Practical Fine-grained Privilege Separation in Multithreaded Applications

An inherent security limitation with the classic multithreaded programming model is that all the threads share the same address space and, therefore, are implicitly assumed to be mutually trusted. This assumption, however, does not take into consideration of many modern multithreaded applications that involve multiple principals which do not fully trust each other. It remains challenging to retrofit the classic multithreaded programming model so that the security and privilege separation in multi-principal applications can be resolved. This paper proposes ARBITER, a run-time system and a set of security primitives, aimed at fine-grained and data-centric privilege separation in multithreaded applications. While enforcing effective isolation among principals, ARBITER still allows flexible sharing and communication between threads so that the multithreaded programming paradigm can be preserved. To realize controlled sharing in a fine-grained manner, we created a novel abstraction named ARBITER Secure Memory Segment (ASMS) and corresponding OS support. Programmers express security policies by labeling data and principals via ARBITER's API following a unified model. We ported a widely-used, in-memory database application (memcached) to ARBITER system, changing only around 100 LOC. Experiments indicate that only an average runtime overhead of 5.6% is induced to this security enhanced version of application

OSIA: Out-of-order scheduling for in-order arriving in concurrent multi-path transfer.

One major problem of concurrent multi-path transfer (CMT) scheme in multi-homed mobile networks is that the utilization of different paths with diverse delays may cause packet reordering among packets of the same ?ow. In the case of TCP-like, the reordering exacerbates the problem by bringing more timeouts and unnecessary retransmissions, which eventually degrades the throughput of connections considerably. To address this issue, we ?rst propose an Out-of-order Scheduling for In-order Arriving (OSIA), which exploits the sending time discrepancy to preserve the in-order packet arrival. Then, we formulate the optimal traf?c scheduling as a constrained optimization problem and derive its closedform solution by our proposed progressive water-?lling solution. We also present an implementation to enforce the optimal scheduling scheme using cascaded leaky buckets with multiple faucets, which provides simple guidelines on maximizing the utilization of aggregate bandwidth while decreasing the probability of triggering 3 dupACKs. Compared with previous work, the proposed scheme has lower computation complexity and can also provide the possibility for dynamic network adaptability and ?ner-grain load balancing. Simulation results show that our scheme signi?cantly alleviates reordering and enhances transmission performance

Optical Technologies and Control Methods for Scalable Data Centre Networks

Attributing to the increasing adoption of cloud services, video services and associated machine learning applications, the traffic demand inside data centers is increasing exponentially, which necessitates an innovated networking infrastructure with high scalability and cost-efficiency. As a promising candidate to provide high capacity, low latency, cost-effective and scalable interconnections, optical technologies have been introduced to data center networks (DCNs) for approximately a decade. To further improve the DCN performance to meet the increasing traffic demand by using photonic technologies, two current trends are a)increasing the bandwidth density of the transmission links and b) maximizing IT and network resources utilization through disaggregated topologies and architectures. Therefore, this PhD thesis focuses on introducing and applying advanced and efficient technologies in these two fields to DCNs to improve their performance. On the one hand, at the link level, since the traditional single-mode fiber (SMF) solutions based on wavelength division multiplexing (WDM) over C+L band may fall short in satisfying the capacity, front panel density, power consumption, and cost requirements of high-performance DCNs, a space division multiplexing (SDM) based DCN using homogeneous multi-core fibers (MCFs) is proposed.With the exploited bi-directional model and proposed spectrum allocation algorithms, the proposed DCN shows great benefits over the SMF solution in terms of network capacity and spatial efficiency. In the meanwhile, it is found that the inter-core crosstalk (IC-XT) between the adjacent cores inside the MCF is dynamic rather than static, therefore, the behaviour of the IC-XT is experimentally investigated under different transmission conditions. On the other hand, an optically disaggregated DCN is developed and to ensure the performance of it, different architectures, topologies, resource routing and allocation algorithms are proposed and compared. Compared to the traditional server-based DCN, the resource utilization, scalability and the cost-efficiency are significantly improved

Lower Bounding Ground-State Energies of Local Hamiltonians Through the Renormalization Group

Given a renormalization scheme, we show how to formulate a tractable convex relaxation of the set of feasible local density matrices of a many-body quantum system. The relaxation is obtained by introducing a hierarchy of constraints between the reduced states of ever-growing sets of lattice sites. The coarse-graining maps of the underlying renormalization procedure serve to eliminate a vast number of those constraints, such that the remaining ones can be enforced with reasonable computational means. This can be used to obtain rigorous lower bounds on the ground state energy of arbitrary local Hamiltonians, by performing a linear optimization over the resulting convex relaxation of reduced quantum states. The quality of the bounds crucially depends on the particular renormalization scheme, which must be tailored to the target Hamiltonian. We apply our method to 1D translation-invariant spin models, obtaining energy bounds comparable to those attained by optimizing over locally translation-invariant states of $n\gtrsim 100$ spins. Beyond this demonstration, the general method can be applied to a wide range of other problems, such as spin systems in higher spatial dimensions, electronic structure problems, and various other many-body optimization problems, such as entanglement and nonlocality detection.Comment: Minor corrections, references adde

A Novel Block-based Watermarking Scheme Using the SVD Transform

In this paper, a block-based watermarking scheme based on the Singular Value Decomposition (SVD) is proposed. Our watermark, a pseudo-random Gaussian sequence, is embedded by modifying the angles formed by the right singular vectors of each block of the original image. The orthogonality property of the right singular vector matrix is preserved during the embedding process. Several experiments have been carried out to test the performance of the proposed scheme against different attack scenarios. We conclude that the proposed scheme is resistant against common signal processing operations and attacks, while it preserves the quality of the original image

Decoupling in the liquid crystals and solid state NMR of Fluorine containing organics

The success of NMR methods in solids and liquid crystals is strongly related to more and more sophisticated strategies of spin decoupling. This is particularly true for liquid crystal samples where high resolved decoupled spectra are required. In the first part of this thesis we described the basic principles of spin decoupling and through numerical simulations based on appropriate spin modelling we provided new physical insight. Testing several decoupling schemes in fluorinated liquid crystals we found anomalous line broadenings of carbon resonances close to (^19)F. The underlying mechanisms of these broadenings were successfully explained in terms of 'H decoupling effects. We demonstrated that these broadening effects are related to the difficulty of (^1)H decoupling in the presence of strong (^1)H—(^19)F dipolar interactions. Employment of sophisticated decoupling methods drastically reduced or even fully eliminated the sources of these line-broadenings. In the second part of this thesis we extended the preceding work to spinning samples (both liquid crystals and solids). Analogous line-broadenings from decoupling effects are also at work here. However additional line-broadening mechanisms, such as magic angle spinning misset and (^19)F lifetime-broadening are also limiting factors of carbon linewidth. Quantification and assignments of dipolar splittings are vital to understand complex molecular conformations of liquid crystalline phases. To extract this information from ID NMR could be difficult. This difficulty arises from the complexity of ID spectra, and so 2D NMR methods have been explored. In the last part of this work we designed Separated-Local-Field sequences, showing that this class of experiments are particularly suited to quantitative use of C—F splittings in fluorinated liquid crystals