83 research outputs found
Protecting Private Data in the Cloud
Companies that process business critical and secret data are reluctant
to use utility and cloud computing for the risk that their data gets
stolen by rogue system administrators at the hosting company. We
describe a system organization that prevents host administrators from
directly accessing or installing eaves-dropping software on the
machine that holds the client's valuable data. Clients are monitored
via machine code probes that are inlined into the clients' programs at
runtime. The system enables the cloud provider to install and remove software
probes into the machine code without stopping the client's program, and
it prevents the provider from installing probes not granted by the
client
Libra, a Multi-hop Radio Network Bandwidth Market
Libra is a two-level market which assigns fractional shares of time to the transmitting nodes in local
regions of a multi-hop network. In Libra, users are assigned budgets by management and users assign
funding to services within their budget limits. The purpose is to prioritize users and also optimize network
utilization by preventing source nodes from injecting too much traffic into the network and thereby causing
downstream packet loss. All transmitting nodes sell capacity in the region surrounding them, and buy
capacity from their neighbors in order to be able to transmit. Streams buy capacity from each of the nodes
on their paths, thus streams that cross the same region compete directly for the bandwidth in that region.
Prices are adjusted incrementally on both levels
Hypervisor Integrity Measurement Assistant
An attacker who has gained access to a computer may want to upload or modify configuration files, etc., and run arbitrary programs of his choice. We can severely restrict the power of the attacker by having a white-list of approved file checksums and preventing the kernel from loading loading any file with a bad checksum. The check may be placed in the kernel, but that requires a kernel that is prepared for it. The check may also be placed in a hypervisor which intercepts and prevents the kernel from loading a bad file.
We describe the implementation of and give performance results for two systems. In one the checksumming, or integrity measurement, and decision is performed by the hypervisor instead of the OS. In the other only the final integrity decision is done in the hypervisor. By moving the integrity check out from the VM kernel it becomes harder for the intruder to bypass the check.
We conclude that it is technically possible to put file integrity control into the hypervisor, both for kernels without and with pre-compiled support for integrity measurement
Pricing Virtual Paths with Quality-of-Service Guarantees as Bundle Derivatives
We describe a model of a communication network that allows us to price
complex network services as financial derivative contracts based on the spot
price of the capacity in individual routers. We prove a theorem of a Girsanov
transform that is useful for pricing linear derivatives on underlying assets,
which can be used to price many complex network services, and it is used to
price an option that gives access to one of several virtual channels between
two network nodes, during a specified future time interval. We give the
continuous time hedging strategy, for which the option price is independent of
the service providers attitude towards risk. The option price contains the
density function of a sum of lognormal variables, which has to be evaluated
numerically.Comment: 22 pages (15 in main tex and 7 appendix), 5 postscript figure
Securely Launching Virtual Machines on Trustworthy Platforms in a Public Cloud
In this paper we consider the Infrastructure-as-a-Service (IaaS) cloud model which allows cloud users to run their own virtual machines (VMs) on available cloud computing resources. IaaS gives enterprises the possibility to outsource their process workloads with minimal effort and expense. However, one major problem with existing approaches of cloud leasing, is that the users can only get contractual guarantees regarding the integrity of the offered platforms. The fact that the IaaS user himself or herself cannot verify the provider promised cloud platform integrity, is a security risk which threatens to prevent the IaaS business in general. In this paper we address this issue and propose a novel secure VM launch protocol using Trusted Computing techniques. This protocol allows the cloud IaaS users to securely bind the VM to a trusted computer configuration such that the clear text VM only will run on a platform that has been booted into a trustworthy state. This capability builds user confidence and can serve as an important enabler for creating trust in public clouds. We evaluate the feasibility of our proposed protocol via a full scale system implementation and perform a system security analysis
A Price Dynamics in Bandwidth Markets for Point-to-point Connections
We simulate a network of N routers and M network users making concurrent
point-to-point connections by buying and selling router capacity from each
other. The resources need to be acquired in complete sets, but there is only
one spot market for each router. In order to describe the internal dynamics of
the market, we model the observed prices by N-dimensional Ito-processes.
Modeling using stochastic processes is novel in this context of describing
interactions between end-users in a system with shared resources, and allows a
standard set of mathematical tools to be applied. The derived models can also
be used to price contingent claims on network capacity and thus to price
complex network services such as quality of service levels, multicast, etc.Comment: 18 pages, 10 postscript figure
Osteotomies in Orthognathic Surgery
Orthognathic surgery is mostly performed to correct developmental or acquired oral and maxillofacial skeletal deformities (OMSDs). During the past three decades, significant advances in surgical osteotomy techniques and instrumentation have been developed and carried out in orthognathic surgery. However, the basic surgical principles have more or less remained unchanged. At the same time, numerous surgical techniques have been developed and refined and used by surgeons in the field of oral and maxillofacial surgery. These techniques have treatment of the most complex dentofacial deformities with confidence. Additionally, it has been possible to predict the results of the treatment. Although the initial surgical techniques for correction of anterior mandibular open bite were reported as early as the late 1800s, widespread use of currently acceptable techniques began in the middle of the last century. Detailed surgical planning is essential for a successful outcome. The treatment involves an accurate treatment plan, correct type of instruments for a specific procedure, a thorough surgical routine, and adherence to the guidelines for each routine. Although similar orthognathic surgical techniques are used, there are multiple important differences related to each osteotomy. It is essential for the surgeon to understand these differences in order to provide an effective and safe surgical care for the patient with facial anomalies. Choosing an optimal method of osteotomy depends on many factors, including the indication for treatment, the goal of therapy, patient profile, underlying medical conditions, and the magnitude of surgical movement. The major objective of this chapter is to provide practical guidelines and principles of osteotomies and commonly used techniques. These guidelines are based on a review of the current literature and the author\u27s personal experience. The chapter focuses on the history of orthognathic surgery, anatomical considerations, indications for different osteotomies, and the surgical technique for each osteotomy. Techniques such as the Le Fort I, II, III osteotomies, segmental osteotomies of the maxilla, bilateral sagittal split osteotomy (BSSO), bilateral vertical osteotomy (BVO) genioplasty, segmental osteotomy of the mandible, and the chin wing osteotomy are described
METHODS FOR PROFILING MOLECULES WITH AN OBJECTIVE FUNCTION
Methods relating to profiling and/or identifying molecules in a sample, particularly chemical or biological molecules contained in an experimental sample using measured data about molecules actually present and known information about candidate molecules that may be present. Information tags can be assigned to candidates. This may be achieved with a high degree of accuracy and a low false positive rate by minimising the effect of one or more possible sources of error. An objective goal (assignment) may be optimised by linear programming or by mixed integer programmin
- …