74 research outputs found
HW Acceleration of Network Unix Tools
Na světě se objevují stále rychlejší technologie pro síťovou komunikaci. Některé síťové nástroje nejsou schopné pracovat při tak vysokých rychlostech, nadměrně zatěžují systém, takže nestíhají vykonávat potřebné funkce. Nedokážou dokonale monitorovat sítě a zajistit bezpečný provoz. Práce podrobně analyzuje síťové nástroje, jejich operace a hledá kritická místa pro budoucí hardwarovou akceleraci. V souvislosti s tím představuje efektivní platformy pro hardwarové programování. Na základě měření vyhodnocuje omezení nástrojů a poukazuje na možnosti akcelerace, které jsou návrhem pro další práci.In the world, there always appear faster technologies for network communication. Some network tools are not capable of working in high-speed, they are overloading system, therefore they are not able to fulfill their functions. They can not fully monitor the whole traffic and ensure secured services. Thesis analyses network tools, their operations and researches critical spaces for future hardware acceleration. In this context, it introduces effective hardware programming platforms. Using measurements, it evaluates the limits of the tools and mentions the possibilities of acceleration, which are suggested for another thesis.
Old Wine in New Skins? Revisiting the Software Architecture for IP Network Stacks on Constrained IoT Devices
In this paper, we argue that existing concepts for the design and
implementation of network stacks for constrained devices do not comply with the
requirements of current and upcoming Internet of Things (IoT) use cases. The
IoT requires not only a lightweight but also a modular network stack, based on
standards. We discuss functional and non-functional requirements for the
software architecture of the network stack on constrained IoT devices. Then,
revisiting concepts from the early Internet as well as current implementations,
we propose a future-proof alternative to existing IoT network stack
architectures, and provide an initial evaluation of this proposal based on its
implementation running on top of state-of-the-art IoT operating system and
hardware.Comment: 6 pages, 2 figures and table
Connecting the World of Embedded Mobiles: The RIOT Approach to Ubiquitous Networking for the Internet of Things
The Internet of Things (IoT) is rapidly evolving based on low-power compliant
protocol standards that extend the Internet into the embedded world. Pioneering
implementations have proven it is feasible to inter-network very constrained
devices, but had to rely on peculiar cross-layered designs and offer a
minimalistic set of features. In the long run, however, professional use and
massive deployment of IoT devices require full-featured, cleanly composed, and
flexible network stacks.
This paper introduces the networking architecture that turns RIOT into a
powerful IoT system, to enable low-power wireless scenarios. RIOT networking
offers (i) a modular architecture with generic interfaces for plugging in
drivers, protocols, or entire stacks, (ii) support for multiple heterogeneous
interfaces and stacks that can concurrently operate, and (iii) GNRC, its
cleanly layered, recursively composed default network stack. We contribute an
in-depth analysis of the communication performance and resource efficiency of
RIOT, both on a micro-benchmarking level as well as by comparing IoT
communication across different platforms. Our findings show that, though it is
based on significantly different design trade-offs, the networking subsystem of
RIOT achieves a performance equivalent to that of Contiki and TinyOS, the two
operating systems which pioneered IoT software platforms
A computer architecture for intelligent machines
The Theory of Intelligent Machines proposes a hierarchical organization for the functions of an autonomous robot based on the Principle of Increasing Precision With Decreasing Intelligence. An analytic formulation of this theory using information-theoretic measures of uncertainty for each level of the intelligent machine has been developed in recent years. A computer architecture that implements the lower two levels of the intelligent machine is presented. The architecture supports an event-driven programming paradigm that is independent of the underlying computer architecture and operating system. Details of Execution Level controllers for motion and vision systems are addressed, as well as the Petri net transducer software used to implement Coordination Level functions. Extensions to UNIX and VxWorks operating systems which enable the development of a heterogeneous, distributed application are described. A case study illustrates how this computer architecture integrates real-time and higher-level control of manipulator and vision systems
Технології комп’ютерної безпеки
В даній дипломній роботі було детально роглянуто основні етапи побудови комп’ютерних мереж а також робота з Firewall IPTables. Під час написання дипломної роботи було написано програму firewall під кампусну комп’ютерну мережу. Firewall , що служить дуже важливою роллю в мережах і захищає офісні, домашні комп’ютери в Глобальній комп’ютерній мережі від злому хакерів.Послідовно розглядаються основні принципи побудови та функціонування комп’ютерних мереж. Монографія містить актуальний матеріал довідково-аналітичного характеру по наступних темах: структура мережевих операційних систем, мережеві архітектури, опис топологій локальних мереж, мережеві Unix подібні операційні системи, мережеве адміністрування, мережеве адміністрування у системі Linux, штатні фаєрволи системи Linux, створення правил фаєрволу IPTable для корпоративних мереж.
При цитуванні документа, використовуйте посилання http://essuir.sumdu.edu.ua/handle/123456789/20678Последовательно рассматриваются основные принципы построения и функционирования компьютерных сетей. Монография содержит актуальный материал справочно аналитического характера по следующим темам: структура сетевых операционных систем, сетевые архитектуры, описание топологии локальных сетей, сетевые Unix подобные операционные системы, сетевое администрирование, сетевое администрирование в системе Linux, штатные фаерволы системы Linux, создание правил фаервола Iptable для корпоративных сетей.
При цитировании документа, используйте ссылку http://essuir.sumdu.edu.ua/handle/123456789/20678Basic principles of construction and functioning of computer networks are consistently examined. A monograph contains aktual material of certificate analytical character on the followings themes: structure of the network operating systems, network architecture, description of topologies of local networks, network Unix similar operating systems, network administration, network administration in the system of Linux, regular faervol systems of Linux, creation of rules of faervol of Iptable for corporate networks.
When you are citing the document, use the following link http://essuir.sumdu.edu.ua/handle/123456789/20678Міжнародний економіко-гуманітарний університет ім. акад. С. Дем'янчук
A network Unix system for the ARPANET : Volume 1 : the network control program / CAC No. 243
"October 16, 1978.
Lic-Sec: an enhanced AppArmor Docker security profile generator
Along with the rapid development of cloud computing technology,
containerization technology has drawn much attention from both industry and
academia. In this paper, we perform a comparative measurement analysis of
Docker-sec, which is a Linux Security Module proposed in 2018, and a new
AppArmor profile generator called Lic-Sec, which combines Docker-sec with a
modified version of LiCShield, which is also a Linux Security Module proposed
in 2015. Docker-sec and LiCShield can be used to enhance Docker container
security based on mandatory access control and allows protection of the
container without manually configurations. Lic-Sec brings together their
strengths and provides stronger protection. We evaluate the effectiveness and
performance of Docker-sec and Lic-Sec by testing them with real-world attacks.
We generate an exploit database with 42 exploits effective on Docker containers
selected from the latest 400 exploits on Exploit-db. We launch these exploits
on containers spawned with Docker-sec and Lic-Sec separately. Our evaluations
show that for demanding images, Lic-Sec gives protection for all privilege
escalation attacks for which Docker-sec failed to give protection
- …