Proceedings of the International Conference on Embedded Networked Sensor Systems (ACM SenSys), Zürich, Switzerland, 2010. [84] J. Paek, K. Chintalapudi, R. Govindan, J. Caffrey, and S. Masri. A wireless sensor network for structural health monitoring: performance and experience. In Proceedings of the 2nd IEEE workshop on Embedded Networked Sensors, Washington, DC, USA, 2005. [85] K. Pister and L. Doherty. TSMP: Time Synchronized Mesh Protocol. In Proceedings of the IASTED International Symposium on Distributed Sensor Networks (DSN08), Orlando, FL, USA, November 2008. [86] J. Polastre, J. Hill, and D. Culler. Versatile low power media access for wireless sensor networks. In Proceedings of the International Conference on Embedded Networked Sensor Systems (ACM SenSys), Baltimore, MD, USA, 2004. [87] J. Polastre, R. Szewczyk, and D. Culler. Telos: Enabling ultra-low power wireless research. In Proceedings of the International Conference on Information Processing in Sensor Networks (ACM/IEEE IPSN), Los Angeles, CA, USA, April 2005. [88] PyMite. https://wiki.python.org/moin/PyMite. [89] K. Rose, S. Eldridge, and L. Chapin. The internet of things: An overview. Technical report, The Internet Society (ISOC), 2015. [90] M. Rossi, N. Bui, G. Zanca, L. Stabellini, R. Crepaldi, and M. Zorzi. Synapse++: code dissemination in wireless sensor networks using fountain codes. IEEE Transactions on Mobile Computing, 9(12):1749–1765, 2010. [91] Z. Shelby, K. Hartke, and C. Bormann. The Constrained Application Protocol (CoAP). Internet proposed standard RFC 7252, June 2014. [92] A. Sivieri, L. Mottola, and G. Cugola. Drop the Phone and Talk to the Physical World: Programming the Internet of Things with Erlang. In International Workshop on Software Engineering for Sensor Network Applications (Sesena), Zürich, Switzerland, 2012. [93] T. Sookoor and K. Whitehouse. Roomzoner: Occupancy-based room-level zoning of a centralized HVAC system. In Proceedings of the ACM/IEEE 4th International Conference on Cyber-Physical Systems, 2013. [94] M. Strübe, R. Kapitza, K. Stengel, M. Daum, and F. Dressler. Stateful mobile modules for sensor networks. In Proceedings of Distributed Computing in Sensor Systems (DCOSS), pages 63–76. Springer, 2010.

59 [95] Y. Sun, O. Gurewitz, and D. Johnson. RI-MAC: A Receiver-Initiated Asynchronous Duty Cycle MAC Protocol for Dynamic Traffic Loads in Wireless Sensor Networks. In Proceedings of the International Conference on Embedded Networked Sensor Systems (ACM SenSys), Raleigh, NC, USA, 2008. [96] V. Sundaram, P. Eugster, and X. Zhang. Prius: generic hybrid trace compression for wireless sensor networks. In Proceedings of the International Conference on Embedded Networked Sensor Systems (ACM SenSys), Toronto, Canada, 2012. [97] A. Taherkordi, F. Loiret, R. Rouvoy, and F. Eliassen. Optimizing sensor network reprogramming via in situ reconfigurable components. ACM Transactions on Sensor Networks (TOSN), 9(2):14, 2013. [98] P. Thubert, Ed. An Architecture for IPv6 over the TSCH mode of IEEE 802.15.4. Internet Draft draft-ietf-6tisch-architecture-09. [99] TIS Committee. Tool Interface Standard (TIS) Executable and Linking Format (ELF) Specification Version 1.2, May 1995. [100] G. Tolle, J. Polastre, R. Szewczyk, D. Culler, N. Turner, K. Tu, S. Burgess, T. Dawson, P. Buonadonna, D. Gay, and W. Hong. A macroscope in the redwoods. In Proceedings of the International Conference on Embedded Networked Sensor Systems (ACM SenSys), 2005. [101] X. Tong and E. Ngai. A ubiquitous publish/subscribe platform for wireless sensor networks with mobile mules. In Proceedings of Distributed Computing in Sensor Systems (DCOSS), Hangzhou, China, 2012. [102] N. Tsiftes, J. Eriksson, and A. Dunkels. Low-Power Wireless IPv6 Routing with ContikiRPL. In Proceedings of the International Conference on Information Processing in Sensor Networks (ACM/IEEE IPSN), Stockholm, Sweden, April 2010. [103] B. Wang and J. S. Baras. HybridStore: An efficient data management system for hybrid flash-based sensor devices. In Proceedings of the European Conference on Wireless Sensor Networks (EWSN), 2013. [104] Thomas Watteyne, Xavier Vilajosana, Branko Kerkez, Fabien Chraim, Kevin Weekly, Qin Wang, Steven Glaser, and Kris Pister. Openwsn: a standards-based low-power wireless development environment. Transactions on Emerging Telecommunications Technologies, 23(5):480–493, 2012. [105] M. Welsh and G. Mainland. Programming sensor networks using abstract regions. In Proceedings of the USENIX Symposium on Networked Systems Design & Implementation (NSDI), San Francisco, CA, USA, March 2004. [106] T. Winter and P. Thubert (Editors), et al. RFC 6550: RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks, March 2012. [107] D. Zeinalipour-Yazti, S. Lin, V. Kalogeraki, D. Gunopulos, and W. Najjar. MicroHash: An efficient index structure for flash-based sensor devices. In USENIX FAST’05, San Francisco, CA, USA, 2005. [108] J. Ziv and A. Lempel. A universal algorithm for sequential data compression. IEEE Transactions on Information Theory, IT-23(3):337–343, May 1977.

Acta Universitatis Upsaliensis Digital Comprehensive Summaries of Uppsala Dissertations from the Faculty of Science and Technology 1331 Editor: The Dean of the Faculty of Science and Technology

A doctoral dissertation from the Faculty of Science and Technology, Uppsala University, is usually a summary of a number of papers. A few copies of the complete dissertation are kept at major Swedish research libraries, while the summary alone is distributed internationally through the series Digital Comprehensive Summaries of Uppsala Dissertations from the Faculty of Science and Technology. (Prior to January, 2005, the series was published under the title “Comprehensive Summaries of Uppsala Dissertations from the Faculty of Science and Technology”.)

ACTA UNIVERSITATIS UPSALIENSIS Distribution: publications.uu.se UPPSALA urn:nbn:se:uu:diva-267628 2016