Abstract: Mobile ad hoc networks (MANETs) are collections of autonomous mobile nodes with links that are made or broken in an arbitrary way. Due to frequent node and link failures, multipath MANET is preferred than single-path MANET in many applications. Multipath routing schemes are used for achieving various goals such as robustness, reliability, and load balancing. However, before they can be successfully deployed several security threats must be addressed. Due to lack of fixed infrastructure, security in ad-hoc routing is challenging task, especially in multipath MANET. In this paper, we propose a robust multipath routing scheme for MANET and also security mechanism for such a routing scheme. We discuss security analysis for our scheme. And we conduct simulation to evaluate the cost of the proposed secure multipath routing scheme and present some preliminary results.

Abstract: User applications and data in volatile memory are usually lost when an operating system crashes because of errors caused by either hardware or software faults. This is because most operating systems are designed to stop working when some internal errors are detected despite the possibility that user data and applications might still be intact and recoverable. Techniques like exception handling, code reloading, operating system component isolation, micro-rebooting, automatic system service restarts, watchdog timer based recovery and transactional components can be applied to attempt self-healing of an operating system from a wide variety of errors. Fault injection experiments show that these techniques can be used to continue running user applications after transparently recovering the operating system in a large percentage of cases. In cases where transparent recovery is not possible, individual process recovery can be attempted as a last resort.

Abstract: In this paper, we present a Byzantine fault tolerant distributed commit protocol for transactions running over un- trusted networks. The traditional two-phase commit protocol is enhanced by replicating the coordinator and by running a Byzantine agreement algorithm among the coordinator replicas. Our protocol can tolerate Byzantine faults at the coordinator replicas and a subset of malicious faults at the participants. A decision certificate, which includes a set of registration records and a set of votes from participants, is used to facilitate the coordinator replicas to reach a Byzantine agreement on the outcome of each transaction. The certificate also limits the ways a faulty replica can use towards non-atomic termination of transactions, or semantically incorrect transaction outcomes.

Abstract: Many combinatorial reliability models assume binary designation of states for both systems and their components. In many real applications, however, systems and their components may have more than two states (or levels of performance) varying from perfect operation to complete failure. In this paper, we present two combinatorial decision diagram based models that have been proposed for the analysis of multistate systems: multistate binary decision diagrams (MBDD) based approach and multistate multivalued decision diagrams (MMDD) based approach. And we conduct an empirical performance comparison between those two methods in terms of model size and computational complexity via two illustrative examples.

Abstract: Effective and efficient fraud prevention is a core capability required from financial institutions towards detecting and minimizing losses due to unlawful transactions. With the ubiquitous availability of unmanned customer interaction channels (e.g., Internet and mobile banking), the challenge of controlling fraud has increased substantially demanding fraud management frameworks capable of providing fraud analysts with effective mechanisms for defining fraud policies, and system architectures for large scale real-time screening of click stream data, arising from multiple channels at differing time windows. In this paper we describe a fraud management framework encompassing a rule-based financial fraud modelling language (FFML) for conceptual level modelling and validation of fraud policies and a fraud prevention architecture based on implementing fraud policies using StreamSQL, a novel and emerging standard for processing real-time data streams. A key element of the framework is the attempt to detect fraud proactively, blocking transactions encompassing suspicious click stream patterns. The framework described in this paper is being developed as an integral part of the FSA compliance program within the SpartaPay payment gateway, a multi-channel financial platform for managing micropayments.

Abstract: All practical applications contain some degree of non- determinism. When such applications are replicated to achieve Byzantine fault tolerance (BFT), their nondeterministic operations must be controlled to ensure replica consistency. To the best of our knowledge, only the most simplistic types of replica nondeterminism have been dealt with. Furthermore, there lacks a systematic approach to handling common types of nondeterminism. In this paper, we propose a classification of common types of replica nondeterminism with respect to the requirement of achieving Byzantine fault tolerance, and describe the design and implementation of the core mechanisms necessary to handle such nondeterminism within a Byzantine fault tolerance framework.

Abstract: Access control in network file systems relies on primitive mechanisms like access control lists and permission bits, which are not enough when operating in a hostile network environment. Network middleboxes, e.g., firewalls, completely ignore file system semantics when defining policies. Therefore, implementing simple context-aware access policies requires modifications to file servers and/or clients, which is impractical. We present FileWall, a network middlebox that allows administrators to define context-aware access policies for file systems using both the network context and the file system context. FileWall interposes on the client-server network path and implements administrator defined policies through message transformation without modifying either clients or servers. In this paper, we present the design and implementation of FileWall for the NFS protocol. Our evaluation demonstrates that FileWall imposes minimal overheads for common file system operations, even under heavy loads.

Abstract: Based on insights from the development of a commercial framework for the autonomic management of data center resources, we identify some of the main challenges faced by autonomic architectures. We describe a number of best practices for overcoming or, in some cases, working around these challenges, and we propose a general-purpose autonomic architecture that complies with our best practices and builds on recent advances in autonomic solution development. The core component of the architecture is a universal policy engine configured by means of a model of the resources placed under its control, and using a set of flexible policies for their management. This model-driven approach enables the development of effective autonomic systems comprising a heterogeneous mix of legacy resources and autonomic-enabled components.

Abstract: The execution of a distributed program generates a large state space which needs to be checked in testing and debugging. This state space can be reduced by using atoms corresponding to code blocks before performing the checking of the required program properties. This paper presents our results in using atoms which are known at program design time for this purpose. We consider the impact of incomplete or incorrect knowledge of atoms on the validity of checking if a run is indeed atomic with respect to the identified atoms and if it satisfies the required program properties.

Abstract: As a common technology for fault tolerance and load balance, rollback-recovery faces the challenges of scalability and inherent variability in those long-running large-scale applications with grids as the computing infrastructure. Among the rollback recovery schemes, pessimistic message logging protocols (PMLPs) and coordinated checkpointing protocols (CCPs) are the most popular in practice. Although PMLPs are good in scalability, their fault-free overhead sometimes is prohibitive. CCPs introduce relatively lower overhead, but they are poor in scalability. This work employs partition strategy and introduces the concept of pessimism grain to rollback recovery, striking a balance between good scalability and acceptable overhead. For a partitioned system, a coarse-grained pessimistic message-logging protocol is proposed to achieve scalability and asynchrony both in fault-free execution and in fault recovery. The impact of pessimism grain on the performance is evaluated theoretically. Experimental results show that the pessimism grain is one of the key configuration parameters to reach a desired performance level.

Abstract: Active and passive replication models constitute an effective way to achieve the availability objectives of distributed real-time (DRE) systems. These two models have different impacts on the application performance. Although these models have been commonly used in practical systems, a systematic quantitative evaluation of their influence on the application performance has not been conducted. In this paper we describe a methodology to analyze the application performance in the presence of active and passive replication models. For each one of these models, we obtain an analytical expression for the application response time in terms of the model parameters. Based on these analytical expressions, we derive the conditions under which one replication model has better performance over the other. Our results indicate that the superiority of one replication model over the other is governed not only by the model parameters but also by the application characteristics. We illustrate the value of the analytical expressions to assess the influence of the parameters of each model on the application response time and for a comparative analysis of the two models.

Abstract: In federated systems, trust management is critical for information sharing and online collaboration. Security tokens provide a way to convey and exchange trust information for security and privacy protection. Although several communication protocols have mechanisms to exchange security tokens, users may still encounter difficulties when they have to handle security tokens across heterogeneous platforms and security domains. Semantic gaps and incompatibilities are major barriers for trust information exchange in federated trust management. This paper introduces a hybrid approach with intermediary- and query-based mechanisms to resolve semantic gaps and incompatibilities for different types of trust information exchanged by security tokens, and then proposes different exchange models for different types of information. This paper also provides a comprehensive framework to exchange security tokens across security domains with suitable approaches and exchange models. The application of this framework in a healthcare environment provides a new method to interoperate trust information for security- and privacy-critical applications.

Abstract: In memory-based collaborative filtering, the existing methods conduct a prediction based on the overall consistency of two users or items. The major problem with these methods is that it is hard to find users/items that are overall consistent with the test user/item in the system. In addition, these methods are sometimes being over optimistic, and disregard some useful information in user profiles in making a prediction. This paper exposes the drawbacks in these methods and proposes an inference-based recommendation scheme to overcome those drawbacks. This model is based on the fact that any two users may have common interest genres as well as different ones, with the capability of making full use of rating information to capture accurately the relevance between item and user. Experimental results from two popular public datasets, EachMovie and Movielens, show that our approach improves significantly the prediction accuracy.

Abstract: When comparing software programs based on certain qualities there is usually more than one metric that can be used. Often these metrics may contradict one another or there may be no standard acceptance thresholds. In this work we demonstrate how the Analytical Hierarchy Process (AHP) can be used to mitigate the aforementioned deficiencies in metrics-based software decision making. We illustrate the procedure by incorporating value judgments from a group of experts into an existing metrics data set to rank the design complexity in three imaging software packages. In this case the injection of expert opinion in a formalized framework minimizes the problems associated with conflicting metrics. The contribution of this work is to demonstrate how a combination of expert opinion and tool-collected measures can be used to reason about software programs. The methodology employed can be easily modified to include different metrics, applications and weights, thus providing a practical assessment tool for decision making about software.

Abstract: Anonymity technologies such as mix networks have gained increasing attention as a way to provide communication privacy. Mix networks were developed for message-based applications such as email, but researchers have adapted mix techniques to low-latency, flow-based applications such as anonymous web browsing. In this paper, we systematically address TCP performance issues of flow-based mix networks. We explain why a mix's batching and reordering schemes can dramatically reduce TCP throughput due to out-of-order packet delivery. We developed a theoretical model to analyze such impact and present closed formulae for TCP throughput in mix networks. To improve TCP performance, we examined the approach of increasing TCP's duplicate threshold parameter and derived closed formulae for the performance gains. Our simulation results matched our theoretical analysis well.

Abstract: This paper deals with the evaluation of the reliability of a dynamic hierarchical system. Reliability of the system is calculated precisely by incorporating modular imperfect coverage model for both static and dynamic subsystems. Modular imperfect coverage model is analyzed in detail using formal methods to debug the specification errors and remove any ambiguity. A modular and hierarchical decomposition method that combines Markov Analysis and a separable binary decision diagrams based combinatorial method is applied to the reliability analysis of dynamic hierarchical systems subject to modular imperfect coverage. We illustrate our approach by analyzing an example hierarchical computer system.

Abstract: Software security has become a prominent area of research in recent years, with research efforts spanning a wide range of topics. Among these are techniques such as those in this paper that are in the general area of languages, compilers and architecture aimed at increasing the security of computing systems. This paper describes a compiler technique that performs risk-analysis on source code and generates an encrypted executable that both provides security but yet reduces overhead by selectively encrypting low-risk portions with less overhead. Regions of the code that are more vulnerable receive a higher degree of encryption. Experimental results for this technique, which we call Region-Based Security, using a collection of benchmarks show that execution overhead is reduced considerably by using this approach.

Abstract: MuniSocket (multiple-network-interface socket) provides mechanisms to enhance the communication performance properties such as throughput, transfer time, and reliability by utilizing the existing multiple network interface cards between a pair of computers. Although the MuniSocket model has some communication performance advantages over the regular socket, it has a number of configuration complexity drawbacks including the complexity of establishing multiple channels and configuration for good communication performance under different connection scenarios. This paper develops some self- configuration techniques for MuniSocket. These techniques are self-discovery technique for discovering the existence of network interfaces and their performance properties, self-configuration for establishing channels over the interfaces, and self-optimization for selecting the best channels combinations for sending various message sizes. While these techniques enhance communication performance among computers, they also reduce the complexity of configuring MuniSocket and making its interface compatible with the regular TCP socket interface.