Regions Security Policy (RSP) : applying regions to network security / RSP : applying regions to network security

Baratz, Joshua W. (Joshua William), 1981-

January 2004

Thesis (M. Eng. and S.B.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2004. / Includes bibliographical references (p. 51-54). / The Regions network architecture is a new look at network organization that groups nodes into regions based on common purposes. This shift from strict network topology groupings of nodes requires a change in security systems. This thesis designs and implements the Regions Security Policy (RSP). RSP allows a unified security policy to be set across a region, fully controlling data as it enters into, exits from, and transits within a region. In doing so, it brings together several existing security solutions so as to provide security comparable to existing systems that is more likely to function correctly. / by Joshua W. Baratz. / M.Eng.and S.B.

Computer networks Security measures

Computer security

Information retrieval and query routing in peer-to-peer networks. / Information retrieval & query routing in peer-to-peer networks

January 2005

Wong Wan Yeung. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2005. / Includes bibliographical references (leaves 118-122). / Abstracts in English and Chinese. / Chapter 1. --- Introduction --- p.1 / Chapter 1.1 --- Problem Definition --- p.1 / Chapter 1.2 --- Major Contributions --- p.5 / Chapter 1.2.1 --- S2S Searching --- p.6 / Chapter 1.2.2 --- GAroute --- p.8 / Chapter 1.3 --- Thesis Chapter Organization --- p.10 / Chapter 2. --- Related Work --- p.11 / Chapter 2.1 --- P2P Networks --- p.11 / Chapter 2.2 --- Query Routing Strategies --- p.20 / Chapter 2.3 --- P2P Network Security --- p.22 / Chapter 3. --- S2S Searching --- p.24 / Chapter 3.1 --- System Architecture --- p.24 / Chapter 3.1.1 --- Administration Module --- p.24 / Chapter 3.1.2 --- Search Module --- p.27 / Chapter 3.2 --- Indexing and Matching --- p.32 / Chapter 3.2.1 --- Background of Indexing and Matching --- p.32 / Chapter 3.2.2 --- Indexing Algorithm --- p.33 / Chapter 3.2.3 --- Matching Algorithm --- p.34 / Chapter 3.3 --- Query Routing --- p.36 / Chapter 3.3.1 --- Background of Query Routing --- p.36 / Chapter 3.3.2 --- Distributed Registrars and Content Summary --- p.38 / Chapter 3.3.3 --- Query Routing Algorithm --- p.41 / Chapter 3.3.4 --- Registrar Maintenance --- p.44 / Chapter 3.4 --- Communication Protocol --- p.45 / Chapter 3.4.1 --- Starting CGI --- p.46 / Chapter 3.4.2 --- Searching CGI --- p.47 / Chapter 3.4.3 --- Pinging CGI --- p.48 / Chapter 3.4.4 --- Joining CGI --- p.48 / Chapter 3.4.5 --- Leaving CGI --- p.48 / Chapter 3.4.6 --- Updating CGI --- p.49 / Chapter 3.5 --- Experiments and Discussions --- p.49 / Chapter 3.5.1 --- Performance of Indexing --- p.50 / Chapter 3.5.2 --- Performance of Matching --- p.52 / Chapter 3.5.3 --- Performance of S2S Searching --- p.54 / Chapter 3.5.4 --- Quality of Content Summary --- p.57 / Chapter 4. --- GAroute --- p.59 / Chapter 4.1 --- Proposed Hybrid P2P Network Model --- p.59 / Chapter 4.1.1 --- Background of Hybrid P2P Networks --- p.60 / Chapter 4.1.2 --- Roles of Zone Managers --- p.62 / Chapter 4.2 --- Proposed GAroute --- p.65 / Chapter 4.2.1 --- Genetic Representation --- p.69 / Chapter 4.2.2 --- Population Initialization --- p.70 / Chapter 4.2.3 --- Mutation --- p.72 / Chapter 4.2.4 --- Crossover --- p.74 / Chapter 4.2.5 --- Fission --- p.77 / Chapter 4.2.6 --- Creation --- p.80 / Chapter 4.2.7 --- Selection --- p.81 / Chapter 4.2.8 --- Stopping Criteria --- p.83 / Chapter 4.2.9 --- Optimization --- p.86 / Chapter 4.3 --- Experiments and Discussions --- p.89 / Chapter 4.3.1 --- Property of Different Topologies --- p.91 / Chapter 4.3.2 --- Scalability and Quality in Different Topologies --- p.92 / Chapter 4.3.3 --- Scalability and Quality in Different Quantities --- p.96 / Chapter 4.3.4 --- Verification of Lower Bandwidth Consumption --- p.101 / Chapter 4.3.5 --- Verification of Better Parallel Search --- p.105 / Chapter 5. --- Discussion --- p.110 / Chapter 6. --- Conclusion --- p.114 / Chapter 7. --- Bibliography --- p.118 / Chapter 8. --- Appendix --- p.123 / Chapter 8.1 --- S2S Search Engine --- p.123 / Chapter 8.1.1 --- Site Owner Perspective --- p.123 / Chapter 8.1.2 --- Search Engine User Perspective --- p.128 / Chapter 8.2 --- GAroute Library --- p.129

Information retrieval

IP traceback marking scheme based DDoS defense.

January 2005

Ping Yan. / Thesis submitted in: December 2004. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2005. / Includes bibliographical references (leaves 93-100). / Abstracts in English and Chinese. / Abstract --- p.i / Acknowledgement --- p.iii / Chapter 1 --- INTRODUCTION --- p.1 / Chapter 1.1 --- The Problem --- p.1 / Chapter 1.2 --- Research Motivations and Objectives --- p.3 / Chapter 1.3 --- The Rationale --- p.8 / Chapter 1.4 --- Thesis Organization --- p.9 / Chapter 2 --- BACKGROUND STUDY --- p.10 / Chapter 2.1 --- Distributed Denial of Service Attacks --- p.10 / Chapter 2.1.1 --- Taxonomy of DoS and DDoS Attacks --- p.13 / Chapter 2.2 --- IP Traceback --- p.17 / Chapter 2.2.1 --- Assumptions --- p.18 / Chapter 2.2.2 --- Problem Model and Performance Metrics --- p.20 / Chapter 2.3 --- IP Traceback Proposals --- p.24 / Chapter 2.3.1 --- Probabilistic Packet Marking (PPM) --- p.24 / Chapter 2.3.2 --- ICMP Traceback Messaging --- p.26 / Chapter 2.3.3 --- Logging --- p.27 / Chapter 2.3.4 --- Tracing Hop-by-hop --- p.29 / Chapter 2.3.5 --- Controlled Flooding --- p.30 / Chapter 2.4 --- DDoS Attack Countermeasures --- p.30 / Chapter 2.4.1 --- Ingress/Egress Filtering --- p.33 / Chapter 2.4.2 --- Route-based Distributed Packet Filtering (DPF) --- p.34 / Chapter 2.4.3 --- IP Traceback Based Intelligent Packet Filtering --- p.35 / Chapter 2.4.4 --- Source-end DDoS Attack Recognition and Defense --- p.36 / Chapter 2.4.5 --- Classification of DDoS Defense Methods --- p.38 / Chapter 3 --- ADAPTIVE PACKET MARKING SCHEME --- p.41 / Chapter 3.1 --- Scheme Overview --- p.41 / Chapter 3.2 --- Adaptive Packet Marking Scheme --- p.44 / Chapter 3.2.1 --- Design Motivation --- p.44 / Chapter 3.2.2 --- Marking Algorithm Basics --- p.46 / Chapter 3.2.3 --- Domain id Marking --- p.49 / Chapter 3.2.4 --- Router id Marking --- p.51 / Chapter 3.2.5 --- Attack Graph Reconstruction --- p.53 / Chapter 3.2.6 --- IP Header Overloading --- p.56 / Chapter 3.3 --- Experiments on the Packet Marking Scheme --- p.59 / Chapter 3.3.1 --- Simulation Set-up --- p.59 / Chapter 3.3.2 --- Experimental Results and Analysis --- p.61 / Chapter 4 --- DDoS DEFENSE SCHEMES --- p.67 / Chapter 4.1 --- Scheme I: Packet Filtering at Victim-end --- p.68 / Chapter 4.1.1 --- Packet Marking Scheme Modification --- p.68 / Chapter 4.1.2 --- Packet Filtering Algorithm --- p.69 / Chapter 4.1.3 --- Determining the Filtering Probabilities --- p.70 / Chapter 4.1.4 --- Suppressing Packets Filtering with did Markings from Nearby Routers --- p.73 / Chapter 4.2 --- Scheme II: Rate Limiting at the Sources --- p.73 / Chapter 4.2.1 --- Algorithm of the Rate-limiting Scheme --- p.74 / Chapter 4.3 --- Performance Measurements for Scheme I & Scheme II . --- p.77 / Chapter 5 --- CONCLUSION --- p.87 / Chapter 5.1 --- Contributions --- p.87 / Chapter 5.2 --- Discussion and Future Work --- p.91 / Bibliography --- p.100

Computer networks--Security measures

Internet--Security measures

Computer security

Routing in ad hoc networks.

January 2005

Yeung Man Chun. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2005. / Includes bibliographical references (leaves 84-86). / Abstracts in English and Chinese. / Chapter Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- Graph Theory --- p.5 / Chapter 1.2 --- Classical Routing Algorithms --- p.10 / Chapter 1.2.1 --- Proactive Routing Algorithms --- p.11 / Chapter 1.2.2 --- Reactive Routing Algorithms --- p.13 / Chapter 1.3 --- Wireless Ad Hoc Routing Algorithms --- p.15 / Chapter 1.5 --- Organization of the Thesis --- p.17 / Chapter Chapter 2 --- General Routing Algorithm --- p.18 / Chapter 2.1 --- Pre-routing Cost and On-routing Cost --- p.18 / Chapter 2.2 --- Rewritten Bellman-Ford Algorithm --- p.20 / Chapter 2.3 --- A Hybrid Algorithm --- p.22 / Chapter 2.4 --- Routable Condition --- p.33 / Chapter 2.5 --- A Better Algorithm? --- p.43 / Chapter Chapter 3 --- Clique Routing Algorithm --- p.45 / Chapter 3.1 --- Clique Process --- p.45 / Chapter 3.2 --- Property --- p.49 / Chapter 3.3 --- Decentralized Construction of the Clique Process --- p.55 / Chapter 3.4 --- Construction of a Clique Process Based GRA --- p.61 / Chapter 3.5 --- Other Alternatives --- p.68 / Chapter Chapter 4 --- Simulations and Results --- p.70 / Chapter 4.1 --- Models and Assumptions --- p.70 / Chapter 4.2 --- Results --- p.72 / Chapter 4.2.1 --- Pre-routing Cost --- p.73 / Chapter 4.2.2 --- On-routing Cost --- p.76 / Chapter 4.2.3 --- Reliability --- p.77 / Chapter Chpater 5 --- Conclusions --- p.80 / References --- p.84

Routing (Computer network management)

Computer networks

Wireless communication systems

Machine learning algorithms for the analysis and detection of network attacks

Unknown Date

The Internet and computer networks have become an important part of our organizations and everyday life. With the increase in our dependence on computers and communication networks, malicious activities have become increasingly prevalent. Network attacks are an important problem in today’s communication environments. The network traffic must be monitored and analyzed to detect malicious activities and attacks to ensure reliable functionality of the networks and security of users’ information. Recently, machine learning techniques have been applied toward the detection of network attacks. Machine learning models are able to extract similarities and patterns in the network traffic. Unlike signature based methods, there is no need for manual analyses to extract attack patterns. Applying machine learning algorithms can automatically build predictive models for the detection of network attacks. This dissertation reports an empirical analysis of the usage of machine learning methods for the detection of network attacks. For this purpose, we study the detection of three common attacks in computer networks: SSH brute force, Man In The Middle (MITM) and application layer Distributed Denial of Service (DDoS) attacks. Using outdated and non-representative benchmark data, such as the DARPA dataset, in the intrusion detection domain, has caused a practical gap between building detection models and their actual deployment in a real computer network. To alleviate this limitation, we collect representative network data from a real production network for each attack type. Our analysis of each attack includes a detailed study of the usage of machine learning methods for its detection. This includes the motivation behind the proposed machine learning based detection approach, the data collection process, feature engineering, building predictive models and evaluating their performance. We also investigate the application of feature selection in building detection models for network attacks. Overall, this dissertation presents a thorough analysis on how machine learning techniques can be used to detect network attacks. We not only study a broad range of network attacks, but also study the application of different machine learning methods including classification, anomaly detection and feature selection for their detection at the host level and the network level. / Includes bibliography. / Dissertation (Ph.D.)--Florida Atlantic University, 2017. / FAU Electronic Theses and Dissertations Collection

Machine learning.

Computer security.

Data protection.

Computer networks--Security measures.

Celerity: a low-delay multi-party conferencing solution.

January 2012

In this thesis, we attempt to revisit the problem of multi-party conferencing from a practical perspective, and tore think the design space involved in this problem. We believe that an emphasis on low end-to-end delays between any two parties in the conference is a must, and the source sending rate in a session should adapt to bandwidth availability and congestion. We present Celerity, a multi-party conferencing solution specifically designed to achieve our objectives. It is entirely Peer-to-Peer(P2P), and as such eliminating the cost of maintaining centrally administered servers. It is designed to deliver video with low end-to-end delays, at quality levels commensurate with available network resources over arbitrary network topologies where bottlenecks can be anywhere in the network. This is in contrast to commonly assumed P2P scenarios where bandwidth bottlenecks reside only at the edge of the network. The highlight in our design is a distributed and adaptive rate control protocol, that can discover and adapt to arbitrary topologies and network conditions quickly, converging to efficient link rate allocations allowed by the underlying network. In accordance with adaptive link rate control, source video encoding rates are also dynamically controlled to op-timize video quality in arbitrary and unpredictable network conditions. Celerity runs on the application layer and uses UDP to deliver the data. With the distributed rate control protocol, Celerity can deliver video at quality levels without the acknowledge of the underlying network topology, bandwidth, and the routing. We have implemented Celerity in a prototype system, and demonstrateits su¬perior performance over existing solutions in a local experimental test bed and over the Internet. In addition, using Celerity we have developed a multi-party conferencing system which provides real-time video and audio communication and allows users to dynamically join and leave, it achieves better user experience(low delay and high throughput) than existing products. / Chen, Xiangwen. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2012. / Includes bibliographical references (leaves 66-68). / Abstract --- p.i / Acknowledgement --- p.iii / Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- Motivation --- p.1 / Chapter 1.2 --- Contribution --- p.2 / Chapter 1.3 --- Thesis Organization --- p.4 / Chapter 2 --- Related Work --- p.5 / Chapter 3 --- Problem Formulation and Celerity Overview --- p.7 / Chapter 3.1 --- Settings --- p.7 / Chapter 3.2 --- Problem Formulation --- p.9 / Chapter 3.3 --- Celerity Overview --- p.10 / Chapter 4 --- Packing Delay-bounded Trees --- p.13 / Chapter 5 --- Overlay Link Rate Control --- p.18 / Chapter 5.1 --- Considering Both Delay and Loss --- p.18 / Chapter 5.2 --- A Loss-Delay Based Primal-Subgradient-Dual Algorithm --- p.20 / Chapter 5.3 --- Computing Subgradients of R{U+2098}(c{U+2098}, D) --- p.23 / Chapter 6 --- PRACTICAL IMPLEMENTATION --- p.26 / Chapter 6.1 --- Peer Functionality --- p.26 / Chapter 6.2 --- Critical Cut Calculation --- p.29 / Chapter 6.3 --- Utility Function --- p.29 / Chapter 6.4 --- Opportunistic Local Loss Recovery --- p.29 / Chapter 6.5 --- Fast Bootstrapping --- p.30 / Chapter 6.6 --- Operation Overhead --- p.30 / Chapter 6.7 --- Peer Computation Overhead --- p.31 / Chapter 6.8 --- System Implementation --- p.32 / Chapter 7 --- Experiments --- p.34 / Chapter 7.1 --- LAN Testbed Experiments --- p.34 / Chapter 7.1.1 --- Absence of Network Dynamics --- p.36 / Chapter 7.1.2 --- Cross Traffic --- p.39 / Chapter 7.1.3 --- Link Failure --- p.40 / Chapter 7.2 --- Peer Dynamics Experiments --- p.41 / Chapter 7.3 --- Internet Experiments --- p.42 / Chapter 8 --- Concluding Remarks --- p.46 / Chapter A --- Packing Delay-bounded Trees in the Presence of Helpers --- p.47 / Chapter B --- Proof of Theorem 1 and Theorem 3 --- p.50 / Chapter C --- Proof of Corollary 1 and Corollary 2 --- p.56 / Chapter D --- Proof of Proposition 1 --- p.58 / Chapter E --- Proof of Theorem 2 --- p.60 / Bibliography --- p.66

Internet videoconferencing

Network capacity improvement by multicast in elastic optical networks and physical-layer network coding in TDM-PON.

January 2012

如今，隨著信息爆炸，骨幹網絡和城域網絡的容量需求已成倍增加。因此，如何提高網絡容量正成為學術界和工業界的熱門話題。可變帶寬光網絡技術通過為不同速率的數據傳輸分配剛剛足夠的帶寬來提高網絡容量，而物理層網絡編碼技術（PNC）在沒有復雜的硬件要求下可以增加網絡容量。在這篇論文中，我們首先提出將組播應用於可變帶寬光網絡來提高網絡容量。我們進一步提出將物理層網絡編碼技術應用於時分複用光接入網絡（TDM-PON），從而來提高全光虛擬專用通信（VPN）的網絡容量。 / 可變帶寬光網絡中組播的分析 / 可變帶寬光網絡相比傳統的波分複用光網絡（WDM）可以提高骨幹網絡的頻譜利用率，因為它可以靈活地分配剛剛足夠的帶寬。另一方面，光網絡層上的組播是一種高效的支持點對多點的通信技術。在未來的許多寬帶服務中，點對多點應用服務是必不可少的，通過光組播技術可以節省頻譜帶寬和接發器的數目。為了進一步提高網絡容量，我們建議在可變帶寬光網絡中進行組播。雖然關於可變帶寬光網絡的研究已經有很多了，但據我們所知，關於可變帶寬光網絡的組播尚未被研究。我們通過兩種有效算法來解決可變帶寬光網絡組播的路由和頻譜分配問題。採用相同的路由和波長/頻譜分配算法，我們研究了有靈活帶寬分配產生的好處，通過比較可變帶寬光網絡和傳統波分複用網絡的組播。我們也探討了由非均勻帶寬分配造成的頻譜間隙對提高網絡容量的影響。 / 時分複用光接入網中(TDM-PON)的物理層網絡編碼技術（PNC） / 網絡編碼是一種很有前途的技術，可以提高網絡的容量和健全性。雖然最近有關於在時分複用光接入網中進行網絡編碼的研究，應用於同一個光接入網絡中的光網絡單元（ONU）之間的通信，但在這些研究中的最大的網絡容量提高只有33。此外，在光網路終端（OLT）和光網絡單元中還需要大量的緩衝來存儲VPN數據。在時分複用光接入網中，全光VPN網絡可以重新將VPN數據傳送到相應的ONU，實現ONU之間的直接通信，不需要在OLT進行光-電-光的轉換。在這裡，據我們所知，我們第一次用實驗驗證了一種新方案，將物理層網絡編碼技術應用於TDM-PON，使得全光VPN通信的網絡容量增加了一倍。我們也提出了在光接入網中的遠程節點處使用光環路器，以此減少VPN通信的插入損耗。當兩個ONU之間需要進行雙向通信，可以通過利用PNC來實現全雙工傳輸，相比傳統半雙工的全光VPN方案，網絡容量可以提高100。實驗結果表明，可以實現無差錯全雙工VPN通信，相比半雙工通信功率補償不超過3分貝，而且這方案中ONU間的同步是不需要的。 / Nowadays, with the information explosion, the capacity demand has been exponentially increasing in backbone networks and metro networks. Therefore, it is becoming a hot topic for both academic and industry to improve the network capacity. Elastic technologies are promising to scale up the network capacity due to just-enough bandwidth allocation for different data-rate traffic request, while physical-layer network coding (PNC) can increase the throughput without complex requirement on hardware. In this thesis, we first propose a novel scheme to improve the network capacity by implementing multicast in elastic optical networks. We further present the capacity improvement by integrating PNC in time-division multiplexing passive optical network (TDM-PON) for all-optical virtual private network (VPN) communications. / Analysis of multicast in elastic optical networks / Elastic optical networks can increase the spectrum utilization of backbone networks compared to the traditional wavelength-division multiplexing (WDM) networks due to flexible and just-enough bandwidth allocation. On the other hand, multicast over the optical layer is a bandwidth-efficient communication technique which supports point-to-multipoint applications. As many broadband services in the future can be from one source to several destinations, it is essential to enable optical multicast to save bandwidth as well as transceivers. To further improve the network throughput, we propose to implement multicast in spectrum elastic optical networks. Although many investigations on elastic optical networks have been carried out, to the best of our knowledge, the performance of multicast in elastic optical networks have not yet been studied. We develop two efficient multicast heuristics to solve the multicast routing and spectrum allocation (MC-RSA) problem in elastic optical networks. By adopting the same routing and wavelength/spectrum allocation algorithms, the benefits of elastic optical networks resulting from flexible bandwidth allocation are studied for multicast compared to the traditional WDM networks. We also investigate the impact of spectral gap caused by non-uniform bandwidth allocation on the improvement of network throughput. / Physical-layer network coding (PNC) in TDM-PON / Network coding is a promising technique to improve the network throughput and robustness. Although network coding in TDM-PON has been recently investigated for exchanging information among optical network units (ONUs) in the same PON, the maximum capacity improvement of inter-ONU communications in these schemes is only 33%. In addition, large electrical buffer is required to store the VPN traffic at both optical line terminal (OLT) and ONUs. All-optical VPN in TDM-PON can optically reroute VPN traffic to the destined ONU without optical-electrical-optical conversion at OLT, which enables direct communications among ONUs. Here, to the best of our knowledge, for the first time, we experimentally demonstrate a novel PNC scheme integrated in TDM-PON for all-optical VPN communications to double the network throughput. A unique remote node that uses optical circulators to reduce the insertion loss of VPN communications is also proposed. By transmitting two inter-ONU traffic streams of opposite direction simultaneously using PNC (full-duplex), it can improve the network throughput by 100% compared to the traditional all-optical VPN schemes (half-duplex). Experiments show that error-free full-duplex VPN communications are achieved, and the power penalty is no more than 3 dB. Synchronization of ONUs is not required for the proposed scheme. / Detailed summary in vernacular field only. / Detailed summary in vernacular field only. / Detailed summary in vernacular field only. / Detailed summary in vernacular field only. / Detailed summary in vernacular field only. / Wang, Qike. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2012. / Includes bibliographical references (leaves 43-48). / Abstracts also in Chinese. / Chapter Chapter 1 --- Background --- p.1 / Chapter 1.1 --- Elastic optical networks --- p.1 / Chapter 1.2 --- Multiscast in WDM networks --- p.5 / Chapter 1.3 --- Network coding in passive optical network (PON) --- p.7 / Chapter 1.4 --- All-optical virtual private nework (VPN) in PON --- p.11 / Chapter 1.5 --- Contribution of this thesis --- p.13 / Chapter 1.6 --- Organization of this thesis --- p.15 / Chapter Chapter 2 --- Analysis of multicast in elastic optical networks --- p.16 / Chapter 2.1 --- Introduction --- p.16 / Chapter 2.2 --- Network model and heuristics --- p.18 / Chapter 2.2.1 --- Multicast-capable node architecture --- p.18 / Chapter 2.2.2 --- Multicast goup size (MGS) factor --- p.19 / Chapter 2.2.3 --- Network resource and assumption --- p.19 / Chapter 2.2.4 --- Multicast routing and spectrum allocation (MC-RSA) heuristics --- p.20 / Chapter 2.3 --- Numerical results --- p.22 / Chapter 2.4 --- Summary --- p.27 / Chapter Chapter 3 --- Physical-layer network coding (PNC) in TDM-PON --- p.28 / Chapter 3.1 --- Introduction --- p.28 / Chapter 3.2 --- A novel PNC in TDM-PON scheme for all-optical VPN applications --- p.31 / Chapter 3.2.1 --- System architecture --- p.31 / Chapter 3.2.2 --- Implementation of PNC --- p.32 / Chapter 3.2.3 --- Management of wavelength collision --- p.33 / Chapter 3.3 --- Experiemnts and results --- p.35 / Chapter 3.4 --- Summary --- p.39 / Chapter Chapter 4 --- Conclusion and Future Works --- p.40 / Chapter 4.1 --- Conclusion of this thesis --- p.40 / Chapter 4.2 --- Future works --- p.41 / Bibliography --- p.43 / List of Publications --- p.50

Optical communications--Quality control

Computer networks

Wavelength division multiplexing

Practical data integrity protection in network-coded cloud storage.

January 2012

近年雲存儲發展迅速，它具彈性的收費模式還有使用上的便利性吸引了不少用家把它當作一個備份的平台，如何保障雲端上資料的完整性也就成了一項重要的課題。我們試著探討如何能有效地在客戶端檢查雲端上資料的完整性，並且在探測到雲存儲節點故障以後如何有效地進行修復。抹除碼(Erasure codes)透過產生冗餘，令編碼過後的資料能允許一定程度的缺片。雲端使用者可以利用抹除碼把檔案分散到不同的雲節點，即使其中一些節點壞了用戶還是能透過解碼餘下的資料來得出原檔。我們的研究是基於一種叫再造編碼(Regenerating code)的新興抹除碼。再造編碼借用了網絡編碼(Network coding)的概念，使得在修復錯誤節點的時候並不需要把完整的原檔先重構一遍，相比起一些傳統的抹除碼（如里德所羅門碼Reed-Solomoncode）能減少修復節點時需要下載的資料量。其中我們在FMSR這門再造編碼上實現了一個能有效檢測錯誤的系統FMSR-DIP。FMSR-DIP的好處是在檢測的時候只需要下載一小部份的資料，而且不要求節點有任何的編碼能力，可以直接對應現今的雲存儲。為了驗證我們系統的實用性，我們在雲存儲的測試平台上運行了一系列的測試。 / To protect outsourced data in cloud storage against corruptions, enabling integrity protection, fault tolerance, and efficient recovery for cloud storage becomes critical. To enable fault tolerance from a client-side perspective, users can encode their data with an erasure code and stripe the encoded data across different cloud storage nodes. We base our work on regenerating codes, a recently proposed type of erasure code that borrows the concept of network coding and requires less repair traffic than traditional erasure codes during failure recovery. We study the problem of remotely checking the integrity of regenerating-coded data against corruptions under a real-life cloud storage setting. Specifically, we design a practical data integrity protection (DIP) scheme for a specific regenerating code, while preserving the intrinsic properties of fault tolerance and repair traffic saving. Our DIP scheme is designed under the Byzantine adversarial model, and enables a client to feasibly verify the integrity of random subsets of outsourced data against general or malicious corruptions. It works under the simple assumption of thin-cloud storage and allows different parameters to be fine-tuned for the performance-security trade-off. We implement and evaluate the overhead of our DIP scheme in a cloud storage testbed under different parameter choices. We demonstrate that remote integrity checking can be feasibly integrated into regenerating codes in practical deployment. / Detailed summary in vernacular field only. / Chen, Chuk Hin Henry. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2012. / Includes bibliographical references (leaves 38-41). / Abstracts also in Chinese. / Chapter 1 --- Introduction --- p.1 / Chapter 2 --- Preliminaries --- p.4 / Chapter 2.1 --- FMSR Implementation --- p.4 / Chapter 2.2 --- Threat Model --- p.6 / Chapter 2.3 --- Cryptographic Primitives --- p.7 / Chapter 3 --- Design --- p.8 / Chapter 3.1 --- Design Goals --- p.8 / Chapter 3.2 --- Notation --- p.9 / Chapter 3.3 --- Overview of FMSR-DIP --- p.11 / Chapter 3.4 --- Basic Operations --- p.11 / Chapter 3.4.1 --- Upload operation --- p.11 / Chapter 3.4.2 --- Check operation --- p.13 / Chapter 3.4.3 --- Download operation --- p.15 / Chapter 3.4.4 --- Repair operation --- p.16 / Chapter 4 --- Implementation --- p.17 / Chapter 4.1 --- Integration of DIP into NCCloud --- p.17 / Chapter 4.2 --- Instantiating Cryptographic Primitives --- p.18 / Chapter 4.3 --- Trade-off Parameters --- p.19 / Chapter 5 --- Security Analysis --- p.22 / Chapter 5.1 --- Uses of Security Primitives --- p.22 / Chapter 5.2 --- Security Guarantees --- p.23 / Chapter 5.2.1 --- Corrupting an AECC Stripe --- p.23 / Chapter 5.2.2 --- Picking Corrupted Bytes for Checking --- p.25 / Chapter 5.2.3 --- Putting It All Together --- p.26 / Chapter 6 --- Evaluations --- p.27 / Chapter 6.1 --- Running Time Analysis --- p.27 / Chapter 6.2 --- Monetary Cost Analysis --- p.30 / Chapter 6.3 --- Summary --- p.33 / Chapter 7 --- Related Work --- p.34 / Chapter 8 --- Conclusions --- p.37 / Bibliography --- p.38

Cloud computing--Security measures

Computer networks--Security measures

Analysis and optimization of peer-to-peer systems under churn. / CUHK electronic theses & dissertations collection

January 2007

In peer-to-peer (P2P) systems, the phenomenon of churn (i.e., peer dynamics) will destroy the overlay structure, cause the loss of data objects, deteriorate the lookup performance, increase the bandwidth cost, and thus impact the performance of distributed applications greatly. Due to the prevalence of churn in real environments, it is essential to get a better understanding on how peer-to-peer systems evolve under churn and how to optimize the system performance under churn. In this thesis, we focus our research on the analysis and optimization of peer-to-peer systems under churn. Our research work falls into three main aspects: object storage under churn, object lookup under churn, and object (or load) balancing under churn. / Lastly, we study the effectiveness of two representative load balancing strategies in DHT-based P2P systems, (1) Rendezvous Directory Strategy (RDS) and (2) Independent Searching Strategy (ISS), under system churn. It enables us to have a clear understanding about their efficiency, scalability and robustness. Based on the analysis results, we also propose a Group Multicast Strategy (GMS) for load balancing in DHT systems, which attempts to achieve the benefits of both RDS and ISS. In order to have a better understanding of GMS, we also perform analytical studies on GMS in terms of its scalability and efficiency under churn. Finally, the effectiveness of GMS is evaluated by extensive simulation under different workload and churn levels. / Next, we consider the problem of optimizing lookup performance in DHT-based P2P systems under churn. We analytically study three important aspects on the optimization of DHT lookup performance, i.e., lookup strategy, lookup parallelism and lookup key replication. Our objective is to build a theoretical basis for the designers to make better choices in their future design. We first compare the performance of two representative lookup strategies - recursive routing and iterative routing, and explore the existence of better alternatives. Then we study the effectiveness of lookup parallelism in systems with different churn rates and show how to select the optimal degree of parallelism. Due to the importance of key replication on lookup performance, we also analyze the reliability of replicated keys under two different replication policies, and show how to perform proper configuration. Later, our results are also validated by simulation, and Kad is taken as a case to show the meaningfulness of our analysis. / We firstly develop a stochastic model to shed light on the evolution of stored objects in peer-to-peer systems under different types of churn, and analytically study the interplay between object maintenance and churn. To avoid the complexity of Markovian modeling, our model is based on stochastic differential equations, and thus we can provide closed-form terms to capture the system time-evolution, and formally derive asymptotic performance metrics of P2P storage systems under different maintenance strategies and various kinds of churn. Our analytical results provide some important insights in object maintenance under churn, which are useful in the optimization of P2P storage systems, e.g., reducing bandwidth usage, provisioning for bandwidth spike, improving system capacity, etc. Besides analytical study, our analysis is also validated by extensive simulation. / Wu, Di. / "July 2007." / Adviser: Kam-Wing Ng. / Source: Dissertation Abstracts International, Volume: 69-01, Section: B, page: 0443. / Thesis (Ph.D.)--Chinese University of Hong Kong, 2007. / Includes bibliographical references (p. 174-188). / Electronic reproduction. Hong Kong : Chinese University of Hong Kong, [2012] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Electronic reproduction. [Ann Arbor, MI] : ProQuest Information and Learning, [200-] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Abstracts in English and Chinese. / School code: 1307.

Mathematical optimization

Is "best practice" really the best?: examining the effects of ERP adoption on core competency. / CUHK electronic theses & dissertations collection / Digital dissertation consortium

January 2010

Organizations become more homogenous when they adapt to the external environment for survival and competitiveness. Institutional theorists call this phenomenon "isomorphism," which is a constraining process that forces organizations---through coercive, mimetic, or normative pressures---to resemble each other when facing the same set of environmental conditions. In recent years, concerns about cost-efficiency and standardization of information technology (IT) have led organizations to rely more heavily on IT to enhance their business operations. Enterprise resource planning (ERP) systems enable the tight integration of all necessary business functions into a single system. Typically, a database, designed to standardize organizational IT platforms and business processes, is shared throughout an organization. The high adoption rate of ERP systems among the biggest corporations has pressured other organizations to adopt ERP systems. Information system (IS) researchers call this phenomenon "technical isomorphism". / This study examines the effects of ERP implementation on organizational homogeneity from the viewpoint of institutional theory. Through mediating factors, such as the extent of ERP implementation and software adaptation, this study also investigates the effects of organizational homogeneity on the core competencies of user-organizations. It addresses four important issues: (a) whether institutional pressures lead to organizational homogenization; (b) whether institutional pressures affect the extent of ERP implementation in organizations; (c) whether the extent of ERP implementation affects software adaptation and subsequently, homogenization; and (d) whether the core competencies of organizations are ultimately affected by the adoption of technology. / This study's findings contribute to our understanding on the effects of ERP implementation in organizations, particularly on the IT and business activities. They open a whole new arena of research into the impact of technology on organizational abilities, providing a new set of constructs, relationships, antecedents, and dependent variables. Moreover, this study provides the necessary evidence on the occurrence of homogenization, its origins, and its consequences. It also provides valuable guidelines in finding a balance between conformity and retaining the uniqueness of companies, which is regarded as a source of core competencies. Thus, the research findings can help organizations redirect their focus and efforts into ERP implementation, saving millions of dollars in the process. / Liu, Kar Wai Connie. / Adviser: Vincent S. Lai. / Source: Dissertation Abstracts International, Volume: 72-04, Section: A, page: . / Thesis (Ph.D.)--Chinese University of Hong Kong, 2010. / Includes bibliographical references (leaves 141-152). / Electronic reproduction. Hong Kong : Chinese University of Hong Kong, [2012] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Electronic reproduction. Ann Arbor, MI : ProQuest Information and Learning Company, [200-] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Electronic reproduction. Ann Arbor, MI : ProQuest Information and Learning Company, [200-] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Abstract also in Chinese; appendix 8.3 and 8.4 in Chinese.

Business planning

Enterprise resource planning