Efficient Algorithms for Large-Scale Image Analysis

This work develops highly efficient algorithms for analyzing large images. Applications include object-based change detection and screening. The algorithms are 10-100 times as fast as existing software, sometimes even outperforming FGPA/GPU hardware, because they are designed to suit the computer architecture. This thesis describes the implementation details and the underlying algorithm engineering methodology, so that both may also be applied to other applications

Efficient Main Memory Deduplication Through Cross Layer Integration

Limited main memory size is the primary bottleneck for consolidating VMs. Memory scanners reduce the memory footprint of VMs by eliminating duplicate memory pages. Our approach extends main memory scanners through Cross Layer I/O-based Hints (XLH). Compared to scanners such as KSM, XLH can merge equal pages that stem from the virtual disk image earlier by minutes and is capable of saving up to eight times as much memory, at the same scan-rate

Програмне забезпечення: практикум з англійської мови для студентів фізико-математичного факультету спеціальностей: «Інформатика», «Математика та інформатика», «Фізика та інформатика»

Практикум складається з 8 розділів, текстів для самостійного опрацювання, додаткового читання та додатків. Тексти підібрані з оригінальної науково-технічної літератури та містять необхідну термінологію зі спеціальності. До складу розділів входять вправи на закріплення лексико-граматичного матеріалу, тести, запитання. Вправи та тести побудовано на мовному матеріалі, який використовується в текстах розділів. Додається підсумковий тест для перевірки знань всього курсу. Для студентів неспеціальних факультетів денної, заочної та дистанційної форми навчання, які вивчають інформатику. Пізнавальний характер текстів зацікавить не лише зазначене коло студентів, але й усіх тих, хто поглиблено вивчає англійську мову

Secure portable execution and storage environments: A capability to improve security for remote working

Remote working is a practice that provides economic benefits to both the employing organisation and the individual. However, evidence suggests that organisations implementing remote working have limited appreciation of the security risks, particularly those impacting upon the confidentiality and integrity of information and also on the integrity and availability of the remote worker’s computing environment. Other research suggests that an organisation that does appreciate these risks may veto remote working, resulting in a loss of economic benefits. With the implementation of high speed broadband, remote working is forecast to grow and therefore it is appropriate that improved approaches to managing security risks are researched. This research explores the use of secure portable execution and storage environments (secure PESEs) to improve information security for the remote work categories of telework, and mobile and deployed working. This thesis with publication makes an original contribution to improving remote work information security through the development of a body of knowledge (consisting of design models and design instantiations) and the assertion of a nascent design theory. The research was conducted using design science research (DSR), a paradigm where the research philosophies are grounded in design and construction. Following an assessment of both the remote work information security issues and threats, and preparation of a set of functional requirements, a secure PESE concept was defined. The concept is represented by a set of attributes that encompass the security properties of preserving the confidentiality, integrity and availability of the computing environment and data. A computing environment that conforms to the concept is considered to be a secure PESE, the implementation of which consists of a highly portable device utilising secure storage and an up-loadable (on to a PC) secure execution environment. The secure storage and execution environment combine to address the information security risks in the remote work location. A research gap was identified as no existing ‘secure PESE like’ device fully conformed to the concept, enabling a research problem and objectives to be defined. Novel secure storage and execution environments were developed and used to construct a secure PESE suitable for commercial remote work and a high assurance secure PESE suitable for security critical remote work. The commercial secure PESE was trialled with an existing telework team looking to improve security and the high assurance secure PESE was trialled within an organisation that had previously vetoed remote working due to the sensitivity of the data it processed. An evaluation of the research findings found that the objectives had been satisfied. Using DSR evaluation frameworks it was determined that the body of knowledge had improved an area of study with sufficient evidence generated to assert a nascent design theory for secure PESEs. The thesis highlights the limitations of the research while opportunities for future work are also identified. This thesis presents ten published papers coupled with additional doctoral research (that was not published) which postulates the research argument that ‘secure PESEs can be used to manage information security risks within the remote work environment’

Automated visual inspection for the quality control of pad printing

Pad printing is used to decorate consumer goods largely because of its unique ability to apply graphics to doubly curved surfaces. The Intelpadrint project was conceived to develop a better understanding of the process and new printing pads, inks and printers. The thesis deals primarily with the research of a printer control system including machine vision. At present printing is manually controlled. Operator knowledge was gathered for use by an expert system to control the process. A novel local corner- matching algorithm was conceived to effect image segmentation, and neuro-fuzzy techniques were used to recognise patterns in printing errors. Non-linear Finite Element Analysis of the rubber printing-pad led to a method for pre-distorting artwork so that it would print undistorted on a curved product. A flexible, more automated printer was developed that achieves a higher printing rate. Ultraviolet-cured inks with improved printability were developed. The image normalisation/ error-signalling stage in inspection was proven in isolation, as was the pattern recognition system

The global intelligent file system framework.

"Since its inception the Internet has grown rapidly in both size and importance in our everyday lives. The Internet today is the preliminary model of what is commonly called the global information infrastructure. However, at the moment this "infrastructure" is considered to be an addition to our computer, and is not an integrated part of a file system which is essentially a "local information infrastructure" of a computer. Advancements in the sizes of disks in computers, network bandwidth and the types of media available mean users now keep large amounts of files in their personal data storage spaces, with little or no additional support for the organisation, searching or sharing of this data. The hierarchical model of file system storage is no longer the most effective way of organising and categorising files and information. Relying largely on the user, rather than the computer, being efficient and organised its inflexible nature renders it unsuitable for the meaningful coordination of an increasing bulk of divergent file types that users deal with on a daily basis. The work presented in this thesis describes a new paradigm for file storage, management and retrieval. Providing globally integrated document emplacement and administration, the GIFS (Global Intelligent File System) framework offers the necessary architecture for transparently directing the storage, access, sharing, manipulation, and security of files across interconnected computers. To address the discrepancy between user actions and computer actions, GIFS provides each user with a "Virtual Secretary" to reduce the cognitive workload and remove the time-consuming task of information organisation from the user. The Secretary is supported by a knowledge base and a collection of intelligent agents, which are programs that manage and process the data collected, and work behind the scenes aiding gradual proliferation of knowledge. The Virtual Secretary is responsible for providing fast and accurate assistance to aid users who wish to create, store, retrieve, share, secure and collaborate on their files. Through both system prototyping and performance simulation it is demonstrated that it is desirable as well as feasible to deploy a knowledge base in supporting an intelligent user interface that acts like a human assistant who handles paperwork, looks after filing, security and so on. This work provides the contribution of a new framework and architecture to the field of files systems and document management as well as focusing on reducing the burden placed upon users through everyday usage of computer systems. Such a framework has the potential to be evolved into a highly intelligent assistant to a user over a period of service and the introduction of additional agents, and provides the basis for advancements in file system and organisational technologies.

A new hierarchy cache scheme using RAM and pagefile

One newly designed hierarchical cache scheme is presented in this article. It is a two-level cache architecture using a RAM of a few megabytes and a large pagefile. Majority of cached data is in the pagefile that is nonvolatile and has better IO performance than that of normal data disks because of different data sizes and different access methods used. The RAM cache collects small writes first and then transfers them to the pagefile sequentially in large sizes. When the system is idle, data will be destaged from the pagefile to data disks. We have implemented the hierarchical cache as a filter driver that can be loaded onto the current Windows 2000/Windows XP operating system transparently. Benchmark test results show that the cache system can improve IO performance dramatically for small writes. © Springer-Verlag 2004

Design principles and patterns for computer systems that are simultaneously secure and usable

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2005.This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.Includes bibliographical references (p. 429-464) and index.It is widely believed that security and usability are two antagonistic goals in system design. This thesis argues that there are many instances in which security and usability can be synergistically improved by revising the way that specific functionality is implemented in many of today's operating systems and applications. Specific design principles and patterns are presented that can accomplish this goal. Patterns are presented that minimize the release of confidential information through remnant and remanent data left on hard drives, in web browsers, and in documents. These patterns are based on a study involving the purchase of 236 hard drives on the secondary market, interviews conducted with organizations whose drives had been acquired, and through a detailed examination of modern web browsers and reports of information leakage in documents. Patterns are presented that enable secure messaging through the adoption of new key management techniques. These patterns are supported through an analysis of S/MIME handling in modern email clients, a survey of 469 Amazon.com merchants, and a user study of 43 individuals. Patterns are presented for promoting secure operation and for reducing the danger of covert monitoring. These patterns are supported by the literature review and an analysis of current systems.(cont.) In every case considered, it is shown that the perceived antagonism of security and usability can be scaled back or eliminated by revising the underlying designs on which modern systems are conceived. In many cases these designs can be implemented without significant user interface changes. The patterns described in this thesis can be directly applied by today's software developers and used for educating the next generation of programmers so that longstanding usability problems in computer security can at last be addressed. It is very likely that additional patterns can be identified in other related areas.by Simson L. Garfinkel.Ph.D

CLASSIFYING AND RESPONDING TO NETWORK INTRUSIONS

Intrusion detection systems (IDS) have been widely adopted within the IT community, as passive monitoring tools that report security related problems to system administrators. However, the increasing number and evolving complexity of attacks, along with the growth and complexity of networking infrastructures, has led to overwhelming numbers of IDS alerts, which allow significantly smaller timeframe for a human to respond. The need for automated response is therefore very much evident. However, the adoption of such approaches has been constrained by practical limitations and administrators' consequent mistrust of systems' abilities to issue appropriate responses. The thesis presents a thorough analysis of the problem of intrusions, and identifies false alarms as the main obstacle to the adoption of automated response. A critical examination of existing automated response systems is provided, along with a discussion of why a new solution is needed. The thesis determines that, while the detection capabilities remain imperfect, the problem of false alarms cannot be eliminated. Automated response technology must take this into account, and instead focus upon avoiding the disruption of legitimate users and services in such scenarios. The overall aim of the research has therefore been to enhance the automated response process, by considering the context of an attack, and investigate and evaluate a means of making intelligent response decisions. The realisation of this objective has included the formulation of a response-oriented taxonomy of intrusions, which is used as a basis to systematically study intrusions and understand the threats detected by an IDS. From this foundation, a novel Flexible Automated and Intelligent Responder (FAIR) architecture has been designed, as the basis from which flexible and escalating levels of response are offered, according to the context of an attack. The thesis describes the design and operation of the architecture, focusing upon the contextual factors influencing the response process, and the way they are measured and assessed to formulate response decisions. The architecture is underpinned by the use of response policies which provide a means to reflect the changing needs and characteristics of organisations. The main concepts of the new architecture were validated via a proof-of-concept prototype system. A series of test scenarios were used to demonstrate how the context of an attack can influence the response decisions, and how the response policies can be customised and used to enable intelligent decisions. This helped to prove that the concept of flexible automated response is indeed viable, and that the research has provided a suitable contribution to knowledge in this important domain