Double Mask: An efficient rule encoding for Software Defined Networking

International audiencePacket filtering is widely used in multiple networking appliances and applications, in particular, to block malicious traffic (protect network infrastructures through firewalls and intrusion detection systems) and to be deployed on routers, switches and load balancers for packet classification. This mechanism relies on the packet's header fields to filter such traffic by using range rules of IP addresses or ports. However, the set of packet filters has to handle a growing number of connected nodes and many of them are compromised and used as sources of attacks. For instance, IP filter sets available in blacklists may reach several millions of entries, and may require large memory space for their storage in filtering appliances. In this paper, we propose a new method based on a double mask IP prefix representation together with a linear transformation algorithm to build a minimized set of range rules. This representation makes the network more secure, reliable and easy to maintain and configure. We define formally the double mask representation over range rules. We show empirically that the proposed method achieves an average compression ratio of 11% on real-life blacklists and up to 74% on synthetic range rule sets. Finally, we evaluate the performance of our double masks representation through an OpenFlow based implementation with an SDN testbed using real hardware. Our results show that our technique is capable of significantly reducing the matching time in the controller when compression ratios are higher than 15% leading to a faster response time, and a good balance between matching time and memory space in the switch

Novel concept of gas sensitivity characterization of materials suited for implementation in FET-based gas sensors

Abstract : We propose a novel technique to investigate the gas sensitivity of materials for implementation in field-effect transistor-based gas sensors. Our technique is based on the measurement of the surface charge induced by gas species adsorption, using an electrometer. Platinum sensitivity to hydrogen diluted in synthetic air has been evaluated with the proposed charge measurement technique in the operation temperature range from 80 to 190 °C at constant H2 concentration of 4 % and for different concentrations ranging from 0.5 to 4 % at 130 °C

Minimizing Range Rules for Packet Filtering Using Double Mask Representation

Packet filtering is widely used in multiple networking appliances and applications, in particular, to block malicious traffic (protect network infrastructures through fire-walls and intrusion detection systems) and to be deployed on routers, switches and load balancers for packet classification. This mechanism relies on the packet's header fields to filter such traffic by using range rules of IP addresses or ports. However, the set of packet filters has to handle a growing number of connected nodes and many of them are compromised and used as sources of attacks. For instance, IP filter sets available in blacklists may reach several millions of entries, and may require large memory space for their storage in filtering appliances. In this paper, we propose a new method based on a double mask IP prefix representation together with a linear transformation algorithm to build a minimized set of range rules. We define formally the double mask representation over range rules and we prove that the number of required masks for any range is at most 2w − 4, where w is the length of a field. This representation makes the network more secure, reliable and easy to maintain and configure. We define formally the double mask representation over range rules. We show empirically that the proposed method achieves an average compression ratio of 11% on real-life blacklists and up to 74% on synthetic range rule sets.Finally, we add support of double mask into a real SDN network

Implementation of the One Health approach to fight arbovirus infections in the Mediterranean and Black Sea Region: Assessing integrated surveillance in Serbia, Tunisia and Georgia

Background In the Mediterranean and Black Sea Region, arbovirus infections are emerging infectious diseases. Their surveillance can benefit from one health inter-sectoral collaboration; however, no standardized methodology exists to study One Health surveillance. Methods We designed a situation analysis study to document how integration of laboratory/clinical human, animal and entomological surveillance of arboviruses was being implemented in the Region. We applied a framework designed to assess three levels of integration: policy/institutional, data collection/data analysis and dissemination. We tested the use of Business Process Modelling Notation (BPMN) to graphically present evidence of inter-sectoral integration. Results Serbia, Tunisia and Georgia participated in the study. West Nile Virus surveillance was analysed in Serbia and Tunisia, Crimea-Congo Haemorrhagic Fever surveillance in Georgia. Our framework enabled a standardized analysis of One Health surveillance integration, and BPMN was easily understandable and conducive to detailed discussions among different actors/institutions. In all countries, we observed integration across sectors and levels except in data collection and data analysis. Data collection was interoperable only in Georgia without integrated analysis. In all countries, surveillance was mainly oriented towards outbreak response, triggered by an index human case. Discussion The three surveillance systems we observed prove that integrated surveillance can be operationalized with a diverse spectrum of options. However, in all countries, the integrated use of data for early warning and inter-sectoral priority setting is pioneeristic. We also noted that early warning before human case occurrence is recurrently not operationally prioritized

The mammalian gene function resource: the International Knockout Mouse Consortium.

In 2007, the International Knockout Mouse Consortium (IKMC) made the ambitious promise to generate mutations in virtually every protein-coding gene of the mouse genome in a concerted worldwide action. Now, 5 years later, the IKMC members have developed high-throughput gene trapping and, in particular, gene-targeting pipelines and generated more than 17,400 mutant murine embryonic stem (ES) cell clones and more than 1,700 mutant mouse strains, most of them conditional. A common IKMC web portal (www.knockoutmouse.org) has been established, allowing easy access to this unparalleled biological resource. The IKMC materials considerably enhance functional gene annotation of the mammalian genome and will have a major impact on future biomedical research

The mammalian gene function resource: The International Knockout Mouse Consortium

In 2007, the International Knockout Mouse Consortium (IKMC) made the ambitious promise to generate mutations in virtually every protein-coding gene of the mouse genome in a concerted worldwide action. Now, 5 years later, the IKMC members have developed highthroughput gene trapping and, in particular, gene-targeting pipelines and generated more than 17,400 mutant murine embryonic stem (ES) cell clones and more than 1,700 mutant mouse strains, most of them conditional. A common IKMC web portal (www.knockoutmouse.org) has been established, allowing easy access to this unparalleled biological resource. The IKMC materials considerably enhance functional gene annotation of the mammalian genome and will have a major impact on future biomedical research

Nat Genet

The function of the majority of genes in the mouse and human genomes remains unknown. The mouse embryonic stem cell knockout resource provides a basis for the characterization of relationships between genes and phenotypes. The EUMODIC consortium developed and validated robust methodologies for the broad-based phenotyping of knockouts through a pipeline comprising 20 disease-oriented platforms. We developed new statistical methods for pipeline design and data analysis aimed at detecting reproducible phenotypes with high power. We acquired phenotype data from 449 mutant alleles, representing 320 unique genes, of which half had no previous functional annotation. We captured data from over 27,000 mice, finding that 83% of the mutant lines are phenodeviant, with 65% demonstrating pleiotropy. Surprisingly, we found significant differences in phenotype annotation according to zygosity. New phenotypes were uncovered for many genes with previously unknown function, providing a powerful basis for hypothesis generation and further investigation in diverse systems.Comment in : Genetic differential calculus. [Nat Genet. 2015] Comment in : Scaling up phenotyping studies. [Nat Biotechnol. 2015

ETUDES IN VIVO DU FACTEUR DE TRANSCRIPTION NET

STRASBOURG-Sc. et Techniques (674822102) / SudocSudocFranceF

Automated Placement of In-Network ACL Rules

International audienceAutomatically deploying distributed Access Control Lists (ACLs) in a software-defined network can ensure their internal services and hosts connectivity, security and reliability. ACLs are often deployed in a switch using Ternary Content-Addressable Memory (TCAM). Since TCAM memory is often too limited to store a large ACL, one has to split the lists and distribute the parts on several switches in such a way that every packet travelling from a source to a destination undergoes the required match-action rules. In this paper, we develop and compare three algorithms based on graph theory and Reinforcement Learning (RL) techniques to automatically distribute ACLs across networks switches, while minimizing their TCAM memory occupancy. We compare the three algorithms on several network topologies to evaluate their efficiency in terms of memory occupancy