13 research outputs found

    Wieloplatformowy system zarządzania przełącznikiem Ethernetowym czasu rzeczwistego

    Get PDF
    Mestrado em Engenharia Electrónica e TelecomunicaçõesAo longo dos últimos anos, o agora onipresente protocolo Ethernet, embora não dotado de mecanismos eficazes de gestão de QoS, foi ganhando uma grande aceitação no campo das comunicações industriais. Esta crescente aceitação deveu-se, em grande parte, a novos protocolos, baseados em Ethernet (por exemplo, Profinet, Ethernet Industrial, etc), capazes de fornecer comunicações com garantias deterministas ou de tempo-real. O comutador Ethernet Hartes (Hard Real-Time Ethernet Switch), foi desenvolvido para disponibilizar uma infra-estrutura de comutação Ethernet capaz de fornecer garantias de pontualidade, de bom uso da largura de banda e para suportar, de modo eficiente, a flexibilidade operacional necessária em aplicações de tempo-real distribuídas, de sistemas embarcados dinâmicos. O desenvolvimento do comutador Hartes, foi baseado em trabalho anterior do paradigma de comunicação FTT (Flexible Time-Triggered), e teve por objetivo o projeto de um comutador Ethernet com melhor controlo de transmissão, escalonamento do tráfego e integração transparente de nodos não tempo-real. NetConf é uma tecnologia recente de gestão de redes que tem vindo progressivamente a substituir a tecnologia SNMP (Simple Network Management Protocol), o standard de facto há muito adoptado pela indústria. A maior diferença entre NetConf e o SNMP é que o NetConf adopta um mecanismo de comunicação baseado em XML-RPC, que, graças às ferramentas desenvolvidas no âmbito de outras tecnologias web, permite ciclos mais rápidos e mais simples de desenvolvimento e de gestão. O comutador Hartes não dispõe de uma plataforma de gestão com uma interface padronizada para os protocolos SNMP ou NetConf, de modo a permitir a sua gestão remota. Assim, o objetivo principal deste trabalho é o desenvolvimento de componentes-chave de apoio à gestão multiplataforma do comutador Ethernet Hartes, bem como a respectiva avaliação de desempenho dos componentes desenvolvidos.In recent years, the now ubiquitous Ethernet protocol that lacks effective QoS management functions, has gained momentum in the field of industrial communication, by means of novel, Ethernet-based protocols (e.g. Profinet, Industrial Ethernet, etc.), which are able to provide deterministic communications. HaRTES – Hard Real-Time Ethernet Switch, aimed to develop an Ethernet switching infrastructure, able to provide timeliness guarantees, efficient bandwidth usage and support for operational flexibility as required by dynamic real-time distributed embedded systems. The project was built upon previous work on the FTT (Flexible Time-Triggered) communication paradigm to develop Ethernet switches with enhanced transmission control, traffic scheduling, and transparent integration of non-real-time nodes. NetConf is a recent network management technology that is replacing the Simple Network Management Protocol (SNMP) – widely used and long adopted by industry standard. The biggest difference between NetConf and SNMP is that the former use a communication mechanism based on XML-RPC, which, thanks to the tools developed in the scope of other web technologies, allows a simpler and faster development and management cycle. The HaRTES project had not provided a management platform with a standardized interface for SNMP or NetConf protocols, enabling remote switch management. Thus the main objective of this work was to develop key components for the support of the standardized multiplatform management interfaces for the HaRTES switch and their performance assessment

    Preuves mécanisées de protocoles cryptographiques et leur lien avec des implémentations vérifiées

    Get PDF
    Cryptographic protocols are one of the foundations for the trust people put in computer systems nowadays, be it online banking, any web or cloud services, or secure messaging. One of the best theoretical assurances for cryptographic protocol security is reached through proofs in the computational model. Writing such proofs is prone to subtle errors that can lead to invalidation of the security guarantees and, thus, to undesired security breaches. Proof assistants strive to improve this situation, have got traction, and have increasingly been used to analyse important real-world protocols and to inform their development. Writing proofs using such assistants requires a substantial amount of work. It is an ongoing endeavour to extend their scope through, for example, more automation and detailed modelling of cryptographic building blocks. This thesis shows on the example of the CryptoVerif proof assistant and two case studies, that mechanized cryptographic proofs are practicable and useful in analysing and designing complex real-world protocols.The first case study is on the free and open source Virtual Private Network (VPN) protocol WireGuard that has recently found its way into the Linux kernel. We contribute proofs for several properties that are typical for secure channel protocols. Furthermore, we extend CryptoVerif with a model of unprecedented detail of the popular Diffie-Hellman group Curve25519 used in WireGuard.The second case study is on the new Internet standard Hybrid Public Key Encryption (HPKE), that has already been picked up for use in a privacy-enhancing extension of the TLS protocol (ECH), and in the Messaging Layer Security secure group messaging protocol. We accompanied the development of this standard from its early stages with comprehensive formal cryptographic analysis. We provided constructive feedback that led to significant improvements in its cryptographic design. Eventually, we became an official co-author. We conduct a detailed cryptographic analysis of one of HPKE's modes, published at Eurocrypt 2021, an encouraging step forward to make mechanized cryptographic proofs more accessible to the broader cryptographic community.The third contribution of this thesis is of methodological nature. For practical purposes, security of implementations of cryptographic protocols is crucial. However, there is frequently a gap between a cryptographic security analysis and an implementation that have both been based on a protocol specification: no formal guarantee exists that the two interpretations of the specification match, and thus, it is unclear if the executable implementation has the guarantees proved by the cryptographic analysis. In this thesis, we close this gap for proofs written in CryptoVerif and implementations written in F*. We develop cv2fstar, a compiler from CryptoVerif models to executable F* specifications using the HACL* verified cryptographic library as backend. cv2fstar translates non-cryptographic assumptions about, e.g., message formats, from the CryptoVerif model to F* lemmas. This allows to prove these assumptions for the specific implementation, further deepening the formal link between the two analysis frameworks. We showcase cv2fstar on the example of the Needham-Schroeder-Lowe protocol. cv2fstar connects CryptoVerif to the large F* ecosystem, eventually allowing to formally guarantee cryptographic properties on verified, efficient low-level code.Les protocoles cryptographiques sont l'un des fondements de la confiance que la société accorde aujourd'hui aux systèmes informatiques, qu'il s'agisse de la banque en ligne, d'un service web, ou de la messagerie sécurisée. Une façon d'obtenir des garanties théoriques fortes sur la sécurité des protocoles cryptographiques est de les prouver dans le modèle calculatoire. L'écriture de ces preuves est délicate : des erreurs subtiles peuvent entraîner l'invalidation des garanties de sécurité et, par conséquent, des failles de sécurité. Les assistants de preuve visent à améliorer cette situation. Ils ont gagné en popularité et ont été de plus en plus utilisés pour analyser des protocoles importants du monde réel, et pour contribuer à leur développement. L'écriture de preuves à l'aide de tels assistants nécessite une quantité substantielle de travail. Un effort continu est nécessaire pour étendre leur champ d'application, par exemple, par une automatisation plus poussée et une modélisation plus détaillée des primitives cryptographiques. Cette thèse montre sur l'exemple de l'assistant de preuve CryptoVerif et deux études de cas, que les preuves cryptographiques mécanisées sont praticables et utiles pour analyser et concevoir des protocoles complexes du monde réel. La première étude de cas porte sur le protocole de réseau virtuel privé (VPN) libre et open source WireGuard qui a récemment été intégré au noyau Linux. Nous contribuons des preuves pour plusieurs propriétés typiques des protocoles de canaux sécurisés. En outre, nous étendons CryptoVerif avec un modèle d'un niveau de détail sans précédent du groupe Diffie-Hellman populaire Curve25519 utilisé dans WireGuard. La deuxième étude de cas porte sur la nouvelle norme Internet Hybrid Public Key Encryption (HPKE), qui est déjà utilisée dans une extension du protocole TLS destinée à améliorer la protection de la vie privée (ECH), et dans Messaging Layer Security, un protocole de messagerie de groupe sécurisée. Nous avons accompagné le développement de cette norme dès les premiers stades avec une analyse cryptographique formelle. Nous avons fourni des commentaires constructifs ce qui a conduit à des améliorations significatives dans sa conception cryptographique. Finalement, nous sommes devenus un co-auteur officiel. Nous effectuons une analyse cryptographique détaillée de l'un des modes de HPKE, publiée à Eurocrypt 2021, un pas encourageant pour rendre les preuves cryptographiques mécanisées plus accessibles à la communauté des cryptographes. La troisième contribution de cette thèse est de nature méthodologique. Pour des utilisations pratiques, la sécurité des implémentations de protocoles cryptographiques est cruciale. Cependant, il y a souvent un écart entre l'analyse de la sécurité cryptographique et l'implémentation, tous les deux basées sur la même spécification d'un protocole : il n'existe pas de garantie formelle que les deux interprétations de la spécification correspondent, et donc, il n'est pas clair si l'implémentation exécutable a les garanties prouvées par l'analyse cryptographique. Dans cette thèse, nous comblons cet écart pour les preuves écrites en CryptoVerif et les implémentations écrites en F*. Nous développons cv2fstar, un compilateur de modèles CryptoVerif vers des spécifications exécutables F* en utilisant la bibliothèque cryptographique vérifiée HACL* comme fournisseur de primitives cryptographiques. cv2fstar traduit les hypothèses non cryptographiques concernant, par exemple, les formats de messages, du modèle CryptoVerif vers des lemmes F*. Cela permet de prouver ces hypothèses pour l'implémentation spécifique, ce qui approfondit le lien formel entre les deux cadres d'analyse. Nous présentons cv2fstar sur l'exemple du protocole Needham-Schroeder-Lowe. cv2fstar connecte CryptoVerif au grand écosystème F*, permettant finalement de garantir formellement des propriétés cryptographiques sur du code de bas niveau efficace vérifié

    Encoding Instructions for the Generic String Encoding Rules (GSER)

    No full text

    Transfer of Buddhism Across Central Asian Networks (7th to 13th Centuries)

    Get PDF
    Transfer of Buddhism across Central Asian Networks (7th to 13th Centuries), ed. Carmen Meinert, offers a transregional and transcultural vision for religious transfer processes in Central Asian history. It explores Buddhist localisations in the Tarim basin, the Transhimalaya and Tibet.; Readership: All interested in an interdisciplinary approach towards understanding religious transfer processes across a Central Asian Buddhist network, best known as the Silk Road(s)

    Transfer of Buddhism Across Central Asian Networks (7th to 13th Centuries)

    Get PDF
    Transfer of Buddhism across Central Asian Networks (7th to 13th Centuries), ed. Carmen Meinert, offers a transregional and transcultural vision for religious transfer processes in Central Asian history. It explores Buddhist localisations in the Tarim basin, the Transhimalaya and Tibet.; Readership: All interested in an interdisciplinary approach towards understanding religious transfer processes across a Central Asian Buddhist network, best known as the Silk Road(s)

    Journal of the International Association for Bon Research (Inaugural Issue)

    Get PDF

    The Syntax of Colophons

    Get PDF
    The present volume focuses on the colophons found in several pothi manuscripts from Central, South and South East Asia. Its contributions discuss the colophons’ defining features, thus exposing their ‘syntax’, focusing particularly on the tracing of recurring patterns. The information extrapolated from colophons is further analysed to obtain a better understanding of these distinct manuscript cultures

    The Syntax of Colophons

    Get PDF
    The present volume focuses on the colophons found in several pothi manuscripts from Central, South and South East Asia. Its contributions discuss the colophons’ defining features, thus exposing their ‘syntax’, focusing particularly on the tracing of recurring patterns. The information extrapolated from colophons is further analysed to obtain a better understanding of these distinct manuscript cultures
    corecore