Seeking Anonymity in an Internet Panopticon

Obtaining and maintaining anonymity on the Internet is challenging. The state of the art in deployed tools, such as Tor, uses onion routing (OR) to relay encrypted connections on a detour passing through randomly chosen relays scattered around the Internet. Unfortunately, OR is known to be vulnerable at least in principle to several classes of attacks for which no solution is known or believed to be forthcoming soon. Current approaches to anonymity also appear unable to offer accurate, principled measurement of the level or quality of anonymity a user might obtain. Toward this end, we offer a high-level view of the Dissent project, the first systematic effort to build a practical anonymity system based purely on foundations that offer measurable and formally provable anonymity properties. Dissent builds on two key pre-existing primitives - verifiable shuffles and dining cryptographers - but for the first time shows how to scale such techniques to offer measurable anonymity guarantees to thousands of participants. Further, Dissent represents the first anonymity system designed from the ground up to incorporate some systematic countermeasure for each of the major classes of known vulnerabilities in existing approaches, including global traffic analysis, active attacks, and intersection attacks. Finally, because no anonymity protocol alone can address risks such as software exploits or accidental self-identification, we introduce WiNon, an experimental operating system architecture to harden the uses of anonymity tools such as Tor and Dissent against such attacks.Comment: 8 pages, 10 figure

A Hierarchical Filtering-Based Monitoring Architecture for Large-scale Distributed Systems

On-line monitoring is essential for observing and improving the reliability and performance of large-scale distributed (LSD) systems. In an LSD environment, large numbers of events are generated by system components during their execution and interaction with external objects (e.g. users or processes). These events must be monitored to accurately determine the run-time behavior of an LSD system and to obtain status information that is required for debugging and steering applications. However, the manner in which events are generated in an LSD system is complex and represents a number of challenges for an on-line monitoring system. Correlated events axe generated concurrently and can occur at multiple locations distributed throughout the environment. This makes monitoring an intricate task and complicates the management decision process. Furthermore, the large number of entities and the geographical distribution inherent with LSD systems increases the difficulty of addressing traditional issues, such as performance bottlenecks, scalability, and application perturbation. This dissertation proposes a scalable, high-performance, dynamic, flexible and non-intrusive monitoring architecture for LSD systems. The resulting architecture detects and classifies interesting primitive and composite events and performs either a corrective or steering action. When appropriate, information is disseminated to management applications, such as reactive control and debugging tools. The monitoring architecture employs a novel hierarchical event filtering approach that distributes the monitoring load and limits event propagation. This significantly improves scalability and performance while minimizing the monitoring intrusiveness. The architecture provides dynamic monitoring capabilities through: subscription policies that enable applications developers to add, delete and modify monitoring demands on-the-fly, an adaptable configuration that accommodates environmental changes, and a programmable environment that facilitates development of self-directed monitoring tasks. Increased flexibility is achieved through a declarative and comprehensive monitoring language, a simple code instrumentation process, and automated monitoring administration. These elements substantially relieve the burden imposed by using on-line distributed monitoring systems. In addition, the monitoring system provides techniques to manage the trade-offs between various monitoring objectives. The proposed solution offers improvements over related works by presenting a comprehensive architecture that considers the requirements and implied objectives for monitoring large-scale distributed systems. This architecture is referred to as the HiFi monitoring system. To demonstrate effectiveness at debugging and steering LSD systems, the HiFi monitoring system has been implemented at the Old Dominion University for monitoring the Interactive Remote Instruction (IRI) system. The results from this case study validate that the HiFi system achieves the objectives outlined in this thesis

협업 로봇을 위한 서비스 기반과 모델 기반의 소프트웨어 개발 방법론

학위논문(박사)--서울대학교 대학원 :공과대학 전기·컴퓨터공학부,2020. 2. 하순회.가까운 미래에는 다양한 로봇이 다양한 분야에서 하나의 임무를 협력하여 수행하는 모습은 흔히 볼 수 있게 될 것이다. 그러나 실제로 이러한 모습이 실현되기에는 두 가지의 어려움이 있다. 먼저 로봇을 운용하기 위한 소프트웨어를 명세하는 기존 연구들은 대부분 개발자가 로봇의 하드웨어와 소프트웨어에 대한 지식을 알고 있는 것을 가정하고 있다. 그래서 로봇이나 컴퓨터에 대한 지식이 없는 사용자들이 여러 대의 로봇이 협력하는 시나리오를 작성하기는 쉽지 않다. 또한, 로봇의 소프트웨어를 개발할 때 로봇의 하드웨어의 특성과 관련이 깊어서, 다양한 로봇의 소프트웨어를 개발하는 것도 간단하지 않다. 본 논문에서는 상위 수준의 미션 명세와 로봇의 행위 프로그래밍으로 나누어 새로운 소프트웨어 개발 프레임워크를 제안한다. 또한, 본 프레임워크는 크기가 작은 로봇부터 계산 능력이 충분한 로봇들이 서로 군집을 이루어 미션을 수행할 수 있도록 지원한다. 본 연구에서는 로봇의 하드웨어나 소프트웨어에 대한 지식이 부족한 사용자도 로봇의 동작을 상위 수준에서 명세할 수 있는 스크립트 언어를 제안한다. 제안하는 언어는 기존의 스크립트 언어에서는 지원하지 않는 네 가지의 기능인 팀의 구성, 각 팀의 서비스 기반 프로그래밍, 동적으로 모드 변경, 다중 작업(멀티 태스킹)을 지원한다. 우선 로봇은 팀으로 그룹 지을 수 있고, 로봇이 수행할 수 있는 기능을 서비스 단위로 추상화하여 새로운 복합 서비스를 명세할 수 있다. 또한 로봇의 멀티 태스킹을 위해 '플랜' 이라는 개념을 도입하였고, 복합 서비스 내에서 이벤트를 발생시켜서 동적으로 모드가 변환할 수 있도록 하였다. 나아가 여러 로봇의 협력이 더욱 견고하고, 유연하고, 확장성을 높이기 위해, 군집 로봇을 운용할 때 로봇이 임무를 수행하는 도중에 문제가 생길 수 있으며, 상황에 따라 로봇을 동적으로 다른 행위를 수행할 수 있다고 가정한다. 이를 위해 동적으로도 팀을 구성할 수 있고, 여러 대의 로봇이 하나의 서비스를 수행하는 그룹 서비스를 지원하고, 일대 다 통신과 같은 새로운 기능을 스크립트 언어에 반영하였다. 따라서 확장된 상위 수준의 스크립트 언어는 비전문가도 다양한 유형의 협력 임무를 쉽게 명세할 수 있다. 로봇의 행위를 프로그래밍하기 위해 다양한 소프트웨어 개발 프레임워크가 연구되고 있다. 특히 재사용성과 확장성을 중점으로 둔 연구들이 최근 많이 사용되고 있지만, 대부분의 이들 연구는 리눅스 운영체제와 같이 많은 하드웨어 자원을 필요로 하는 운영체제를 가정하고 있다. 또한, 프로그램의 분석 및 성능 예측 등을 고려하지 않기 때문에, 자원 제약이 심한 크기가 작은 로봇의 소프트웨어를 개발하기에는 어렵다. 그래서 본 연구에서는 임베디드 소프트웨어를 설계할 때 쓰이는 정형적인 모델을 이용한다. 이 모델은 정적 분석과 성능 예측이 가능하지만, 로봇의 행위를 표현하기에는 제약이 있다. 그래서 본 논문에서 외부의 이벤트에 의해 수행 중간에 행위를 변경하는 로봇을 위해 유한 상태 머신 모델과 데이터 플로우 모델이 결합하여 동적 행위를 명세할 수 있는 확장된 모델을 적용한다. 그리고 딥러닝과 같이 계산량을 많이 필요로 하는 응용을 분석하기 위해, 루프 구조를 명시적으로 표현할 수 있는 모델을 제안한다. 마지막으로 여러 로봇의 협업 운용을 위해 로봇 사이에 공유되는 정보를 나타내기 위해 두 가지 모델을 사용한다. 먼저 중앙에서 공유 정보를 관리하기 위해 라이브러리 태스크라는 특별한 태스크를 통해 공유 정보를 나타낸다. 또한, 로봇이 자신의 정보를 가까운 로봇들과 공유하기 위해 멀티캐스팅을 위한 새로운 포트를 추가한다. 이렇게 확장된 정형적인 모델은 실제 로봇 코드로 자동 생성되어, 소프트웨어 설계 생산성 및 개발 효율성에 이점을 가진다. 비전문가가 명세한 스크립트 언어는 정형적인 태스크 모델로 변환하기 위해 중간 단계인 전략 단계를 추가하였다. 제안하는 방법론의 타당성을 검증하기 위해, 시뮬레이션과 여러 대의 실제 로봇을 이용한 협업하는 시나리오에 대해 실험을 진행하였다.In the near future, it will be common that a variety of robots are cooperating to perform a mission in various fields. There are two software challenges when deploying collaborative robots: how to specify a cooperative mission and how to program each robot to accomplish its mission. In this paper, we propose a novel software development framework that separates mission specification and robot behavior programming, which is called service-oriented and model-based (SeMo) framework. Also, it can support distributed robot systems, swarm robots, and their hybrid. For mission specification, a novel scripting language is proposed with the expression capability. It involves team composition and service-oriented behavior specification of each team, allowing dynamic mode change of operation and multi-tasking. Robots are grouped into teams, and the behavior of each team is defined with a composite service. The internal behavior of a composite service is defined by a sequence of services that the robots will perform. The notion of plan is applied to express multi-tasking. And the robot may have various operating modes, so mode change is triggered by events generated in a composite service. Moreover, to improve the robustness, scalability, and flexibility of robot collaboration, the high-level mission scripting language is extended with new features such as team hierarchy, group service, one-to-many communication. We assume that any robot fails during the execution of scenarios, and the grouping of robots can be made at run-time dynamically. Therefore, the extended mission specification enables a casual user to specify various types of cooperative missions easily. For robot behavior programming, an extended dataflow model is used for task-level behavior specification that does not depend on the robot hardware platform. To specify the dynamic behavior of the robot, we apply an extended task model that supports a hybrid specification of dataflow and finite state machine models. Furthermore, we propose a novel extension to allow the explicit specification of loop structures. This extension helps the compute-intensive application, which contains a lot of loop structures, to specify explicitly and analyze at compile time. Two types of information sharing, global information sharing and local knowledge sharing, are supported for robot collaboration in the dataflow graph. For global information, we use the library task, which supports shared resource management and server-client interaction. On the other hand, to share information locally with near robots, we add another type of port for multicasting and use the knowledge sharing technique. The actual robot code per robot is automatically generated from the associated task graph, which minimizes the human efforts in low-level robot programming and improves the software design productivity significantly. By abstracting the tasks or algorithms as services and adding the strategy description layer in the design flow, the mission specification is refined into task-graph specification automatically. The viability of the proposed methodology is verified with preliminary experiments with three cooperative mission scenarios with heterogeneous robot platforms and robot simulator.Chapter 1. Introduction 1 1.1 Motivation 1 1.2 Contribution 7 1.3 Dissertation Organization 9 Chapter 2. Background and Existing Research 11 2.1 Terminologies 11 2.2 Robot Software Development Frameworks 25 2.3 Parallel Embedded Software Development Framework 31 Chapter 3. Overview of the SeMo Framework 41 3.1 Motivational Examples 45 Chapter 4. Robot Behavior Programming 47 4.1 Related works 48 4.2 Model-based Task Graph Specification for Individual Robots 56 4.3 Model-based Task Graph Specification for Cooperating Robots 70 4.4 Automatic Code Generation 74 4.5 Experiments 78 Chapter 5. High-level Mission Specification 81 5.1 Service-oriented Mission Specification 82 5.2 Strategy Description 93 5.3 Automatic Task Graph Generation 96 5.4 Related works 99 5.5 Experiments 104 Chapter 6. Conclusion 114 6.1 Future Research 116 Bibliography 118 Appendices 133 요약 158Docto

Practical Use of High-level Petri Nets

This booklet contains the proceedings of the Workshop on Practical Use of High-level Petri Nets, June 27, 2000. The workshop is part of the 21st International Conference on Application and Theory of Petri Nets organised by the CPN group at the Department of Computer Science, University of Aarhus, Denmark. The workshop papers are available in electronic form via the web pages: http://www.daimi.au.dk/pn2000/proceeding

Dagstuhl News January - December 2000

"Dagstuhl News" is a publication edited especially for the members of the Foundation "Informatikzentrum Schloss Dagstuhl" to thank them for their support. The News give a summary of the scientific work being done in Dagstuhl. Each Dagstuhl Seminar is presented by a small abstract describing the contents and scientific highlights of the seminar as well as the perspectives or challenges of the research topic

Practical Use of High-level Petri Nets

This booklet contains the proceedings of the Workshop on Practical Use of High-level Petri Nets, June 27, 2000. The workshop is part of the 21st International Conference on Application and Theory of Petri Nets organised by the CPN group at the Department of Computer Science, University of Aarhus, Denmark. The workshop papers are available in electronic form via the web pages: http://www.daimi.au.dk/pn2000/proceeding

A generic framework for process execution and secure multi-party transaction authorization

Process execution engines are not only an integral part of workflow and business process management systems but are increasingly used to build process-driven applications. In other words, they are potentially used in all kinds of software across all application domains. However, contemporary process engines and workflow systems are unsuitable for use in such diverse application scenarios for several reasons. The main shortcomings can be observed in the areas of interoperability, versatility, and programmability. Therefore, this thesis makes a step away from domain specific, monolithic workflow engines towards generic and versatile process runtime frameworks, which enable integration of process technology into all kinds of software. To achieve this, the idea and corresponding architecture of a generic and embeddable process virtual machine (ePVM), which supports defining process flows along the theoretical foundation of communicating extended finite state machines, are presented. The architecture focuses on the core process functionality such as control flow and state management, monitoring, persistence, and communication, while using JavaScript as a process definition language. This approach leads to a very generic yet easily programmable process framework. A fully functional prototype implementation of the proposed framework is provided along with multiple example applications. Despite the fact that business processes are increasingly automated and controlled by information systems, humans are still involved, directly or indirectly, in many of them. Thus, for process flows involving sensitive transactions, a highly secure authorization scheme supporting asynchronous multi-party transaction authorization must be available within process management systems. Therefore, along with the ePVM framework, this thesis presents a novel approach for secure remote multi-party transaction authentication - the zone trusted information channel (ZTIC). The ZTIC approach uniquely combines multiple desirable properties such as the highest level of security, ease-of-use, mobility, remote administration, and smooth integration with existing infrastructures into one device and method. Extensively evaluating both, the ePVM framework and the ZTIC, this thesis shows that ePVM in combination with the ZTIC approach represents a unique and very powerful framework for building workflow systems and process-driven applications including support for secure multi-party transaction authorization