Design and Implementation of Virtual Private Services

Large scale distributed applications such as electronic commerce and online marketplaces combine network access with multiple storage and computational elements. The distributed responsibility for resource control creates new security and privacy issues, which are exacerbated by the complexity of the operating environment. In order to handle policies at multiple locations, the usual tools available (firewalls and compartmented file storage) get to be used in ways that are clumsy and prone to failure. We propose a new approach, virtual private services. Our approach relies on two functional divisions. First, we split policy specification and policy enforcement, providing local autonomy within the constraints of the global security policy. Second, we create virtual security domains, each with its own security policy. Every domain has an associated set of privileges and permissions restricting it to the resources it needs to use and the services it must perform. Virtual private services ensure security and privacy policies are adhered to through coordinated policy enforcement points. We describe our architecture and a prototype implementation, and present a preliminary performance evaluation confirming that our overhead of policy enforcement using is small

A New Page in Protecting European Constitutional Values: How to best use the new EU Rule of Law Framework vis-a-vis Poland

The application of the EU Commission’s Rule of Law Framework in the current Polish case is a step in the right direction. It seems a good instance to develop the Framework as an EU mechanism to protect European constitutional values in a European legal space which is rife with constitutional crises, but short of instruments to address them. Its pertinence appears even more clearly in comparison to the Council’s (in)activity under its own rule-of-law mechanism, hastily put forward after the Commission’s Framework. The activation of the Framework has shown its potential to mobilize European public opinion and orient public discourses to the current condition of EU value

Implementing Pushback: Router-Based Defense Against DDoS Attacks

Pushback is a mechanism for defending against distributed denial-of-service (DDoS) attacks. DDoS attacks are treated as a congestion-control problem, but because most such congestion is caused by malicious hosts not obeying traditional end-to-end congestion control, the problem must be handled by the routers. Functionality is added to each router to detect and preferentially drop packets that probably belong to an attack. Upstream routers are also notified to drop such packets (hence the term Pushback) in order that the router's resources be used to route legitimate traffic. In this paper we present an architecture for Pushback, its implementation under FreeBSD, and suggestions for how such a system can be implemented in core routers

Virtual Private Services: Coordinated Policy Enforcement for Distributed Applications

Large scale distributed applications combine network access with multiple storage and computational elements. The distributed responsibility for resource control creates new security issues, caused by the complexity of the operating environment. In particular, policies at multiple layers and locations force conventional mechanisms such as firewalls and compartmented file storage into roles where they are clumsy and failure-prone. Our approach relies on two functional divisions. First, we split policy specification and policy enforcement, providing local autonomy within the constraints of the global security policy. Second, we create virtual security domains each with its own security policy. Every domain has an associated set of privileges and permissions restricting it to the resources it needs to use and the services it must perform. Virtual private services ensure security and privacy policies are adhered to through coordinated policy enforcement points

On the Use of Stream Control Transmission Protocol (SCTP) with IPsec

This document describes functional requirements for IPsec (RFC 2401) and Internet Key Exchange (IKE) (RFC 2409) to facilitate their use in securing SCTP (RFC 2960) traffic

Wettability and capillary behavior of fibrous gas diffusion media for polymer electrolyte membrane fuel cells

The final publication is available at Elsevier via http://dx.doi.org/10.1016/j.jpowsour.2009.04.052 © 2017. This manuscript version is made available under the CC-BY-NC-ND 4.0 license http://creativecommons.org/licenses/by-nc-nd/4.0/The relationship of capillary pressure to liquid saturation for the water-air fluid pair in two different types of gas diffusion media (GDM) used in polymer electrolyte membrane fuel cell (PEMFC) electrodes is elucidated. It is experimentally demonstrated that GDM samples with and without treatment with poly(tetrafluoroethylene) (PTFE) ubiquitously display permanent capillary pressure hysteresis. Water does not imbibe spontaneously into a dry GDM, neither is it ejected spontaneously from a water-saturated GDM. Rather, positive displacement pressure is required to force both water and air into GDMs, whereas the main effect of adding PTFE is to increase the amount of work required for forcing water into the GDM. and to decrease the work required for water removal. Irrespective of PTFE content, the GDM samples tested are generally shown to behave as materials of intermediate (neutral) wettability. The US Bureau of Mines (USBM) wettability index nevertheless shows that water is the preferentially non-wetting phase in PTFE-treated GDMs and the preferentially wetting phase in untreated GDMs. Water-air capillary pressure curves are found to depend on sample thickness, clearly demonstrating that finite size effects are important. Finally, compression of the GDM is found to increase the capillary pressures for water injection and decrease the capillary pressures required for water withdrawal. These results should aid the design of GDMs with improved water management properties and the modeling of PEMFC electrodes in general. (C) 2009 Elsevier B.V. All rights reserved.Natural Science and Engineering Research Council of Canada (NSERC

Impact of Liquid Water on Reactant Mass Transfer in PEM Fuel Cell Electrodes

Published by Electrochemical Society. Final version available at: http://dx.doi.org/10.1149/1.3291977The breakthrough conditions (capillary pressure and liquid water saturation) in a fibrous gas diffusion medium (GDM) used in polymer electrolyte membrane (PEM) fuel cell electrodes have been studied experimentally by two independent techniques and numerically by pore network modeling. Experiments show that treatment of the GDMs with a hydrophobic polymer coating reduces the water saturation at a breakthrough by 50%. Invasion percolation modeling is employed to simulate the breakthrough process and to determine mass-transfer rates through the partially saturated network. This model shows that the water saturation at breakthrough is drastically reduced when a microporous layer (MPL) is incorporated into the GDM, agreeing with experiments. However, the simulations yield limiting currents significantly higher than those observed in practice whether or not an MPL is present. Further calculations to include the contribution of condensation to water saturation within the GDM also result in unrealistically high limiting currents and suggest that mass-transfer resistance in the catalyst layer that is not included in the model plays an important role. If condensation is the principal mode for water accumulation within the GDM, simulations show that the MPL has only a small impact on liquid water distribution and does not improve performance, contrary to expectation.Natural Science and Engineering Research Council of Canada (NSERC

Pore network modeling of fibrous gas diffusion layers for polymer electrolyte membrane fuel cells

The final publication is available at Elsevier via http://dx.doi.org/10.1016/j.jpowsour.2007.04.059 © 2017. This manuscript version is made available under the CC-BY-NC-ND 4.0 license http://creativecommons.org/licenses/by-nc-nd/4.0/A pore network model of the gas diffusion layer (GDL) in a polymer electrolyte membrane fuel cell is developed and validated. The model idealizes the GDL as a regular cubic network of pore bodies and pore throats following respective size distributions. Geometric parameters of the pore network model are calibrated with respect to porosimetry and gas permeability measurements for two common GDL materials and the model is subsequently used to compute the pore-scale distribution of water and gas under drainage conditions using an invasion percolation algorithm. From this information, the relative permeability of water and gas and the effective gas diffusivity are computed as functions of water saturation using resistor-network theory. Comparison of the model predictions with those obtained from constitutive relationships commonly used in current PEMFC models indicates that the latter may significantly overestimate the gas phase transport properties. Alternative relationships are suggested that better match the pore network model results. The pore network model is also used to calculate the limiting current in a PEMFC under operating conditions for which transport through the GDL dominates mass transfer resistance. The results suggest that a dry GDL does not limit the performance of a PEMFC, but it may become a significant source of concentration polarization as the GDL becomes increasingly saturated with water