282 research outputs found

    LightBox: Full-stack Protected Stateful Middlebox at Lightning Speed

    Full text link
    Running off-site software middleboxes at third-party service providers has been a popular practice. However, routing large volumes of raw traffic, which may carry sensitive information, to a remote site for processing raises severe security concerns. Prior solutions often abstract away important factors pertinent to real-world deployment. In particular, they overlook the significance of metadata protection and stateful processing. Unprotected traffic metadata like low-level headers, size and count, can be exploited to learn supposedly encrypted application contents. Meanwhile, tracking the states of 100,000s of flows concurrently is often indispensable in production-level middleboxes deployed at real networks. We present LightBox, the first system that can drive off-site middleboxes at near-native speed with stateful processing and the most comprehensive protection to date. Built upon commodity trusted hardware, Intel SGX, LightBox is the product of our systematic investigation of how to overcome the inherent limitations of secure enclaves using domain knowledge and customization. First, we introduce an elegant virtual network interface that allows convenient access to fully protected packets at line rate without leaving the enclave, as if from the trusted source network. Second, we provide complete flow state management for efficient stateful processing, by tailoring a set of data structures and algorithms optimized for the highly constrained enclave space. Extensive evaluations demonstrate that LightBox, with all security benefits, can achieve 10Gbps packet I/O, and that with case studies on three stateful middleboxes, it can operate at near-native speed.Comment: Accepted at ACM CCS 201

    Empirical exploration of air traffic and human dynamics in terminal airspaces

    Full text link
    Air traffic is widely known as a complex, task-critical techno-social system, with numerous interactions between airspace, procedures, aircraft and air traffic controllers. In order to develop and deploy high-level operational concepts and automation systems scientifically and effectively, it is essential to conduct an in-depth investigation on the intrinsic traffic-human dynamics and characteristics, which is not widely seen in the literature. To fill this gap, we propose a multi-layer network to model and analyze air traffic systems. A Route-based Airspace Network (RAN) and Flight Trajectory Network (FTN) encapsulate critical physical and operational characteristics; an Integrated Flow-Driven Network (IFDN) and Interrelated Conflict-Communication Network (ICCN) are formulated to represent air traffic flow transmissions and intervention from air traffic controllers, respectively. Furthermore, a set of analytical metrics including network variables, complex network attributes, controllers' cognitive complexity, and chaotic metrics are introduced and applied in a case study of Guangzhou terminal airspace. Empirical results show the existence of fundamental diagram and macroscopic fundamental diagram at the route, sector and terminal levels. Moreover, the dynamics and underlying mechanisms of "ATCOs-flow" interactions are revealed and interpreted by adaptive meta-cognition strategies based on network analysis of the ICCN. Finally, at the system level, chaos is identified in conflict system and human behavioral system when traffic switch to the semi-stable or congested phase. This study offers analytical tools for understanding the complex human-flow interactions at potentially a broad range of air traffic systems, and underpins future developments and automation of intelligent air traffic management systems.Comment: 30 pages, 28 figures, currently under revie

    An integrated framework on autonomous-EV charging and autonomous valet parking (AVP) management system

    Get PDF
    Autonomous vehicles (AVs) transform traditional commuting by decreasing congestion, improving road safety, and naturally integrate better with electric controls for flexible implementation of autonomous driving technologies. Indeed, electric-powered AVs or autonomous electric vehicles (AEVs) are benefiting each other in many aspects. While autonomy brings great efficiency in driving as well as battery use, EVs require less maintenance and drastically cut fuel costs. With AVs, a pivotal concern is within the realm of long-range Autonomous Valet Parking (LAVP), such as diverse customer demands on parking (or drop-off / pick-up) for various journey planning. On the other hand, electric-powered AVs are typically with limited cruising range, and locating convenient charging services are also among the major impediments. As of yet, recent studies have started to investigate EV charging and LAVP in isolation as they rarely consider a joint optimization on user trip and energy refueling. Rather, we target in this work the integration of vehicle charging with autonomy in the sense of a systemic approach. Specifically, we propose an integrated AEV charging and LAVP management scheme, to resolve critical decision-making on convenient charging and parking management upon customer requirements during their journeys. The proposed scheme jointly considers charging reservations as well as parking duration at car parks (CPs), aiming to enable accurate predictions on future charging (and parking) states at CPs. Results show the advantage of our proposal over benchmarks, in terms of enhanced customer experiences in traveling period, as well as charging performances at both AEV and CP sides. Particularly, effective load balancing can be achieved across the network regarding the amount of charged as well as parked vehicles

    Performance and Design of Composite Modular System with Tenon Connections for Multi-Storey Buildings

    Get PDF
    Modular building is an innovative construction method based on advanced manufacturing technologies, which is a more eco-friendly, effective, and cost-saving alternative than conventional methods. The primary objective of this thesis is to design a sufficient composite modular system for multi-storey applications and provide design recommendations based on system-level analyses under earthquakes, winds, and sudden column losses. In the course of this thesis, a numerical model is first created for an existing tenon-connected inter-module connection to investigate its effects on the building’s lateral resistance. A cohesive interface model is used to account for the weld fracture. Due to the semi-rigid connectivity, there are around 53% and 28% reductions in the yield and maximum capacity of the building, respectively. The displacement coefficient method per American guidelines FEMA-356 is then adopted to predict the maximum deformation of the modular buildings under different design seismic loads. To strengthen the modular buildings, a novel composite modular system is newly proposed, which consists of concrete-filled steel tubular columns, laminated double beams, and integrated composite slabs. The structural responses of the composite modular buildings are assessed under design wind actions per Australian Standards AS 1170.0-2. The results indicate that the proposed buildings have sufficient design capacity but insufficient deflection control. The progressive collapse analysis is performed on the buildings in sudden column loss scenarios per Unified Facilities Criteria UFC 4-023-03. The results show that alternate load paths are activated after the notional column removals, and the progressive collapse is unlikely for the scenarios under consideration. Finally, the suitable dynamic increase factors of 1.90 and 1.60 are recommended for the 4- and 12-storey modular buildings, respectively, allowing peak dynamic responses to be predicted using the static approach

    Design of Large Scale Virtual Equipment for Interactive HIL Control System Labs

    Get PDF
    • …
    corecore