809 resultados para Secure operating system
Resumo:
Accurate supersymmetric spectra are required to confront data from direct and indirect searches of supersymmetry. SuSeFLAV is a numerical tool capable of computing supersymmetric spectra precisely for various supersymmetric breaking scenarios applicable even in the presence of flavor violation. The program solves MSSM RGEs with complete 3 x 3 flavor mixing at 2-loop level and one loop finite threshold corrections to all MSSM parameters by incorporating radiative electroweak symmetry breaking conditions. The program also incorporates the Type-I seesaw mechanism with three massive right handed neutrinos at user defined mass scales and mixing. It also computes branching ratios of flavor violating processes such as l(j) -> l(i)gamma, l(j) -> 3 l(i), b -> s gamma and supersymmetric contributions to flavor conserving quantities such as (g(mu) - 2). A large choice of executables suitable for various operations of the program are provided. Program summary Program title: SuSeFLAV Catalogue identifier: AEOD_v1_0 Program summary URL: http://cpc.cs.qub.ac.uk/summaries/AEOD_v1_0.html Program obtainable from: CPC Program Library, Queen's University, Belfast, N. Ireland Licensing provisions: GNU General Public License No. of lines in distributed program, including test data, etc.: 76552 No. of bytes in distributed program, including test data, etc.: 582787 Distribution format: tar.gz Programming language: Fortran 95. Computer: Personal Computer, Work-Station. Operating system: Linux, Unix. Classification: 11.6. Nature of problem: Determination of masses and mixing of supersymmetric particles within the context of MSSM with conserved R-parity with and without the presence of Type-I seesaw. Inter-generational mixing is considered while calculating the mass spectrum. Supersymmetry breaking parameters are taken as inputs at a high scale specified by the mechanism of supersymmetry breaking. RG equations including full inter-generational mixing are then used to evolve these parameters up to the electroweak breaking scale. The low energy supersymmetric spectrum is calculated at the scale where successful radiative electroweak symmetry breaking occurs. At weak scale standard model fermion masses, gauge couplings are determined including the supersymmetric radiative corrections. Once the spectrum is computed, the program proceeds to various lepton flavor violating observables (e.g., BR(mu -> e gamma), BR(tau -> mu gamma) etc.) at the weak scale. Solution method: Two loop RGEs with full 3 x 3 flavor mixing for all supersymmetry breaking parameters are used to compute the low energy supersymmetric mass spectrum. An adaptive step size Runge-Kutta method is used to solve the RGEs numerically between the high scale and the electroweak breaking scale. Iterative procedure is employed to get the consistent radiative electroweak symmetry breaking condition. The masses of the supersymmetric particles are computed at 1-loop order. The third generation SM particles and the gauge couplings are evaluated at the 1-loop order including supersymmetric corrections. A further iteration of the full program is employed such that the SM masses and couplings are consistent with the supersymmetric particle spectrum. Additional comments: Several executables are presented for the user. Running time: 0.2 s on a Intel(R) Core(TM) i5 CPU 650 with 3.20 GHz. (c) 2012 Elsevier B.V. All rights reserved.
Resumo:
The correctness of a hard real-time system depends its ability to meet all its deadlines. Existing real-time systems use either a pure real-time scheduler or a real-time scheduler embedded as a real-time scheduling class in the scheduler of an operating system (OS). Existing implementations of schedulers in multicore systems that support real-time and non-real-time tasks, permit the execution of non-real-time tasks in all the cores with priorities lower than those of real-time tasks, but interrupts and softirqs associated with these non-real-time tasks can execute in any core with priorities higher than those of real-time tasks. As a result, the execution overhead of real-time tasks is quite large in these systems, which, in turn, affects their runtime. In order that the hard real-time tasks can be executed in such systems with minimal interference from other Linux tasks, we propose, in this paper, an integrated scheduler architecture, called SchedISA, which aims to considerably reduce the execution overhead of real-time tasks in these systems. In order to test the efficacy of the proposed scheduler, we implemented partitioned earliest deadline first (P-EDF) scheduling algorithm in SchedISA on Linux kernel, version 3.8, and conducted experiments on Intel core i7 processor with eight logical cores. We compared the execution overhead of real-time tasks in the above implementation of SchedISA with that in SCHED_DEADLINE's P-EDF implementation, which concurrently executes real-time and non-real-time tasks in Linux OS in all the cores. The experimental results show that the execution overhead of real-time tasks in the above implementation of SchedISA is considerably less than that in SCHED_DEADLINE. We believe that, with further refinement of SchedISA, the execution overhead of real-time tasks in SchedISA can be reduced to a predictable maximum, making it suitable for scheduling hard real-time tasks without affecting the CPU share of Linux tasks.
Resumo:
(Document pdf contains 193 pages) Executive Summary (pdf, < 0.1 Mb) 1. Introduction (pdf, 0.2 Mb) 1.1 Data sharing, international boundaries and large marine ecosystems 2. Objectives (pdf, 0.3 Mb) 3. Background (pdf, < 0.1 Mb) 3.1 North Pacific Ecosystem Metadatabase 3.2 First federation effort: NPEM and the Korea Oceanographic Data Center 3.2 Continuing effort: Adding Japan’s Marine Information Research Center 4. Metadata Standards (pdf, < 0.1 Mb) 4.1 Directory Interchange Format 4.2 Ecological Metadata Language 4.3 Dublin Core 4.3.1. Elements of DC 4.4 Federal Geographic Data Committee 4.5 The ISO 19115 Metadata Standard 4.6 Metadata stylesheets 4.7 Crosswalks 4.8 Tools for creating metadata 5. Communication Protocols (pdf, < 0.1 Mb) 5.1 Z39.50 5.1.1. What does Z39.50 do? 5.1.2. Isite 6. Clearinghouses (pdf, < 0.1 Mb) 7. Methodology (pdf, 0.2 Mb) 7.1 FGDC metadata 7.1.1. Main sections 7.1.2. Supporting sections 7.1.3. Metadata validation 7.2 Getting a copy of Isite 7.3 NSDI Clearinghouse 8. Server Configuration and Technical Issues (pdf, 0.4 Mb) 8.1 Hardware recommendations 8.2 Operating system – Red Hat Linux Fedora 8.3 Web services – Apache HTTP Server version 2.2.3 8.4 Create and validate FGDC-compliant Metadata in XML format 8.5 Obtaining, installing and configuring Isite for UNIX/Linux 8.5.1. Download the appropriate Isite software 8.5.2. Untar the file 8.5.3. Name your database 8.5.4. The zserver.ini file 8.5.5. The sapi.ini file 8.5.6. Indexing metadata 8.5.7. Start the Clearinghouse Server process 8.5.8. Testing the zserver installation 8.6 Registering with NSDI Clearinghouse 8.7 Security issues 9. Search Tutorial and Examples (pdf, 1 Mb) 9.1 Legacy NSDI Clearinghouse search interface 9.2 New GeoNetwork search interface 10. Challenges (pdf, < 0.1 Mb) 11. Emerging Standards (pdf, < 0.1 Mb) 12. Future Activity (pdf, < 0.1 Mb) 13. Acknowledgments (pdf, < 0.1 Mb) 14. References (pdf, < 0.1 Mb) 15. Acronyms (pdf, < 0.1 Mb) 16. Appendices 16.1. KODC-NPEM meeting agendas and minutes (pdf, < 0.1 Mb) 16.1.1. Seattle meeting agenda, August 22–23, 2005 16.1.2. Seattle meeting minutes, August 22–23, 2005 16.1.3. Busan meeting agenda, October 10–11, 2005 16.1.4. Busan meeting minutes, October 10–11, 2005 16.2. MIRC-NPEM meeting agendas and minutes (pdf, < 0.1 Mb) 16.2.1. Seattle Meeting agenda, August 14-15, 2006 16.2.2. Seattle meeting minutes, August 14–15, 2006 16.2.3. Tokyo meeting agenda, October 19–20, 2006 16.2.4. Tokyo, meeting minutes, October 19–20, 2006 16.3. XML stylesheet conversion crosswalks (pdf, < 0.1 Mb) 16.3.1. FGDCI to DIF stylesheet converter 16.3.2. DIF to FGDCI stylesheet converter 16.3.3. String-modified stylesheet 16.4. FGDC Metadata Standard (pdf, 0.1 Mb) 16.4.1. Overall structure 16.4.2. Section 1: Identification information 16.4.3. Section 2: Data quality information 16.4.4. Section 3: Spatial data organization information 16.4.5. Section 4: Spatial reference information 16.4.6. Section 5: Entity and attribute information 16.4.7. Section 6: Distribution information 16.4.8. Section 7: Metadata reference information 16.4.9. Sections 8, 9 and 10: Citation information, time period information, and contact information 16.5. Images of the Isite server directory structure and the files contained in each subdirectory after Isite installation (pdf, 0.2 Mb) 16.6 Listing of NPEM’s Isite configuration files (pdf, < 0.1 Mb) 16.6.1. zserver.ini 16.6.2. sapi.ini 16.7 Java program to extract records from the NPEM metadatabase and write one XML file for each record (pdf, < 0.1 Mb) 16.8 Java program to execute the metadata extraction program (pdf, < 0.1 Mb) A1 Addendum 1: Instructions for Isite for Windows (pdf, 0.6 Mb) A2 Addendum 2: Instructions for Isite for Windows ADHOST (pdf, 0.3 Mb)
Resumo:
A influenza é uma das doenças respiratórias agudas mais prevalentes e importante causa de absenteísmo e presenteísmo. Entretanto, a eficácia vacinal para influenza pode alcançar 80% quando há elevada correspondência entre cepas vacinais e circulantes. Por este motivo, a empresa há anos promove campanha de vacinação, contudo, sem estimar sua efetividade (eficácia na redução da carga da doença) e o impacto econômico (produtividade) para o aprimoramento de sua política de saúde ocupacional. Considerou-se que a efetividade da campanha seria determinada pela eficácia vacinal previamente demonstrada em estudos randomizados, pelo grau de acurácia diagnóstica ou de triagem dos casos, pelo nível de adesão do profissional de saúde ao registro no prontuário e do paciente ao informar a ocorrência dos sintomas e pela cobertura vacinal alcançada. Com os objetivos de avaliar a efetividade e impacto econômico da campanha de vacinação para influenza, optou-se por um desenho estudo observacional de coorte histórico com características de estudo de intervenção baseado em dados históricos da campanha de 2008 e informações individuais sobre a frequência de sintomas respiratórios e absenteísmo, idade, gênero, função (administrativa e operacional) e renda, comorbidades relevantes e tabagismo, obtidas mediante revisão de prontuário dos 12 meses subsequentes, comparadas entre os grupos de vacinados e não-vacinados (qui-quadrado e test t) e analisadas por regressão logística, e estimada a fração prevenível (proporção de episódios potenciais de influenza evitados pela vacinação). Foram analisados os prontuários de 2.425 trabalhadores (1.651 não-vacinados e 754 vacinados) correspondendo à cobertura de 31,1%. A prevalência de influenza observada foi de 10,4% e a vacinação foi efetiva entre os trabalhadores (RR=0,51; IC95% 39-67), quando considerados os sintomas de alta probabilidade de influenza. A fração prevenível foi 0,09 (9 casos evitados a cada 100 trabalhadores vacinados). A campanha de vacinação foi mais efetiva e provocou maior impacto econômico entre os trabalhadores em regime operacional.
Resumo:
Lego Mindstorms eta EV3ren arteko konektibitatea ahalbidetzeko driverraren garapena.
Resumo:
Users’ initial perceptions of their competence are key motivational factors for further use. However, initial tasks on a mobile operating system (OS) require setup procedures, which are currently largely inconsistent, do not provide users with clear, visible and immediate feedback on their actions, and require significant adjustment time for first-time users. This paper reports on a study with ten users, carried out to better understand how both prior experience and initial interaction with two touchscreen mobile interfaces (Apple iOS and Google Android) affected setup task performance and motivation. The results show that the reactions to setup on mobile interfaces appear to be partially dependent on which device was experienced first. Initial experience with lower-complexity devices improves performance on higher-complexity devices, but not vice versa. Based on these results, the paper proposes six guidelines for designers to design more intuitive and motivating user interfaces (UI) for setup procedures. The preliminary results indicate that these guidelines can contribute to the design of more inclusive mobile platforms and further work to validate these findings is proposed.
Resumo:
提出了在DBMS中支持多种安全策略的需求,指出了在DBMS中支持多安全策略所面临的主要问题,针对这些问题提出了支持多安全策略的DBMS体系结构(MSDA).在抽象层次上该体系结构与GFAC一致,主要区别表现在性能优化和面向DBMS的适应性改造.为了提高系统性能,MSDA在客体管理器中引入了访问判定缓存.而为了适用于DBMS,MSDA在体系结构层次引入了重写来支持高效的细粒度访问控制.此外还引入了访问上下文栈来支持视图和存储过程这类的受控访问机制.给出了MSDA在LOIS SDBMS v3.0中的实现,并通过实验给出了MSDA对目标系统的性能影响分析.结果表明,MSDA将访问控制判定与实施分离,既能充分解决数据库系统中支持多安全策略的相关问题,同时能够与当前主流关系数据库系统相匹配,不会造成目标系统性能的显著下降.
Resumo:
将信息流和可信计算技术结合,可以更好地保护操作系统完整性.但现有的可信计算度量机制存在动态性和效率方面的不足,而描述信息流的Biba完整性模型在应用时又存在单调性缺陷.本文将两者结合起来,基于Biba模型,以可信计算平台模块TPM为硬件信任根,引入信息流完整性,并提出了可信操作系统度量架构:BIFI.实验表明,BIFI不仅能很好地保护信息流完整性,而且对现有系统的改动很少,保证了效率.
Resumo:
强制访问控制能有效地防止用户有意或无意地破坏系统的安全,能够有效地防止病毒和木马以用户的身份破坏系统的安全,是高安全需求操作系统的主要防护手段。业界对操作系统强制访问控制研究起步很早。然而,面对日新月异的应用场景,面对计算机系统及操作系统自身相关技术的迅猛发展,已有的针对操作系统强制访问控制的研究工作不足以兼顾安全性、可用性和灵活性。以上不足集中体现在:1) 当前广泛使用的强制访问控制机制从设计上难以同时满足实用系统对安全性和可用性的要求;2) 强制访问控制的设计缺乏对操作系统所处分布式、网络化环境的考虑;3) 操作系统强制访问控制研发保障技术需要进一步研究。 针对这些问题,本论文从强制访问控制的设计和保障出发,对操作系统强制访问控制关键技术展开研究,并取得了以下几个方面的成果: 第一:强制访问控制格策略模型机制简洁,安全性易验证,在安全操作系统和安全增强操作系统上应用广泛。然而严格地实施格策略会带来可用性的问题。本文针对机密性和完整性强制访问控制格策略模型,分别给出了可监控客体框架和Clark-Wilson可信主体特权状态跃迁监控框架。这些框架具有细的刻画粒度,好的扩展性和简洁性,我们对这些框架给出了数学描述,并对带Clark-Wilson可信主体特权状态跃迁监控框架的完整性格模型给出了理论证明; 第二:针对分布式应用环境,提出了基于可信计算技术和域型实施(Domain and Type Enforcement: DTE)策略的操作系统分布式强制访问控制方案。我们从理论上证明了策略的安全性。相比国内外同类工作,该方案具有细的访问控制粒度,在系统验证的简洁性和部署的灵活性方面是最好的; 第三:实施强制访问控制的中高等级安全操作系统的安全性需要利用形式化方法的严密性进行保证。本文按照TCSEC B2级别的要求,利用Z/EVES形式化工具对SECIMOS安全操作系统进行了形式化保障:给出了安全模型的形式化规范,给出了安全不变量和安全定理,证明了安全定理,描述了形式化安全模型与顶层设计的一致性; 第四:操作系统强制访问控制框架是强制访问控制机制在操作系统上实现的基础。本文提出了针对操作系统强制访问控制框架的自动测试用例生成方案。该方案利用编译器辅助审计代码插入,约束求解器辅助置乱参数生成,测试用例精简等技术为FreeBSD MAC框架生成了一套有效的回归测试用例套件。同时也为基于FreeBSD MAC框架的NFSARK系列安全操作系统提供了坚实的实施基础。 本文的研究成果向圆满解决当前国内操作系统强制访问控制的设计、实施和保障中遇到的问题的目标迈出了坚实的一步。
Resumo:
文章介绍了基于OSEK标准实现的嵌入式实时操作系统-AlphaOSEK。该操作系统适于深嵌入、小内存、有强实时需求的环境。介绍了操作系统的各组成模块及相关特征,还分析了AlphaOSEK对OSEK标准的优化。
Resumo:
介绍了一种研究系统特权安全问题的方法.由于其特有的迁移系统安全状态的能力,使得分析及保护系统特权都很困难,因此,传统访问控制研究中所采用的技术无法复制到该领域.在访问控制空间理论下,检查了系统特权的来源问题及其特点,从而将系统规则划分为约束规则与执行规则两类,分别描述授权的限制与效果.进一步对规则逻辑形式进行推导,发现特权操作间的特殊授权关系以及相关属性,并设计了一种快速构造授权推导图的算法.在此基础上,分析隐式授权安全问题可能存在的滥用特权威胁.最后对POSIX(portable operating system interface)标准的权能机制进行形式化描述,计算并构造其授权推导图.对标准设计中存在的滥用威胁提供了对策,有效地实现了与最小特权原则的一致性.
Resumo:
任务可调度性判定是实时系统调度理论研究的核心问题.单调速率(RM)算法是实时调度的重要算法,自其提出以来已被广泛研究.然而到目前为止,尚缺乏专题性的文章来系统而深入地探讨RM及其扩展算法的可调度性判定,以及各种现实条件和实现方式(包括任务调度的时间开销和任务同步问题等)对可调度性的影响.围绕RM算法下的可调度性判定问题,由浅入深,系统性地讨论各种不同假设和实现方式对可调度性的影响,具体分为下述3大类问题:(1)理想的RM算法下的可调度性判定的CPU利用率最小上界及可调度的充分必要条件;(2)考虑调度时间开销情况下的可调度性判定条件;(3)优先级反转协议及其对可调度性的影响.给出了具体实例来阐述上述问题,并从算法复杂度和可检测率两方面来比较各种算法的优劣.
Resumo:
基于实时取证的思想,提出了一种安全可取证操作系统(security forensics operating system,简称SeFOS)的概念和实现思路.提出了其总体结构,建立了该系统的取证行为模型,对其取证服务和取证机制进行了分析并作了有关形式化描述,阐述了证据数据的采集和安全保护方法,提出把取证机制置于内核,基于进程、系统调用、内核资源分配和网络数据等获取证据的方法,并通过模拟实验验证了SeFOS的可取证性.可取证操作系统的研究对于进一步研究可取证数据库管理系统(forensic database management system,简称FDBMS)和可取证网络系统(forensic network,简称FNetWork)具有重要意义.
Resumo:
在分析常见入侵攻击的基础上抽象出入侵过程的一般模式,提出针对入侵攻击的取证系统应满足的特征。提出了入侵取证模型,并基于这一取证模型在操作系统内核层实现了取证系统原型KIFS(kernel intrusion forensic system)。在对实际入侵的取证实验中,根据KIFS得到的证据,成功记录并重构了一个针对FreeBSD系统漏洞的本地提升权限攻击的完整过程。