968 resultados para Linux security module
Resumo:
Internet Traffic Managers (ITMs) are special machines placed at strategic places in the Internet. itmBench is an interface that allows users (e.g. network managers, service providers, or experimental researchers) to register different traffic control functionalities to run on one ITM or an overlay of ITMs. Thus itmBench offers a tool that is extensible and powerful yet easy to maintain. ITM traffic control applications could be developed either using a kernel API so they run in kernel space, or using a user-space API so they run in user space. We demonstrate the flexibility of itmBench by showing the implementation of both a kernel module that provides a differentiated network service, and a user-space module that provides an overlay routing service. Our itmBench Linux-based prototype is free software and can be obtained from http://www.cs.bu.edu/groups/itm/.
Resumo:
Wireless Intrusion Detection Systems (WIDS) monitor 802.11 wireless frames (Layer-2) in an attempt to detect misuse. What distinguishes a WIDS from a traditional Network IDS is the ability to utilize the broadcast nature of the medium to reconstruct the physical location of the offending party, as opposed to its possibly spoofed (MAC addresses) identity in cyber space. Traditional Wireless Network Security Systems are still heavily anchored in the digital plane of "cyber space" and hence cannot be used reliably or effectively to derive the physical identity of an intruder in order to prevent further malicious wireless broadcasts, for example by escorting an intruder off the premises based on physical evidence. In this paper, we argue that Embedded Sensor Networks could be used effectively to bridge the gap between digital and physical security planes, and thus could be leveraged to provide reciprocal benefit to surveillance and security tasks on both planes. Toward that end, we present our recent experience integrating wireless networking security services into the SNBENCH (Sensor Network workBench). The SNBENCH provides an extensible framework that enables the rapid development and automated deployment of Sensor Network applications on a shared, embedded sensing and actuation infrastructure. The SNBENCH's extensible architecture allows an engineer to quickly integrate new sensing and response capabilities into the SNBENCH framework, while high-level languages and compilers allow novice SN programmers to compose SN service logic, unaware of the lower-level implementation details of tools on which their services rely. In this paper we convey the simplicity of the service composition through concrete examples that illustrate the power and potential of Wireless Security Services that span both the physical and digital plane.
Resumo:
The Java programming language has been widely described as secure by design. Nevertheless, a number of serious security vulnerabilities have been discovered in Java, particularly in the component known as the Bytecode Verifier. This paper describes a method for representing Java security constraints using the Alloy modeling language. It further describes a system for performing a security analysis on any block of Java bytecodes by converting the bytes into relation initializers in Alloy. Any counterexamples found by the Alloy analyzer correspond directly to insecure code. Analysis of a real-world malicious applet is given to demonstrate the efficacy of the approach.
Resumo:
The TCP/IP architecture was originally designed without taking security measures into consideration. Over the years, it has been subjected to many attacks, which has led to many patches to counter them. Our investigations into the fundamental principles of networking have shown that carefully following an abstract model of Interprocess Communication (IPC) addresses many problems [1]. Guided by this IPC principle, we designed a clean-slate Recursive INternet Architecture (RINA) [2]. In this paper, we show how, without the aid of cryptographic techniques, the bare-bones architecture of RINA can resist most of the security attacks faced by TCP/IP. We also show how hard it is for an intruder to compromise RINA. Then, we show how RINA inherently supports security policies in a more manageable, on-demand basis, in contrast to the rigid, piecemeal approach of TCP/IP.
Resumo:
Statistical Rate Monotonic Scheduling (SRMS) is a generalization of the classical RMS results of Liu and Layland [LL73] for periodic tasks with highly variable execution times and statistical QoS requirements. The main tenet of SRMS is that the variability in task resource requirements could be smoothed through aggregation to yield guaranteed QoS. This aggregation is done over time for a given task and across multiple tasks for a given period of time. Similar to RMS, SRMS has two components: a feasibility test and a scheduling algorithm. SRMS feasibility test ensures that it is possible for a given periodic task set to share a given resource without violating any of the statistical QoS constraints imposed on each task in the set. The SRMS scheduling algorithm consists of two parts: a job admission controller and a scheduler. The SRMS scheduler is a simple, preemptive, fixed-priority scheduler. The SRMS job admission controller manages the QoS delivered to the various tasks through admit/reject and priority assignment decisions. In particular, it ensures the important property of task isolation, whereby tasks do not infringe on each other. In this paper we present the design and implementation of SRMS within the KURT Linux Operating System [HSPN98, SPH 98, Sri98]. KURT Linux supports conventional tasks as well as real-time tasks. It provides a mechanism for transitioning from normal Linux scheduling to a mixed scheduling of conventional and real-time tasks, and to a focused mode where only real-time tasks are scheduled. We overview the technical issues that we had to overcome in order to integrate SRMS into KURT Linux and present the API we have developed for scheduling periodic real-time tasks using SRMS.
Resumo:
The past two decades has seen a dramatic upheaval in the international world order: the end of the Cold War, the 9/11 attacks and the subsequent 'War on Terror', increased Jihadist activities, the accelerated pace of globalization, climate change and the 2008 global financial crisis have contributed to fear, uncertainty, poverty, conflict, massive displacements of populations of asylum seekers and refugees globally and a proliferation of Protracted Refugee Situations (PRS), defined as situations in which refugees have been in exile 'for 5 years or more after their initial displacement, without immediate prospects for implementation of durable solutions. In the past two decades there has been a huge proliferation of these with more than 7.2 million refugees now trapped in these PRS, with a further 16 million internally displaced persons (IDPs) trapped in camps within their own countries. The Dadaab refugee complex in Kenya, which of as March 2012, holds over 463,000 refugees, is the most significant and extreme example in recent times of a PRS. It was established in 1991 following the collapse of the Somali Government of Dictator Siad Barre, and the disintegration of Somalia into the chaos that still exists today. PRS such as Dadaab raise particular issues about humanitarianism in terms of aid, protection, security, human rights and the actions (or inaction) of the various stakeholders on an international, national and local level. This thesis investigates these issues by the use of a case study methodology on Dadaab as a PRS, framed in the context of humanitarianism and in particular the issues that arise in terms of how the international community, the UN system and individual states provide assistance and protection to vulnerable populations. Although the refugee camps have been in existence (as of 2012) for over 20 years, there has never been such a detailed study of Dadaab (or any other PRS) undertaken to date and would be of interest to academics in the areas of international relations, refugee/migration studies and global Governance as well as practitioners in both humanitarian response and development
Resumo:
In rural Ethiopia, among other things, lack of adequate financial service is considered as the basic problem to alleviate rural poverty and to solve the problem of food insecurity. Commercial banks are restricted to urban centres. Providing rural financial service through RUSACCO to the poor has been proposed as a tool for economic development and for achieving food security. Evidence from research in this regard has been so far scanty, especially in rural Ethiopia. The aims of this study are to analyze the determinants of membership, to identify socioeconomic and demographic factors that influence members’ participation in RUSACCOs and to quantify the impact of RUSACCOs on member households’ food security. The study was conducted in two purposely selected woredas in the Amhara region one from food insecure (Lay Gayint woreda) and the other from food secure (Dejen woreda). Six RUSACCOs were selected randomly from these two woredas. Both qualitative and quantitative data were collected. Key informant interviews, focus group discussions and survey techniques were used to collect primary data. Collected data was then analyzed using mixed methods depending on the nature of data. For quantitative data analysis appropriate statistical models were used. The study result reveals that the number of members in each RUSACCO is very small. However, the majority of non-member respondents are willing to join RUSACCO. Lack of information about the benefits of RUSACCO membership is the main problem why many rural poor do not join RUSACCOs. Members participate in different aspects of the cooperatives, starting from attending general assembly up to board membership. They also participate actively in saving and borrowing activities of RUSACCO. The majority of the respondents believe the RUSACCO is a vital instrument in combating food insecurity. The empirical findings indicate that gender, marital status, occupation, educational level, participation in local leadership and participation in other income generation means determine the decision of rural poor to join a RUSACCO or not. The amount of saving is determined by household head occupation, farming experience and income level. While age of household head, primary occupation, farming experience, date of membership, annual total consumption expenditure, amount of saving and participation in other income generation activities influence members’ amount of borrowing by RUSACCO members. Finally, the study confirms that RUSACCO participation improves household food security. RUSACCO membership has made positive impact on household total consumption expenditure and food expenditure.
Resumo:
In this work we introduce a new mathematical tool for optimization of routes, topology design, and energy efficiency in wireless sensor networks. We introduce a vector field formulation that models communication in the network, and routing is performed in the direction of this vector field at every location of the network. The magnitude of the vector field at every location represents the density of amount of data that is being transited through that location. We define the total communication cost in the network as the integral of a quadratic form of the vector field over the network area. With the above formulation, we introduce a mathematical machinery based on partial differential equations very similar to the Maxwell's equations in electrostatic theory. We show that in order to minimize the cost, the routes should be found based on the solution of these partial differential equations. In our formulation, the sensors are sources of information, and they are similar to the positive charges in electrostatics, the destinations are sinks of information and they are similar to negative charges, and the network is similar to a non-homogeneous dielectric media with variable dielectric constant (or permittivity coefficient). In one of the applications of our mathematical model based on the vector fields, we offer a scheme for energy efficient routing. Our routing scheme is based on changing the permittivity coefficient to a higher value in the places of the network where nodes have high residual energy, and setting it to a low value in the places of the network where the nodes do not have much energy left. Our simulations show that our method gives a significant increase in the network life compared to the shortest path and weighted shortest path schemes. Our initial focus is on the case where there is only one destination in the network, and later we extend our approach to the case where there are multiple destinations in the network. In the case of having multiple destinations, we need to partition the network into several areas known as regions of attraction of the destinations. Each destination is responsible for collecting all messages being generated in its region of attraction. The complexity of the optimization problem in this case is how to define regions of attraction for the destinations and how much communication load to assign to each destination to optimize the performance of the network. We use our vector field model to solve the optimization problem for this case. We define a vector field, which is conservative, and hence it can be written as the gradient of a scalar field (also known as a potential field). Then we show that in the optimal assignment of the communication load of the network to the destinations, the value of that potential field should be equal at the locations of all the destinations. Another application of our vector field model is to find the optimal locations of the destinations in the network. We show that the vector field gives the gradient of the cost function with respect to the locations of the destinations. Based on this fact, we suggest an algorithm to be applied during the design phase of a network to relocate the destinations for reducing the communication cost function. The performance of our proposed schemes is confirmed by several examples and simulation experiments. In another part of this work we focus on the notions of responsiveness and conformance of TCP traffic in communication networks. We introduce the notion of responsiveness for TCP aggregates and define it as the degree to which a TCP aggregate reduces its sending rate to the network as a response to packet drops. We define metrics that describe the responsiveness of TCP aggregates, and suggest two methods for determining the values of these quantities. The first method is based on a test in which we drop a few packets from the aggregate intentionally and measure the resulting rate decrease of that aggregate. This kind of test is not robust to multiple simultaneous tests performed at different routers. We make the test robust to multiple simultaneous tests by using ideas from the CDMA approach to multiple access channels in communication theory. Based on this approach, we introduce tests of responsiveness for aggregates, and call it CDMA based Aggregate Perturbation Method (CAPM). We use CAPM to perform congestion control. A distinguishing feature of our congestion control scheme is that it maintains a degree of fairness among different aggregates. In the next step we modify CAPM to offer methods for estimating the proportion of an aggregate of TCP traffic that does not conform to protocol specifications, and hence may belong to a DDoS attack. Our methods work by intentionally perturbing the aggregate by dropping a very small number of packets from it and observing the response of the aggregate. We offer two methods for conformance testing. In the first method, we apply the perturbation tests to SYN packets being sent at the start of the TCP 3-way handshake, and we use the fact that the rate of ACK packets being exchanged in the handshake should follow the rate of perturbations. In the second method, we apply the perturbation tests to the TCP data packets and use the fact that the rate of retransmitted data packets should follow the rate of perturbations. In both methods, we use signature based perturbations, which means packet drops are performed with a rate given by a function of time. We use analogy of our problem with multiple access communication to find signatures. Specifically, we assign orthogonal CDMA based signatures to different routers in a distributed implementation of our methods. As a result of orthogonality, the performance does not degrade because of cross interference made by simultaneously testing routers. We have shown efficacy of our methods through mathematical analysis and extensive simulation experiments.
Resumo:
In this paper, we report some findings from an investigation of a topic related to affect and mathematics which is not well-represented in the literature. For some mathematicians, mathematics itself is a source of security in an uncertain world, and we investigated this feeling and experience in the case of 19 adult mathematicians working in universities and schools in Greece. The focus reported here is on ways that a relationship with mathematics offers a sense of permanence and stability on the one hand, and an assurance of novelty and progress on the other.
Resumo:
Software technology that predicts stress in electronic systems and packages, developed as part of TCS Programme, is described. The software is closely integrated within a thermal design tool providing the ability to simulate the coupled effects of airflow, temperature and stress on product performance. This integrated approach to analysis will help decrease the number of design cycles.
Resumo:
Power electronic modules distinguish themselves from other modules by their high power operation. These modules are used extensively in high power application markets such as aerospace, automotive, industrial and traction and drives. This paper discusses typical packaging technologies for power electronics modules. It also discusses the latest results from a UK research project investigating the physics-of-failure approach to reliability analysis and predictions for power modules. An integrated design enviroment for incorporating of affects of uncertainty into the design environment was outlined.
Resumo:
In this paper the reliability of the isolation substrate and chip mountdown solder interconnect of power modules under thermal-mechanical loading has been analysed using a numerical modelling approach. The damage indicators such as the peel stress and the accumulated plastic work density in solder interconnect are calculated for a range of geometrical design parameters, and the effects of these parameters on the reliability are studied by using a combination of the finite element analysis (FEA) method and optimisation techniques. The sensitivities of the reliability of the isolation substrate and solder interconnect to the changes of the design parameters are obtained and optimal designs are studied using response surface approximation and gradient optimization method
Resumo:
A numerical modeling method for the prediction of the lifetime of solder joints of relatively large solder area under cyclic thermal-mechanical loading conditions has been developed. The method is based on the Miner's linear damage accumulation rule and the properties of the accumulated plastic strain in front of the crack in large area solder joint. The nonlinear distribution of the damage indicator in the solder joints have been taken into account. The method has been used to calculate the lifetime of the solder interconnect in a power module under mixed cyclic loading conditions found in railway traction control applications. The results show that the solder thickness is a parameter that has a strong influence on the damage and therefore the lifetime of the solder joint while the substrate width and the thickness of the baseplate are much less important for the lifetime
Resumo:
This paper describes the employment of semantic and conceptual structures in module design, specifically course modules. Additionally, it suggests other uses of these structures in aiding teaching and learning.
Resumo:
The electric car, the all electric aircraft and requirements for renewable energy are prime examples of potential technologies needing to be addressed in the world problem of global warming/carbon emission etc. Power electronics are fundamental for the underpinning of these technologies and with the diverse requirements for electrical configurations and the range of environmental conditions, time to market is paramount for module manufacturers and systems designers alike. This paper presents a 'virtual' design methodology together with theoretical and experimental results that demonstrate enhanced product design with improved reliability, performance and cost value within competitive schemes.
