Global ETD Search

211	Flexible access control for campus and enterprise networks Nayak, Ankur Kumar 07 April 2010 (has links) We consider the problem of designing enterprise network security systems which are easy to manage, robust and ﬂexible. This problem is challenging. Today, most approaches rely on host security, middleboxes, and complex interactions between many protocols. To solve this problem, we explore how new programmable networking paradigms can facilitate ﬁne-grained network control. We present Resonance, a system for securing enterprise networks , where the network elements themselves en- force dynamic access control policies through state changes based on both ﬂow-level information and real-time alerts. Resonance uses programmable switches to manipulate traffic at lower layers; these switches take actions (e.g., dropping or redirecting traffic) to enforce high-level security policies based on input from both higher-level security boxes and distributed monitoring and inference systems. Using our approach, administrators can create security applications by first identifying a state machine to represent different policy changes and then, translating these states into actual network policies. Earlier approaches in this direction (e.g., Ethane, Sane) have remained low-level requiring policies to be written in languages which are too detailed and are difficult for regular users and administrators to comprehend. As a result, significant effort is needed to package policies, events and network devices into a high-level application. Resonance abstracts out all the details through its state-machine based policy specification framework and presents security functions which are close to the end system and hence, more tractable. To demonstrate how well Resonance can be applied to existing systems, we consider two use cases. First relates to "Network Admission Control" problem. Georgia Tech dormitories currently use a system called START (Scanning Technology for Automated Registration, Repair, and Response Tasks) to authenticate and secure new hosts entering the network [23]. START uses a VLAN-based approach to isolate new hosts from authenticated hosts, along with a series of network device interactions. VLANs are notoriously difficult to use, requiring much hand-holding and manual configuration. Our interactions with the dorm network administrators have revealed that this existing system is not only difficult to manage and scale but also inﬂexible, allowing only coarse-grained access control. We implemented START by expressing its functions in the Resonance framework. The current system is deployed across three buildings in Georgia Tech with both wired as well as wireless connectivities. We present an evaluation of our system's scalability and performance. We consider dynamic rate limiting as the second use case for Resonance. We show how a network policy that relies on rate limiting and traffic shaping can easily be implemented using only a few state transitions. We plan to expand our deployment to more users and buildings and support more complex policies as an extension to our ongoing work. Main contributions of this thesis include design and implementation of a ﬂexible access control model, evaluation studies of our system's scalability and performance, and a campus-wide testbed setup with a working version of Resonance running. Our preliminary evaluations suggest that Resonance is scalable and can be potentially deployed in production networks. Our work can provide a good platform for more advanced and powerful security techniques for enterprise networks. Access control Security Enterprise networks Programmable networks Computer networks Security measures Computer networks Management Computer networks Local area networks (Computer networks)
212	Correlation-based Botnet Detection in Enterprise Networks Gu, Guofei 07 July 2008 (has links) Most of the attacks and fraudulent activities on the Internet are carried out by malware. In particular, botnets, as state-of-the-art malware, are now considered as the largest threat to Internet security. In this thesis, we focus on addressing the botnet detection problem in an enterprise-like network environment. We present a comprehensive correlation-based framework for multi-perspective botnet detection consisting of detection technologies demonstrated in four complementary systems: BotHunter, BotSniffer, BotMiner, and BotProbe. The common thread of these systems is correlation analysis, i.e., vertical correlation (dialog correlation), horizontal correlation, and cause-effect correlation. All these Bot* systems have been evaluated in live networks and/or real-world network traces. The evaluation results show that they can accurately detect real-world botnets for their desired detection purposes with a very low false positive rate. We find that correlation analysis techniques are of particular value for detecting advanced malware such as botnets. Dialog correlation can be effective as long as malware infections need multiple stages. Horizontal correlation can be effective as long as malware tends to be distributed and coordinated. In addition, active techniques can greatly complement passive approaches, if carefully used. We believe our experience and lessons are of great benefit to future malware detection. Malware detection Network security Anomaly detection Intrusion detection Local area networks (Computer networks) Computer networks Security measures Computer crimes Correlation (Statistics)
213	Evaluating urban deployment scenarios for vehicular wireless networks Potnis, Niranjan. Gopalan, Kartik.. January 2006 (has links) Thesis (M.S.)--Florida State University, 2006. / Advisor: Kartik Gopalan, Florida State University, College of Arts and Sciences, Dept. of Computer Science. Title and description from dissertation home page (viewed Sept. 22, 2006). Document formatted into pages; contains ix, 46 pages. Includes bibliographical references.
214	Estudos de modelos para predição de parâmetros de ensaios de cabos LAN Scheiner, Denys de Souza 09 November 2012 (has links) Este estudo consiste na comparação de 2 técnicas de modelagem da área de identificação de sistemas aplicadas à predição de dois importantes parâmetros elétricos de um cabo de telecomunicação do tipo LAN, que são Atenuação e Resíduo de Telediafônia. O foco do trabalho é representar a relação existente entre duas maneiras distintas de efetuar a medição dessas grandezas em um cabo. O estudo se iniciou através da aplicação de técnicas de modelagem que buscam Modelos Paramétricos, através da comparação polinomial, baseadas nas respostas dos modelos para os critérios de Akaike, Bestfits e Análise dos resíduos. Na seqüência, a fim de investigar o comportamento não-linear dos parâmetros do cabo em estudo, desenvolveram-se modelos baseados em Redes Neurais Artificiais. Estas redes são técnicas de inteligência artificial, inspiradas na natureza e capazes de identificar padrões e inferir conhecimentos, realizando comparações entre a saída real e a gerada pelo modelo. Utilizaram-se os toolboxes de identificação de sistemas e de redes neurais disponíveis no software Matlab, para desenvolvimento dos modelos. Com estes, neste trabalho foram apresentados os principais conceitos envolvidos em modelagem utilizando modelos paramétricos e redes neurais artificiais. Por fim, são apresentadas comparações entre os resultados obtidos com os respectivos critérios adotados e as técnicas utilizadas apontando para suas virtudes e limitações na solução deste problema. Essas comparações são feitas baseando-se em resultados obtidos para os modelos propostos a partir de dados reais obtidos em testes de qualidade de cabos LAN. / This study consists of a comparison between two system identification modeling techniques applied to predict two important performance parameter involved on a LAN telecommunication cable, which are Insertion Loss and Attenuation Crosstalk Ratio Far End. This work focused on representing the relation between two different ways of measuring a cable by modeling techniques using Parametric Models, which are based on techniques of polynomial comparison performing output models comparison considering Akaike, Bestfit and Residuals analyses criteria and in sequence the Artificial Neural Network, which is an artificial intelligence technique inspired on nature that can identify standards and knowledge, performing a comparison between the real output and the model output. All of that using the Matlab system identification and neural networks toolboxes. On this work were presented the main concepts involved on modeling using parametric models and Neural Networks and was performed a comparison between the obtained results with the adopted criteria and the applied techniques pointing to each advantage and disadvantage for the solution of this problem. Redes locais de computadores Redes neurais (Computação) Gestão da informação Radiofrequência modulada Engenharia elétrica Local area networks (Computer networks) Neural networks (Computer science) Information management Radio frequency modulation Electric engineering
215	A grid based approach for the control and recall of the properties of IEEE 1394 audio devices Foulkes, Philip James January 2009 (has links) The control of modern audio studios is complex. Audio mixing desks have grown to the point where they contain thousands of parameters. The control surfaces of these devices do not reflect the routing and signal processing capabilities that the devices are capable of. Software audio mixing desk editors have been developed that allow for the remote control of these devices, but their graphical user interfaces retain the complexities of the audio mixing desk that they represent. In this thesis, we propose a grid approach to audio mixing. The developed grid audio mixing desk editor represents an audio mixing desk as a series of graphical routing matrices. These routing matrices expose the various signal processing points and signal flows that exist within an audio mixing desk. The routing matrices allow for audio signals to be routed within the device, and allow for the device’s parameters to be adjusted by selecting the appropriate signal processing points. With the use of the programming interfaces that are defined as part of the Studio Connections – Total Recall SDK, the audio mixing desk editor was integrated with compatible DAW applications to provide persistence of audio mixing desk parameter states. Many audio studios currently use digital networks to connect audio devices together. Audio and control signals are patched between devices through the use of software patchbays that run on computers. We propose a double grid-based FireWire patchbay aimed to simplify the patching of signals between audio devices on a FireWire network. The FireWire patchbay was implemented in such a way such that it can host software device editors that are Studio Connections compatible. This has allowed software device editors to be associated with the devices that are represented on the FireWire patchbay, thus allowing for studio wide control from a single application. The double grid-based patchbay was implemented such that it can be hosted by compatible DAW applications. Through this, the double grid-based patchbay application is able to provide the DAW application with the state of the parameters of the devices in a studio, as well as the connections between them. The DAW application may save this state data to its native song files. This state data may be passed back to the double grid-based patchbay when the song file is reloaded at a later stage. This state data may then be used by the patchbay to restore the parameters of the patchbay and its device editors to a previous state. This restored state may then be transferred to the hardware devices being represented by the patchbay. IEEE 1394 (Standard) Computer sound processing Digital communications Local area networks (Computer networks) Computational grids (Computer systems)
216	An investigation into the hardware abstraction layer of the plural node architecture for IEEE 1394 audio devices Chigwamba, Nyasha January 2009 (has links) Digital audio network technologies are becoming more prevalent in audio related environments. Yamaha Corporation has created a digital audio network solution, named mLAN (music Local Area Network), that uses IEEE 1394 as its underlying network technology. IEEE 1394 is a digital network technology that is specifically designed for real-time multimedia data transmission. The second generation of mLAN is based on the Plural Node Architecture, where the control of audio and MIDI routings between IEEE 1394 devices is split between two node types, namely an Enabler and a Transporter. The Transporter typically resides in an IEEE 1394 device and is solely responsible for transmission and reception of audio or MIDI data. The Enabler typically resides in a workstation and exposes an abstract representation of audio or MIDI plugs on each Transporter to routing control applications. The Enabler is responsible for configuring audio and MIDI routings between plugs on different Transporters. A Hardware Abstraction Layer (HAL) within the Enabler allows it to uniformly communicate with Transporters that are created by various vendors. A plug-in mechanism is used to provide this capability. When vendors create Transporters, they also create device-specific plug-ins for the Enabler. These plug-ins are created against a Transporter HAL Application Programming Interface (API) that defines methods to access the capabilities of Transporters. An Open Generic Transporter (OGT) guideline document which models all the capabilities of Transporters has been produced. These guidelines make it possible for manufacturers to create Transporters that make use of a common plug-in, although based on different hardware architectures. The introduction of the OGT concept has revealed additional Transporter capabilities that are not incorporated in the existing Transporter HAL API. This has led to the underutilisation of OGT capabilities. The main goals of this investigation have been to improve the Enabler’s plug-in mechanism, and to incorporate the additional capabilities that have been revealed by the OGT into the Transporter HAL API. We propose a new plug-in mechanism, and a new Transporter HAL API that fully utilises both the additional capabilities revealed by the OGT and the capabilities of existing Transporters. IEEE 1394 (Standard) Digital communications Computer sound processing Local area networks (Computer networks) Computer network architectures
217	Investigating the viability of a framework for small scale, easily deployable and extensible hotspot management systems Thinyane, Mamello P January 2006 (has links) The proliferation of PALs (Public Access Locations) is fuelling the development of new standards, protocols, services, and applications for WLANs (Wireless Local Area Networks). PALs are set up at public locations to meet continually changing, multiservice, multi-protocol user requirements. This research investigates the essential infrastructural requirements that will enable further proliferation of PALs, and consequently facilitate ubiquitous computing. Based on these requirements, an extensible architectural framework for PAL management systems that inherently facilitates the provisioning of multiple services and multiple protocols on PALs is derived. The ensuing framework, which is called Xobogel, is based on the microkernel architectural pattern, and the IPDR (Internet Protocol Data Record) specification. Xobogel takes into consideration and supports the implementation of diverse business models for PALs, in respect of distinct environmental factors. It also facilitates next-generation network service usage accounting through a simple, flexible, and extensible XML based usage record. The framework is subsequently validated for service element extensibility and simplicity through the design, implementation, and experimental deployment of SEHS (Small Extensible Hotspot System), a system based on the framework. The robustness and scalability of the framework is observed to be sufficient for SMME deployment, withstanding the stress testing experiments performed on SEHS. The range of service element and charging modules implemented confirm an acceptable level of flexibility and extensibility within the framework. Local area networks (Computer networks) Computer networks -- Management Computer network architectures Computer network protocols Wireless communication systems XML (Document markup language)
218	Mecanismo de autenticação baseado na localização de estações sem fios padrão IEEE 802.11 / IEEE 802.11 authentication mechanism based on wireless station location Peres, Andre January 2010 (has links) A vantagem das redes locais sem fios, as quais permitem que uma estação móvel possa deslocar-se livremente dentro da área de abrangência da rede, possui uma contrapartida em termos de segurança. A possibilidade dos sinais de microondas atravessarem paredes e sofrerem atenuação, reflexão, refração, difração e dispersão, dependendo dos obstáculos, torna a definição dos limites da área de abrangência da rede sem fios uma tarefa difícil. Sem o conhecimento dos limites de abrangência, o administrador não tem como delimitar fisicamente o acesso à rede. Além disso, o padrão IEEE 802.11 não define um mecanismo capaz de localizar a posição física de estações móveis. Sem a possibilidade de localização de estações, é impossível restringir o acesso à rede baseando-se em limitações físicas definidas pelo administrador. Quando a rede sem fios é utilizada em ambientes internos, os diversos obstáculos e seu comportamento dinâmico (como pessoas em movimento, por exemplo), fazem com que os sinais de microondas alterem as características da área de abrangência da rede. Este trabalho propõe uma nova abordagem para localização de estações sem fios em ambientes internos, baseada no comportamento dinâmico dos obstáculos e conseqüentes alterações na rede, e, de acordo com este comportamento, tenta ampliar a eficiência da localização de estações. Por fim, é proposto um novo sistema de autenticação de estações baseado na sua localização. / The advantage of wireless local area networks, giving the mobile stations the possibility of moving free inside the network access range comes with a security drawback. The fact that microwave signals can cross walls and behave with attenuation, reflections, refraction, diffraction and dispersion, depending of the obstacles, makes very difficult to define the network access range. Without the knowledge of the network boundaries, the network administrator cannot define a physical delimiter to network access. Besides this issue, there is no default user-location mechanism in the IEEE 802.11 standard. Without the user-location, it is impossible to restrict the network access based on the physical access boundaries defined by the administrator. When the wireless network operates indoor the many obstacles and the dynamic behavior of these obstacles (some people moving around, for instance) make the microwave signal behavior change the range and aspect of the network. This work proposes a new approach to indoor user-location mechanism, based on the dynamic behavior of the obstacles and consequent changes on network range. This approach focus on the dynamic obstacles behavior analysis and according to this behavior tries to increase the user-location system efficiency. Finally a new authentication system based on the user location is proposed. Redes : Computadores Redes locais : Computadores IEEE 802.11 Seguranca : Redes : Computadores Wireless local area networks IEEE 802.11 Wireless location Network security Network authentication
219	Mecanismo de autenticação baseado na localização de estações sem fios padrão IEEE 802.11 / IEEE 802.11 authentication mechanism based on wireless station location Peres, Andre January 2010 (has links) A vantagem das redes locais sem fios, as quais permitem que uma estação móvel possa deslocar-se livremente dentro da área de abrangência da rede, possui uma contrapartida em termos de segurança. A possibilidade dos sinais de microondas atravessarem paredes e sofrerem atenuação, reflexão, refração, difração e dispersão, dependendo dos obstáculos, torna a definição dos limites da área de abrangência da rede sem fios uma tarefa difícil. Sem o conhecimento dos limites de abrangência, o administrador não tem como delimitar fisicamente o acesso à rede. Além disso, o padrão IEEE 802.11 não define um mecanismo capaz de localizar a posição física de estações móveis. Sem a possibilidade de localização de estações, é impossível restringir o acesso à rede baseando-se em limitações físicas definidas pelo administrador. Quando a rede sem fios é utilizada em ambientes internos, os diversos obstáculos e seu comportamento dinâmico (como pessoas em movimento, por exemplo), fazem com que os sinais de microondas alterem as características da área de abrangência da rede. Este trabalho propõe uma nova abordagem para localização de estações sem fios em ambientes internos, baseada no comportamento dinâmico dos obstáculos e conseqüentes alterações na rede, e, de acordo com este comportamento, tenta ampliar a eficiência da localização de estações. Por fim, é proposto um novo sistema de autenticação de estações baseado na sua localização. / The advantage of wireless local area networks, giving the mobile stations the possibility of moving free inside the network access range comes with a security drawback. The fact that microwave signals can cross walls and behave with attenuation, reflections, refraction, diffraction and dispersion, depending of the obstacles, makes very difficult to define the network access range. Without the knowledge of the network boundaries, the network administrator cannot define a physical delimiter to network access. Besides this issue, there is no default user-location mechanism in the IEEE 802.11 standard. Without the user-location, it is impossible to restrict the network access based on the physical access boundaries defined by the administrator. When the wireless network operates indoor the many obstacles and the dynamic behavior of these obstacles (some people moving around, for instance) make the microwave signal behavior change the range and aspect of the network. This work proposes a new approach to indoor user-location mechanism, based on the dynamic behavior of the obstacles and consequent changes on network range. This approach focus on the dynamic obstacles behavior analysis and according to this behavior tries to increase the user-location system efficiency. Finally a new authentication system based on the user location is proposed. Redes : Computadores Redes locais : Computadores IEEE 802.11 Seguranca : Redes : Computadores Wireless local area networks IEEE 802.11 Wireless location Network security Network authentication
220	Mecanismo de autenticação baseado na localização de estações sem fios padrão IEEE 802.11 / IEEE 802.11 authentication mechanism based on wireless station location Peres, Andre January 2010 (has links) A vantagem das redes locais sem fios, as quais permitem que uma estação móvel possa deslocar-se livremente dentro da área de abrangência da rede, possui uma contrapartida em termos de segurança. A possibilidade dos sinais de microondas atravessarem paredes e sofrerem atenuação, reflexão, refração, difração e dispersão, dependendo dos obstáculos, torna a definição dos limites da área de abrangência da rede sem fios uma tarefa difícil. Sem o conhecimento dos limites de abrangência, o administrador não tem como delimitar fisicamente o acesso à rede. Além disso, o padrão IEEE 802.11 não define um mecanismo capaz de localizar a posição física de estações móveis. Sem a possibilidade de localização de estações, é impossível restringir o acesso à rede baseando-se em limitações físicas definidas pelo administrador. Quando a rede sem fios é utilizada em ambientes internos, os diversos obstáculos e seu comportamento dinâmico (como pessoas em movimento, por exemplo), fazem com que os sinais de microondas alterem as características da área de abrangência da rede. Este trabalho propõe uma nova abordagem para localização de estações sem fios em ambientes internos, baseada no comportamento dinâmico dos obstáculos e conseqüentes alterações na rede, e, de acordo com este comportamento, tenta ampliar a eficiência da localização de estações. Por fim, é proposto um novo sistema de autenticação de estações baseado na sua localização. / The advantage of wireless local area networks, giving the mobile stations the possibility of moving free inside the network access range comes with a security drawback. The fact that microwave signals can cross walls and behave with attenuation, reflections, refraction, diffraction and dispersion, depending of the obstacles, makes very difficult to define the network access range. Without the knowledge of the network boundaries, the network administrator cannot define a physical delimiter to network access. Besides this issue, there is no default user-location mechanism in the IEEE 802.11 standard. Without the user-location, it is impossible to restrict the network access based on the physical access boundaries defined by the administrator. When the wireless network operates indoor the many obstacles and the dynamic behavior of these obstacles (some people moving around, for instance) make the microwave signal behavior change the range and aspect of the network. This work proposes a new approach to indoor user-location mechanism, based on the dynamic behavior of the obstacles and consequent changes on network range. This approach focus on the dynamic obstacles behavior analysis and according to this behavior tries to increase the user-location system efficiency. Finally a new authentication system based on the user location is proposed. Redes : Computadores Redes locais : Computadores IEEE 802.11 Seguranca : Redes : Computadores Wireless local area networks IEEE 802.11 Wireless location Network security Network authentication

Search results