1,987 research outputs found
Generic design of Chinese remaindering schemes
We propose a generic design for Chinese remainder algorithms. A Chinese
remainder computation consists in reconstructing an integer value from its
residues modulo non coprime integers. We also propose an efficient linear data
structure, a radix ladder, for the intermediate storage and computations. Our
design is structured into three main modules: a black box residue computation
in charge of computing each residue; a Chinese remaindering controller in
charge of launching the computation and of the termination decision; an integer
builder in charge of the reconstruction computation. We then show that this
design enables many different forms of Chinese remaindering (e.g.
deterministic, early terminated, distributed, etc.), easy comparisons between
these forms and e.g. user-transparent parallelism at different parallel grains
Adaptive Triangular System Solving
Large-scale applications and software systems are
getting increasingly complex. To deal with this complexity, those
systems must manage themselves in accordance with high-level guidance
from humans. Adaptive and hybrid algorithms enable this
self-management of resources and structured inputs.
In this talk, we first propose a classification of the different
notions of adaptivity. For us, an algorithm is adaptive (or a
poly-algorithm) when there is a choice at a high level between at
least two distinct algorithms, each of which could solve the same
problem. The choice is strategic, not tactical. It is motivated by
an increase of the performance of the execution, depending on both
input/output data and computing resources.
Then we propose a new adaptive algorithm for the exact simultaneous
resolution of several triangular systems over finite fields. The
resolution of such systems is e.g. one of the two main operations in block
Gaussian elimination. For solving triangular systems over finite
fields, the block algorithm reduces to matrix multiplication and
achieves the best known algebraic complexity. Exact matrix
multiplication, together with matrix factorizations, over finite
fields can now be performed at the speed of the highly optimized
numerical BLAS routines. This has been established by the FFLAS and
FFPACK libraries. In this talk we propose several practicable variants
solving these systems: a pure recursive version, a reduction to the
numerical dtrsm routine and a delaying of the modulus operation. Then
a cascading scheme is proposed to merge these variants into an
adaptive sequential algorithm.
We then propose a parallelization of this resolution. The adaptive
sequential algorithm is not the best parallel algorithm since its
recursion induces a dependancy. A better parallel algorithm would be
to first invert the matrix and then to multiply this inverse by the
right hand side. Unfortunately the latter requires more total
operations than the adaptive algorithm. We thus propose a coupling of
the sequential algorithm and of the parallel one in order to get the
best performances on any number of processors. The resulting cascading
is then an adaptation to resources.
This shows that the same process has been used both for adaptation to
data and to resources. We thus propose a generic framework for the
automatic adaptation of algorithms using recursive cascading
Algorithm-Based Secure and Fault Tolerant Outsourcing of Matrix Computations
page number : 7 , Extended abstractWe study interactive algorithmic schemes for outsourcing matrix computations on untrusted global computing infrastructures such as clouds or volunteer peer-to-peer platforms. In these schemes the client outsources part of the computation with guaranties on both the inputs' secrecy and output's integrity. For the sake of efficiency, thanks to interaction, the number of operations performed by the client is almost linear in the input/output size, while the number of outsourced operations is of the order of matrix multiplication. Our scheme is based on efficient linear codes (especially evaluation/interpolation version of Reed-Solomon codes). Confidentiality is ensured by encoding the inputs using a secret generator matrix, while fault tolerance is ensured together by using fast probabilistic verification and high correction capability of the code. The scheme can tolerate multiple malicious errors and hence provides an efficient solution beyond resilience against soft errors. These schemes also allow to securely compute multiplication of a secret matrix with a known public matrix. Under reasonable hypotheses, we further prove the non-existence of such unconditionally secure schemes for general matrices
Too Big or Too Small? The PTB-PTS ICMP-based Attack against IPsec Gateways
International audienceThis work introduces the "Packet Too Big"-"Packet Too Small" ICMP based attack against IPsec gateways. We explain how an attacker having eavesdropping and packet injection capabilities, from the insecure network where he only sees encrypted packets, can force a gateway to reduce the Path MTU of an IPsec tunnel to the minimum, which triggers severe issues for the hosts behind this gateway: depending on the Path MTU discovery algorithm in use, the attack either creates a Denial of Service or major performance penalties. This attack highlights two fundamental problems that we discuss, along with potential counter-measures to mitigate the attack while keeping ICMP benefits
ICMP: an Attack Vector against IPsec Gateways
In this work we show that the Internet Control Message Protocol (ICMP) can be used as an attack vector against IPsec gateways. The main contribution of this work is to demonstrate that an attacker having eavesdropping and traffic injection capabilities in the black untrusted network (he only sees ciphered packets), can force a gateway to reduce the Path MTU of an IPsec tunnel to a minimum, which in turn creates serious issues for devices on the trusted network behind this gateway: depending on the Path MTU discovery algorithm, it either prevents any new TCP connection (Denial of Service), or it creates major performance penalties (more than 6 seconds of delay in TCP connection establishment and ridiculously small TCP segment sizes). After detailing the attack and the behavior of the various nodes, we discuss some counter measures, with the goal to find a balance between ICMP benefits and the associated risks
La mélancolie des pauvres
La mélancolie à la fin du Moyen Âge et à la Renaissance n’a pas été seulement le spleen des princes et des poètes. Elle a été aussi une grave maladie, qui menait parfois au suicide. Or les pauvres ont leur mélancolie. La littérature à destination populaire permet d’approcher cette mélancolie des pauvres, d’en démonter le mécanisme et d’en éclairer l’originalité face aux autres mélancolies.At the end of the Middle Ages and the Renaissance, melancholy has not only been the spleen of the princes and the poets. It has been a severe disease, that has led sometimes to suicide. The poor people themselves have their own melancholy. Popular litterature and theater in particular help us understand this melancholy of the poor better, take apart its mechanism and see its originality compared to others melancholies
ICMP: an Attack Vector against IPsec Gateways
In this work we show that the Internet Control Message Protocol (ICMP) can be used as an attack vector against IPsec gateways. The main contribution of this work is to demonstrate that an attacker having eavesdropping and traffic injection capabilities in the black untrusted network (he only sees ciphered packets), can force a gateway to reduce the Path MTU of an IPsec tunnel to a minimum, which in turn creates serious issues for devices on the trusted network behind this gateway: depending on the Path MTU discovery algorithm, it either prevents any new TCP connection (Denial of Service), or it creates major performance penalties (more than 6 seconds of delay in TCP connection establishment and ridiculously small TCP segment sizes). After detailing the attack and the behavior of the various nodes, we discuss some counter measures, with the goal to find a balance between ICMP benefits and the associated risks
Filtrage et vérification de flux métiers dans les systèmes industriels
National audienceDe plus en plus d'attaques informatiques contre les systèmes indus-triels sont présentées par les médias. Ces systèmes tendent à devenir géo-graphiquement distribués et à communiquer via des réseaux vulnérables tels qu'Internet. Régissant de nos jours des domaines tels que la production et la distribution d'énergie, l'assainissement des eaux ou le nucléaire, la sécurité des systèmes industriels devient une priorité pour les gouver-nements. L'une des difficultés de la sécurisation des infrastructures in-dustrielles est la conciliation des propriétés de sécurité avec les attendus métiers en terme de flux. Pour ce faire, nous regardons comment filtrer les messages en tenant compte des aspects métiers. Ensuite, nous nous intéressons à la vérification formelle des propriétés des protocoles de communication industriels. Enfin nous proposons une approche Model-Based Testing permettant de générer des attaques informatiques contre des sys-tèmes industriels
Génération systématique de scénarios d'attaques contre des systèmes industriels
National audienceLes systèmes industriels (SCADA) sont la cible d'attaques informatiques depuis Stuxnet [4] en 2010. De part leur interaction avec le mode physique, leur protection est devenue une priorité pour les agences gouvernementales. Dans cet article, nous proposons une approche de modélisation d'attaquants dans un système industriel incluant la production automatique de scénarios d'attaques. Cette approche se focalise sur les capacités de l'attaquant et ses objectifs en fonc-tion des protocoles de communication auxquels il fait face. La description de l'approche est illustrée à l'aide d'un exemple
- …