HW Acceleration of Network Unix Tools

Na světě se objevují stále rychlejší technologie pro síťovou komunikaci. Některé síťové nástroje nejsou schopné pracovat při tak vysokých rychlostech, nadměrně zatěžují systém, takže nestíhají vykonávat potřebné funkce. Nedokážou dokonale monitorovat sítě a zajistit bezpečný provoz. Práce podrobně analyzuje síťové nástroje, jejich operace a hledá kritická místa pro budoucí hardwarovou akceleraci. V souvislosti s tím představuje efektivní platformy pro hardwarové programování. Na základě měření vyhodnocuje omezení nástrojů a poukazuje na možnosti akcelerace, které jsou návrhem pro další práci.In the world, there always appear faster technologies for network communication. Some network tools are not capable of working in high-speed, they are overloading system, therefore they are not able to fulfill their functions. They can not fully monitor the whole traffic and ensure secured services. Thesis analyses network tools, their operations and researches critical spaces for future hardware acceleration. In this context, it introduces effective hardware programming platforms. Using measurements, it evaluates the limits of the tools and mentions the possibilities of acceleration, which are suggested for another thesis.

Old Wine in New Skins? Revisiting the Software Architecture for IP Network Stacks on Constrained IoT Devices

In this paper, we argue that existing concepts for the design and implementation of network stacks for constrained devices do not comply with the requirements of current and upcoming Internet of Things (IoT) use cases. The IoT requires not only a lightweight but also a modular network stack, based on standards. We discuss functional and non-functional requirements for the software architecture of the network stack on constrained IoT devices. Then, revisiting concepts from the early Internet as well as current implementations, we propose a future-proof alternative to existing IoT network stack architectures, and provide an initial evaluation of this proposal based on its implementation running on top of state-of-the-art IoT operating system and hardware.Comment: 6 pages, 2 figures and table

Connecting the World of Embedded Mobiles: The RIOT Approach to Ubiquitous Networking for the Internet of Things

The Internet of Things (IoT) is rapidly evolving based on low-power compliant protocol standards that extend the Internet into the embedded world. Pioneering implementations have proven it is feasible to inter-network very constrained devices, but had to rely on peculiar cross-layered designs and offer a minimalistic set of features. In the long run, however, professional use and massive deployment of IoT devices require full-featured, cleanly composed, and flexible network stacks. This paper introduces the networking architecture that turns RIOT into a powerful IoT system, to enable low-power wireless scenarios. RIOT networking offers (i) a modular architecture with generic interfaces for plugging in drivers, protocols, or entire stacks, (ii) support for multiple heterogeneous interfaces and stacks that can concurrently operate, and (iii) GNRC, its cleanly layered, recursively composed default network stack. We contribute an in-depth analysis of the communication performance and resource efficiency of RIOT, both on a micro-benchmarking level as well as by comparing IoT communication across different platforms. Our findings show that, though it is based on significantly different design trade-offs, the networking subsystem of RIOT achieves a performance equivalent to that of Contiki and TinyOS, the two operating systems which pioneered IoT software platforms

A computer architecture for intelligent machines

The Theory of Intelligent Machines proposes a hierarchical organization for the functions of an autonomous robot based on the Principle of Increasing Precision With Decreasing Intelligence. An analytic formulation of this theory using information-theoretic measures of uncertainty for each level of the intelligent machine has been developed in recent years. A computer architecture that implements the lower two levels of the intelligent machine is presented. The architecture supports an event-driven programming paradigm that is independent of the underlying computer architecture and operating system. Details of Execution Level controllers for motion and vision systems are addressed, as well as the Petri net transducer software used to implement Coordination Level functions. Extensions to UNIX and VxWorks operating systems which enable the development of a heterogeneous, distributed application are described. A case study illustrates how this computer architecture integrates real-time and higher-level control of manipulator and vision systems

Технології комп’ютерної безпеки

В даній дипломній роботі було детально роглянуто основні етапи побудови комп’ютерних мереж а також робота з Firewall IPTables. Під час написання дипломної роботи було написано програму firewall під кампусну комп’ютерну мережу. Firewall , що служить дуже важливою роллю в мережах і захищає офісні, домашні комп’ютери в Глобальній комп’ютерній мережі від злому хакерів.Послідовно розглядаються основні принципи побудови та функціонування комп’ютерних мереж. Монографія містить актуальний матеріал довідково-аналітичного характеру по наступних темах: структура мережевих операційних систем, мережеві архітектури, опис топологій локальних мереж, мережеві Unix подібні операційні системи, мережеве адміністрування, мережеве адміністрування у системі Linux, штатні фаєрволи системи Linux, створення правил фаєрволу IPTable для корпоративних мереж. При цитуванні документа, використовуйте посилання http://essuir.sumdu.edu.ua/handle/123456789/20678Последовательно рассматриваются основные принципы построения и функционирования компьютерных сетей. Монография содержит актуальный материал справочно аналитического характера по следующим темам: структура сетевых операционных систем, сетевые архитектуры, описание топологии локальных сетей, сетевые Unix подобные операционные системы, сетевое администрирование, сетевое администрирование в системе Linux, штатные фаерволы системы Linux, создание правил фаервола Iptable для корпоративных сетей. При цитировании документа, используйте ссылку http://essuir.sumdu.edu.ua/handle/123456789/20678Basic principles of construction and functioning of computer networks are consistently examined. A monograph contains aktual material of certificate analytical character on the followings themes: structure of the network operating systems, network architecture, description of topologies of local networks, network Unix similar operating systems, network administration, network administration in the system of Linux, regular faervol systems of Linux, creation of rules of faervol of Iptable for corporate networks. When you are citing the document, use the following link http://essuir.sumdu.edu.ua/handle/123456789/20678Міжнародний економіко-гуманітарний університет ім. акад. С. Дем'янчук

A network Unix system for the ARPANET : Volume 1 : the network control program / CAC No. 243

"October 16, 1978.

Lic-Sec: an enhanced AppArmor Docker security profile generator

Along with the rapid development of cloud computing technology, containerization technology has drawn much attention from both industry and academia. In this paper, we perform a comparative measurement analysis of Docker-sec, which is a Linux Security Module proposed in 2018, and a new AppArmor profile generator called Lic-Sec, which combines Docker-sec with a modified version of LiCShield, which is also a Linux Security Module proposed in 2015. Docker-sec and LiCShield can be used to enhance Docker container security based on mandatory access control and allows protection of the container without manually configurations. Lic-Sec brings together their strengths and provides stronger protection. We evaluate the effectiveness and performance of Docker-sec and Lic-Sec by testing them with real-world attacks. We generate an exploit database with 42 exploits effective on Docker containers selected from the latest 400 exploits on Exploit-db. We launch these exploits on containers spawned with Docker-sec and Lic-Sec separately. Our evaluations show that for demanding images, Lic-Sec gives protection for all privilege escalation attacks for which Docker-sec failed to give protection