Extensions to the self protecting object model to facilitate integrity in stationary and mobile hosts

Brandi, Wesley

13 March 2014

M.Sc. (Computer Science) / In this dissertation we propose extensions to the Self Protecting Object (SPO) model to facilitate the sharing of information in a more effective manner. We see the sharing ofinformation as the sharing of objects that provide services. Sharing objects effectively is allowing the objects to be used in a secure environment, independent of their location, in a manner usage was intended. The SPO model proposed by Olivier [32] allows for objects in a federated database to be moved from one site to another and ensures that the security policy of the object will always be respected and implemented, regardless of its location. Although the SPO model does indeed allow for objects (information) to be shared effectively, it fails to address issues of maintaining integrity within objects. We therefore define the notion of maintaining integrity within the spa model and propose a model to achieve it. We argue that ensuring an SPO is only used in a way usage was intended does not suffice to ensure integrity. The model we propose is based on ensuring that modifications to an SPO are only executed if the modification does not violate the constraints defined for the Sf'O, The model" allows for an spa to maintain its unique identity in addition to maintaining its integrity. The SPO model is designed to be used in a federated database on sites that are stationary. Therefore, having addressed the issue of maintaining integrity within SPOs on stationary sites in the federated database, we then introduce the notion of a mobile site: a site that will eventually disconnect from the federated database and become unreachable for some time. Introducing the mobile site into the federated database allows us to propose the Mobile Self Protecting Object (MSPO) and its associated architecture. Because of the nature of mobile sites, the original model for maintaining integrity can not be applied to the MSPO architecture. We therefore propose a mechanism (to be implemented in unison with the original model) to ensure the integrity of MSPOs on mobile sites. We then discuss the JASPO prototype. The aim of the prototype was to determine if the Self Protecting Object model was feasible using current development technologies. We examine the requirements identified in order for the prototype to be successful and discuss how these were satisfied. Several modifications were made to the original spa model, including the addition of a new module and the exclusion of others, we discuss these modifications and examine why they were necessary.

Internetworking (Telecommunication)

Internet domain names

Information security requirements for a coalition wide area network

McGovern, Susan C.

06 1900

To achieve information superiority in a coalition environment the U. S. has to seamlessly integrate coalition members, both NATO and Non-NATO, into its command and control processes along all echelons of military operations. In a coalition environment, it is extremely challenging to fuse multinational information systems to achieve seamless integration. This thesis focuses on the security issues that are involved in establishing coalition network interoperability. The coalition environment is defined in terms of purpose, command structure, mission area, and control functions. Network and information protection are discussed in terms of minimizing the threats to information systems security. Coalition information system user requirements are defined and some of the security mechanisms required to meet those requirements are discussed. Current solutions to secure coalition network interoperability are surveyed, followed by conclusions, recommendations and areas for further study. / US Navy (USN) author

Wide area networks (Computer networks)

United States

Command and control systems

Internetworking (Telecommunication)

RPX ??? a system for extending the IPv4 address range

Rattananon, Sanchai, Electrical Engineering & Telecommunications, Faculty of Engineering, UNSW

January 2006

In recent times, the imminent lack of public IPv4 addresses has attracted the attention of both the research community and industry. The cellular industry has decided to combat this problem by using IPv6 for all new terminals. However, the success of 3G network deployment will depend on the services offered to end users. Currently, almost all services reside in the IPv4 address space, making them inaccessible to users in IPv6 networks. Thus, an intermediate translation mechanism is required. Previous studies on network address translation methods have shown that Realm Base Kluge Address Heuristic-IP, REBEKAH-IP supports all types of services that can be offered to IPv6 hosts from the public IPv4 based Internet, and provides excellent scalability. However, the method suffers from an ambiguity problem which may lead to call blocking. This thesis presents an improvement to REBEKAH-IP scheme in which the side effect is removed, creating a robust and fully scalable system. The improvement can be divided into two major tasks including a full investigation on the scalability of addressing and improvements to the REBEKAH-IP scheme that allow it to support important features such as ICMP and IP mobility. To address the first task a method called REBEKAH-IP with Port Extension (RPX) is introduced. RPX is extended from the original REBEKAH-IP scheme to incorporate centralised management of both IP address and port numbers. This method overcomes the ambiguity problem, and improves scalability. We propose a priority queue algorithm to further increase scalability. Finally, we present extensive simulation results on the practical scalability of RPX with different traffic compositions, to provide a guideline of the expected scalability in large-scale networks. The second task concerns enabling IP based communication. Firstly, we propose an ICMP translation mechanism which allows the RPX server to support important end-toend control functions. Secondly, we extend the RPX scheme with a mobility support scheme based on Mobile IP. In addition, we have augmented Mobile IP with a new tunneling mechanism called IP-in-FQDN tunneling. The mechanism allows for unique mapping despite the sharing of IP addresses while maintaining the scalability of RPX. We examine the viability of our design through our experimental implementation.

Internet addresses

TCP/IP (Computer network protocol)

Internetworking (Telecommunication)

Computer networks

Signal space cooperative communication with partial relay selection.

Paruk, Zaid.

January 2012

Exploiting the available diversity from various sources in wireless networks is an easy way to improve performance at the expense of additional hardware, space, complexity and/or bandwidth. Signal space diversity (SSD) and cooperative communication are two promising techniques that exploit the available signal space and space diversity respectively. This study first presents symbol error rate (SER) analysis of an SSD system containing a single transmit antenna and N receive antennas with maximal-ratio combining (MRC) reception; thereafter it presents a simplified maximum-likelihood (ML) detection scheme for SSD systems, and finally presents the incorporation of SSD into a distributed switch and stay combining with partial relay selection (DSSC-PRS) system. Performance analysis of an SSD system containing a single transmit antenna and multiple receive antennas with MRC reception has been presented previously in the literature using the nearest neighbour (NN) approximation to the union bound, however results were not presented in closed form. Hence, closed form expressions are presented in this work. A new lower bound for the SER of an SSD system is also presented which is simpler to evaluate than the union bound/NN approximation and also simpler to use with other systems. The new lower bound is based on the minimum Euclidean distance of a rotated constellation and is termed the minimum distance lower bound (MDLB); it is also presented here in closed form. The presented bounds have been validated with simulation and found to be tight under certain conditions. The SSD scheme offers error performance and diversity benefits with the only penalty being an increase in detector complexity. Detection is performed in the ML sense and conventionally, all points in an M-ary quadrature amplitude modulation (M-QAM) constellation are searched to find the transmitted symbol. Hence, a simplified detection scheme is proposed that only searches m symbols from M after performing initial signal conditioning. The simplified detection scheme is able to provide SER performance close to that of optimal ML detection in systems with multiple receive antennas. Cooperative communication systems can benefit from the error performance and diversity gains of the spectrally efficient SSD scheme since it requires no additional hardware, bandwidth or transmit power. Integrating SSD into a DSSC-PRS system has shown an improvement of approximately 5dB at an SER of 10-4 with a slight decrease in spectral efficiency at low SNR. Analysis has been performed using the newly derived MDLB and confirmed with simulation. / Thesis (M.Sc.Eng.)-University of KwaZulu-Natal, Durban, 2012.

Signal processing.

Internetworking (Telecommunication)

Wireless communication systems.

Wireless LANs.

Theses--Electronic engineering.

Express lanes modification to the data vortex photonic all-optical path interconnection network

Bozek, Matthew Peter

19 May 2008

Today s supercomputers require interconnection networks with high bandwidth and low latency to exploit parallelism. The data vortex is an all optical path interconnection network defined and then proven to achieve high level of message acceptance and low levels of message latency. In this thesis research, three enhancements to the data vortex are defined and tested for performance. They are compared to an unmodified data vortex using the average latency and offered traffic acceptance rates as metrics. Minimal angle counts are established where express lane enhancements are established. An express lane enhancement allows exploitation of locality yielding an 8% to 12 % reduction in average latency and a 4% to 6% increase in message acceptance. Semi-Express lanes cannot effectively exploit locality but still yield a 20% increase in message acceptance and a 4% decrease in average latency. Express outputs can exploit locality for a 28% to 32% increase in message acceptance and 12% to 15% decrease in average latency.

Interconnection simulation

Silicon optical amplifier

Computer networks

Supercomputers

Optical communications

Internetworking (Telecommunication)

Multiple foreign agents IP mobility management in internet integrated mobile ad hoc networks /

Ding, Shuo.

Unknown Date

Recently, Mobile Ad Hoc Networks (MANETs) have enjoyed a dramatic rise in popularity as potential solutions to connectivity in environments where telecommunication infrastructure is not available. Traditionally, MANETs are assumed to be stand-alone networks which do not require assistance from fixed network infrastructure (e.g. a backbone network). Based on this assumption, routing protocols for MANETs have been designed to work in stand-alone mode. However, throughput and coverage requirements of future 4G all-IP systems may require integration of MANETs into these systems to enhance the flexibility and pervasiveness of the networks. The coverage of existing infrastructure networks (wireless LAN hot-spots of 3G networks) can be effectively extended by the relaying communications via ad hot network nodes (wireless routers). Also, the limited services available within MANET can be extended to a wider range through connecting of the MANET to the Internet infrastructure. To achieve this, effective solutions are needed to many existing challenges in integrating MANETs with the Internet. / In this thesis, we propose solutions to three major challenges of interconnecting MANETs with the Internet. The underlying research problems can be listed as follows: Architecture options for integrating Mobile IP-based MANETs to the Internet via multiple gateways; The Internet extensions to reactive ad hoc routing protocols; Schemes for gateway discovery / Handoff in MANETs. / Thesis (PhDTelecommunications)--University of South Australia, 2007.

Wireless communication systems.

Internetworking (Telecommunication).

Ad hoc networks (Computer networks).

Mobile computing.

RPX ??? a system for extending the IPv4 address range

Rattananon, Sanchai, Electrical Engineering & Telecommunications, Faculty of Engineering, UNSW

January 2006

In recent times, the imminent lack of public IPv4 addresses has attracted the attention of both the research community and industry. The cellular industry has decided to combat this problem by using IPv6 for all new terminals. However, the success of 3G network deployment will depend on the services offered to end users. Currently, almost all services reside in the IPv4 address space, making them inaccessible to users in IPv6 networks. Thus, an intermediate translation mechanism is required. Previous studies on network address translation methods have shown that Realm Base Kluge Address Heuristic-IP, REBEKAH-IP supports all types of services that can be offered to IPv6 hosts from the public IPv4 based Internet, and provides excellent scalability. However, the method suffers from an ambiguity problem which may lead to call blocking. This thesis presents an improvement to REBEKAH-IP scheme in which the side effect is removed, creating a robust and fully scalable system. The improvement can be divided into two major tasks including a full investigation on the scalability of addressing and improvements to the REBEKAH-IP scheme that allow it to support important features such as ICMP and IP mobility. To address the first task a method called REBEKAH-IP with Port Extension (RPX) is introduced. RPX is extended from the original REBEKAH-IP scheme to incorporate centralised management of both IP address and port numbers. This method overcomes the ambiguity problem, and improves scalability. We propose a priority queue algorithm to further increase scalability. Finally, we present extensive simulation results on the practical scalability of RPX with different traffic compositions, to provide a guideline of the expected scalability in large-scale networks. The second task concerns enabling IP based communication. Firstly, we propose an ICMP translation mechanism which allows the RPX server to support important end-toend control functions. Secondly, we extend the RPX scheme with a mobility support scheme based on Mobile IP. In addition, we have augmented Mobile IP with a new tunneling mechanism called IP-in-FQDN tunneling. The mechanism allows for unique mapping despite the sharing of IP addresses while maintaining the scalability of RPX. We examine the viability of our design through our experimental implementation.

Internet addresses

TCP/IP (Computer network protocol)

Internetworking (Telecommunication)

Computer networks

An analysis of how the Joint Capabilities Integration and Development System (JCIDS) strengthens the way ahead for cyberspace operations

Treat, Timothy J.

January 1900

Thesis (M.S.)--Air Force Institute of Technology, 2008 / AFIT/IC4/ENG/07-08. "June 2007." Title from page [3] of PDF file (viewed: Sept. 8, 2008). Includes bibliographical references.

Adaptive resource management in label-switched networks /

Shen, Wentao,

January 1900

Thesis (M.App.Sc.) - Carleton University, 2002. / Includes bibliographical references (p. 57-61). Also available in electronic format on the Internet.

Eye closure penalty based signal quality metric for intelligent all-optical networks /

Li, Jonathan Chi Fai.

January 2009

Thesis (Ph.D.)--University of Melbourne, Dept. of Electrical and Electronic Engineering, 2010. / Typescript. Includes bibliographical references (p. 177-187)