14,970 research outputs found
A Language-Based Approach for Improving the Robustness of Network Application Protocol Implementations
The secure and robust functioning of a network relies on the defect-free implementation of network applications. As network protocols have become increasingly complex, however, hand-writing network message processing code has become increasingly error-prone. In this paper, we present a domain-specific language, Zebu, for describing protocol message formats and related processing constraints. From a Zebu specification, a compiler automatically generates stubs to be used by an application to parse network messages. Zebu is easy to use, as it builds on notations used in RFCs to describe protocol grammars. Zebu is also efficient, as the memory usage is tailored to application needs and message fragments can be specified to be processed on demand. Finally, Zebu-based applications are robust, as the Zebu compiler automatically checks specification consistency and generates parsing stubs that include validation of the message structure. Using a mutation analysis in the context of SIP and RTSP, we show that Zebu significantly improves application robustness
ANCHOR: logically-centralized security for Software-Defined Networks
While the centralization of SDN brought advantages such as a faster pace of
innovation, it also disrupted some of the natural defenses of traditional
architectures against different threats. The literature on SDN has mostly been
concerned with the functional side, despite some specific works concerning
non-functional properties like 'security' or 'dependability'. Though addressing
the latter in an ad-hoc, piecemeal way, may work, it will most likely lead to
efficiency and effectiveness problems. We claim that the enforcement of
non-functional properties as a pillar of SDN robustness calls for a systemic
approach. As a general concept, we propose ANCHOR, a subsystem architecture
that promotes the logical centralization of non-functional properties. To show
the effectiveness of the concept, we focus on 'security' in this paper: we
identify the current security gaps in SDNs and we populate the architecture
middleware with the appropriate security mechanisms, in a global and consistent
manner. Essential security mechanisms provided by anchor include reliable
entropy and resilient pseudo-random generators, and protocols for secure
registration and association of SDN devices. We claim and justify in the paper
that centralizing such mechanisms is key for their effectiveness, by allowing
us to: define and enforce global policies for those properties; reduce the
complexity of controllers and forwarding devices; ensure higher levels of
robustness for critical services; foster interoperability of the non-functional
property enforcement mechanisms; and promote the security and resilience of the
architecture itself. We discuss design and implementation aspects, and we prove
and evaluate our algorithms and mechanisms, including the formalisation of the
main protocols and the verification of their core security properties using the
Tamarin prover.Comment: 42 pages, 4 figures, 3 tables, 5 algorithms, 139 reference
Performance evaluation of a distributed integrative architecture for robotics
The eld of robotics employs a vast amount of coupled sub-systems. These need to interact
cooperatively and concurrently in order to yield the desired results. Some hybrid algorithms
also require intensive cooperative interactions internally. The architecture proposed lends it-
self amenable to problem domains that require rigorous calculations that are usually impeded
by the capacity of a single machine, and incompatibility issues between software computing
elements. Implementations are abstracted away from the physical hardware for ease of de-
velopment and competition in simulation leagues. Monolithic developments are complex, and
the desire for decoupled architectures arises. Decoupling also lowers the threshold for using
distributed and parallel resources. The ability to re-use and re-combine components on de-
mand, therefore is essential, while maintaining the necessary degree of interaction. For this
reason we propose to build software components on top of a Service Oriented Architecture
(SOA) using Web Services. An additional bene t is platform independence regarding both
the operating system and the implementation language. The robot soccer platform as well
as the associated simulation leagues are the target domain for the development. Furthermore
are machine vision and remote process control related portions of the architecture currently
in development and testing for industrial environments. We provide numerical data based on
the Python frameworks ZSI and SOAPpy undermining the suitability of this approach for the
eld of robotics. Response times of signi cantly less than 50 ms even for fully interpreted,
dynamic languages provides hard information showing the feasibility of Web Services based
SOAs even in time critical robotic applications
Virtual Communication Stack: Towards Building Integrated Simulator of Mobile Ad Hoc Network-based Infrastructure for Disaster Response Scenarios
Responses to disastrous events are a challenging problem, because of possible
damages on communication infrastructures. For instance, after a natural
disaster, infrastructures might be entirely destroyed. Different network
paradigms were proposed in the literature in order to deploy adhoc network, and
allow dealing with the lack of communications. However, all these solutions
focus only on the performance of the network itself, without taking into
account the specificities and heterogeneity of the components which use it.
This comes from the difficulty to integrate models with different levels of
abstraction. Consequently, verification and validation of adhoc protocols
cannot guarantee that the different systems will work as expected in
operational conditions. However, the DEVS theory provides some mechanisms to
allow integration of models with different natures. This paper proposes an
integrated simulation architecture based on DEVS which improves the accuracy of
ad hoc infrastructure simulators in the case of disaster response scenarios.Comment: Preprint. Unpublishe
OGSA first impressions: a case study re-engineering a scientific applicationwith the open grid services architecture
We present a case study of our experience re-engineeringa scientific application using the Open Grid Services Architecture(OGSA), a new specification for developing Gridapplications using web service technologies such as WSDLand SOAP. During the last decade, UCL?s Chemistry departmenthas developed a computational approach for predictingthe crystal structures of small molecules. However,each search involves running large iterations of computationallyexpensive calculations and currently takes a fewmonths to perform. Making use of early implementationsof the OGSA specification we have wrapped the Fortranbinaries into OGSI-compliant service interfaces to exposethe existing scientific application as a set of loosely coupledweb services. We show how the OGSA implementationfacilitates the distribution of such applications across alarge network, radically improving performance of the systemthrough parallel CPU capacity, coordinated resourcemanagement and automation of the computational process.We discuss the difficulties that we encountered turning Fortranexecutables into OGSA services and delivering a robust,scalable system. One unusual aspect of our approachis the way we transfer input and output data for the Fortrancodes. Instead of employing a file transfer service wetransform the XML encoded data in the SOAP message tonative file format, where possible using XSLT stylesheets.We also discuss a computational workflow service that enablesusers to distribute and manage parts of the computationalprocess across different clusters and administrativedomains. We examine how our experience re-engineeringthe polymorph prediction application led to this approachand to what extent our efforts have succeeded
Formally based semi-automatic implementation of an open security protocol
International audienceThis paper presents an experiment in which an implementation of the client side of the SSH Transport Layer Protocol (SSH-TLP) was semi-automatically derived according to a model-driven development paradigm that leverages formal methods in order to obtain high correctness assurance. The approach used in the experiment starts with the formalization of the protocol at an abstract level. This model is then formally proved to fulfill the desired secrecy and authentication properties by using the ProVerif prover. Finally, a sound Java implementation is semi-automatically derived from the verified model using an enhanced version of the Spi2Java framework. The resulting implementation correctly interoperates with third party servers, and its execution time is comparable with that of other manually developed Java SSH-TLP client implementations. This case study demonstrates that the adopted model-driven approach is viable even for a real security protocol, despite the complexity of the models needed in order to achieve an interoperable implementation
- …