The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Error Weighted Hashing (EWH) is a fast algorithm for Approximate k-Nearest neighbour search in Hamming space. It is more efficient than traditional LocalitySensitive Hashing algorithm (LSH) since it generates shorterlist of strings for finding the exact distance from the query. Wehave parallelized the EWH algorithm using Cuda and OpenMP.Speedup of 44 times on a 16 core GPU and 16 core CPUmachine was...
Traditional PC based operating systems load most of its components during the boot process along with the kernel. This mechanism though effective for a broader objective, is seldom utilized fully by a majority of users as they usually perform a specific job which does not require every component of OS. It has been observed that operating systems which are designed keeping in mind the nature of job,...
Vulnerabilities are one of the main concerns faced by practitioners when working with security critical applications. Unfortunately, developers and security teams, even experienced ones, fail to identify many of them with severe consequences. Vulnerabilities are hard to discover since they appear in various forms, caused by many different issues and their identification requires an attacker's mindset...
Docker which is a lightweight containerization tool has enabled DevOps to build and run applications in distributed environment effectively. Docker has generated a significant momentum by bringing together a standardized containing method which is easy to use by enabling the users to use Linux containers to its full capacity. Docker currently supports the Linux hardening capabilities and Linux Security...
The goal of path-sensitive analysis (PSA) is to achieve accuracy by accounting precisely for the execution behavior along each path of a control flow graph (CFG). A practical adoption of PSA is hampered by two roadblocks: (a) the exponential growth of the number of CFG paths, and (b) the exponential complexity of a path feasibility check. We introduce projected control graph (PCG) as an optimal mathematical...
Control-flow integrity (CFI) is a general defense against codereuse exploits that currently constitute a severe threat against diverse computing platforms. Existing CFI solutions (both in software and hardware) suffer from shortcomings such as (i) inefficiency, (ii) security weaknesses, or (iii) are not scalable. In this paper, we present a generic hardware-enhanced CFI scheme that tackles these problems...
This paper analyzed the former works relevant to Virtual Machine Introspection (VMI) and found that most of the VMI applications are deployed either in the hypervisor or in privileged virtual machines (dom0). As VMI applications may also be vulnerable, it will increase the risk of hypervisor or dom0 being attacked where other critical tools such as management tools and performance monitoring tools...
Echo hiding methods have good perceptual quality and they are robust to intentional and unintentional modifications. Unfortunately these methods are not quite transparent and are not suitable for steganography applications. Specifically, this point became more obvious after a recent steganalysis investigation where both parameters and the hidden message were extracted accurately. This work tries to...
Testing is one of the major problems in Linux kernel development cycle. Security analysis and ensuring no new vulnerabilities has been introduced is one of the toughest issues of testing. Kernel developers attempt to find as many security issues as possible before merging with the mainline branch. Failure to detect vulnerabilities will result in vulnerable kernel shipped by distribution and vulnerable...
Data-intensive research computing requires the capability to transfer files over long distances at high throughput. Stateful firewalls introduce sufficient packet loss to prevent researchers from fully exploiting high bandwidth-delay network links. To work around this challenge, the Science DMZ design trades off stateful packet filtering capability for loss-free forwarding via an ordinary Ethernet...
There is a clear, outstanding need for new security mechanisms that allow data to be managed and controlled within the cloud-enabled Internet of Things. Towards this, we propose an approach based on Information Flow Control (IFC) that allows: (1) the continuous, end-to-end enforcement of data flow policy, and (2) the generation of provenance-like audit logs to demonstrate policy adherence and contractual/regulatory...
The rapid development of the embedded systems and the wide use of them in many sensitive fields require safeguarding their communications. Internet Protocol Security (IPsec) is widely used to solve network security problems by providing confidentiality and integrity for the communications in the network, but it introduces communication overhead. This overhead becomes a critical factor with embedded...
The pervasive use of embedded computing systems in modern societies altogether with the industry trend towards consolidating workloads, openness and interconnectedness, have raised security, safety, and real-time concerns. Virtualization has been used as an enabler for safety and security, but research works have proven that it must be extended and improved with hardware-based security foundations...
Cyber-physical systems (CPSs), due to their direct influence on the physical world, have to meet extended security and dependability requirements. This is particularly true for CPS that operate in close proximity to humans or that control resources that, when tampered with, put all our lives at stake. In this paper, we review the challenges and some early solutions that arise at the architectural...
Monitoring of the high-performance computing systems and their components, such as clusters, grids and federations of clusters, is performed using monitoring systems for servers and networks, or Network Monitoring Systems (NMS). These monitoring tools assist system administrators in assessing and improving the health of their infrastructure.
Trustworthy isolation is required to consolidate safety and security critical software systems on a single hardware platform. Recent advances in formally verifying correctness and isolation properties of a microkernel should enable mutually distrusting software to co-exist on the same platform with a high level of assurance of correct operation. However, commodity hardware is susceptible to transient...
Honeypot is a recent technology in the area of computer network security. Production systems that are connected to the Internet are the main target for various cyber attacks. This paper presents a deployment of honeypot system in campus network. The system implements high-interaction honeypot with Secure Shell installed to study common SSH attacks in Linux environment. This system records usernames...
In the past few years, the primary focus of computing has shifted from PCs to smart-phones and tablets. As a result, smart-phones have become more than a communication device, now it can store vast amount of user's sensitive data. Further, its popularity also opens a new era of application development; because of which Google's Play Store now contains millions of free Android applications. To use...
A Support Vector Machine (SVM) based approach for microgrid islanding decision and control is investigated. The IEEE 13-feeder system is modified and serves as the microgrid model connected to Kundur four-machine two-area system that models the main transmission grid. A representative data set is obtained through simulations in MATLAB/Simulink considering multiple typical scenarios with or without...
This paper contains an enhancement solution to an existing system called: Integrity Checking and Recovery (ICAR) system. ICAR provides a means to check for file integrity and also a feature to restore the file if a breach has been detected. The fact that it uses write protected storage makes it efficient against attacks. The performance degradation issue faced in ICAR system has been reduced here,...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.