发布求助
文献互助 智能选刊 最新文献

SSRS '03最新文献

筛选
英文 中文
A churn-resistant peer-to-peer web caching system 一个抗流失的点对点web缓存系统
SSRS '03 Pub Date : 2003-10-31 DOI: 10.1145/1036921.1036922
Prakash Linga, Indranil Gupta, K. Birman
{"title":"A churn-resistant peer-to-peer web caching system","authors":"Prakash Linga, Indranil Gupta, K. Birman","doi":"10.1145/1036921.1036922","DOIUrl":"https://doi.org/10.1145/1036921.1036922","url":null,"abstract":"Denial of service attacks on peer-to-peer (p2p) systems can arise from sources otherwise considered non-malicious. We focus on one such commonly prevalent source, called \"churn\". Churn arises from continued and rapid arrival and failure (or departure) of a large number of participants in the system, and traces from deployments have shown that it can lead to extremely stressful networking conditions. It has the potential to increase host loads and block a large fraction of normal insert and lookup operations in the peer-to-peer system. This paper studies a cooperative web caching system that is resistant to churn attacks. Based on the Kelips peer-to-peer routing substrate, it imposes a constant load on participants and is able to reorganize itself continuously under churn. Peer pointers are automatically established among more available participants, thus ensuring high cache hit rates even when the system is stressed under churn. In addition, the system improves on the network locality of cache accesses in previous web caching schemes. The paper presents experimental results from a real implementation running over a commodity PC cluster, as well as trace-based simulations that use real host availability traces obtained from another deployed p2p system.","PeriodicalId":414343,"journal":{"name":"SSRS '03","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129524106","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 60
TRIAD: a framework for survivability architecting TRIAD:可生存性架构的框架
SSRS '03 Pub Date : 2003-10-31 DOI: 10.1145/1036921.1036933
A. Moore, R. Ellison
{"title":"TRIAD: a framework for survivability architecting","authors":"A. Moore, R. Ellison","doi":"10.1145/1036921.1036933","DOIUrl":"https://doi.org/10.1145/1036921.1036933","url":null,"abstract":"High confidence in a system's survivability requires an accurate understanding of the system's threat environment and the impact of that environment on system operations. This paper describes a framework for intrusion-aware design called trustworthy refinement through intrusion-aware design (TRIAD). The spiral structure of TRIAD iterates through three sectors of activity for developing the architectural strategy, for instantiating the architecture using technical components, and for analyzing the impact of the threat environment on system operations. TRIAD helps developers of complex, internetworked information systems to formulate, implement, and maintain a coherent, justifiable, and affordable survivability strategy that addresses mission-compromising threats for their organization. TRIAD facilitates planning for the inevitable change to the threat and operational environment and helps trace the effect of change back to the survivability requirements and architecture.","PeriodicalId":414343,"journal":{"name":"SSRS '03","volume":"105 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128952748","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
SelectCast: a scalable and self-repairing multicast overlay routing facility SelectCast:一个可扩展和自我修复的多播覆盖路由设施
SSRS '03 Pub Date : 2003-10-31 DOI: 10.1145/1036921.1036925
Adrian Bozdog, R. V. Renesse, D. Dumitriu
{"title":"SelectCast: a scalable and self-repairing multicast overlay routing facility","authors":"Adrian Bozdog, R. V. Renesse, D. Dumitriu","doi":"10.1145/1036921.1036925","DOIUrl":"https://doi.org/10.1145/1036921.1036925","url":null,"abstract":"In this paper we describe SelectCast, a self-repairing multicast overlay routing facility for supporting publish/subscribe applications. Select Cast is a peer-to-peer protocol, and lever-ages Astrolabe, a secure distributed information management system. SelectCast uses replication to recover quickly from transient failures, as well as Astrolabe's aggregation facilities to recover from long-term failures or adapt to changes in load or QoS requirements. In order to evaluate the scalability and performance of SelectCast, and compare these with other multicast facilities, we built a multicast testing facility on NetBed. This paper reports latency and load results for SelectCast, compared to both native IP multicast and Yoid.","PeriodicalId":414343,"journal":{"name":"SSRS '03","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132351582","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 25
Sliding-window self-healing key distribution 滑动窗口自修复键分布
SSRS '03 Pub Date : 2003-10-31 DOI: 10.1145/1036921.1036930
Sara Miner More, Michael Malkin, Jessica Staddon, D. Balfanz
{"title":"Sliding-window self-healing key distribution","authors":"Sara Miner More, Michael Malkin, Jessica Staddon, D. Balfanz","doi":"10.1145/1036921.1036930","DOIUrl":"https://doi.org/10.1145/1036921.1036930","url":null,"abstract":"We propose a new method for distributing a common key to a dynamic group over an unreliable channel. In [15], an unconditionally secure \"self-healing\" protocol that solves this problem and has significant advantages over previous work in this area is presented. However, the protocol suffers from inconsistent robustness, high overhead and expensive maintenance costs. We propose a more practical self-healing protocol that attempts to address these three problems. First, we use a <i>sliding window</i> to make error recovery consistently robust. Second, we significantly reduce overhead. Finally, we give the group manager the ability to spread the cost of personal key distribution over multiple sessions, rather than having to distribute new personal keys to all users at the same time.","PeriodicalId":414343,"journal":{"name":"SSRS '03","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134633669","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 58
ARECA: a highly attack resilient certification authority ARECA:具有高度抗攻击能力的证书颁发机构
SSRS '03 Pub Date : 2003-10-31 DOI: 10.1145/1036921.1036927
Jiwu Jing, Peng Liu, D. Feng, Ji Xiang, Neng Gao, Jingqiang Lin
{"title":"ARECA: a highly attack resilient certification authority","authors":"Jiwu Jing, Peng Liu, D. Feng, Ji Xiang, Neng Gao, Jingqiang Lin","doi":"10.1145/1036921.1036927","DOIUrl":"https://doi.org/10.1145/1036921.1036927","url":null,"abstract":"Certification Authorities (CA) are a critical component of a PKI. All the certificates issued by a CA will become invalid when the (signing) private key of the CA is compromised. Hence it is a very important issue to protect the private key of an online CA. ARECA systems, built on top of threshold cryptography, ensure the security of a CA through a series of defense-in-depth protections. ARECA systems won't be compromised when a few system components are compromised or some system administrators betray. The private key of a CA is protected by distributing different shares of the key to different (signing) components and by ensuring that any component of the CA is unable to reconstruct the private key. In addition, the multi-layer system architecture of ARECA makes it very difficult to attack from outside. Several threshold-cryptography-based methods are proposed in the literature to construct an intrusion tolerant CA, and the uniqueness of ARECA is that it engineers a novel two phase signature composition scheme and a multi-layer CA protection architecture. As a result, ARECA is (a) practical, (b) highly resilient to both insider and outsider attacks that compromise one or more components, and (c) can prevent a variety of outside attacks.","PeriodicalId":414343,"journal":{"name":"SSRS '03","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128315871","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
An intrusion tolerant architecture for dynamic content internet servers 动态内容互联网服务器的入侵容忍体系结构
SSRS '03 Pub Date : 2003-10-31 DOI: 10.1145/1036921.1036934
Ayda Saïdane, Y. Deswarte, V. Nicomette
{"title":"An intrusion tolerant architecture for dynamic content internet servers","authors":"Ayda Saïdane, Y. Deswarte, V. Nicomette","doi":"10.1145/1036921.1036934","DOIUrl":"https://doi.org/10.1145/1036921.1036934","url":null,"abstract":"This paper describes a generic architecture for intrusion tolerant Internet servers. It aims to build systems that are able to survive attacks in the context of an open network such as the Internet. To do so, the design is based on fault tolerance techniques, in particular redundancy and diversification. These techniques give a system the additional resources to continue delivering the correct service to its legitimate clients even when active attacks are corrupting parts of the system components.","PeriodicalId":414343,"journal":{"name":"SSRS '03","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131643960","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
Self-regenerative software components 自再生软件组件
SSRS '03 Pub Date : 2003-10-31 DOI: 10.1145/1036921.1036935
Hassen Saïdi, B. Dutertre, Joshua Levy, A. Valdes
{"title":"Self-regenerative software components","authors":"Hassen Saïdi, B. Dutertre, Joshua Levy, A. Valdes","doi":"10.1145/1036921.1036935","DOIUrl":"https://doi.org/10.1145/1036921.1036935","url":null,"abstract":"Self-regenerative capabilities are a new trend in survivable system design. Self-regeneration ensures the property that a system's vulnerabilities cannot be exploited to the extent that the mission objective is compromised, but instead that the vulnerabilities are eventually removed, and system functionality is restored. To establish the usefulness of self-regenerative capabilities in the design of survivable systems, it is important to ensure that a system satisfying the self-regenerative requirement is survivable, and software engineering practices and tool support are available for building self-regenerative systems. This paper emphasizes the need for formal definition of the concept of self-regenerative systems in general and self-regenerative software components in particular. We propose a simple formal definition of a self-regenerative software component and we propose to adapt well-established formal software validation techniques to build tool support to implement self-regenerative capabilities at the component level.","PeriodicalId":414343,"journal":{"name":"SSRS '03","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124862658","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Continual repair for windows using the event log 使用事件日志对窗口进行持续修复
SSRS '03 Pub Date : 2003-10-31 DOI: 10.1145/1036921.1036932
James C. Reynolds, L. Clough
{"title":"Continual repair for windows using the event log","authors":"James C. Reynolds, L. Clough","doi":"10.1145/1036921.1036932","DOIUrl":"https://doi.org/10.1145/1036921.1036932","url":null,"abstract":"There is good reason to base intrusion detection on data from the host. Unfortunately, most operating systems do not provide all the data needed in readily available logs. Ironically, perhaps, Window NT and its successor, Windows 2000, provide much of the necessary data, at least for security events. We have developed a host-based intrusion detector for these platforms that meets the generally accepted criteria for a good Intrusion Detection System. Its architecture is sufficiently flexible to meet these criteria largely by relying on native mechanisms. Where there are identified gaps in the data from the native security event log, they can be filled by data from other sensors by using the same event-logging interface. The IDS will also terminate unauthorized processes, delete unauthorized files, and restore deleted or modified files continually without lengthy recovery due to compromise. We call this feature Continual Repair. It is an existence proof that self-regenerative systems are possible.","PeriodicalId":414343,"journal":{"name":"SSRS '03","volume":"57 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123335508","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Tolerating denial-of-service attacks using overlay networks: impact of topology 使用覆盖网络容忍拒绝服务攻击:拓扑的影响
SSRS '03 Pub Date : 2003-10-31 DOI: 10.1145/1036921.1036926
Ju Wang, L. Lu, A. Chien
{"title":"Tolerating denial-of-service attacks using overlay networks: impact of topology","authors":"Ju Wang, L. Lu, A. Chien","doi":"10.1145/1036921.1036926","DOIUrl":"https://doi.org/10.1145/1036921.1036926","url":null,"abstract":"Proxy-network based overlays have been proposed to protect Internet Applications against Denial-of-Service attacks by hiding an application's location. We study how a proxy network's topology influences the effectiveness of location-hiding. We present two theorems which quantitatively characterize when proxy networks are robust against attacks (attackers' impact can be quickly and completely removed), and when they are vulnerable to attacks (attackers' impact cannot be completely removed). Using these theorems, we study a range of proxy network topologies, and identify those topologies favorable for location-hiding and resisting Denial-of-Service attacks. We have found that popular overlay network topologies such as Chord [25], which has been suggested for location-hiding, is in fact not a favorable topology for such purposes; we have also shown that CAN [21], a less popular overlay network, can be a good topology for location-hiding. Our theoretical results provide a set of sound design principles on proxy networks used for location-hiding.","PeriodicalId":414343,"journal":{"name":"SSRS '03","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130633757","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 30
Security analysis of SITAR intrusion tolerance system SITAR入侵容忍系统的安全性分析
SSRS '03 Pub Date : 2003-10-31 DOI: 10.1145/1036921.1036924
Dazhi Wang, B. Madan, Kishor S. Trivedi
{"title":"Security analysis of SITAR intrusion tolerance system","authors":"Dazhi Wang, B. Madan, Kishor S. Trivedi","doi":"10.1145/1036921.1036924","DOIUrl":"https://doi.org/10.1145/1036921.1036924","url":null,"abstract":"Security is an important QoS attribute for characterizing intrusion tolerant computing systems. Frequently however, the security of computing systems is assessed in a qualitative manner based on the presence and absence of certain functional characteristics and security mechanisms. Such a characterization is not only ad hoc, it also lacks rigorous scientific and systematic basis. Some recent research efforts have emphasized the need for a quantitative assessment of security attributes for intrusion tolerant systems. Intrusion tolerant systems are not only complex, but also have to operate in an environment made unpredictable due to the unpredictable actions of bona-fide and non bona-fide users. This makes quantitative security analysis a difficult problem. Earlier approaches to security modelling have been based on the use of Markov models. Capturing details of real architectures in a manually constructed Markov model is difficult. We advocate the use of higher level formalism based on stochastic Petri nets for modelling and quantitative security analysis of intrusion tolerant systems. To validate our approach, we use an experimental intrusion tolerant systems known as the SITAR (scalable intrusion tolerant architecture) currently being implemented jointly at MCNC and Duke University as our target system. It is shown that the resulting analysis is useful in determining gains in security by reconfiguring such a system in terms of increase in redundancy under varying threat levels.","PeriodicalId":414343,"journal":{"name":"SSRS '03","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2003-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128443969","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 78
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信