479,871 research outputs found
Adaptive conflict-free optimization of rule sets for network security packet filtering devices
Packet filtering and processing rules management in firewalls and security gateways has become commonplace in increasingly complex networks. On one side there is a need to maintain the logic of high level policies, which requires administrators to implement and update a large amount of filtering rules while keeping them conflict-free, that is, avoiding security inconsistencies. On the other side, traffic adaptive optimization of large rule lists is useful for general purpose computers used as filtering devices, without specific designed hardware, to face growing link speeds and to harden filtering devices against DoS and DDoS attacks. Our work joins the two issues in an innovative way and defines a traffic adaptive algorithm to find conflict-free optimized rule sets, by relying on information gathered with traffic logs. The proposed approach suits current technology architectures and exploits available features, like traffic log databases, to minimize the impact of ACO development on the packet filtering devices. We demonstrate the benefit entailed by the proposed algorithm through measurements on a test bed made up of real-life, commercial packet filtering devices
Network on Chip: a New Approach of QoS Metric Modeling Based on Calculus Theory
A NoC is composed by IP cores (Intellectual Propriety) and switches connected
among themselves by communication channels. End-to-End Delay (EED)
communication is accomplished by the exchange of data among IP cores. Often,
the structure of particular messages is not adequate for the communication
purposes. This leads to the concept of packet switching. In the context of
NoCs, packets are composed by header, payload, and trailer. Packets are divided
into small pieces called Flits. It appears of importance, to meet the required
performance in NoC hardware resources. It should be specified in an earlier
step of the system design. The main attention should be given to the choice of
some network parameters such as the physical buffer size in the node. The EED
and packet loss are some of the critical QoS metrics. Some real-time and
multimedia applications bound up these parameters and require specific hardware
resources and particular management approaches in the NoC switch. A traffic
contract (SLA, Service Level Agreement) specifies the ability of a network or
protocol to give guaranteed performance, throughput or latency bounds based on
mutually agreed measures, usually by prioritizing traffic. A defined Quality of
Service (QoS) may be required for some types of network real time traffic or
multimedia applications. The main goal of this paper is, using the Network on
Chip modeling architecture, to define a QoS metric. We focus on the network
delay bound and packet losses. This approach is based on the Network Calculus
theory, a mathematical model to represent the data flows behavior between IPs
interconnected over NoC. We propose an approach of QoS-metric based on
QoS-parameter prioritization factors for multi applications-service using
calculus model
Password Cracking and Countermeasures in Computer Security: A Survey
With the rapid development of internet technologies, social networks, and
other related areas, user authentication becomes more and more important to
protect the data of the users. Password authentication is one of the widely
used methods to achieve authentication for legal users and defense against
intruders. There have been many password cracking methods developed during the
past years, and people have been designing the countermeasures against password
cracking all the time. However, we find that the survey work on the password
cracking research has not been done very much. This paper is mainly to give a
brief review of the password cracking methods, import technologies of password
cracking, and the countermeasures against password cracking that are usually
designed at two stages including the password design stage (e.g. user
education, dynamic password, use of tokens, computer generations) and after the
design (e.g. reactive password checking, proactive password checking, password
encryption, access control). The main objective of this work is offering the
abecedarian IT security professionals and the common audiences with some
knowledge about the computer security and password cracking, and promoting the
development of this area.Comment: add copyright to the tables to the original authors, add
acknowledgement to helpe
IMPROVING SMART GRID SECURITY USING MERKLE TREES
Abstract—Presently nations worldwide are starting to convert their aging electrical power infrastructures into modern, dynamic power grids. Smart Grid offers much in the way of efficiencies and robustness to the electrical power grid, however its heavy reliance on communication networks will leave it more vulnerable to attack than present day grids. This paper looks at the threat to public key cryptography systems from a fully realized quantum computer and how this could impact the Smart Grid. We argue for the use of Merkle Trees in place of public key cryptography for authentication of devices in wireless mesh networks that are used in Smart Grid applications
- …