Global ETD Search

321	Resource Allocation and End-to-End Quality of Service for Cellular Communications Systems in Congested and Contested Environments Ghorbanzadeh, Mohammad 09 December 2015 (has links) This research addresses the concept of radio resource allocation for cellular communications systems operating in congested and contested environments with an emphasis on end-to-end quality of service (QoS). The radio resource allocation is cast under a proportional fairness formulation which translates to a convex optimization problem. Moreover, the resource allocation scheme considers subscription-based and traffic differentiation in order to meet the QoS requirements of the applications running on the user equipment in the system. The devised resource allocation scheme is realized through a centralized and a distributed architecture and solution algorithms for the aforementioned architectures is derived and implemented in the mobile devices and the base stations. The sensitivity of the resource allocation scheme to the temporal dynamics of the quantity of the users in the system is investigated. Furthermore, the sensitivity of the resource allocation scheme to the temporal dynamics in the application usage percentages is accounted for. In addition, a transmission overhead of the centralized and distributed architectures for the resource allocation schemes is performed. Furthermore, the resource allocation scheme is modified to account for a possible additive bandwidth done through spectrum sharing in congested and contested environments, in particular spectrally coexistent radar systems. The radar-spectrum additive portion is devised in a way to ensure fairness of the allocation, high bandwidth utilization, and interference avoidance. In order to justify the aforesaid modification, the interference from radar systems into the Long Term Evolution (LTE) as the predominant 4G technology is studies to confirm the possibility of the spectrum sharing. The preceding interference analysis contains a detailed simulation of radar systems, propagation path loss models, and a third generation partnership project compliant LTE system. The propagation models are Free Space Path Loss (FSPL) and Irregular Terrain Model (ITM). The LTE systems under consideration are macro cell, outdoor small cells, and indoor small cells. Furthermore, the resource allocation under channel consideration is formalized such that the resources are allocated under a congested environment and based on the quality of channel the users have in the network as well as the quality of service requirements of the applications running on the mobile devices. / Ph. D. Resource Allocation Radio Resource Blocks Discrete Optimization Quality of Service (QoS) Secure Auctions LTE Convex Optimization Radar Spectrum Sharing Channel Conditions.
322	Metodología para hipervisores seguros utilizando técnicas de validación formal Peiró Frasquet, Salvador 29 April 2016 (has links) [EN] The availability of new processors with more processing power for embedded systems has raised the development of applications that tackle problems of greater complexity. Currently, the embedded applications have more features, and as a consequence, more complexity. For this reason, there exists a growing interest in allowing the secure execution of multiple applications that share a single processor and memory. In this context, partitioned system architectures based on hypervisors have evolved as an adequate solution to build secure systems. One of the main challenges in the construction of secure partitioned systems is the verification of the correct operation of the hypervisor, since, the hypervisor is the critical component on which rests the security of the partitioned system. Traditional approaches for Validation and Verification (V&V), such as testing, inspection and analysis, present limitations for the exhaustive validation and verification of the system operation, due to the fact that the input space to validate grows exponentially with respect to the number of inputs to validate. Given this limitations, verification techniques based in formal methods arise as an alternative to complement the traditional validation techniques. This dissertation focuses on the application of formal methods to validate the correctness of the partitioned system, with a special focus on the XtratuM hypervisor. The proposed methodology is evaluated through its application to the hypervisor validation. To this end, we propose a formal model of the hypervisor based in Finite State Machines (FSM), this model enables the definition of the correctness properties that the hypervisor design must fulfill. In addition, this dissertation studies how to ensure the functional correctness of the hypervisor implementation by means of deductive code verification techniques. Last, we study the vulnerabilities that result of the loss of confidentiality (CWE-200 [CWE08b]) of the information managed by the partitioned system. In this context, the vulnerabilities (infoleaks) are modeled, static code analysis techniques are applied to the detection of the vulnerabilities, and last the proposed techniques are validated by means of a practical case study on the Linux kernel that is a component of the partitioned system. / [ES] La disponibilidad de nuevos procesadores más potentes para aplicaciones empotradas ha permitido el desarrollo de aplicaciones que abordan problemas de mayor complejidad. Debido a esto, las aplicaciones empotradas actualmente tienen más funciones y prestaciones, y como consecuencia de esto, una mayor complejidad. Por este motivo, existe un interés creciente en permitir la ejecución de múltiples aplicaciones de forma segura y sin interferencias en un mismo procesador y memoria. En este marco surgen las arquitecturas de sistemas particionados basados en hipervisores como una solución apropiada para construir sistemas seguros. Uno de los principales retos en la construcción de sistemas particionados, es la verificación del correcto funcionamiento del hipervisor, dado que es el componente crítico sobre el que descansa la seguridad de todo el sistema particionado. Las técnicas tradicionales de V&V, como testing, inspección y análisis, presentan limitaciones para la verificación exhaustiva del comportamiento del sistema, debido a que el espacio de entradas a verificar crece de forma exponencial con respecto al número de entradas a verificar. Ante estas limitaciones las técnicas de verificación basadas en métodos formales surgen como una alternativa para completar las técnicas de validación tradicional. Esta disertación se centra en la aplicación de métodos formales para validar la corrección del sistema particionado, en especial del hipervisor XtratuM. La validación de la metodología se realiza aplicando las técnicas propuestas a la validación del hipervisor. Para ello, se propone un modelo formal del hipervisor basado en máquinas de autómatas finitos, este modelo formal permite la definición de las propiedades que el diseño hipervisor debe cumplir para asegurar su corrección. Adicionalmente, esta disertación analiza cómo asegurar la corrección funcional de la implementación del hipervisor por medio de técnicas de verificación deductiva de código. Por último, se estudian las vulnerabilidades de tipo information leak (CWE-200 [CWE08b]) debidas a la perdida de la confidencialidad de la información manejada en el sistema particionado. En este ámbito se modelan las vulnerabilidades, se aplican técnicas de análisis de código para la detección de vulnerabilidades en base al modelo definido y por último se valida la técnica propuesta por medio de un caso práctico sobre el núcleo del sistema operativo Linux que forma parte del sistema particionado. / [CA] La disponibilitat de nous processadors amb major potencia de còmput per a aplicacions empotrades ha permès el desenvolupament de aplicacions que aborden problemes de major complexitat. Degut a açò, les aplicacions empotrades actualment tenen més funcions i prestacions, i com a conseqüència, una major complexitat. Per aquest motiu, existeix un interès creixent en per permetre la execució de múltiples aplicacions de forma segura i sense interferències en un mateix processador i memòria. En aquest marc sorgeixen les arquitectures de sistemes particionats basats en hipervisors com una solució apropiada per a la construcció de sistemes segurs Un dels principals reptes en la construcció de sistemes particionats, es la verificació del correcte funcionament del hipervisor, donat que aquest es el component crític sobre el que descansa la seguretat del sistema particionat complet. Les tècniques tradicionals de V&V, com són el testing, inspecció i anàlisi, presenten limitacions que fan impracticable la seva aplicació per a la verificació exhaustiva del comportament del sistema, degut a que el espai de entrades a verificar creix de forma exponencial amb el nombre de entrades a verificar. Front a aquestes limitacions les tècniques de verificació basades en mètodes formals sorgeixen com una alternativa per a completar les tècniques de validació tradicional. Aquesta dissertació es centra en la aplicació de mètodes formals per a validar la correcció del sistema particionat, en especial d del hipervisor XtratuM. La validació de la metodología es realitza aplicant les tècniques proposades a la validació del hipervisor. Per a aquest fi, es proposa un model formal del hipervisor basat en màquines de estats finits (FSM), aquest model formal permet la definició de les propietats que el disseny del hipervisor deu de complir per assegurar la seva correcció. Addicionalment, aquesta dissertació analitza com assegurar la correcció funcional de la implementació del hipervisor mitjançant tècniques de verificació deductiva de codi. Per últim, s'estudien les vulnerabilitats de tipus information leak (CWE-200 [CWE08b]) degudes a la pèrdua de la confidencialitat de la informació gestionada per el sistema particionat. En aquest àmbit, es modelen les vulnerabilitats, s'apliquen tècniques de anàlisis de codi per a la detecció de les vulnerabilitats en base al model definit, per últim es valida la tècnica proposada mitjançant un cas pràctic sobre el nucli del sistema operatiu Linux que forma part de l'arquitectura particionada. / Peiró Frasquet, S. (2016). Metodología para hipervisores seguros utilizando técnicas de validación formal [Tesis doctoral]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/63152 Partitioned system Hypervisor Formal methods Security Validation and verification
323	Trusted Software Updates for Secure Enclaves in Industrial Control Systems Gunjal, Abhinav Shivram 18 September 2017 (has links) Industrial Control Systems (ICSs) manage critical infrastructures such as water treatment facilities, petroleum refineries, and power plants. ICSs are networked through Information Technology (IT) infrastructure for remote monitoring and control of physical processes. As ICSs integrate with IT infrastructure, IT vulnerabilities are carried over to the ICS environment. Previously proposed process controller security architectures maintain safe and stable plant operation even in the presence of attacks that exploit ICS vulnerabilities. Security architectures are process control system-level solutions that leverage isolated and trusted hardware (secure enclaves) for ICS security. Upon detecting an intrusion, the secure enclave switches control of the physical process to a high assurance controller, making a fail-safe plant operation. The process control loop components have an average lifespan of several decades. During this time, electromechanical components of process control loop may undergo aging that alters their characteristics and affects control loop performance. To deal with component aging and to improve control algorithm flexibility, updates to control loop parameters are required. Plant model, process control loop system specifications, and control algorithm-based security mechanisms at the secure enclave require parameter updates. ICSs have hundreds of process control components that may need be installed in hazardous environments and distributed across hundreds of square kilometers. Updating each component physically may lead to accidents, expensive travel, and increased downtime. Some ICS have allowable downtime of only 5 minutes per year. Hence, remote updates are desirable. A proposed dedicated and isolated hardware module at the secure enclave provides authentication of the update and ensures safe storage in a non-volatile memory. A protocol designed for update transmission through an untrusted ICS network provides resilience against network integrity attacks such as replay attacks. Encryption and authentication of the updates maintain integrity and confidentiality. During the normal plant operation, the hardware module is invisible to the other modules of the process control loop. The proposed solution is implemented on Xilinx Zynq-7000 programmable System-on-Chip to provide secure enclave updates. / Master of Science / Industrial Control Systems (ICSs) manage critical infrastructures such as water treatment facilities, petroleum refineries, and power plants. ICS process controllers interpret sensor output and depending on the set point, generate input signals for the actuator to control physical processes. The process controllers receive set points and periodically send process state to the supervisory network. For remote monitoring and control of physical processes, ICSs are networked through Information Technology (IT) infrastructure. As ICSs integrate with IT infrastructure, IT vulnerabilities are carried over to the ICS environment. Previously proposed process controller security architectures maintain safe and stable plant operation even in the presence of attacks that exploit ICS vulnerabilities. Security architectures are process control system-level solutions that leverage isolated and trusted hardware (secure enclaves) for ICS security. Upon detecting an intrusion, the secure enclave switches control of the physical process to a high assurance controller, making a fail-safe plant operation. The process control loop components have an average lifespan of several decades. During this time, electromechanical components of process control loop may undergo aging that alters their characteristics and affects control loop performance. To deal with component aging and to improve control algorithm flexibility, updates to control loop parameters are required. Plant model, process control loop system specifications, and control algorithm-based security mechanisms at the secure enclave require parameter updates. ICSs have hundreds of process control components that may need be installed in hazardous environments and distributed across hundreds of square kilometers. Updating each component physically may lead to accidents, expensive travel, and increased downtime. Some ICS have allowable downtime of only 5 minutes per year. Hence, remote updates are desirable. A proposed dedicated and isolated hardware module at the secure enclave provides authentication of the update and ensures safe storage in a non-volatile memory. A protocol designed for update transmission through an untrusted ICS network provides resilience against network integrity attacks such as replay attacks. Encryption and authentication of the updates maintain integrity and confidentiality. During the normal plant operation, the hardware module is invisible to the other modules of the process control loop. The proposed solution is implemented on Xilinx Zynq-7000 programmable System-on-Chip to provide secure enclave updates. Industrial control systems programmable logic controller industrial control systems security secure enclaves software updates configurable system-on-chip
324	Securing Software Intellectual Property on Commodity and Legacy Embedded Systems Gora, Michael Arthur 25 June 2010 (has links) The proliferation of embedded systems into nearly every aspect of modern infrastructure and society has seen their deployment in such diverse roles as monitoring the power grid and processing commercial payments. Software intellectual property (SWIP) is a critical component of these increasingly complex systems and represents a significant investment to its developers. However, deeply immersed in their environment, embedded systems are difficult to secure. As a result, developers want to ensure that their SWIP is protected from being reverse engineered or stolen by unauthorized parties. Many techniques have been proposed to address the issue of SWIP protection for embedded systems. These range from secure memory components to complete shifts in processor architectures. While powerful, these approaches often require the development of systems from the ground up or the application of specialized and often expensive hardware components. As a result they are poorly suited to address the security concerns of legacy embedded systems or systems based on commodity components. This work explores the protection of SWIP on heavily constrained, legacy and commodity embedded systems. We accomplish this by evaluating a generic embedded system to identify the security concerns in the context of SWIP protection. The evaluation is applied to determine the limitations of a software only approach on a real world legacy embedded system that lacks any specialized security hardware features. We improve upon this system by developing a prototype system using only commodity components. Finally we propose a Portable Embedded Software Intellectual Property Security (PESIPS) system that can easily be deployed as a framework on both legacy and commodity systems. / Master of Science Secure Embedded Systems Software Intellectual Property Firmware Security Field programmable gate arrays Design Flow Physical Unclonable Function
325	Enhancing Trust in Reconfigurable Hardware Systems Venugopalan, Vivek 01 March 2017 (has links) A Cyber-Physical System (CPS) is a large-scale, distributed, embedded system, consisting of various components that are glued together to realize control, computation and communication functions. Although these systems are complex, they are ubiquitous in the Internet of Things (IoT) era of autonomous vehicles/drones, smart homes, smart grids, etc. where everything is connected. These systems are vulnerable to unauthorized penetration due to the absence of proper security features and safeguards to protect important information. Examples such as the typewriter hack involving subversive chips resulting in leakage of keystroke data and hardware backdoors crippling anti-aircraft guns during an attack demonstrate the need to protect all system functions. With more focus on securing a system, trust in untrusted components at the integration stage is of a higher priority. This work builds on a red-black security system, where an architecture testbed is developed with critical and non-critical IP cores and subjected to a variety of Hardware Trojan Threats (HTTs). These attacks defeat the classic trusted hardware model assumptions and demonstrate the ability of Trojans to evade detection methods based on physical characteristics. A novel metric is defined for hardware Trojan detection, termed as HTT Detectability Metric (HDM) that leverages a weighted combination of normalized physical parameters. Security analysis results show that using HDM, 86% of the implemented Trojans were detected as compared to using power consumption, timing variation and resource utilization alone. This led to the formulation of the security requirements for the development of a novel, distributed and secure methodology for enhancing trust in systems developed under untrusted environments called FIDelity Enhancing Security (FIDES). FIDES employs a decentralized information flow control (DIFC) model that enables safe and distributed information flows between various elements of the system such as IP cores, physical memory and registers. The DIFC approach annotates/tags each data item with its sensitivity level and the identity of the participating entities during the communication. Trust enhanced FIDES (TE-FIDES) is proposed to address the vulnerabilities arising from the declassification process during communication between third-party soft IP cores. TE-FIDES employs a secure enclave approach for preserving the confidentiality of the sensitive information in the system. TE-FIDES is evaluated by targeting an IoT-based smart grid CPS application, where malicious third-party soft IP cores are prevented from causing a system blackout. The resulting hardware implementation using TE-FIDES is found to be resilient to multiple hardware Trojan attacks. / Ph. D. / The Internet-of-Things (IoT) has emerged as one of the most innovative multidisciplinary paradigms combining heterogeneous sensors, software architectures, embedded hardware systems, and data analytics. With the growth in deployment of IoT systems, security of the sensors and trustworthiness of the data exchanged is of paramount significance. IoT security approaches are derived from the vulnerabilities existing in cyber-physical systems (CPS) and the countermeasures designed against them. An unauthorized penetration due to the absence of safeguards can cripple the system and leak sensitive data. This dissertation studies the vulnerabilities posed due to the presence of hardware Trojans in such IoT-based CPS. FIDelity Enhancing Security (FIDES), named after the Greek Goddess of Trust, is a novel, distributed and secure methodology proposed to address the security requirements and enhance trust of systems developed in untrusted environments. FIDES utilizes a distributed scheme that monitors the communication between the Intellectual Property (IP) cores using tags. Trust Enhanced FIDES (TE-FIDES) is proposed to reduce the vulnerabilities arising from the declassification process of the third-party soft IP cores. TE-FIDES employs a secure enclave approach for preserving the integrity of the sensitive information in the system. In addition, TE-FIDES also uses a trust metric to record snapshots of each IP core’s state during the declassification process. TE-FIDES is evaluated by mapping an IoT-based CPS application and subjecting it to a variety of hardware Trojan attacks. The performance costs for resilient and trustworthy operation of the TE-FIDES implementation are evaluated and TE-FIDES proves to be resilient to the attacks with acceptable cyber costs. Secure Computing Trusted Computing Resilient Computing Root of Trust Hardware Trojans Cyber Physical System Security Embedded Systems Reconfigurable Hardware
326	Usage and Adoption of Patient Portals Velverthi, Navya Reddy 07 1900 (has links) It is crucial to understand how patient portals are used and adopted among different population groups. This dissertation follows a traditional 5-chapter format that includes three studies with the results of each study presented in an essay format. The first essay provides a systematic literature review of existing research on patient portal adoption, barriers, and predictors. This review reveals a gap in knowledge regarding emerging adults who are transitioning from adult care to self-care settings. The second essay presents an emerging adult patient portal behavioral model, which identifies the factors that impact patient portal usage. Finally, the third essay focuses on patient's trust in providers in secure messaging, which is one of the features available through patient portals. The results of Essay 1 revealed gaps in the literature, highlighting the need for understanding the perceptions of different subgroups of the population towards patient portals to promote their meaningful use. The findings from Essay 2 show that perceived risk and perceived usefulness are significant determinants affecting the behavioral intentions of emerging adults toward the usage of patient portals. Essay 3 describes how information reliability, structural assurance, persuasiveness, perceived ease-of-use, and patients' trusting beliefs in providers are related to the patient's intentions to use secure messaging and patient portals. In addition to addressing existing research gaps, the results of the research in this dissertation inform healthcare providers and developers on how to improve patient portal adoption. By identifying the factors that impact patient portal usage, healthcare providers can optimize the benefits of patient portals for patients and healthcare organizations. Additionally, understanding patients' trust in providers in secure messaging can help improve communication and further lead to better health outcomes. Patient portals health information technology adoption and use secure messaging emerging adults. Information Science Psychology, Behavioral Health Sciences, Health Care Management
327	Metableties-eksemplariese deurskouing van die ontheemdingsverskynsel en die agogiese betekenis daarvan Swanepoel, Johan Isak 06 1900 (has links) The phenomenon of alienation is closely related to the current morality crisis as it affects the very core of man's being. It appears that this phenomenon is not only a contemporary problem. It is as old as civilization itself, although its manifestation had taken on different forms in different eras. In this study alienation is analysed in time perspective. The following exponents pertaining to this phenomenon are examined closely: Plotinus, Hegel, Feuerbach, Marx, Durkheim, Fromm and the contemporary society. In the contemporary situation alienation manifests in various ways within the family and society. The disintegration of the family is escalating. More children are abused in a childhostile society. The generation gap is widening and suicide amongst teenagers is increasing. Man becomes more lonely and experiences an identity crisis from which he tries to escape by means of narcissism. Possible contributing factors to the above-mentioned are secularisation, nihilism, urbanisation and the negative influence of science and technology. The need of contemporary society cannot be realized without knowledge pertaining to the nature and essential characteristics of alienation. An accountable mode of thought grounded in time and space can be utilised towards bringing man to his senses. In attempting to establish authentic thought and accompaniment the reflective mode of thought can be implemented by the agogoque to take a stand against the degraded view o( man and world. This could result in man regaining a sense of security and could possibly lead to establishing an authentic world-view, mode of thought and accompaniment. / Die aktualiteit van die ontheemdingsverskynsel hang ten nouste met die moraliteitskrisis saam waarin die eietydse beskawing horn bevind, want dit raak die mens in sy diepste wese. Die ontheemdingsverskynsel is egter nie net 'n eietydse probleem nie, maar manifesteer verskillend in verskillende tydperke en dateer sover as die ontstaan van die beskawing self terug. Hierdie studie word vanuit 'n tydsperspektief belig. Die volgende eksponente met betrekking tot hierdie verskynsel sal noukeurig ondersoek word: Plotinus, Hegel, Feuerbach, Marx, Durkheim, Fromm en die eietydse bestel. In die eietyd manifesteer ontheemding op verskeie maniere in die gesin en samelewing. Gesinsverbrokkeling neem toe en kinders word al meer in 'n kind-vyandige samelewing verwerp. Die generasiegaping word groter en tienerselfmoord kom toenemend voor. Die vereensaamde mens beleef 'n identiteitskrisis en soek in narcisme ontvlugting. Moontlike oorsaaklike faktore vir bogenoemde is sekularisasie, nihilisme, verstedeliking en die negatiewe invloed van die wetenskap en tegnologie. Die nood waarin die eietydse samelewing horn bevind, kan nie sonder kennis van die aard en die wese wat kenmerkend van die ontheemdingsverskynsel is, besef word me. 'n Verantwoordbare denkweg wat in die tydlikheid en ruimtelikheid begrond is, hied die moontlikheid om die mens tot besinning te bring. Hierdie besinnende denkweg waarin die agogieker teen die gedegradeerde mens- en wereldbeskouing standpunt inneem, kan as korrektief dien en tot outentieke denke en begeleiding aanleiding gee. Dan sal die ontheemde mens weer die nodige geborgenheid ervaar en sal dit moontlik wees om weer outentiek wereld te konstitueer, te leef, te <link en te begelei. / D.Litt. et Phil. (History of Education) Alienation Disintegration of the family Secularization Nihilism Reflective mode of thought A secure future Accompaniment by an agogoque 302.544 Urbanization Narcissism Nihilism Alienation (Social psychology) Secularization Families
328	Secure Communication in a Multi-OS-Environment Bathe, Shivraj Gajanan 02 February 2016 (has links) (PDF) Current trend in automotive industry is moving towards adopting the multicore microcontrollers in Electronic Control Units (ECUs). Multicore microcontrollers give an opportunity to run a number of separated and dedicated operating systems on a single ECU. When two heterogeneous operating systems run in parallel on a multicore environment, the inter OS communication between these operating systems become the key factor in the overall performance. The inter OS communication based on shared memory is studied in this thesis work. In a setup where two operating systems namely EB Autocore OS which is based on AUTomotive Open System Architecture standard and Android are considered. Android being the gateway to the internet and due to its open nature and the increased connectivity features of a connected car, many attack surfaces are introduced to the system. As safety and security go hand in hand, the security aspects of the communication channel are taken into account. A portable prototype for multi OS communication based on shared memory communication with security considerations is developed as a plugin for EB tresos Studio. AUTOSAR Android Linux Multi-OS Umgebung Multicore-Mikrocontroller Multi OS Communication Shared memory communication Secure channel AUTOSAR Android Linux ddc:004 Informatik AUTOSAR LINUX
329	Untersuchungen zur Risikominimierungstechnik Stealth Computing für verteilte datenverarbeitende Software-Anwendungen mit nutzerkontrollierbar zusicherbaren Eigenschaften / Investigations of the risk minimisation technique Stealth Computing for distributed data-processing software applications with user-controllable guaranteed properties Spillner, Josef 05 July 2016 (has links) (PDF) Die Sicherheit und Zuverlässigkeit von Anwendungen, welche schutzwürdige Daten verarbeiten, lässt sich durch die geschützte Verlagerung in die Cloud mit einer Kombination aus zielgrößenabhängiger Datenkodierung, kontinuierlicher mehrfacher Dienstauswahl, dienstabhängiger optimierter Datenverteilung und kodierungsabhängiger Algorithmen deutlich erhöhen und anwenderseitig kontrollieren. Die Kombination der Verfahren zu einer anwendungsintegrierten Stealth-Schutzschicht ist eine notwendige Grundlage für die Konstruktion sicherer Anwendungen mit zusicherbaren Sicherheitseigenschaften im Rahmen eines darauf angepassten Softwareentwicklungsprozesses. / The security and reliability of applications processing sensitive data can be significantly increased and controlled by the user by a combination of techniques. These encompass a targeted data coding, continuous multiple service selection, service-specific optimal data distribution and coding-specific algorithms. The combination of the techniques towards an application-integrated stealth protection layer is a necessary precondition for the construction of safe applications with guaranteeable safety properties in the context of a custom software development process. Cloud Computing sichere Cloud-Anwendungen zuverlässige Cloud-Datenverarbeitung cloud computing secure cloud applications reliable cloud data processing ddc:004 rvk:ST 277 Internet Verteiltes System Softwarearchitektur
330	Edge criticality in secure graph domination De Villiers, Anton Pierre 12 1900 (has links) Thesis (PhD)--Stellenbosch University, 2014. / ENGLISH ABSTRACT: The domination number of a graph is the cardinality of a smallest subset of its vertex set with the property that each vertex of the graph is in the subset or adjacent to a vertex in the subset. This graph parameter has been studied extensively since its introduction during the early 1960s and finds application in the generic setting where the vertices of the graph denote physical entities that are typically geographically dispersed and have to be monitored efficiently, while the graph edges model links between these entities which enable guards, stationed at the vertices, to monitor adjacent entities. In the above application, the guards remain stationary at the entities. In 2005, this constraint was, however, relaxed by the introduction of a new domination-related parameter, called the secure domination number. In this relaxed, dynamic setting, each unoccupied entity is defended by a guard stationed at an adjacent entity who can travel along an edge to the unoccupied entity in order to resolve a security threat that may occur there, after which the resulting configuration of guards at the entities is again required to be a dominating set of the graph. The secure domination number of a graph is the smallest number of guards that can be placed on its vertices so as to satisfy these requirements. In this generalised setting, the notion of edge removal is important, because one might seek the cost, in terms of the additional number of guards required, of protecting the complex of entities modelled by the graph if a number of edges in the graph were to fail (i.e. a number of links were to be eliminated form the complex, thereby disqualifying guards from moving along such disabled links). A comprehensive survey of the literature on secure graph domination is conducted in this dissertation. Descriptions of related, generalised graph protection parameters are also given. The classes of graphs with secure domination number 1, 2 or 3 are characterised and a result on the number of defenders in any minimum secure dominating set of a graph without end-vertices is presented, after which it is shown that the decision problem associated with computing the secure domination number of an arbitrary graph is NP-complete. Two exponential-time algorithms and a binary programming problem formulation are presented for computing the secure domination number of an arbitrary graph, while a linear algorithm is put forward for computing the secure domination number of an arbitrary tree. The practical efficiencies of these algorithms are compared in the context of small graphs. The smallest and largest increase in the secure domination number of a graph are also considered when a fixed number of edges are removed from the graph. Two novel cost functions are introduced for this purpose. General bounds on these two cost functions are established, and exact values of or tighter bounds on the cost functions are determined for various infinite classes of special graphs. Threshold information is finally established in respect of the number of possible edge removals from a graph before increasing its secure domination number. The notions of criticality and stability are introduced and studied in this respect, focussing on the smallest number of arbitrary edges whose deletion necessarily increases the secure domination number of the resulting graph, and the largest number of arbitrary edges whose deletion necessarily does not increase the secure domination number of the resulting graph. / AFRIKAANSE OPSOMMING: Die dominasiegetal van ’n grafiek is die kardinaalgetal van ’n kleinste deelversameling van die grafiek se puntversameling met die eienskap dat elke punt van die grafiek in die deelversameling is of naasliggend is aan ’n punt in die deelversameling. Hierdie grafiekparameter is sedert die vroeë 1960s uitvoerig bestudeer en vind toepassing in die generiese situasie waar die punte van die grafiek fisiese entiteite voorstel wat tipies geografies verspreid is en doeltreffend gemonitor moet word, terwyl die lyne van die grafiek skakels tussen hierdie entiteite voorstel waarlangs wagte, wat by die entiteite gebaseer is, naasliggende entiteite kan monitor. In die bogenoemde toepassing, bly die wagte bewegingloos by die fisiese entiteite waar hulle geplaas word. In 2005 is hierdie beperking egter verslap met die daarstelling van ’n nuwe dominasie-verwante grafiekparameter, bekend as die sekure dominasiegetal. In hierdie verslapte, dinamiese situasie word elke punt sonder ’n wag deur ’n wag verdedig wat by ’n naasliggende punt geplaas is en wat langs die verbindingslyn na die leë punt kan beweeg om daar ’n bedreiging te neutraliseer, waarna die gevolglike plasing van wagte weer ’n dominasieversameling van die grafiek moet vorm. Die sekure dominasiegetal van ’n grafiek is die kleinste getal wagte wat op die punte van die grafiek geplaas kan word om aan hierdie vereistes te voldoen. Die beginsel van lynverwydering speel ’n belangrike rol in hierdie veralgemeende situasie, omdat daar gevra mag word na die koste, in terme van die addisionele getal wagte wat vereis word, om die kompleks van entiteite wat deur die grafiek gemodelleer word, te beveilig indien ’n aantal lynfalings in die grafiek plaasvind (m.a.w. indien ’n aantal skakels uit die kompleks van entiteite verwyder word, en wagte dus nie meer langs sulke skakels mag beweeg nie). ’n Omvattende literatuurstudie oor sekure dominasie van grafieke word in hierdie verhandeling gedoen. Beskrywings van verwante, veralgemeende verdedigingsparameters in grafiekteorie word ook gegee. Die klasse van grafieke met sekure dominasiegetal 1, 2 of 3 word gekarakteriseer en ’n resultaat oor die getal verdedigers in enige kleinste sekure dominasieversameling van ’n grafiek sonder endpunte word daargestel, waarna daar getoon word dat die beslissingsprobleem onderliggend aan die berekening van die sekure dominasiegetal van ’n arbitrêre grafiek NP- volledig is. Twee eksponensiële-tyd algoritmes en ’n binêre programmeringsformulering word vir die bepaling van die sekure dominasiegetal van ’n arbitrêre grafiek daargestel, terwyl ’n lineêre algoritme vir die berekening van die sekure dominasiegetal van ’n arbitrêre boom ontwerp word. Die praktiese doeltreffendhede van hierdie algoritmes word vir klein grafieke met mekaar vergelyk. Die kleinste en groostste toename in die sekure dominasiegetal van ’n grafiek word ook oorweeg wanneer ’n vaste getal lyne uit die grafiek verwyder word. Twee nuwe kostefunksies word vir hierdie doel daargestel en algemene grense word op hierdie kostefunksies vir arbitrêre grafieke bepaal, terwyl eksakte waardes van of verbeterde grense op hierdie kostefunksies vir verskeie oneindige klasse van spesiale grafieke bereken word. Drempelinligting word uiteindelik bepaal in terme van die moontlike getal lynverwyderings uit ’n grafiek voordat die sekure dominasiegetal daarvan toeneem. Die konsepte van kritiekheid en stabiliteit word in hierdie konteks bestudeer, met ’n fokus op die kleinste getal arbitrêre lynfalings wat noodwendig die sekure dominasiegetal van die gevolglike grafiek laat toeneem, of die grootste getal arbitrêre lynfalings wat noodwendig die sekure dominasiegetal van die gevolglike grafiek onveranderd laat. Secure graph domination Graph protection Edge criticality Edge stability Graph theory Domination (Graph theory) Theses -- Industrial engineering Dissertations -- Industrial engineering UCTD

Search results