1,866 research outputs found
Reducing Timing Interferences in Real-Time Applications Running on Multicore Architectures
We introduce a unified wcet analysis and scheduling framework for real-time applications deployed on multicore architectures. Our method does not follow a particular programming model, meaning that any piece of existing code (in particular legacy) can be re-used, and aims at reducing automatically the worst-case number of timing interferences between tasks. Our method is based on the notion of Time Interest Points (tips), which are instructions that can generate and/or suffer from timing interferences. We show how such points can be extracted from the binary code of applications and selected prior to performing the wcet analysis. We then represent real-time tasks as sequences of time intervals separated by tips, and schedule those tasks so that the overall makespan (including the potential timing penalties incurred by interferences) is minimized. This scheduling phase is performed using an Integer Linear Programming (ilp) solver. Preliminary results on state-of-the-art benchmarks show promising results and pave the way for future extensions of the model and optimizations
Prevention of occupational exposure of tuberculosis to health care workers
The resurgence of tuberculosis in the United States within the past decade has prompted the health care community to develop tuberculosis elimination policies. However, recent outbreaks of tuberculosis have proved to be resistant to multiple antibiotics. Tuberculosis infections among health care workers is also rising. This increase in occupational exposures has prompted the examination of current exposure control measures.
The occupational exposure to tuberculosis is prevented by the use of administrative policies, engineering controls and personal protective equipment. Each control measure has inherent strengths and weaknesses and when implemented through an exposure control plan the risk of occupational exposure can be reduced. Control techniques currently utilized may benefit from additional research and development. The research will not be squandered if tuberculosis is ultimately eliminated, as the knowledge gained may prove beneficial for exposure protection from future bio-hazardous aerosols
The Abandoned Side of the Internet: Hijacking Internet Resources When Domain Names Expire
The vulnerability of the Internet has been demonstrated by prominent IP
prefix hijacking events. Major outages such as the China Telecom incident in
2010 stimulate speculations about malicious intentions behind such anomalies.
Surprisingly, almost all discussions in the current literature assume that
hijacking incidents are enabled by the lack of security mechanisms in the
inter-domain routing protocol BGP. In this paper, we discuss an attacker model
that accounts for the hijacking of network ownership information stored in
Regional Internet Registry (RIR) databases. We show that such threats emerge
from abandoned Internet resources (e.g., IP address blocks, AS numbers). When
DNS names expire, attackers gain the opportunity to take resource ownership by
re-registering domain names that are referenced by corresponding RIR database
objects. We argue that this kind of attack is more attractive than conventional
hijacking, since the attacker can act in full anonymity on behalf of a victim.
Despite corresponding incidents have been observed in the past, current
detection techniques are not qualified to deal with these attacks. We show that
they are feasible with very little effort, and analyze the risk potential of
abandoned Internet resources for the European service region: our findings
reveal that currently 73 /24 IP prefixes and 7 ASes are vulnerable to be
stealthily abused. We discuss countermeasures and outline research directions
towards preventive solutions.Comment: Final version for TMA 201
CAIR: Using Formal Languages to Study Routing, Leaking, and Interception in BGP
The Internet routing protocol BGP expresses topological reachability and
policy-based decisions simultaneously in path vectors. A complete view on the
Internet backbone routing is given by the collection of all valid routes, which
is infeasible to obtain due to information hiding of BGP, the lack of
omnipresent collection points, and data complexity. Commonly, graph-based data
models are used to represent the Internet topology from a given set of BGP
routing tables but fall short of explaining policy contexts. As a consequence,
routing anomalies such as route leaks and interception attacks cannot be
explained with graphs.
In this paper, we use formal languages to represent the global routing system
in a rigorous model. Our CAIR framework translates BGP announcements into a
finite route language that allows for the incremental construction of minimal
route automata. CAIR preserves route diversity, is highly efficient, and
well-suited to monitor BGP path changes in real-time. We formally derive
implementable search patterns for route leaks and interception attacks. In
contrast to the state-of-the-art, we can detect these incidents. In practical
experiments, we analyze public BGP data over the last seven years
Use of near infrared correlation spectroscopy for quantitation of surface iron, absorbed water and stored electronic energy in a suite of Mars soil analog materials
A number of questions concerning the surface mineralogy and the history of water on Mars remain unresolved using the Viking analyses and Earth-based telescopic data. Identification and quantitation of iron-bearing clays on Mars would elucidate these outstanding issues. Near infrared correlation analysis, a method typically applied to qualitative and quantitative analysis of individual constituents of multicomponent mixtures, is adapted here to selection of distinctive features of a small, highly homologous series of Fe/Ca-exchanged montmorillonites and several kalinites. Independently determined measures of surface iron, relative humidity and stored electronic energy were used as constituent data for linear regression of the constituent vs. reflectance data throughout the spectral region 0.68 to 2.5 micrometers. High correlations were found in appropriate regions for all three constituents, though that with stored energy is still considered tenuous. Quantitation was improved using 1st and 2nd derivative spectra. High resolution data over a broad spectral range would be required to quantitatively identify iron-bearing clays by remotely sensed reflectance
Computing Execution Times with eXecution Decision Diagrams in the Presence of Out-Of-Order Resources
Worst-Case Execution Time (WCET) is a key component for the verification of
critical real-time applications. Yet, even the simplest microprocessors
implement pipelines with concurrently-accessed resources, such as the memory
bus shared by fetch and memory stages. Although their in-order pipelines are,
by nature, very deterministic, the bus can cause out-of-order accesses to the
memory and, therefore, timing anomalies: local timing effects that can have
global effects but that cannot be easily composed to estimate the global WCET.
To cope with this situation, WCET analyses have to generate important
over-estimations in order to preserve safety of the computed times or have to
explicitly track all possible executions. In the latter case, the presence of
out-of-order behavior leads to a combinatorial blowup of the number of pipeline
states for which efficient state abstractions are difficult to design. This
paper proposes instead a compact and exact representation of the timings in the
pipeline, using eXecution Decision Diagram (XDD) [1]. We show how XDD can be
used to model pipeline states all along the execution paths by leveraging the
algebraic properties of XDD. This computational model allows to compute the
exact temporal behavior at control flow graph level and is amenable to
efficiently and precisely support WCET calculation in presence of out-of-order
bus accesses. This model is finally experimented on the TACLe benchmark suite
and we observe good performance making this approach appropriate for industrial
applications
The Rise of Certificate Transparency and Its Implications on the Internet Ecosystem
In this paper, we analyze the evolution of Certificate Transparency (CT) over
time and explore the implications of exposing certificate DNS names from the
perspective of security and privacy. We find that certificates in CT logs have
seen exponential growth. Website support for CT has also constantly increased,
with now 33% of established connections supporting CT. With the increasing
deployment of CT, there are also concerns of information leakage due to all
certificates being visible in CT logs. To understand this threat, we introduce
a CT honeypot and show that data from CT logs is being used to identify targets
for scanning campaigns only minutes after certificate issuance. We present and
evaluate a methodology to learn and validate new subdomains from the vast
number of domains extracted from CT logged certificates.Comment: To be published at ACM IMC 201
From Dataflow Specification to Multiprocessor Partitioned Time-triggered Real-time Implementation *
International audienceOur objective is to facilitate the development of complex time-triggered systems by automating the allocation and scheduling steps. We show that full automation is possible while taking into account the elements of complexity needed by a complex embedded control system. More precisely, we consider deterministic functional specifications provided (as often in an industrial setting) by means of synchronous data-flow models with multiple modes and multiple relative periods. We first extend this functional model with an original real-time characterization that takes advantage of our time-triggered framework to provide a simpler representation of complex end-to-end flow requirements. We also extend our specifications with additional non-functional properties specifying partitioning, allocation , and preemptability constraints. Then, weprovide novel algorithms for the off-line scheduling of these extended specifications onto partitioned time-triggered architectures Ă la ARINC 653. The main originality of our work is that it takes into account at the same time multiple complexity elements: various types of non-functional properties (real-time, partitioning, allocation, preemptability) and functional specifications with conditional execution and multiple modes. Allocation of time slots/windows to partitions can be fullyor partially provided, or synthesized by our tool. Our algorithms allow the automatic allocation and scheduling onto multi-processor (distributed) sys-tems with a global time base, taking into account communication costs. We demonstrate our technique on a model of space flight software systemwith strong real-time determinism requirements
- …