发布求助
文献互助 智能选刊 最新文献

2009 IEEE/IFIP International Conference on Dependable Systems & Networks最新文献

筛选
英文 中文
Parametric NdRFT for the derivation of optimal repair strategies 最优修复策略的参数NdRFT推导
2009 IEEE/IFIP International Conference on Dependable Systems & Networks Pub Date : 2009-09-29 DOI: 10.1109/DSN.2009.5270312
M. Beccuti, G. Franceschinis, D. Raiteri, S. Haddad
{"title":"Parametric NdRFT for the derivation of optimal repair strategies","authors":"M. Beccuti, G. Franceschinis, D. Raiteri, S. Haddad","doi":"10.1109/DSN.2009.5270312","DOIUrl":"https://doi.org/10.1109/DSN.2009.5270312","url":null,"abstract":"Non deterministic Repairable Fault Trees (NdRFT) are a recently proposed modeling formalism for the study of optimal repair strategies: they are based on the widely adopted Fault Tree formalism, but in addition to the failure modes, NdRFTs allow to define possible repair actions. In a previous pa per the formalism has been introduced together with an analysis method and a tool allowing to automatically derive the best repair strategy to be applied in each state. The analysis technique is based on the generation and solution of a Markov Decision Process. In this paper we present an extension, ParNdRFT, that allows to exploit the presence of redundancy to reduce the complexity of the model and of the analysis. It is based on the translation of the ParNdRFT in to a Markov Decision Well-Formed Net, i.e. a model specified by means of an High Level Petri Net formalism. The translated model can be efficiently solved thanks to existing algorithms that generate a reduced state space automatically exploiting the model symmetries.","PeriodicalId":376982,"journal":{"name":"2009 IEEE/IFIP International Conference on Dependable Systems & Networks","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125784912","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
HC-BGP: A light-weight and flexible scheme for securing prefix ownership HC-BGP:一种轻量级、灵活的前缀所有权保护方案
2009 IEEE/IFIP International Conference on Dependable Systems & Networks Pub Date : 2009-09-29 DOI: 10.1109/DSN.2009.5270359
Ying Zhang, Zheng Zhang, Z. Morley Mao, Y. C. Hu
{"title":"HC-BGP: A light-weight and flexible scheme for securing prefix ownership","authors":"Ying Zhang, Zheng Zhang, Z. Morley Mao, Y. C. Hu","doi":"10.1109/DSN.2009.5270359","DOIUrl":"https://doi.org/10.1109/DSN.2009.5270359","url":null,"abstract":"The Border Gateway Protocol (BGP) is a fundamental building block of the Internet infrastructure. However, due to the implicit trust assumption among networks, Internet routing remains quite vulnerable to various types of misconfiguration and attacks. Prefix hijacking is one such misbehavior where an attacker AS injects false routes to the Internet routing system that misleads victim's traffic to the attacker AS. Previous secure routing proposals, e.g., S-BGP, have relied on the global public key infrastructure (PKI), which creates deployment burdens. In this paper, we propose an efficient cryptographic mechanism, HC-BGP, using hash chains and regular public/private key pairs to ensure prefix ownership certificates. HC-BGP is computationally more efficient than previously proposed secure routing schemes, and it is also more flexible for supporting various traffic engineering goals. Our scheme can efficiently prevent common prefix hijacking attacks which announce routes with false origins, including both prefix and sub-prefix hijacking attacks.","PeriodicalId":376982,"journal":{"name":"2009 IEEE/IFIP International Conference on Dependable Systems & Networks","volume":"122 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116391074","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Automatic fault detection and diagnosis in complex software systems by information-theoretic monitoring 基于信息理论的复杂软件系统故障自动检测与诊断
2009 IEEE/IFIP International Conference on Dependable Systems & Networks Pub Date : 2009-09-29 DOI: 10.1109/DSN.2009.5270324
Miao Jiang, M. A. Munawar, Thomas Reidemeister, Paul A. S. Ward
{"title":"Automatic fault detection and diagnosis in complex software systems by information-theoretic monitoring","authors":"Miao Jiang, M. A. Munawar, Thomas Reidemeister, Paul A. S. Ward","doi":"10.1109/DSN.2009.5270324","DOIUrl":"https://doi.org/10.1109/DSN.2009.5270324","url":null,"abstract":"Management metrics of complex software systems exhibit stable correlations which can enable fault detection and diagnosis. Current approaches use specific analytic forms, typically linear, for modeling correlations. In this paper we use Normalized Mutual Information as a similarity measure to identify clusters of correlated metrics, without knowing the specific form. We show how we can apply the Wilcoxon Rank-Sum test to identify anomalous behaviour. We present two diagnosis algorithms to locate faulty components: RatioScore, based on the Jaccard Coefficient, and SigScore, which incorporates knowledge of component dependencies. We evaluate our mechanisms in the context of a complex enterprise application. Through fault-injection experiments, we show that we can detect 17 out of 22 faults without any false positives. We diagnose the faulty component in the top five anomaly scores 7 times out of 17 using SigScore, which is 40% better than when system structure is ignored.","PeriodicalId":376982,"journal":{"name":"2009 IEEE/IFIP International Conference on Dependable Systems & Networks","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122328450","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 45
Data management mechanisms for embedded system gateways 嵌入式系统网关的数据管理机制
2009 IEEE/IFIP International Conference on Dependable Systems & Networks Pub Date : 2009-09-29 DOI: 10.1109/DSN.2009.5270339
Justin Ray, P. Koopman
{"title":"Data management mechanisms for embedded system gateways","authors":"Justin Ray, P. Koopman","doi":"10.1109/DSN.2009.5270339","DOIUrl":"https://doi.org/10.1109/DSN.2009.5270339","url":null,"abstract":"It is becoming increasingly common to connect traditional embedded system networks to the Internet for remote monitoring, high-level control and integration. It is necessary to protect each part of the interconnected system from faults and attacks which propagate from the other side. One architectural approach is to add a gateway to the embedded system to receive Internet traffic and disperse data to the embedded system, but there is no clear recipe for building such gateways. Since Internet routers commonly use queues to manage traffic, we examine the effectiveness of queues for the embedded system gateway domain. We perform a series of experiments to evaluate the effectiveness of the queue mechanism and various queue management techniques. We show that queues can exhibit poor performance in the context of real-time embedded system gateways due to problems with message latency and dropped messages. We then introduce the concept of a filter mechanism and show that a simple filter mechanism can outper-form queue mechanisms when used in the gateway to manage real-time state-oriented data streams.","PeriodicalId":376982,"journal":{"name":"2009 IEEE/IFIP International Conference on Dependable Systems & Networks","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129704376","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Overloading vulnerability of VoIP networks VoIP网络过载漏洞
2009 IEEE/IFIP International Conference on Dependable Systems & Networks Pub Date : 2009-09-29 DOI: 10.1109/DSN.2009.5270310
Hemant Sengar
{"title":"Overloading vulnerability of VoIP networks","authors":"Hemant Sengar","doi":"10.1109/DSN.2009.5270310","DOIUrl":"https://doi.org/10.1109/DSN.2009.5270310","url":null,"abstract":"Internet is vulnerable to overloading caused by flash crowds and distributed denial-of-service (DDoS) attacks. Recently vo ice over IP (VoIP), an Internet-based service is experiencing a phenomenal growth. As its deployment spreads, VoIP systems are likely to become attack targets, of which flooding lists high, perhaps due to its simplicity and the abundance of tool support. The DDoS attacks and flash crowds degrade the performance of call processing server to the point where it becomes sluggish and even unresponsive. The network administrator's dilemma is that how to give a differential treatment to malicious and legitimate call requests that differ in intent, but not in content. In this paper, we show that DDoS attacks and flash crowds, while similar in the message structure and the number of INVITEs they generate, exhibit different traffic patterns and hence making them distinguishable. We also introduce a new entropy-based approach to detect those DDoS attacks that masquerade as flash crowds. Our approach is based on an observation that the creation of malicious sessions has certain effects on entropy of the call durations; hence, a change in the entropy provides an important clue for mimicry attack detection. As an overloading preventive measure, we exploit the SIP protocol's inbuilt reliability mechanism and exponential backoff timer values to regulate and distinguish legitimates call requests from the spoofed ones.","PeriodicalId":376982,"journal":{"name":"2009 IEEE/IFIP International Conference on Dependable Systems & Networks","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130348301","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
WSEC DNS: Protecting recursive DNS resolvers from poisoning attacks WSEC DNS:保护递归DNS解析器免受投毒攻击
2009 IEEE/IFIP International Conference on Dependable Systems & Networks Pub Date : 2009-09-29 DOI: 10.1109/DSN.2009.5270363
R. Perdisci, M. Antonakakis, Xiapu Luo, Wenke Lee
{"title":"WSEC DNS: Protecting recursive DNS resolvers from poisoning attacks","authors":"R. Perdisci, M. Antonakakis, Xiapu Luo, Wenke Lee","doi":"10.1109/DSN.2009.5270363","DOIUrl":"https://doi.org/10.1109/DSN.2009.5270363","url":null,"abstract":"Recently, a new attack for poisoning the cache of Recursive DNS (RDNS) resolvers was discovered and revealed to the public. In response, major DNS vendors released a patch to their software. However, the released patch does not completely protect DNS servers from cache poisoning attacks in a number of practical scenarios. DNSSEC seems to offer a definitive solution to the vulnerabilities of the DNS protocol, but unfortunately DNSSEC has not yet been widely deployed. In this paper, we proposeWild-card SECure DNS (WSEC DNS), a novel solution to DNS cache poisoning attacks. WSEC DNS relies on existing properties of the DNS protocol and is based on wild-card domain names. We show that WSEC DNS is able to decrease the probability of success of cache poisoning attacks by several orders of magnitude. That is, with WSEC DNS in place, an attacker has to persistently run a cache poisoning attack for years, before having a non-negligible chance of success. Furthermore, WSEC DNS offers complete backward compatibility to DNS servers that may for any reason decide not to implement it, therefore allowing an incremental large-scale deployment. Contrary to DNSSEC, WSEC DNS is deployable immediately because it does not have the technical and political problems that have so far hampered a large-scale deployment of DNSSEC.","PeriodicalId":376982,"journal":{"name":"2009 IEEE/IFIP International Conference on Dependable Systems & Networks","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116322226","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 59
Flexible multicast authentication for time-triggered embedded control network applications 时间触发嵌入式控制网络应用的灵活组播认证
2009 IEEE/IFIP International Conference on Dependable Systems & Networks Pub Date : 2009-09-29 DOI: 10.1109/DSN.2009.5270342
Christopher Szilagyi, P. Koopman
{"title":"Flexible multicast authentication for time-triggered embedded control network applications","authors":"Christopher Szilagyi, P. Koopman","doi":"10.1109/DSN.2009.5270342","DOIUrl":"https://doi.org/10.1109/DSN.2009.5270342","url":null,"abstract":"Security for wired embedded networks is becoming a greater concern as connectivity to the outside world increases. Protocols used in these networks omit support for authenticating messages to prevent masquerade and replay attacks. The unique constraints of embedded control systems make incorporating existing multicast authentication schemes impractical. Our approach provides multicast authentication for time-triggered applications by validating truncated message authentication codes (MACs) across multiple packets. We extend this approach to tolerate occasional invalid MACs, analyze our approach through simulated at-tacks, and give an upper bound on the probability of successful attack. This approach allows a tradeoff among per-packet authentication cost, application le vel latency, tolerance to invalid MACs, and probability of induced failure, while satisfying typical embedded system constraints.","PeriodicalId":376982,"journal":{"name":"2009 IEEE/IFIP International Conference on Dependable Systems & Networks","volume":"77 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127702710","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 56
Effectiveness of machine checks for error diagnostics 机器检查错误诊断的有效性
2009 IEEE/IFIP International Conference on Dependable Systems & Networks Pub Date : 2009-09-29 DOI: 10.1109/DSN.2009.5270290
Nikhil Pandit, Z. Kalbarczyk, R. Iyer
{"title":"Effectiveness of machine checks for error diagnostics","authors":"Nikhil Pandit, Z. Kalbarczyk, R. Iyer","doi":"10.1109/DSN.2009.5270290","DOIUrl":"https://doi.org/10.1109/DSN.2009.5270290","url":null,"abstract":"Machine Check Architecture (MCA) is a processor internal architecture subsystem that detects and logs correctable and uncorrectable errors in the data or control paths in each CPU core and the Northbridge. These errors include parity errors associated with caches, TLBs, ECC errors associated with caches and DRAM, and system bus errors. This paper reports on an experimental study on: (i) monitoring a computing cluster for machine checks and using this data to identify patterns that can be employed for error diagnostics and (ii) introducing faults into the machine to understand the resulting machine checks and correlate this data with relevant performance metrics.","PeriodicalId":376982,"journal":{"name":"2009 IEEE/IFIP International Conference on Dependable Systems & Networks","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122157004","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Emμcode: Masking hard faults in complex functional units Emμcode:屏蔽复杂功能单元中的硬故障
2009 IEEE/IFIP International Conference on Dependable Systems & Networks Pub Date : 2009-09-29 DOI: 10.1109/DSN.2009.5270304
N. Weaver, J. H. Kelm, M. Frank
{"title":"Emμcode: Masking hard faults in complex functional units","authors":"N. Weaver, J. H. Kelm, M. Frank","doi":"10.1109/DSN.2009.5270304","DOIUrl":"https://doi.org/10.1109/DSN.2009.5270304","url":null,"abstract":"This paper presents Emμcode, a technique for masking hard faults in modern microprocessors that provides graceful performance degradation. Emμcode employs microcode traces with control flow that replace an original instruction once a fault is detected. Emμcode adds lightweight microarchitectural hardware to assist in correcting hard faults in larger structures, such as SIMD execution units found in contemporary microprocessors, where replication is infeasible. Key challenges in implementing microcode traces include maintaining proper architectural state and the optimization of trace code. We are able to significantly optimize traces by exploiting dynamic trace behavior and by performing minor modifications to the microarchitecture. We find that removing hard to predict branches is important for optimizing traces. Emμcode uses partial predication, new microcode operations, and the full use of the microcode's flexibility and visibility to create fast traces. This paper studies the viability of implementing SIMD floating point arithmetic operations found in modern x86 processors using Emμcode traces. Our results show that for programs with 1 to 5 percent of the dynamic instructions replaced by Emμcode, a graceful performance degradation of only 1.3x to 4x is achievable.","PeriodicalId":376982,"journal":{"name":"2009 IEEE/IFIP International Conference on Dependable Systems & Networks","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115810420","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Möbius 2.3: An extensible tool for dependability, security, and performance evaluation of large and complex system models Möbius 2.3:用于大型复杂系统模型的可靠性、安全性和性能评估的可扩展工具
2009 IEEE/IFIP International Conference on Dependable Systems & Networks Pub Date : 2009-09-29 DOI: 10.1109/DSN.2009.5270318
T. Courtney, Shravan Gaonkar, K. Keefe, Eric Rozier, W. Sanders
{"title":"Möbius 2.3: An extensible tool for dependability, security, and performance evaluation of large and complex system models","authors":"T. Courtney, Shravan Gaonkar, K. Keefe, Eric Rozier, W. Sanders","doi":"10.1109/DSN.2009.5270318","DOIUrl":"https://doi.org/10.1109/DSN.2009.5270318","url":null,"abstract":"Möbius 2.3 is an extensible dependability, security, and performance modeling environment for large-scale discrete-event systems. It provides multiple model formalisms and solution techniques, facilitating the representation of each part of a system in the formalism that is most appropriate for it, and the application of the solution method or methods best-suited to estimating the system's behavior. Since its initial release in 2001, many advances have been made in Möbius's design and implementation that have strengthened its place in the modeling and analysis community. With almost a decade of widespread academic and industrial use, Möbius has proven itself to be useful in a wide variety of modeling situations. This paper documents the current feature set of Möbius 2.3, emphasizing recent significant enhancements.","PeriodicalId":376982,"journal":{"name":"2009 IEEE/IFIP International Conference on Dependable Systems & Networks","volume":"114 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133407319","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 92
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信