2,825 research outputs found
SNS programming environment user's guide
The computing environment is briefly described for the Supercomputing Network Subsystem (SNS) of the Central Scientific Computing Complex of NASA Langley. The major SNS computers are a CRAY-2, a CRAY Y-MP, a CONVEX C-210, and a CONVEX C-220. The software is described that is common to all of these computers, including: the UNIX operating system, computer graphics, networking utilities, mass storage, and mathematical libraries. Also described is file management, validation, SNS configuration, documentation, and customer services
Blocking Java Applets at the Firewall
This paper explores the problem of protecting a site on the Internet against hostile external Java applets while allowing trusted internal applets to run. With careful implementation, a site can be made resistant to current Java security weaknesses as well as those yet to be discovered. In addition, we describe a new attack on certain sophisticated firewalls that is most effectively realized as a Java applet
The NASA master directory: Quick reference guide
This is a quick reference guide to the NASA Master Directory (MD), which is a free, online, multidisciplinary directory of space and Earth science data sets (NASA and non-NASA data) that are of potential interest to the NASA-sponsored research community. The MD contains high-level descriptions of data sets, other data systems and archives, and campaigns and projects. It provides mechanisms for searching for data sets by important criteria such as geophysical parameters, time, and spatial coverage, and provides information on ordering the data. It also provides automatic connections to a number of data systems such as the NASA Climate Data System, the Planetary Data System, the NASA Ocean Data System, the Pilot Land Data System, and others. The MD includes general information about many data systems, data centers, and coordinated data analysis projects, It represents the first major step in the Catalog Interoperability project, whose objective is to enable researchers to quickly and efficiently identify, obtain information about, and get access to space and Earth science data. The guide describes how to access, use, and exit the MD and lists its features
Traffic measurement and analysis
Measurement and analysis of real traffic is important to gain knowledge
about the characteristics of the traffic. Without measurement, it is
impossible to build realistic traffic models. It is recent that data
traffic was found to have self-similar properties. In this thesis work
traffic captured on the network at SICS and on the Supernet, is shown to
have this fractal-like behaviour. The traffic is also examined with
respect to which protocols and packet sizes are present and in what
proportions. In the SICS trace most packets are small, TCP is shown to be
the predominant transport protocol and NNTP the most common application.
In contrast to this, large UDP packets sent between not well-known ports
dominates the Supernet traffic. Finally, characteristics of the client
side of the WWW traffic are examined more closely. In order to extract
useful information from the packet trace, web browsers use of TCP and HTTP
is investigated including new features in HTTP/1.1 such as persistent
connections and pipelining. Empirical probability distributions are
derived describing session lengths, time between user clicks and the
amount of data transferred due to a single user click. These probability
distributions make up a simple model of WWW-sessions
Linear-time Temporal Logic guided Greybox Fuzzing
Software model checking is a verification technique which is widely used for
checking temporal properties of software systems. Even though it is a property
verification technique, its common usage in practice is in "bug finding", that
is, finding violations of temporal properties. Motivated by this observation
and leveraging the recent progress in fuzzing, we build a greybox fuzzing
framework to find violations of Linear-time Temporal Logic (LTL) properties.
Our framework takes as input a sequential program written in C/C++, and an
LTL property. It finds violations, or counterexample traces, of the LTL
property in stateful software systems; however, it does not achieve
verification. Our work substantially extends directed greybox fuzzing to
witness arbitrarily complex event orderings. We note that existing directed
greybox fuzzing approaches are limited to witnessing reaching a location or
witnessing simple event orderings like use-after-free. At the same time,
compared to model checkers, our approach finds the counterexamples faster,
thereby finding more counterexamples within a given time budget.
Our LTL-Fuzzer tool, built on top of the AFL fuzzer, is shown to be effective
in detecting bugs in well-known protocol implementations, such as OpenSSL and
Telnet. We use LTL-Fuzzer to reproduce known vulnerabilities (CVEs), to find 15
zero-day bugs by checking properties extracted from RFCs (for which 10 CVEs
have been assigned), and to find violations of both safety as well as liveness
properties in real-world protocol implementations. Our work represents a
practical advance over software model checkers -- while simultaneously
representing a conceptual advance over existing greybox fuzzers. Our work thus
provides a starting point for understanding the unexplored synergies between
software model checking and greybox fuzzing.Comment: To appear in International Conference on Software Engineering (ICSE)
202
Way of the Ferret: Finding and Using Resources on the Internet
This source-book is designed to aid educators in exploring the Internet.https://scholarworks.wm.edu/educationbook/1000/thumbnail.jp
- …