Modeling Architecture-OS interactions using Layered Queuing Network Models

The prevalent virtualization technologies provide QoS support within the software layers of the virtual machine monitor(VMM) or the operating system of the virtual machine(VM). The QoS features are mostly provided as extensions to the existing software used for accessing the I/O device because of which the applications sharing the I/O device experience loss of performance due to crosstalk effects or usable bandwidth. In this paper we examine the NIC sharing effects across VMs on a Xen virtualized server and present an alternate paradigm that improves the shared bandwidth and reduces the crosstalk effect on the VMs. We implement the proposed hardwaresoftware changes in a layered queuing network (LQN) model and use simulation techniques to evaluate the architecture. We find that simple changes in the device architecture and associated system software lead to application throughput improvement of up to 60%. The architecture also enables finer QoS controls at device level and increases the scalability of device sharing across multiple virtual machines. We find that the performance improvement derived using LQN model is comparable to that reported by similar but real implementations.

Demonstrating the Usefulness of CAELinux for Computer Aided Engineering using an Example of the Three Dimensional Reconstruction of a Pig Liver

CAELinux is a Linux distribution which is bundled with free software packages related to Computer Aided Engineering (CAE). The free software packages include software that can build a three dimensional solid model, programs that can mesh a geometry, software for carrying out Finite Element Analysis (FEA), programs that can carry out image processing etc. Present work has two goals: 1) To give a brief description of CAELinux 2) To demonstrate that CAELinux could be useful for Computer Aided Engineering, using an example of the three dimensional reconstruction of a pig liver from a stack of CT-scan images. One can note that instead of using CAELinux, using commercial software for reconstructing the liver would cost a lot of money. One can also note that CAELinux is a free and open source operating system and all software packages that are included in the operating system are also free. Hence one can conclude that CAELinux could be a very useful tool in application areas like surgical simulation which require three dimensional reconstructions of biological organs. Also, one can see that CAELinux could be a very useful tool for Computer Aided Engineering, in general.

Assessment of Microscale Test Methods of Peeling and Splitting along Surface of Thin-Film/Substrates

Peel test methods are assessed through being applied to a peeling analysis of the ductile film/ceramic substrate system. Through computing the fracture work of the system using the either beam bend model (BB model) or the general plane analysis model (GPA model), surprisingly, a big difference between both model results is found. Although the BB model can capture the plastic dissipation phenomenon for the ductile film case as the GPA model can, it is much sensitive to the choice of the peeling criterion parameters, and it overestimates the plastic bending effect unable to capture crack tip constraint plasticity. In view of the difficulty of measuring interfacial toughness using peel test method when film is the ductile material, a new test method, split test, is recommended and analyzed using the GPA model. The prediction is applied to a wedge-loaded experiment for Al-alloy double-cantilever beam in literature.

Metadata Federation of PICES Member Countries

(Document pdf contains 193 pages) Executive Summary (pdf, < 0.1 Mb) 1. Introduction (pdf, 0.2 Mb) 1.1 Data sharing, international boundaries and large marine ecosystems 2. Objectives (pdf, 0.3 Mb) 3. Background (pdf, < 0.1 Mb) 3.1 North Pacific Ecosystem Metadatabase 3.2 First federation effort: NPEM and the Korea Oceanographic Data Center 3.2 Continuing effort: Adding Japan’s Marine Information Research Center 4. Metadata Standards (pdf, < 0.1 Mb) 4.1 Directory Interchange Format 4.2 Ecological Metadata Language 4.3 Dublin Core 4.3.1. Elements of DC 4.4 Federal Geographic Data Committee 4.5 The ISO 19115 Metadata Standard 4.6 Metadata stylesheets 4.7 Crosswalks 4.8 Tools for creating metadata 5. Communication Protocols (pdf, < 0.1 Mb) 5.1 Z39.50 5.1.1. What does Z39.50 do? 5.1.2. Isite 6. Clearinghouses (pdf, < 0.1 Mb) 7. Methodology (pdf, 0.2 Mb) 7.1 FGDC metadata 7.1.1. Main sections 7.1.2. Supporting sections 7.1.3. Metadata validation 7.2 Getting a copy of Isite 7.3 NSDI Clearinghouse 8. Server Configuration and Technical Issues (pdf, 0.4 Mb) 8.1 Hardware recommendations 8.2 Operating system – Red Hat Linux Fedora 8.3 Web services – Apache HTTP Server version 2.2.3 8.4 Create and validate FGDC-compliant Metadata in XML format 8.5 Obtaining, installing and configuring Isite for UNIX/Linux 8.5.1. Download the appropriate Isite software 8.5.2. Untar the file 8.5.3. Name your database 8.5.4. The zserver.ini file 8.5.5. The sapi.ini file 8.5.6. Indexing metadata 8.5.7. Start the Clearinghouse Server process 8.5.8. Testing the zserver installation 8.6 Registering with NSDI Clearinghouse 8.7 Security issues 9. Search Tutorial and Examples (pdf, 1 Mb) 9.1 Legacy NSDI Clearinghouse search interface 9.2 New GeoNetwork search interface 10. Challenges (pdf, < 0.1 Mb) 11. Emerging Standards (pdf, < 0.1 Mb) 12. Future Activity (pdf, < 0.1 Mb) 13. Acknowledgments (pdf, < 0.1 Mb) 14. References (pdf, < 0.1 Mb) 15. Acronyms (pdf, < 0.1 Mb) 16. Appendices 16.1. KODC-NPEM meeting agendas and minutes (pdf, < 0.1 Mb) 16.1.1. Seattle meeting agenda, August 22–23, 2005 16.1.2. Seattle meeting minutes, August 22–23, 2005 16.1.3. Busan meeting agenda, October 10–11, 2005 16.1.4. Busan meeting minutes, October 10–11, 2005 16.2. MIRC-NPEM meeting agendas and minutes (pdf, < 0.1 Mb) 16.2.1. Seattle Meeting agenda, August 14-15, 2006 16.2.2. Seattle meeting minutes, August 14–15, 2006 16.2.3. Tokyo meeting agenda, October 19–20, 2006 16.2.4. Tokyo, meeting minutes, October 19–20, 2006 16.3. XML stylesheet conversion crosswalks (pdf, < 0.1 Mb) 16.3.1. FGDCI to DIF stylesheet converter 16.3.2. DIF to FGDCI stylesheet converter 16.3.3. String-modified stylesheet 16.4. FGDC Metadata Standard (pdf, 0.1 Mb) 16.4.1. Overall structure 16.4.2. Section 1: Identification information 16.4.3. Section 2: Data quality information 16.4.4. Section 3: Spatial data organization information 16.4.5. Section 4: Spatial reference information 16.4.6. Section 5: Entity and attribute information 16.4.7. Section 6: Distribution information 16.4.8. Section 7: Metadata reference information 16.4.9. Sections 8, 9 and 10: Citation information, time period information, and contact information 16.5. Images of the Isite server directory structure and the files contained in each subdirectory after Isite installation (pdf, 0.2 Mb) 16.6 Listing of NPEM’s Isite configuration files (pdf, < 0.1 Mb) 16.6.1. zserver.ini 16.6.2. sapi.ini 16.7 Java program to extract records from the NPEM metadatabase and write one XML file for each record (pdf, < 0.1 Mb) 16.8 Java program to execute the metadata extraction program (pdf, < 0.1 Mb) A1 Addendum 1: Instructions for Isite for Windows (pdf, 0.6 Mb) A2 Addendum 2: Instructions for Isite for Windows ADHOST (pdf, 0.3 Mb)

Impacto da campanha de vacinação para influenza em uma empresa

A influenza é uma das doenças respiratórias agudas mais prevalentes e importante causa de absenteísmo e presenteísmo. Entretanto, a eficácia vacinal para influenza pode alcançar 80% quando há elevada correspondência entre cepas vacinais e circulantes. Por este motivo, a empresa há anos promove campanha de vacinação, contudo, sem estimar sua efetividade (eficácia na redução da carga da doença) e o impacto econômico (produtividade) para o aprimoramento de sua política de saúde ocupacional. Considerou-se que a efetividade da campanha seria determinada pela eficácia vacinal previamente demonstrada em estudos randomizados, pelo grau de acurácia diagnóstica ou de triagem dos casos, pelo nível de adesão do profissional de saúde ao registro no prontuário e do paciente ao informar a ocorrência dos sintomas e pela cobertura vacinal alcançada. Com os objetivos de avaliar a efetividade e impacto econômico da campanha de vacinação para influenza, optou-se por um desenho estudo observacional de coorte histórico com características de estudo de intervenção baseado em dados históricos da campanha de 2008 e informações individuais sobre a frequência de sintomas respiratórios e absenteísmo, idade, gênero, função (administrativa e operacional) e renda, comorbidades relevantes e tabagismo, obtidas mediante revisão de prontuário dos 12 meses subsequentes, comparadas entre os grupos de vacinados e não-vacinados (qui-quadrado e test t) e analisadas por regressão logística, e estimada a fração prevenível (proporção de episódios potenciais de influenza evitados pela vacinação). Foram analisados os prontuários de 2.425 trabalhadores (1.651 não-vacinados e 754 vacinados) correspondendo à cobertura de 31,1%. A prevalência de influenza observada foi de 10,4% e a vacinação foi efetiva entre os trabalhadores (RR=0,51; IC95% 39-67), quando considerados os sintomas de alta probabilidade de influenza. A fração prevenível foi 0,09 (9 casos evitados a cada 100 trabalhadores vacinados). A campanha de vacinação foi mais efetiva e provocou maior impacto econômico entre os trabalhadores em regime operacional.

Lego EV3 eta Linux-en arteko konektibitatea

Lego Mindstorms eta EV3ren arteko konektibitatea ahalbidetzeko driverraren garapena.

Evaluation of Setup Procedures on Mobile Devices Based on Users’ Initial Experience

Users’ initial perceptions of their competence are key motivational factors for further use. However, initial tasks on a mobile operating system (OS) require setup procedures, which are currently largely inconsistent, do not provide users with clear, visible and immediate feedback on their actions, and require significant adjustment time for first-time users. This paper reports on a study with ten users, carried out to better understand how both prior experience and initial interaction with two touchscreen mobile interfaces (Apple iOS and Google Android) affected setup task performance and motivation. The results show that the reactions to setup on mobile interfaces appear to be partially dependent on which device was experienced first. Initial experience with lower-complexity devices improves performance on higher-complexity devices, but not vice versa. Based on these results, the paper proposes six guidelines for designers to design more intuitive and motivating user interfaces (UI) for setup procedures. The preliminary results indicate that these guidelines can contribute to the design of more inclusive mobile platforms and further work to validate these findings is proposed.

基于信息流的可信操作系统度量架构

将信息流和可信计算技术结合,可以更好地保护操作系统完整性.但现有的可信计算度量机制存在动态性和效率方面的不足,而描述信息流的Biba完整性模型在应用时又存在单调性缺陷.本文将两者结合起来,基于Biba模型,以可信计算平台模块TPM为硬件信任根,引入信息流完整性,并提出了可信操作系统度量架构:BIFI.实验表明,BIFI不仅能很好地保护信息流完整性,而且对现有系统的改动很少,保证了效率.

操作系统强制访问控制关键技术研究

强制访问控制能有效地防止用户有意或无意地破坏系统的安全，能够有效地防止病毒和木马以用户的身份破坏系统的安全，是高安全需求操作系统的主要防护手段。业界对操作系统强制访问控制研究起步很早。然而，面对日新月异的应用场景，面对计算机系统及操作系统自身相关技术的迅猛发展，已有的针对操作系统强制访问控制的研究工作不足以兼顾安全性、可用性和灵活性。以上不足集中体现在：1) 当前广泛使用的强制访问控制机制从设计上难以同时满足实用系统对安全性和可用性的要求；2) 强制访问控制的设计缺乏对操作系统所处分布式、网络化环境的考虑；3) 操作系统强制访问控制研发保障技术需要进一步研究。 针对这些问题，本论文从强制访问控制的设计和保障出发，对操作系统强制访问控制关键技术展开研究，并取得了以下几个方面的成果： 第一：强制访问控制格策略模型机制简洁，安全性易验证，在安全操作系统和安全增强操作系统上应用广泛。然而严格地实施格策略会带来可用性的问题。本文针对机密性和完整性强制访问控制格策略模型，分别给出了可监控客体框架和Clark-Wilson可信主体特权状态跃迁监控框架。这些框架具有细的刻画粒度，好的扩展性和简洁性，我们对这些框架给出了数学描述，并对带Clark-Wilson可信主体特权状态跃迁监控框架的完整性格模型给出了理论证明； 第二：针对分布式应用环境，提出了基于可信计算技术和域型实施（Domain and Type Enforcement: DTE）策略的操作系统分布式强制访问控制方案。我们从理论上证明了策略的安全性。相比国内外同类工作，该方案具有细的访问控制粒度，在系统验证的简洁性和部署的灵活性方面是最好的； 第三：实施强制访问控制的中高等级安全操作系统的安全性需要利用形式化方法的严密性进行保证。本文按照TCSEC B2级别的要求，利用Z/EVES形式化工具对SECIMOS安全操作系统进行了形式化保障：给出了安全模型的形式化规范，给出了安全不变量和安全定理，证明了安全定理，描述了形式化安全模型与顶层设计的一致性； 第四：操作系统强制访问控制框架是强制访问控制机制在操作系统上实现的基础。本文提出了针对操作系统强制访问控制框架的自动测试用例生成方案。该方案利用编译器辅助审计代码插入，约束求解器辅助置乱参数生成，测试用例精简等技术为FreeBSD MAC框架生成了一套有效的回归测试用例套件。同时也为基于FreeBSD MAC框架的NFSARK系列安全操作系统提供了坚实的实施基础。 本文的研究成果向圆满解决当前国内操作系统强制访问控制的设计、实施和保障中遇到的问题的目标迈出了坚实的一步。

Alpha OSEK:一个基于OSEK/VDX标准实现的嵌入式实时操作系统

文章介绍了基于OSEK标准实现的嵌入式实时操作系统-AlphaOSEK。该操作系统适于深嵌入、小内存、有强实时需求的环境。介绍了操作系统的各组成模块及相关特征,还分析了AlphaOSEK对OSEK标准的优化。

基于规则推导的特权隐式授权分析

介绍了一种研究系统特权安全问题的方法．由于其特有的迁移系统安全状态的能力，使得分析及保护系统特权都很困难，因此，传统访问控制研究中所采用的技术无法复制到该领域．在访问控制空间理论下，检查了系统特权的来源问题及其特点，从而将系统规则划分为约束规则与执行规则两类，分别描述授权的限制与效果．进一步对规则逻辑形式进行推导，发现特权操作间的特殊授权关系以及相关属性，并设计了一种快速构造授权推导图的算法．在此基础上，分析隐式授权安全问题可能存在的滥用特权威胁．最后对POSIX(portable operating system interface)标准的权能机制进行形式化描述，计算并构造其授权推导图．对标准设计中存在的滥用威胁提供了对策，有效地实现了与最小特权原则的一致性．

单调速率及其扩展算法的可调度性判定

任务可调度性判定是实时系统调度理论研究的核心问题.单调速率(RM)算法是实时调度的重要算法,自其提出以来已被广泛研究.然而到目前为止,尚缺乏专题性的文章来系统而深入地探讨RM及其扩展算法的可调度性判定,以及各种现实条件和实现方式(包括任务调度的时间开销和任务同步问题等)对可调度性的影响.围绕RM算法下的可调度性判定问题,由浅入深,系统性地讨论各种不同假设和实现方式对可调度性的影响,具体分为下述3大类问题:(1)理想的RM算法下的可调度性判定的CPU利用率最小上界及可调度的充分必要条件;(2)考虑调度时间开销情况下的可调度性判定条件;(3)优先级反转协议及其对可调度性的影响.给出了具体实例来阐述上述问题,并从算法复杂度和可检测率两方面来比较各种算法的优劣.

基于安全操作系统的电子证据获取与存储

基于实时取证的思想,提出了一种安全可取证操作系统(security forensics operating system,简称SeFOS)的概念和实现思路.提出了其总体结构,建立了该系统的取证行为模型,对其取证服务和取证机制进行了分析并作了有关形式化描述,阐述了证据数据的采集和安全保护方法,提出把取证机制置于内核,基于进程、系统调用、内核资源分配和网络数据等获取证据的方法,并通过模拟实验验证了SeFOS的可取证性.可取证操作系统的研究对于进一步研究可取证数据库管理系统(forensic database management system,简称FDBMS)和可取证网络系统(forensic network,简称FNetWork)具有重要意义.

面向入侵的取证系统框架

在分析常见入侵攻击的基础上抽象出入侵过程的一般模式，提出针对入侵攻击的取证系统应满足的特征。提出了入侵取证模型，并基于这一取证模型在操作系统内核层实现了取证系统原型KIFS（kernel intrusion forensic system）。在对实际入侵的取证实验中，根据KIFS得到的证据，成功记录并重构了一个针对FreeBSD系统漏洞的本地提升权限攻击的完整过程。

一种支持动态调节的最小特权安全策略架构

最小特权机制可为安全操作系统提供恰当的安全保证级.本文描述了一种支持动态调节的最小特权安全策略架构,它结合角色的职责隔离和域的功能隔离特性,通过一种基于进程上下文一角色、执行域和运行映像的权能控制机制,将每个进程始终约束在这些上下文允许的最小特权范围内.本文实例分析了该架构在安胜OS v4.0,一种自主开发的、符合GB17859-1999第四级--结构化保护级的安全操作系统中的实现.结果表明,它可支持安全操作系统实施动态调节的最小特权控制,并提供灵活有效的系统.