Design and implementation of a hardened distributed network endpoint security system for improving the security of internet protocol-based networks

This thesis proposes a distributed approach to securing computer networks by delegating the role of a conventional firewall to a collection of nodes and controllers placed throughout the networks they are intended toprotect from attack. This distributed firewall system is a specific application of a generalized distriubted system framework that is also proposed in this thesis. The design and implementation of both the generalized framework and the application of the framework in creating a distributed firewall system for use on Ethernet-based networks that rely on the Internet Protocol are discussed. Conclusions based upon the preliminary implementation of the proposed systems are given along with future directions --Abstract, pageiii

Abstract Interpretation of Stateful Networks

Modern networks achieve robustness and scalability by maintaining states on their nodes. These nodes are referred to as middleboxes and are essential for network functionality. However, the presence of middleboxes drastically complicates the task of network verification. Previous work showed that the problem is undecidable in general and EXPSPACE-complete when abstracting away the order of packet arrival. We describe a new algorithm for conservatively checking isolation properties of stateful networks. The asymptotic complexity of the algorithm is polynomial in the size of the network, albeit being exponential in the maximal number of queries of the local state that a middlebox can do, which is often small. Our algorithm is sound, i.e., it can never miss a violation of safety but may fail to verify some properties. The algorithm performs on-the fly abstract interpretation by (1) abstracting away the order of packet processing and the number of times each packet arrives, (2) abstracting away correlations between states of different middleboxes and channel contents, and (3) representing middlebox states by their effect on each packet separately, rather than taking into account the entire state space. We show that the abstractions do not lose precision when middleboxes may reset in any state. This is encouraging since many real middleboxes reset, e.g., after some session timeout is reached or due to hardware failure

A data exchange system in e-manufacturing.

The emergence of the Internet has fundamentally changed the way that people communicate and view the world. As a new manufacturing paradigm, e-Manufacturing is about using the web-enabled and tether-free infotronic technologies for manufacturing operations. Although e-Manufacturing has already been an often-mentioned topic, in the past decade, practical implementation has been slow to develop due to insufficient technologies to handle information flows connected with e-Manufacturing. Recently, there is considerable interest in the area of Internet enabled distributed systems. Examples of these works include online part measurement [Grimaldi, 1998] and Distributed Rapid Prototyping Via the Internet [Tay, 1999]. The research target of these works focus on remote manufacturing control and monitoring via the Internet. However, data exchange, an important part for global co-operation, hasn\u27t been fully studied and there is not a lot of work that has been done in previous research. In this thesis, efforts have been made to highlight the role of data exchange in Internet-enabled manufacturing, and, an Internet-based Data Exchange System has been developed with JSP and Oracle database. The developed system has advantage in commonality and capability of data-transaction over the previous work. As an interesting complement to the study of previous researches, a novel methodology is also proposed for utilization of remote resource via the Internet, using commercial software \u27PC Remote Access\u27. The implementation of this methodology has successfully been done to use software including AutoCAD, MasterCAM and Catalyst over the Internet. The biggest problem for the application of this approach lies in the fact that \u27PC remote Access\u27 software cannot make one PC get access to another PC which is behind a firewall. However the software supplier has announced that the problem will be addressed in the near future.Dept. of Industrial and Manufacturing Systems Engineering. Paper copy at Leddy Library: Theses & Major Papers - Basement, West Bldg. / Call Number: Thesis2003 .Z537. Source: Masters Abstracts International, Volume: 43-01, page: 0296. Adviser: Waghih Elmraghy. Thesis (M.A.Sc.)--University of Windsor (Canada), 2004

Ceramic composite protection for turbine disc bursts

Ceramic composite turbine disc protection panels for the A300B were developed using armor technology. Analytical predictions for modifying the ballistic projectile armor system were verified by a test program conducted to qualify the rotor containment system. With only a slight change in the areal density of the armor system a more than two-fold increase in kinetic energy protection level was achieved. Thickness of the fiberglass reinforced plastic backing material was increased to achieve an optimum ratio of ceramic thickness to backing thickness for the different ballistic defeat condition

Online Admission Control and Embedding of Service Chains

The virtualization and softwarization of modern computer networks enables the definition and fast deployment of novel network services called service chains: sequences of virtualized network functions (e.g., firewalls, caches, traffic optimizers) through which traffic is routed between source and destination. This paper attends to the problem of admitting and embedding a maximum number of service chains, i.e., a maximum number of source-destination pairs which are routed via a sequence of to-be-allocated, capacitated network functions. We consider an Online variant of this maximum Service Chain Embedding Problem, short OSCEP, where requests arrive over time, in a worst-case manner. Our main contribution is a deterministic O(log L)-competitive online algorithm, under the assumption that capacities are at least logarithmic in L. We show that this is asymptotically optimal within the class of deterministic and randomized online algorithms. We also explore lower bounds for offline approximation algorithms, and prove that the offline problem is APX-hard for unit capacities and small L > 2, and even Poly-APX-hard in general, when there is no bound on L. These approximation lower bounds may be of independent interest, as they also extend to other problems such as Virtual Circuit Routing. Finally, we present an exact algorithm based on 0-1 programming, implying that the general offline SCEP is in NP and by the above hardness results it is NP-complete for constant L.Comment: early version of SIROCCO 2015 pape