An Experiment in Interoperable Cryptographic Protocol Implementation Using Automatic Code Generation

Spi2Java is a tool that enables semi-automatic generation of cryptographic protocol implementations, starting from verified formal models. This paper shows how the last version of spi2Java has been enhanced in order to enable interoperability of the generated implementations. The new features that have been added to spi2Java are reported here. A case study on the SSH transport layer protocol, along with some experiments and measures on the generated code, is also provided. The case study shows, with facts, that reliable and interoperable implementations of standard security protocols can indeed be obtained by using a code generation tool like spi2Jav

Supporting service discovery, querying and interaction in ubiquitous computing environments.

In this paper, we contend that ubiquitous computing environments will be highly heterogeneous, service rich domains. Moreover, future applications will consequently be required to interact with multiple, specialised service location and interaction protocols simultaneously. We argue that existing service discovery techniques do not provide sufficient support to address the challenges of building applications targeted to these emerging environments. This paper makes a number of contributions. Firstly, using a set of short ubiquitous computing scenarios we identify several key limitations of existing service discovery approaches that reduce their ability to support ubiquitous computing applications. Secondly, we present a detailed analysis of requirements for providing effective support in this domain. Thirdly, we provide the design of a simple extensible meta-service discovery architecture that uses database techniques to unify service discovery protocols and addresses several of our key requirements. Lastly, we examine the lessons learnt through the development of a prototype implementation of our architecture

Arbitrary Packet Matching in OpenFlow

OpenFlow has emerged as the de facto control protocol to implement Software-Defined Networking (SDN). In its current form, the protocol specifies a set of fields on which it matches packets to perform actions, such as forwarding, discarding or modifying specific protocol header fields at a switch. The number of match fields has increased with every version of the protocol to extend matching capabilities, however, it is still not flexible enough to match on arbitrary packet fields which limits innovation and new protocol development with OpenFlow. In this paper, we argue that a fully flexible match structure is superior to continuously extending the number of fields to match upon. We use Berkeley Packet Filters (BPF) for packet classification to provide a protocol-independent, flexible alternative to today’s OpenFlow fixed match fields. We have implemented a prototype system and evaluated the performance of the proposed match scheme, with a focus on the time it takes to execute and the memory required to store different match filter specifications. Our prototype implementation demonstrates that line-rate arbitrary packet classification can be achieved with complex BPF programs

Security analysis of JXME-Proxyless version

JXME es la especificación de JXTA para dispositivos móviles con J2ME. Hay dos versiones diferentes de la aplicación JXME disponibles, cada una específica para un determinado conjunto de dispositivos, de acuerdo con sus capacidades. El principal valor de JXME es su simplicidad para crear peer-to-peer (P2P) en dispositivos limitados. Además de evaluar las funciones JXME, también es importante tener en cuenta el nivel de seguridad por defecto que se proporciona. Este artículo presenta un breve análisis de la situación actual de la seguridad en JXME, centrándose en la versión JXME-Proxyless, identifica las vulnerabilidades existentes y propone mejoras en este campo.JXME és l'especificació de JXTA per a dispositius mòbils amb J2ME. Hi ha dues versions diferents de l'aplicació JXME disponibles, cada una d'específica per a un determinat conjunt de dispositius, d'acord amb les seves capacitats. El principal valor de JXME és la seva simplicitat per crear peer-to-peer (P2P) en dispositius limitats. A més d'avaluar les funcions JXME, també és important tenir en compte el nivell de seguretat per defecte que es proporciona. Aquest article presenta un breu anàlisis de la situació actual de la seguretat en JXME, centrant-se en la versió JXME-Proxyless, identifica les vulnerabilitats existents i proposa millores en aquest camp.JXME is the JXTA specification for mobile devices using J2ME. Two different flavors of JXME implementation are available, each one specific for a particular set of devices, according to their capabilities. The main value of JXME is its simplicity to create peer-to-peer (P2P) applications in limited devices. In addition to assessing JXME functionalities, it is also important to realize the default security level provided. This paper presents a brief analysis of the current state of security in JXME, focusing on the JXME-Proxyless version, identifies existing vulnerabilities and proposes further improvements in this field