3,695 research outputs found
Revisiting MAB based approaches to recursive delegation
In this paper we examine the effectiveness of several multi-arm bandit
algorithms when used as a trust system to select agents to delegate tasks to.
In contrast to existing work, we allow for recursive delegation to occur. That
is, a task delegated to one agent can be delegated onwards by that agent, with
further delegation possible until some agent finally executes the task. We show
that modifications to the standard multi-arm bandit algorithms can provide
improvements in performance in such recursive delegation settings
Algorithms for Recursive Delegation
Peer reviewedPostprin
NXNSAttack: Recursive DNS Inefficiencies and Vulnerabilities
This paper exposes a new vulnerability and introduces a corresponding attack,
the NoneXistent Name Server Attack (NXNSAttack), that disrupts and may paralyze
the DNS system, making it difficult or impossible for Internet users to access
websites, web e-mail, online video chats, or any other online resource. The
NXNSAttack generates a storm of packets between DNS resolvers and DNS
authoritative name servers. The storm is produced by the response of resolvers
to unrestricted referral response messages of authoritative name servers. The
attack is significantly more destructive than NXDomain attacks (e.g., the Mirai
attack): i) It reaches an amplification factor of more than 1620x on the number
of packets exchanged by the recursive resolver. ii) In addition to the negative
cache, the attack also saturates the 'NS' section of the resolver caches. To
mitigate the attack impact, we propose an enhancement to the recursive resolver
algorithm, MaxFetch(k), that prevents unnecessary proactive fetches. We
implemented the MaxFetch(1) mitigation enhancement on a BIND resolver and
tested it on real-world DNS query datasets. Our results show that MaxFetch(1)
degrades neither the recursive resolver throughput nor its latency. Following
the discovery of the attack, a responsible disclosure procedure was carried
out, and several DNS vendors and public providers have issued a CVE and patched
their systems
PLACES'10: The 3rd Workshop on Programmng Language Approaches to concurrency and Communication-Centric Software
Paphos, Cyprus. March 201
A Modular Toolkit for Distributed Interactions
We discuss the design, architecture, and implementation of a toolkit which
supports some theories for distributed interactions. The main design principles
of our architecture are flexibility and modularity. Our main goal is to provide
an easily extensible workbench to encompass current algorithms and incorporate
future developments of the theories. With the help of some examples, we
illustrate the main features of our toolkit.Comment: In Proceedings PLACES 2010, arXiv:1110.385
ViotSOC: Controlling Access to Dynamically Virtualized IoT Services using Service Object Capability
Virtualization of Internet of Things(IoT) is a concept of dynamically
building customized high-level IoT services which
rely on the real time data streams from low-level physical
IoT sensors. Security in IoT virtualization is challenging,
because with the growing number of available (building
block) services, the number of personalizable virtual
services grows exponentially. This paper proposes Service
Object Capability(SOC) ticket system, a decentralized access
control mechanism between servers and clients to effi-
ciently authenticate and authorize each other without using
public key cryptography. SOC supports decentralized
partial delegation of capabilities specified in each server/-
client ticket. Unlike PKI certificates, SOC’s authentication
time and handshake packet overhead stays constant regardless
of each capability’s delegation hop distance from the
root delegator. The paper compares SOC’s security bene-
fits with Kerberos and the experimental results show SOC’s
authentication incurs significantly less time packet overhead
compared against those from other mechanisms based on
RSA-PKI and ECC-PKI algorithms. SOC is as secure as,
and more efficient and suitable for IoT environments, than
existing PKIs and Kerberos
Interactive certificate for the verification of Wiedemann's Krylov sequence: application to the certification of the determinant, the minimal and the characteristic polynomials of sparse matrices
Certificates to a linear algebra computation are additional data structures
for each output, which can be used by a-possibly randomized- verification
algorithm that proves the correctness of each output. Wiede-mann's algorithm
projects the Krylov sequence obtained by repeatedly multiplying a vector by a
matrix to obtain a linearly recurrent sequence. The minimal polynomial of this
sequence divides the minimal polynomial of the matrix. For instance, if the
input matrix is sparse with n 1+o(1) non-zero entries, the
computation of the sequence is quadratic in the dimension of the matrix while
the computation of the minimal polynomial is n 1+o(1), once that projected
Krylov sequence is obtained. In this paper we give algorithms that compute
certificates for the Krylov sequence of sparse or structured
matrices over an abstract field, whose Monte Carlo verification complexity can
be made essentially linear. As an application this gives certificates for the
determinant, the minimal and characteristic polynomials of sparse or structured
matrices at the same cost
Multi-domain service orchestration over networks and clouds: a unified approach
End-to-end service delivery often includes transparently inserted Network Functions (NFs) in the path. Flexible service chaining will require dynamic instantiation of both NFs and traffic forwarding overlays. Virtualization techniques in compute and networking, like cloud and Software Defined Networking (SDN), promise such flexibility for service providers. However, patching together existing cloud and network control mechanisms necessarily puts one over the above, e.g., OpenDaylight under an OpenStack controller. We designed and implemented a joint cloud and network resource virtualization and programming API. In this demonstration, we show that our abstraction is capable for flexible service chaining control over any technology domain
- …