PANDAcap: A framework for streamlining collection of full-system traces

Full-system, deterministic record and replay has proven to be an invaluable tool for reverse engineering and systems analysis. However, acquiring a full-system recording typically involves signifcant planning and manual effort. This represents a distraction from the actual goal of recording a trace, i.e. analyzing it. We present PANDAcap, a framework based on PANDA full-system record and replay tool. PANDAcap combines off-the-shelf and custom-built components in order to streamline the process of recording PANDA traces. More importantly, in addition to making the setup of one-off experiments easier, PANDAcap also caters to the streamlining of systematic repeatable experiments in order to create PANDA trace datasets. As a demonstration, we have used PANDAcap to deploy an ssh honeypot aiming to study the actions of brute-force ssh attacks

Αρχιτεκτονικές δικτύων προσωπικής περιοχής βασισμένων στην τεχνολογία Bluetooth

In the last years technology managed to miniaturize and oΜer in aΜordable prices complex electronic devices. The devices range from sophisticatedwatches, to mobile phones, to palm sized computers, to digital media players. We Νnd ourselves carrying and using an increasing number of such personal devices in our everyday life. While the number of personal devices we carry increases, they remain isolated from each other. The emergence of cheap, short-range, energy-efficient radio technologies enables the personal devices to overcome the isolation barrier, thus enabling distributed operation, sharing of resources and seamless interaction with other devices in their area. The network consisting of the personal devices of a user, over which they communicate, is called personal area network(PAN). The most prominent radio technology for the implementation of personal area networks is Bluetooth. Bluetooth networks are structured as small star-shaped, centrally controlled formations called piconets. It is widely acknowledged that for the realization of personal area networks using Bluetooth, we need to extend piconets to more complex constructs, called scatternets. In this work we outline the characteristics of personal area networks regarding formation, traΟc patterns and failure model. We then propose how these characteristics can be exploited to improve performance of a ring-shaped scatternet. We prove with experiments that our proposal is superior to a similar ring-shaped scatternet that ignores the features of personal area networks, doubling the aggregate throughput while the load increases. We also show that our proposal compares favourably to a piconet based formation.Τα τελευταία χρόνια η πρόοδος της τεχνολογίας έχει καταφέρει να σμικρύνει και να μας προσφέρει σε προσιτές τιμές σύνθετες ηλεκτρονικές συσκευές. Το είδος των συσκευών ποικίλει από εξελιγμένα ρολόγια χειρός, έως κινητά τηλέφωνα, υπολογιστές μεγέθους παλάμης και ψηφιακές συσκευές αναπαραγωγής ήχου και εικόνας. Ο αριθμός τέτοιων προσωπικών συσκευών που μεταφέρουμε και χρησιμοποιούμε καθημερινά έχει αυξηθεί σημαντικά. Παρά το γεγονός όμως πως ο αριθμός των συσκευών που μεταφέρουμε αυξάνει, οι συσκευές είναι πάντα σε απομόνωση η μια από την άλλη. Η εμφάνιση φθηνών ραδιοτεχνολογιών μικρής εμβέλειας και χαμηλής κατανάλωσης επιτρέπει στις συσκευές να σπάσουν την απομόνωσή τους, επιτρέποντας έτσι τη λειτουργία τους με κατανεμημένο τρόπο, το διαμοιρασμό των πόρων τους και την αλληλεπίδρασή τους με άλλες συσκευές στο εγγύς περιβάλλον όπου βρίσκονται. Το δίκτυο που αποτελείται από τις προσωπικές συσκευές ενός χρήστη και χρησιμοποιείται για τη μεταξύ τους επικοινωνία, ονομάζεται δίκτυο προσωπικής περιοχής (ΔΠΠ). Το Bluetooth φαίνεται να είναι η τεχνολογία που θα επικρατήσει και θα χρησιμοποιηθεί για την υλοποίηση δικτύων προσωπικής περιοχής. Τα δίκτυα Bluetooth είναι δομημένα σαν μικροί αστεροειδείς σχηματισμοί που ονομάζονται μικροδίκτυα (piconets). Είναι κοινή η αντίληψη πως τα μικροδίκτυα είναι ανεπαρκή για την υλοποίηση δικτύων προσωπικής περιοχής και για το λόγο αυτό μελετάται η επέκταση των μικροδικτύων σε πιο σύνθετους σχηματισμούς που ονομάζονται scatternets. Σε αυτή την εργασία σκιαγραφούμε τα χαρακτηριστικά των δικτύων προσωπικής περιοχής όσον αφορά το σχηματισμό τους, τη μορφή της επικοινωνίας σε αυτά και το μοντέλο βλαβών τους. Προτείνουμε έπειτα πως μπορούμε να εκμεταλλευτούμε τα χαρακτηριστικά αυτά, ώστε να βελτιώσουμε την απόδοση ενός σχηματισμού scatternet με μορφή δακτυλίου. Με πειράματα δείχνουμε πως η πρότασή μας υπερτερεί σε σχέση με ένα scatternet ίδιας μορφής που αγνοεί τα χαρακτηριστικά των δικτύων προσωπικής περιοχής, επιτυγχάνοντας διπλάσιο συνολικό ρυθμό μετάδοσης καθώς ο φόρτος αυξάνεται. Επίσης δείχνουμε πως η πρότασή μας συγκρίνεται επίσης ευνοϊκά και με ένα σχηματισμό μικροδικτύου

Heuristic algorithms for similar configuration retrieval in spatial databases

Abstract. The search for similar configurations is an important research topic for content-based image retrieval in G.I.S. and spatial databases. Due to the complexity of the problem, finding the fittest solution in a large database is computationally intractable. Our work is focused on designing, implementing and experimentally evaluating two heuristic algorithms, an evolutionary and a hill-climbing one, that provide an approximate solution. With the use of spatial indexes we manage to efficiently deal with considerably large queries. We utilize a similarity framework that addresses topological, directional and distance relations. In this framework the problem of retrieving similar configurations is defined as a binary constraint satisfaction problem. Our work complements the existing work on similarity retrieval with two efficient, stochastic, algorithms.

Decoupling Provenance Capture and Analysis from Execution

Abstract Capturing provenance usually involves the direct observation and instrumentation of the execution of a program or workflow. However, this approach restricts provenance analysis to pre-determined programs and methods. This may not pose a problem when one is interested in the provenance of a well-defined workflow, but may limit the analysis of unstructured processes such as interactive desktop computing. In this paper, we present a new approach to capturing provenance based on full execution record and replay. Our approach leverages full-system execution trace logging and replay, which allows the complete decoupling of analysis from the original execution. This enables the selective analysis of the execution using progressively heavier instrumentation

PROV₂R:Practical provenance analysis of unstructured processes

Information produced by Internet applications is inherently a result of processes that are executed locally. Think of a web server that makes use of a CGI script, or a content management system where a post was first edited using a word processor. Given the impact of these processes to the content published online, a consumer of that information may want to understand what those impacts were. For example, understanding from where text was copied and pasted to make a post, or if the CGI script was updated with the latest security patches, may all influence the confidence on the published content. Capturing and exposing this information provenance is thus important to ascertaining trust to online content. Furthermore, providers of internet applications may wish to have access to the same information for debugging or audit purposes. For processes following a rigid structure (such as databases or workflows), disclosed provenance systems have been developed that efficiently and accurately capture the provenance of the produced data. However, accurately capturing provenance from unstructured processes, for example, user-interactive computing used to produce web content, remains a problem to be tackled. In this article,we address the problem of capturing and exposing provenance from unstructured processes. Our approach, called PROV2R (PROVenance Record and Replay) is composed of two parts: (a) the decoupling of provenance analysis from its capture; and (b) the capture of high-fidelity provenance from unmodified programs. We use techniques originating in the security and reverse engineering communities, namely, record and replay and taint tracking. Taint tracking fundamentally addresses the data provenance problem but is impractical to apply at runtime due to extremely high overhead. With a number of case studies, we demonstrate that PROV2R enables the use of taint analysis for high-fidelity provenance capture, while keeping the runtime overhead at manageable levels. In addition, we show how captured information can be represented using the W3C PROV provenance model for exposure on the Web