发布求助
文献互助 智能选刊 最新文献

2009 IEEE/IFIP International Conference on Dependable Systems & Networks最新文献

筛选
英文 中文
On the effectiveness of low latency anonymous network in the presence of timing attack 低延迟匿名网络在存在定时攻击时的有效性研究
2009 IEEE/IFIP International Conference on Dependable Systems & Networks Pub Date : 2009-09-29 DOI: 10.1109/DSN.2009.5270306
Jinghe Jin, Xinyuan Wang
{"title":"On the effectiveness of low latency anonymous network in the presence of timing attack","authors":"Jinghe Jin, Xinyuan Wang","doi":"10.1109/DSN.2009.5270306","DOIUrl":"https://doi.org/10.1109/DSN.2009.5270306","url":null,"abstract":"In this paper, we introduce a novel metric that can quantitatively measure the practical effectiveness (i.e. anonymity) of all anonymous networks in the presence of timing attack. Our metric is based on a novel measurement of the distortion of the packet timing between the incoming and the outgoing flows to and from the anonymous network and it uses wavelet based analysis to measure the variability of the distortion. To the best of our knowledge, our approach is the first practical method that can quantitatively measure the packet timing distortion between flows that may have gone through such transformations as flow mixing/spliting/merging, adding chaff, packet dropping. To validate our anonymity metric, we have conducted real-time timing attacks on various deployed anonymous networks such as Tor, anonymizer.com and have used the timing attack results as the ground truth for validating our anonymity metric. We have found strong correlation between our anonymity metric and the timing attack results. Our metric measurements and timing attack results show that the circuit rotation in Tor network could significantly increase its resistance to timing attack at the cost of more timing disturbances to the normal users. In addition, we have found that adding constant rate chaff (i.e. cover traffic) has diminishing effect in anonymizing packet flows.","PeriodicalId":376982,"journal":{"name":"2009 IEEE/IFIP International Conference on Dependable Systems & Networks","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134374295","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
Design and development of a proof-of-concept platooning application using the HIDENETS architecture 使用HIDENETS架构设计和开发概念验证队列应用程序
2009 IEEE/IFIP International Conference on Dependable Systems & Networks Pub Date : 2009-09-29 DOI: 10.1109/DSN.2009.5270334
Luis Marques, A. Casimiro, M. Calha
{"title":"Design and development of a proof-of-concept platooning application using the HIDENETS architecture","authors":"Luis Marques, A. Casimiro, M. Calha","doi":"10.1109/DSN.2009.5270334","DOIUrl":"https://doi.org/10.1109/DSN.2009.5270334","url":null,"abstract":"This paper describes the design and development of a proof-of-concept platooning application, which operates in a mobile and dynamic environment and makes use of architectural and middleware solutions that were proposed in the scope of the HIDENETS project. With this application it is possible to demonstrate the practical feasibility of a hybrid system architecture, with realms of operation with distinct synchrony properties, and the benefits of adopting such architecture. In particular, we show that it is possible to improve the performance and behavior of the platooning application, which operates over an intrinsically uncertain environment (due to mobility and wireless communication), and still secure fundamental safety-critical requirements.","PeriodicalId":376982,"journal":{"name":"2009 IEEE/IFIP International Conference on Dependable Systems & Networks","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121402768","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
WYSIWIB: A declarative approach to finding API protocols and bugs in Linux code 所见即所得:一种在Linux代码中查找API协议和bug的声明性方法
2009 IEEE/IFIP International Conference on Dependable Systems & Networks Pub Date : 2009-09-29 DOI: 10.1109/DSN.2009.5270354
J. Lawall, Julien Brunel, Nicolas Palix, René Rydhof Hansen, H. Stuart, Gilles Muller
{"title":"WYSIWIB: A declarative approach to finding API protocols and bugs in Linux code","authors":"J. Lawall, Julien Brunel, Nicolas Palix, René Rydhof Hansen, H. Stuart, Gilles Muller","doi":"10.1109/DSN.2009.5270354","DOIUrl":"https://doi.org/10.1109/DSN.2009.5270354","url":null,"abstract":"Eliminating OS bugs is essential to ensuring the reliability of infrastructures ranging from embedded systems to servers. Several tools based on static analysis have been proposed for finding bugs in OS code. They have, however, emphasized scalability over usability, making it difficult to focus the tools on specific kinds of bugs and to relate the results to patterns in the source code. We propose a declarative approach to bug finding in Linux OS code using a control-flow based program search engine. Our approach is WYSIWIB (What You See Is Where It Bugs), since the programmer expresses specifications for bug finding using a syntax close to that of ordinary C code. The key advantage of our approach is that search specifications can be easily tailored, to eliminate false positives or catch more bugs. We present three case studies that have allowed us to find hundreds of potential bugs.","PeriodicalId":376982,"journal":{"name":"2009 IEEE/IFIP International Conference on Dependable Systems & Networks","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122377039","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 64
Fail-Aware Untrusted Storage 故障感知不可信存储
2009 IEEE/IFIP International Conference on Dependable Systems & Networks Pub Date : 2009-09-29 DOI: 10.1137/090751062
C. Cachin, I. Keidar, A. Shraer
{"title":"Fail-Aware Untrusted Storage","authors":"C. Cachin, I. Keidar, A. Shraer","doi":"10.1137/090751062","DOIUrl":"https://doi.org/10.1137/090751062","url":null,"abstract":"We consider a set of clients collaborating through an online service provider that is subject to attacks, and hence not fully trusted by the clients. We introduce the abstraction of a fail-aware untrusted service, with meaningful semantics even when the provider is faulty. In the common case, when the provider is correct, such a service guarantees consistency (linearizability) and liveness (wait-freedom) of all operations. In addition, the service always provides accurate and complete consistency and failure detection. We illustrate our new abstraction by presenting a Fail-Aware Untrusted STorage service (FAUST). Existing storage protocols in this model guarantee so-called forking semantics. We observe, however, that none of the previously suggested protocols suffice for implementing fail-aware untrusted storage with the desired liveness and consistency properties (at least wait-freedom and linearizability when the server is correct). We present a new storage protocol, which does not suffer from this limitation, and implements a new consistency notion, called weak fork-linearizability. We show how to extend this protocol to provide eventual consistency and failure awareness in FAUST.","PeriodicalId":376982,"journal":{"name":"2009 IEEE/IFIP International Conference on Dependable Systems & Networks","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123406418","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 59
Sharing end-user negative symptoms for improving overlay network dependability 共享最终用户的负面症状,以提高覆盖网络的可靠性
2009 IEEE/IFIP International Conference on Dependable Systems & Networks Pub Date : 2009-09-29 DOI: 10.1109/DSN.2009.5270328
Yongning Tang, E. Al-Shaer
{"title":"Sharing end-user negative symptoms for improving overlay network dependability","authors":"Yongning Tang, E. Al-Shaer","doi":"10.1109/DSN.2009.5270328","DOIUrl":"https://doi.org/10.1109/DSN.2009.5270328","url":null,"abstract":"The dependability of overlay services rely on the overlay network's capabilities to effectively diagnose and recover faults (e.g., link failures, overlay node outages). However, overlay applications bring to overlay fault diagnosis new challenges, which include large-scale deployment, inaccessible underlying network information, dynamic symptom-fault causality relationship, and multi-layer complexity. In this paper, we develop an evidential overlay fault diagnosis framework (called DigOver) to tackle these challenges. Firstly, the DigOver identifies a set of potential faulty components based on shared end-user observed negative symptoms. Then, each potential faulty component is evaluated to quantify its fault likelihood and the corresponding evaluation uncertainty. Finally, the DigOver dynamically constructs a plausible fault graph to locate the root causes of end-user observed negative symptoms.","PeriodicalId":376982,"journal":{"name":"2009 IEEE/IFIP International Conference on Dependable Systems & Networks","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129353524","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Language level checkpointing support for stream processing applications 对流处理应用程序的语言级检查点支持
2009 IEEE/IFIP International Conference on Dependable Systems & Networks Pub Date : 2009-09-29 DOI: 10.1109/DSN.2009.5270344
Gabriela Jacques-Silva, B. Gedik, H. Andrade, Kun-Lung Wu
{"title":"Language level checkpointing support for stream processing applications","authors":"Gabriela Jacques-Silva, B. Gedik, H. Andrade, Kun-Lung Wu","doi":"10.1109/DSN.2009.5270344","DOIUrl":"https://doi.org/10.1109/DSN.2009.5270344","url":null,"abstract":"Many streaming applications demand continuous processing of live data with little or no downtime, therefore, making high-availability a crucial operational requirement. Fault tolerance techniques are generally expensive and when directly applied to streaming systems with stringent throughput and latency requirements, they might incur a prohibitive performance overhead. This paper describes a flexible, light-weight fault tolerance solution in the context of the SPADE language and the System S distributed stream processing engine. We devised language extensions so users can define and parameterize check-point policies easily. This configurable fault tolerance solution is implemented through code generation in SPADE, which reduces the overall application fault tolerance costs by incurring them only for the parts of the application that require it. In this paper we focus on the overall design of our checkpoint mechanism and we also describe an incremental checkpointing algorithm that is suitable for on-the-fly processing of high-rate data streams.","PeriodicalId":376982,"journal":{"name":"2009 IEEE/IFIP International Conference on Dependable Systems & Networks","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130289721","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 25
Analyzing the process of installing rogue software 分析恶意软件的安装过程
2009 IEEE/IFIP International Conference on Dependable Systems & Networks Pub Date : 2009-09-29 DOI: 10.1109/DSN.2009.5270293
R. Berthier, Jorge Arjona, M. Cukier
{"title":"Analyzing the process of installing rogue software","authors":"R. Berthier, Jorge Arjona, M. Cukier","doi":"10.1109/DSN.2009.5270293","DOIUrl":"https://doi.org/10.1109/DSN.2009.5270293","url":null,"abstract":"This practical experience report presents the results of an experiment aimed at understanding the sequence of malicious actions following a remote compromise. The type of rogue software installed during attacks was used to classify and understand sequences of malicious actions. For this experiment, we used four Linux target computers running SSH with simple passwords. During the eight-month data collection period, we recorded a total of 1,171 attack sessions. In these sessions, attackers typed a total of 20,335 commands that we categorized into 24 specific actions. These actions were analyzed based on the type of rogue software installed by attackers.","PeriodicalId":376982,"journal":{"name":"2009 IEEE/IFIP International Conference on Dependable Systems & Networks","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127028661","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Exploiting refactoring in formal verification 在正式验证中利用重构
2009 IEEE/IFIP International Conference on Dependable Systems & Networks Pub Date : 2009-09-29 DOI: 10.1109/DSN.2009.5270355
Xiang Yin, J. Knight, Westley Weimer
{"title":"Exploiting refactoring in formal verification","authors":"Xiang Yin, J. Knight, Westley Weimer","doi":"10.1109/DSN.2009.5270355","DOIUrl":"https://doi.org/10.1109/DSN.2009.5270355","url":null,"abstract":"In previous work, we introduced Echo, a new approach to the formal verification of the functional correctness of software. Part of what makes Echo practical is a technique called verification refactoring. The program to be verified is mechanically refactored specifically to facilitate verification. After refactoring, the program is documented with low-level annotations, and a specification is extracted mechanically. Proofs that the semantics of the refactored program are equivalent to those of the original program, that the code conforms to the annotations, and that the extracted specification implies the program's original specification constitute the verification argument. In this paper, we discuss verification refactoring and illustrate it with a case study of the verification of an optimized implementation of the Advanced Encryption Standard (AES) against its official specification. We compare the practicality of verification using refactoring with traditional correctness proofs and refinement, and we assess its efficacy using seeded defects.","PeriodicalId":376982,"journal":{"name":"2009 IEEE/IFIP International Conference on Dependable Systems & Networks","volume":"51 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129598944","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 25
RRE: A game-theoretic intrusion Response and Recovery Engine 一个博弈论的入侵响应与恢复引擎
2009 IEEE/IFIP International Conference on Dependable Systems & Networks Pub Date : 2009-06-01 DOI: 10.1109/DSN.2009.5270307
Saman A. Zonouz, Himanshu Khurana, William H. Sanders, Timothy M. Yardley
{"title":"RRE: A game-theoretic intrusion Response and Recovery Engine","authors":"Saman A. Zonouz, Himanshu Khurana, William H. Sanders, Timothy M. Yardley","doi":"10.1109/DSN.2009.5270307","DOIUrl":"https://doi.org/10.1109/DSN.2009.5270307","url":null,"abstract":"Preserving the availability and integrity of networked computing systems in the face of fast-spreading intrusions requires advances not only in detection algorithms, but also in automated response techniques. In this paper, we propose a new approach to automated response called the Response and Recovery Engine (RRE). Our engine employs a game-theoretic response strategy against adversaries modeled as opponents in a two-player Stackelberg stochastic game. RRE applies attack-response trees to analyze undesired security events and their countermeasures using Boolean logic to combine lower-level attack consequences. In addition, RRE accounts for uncertainties in intrusion detection alert notifications. RRE then chooses optimal response actions by solving a partially observable competitive Markov decision process that is automatically derived from attack-response trees. Experimental results show that RRE, using Snort's alerts, can protect large networks for which attack-response trees have more than 900 nodes.","PeriodicalId":376982,"journal":{"name":"2009 IEEE/IFIP International Conference on Dependable Systems & Networks","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125674595","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 26
Fluid modeling and control for server system performance and availability 服务器系统性能和可用性的流体建模和控制
2009 IEEE/IFIP International Conference on Dependable Systems & Networks Pub Date : 2009-06-01 DOI: 10.1109/DSN.2009.5270311
Luc Malrait, S. Bouchenak, N. Marchand
{"title":"Fluid modeling and control for server system performance and availability","authors":"Luc Malrait, S. Bouchenak, N. Marchand","doi":"10.1109/DSN.2009.5270311","DOIUrl":"https://doi.org/10.1109/DSN.2009.5270311","url":null,"abstract":"Although server technology provides a means to support a wide range of online services and applications, their ad-hoc configuration poses significant challenges to the performance, availability and economical costs of applications. In this paper, we examine the impact of server configuration on the central tradeoff between service performance and availability. First, we present a server model as a nonlinear continuous-time model using fluid approximations. Second, we develop admission control of server systems for an optimal configuration. We provide two control laws for two different QoS objectives. AM-C is an availability-maximizing admission control that achieves the highest service availability given a fixed performance constraint; and PM-C is a performance-maximizing admission control that meets a desired availability target with the highest performance. We evaluate our fluid model and control techniques on the TPC-C industry-standard benchmark. Our experiments show that the proposed techniques improve performance by up to 30 % while guaranteeing availability constraints.","PeriodicalId":376982,"journal":{"name":"2009 IEEE/IFIP International Conference on Dependable Systems & Networks","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128005429","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信