Anticipatory Self-Defense in the Cyber Context

This chapter explores the application of the law relating to anticipatory self-defence to attacks in the cyber domain

Twelve Key Questions on Self-Defense against Non-State Actors

This article examines the most pertinent questions relating to the applicability of the right of self-defense to attacks conducted by non-State armed groups (NSAGs) acting independently of State control from the territory of one or more States against the territory of another State. These questions are approached from the perspective of legality (does the right of self-defense apply to attacks not mounted by or under the control of a State) and modality (assuming the applicability of self-defense to such attacks; how do the principles of necessity, proportionality and immediacy affect its application)? Starting with an assessment of the place of self-defense in international law at the time the U.N. Charter was adopted, it proceeds with an examination of State practice before and after the 9/11 attacks. The 9/11 attacks triggered not only increased reliance upon self-defense in relation to attacks by NSAGs, but also an ongoing debate to which this article is intended as a constructive contribution. After concluding that there is substantial and increasing, albeit not universal support for the applicability of self-defense to attacks by NSAGs, the modality of its application is discussed. In that context, the principle of necessity in the context of self-defense is presented as being of paramount importance in answering the question of under which circumstances self-defense against NSAGs can be exercised on the territory of another State and how such action relates to the rights of the State where the NSAG is located and conducting operations from

Scheduling Induced Bounds and the Verification of Preemptive Real-Time Systems

Distributed real-time and embedded (DRE) systems have stringent constraints on timeliness and other properties whose assurance is crucial to correct system behavior. Our previous research has shown that detailed models of essential middleware mechanisms can be developed, composed, and for constrained examples verified tractably, using state of the art timed automata model checkers. However, to apply model checking to a wider range of real-time systems, particularly those involving more general forms of preemptive concurrency, new techniques are needed to address decidability and tractability concerns. This paper makes three contributions to research on formal verification and validation of DRE systems. First, it describes how bounded fair scheduling policies introduce a quasi-cyclic structure in the state space of multi-threaded real-time systems. Second, it shows that bounds on the divergence of threads\u27 execution can be determined for that quasi-cyclic structure, which then can be exploited to reduce the complexity of model checking. Third, it presents a case study involving progress-based fair scheduling of multi-threaded processing pipelines, with which the approach is evaluated

Patients, Professionals and the Internet: Renegotiating the Healthcare Encounter

The aim of this research was to examine how patient use of internet information impinges on the utilisation of healthcare services. The research had the following objectives: + to quantify the extent, and patterns, of patients use of the internet as a health information resource and identify the factors leading to variations in behaviour. + to identify the search strategies employed by patients in accessing internet health information internet and the evaluative approaches used in assessing information quality. + to analyse the content and dynamics of virtual health communities and how participation in such communities is integrated into engagement with health services. + to document the evolving nature of patient-professional interaction arising from patient access to health information and the subsequent format of the healthcare encounter. + to assess the effect of changing patient access to information and changes in the healthcare encounter on patterns of patient decision making and health behaviours

Scheduling Design with Unknown Execution Time Distributions or Modes

Open soft real-time systems, such as mobile robots, experience unpredictable interactions with their environments and yet must respond both adaptively and with reasonable temporal predictability. Because of the uncertainty inherent in such interactions, many of the assumptions of the real-time scheduling techniques traditionally used to ensure predictable timing of system actions do not hold in those environments. In previous work we have developed novel techniques for scheduling policy design where up-front knowledge of execution time distributions can be used to produce both compact representations of resource utilization state spaces and efficient optimal scheduling policies over those state spaces. This paper makes two main contributions beyond our previous work, to the state of the art in scheduling open soft real-time systems: (1) it shows how to relax the assumption that the entire distribution of execution times is known up front, to allow online learning of an execution time distribution during system run-time; and (2) it shows how to relax the assumption that the execution time of a system action can be characterized by a single distribution, to accommodate different execution time distributions for an action being taken in one of multiple modes. Each of these contributions allows a wider range of system actions to be scheduled adaptively and with temporal predictability, which increases the applicability of our approach to even more general classes of open soft real-time systems

The Design and Performance of Cyber-Physical Middleware for Real-Time Hybrid Structural Testing

Real-time hybrid testing of civil structures, in which computational models and physical components must be integrated with high fidelity at run-time represents a grand challenge in the emerging area of cyber-physical systems. Actuator dynamics, complex interactions among computers and physical components, and computation and communication delays all must be managed carefully to achieve accurate tests. To address these challenges, we have developed a novel middleware for integrating cyber and physical components flexibly and with suitable timing behavior within a Cyber-physical Instrument for Real-time hybrid Structural Testing (CIRST). This paper makes three main contributions to the state of the art in middleware for cyber-physical systems: (1) a novel middleware architecture within which cyber-physical components can be integrated flexibly through XML-based configuration specifications, (2) an efficient middleware implementation in C++ that can maintain necessary real-time performance, and (3) a case study that evaluates the middleware\u27s performance and demonstrates its suitability for real-time hybrid testing

Optimal Time Utility Based Scheduling Policy Design for Cyber-Physical Systems

Classical scheduling abstractions such as deadlines and priorities do not readily capture the complex timing semantics found in many real-time cyber-physical systems. Time utility functions provide a necessarily richer description of timing semantics, but designing utility-aware scheduling policies using them is an open research problem. In particular, optimal utility accrual scheduling design is needed for real-time cyber-physical domains. In this paper we design optimal utility accrual scheduling policies for cyber-physical systems with periodic, non-preemptable tasks that run with stochastic duration. These policies are derived by solving a Markov Decision Process formulation of the scheduling problem. We use this formulation to demonstrate that our technique improves on existing heuristic utility accrual scheduling policies

Group Scheduling in SELinux to Mitigate CPU-Focused Denial of Service Attacks

Popular security techniques such as public-private key encryption, firewalls, and role-based access control offer significant protec-tion of system data, but offer only limited protection of the computations using that data from significant interference due to accident or adversarial attack. However, in an increasing number of modern systems, ensuring the reliable execution of system activities is every bit as important as ensuring data security. This paper makes three contributions to the state of the art in protection of the execution of system activities from accidental or adversarial interference. First, we consider the motivating problem of CPU-focused denial of service attacks, and explain how limitations of current approaches to these kinds of attacks make it difficult to offer sufficiently rigorous and fine-grained assurances of protection for the execution of system computations. Second, we describe a novel solution approach in which we have integrated fine-grained scheduling decision functions with system call hooks from the Security Enhanced Linux (SELinux) framework within the Linux 2.6 kernel. Third, we present empirical evaluations of the efficacy of our approach in controlling the CPU utilization of competing greedy computations that are either completely CPU bound, or that interleave I/O and CPU access, across a range of relative allocations of the CPU