Increasing the power efficiency of Bloom filters for network string matching

Although software based techniques are widely accepted in computer security systems, there is a growing interest to utilize hardware opportunities in order to compensate for the network bandwidth increases. Recently, hardware based virus protection systems have started to emerge. This type of hardware systems work by identifying the malicious content and removing it from the network streams. In principle, they make use of string matching. Bit by bit, they compare the virus signatures with the bit strings in the network. The bloom filters are ideal data structures for string matching. Nonetheless, they consume large power when many of them used in parallel to match different virus signatures. In this paper, we propose a new type of Bloom filter architecture which exploits well-known pipelining techniqu

Energy-efficient pipelined bloom filters for network intrusion detection

This document is made available in accordance with publisher policies. Please cite only the published version using the reference above. Full terms of use are available

The Performance of a Second Generation Service Discovery Protocol In Response to Message Loss

We analyze the behavior of FRODO, a second generation service discovery protocol, in response to message loss in the network. Earlier protocols, like UPnP and Jini rely on underlying network layers to enhance their failure recovery. A comparison with UPnP and Jini shows that FRODO performs more efficiently in maintaining consistency, with shorter latency, not relying on lower network layers for robustness and therefore functions correctly on a simple lightweight protocol stack

Design of a multiple bloom filter for distributed navigation routing

Unmanned navigation of vehicles and mobile robots can be greatly simplified by providing environmental intelligence with dispersed wireless sensors. The wireless sensors can work as active landmarks for vehicle localization and routing. However, wireless sensors are often resource scarce and require a resource-saving design. In this paper, a multiple Bloom-filter scheme is proposed to compress a global routing table for a wireless sensor. It is used as a lookup table for routing a vehicle to any destination but requires significantly less memory space and search effort. An error-expectation-based design for a multiple Bloom filter is proposed as an improvement to the conventional false-positive-rate-based design. The new design is shown to provide an equal relative error expectation for all branched paths, which ensures a better network load balance and uses less memory space. The scheme is implemented in a project for wheelchair navigation using wireless camera motes. © 2013 IEEE

An architecture for certification-aware service discovery

Service-orientation is an emerging paradigm for building complex systems based on loosely coupled components, deployed and consumed over the network. Despite the original intent of the paradigm, its current instantiations are limited to a single trust domain (e.g., a single organization). Also, some of the key promises of service-orientation - such as the dynamic orchestration of externally provided software services, using runtime service discovery and deployment - are still unachieved. One of the main reasons for this is the trust gap that normally arises when software services, offered by previously unknown providers, are to be selected at run-time, without any human intervention. To close this gap, the concept of machine-readable security certificates (called asserts) has been recently introduced, which paves the way to automated processing about security properties of services. Similarly to current security certification schemes, the assessment of the security properties of a service is delegated to an independent third party (certification authority), who issues a corresponding assert, bound to the service. In this paper, we propose an architecture, which exploits the assert concept to realise a certification-aware service discovery framework. The architecture supports the discovery of single services based on certified security properties (in additional to the usual functional properties), as well as the dynamic synthesis of service compositions, that satisfy the given security properties. The architecture is extensible, thus allowing for a range of domain specific matchmaking components, to cover dimensions related to, e.g., performance, cost and other non-functional characteristics

Operation Composition Based on Linear Logic

AbstractWhile most literatures concentrate on composing services to reach complex service requirement, they all neglect one fact: service may has several operations which can also be composed to accomplish a complex function. This paper considers operation composition and imports linear logic to reason the correctness of composed operation. In the new framework, operation is expressed as linear logic axiom and the composed operation is expressed as linear logic theorem. With the help of correctness and completeness linear logic, we can verify the composed operation can meet the requirement. Experiment results show that the proposed method can improve recall rate of service discovery

On consistency maintenance in service discovery

Communication and node failures degrade the ability of a service discovery protocol to ensure Users receive the correct service information when the service changes. We propose that service discovery protocols employ a set of recovery techniques to recover from failures and regain consistency. We use simulations to show that the type of recovery technique a protocol uses significantly impacts the performance. We benchmark the performance of our own service discovery protocol, FRODO against the performance of first generation service discovery protocols, Jini and UPnP during increasing communication and node failures. The results show that FRODO has the best overall consistency maintenance performance

Bandwidth Allocation and Routing Information for Wireless Mobile Ad-hoc Networks

An admission control Algorithm must organize among flows and should afford assurance of how the medium is shared between nodes. In a wired network, nodes can keep an eye on the medium to see how much bandwidth is being used by the network. On the other hand, in an Ad-Hoc network, during communication nodes possibly will use the bandwidth of neighbouring nodes. Consequently, the bandwidth consumption of flows and the accessible resources to a node are not local concepts, other than it being linked to the neighbouring nodes in carrier-sensing range. Current solutions do not address how to perform admission control in such an environment so that the admitted flows in the network do not exceed network capacity. Here I present an application to demonstrate how the bandwidth is shared between nodes and the effectiveness of admission control framework to support QoS in Ad-Hoc networks

A Taxonomy of Self-configuring Service Discovery Systems

We analyze the fundamental concepts and issues in service discovery. This analysis places service discovery in the context of distributed systems by describing service discovery as a third generation naming system. We also describe the essential architectures and the functionalities in service discovery. We then proceed to show how service discovery fits into a system, by characterizing operational aspects. Subsequently, we describe how existing state of the art performs service discovery, in relation to the operational aspects and functionalities, and identify areas for improvement

Adapting SLP to ad-hoc environment

Ad-hoc networking, where network structure is created dynamically as nodes enter and leave the network, has recently become an active reseach subject. As majority of existing network protocols has been targeted to be used in an environment, where a static network configuration and the option of using registry repositories is enabled, they need tailoring for ad-hoc networking. In this paper, we discuss how Service Location Protocol (SLP) can be modified for such a dynamic environment starting from the requirements of applications that are to be run, and user’s intentions. The adaptations we have implemented include passive service discovery where the amount of network traffic needed for service discovery can be reduced, security related features for improved privacy, gateway function that offers connectivity to external networks, and service discovery proxies that assist in the discovery of services between ad-hoc and fixed networks. The paper also addresses implementation of these features.1st IFIP International Conference on Ad-Hoc NetWorkingRed de Universidades con Carreras en Informática (RedUNCI