88,426 research outputs found
Open Source Verification under a Cloud
An experiment in providing volunteer cloud computing support for automated audits of open source code is described here, along with the supporting theory. Certification and the distributed and piecewise nature of the underlying verification computation are among the areas formalised in the theory part.
The eventual aim of this research is to provide a means for open source developers who seek formally backed certification for their project to run fully automated analyses on their own source code. In order to ensure that the results are not tampered with, the computation is anonymized and shared with an ad-hoc network of volunteer CPUs for incremental completion. Each individual computation is repeated many times at different sites, and sufficient accounting data is generated to allow each computation to be refuted
Spectral Geometric Verification: Re-Ranking Point Cloud Retrieval for Metric Localization
Although re-ranking methods are widely used in many retrieval tasks to
improve performance, they haven't been studied in the context of point cloud
retrieval for metric localization. In this letter, we introduce Spectral
Geometric Verification (SpectralGV), for the re-ranking of retrieved point
clouds. We demonstrate how the optimal inter-cluster score of the
correspondence compatibility graph of two point clouds can be used as a robust
fitness score representing their geometric compatibility, hence allowing
geometric verification without registration. Compared to the baseline geometric
verification based re-ranking methods which first register all retrieved point
clouds with the query and then sort retrievals based on the inlier-ratio after
registration, our method is considerably more efficient and provides a
deterministic re-ranking solution while remaining robust to outliers. We
demonstrate how our method boosts the performance of several
correspondence-based architectures across 5 different large-scale point cloud
datasets. We also achieve state-of-the-art results for both place recognition
and metric-localization on these datasets. To the best of our knowledge, this
letter is also the first to explore re-ranking in the point cloud retrieval
domain for the task of metric localization. The open-source implementation will
be made available at: https://github.com/csiro-robotics/SpectralGV.Comment: Under revie
Rehearsal: A Configuration Verification Tool for Puppet
Large-scale data centers and cloud computing have turned system configuration
into a challenging problem. Several widely-publicized outages have been blamed
not on software bugs, but on configuration bugs. To cope, thousands of
organizations use system configuration languages to manage their computing
infrastructure. Of these, Puppet is the most widely used with thousands of
paying customers and many more open-source users. The heart of Puppet is a
domain-specific language that describes the state of a system. Puppet already
performs some basic static checks, but they only prevent a narrow range of
errors. Furthermore, testing is ineffective because many errors are only
triggered under specific machine states that are difficult to predict and
reproduce. With several examples, we show that a key problem with Puppet is
that configurations can be non-deterministic.
This paper presents Rehearsal, a verification tool for Puppet configurations.
Rehearsal implements a sound, complete, and scalable determinacy analysis for
Puppet. To develop it, we (1) present a formal semantics for Puppet, (2) use
several analyses to shrink our models to a tractable size, and (3) frame
determinism-checking as decidable formulas for an SMT solver. Rehearsal then
leverages the determinacy analysis to check other important properties, such as
idempotency. Finally, we apply Rehearsal to several real-world Puppet
configurations.Comment: In proceedings of ACM SIGPLAN Conference on Programming Language
Design and Implementation (PLDI) 201
Trusted Computing and Secure Virtualization in Cloud Computing
Large-scale deployment and use of cloud computing in industry
is accompanied and in the same time hampered by concerns regarding protection of
data handled by cloud computing providers. One of the consequences of moving
data processing and storage off company premises is that organizations have
less control over their infrastructure. As a result, cloud service (CS) clients
must trust that the CS provider is able to protect their data and
infrastructure from both external and internal attacks. Currently however, such
trust can only rely on organizational processes declared by the CS
provider and can not be remotely verified and validated by an external party.
Enabling the CS client to verify the integrity of the host where the
virtual machine instance will run, as well as to ensure that the virtual
machine image has not been tampered with, are some steps towards building
trust in the CS provider. Having the tools to perform such
verifications prior to the launch of the VM instance allows the CS
clients to decide in runtime whether certain data should be stored- or calculations
should be made on the VM instance offered by the CS provider.
This thesis combines three components -- trusted computing, virtualization technology
and cloud computing platforms -- to address issues of trust and
security in public cloud computing environments. Of the three components,
virtualization technology has had the longest evolution and is a cornerstone
for the realization of cloud computing. Trusted computing is a recent
industry initiative that aims to implement the root of trust in a hardware
component, the trusted platform module. The initiative has been formalized
in a set of specifications and is currently at version 1.2. Cloud computing
platforms pool virtualized computing, storage and network resources in
order to serve a large number of customers customers that use a multi-tenant
multiplexing model to offer on-demand self-service over broad network.
Open source cloud computing platforms are, similar to trusted computing, a
fairly recent technology in active development.
The issue of trust in public cloud environments is addressed
by examining the state of the art within cloud computing security and
subsequently addressing the issues of establishing trust in the launch of a
generic virtual machine in a public cloud environment. As a result, the thesis
proposes a trusted launch protocol that allows CS clients
to verify and ensure the integrity of the VM instance at launch time, as
well as the integrity of the host where the VM instance is launched. The protocol
relies on the use of Trusted Platform Module (TPM) for key generation and data protection.
The TPM also plays an essential part in the integrity attestation of the
VM instance host. Along with a theoretical, platform-agnostic protocol,
the thesis also describes a detailed implementation design of the protocol
using the OpenStack cloud computing platform.
In order the verify the implementability of the proposed protocol, a prototype
implementation has built using a distributed deployment of OpenStack.
While the protocol covers only the trusted launch procedure using generic
virtual machine images, it presents a step aimed to contribute towards
the creation of a secure and trusted public cloud computing environment
Server Structure Proposal and Automatic Verification Technology on IaaS Cloud of Plural Type Servers
In this paper, we propose a server structure proposal and automatic
performance verification technology which proposes and verifies an appropriate
server structure on Infrastructure as a Service (IaaS) cloud with baremetal
servers, container based virtual servers and virtual machines. Recently, cloud
services have been progressed and providers provide not only virtual machines
but also baremetal servers and container based virtual servers. However, users
need to design an appropriate server structure for their requirements based on
3 types quantitative performances and users need much technical knowledge to
optimize their system performances. Therefore, we study a technology which
satisfies users' performance requirements on these 3 types IaaS cloud. Firstly,
we measure performances of a baremetal server, Docker containers, KVM (Kernel
based Virtual Machine) virtual machines on OpenStack with virtual server number
changing. Secondly, we propose a server structure proposal technology based on
the measured quantitative data. A server structure proposal technology receives
an abstract template of OpenStack Heat and function/performance requirements
and then creates a concrete template with server specification information.
Thirdly, we propose an automatic performance verification technology which
executes necessary performance tests automatically on provisioned user
environments according to the template.Comment: Evaluations of server structure proposal were insufficient in section
- …