24,602 research outputs found
The H.E.S.S. central data acquisition system
The High Energy Stereoscopic System (H.E.S.S.) is a system of Imaging
Atmospheric Cherenkov Telescopes (IACTs) located in the Khomas Highland in
Namibia. It measures cosmic gamma rays of very high energies (VHE; >100 GeV)
using the Earth's atmosphere as a calorimeter. The H.E.S.S. Array entered Phase
II in September 2012 with the inauguration of a fifth telescope that is larger
and more complex than the other four. This paper will give an overview of the
current H.E.S.S. central data acquisition (DAQ) system with particular emphasis
on the upgrades made to integrate the fifth telescope into the array. At first,
the various requirements for the central DAQ are discussed then the general
design principles employed to fulfil these requirements are described. Finally,
the performance, stability and reliability of the H.E.S.S. central DAQ are
presented. One of the major accomplishments is that less than 0.8% of
observation time has been lost due to central DAQ problems since 2009.Comment: 17 pages, 8 figures, published in Astroparticle Physic
Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Response
Considerable delays often exist between the discovery of a vulnerability and
the issue of a patch. One way to mitigate this window of vulnerability is to
use a configuration workaround, which prevents the vulnerable code from being
executed at the cost of some lost functionality -- but only if one is
available. Since program configurations are not specifically designed to
mitigate software vulnerabilities, we find that they only cover 25.2% of
vulnerabilities.
To minimize patch delay vulnerabilities and address the limitations of
configuration workarounds, we propose Security Workarounds for Rapid Response
(SWRRs), which are designed to neutralize security vulnerabilities in a timely,
secure, and unobtrusive manner. Similar to configuration workarounds, SWRRs
neutralize vulnerabilities by preventing vulnerable code from being executed at
the cost of some lost functionality. However, the key difference is that SWRRs
use existing error-handling code within programs, which enables them to be
mechanically inserted with minimal knowledge of the program and minimal
developer effort. This allows SWRRs to achieve high coverage while still being
fast and easy to deploy.
We have designed and implemented Talos, a system that mechanically
instruments SWRRs into a given program, and evaluate it on five popular Linux
server programs. We run exploits against 11 real-world software vulnerabilities
and show that SWRRs neutralize the vulnerabilities in all cases. Quantitative
measurements on 320 SWRRs indicate that SWRRs instrumented by Talos can
neutralize 75.1% of all potential vulnerabilities and incur a loss of
functionality similar to configuration workarounds in 71.3% of those cases. Our
overall conclusion is that automatically generated SWRRs can safely mitigate
2.1x more vulnerabilities, while only incurring a loss of functionality
comparable to that of traditional configuration workarounds.Comment: Published in Proceedings of the 37th IEEE Symposium on Security and
Privacy (Oakland 2016
Glimmers: Resolving the Privacy/Trust Quagmire
Many successful services rely on trustworthy contributions from users. To
establish that trust, such services often require access to privacy-sensitive
information from users, thus creating a conflict between privacy and trust.
Although it is likely impractical to expect both absolute privacy and
trustworthiness at the same time, we argue that the current state of things,
where individual privacy is usually sacrificed at the altar of trustworthy
services, can be improved with a pragmatic , which allows
services to validate user contributions in a trustworthy way without forfeiting
user privacy. We describe how trustworthy hardware such as Intel's SGX can be
used client-side -- in contrast to much recent work exploring SGX in cloud
services -- to realize the Glimmer architecture, and demonstrate how this
realization is able to resolve the tension between privacy and trust in a
variety of cases
Service discovery at home
Service discovery is a fairly new field that kicked off since the advent of ubiquitous computing and has been found essential in the making of intelligent networks by implementing automated discovery and remote control between devices. This paper provides an overview and comparison of several prominent service discovery mechanisms currently available. It also introduces the at home anywhere service discovery protocol (SDP@HA) design which improves on the current state of the art by accommodating resource lean devices, implementing a dynamic leader election for a central cataloguing device and embedding robustness to the service discovery architecture as an important criterion
- âŠ