Global ETD Search

151	End-to-end security architecture for cloud computing environments / Architecture de sécurité de bout en bout et mécanismes d'autoprotection pour les environnements Cloud Wailly, Aurélien 30 September 2014 (has links) La virtualisation des infrastructures est devenue un des enjeux majeurs dans la recherche, qui fournissent des consommations d'énergie moindres et des nouvelles opportunités. Face à de multiples menaces et des mécanismes de défense hétérogènes, l'approche autonomique propose une gestion simplifiée, robuste et plus efficace de la sécurité du cloud. Aujourd'hui, les solutions existantes s'adaptent difficilement. Il manque des politiques de sécurité flexibles, une défense multi-niveaux, des contrôles à granularité variable, ou encore une architecture de sécurité ouverte. Ce mémoire présente VESPA, une architecture d'autoprotection pour les infrastructures cloud. VESPA est construit autour de politiques qui peuvent réguler la sécurité à plusieurs niveaux. La coordination flexible entre les boucles d'autoprotection réalise un large spectre de stratégies de sécurité comme des détections et des réactions sur plusieurs niveaux. Une architecture extensible multi plans permet d'intégrer simplement des éléments déjà présents. Depuis peu, les attaques les plus critiques contre les infrastructures cloud visent la brique la plus sensible: l'hyperviseur. Le vecteur d'attaque principal est un pilote de périphérique mal confiné. Les mécanismes de défense mis en jeu sont statiques et difficile à gérer. Nous proposons une approche différente avec KungFuVisor, un canevas logiciel pour créer des hyperviseurs autoprotégés spécialisant l'architecture VESPA. Nous avons montré son application à trois types de protection différents : les attaques virales, la gestion hétérogène multi-domaines et l'hyperviseur. Ainsi la sécurité des infrastructures cloud peut être améliorée grâce à VESPA / Since several years the virtualization of infrastructures became one of the major research challenges, consuming less energy while delivering new services. However, many attacks hinder the global adoption of Cloud computing. Self-protection has recently raised growing interest as possible element of answer to the cloud computing infrastructure protection challenge. Yet, previous solutions fall at the last hurdle as they overlook key features of the cloud, by lack of flexible security policies, cross-layered defense, multiple control granularities, and open security architectures. This thesis presents VESPA, a self-protection architecture for cloud infrastructures. Flexible coordination between self-protection loops allows enforcing a rich spectrum of security strategies. A multi-plane extensible architecture also enables simple integration of commodity security components.Recently, some of the most powerful attacks against cloud computing infrastructures target the Virtual Machine Monitor (VMM). In many case, the main attack vector is a poorly confined device driver. Current architectures offer no protection against such attacks. This thesis proposes an altogether different approach by presenting KungFuVisor, derived from VESPA, a framework to build self-defending hypervisors. The result is a very flexible self-protection architecture, enabling to enforce dynamically a rich spectrum of remediation actions over different parts of the VMM, also facilitating defense strategy administration. We showed the application to three different protection scheme: virus infection, mobile clouds and hypervisor drivers. Indeed VESPA can enhance cloud infrastructure security Sécurité Virtualisation Cloud computing Autonomique Hyperviseur Système d'exploitation Security Virtualization Cloud computing Autonomic computing Hypervisor Operating system
152	A Performance comparison Between ASP.NET Core and Express.js for creating Web APIs Karlsson, Oliver January 2021 (has links) Modern web applications are growing in complexity and becoming more widely used. Using frameworks to build APIs is a popular way for both hobby developers and businesses to speed up development time and save costs. With this dependence on frameworks to be the foundation for potentially large applications comes the need to understand their performance qualities and which areas they are best suited for. This study compares the performance of the two similarly popular frameworks ASP.NET Core and Express.js, when used together with a MySQL Database to build Web APIs. This was done by building two different API implementations in each framework, one employing a RESTful approach and the other using the new querying language GraphQL. Experiments were run where the peak CPU usage, peak memory usage and response times were measured.The results of the experiments were that in a RESTful API, ASP.NET Core is faster at serving requests during lower loads whereas Express.js outperforms ASP.NET Core when faced with a higher amount of concurrent requests that fetch a lot of data. In a GraphQL API Express.js was able to perform similarly or better in all cases in terms of response times and resource usage compared to ASP.NET Core. API Framework REST GraphQL HTTP SQL ASP.NET Core Express.js Operating System CPU Memory Response times. Computer Engineering Datorteknik
153	An Evaluation of Software-Based Traffic Generators using Docker / En utvärdering utav mjukvarubaserade trafikgeneratorer med Docker Wong, Sai Man January 2018 (has links) The Information and Communication Technology (ICT) industry and network researchers use traffic generator tools to a large extent to test their systems. The industry uses reliable and rigid hardware-based platform tools for high-performance network testing. The research community commonly uses software-based tools in, for example, experiments because of economic and flexibility aspects. As a result, it is possible to run these tools on different systems and hardware. In this thesis, we examine the software traffic generators Iperf, Mausezahn, Ostinato in a closed loop physical and virtual environment to evaluate the applicability of the tools and find sources of inaccuracy for a given traffic profile. For each network tool, we measure the throughput from 64- to 4096-byte in packet sizes. Also, we encapsulate each tool with container technology using Docker to reach a more reproducible and portable research. Our results show that the CPU primarily limits the throughput for small packet sizes, and saturates the 1000 Mbps link for larger packet sizes. Finally, we suggest using these tools for simpler and automated network tests. / IT-branschen och nätverksforskare använder sig av trafikgeneratorer till stor del för att testa sina system. Industrin använder sig av stabila och pålitliga hårdvaruplattformar för högpresterande nätverkstester. Forskare brukar använda mjukvarubaserade verktyg i till exempel experiment på grund av ekonomiska och flexibilitet skäl. Det är därför möjligt att använda dessa verktyg på olika system och hårdvaror. I denna avhandling undersöker vi mjukvarutrafikgeneratorerna Iperf, Mausezahn, Ostinato i en isolerad fysisk och virtuell miljö, det vill säga för att utvärdera användbarheten av verktygen och hitta felkällor för en given trafikprofil. För varje nätverksverktyg mäter vi genomströmningen från 64 till 4096 byte i paketstorlekar. Dessutom paketerar vi varje verktyg med molnteknologin Docker för att nå ett mer reproducerbart och portabelt arbete. Våra resultat visar att processorn begränsar genomströmningen för små paketstorlekar och saturerar 1000 Mbps-länken för större paketstorlekar. Slutligen föreslår vi att man kan använda dessa verktyg för enklare och automatiserade nätverkstester. Software-Based Traffic Generator Throughput Packet Size Benchmark Operating System Virtualization Container Docker Automation Computer Sciences Datavetenskap (datalogi)
154	Operating System Support for Modern Applications Yang, Ting 01 May 2009 (has links) Computer systems now run drastically different workloads than they did two decades ago. The enormous advances in hardware power, such as processor speed, memory and storage capacity, and network bandwidth, enable them to run new kinds as well as a large number of applications simultaneously. Software technologies, such as garbage collection and multi-threading, also reshape applications and their behaviors, introducing more challenges to system resource management. However, existing general-purpose operating systems do not provide adequate support for these modern applications. These operating systems were designed over two decades ago, when garbage-collected applications were not prevalent and users interacted with systems using consoles and command lines, rather than graphical user interfaces. As a result, they fail to allow necessary coordinations among resource management components to ensure consistent performance guarantees. For example, garbage-collected applications cannot adjust themselves to maintain high throughput under dynamic memory pressure, simply because existing virtual memory managers do not collect and expose enough information to them. Furthermore, despite the increasing demand of supporting co-existing interactive applications in desktop environment, resource managers (especially memory and disk I/O) mostly focus on optimizing throughput. They each work independently, ignoring the response time requirements that the CPU scheduler attempts to satisfy. Consequently, pressure on any of these resources can significantly degrade application responsiveness. In order to deliver robust performance to these modern applications, an operating system has to coordinate its resource managers (e.g., CPU, memory, and disk I/O), as well as cooperate with resource managers in the user space, such as the garbage collector and the thread manger. To support garbage-collected applications, we present CRAMM, a system that enables them to predict an appropriate heap size using information supplied by the underlying operating system, allowing them to maintain high throughput in the face of changing memory pressure. To support highly interactive workloads, we present Redline, a system that manages CPU, memory, and disk I/O in an integrated manner. It uses lightweight specifications to drive CPU scheduling and to coordinate memory and disk I/O management to serve the needs of interactive applications. Such coordination enables it to maintain responsiveness in the face of extreme resource contention, without sacrificing resource utilization. We also show that Redline can be used to support response time sensitive multi-threaded server applications. Our experiences and extensive experiments show that we can coordinate resource managers, both inside and outside the operating system, efficiently without destroying the modularity of the existing system. Such coordination prevents resource managers from working at cross purposes, and dramatically improve the performance of applications when facing heavy resource contention, sometimes by orders of magnitude. CPU scheduling Garbage collection I/O management Memory management Operating system Resource management Computer Sciences Systems Architecture
155	Predlog proširenja Android operativnog sistema servisima digitalne televizije / One approach to the extension of Android operating system with digital TV services Lukić Nemanja 02 October 2014 (has links) <p>Ova disertacija se bavi istraživanjem u oblasti integracije servisa digitalne televizije u moderne uređaje potrošačke elektronike. Cilj teze je da razvije pristup za sistemsko proširenje Android operativnog sistema servisima digitalne televizije, i da predloži rešenje koje omogućuje rad u realnom vremenu. Kvalitet rešenja se ocenjuje odgovarajućim metrikama preko ocene kvaliteta implementirane Java objektno orijentisane sprege za TV servise. Osnovni doprinos teze se ogleda u definisanju jedinstvene programske sprege servisa digitalne televizije na platformama koje prate paradigmu virtuelne mašine. Predloženo rešenje omogućuje razvoj aplikacija optimizovanih za izvršavanje na TV uređajima i dalje sprezanje podataka TV servisa sa ostatkom Android ekosistema.</p> / <p>This PhD dissertation addresses the problem of integration of the digital TV services inside modern consumer electronic devices. The main focus of the dissertation is a development of systematic approach for extension of Android operating system with support for digital television. Combined with this, the dissertation describes solution in form of hardware platform with accompanying software that closely follows this approach and achieves real-time performance. Quality of proposed solution is benchmarked using metrics for measuring quality of object-oriented program code. The main contribution of the dissertation is unification of system software API for digital television on Android-based platforms. Proposed solution allows development of TV-centric software capable of real-time performance, and further native integration of data coming from DVB broadcast into Android ecosystem.</p>
156	Architecture de communication générique pour un système de bus du commerce électronique Tagmouti, Siham January 2003 (has links) Mémoire numérisé par la Direction des bibliothèques de l'Université de Montréal. Web operating system Protocoles de communication WOS protocol WOS request protocol Hyper transfer text protocol Multipurpose internet mail extention Extensible markup language Systèmes distribués
157	Hardware and software architecture facilitating the operation by the industry of dynamically adaptable heterogeneous embedded systems. / Architecture matérielle et logicielle favorisant l’exploitation par l’industrie de systèmes embarqués hétérogènes dont le matériel est dynamiquement adaptable Gantel, Laurent 14 January 2014 (has links) Cette thèse s'intéresse à la définition de mécanismes, aussi bien au niveau logiciel que matériel, facilitant la gestion des systèmes-sur-puce hétérogènes et dynamiquement reconfigurable (HRSoC). L'hétérogénéité de ses architectures se manifeste par la présence à la fois de processeurs de calcul généralistes et de modules matériels reconfigurables. L'objectif de cette thèse est de permettre à un développeur d'application de s'abstraire de cette hétérogénéité en ce qui concerne l'allocation des tâches sur les différentes unités de calcul disponibles. Cette abstraction passe par une première phase d'homogénéisation des interfaces utilisateurs (API) et la définition d'un modèle de thread matériel, au même titre qu'il existe des threads logiciels. Cette homogénéisation se poursuit ensuite dans la gestion de ces threads matériels. Nous avons implémenté des services au niveau du système d'exploitation permettant de sauvegarder, préempter, et restaurer le contexte d'un thread matériel. Des outils de conception ont également été développés afin de surpasser le problème de la relocation d'un thread matériel au sein d'un FPGA. Enfin, la dernière étape a été d'étendre l'accès aux services offerts par tous les systèmes d'exploitation distribués au sein de la plateforme à tous les threads s'exécutant sur celle-ci, indépendamment de leur localisation. Ceci a été réalisé via une implémentation originale de l'API MRAPI. Avec ces trois étapes, nous avons apporté une base solide afin, dans le futur, de proposer au développeur un flot de conception dédié aux architectures HRSoC lui permettant de procéder à une exploration architecturale précise de son système. Finalement, afin d'éprouver le fonctionnement de ces mécanismes, nous avons réalisé une plateforme de démonstration sur FPGA Virtex 5 mettant en scène une application de suivi de cibles dynamique. / This thesis aims to define software and hardware mechanisms helping in the management the Heterogeneous and dynamically Reconfigurable Systems-on-Chip (HRSoC). The heterogeneity is due to the presence of general processing units and reconfigurable IPs. Our objective is to provide to an application developer an abstracted view of this heterogeneity, regarding the task mapping on the available processing elements. First, we homogenize the user interface defining a hardware thread model. Then, we pursue with the homogenization of the hardware threads management. We implemented OS services permitting to save and restore a hardware thread context. Conception tools have also been developed in order to overcome the relocation issue. The last step consisted in extending the access to the distributed OS services to every thread running on the platform. This access is provided independently from the thread location and is is realized implementing the MRAPI API. With these three steps, we build a solid basis to, in future work, provide to the developer, a conception flow dedicated to HRSoC allowing to perform precise architectural space explorations. Finally, to validate these mechanisms, we realize a demonstration platform on a Virtex 5 FPGA running a dynamic tracking application. Architecture multicoeur adaptable Fpga Système-sur-puce Reconfiguration dynamique partielle Système d'exploitation Tâche matérielle Adaptable multicore platform Fpga System-on-Chip Partially dynamic reconfiguration Operating System Hardware task
158	Alocação de tarefas para a coordenação de robôs heterogêneos aplicados a agricultura de precisão / Task allocation for the coordination heterogeneous robots applied to precision agriculture Fraccaroli, Eduardo Sacogne 05 December 2017 (has links) O Brasil é uma referência mundial na produção e exportação de citros, entretanto esse cultivo pode sofrer diversos problemas e perdas de produtividade por motivos diversos, como por exemplo, pragas. Para reduzir os riscos e perdas, torna-se interessante o uso de sistemas automatizados de monitoramento, justificando a necessidade de realizar a coleta de dados para determinar diversos fatores. Determinadas plantações, como a de citros, não podem ser monitoradas somente via solo ou somente via imagens aéreas, tornando necessário mesclar ambas as abordagens de acordo com o parâmetro a ser monitorado. Para a realização desse monitoramento devem ser utilizados robôs com habilidades distintas, robôs aéreos e robôs terrestres. Assim, é preciso designar as tarefas que cada robô realizará e também coordenar todos os robôs durante a execução do sistema como um todo, visando otimizar o processo de coleta de dados. Esse problema pode ser analisado e modelado como um problema de alocação de tarefas para robôs (Multi-Robot Task Allocation (MRTA)). Para resolver esse problema propõe-se um framework baseado em técnicas de cobertura de conjuntos e em mecanismo de mercado baseado em leilão. Teste simulados são realizados e demonstram que a presente proposta cumpre o papel na alocação das tarefas aos robôs. Além disso, visando a aplicação da solução proposta é projetado e desenvolvido uma plataforma robótica aérea (quadrirotor) de baixo custo utilizando peças prototipadas. Para o controle de estabilidade dessa plataforma, propõe-se um modelo matemático de acordo com os parâmetros inerciais do quadrirotor. Esse quadrirotor é utilizado em diversas aplicações reais, mostrando que o projeto desenvolvido pode ser reproduzido e destinado a execução de tarefas reais, como por exemplo a coleta de dados na agricultura de precisão. / Brazil is a world reference in the production and export of citrus, although this crop can suffer several problems and losses of productivity for diverse reasons, as for example, pests. In order to reduce risks and losses, it is interesting to use automated monitoring systems, justifying the need to perform data collection to determine several factors. Certain plantations, such as citrus plantations, can not be monitored only via soil or only via aerial images, making it necessary to merge both approaches according to the parameter to be monitored. To perform this monitoring, robots with different abilities, such asunmanned aerial vehicle (UAV) and unmanned ground vehicle (UCV) should be used. Therefore, it is necessary to assign the tasks that each robot will perform and also to coordinate all the robots during the execution of the system as a whole, in order to optimize the process of data collection. The problem can be studied and modeled as a task allocation problem for robots (MRTA). To solve this problem we propose a framework based set covering techniques and auction-based market mechanism. Simulated tests are performed and demonstrate that the present proposal fulfills the role in assigning tasks to robots. In addition, aiming at the application of the proposed solution is designed and developed a low cost aerial robotic platform (quadrirotor) which use prototyped parts. This quadrirotor is used in several real applications, showing that the developed project can be reproduced and destined to perform real tasks, such as data collection in precision agriculture. Agricultura de Precisão Alocação de Tarefas Heterogeneous Robots MD-MTSP MD-MTSP Precision Agriculture Quadrirotor Quadrotor Robôs Heterogêneos Robot Operating System (ROS) ROS Task Allocation
159	Securing embedded systems based on FPGA technologies / Sécurisation des systèmes embarqués basés sur les technologies FPGA Devic, Florian 06 July 2012 (has links) Les systèmes embarqués peuvent contenir des données sensibles. Elles sont généralement échangées en clair entre le système sur puces et la mémoire, mais aussi en interne. Cela constitue un point faible: un attaquant peut observer cet échange et récupérer des informations ou insérer du code malveillant. L'objectif de la thèse est de fournir une solution dédiée et adaptée à ces problèmes en considérant l'intégralité de la durée de vie du système embarqué (démarrage, mises à jour et exécution) et l'intégralité des données (bitstream du FPGA, noyau du système d'exploitation, code et données critiques). En outre, il est nécessaire d'optimiser les performances des mécanismes matériels de sécurité introduits afin de correspondre aux attentes des systèmes embarqués. Cette thèse se distingue en proposant des solutions innovantes et adaptées au monde des FPGAs. / Embedded systems may contain sensitive data. They are usually exchanged in plaintext between the system on chips and the memory, but also internally. This is a weakness: an attacker can spy this exchange and retrieve information or insert malicious code. The aim of the thesis is to provide a dedicated and suitable solution for these problems by considering the entire lifecycle of the embedded system (boot, updates and execution) and all the data (FPGA bitstream, operating system kernel, critical data and code). Furthermore, it is necessary to optimize the performance of hardware security mechanisms introduced to match the expectations of embedded systems. This thesis is distinguished by offering innovative and suitable solutions for the world of FPGAs. Fpga Architecture reconﬁgurable Attaque par rejeu Boot Système d’exploitation embarqué Reconﬁguration dynamique partielle Fpga Reconﬁgurable architecture Replay attack Boot Embedded operating system Dynamic partial reconﬁguration
160	Slide to unlock: um estudo das táticas de resistência cotidiana dos usuários do ecossistema iOS/Apple Souza, Rosana Vieira de 16 December 2014 (has links) Submitted by Maicon Juliano Schmidt (maicons) on 2015-05-27T17:15:58Z No. of bitstreams: 1 Rosana Vieira de Souza.pdf: 10043069 bytes, checksum: 6a54f6c82f32e484efaa1ed37e7a5541 (MD5) / Made available in DSpace on 2015-05-27T17:15:58Z (GMT). No. of bitstreams: 1 Rosana Vieira de Souza.pdf: 10043069 bytes, checksum: 6a54f6c82f32e484efaa1ed37e7a5541 (MD5) Previous issue date: 2014-12-16 / FORD - Programa Internacional de Bolsas de Pós-Graduação da Fundação Ford / O objetivo geral deste estudo é compreender de que forma vêm sendo articuladas táticas de resistência cotidiana dos usuários do ecossistema iOS/Apple. De forma específica, buscamos (1) identificar em que medida os usuários destes sistemas percebem limitações na sua apropriação; (2) compreender como são manifestadas táticas de resistência cotidiana entre diferentes grupos de usuários do ecossistema iOS; (3) discutir possíveis fatores moderadores da percepção de limitações e das táticas de resistência; e (4) compreender de que forma o iOS atua em conjunto com estratégias corporativas de controle da experiência de consumo. Ao longo da trajetória da computação pessoal e da internet, a noção de “abertura” constituiu um valor central na experiência do usuário. O PC conectado e aberto a softwares criados por terceiros se consolidou como artefato generativo em essência (ZITTRAIN, 2006). Sua arquitetura flexível permitia ao usuário alterar os propósitos de usos ao longo da apropriação, para além das configurações imaginadas pelas empresas que os comercializavam. Propomos, assim, uma reflexão acerca do crescente protagonismo de ambientes menos generativos, como é o caso do ecossistema iOS, da Apple. Em conjunto, tecnologia e estratégia promovem o discurso de prover experiências mais personalizadas, otimizadas, estáveis e seguras, pois a generatividade deixa de ser espaço de criação do usuário para ser sinônimo de vulnerabilidade. A partir da Teoria Fundamentada (STRAUSS e CORBIN, 1990) com o auxílio de entrevistas em profundidade, investigamos quatro grupos de usuários: Fanboys, Usuário Padrão, Jailbreakers e Desertores. Os resultados oferecem indícios de que as manifestações e a intensidade da resistência são moderadas pelo envolvimento com a Apple e pela presença do ecossistema de produtos. / The aim of this study is to understand how the users articulate tactics of everyday resistance to iOS/Apple ecosystem. Specifically, we sought to (1) identify the extent to which the users of those systems are aware of its restrictions; (2) understand how tactics of everyday resistance are manifested among different groups of iOS ecosystem users; (3) discuss possible moderating factors of the perceived limitations and resistance tactics; and (4) understand how the iOS interacts with corporate strategies as a way to control the consumer experience. Along the history of personal computing and the Internet, the idea of "openness" has been a core value in the user experience. The connected PC was opened to softwares created by third parties and constituted a generative device in essence (Zittrain, 2006). Its flexible architecture allowed the user to change the purposes of use beyond the scripts defined by companies. Thus, we propose a discussion on the growing importance of less generative environments such as the Apple's iOS ecosystem. Together, technology and strategy promote the discourse of providing more personalized, optimized, stable, and secured experiences, since generativity is no longer a space for creativity to become synonymous with vulnerability. The study is based on the Grounded Theory (Strauss and Corbin, 1990) through in-depth interviews with four user groups: Fanboys, Standard User, Jailbreakers and Deserters. The present results provide evidence for a moderator role of the involvement with Apple and the ecosystem presence in the manifestation and intensity of resistance. Resistência cotidiana Generatividade Sistema operacional Contracultura Ecossistema digital Apple Everyday resistance Generativity Operating system Counterculture Digital ecosystem

Search results