PROTECT: container process isolation using system call interception

Virtualization is the underpinning technology enabling cloud computing service provisioning, and container-based virtualization provides an efficient sharing of the underlying host kernel libraries amongst multiple guests. While there has been research on protecting the host against compromise by malicious guests, research on protecting the guests against a compromised host is limited. In this paper, we present an access control solution which prevents the host from gaining access into the guest containers and their data. Using system call interception together with the built-in AppArmor mandatory access control (MAC) approach the solution protects guest containers from a malicious host attempting to compromise the integrity of data stored therein. Evaluation of results have shown that it can effectively prevent hostile access from host to guest containers while ensuring minimal performance overhead

Simulation as a method for asymptotic system behavior identification (e.g. water frog hemiclonal population systems)

Studying any system requires development of ways to describe the variety of its conditions. Such development includes three steps. The first one is to identify groups of similar systems (associative typology). The second one is to identify groups of objects which are similar in characteristics important for their description (analytic typology). The third one is to arrange systems into groups based on their predicted common future (dynamic typology). We propose a method to build such a dynamic topology for a system. The first step is to build a simulation model of studied systems. The model must be undetermined and simulate stochastic processes. The model generates distribution of the studied systems output parameters with the same initial parameters. We prove the correctness of the model by aligning the parameters sets generated by the model with the set of the original systems conditions evaluated empirically. In case of a close match between the two, we can presume that the model is adequately describing the dynamics of the studied systems. On the next stage, we should determine the probability distribution of the systems transformation outcome. Such outcomes should be defined based on the simulation of the transformation of the systems during the time sufficient to determine its fate. If the systems demonstrate asymptotic behavior, its phase space can be divided into pools corresponding to its different future state prediction. A dynamic typology is determined by which of these pools each system falls into. We implemented the pipeline described above to study water frog hemiclonal population systems. Water frogs (Pelophylax esculentus complex) is an animal group displaying interspecific hybridization and non-mendelian inheritance

Sustainable coexistence of the parental species and hemiclonal interspecific hybrids is provided by the variety of ontogenetic strategies

Factors determining the sustainability of Hemiclonal Population Systems in which the interspecies hybrids Pelophylax esculentus complex coexist with members of parental species were studied using a combination of empirical data and computer simulation modeling. The empirical data demonstrates the existence of different intrapopulation strategies by partitioning a sample of individuals into two groups on the basis of their body size at a given age and comparing selected groups in terms of factors such as growth rate, life span, females’ fecundity and the age at which breeding commences. Then by using simulation modeling, we study the probable importance of intrapopulation ontogenetic strategies for the stability of Pelophylax esculentus complex HPS

Ambisonic Audio System Optimization Using a HPC Cluster

This paper investigates the use of the Glasgow Caledonian University VOTER HPC cluster for optimizing Ambisonic surround sound decoders. The cluster was used to run an exhaustive search coded using MPI C/C++ in order to obtain an optimal set of Ambisonic decoder parameters for a fixed resolution. The execution time of running this problem on the cluster compares favorably to work carried out on other hardware and shows that a significant increase in time-to-solution is achievable