Optimizing System Performance and Dependability Using Compiler Techniques

Rajagopalan, Mohan

January 2006

As systems become more complex, there are increasing demands for improvement with respect to attributes such as performance, dependability, and security. Optimization is defined as theprocess of making the most effective use of a set of resources with respect to some attribute. Existing optimization techniques, however, have two fundamental limitations. They target individual parts of a system without considering the potentially significant global picture, and they are designed to improve a single attribute at a time. These limitations impose significant restrictions on the kinds of optimization possible, the effectiveness of the techniques, and the ability to improvethe optimization process itself.This dissertation presents holistic system optimization, a new approach to optimization based on taking a broad view of a system. Unlike current approaches, holistic optimizations consider different kinds of interactions at multiple levels in a system, and target a variety of metrics uniformly. A key component of this research has been the use of proven compiler techniques to ensure transparency, automation, and correctness. These techniques have been implemented in Cassyopia, a software prototype of a framework for performing holistic optimization.The core of this work is three new holistic optimizations, which are also presented. The first describes profile-directed static optimizations designed to improve the performance of eventbased programs by spanning boundaries that separate code that raises events from handlers that field them. The second, system call clustering, improves the system call behavior of an entire program by grouping together calls that can be executed in a single boundary crossing. In thiscase, the optimization spans kernel and user address spaces. Finally, authenticated system calls optimize system security through a novel implementation of an efficient system call monitor. This example demonstrates how the new approach can be used to create new optimizations that not only span address space boundaries but also target attributes such as dependability. All of these optimizations involve the application of standard compiler techniques in non-traditional contexts and demonstrate how systems can be improved beyond what is possible using existing techniques.

Operating Systems

Compiler Optimization

Program Analysis

Performance Optimization

Security and Intrusion Tolerance

Holistic System Optimization

Byzantine Fault Tolerance for Nondeterministic Applications

Chen, Bo

January 2008

No description available.

Computer Science

Byzantine fault tolerance

replica nondeterminism

security

replica consistency

replication

intrusion tolerance

performance

online poker game

Dynamic Redundancy Management of Multisource Multipath Routing Integrated with Voting-based Intrusion Detection in Wireless Sensor Networks

Al-Hamadi, Hamid Helal

24 April 2014

Wireless sensor networks (WSNs) are frequently deployed unattended and can be easily captured or compromised. Once compromised, intrusion prevention methods such as encryption can no longer provide any protection, as a compromised node is considered a legitimate node and possesses the secret key for decryption. Compromised nodes are essentially inside attackers and can perform various attacks to break the functionality of the system. Thus, for safety-critical WSNs, intrusion detection techniques must be used to detect and remove inside attackers and fault tolerance techniques must be used to tolerate inside attackers to prevent security failure. In this dissertation research, we develop a class of dynamic redundancy management algorithms for redundancy management of multisource multipath routing for fault and intrusion tolerance, and majority voting for intrusion detection, with the goal of maximizing the WSN lifetime while satisfying application quality-of-service and security requirements, for base station based WSNs, homogeneous clustered WSNs, and heterogeneous clustered WSNs. By means of a novel model-based analysis methodology based on probability theory, we model the tradeoff between energy consumption vs. reliability, timeliness and security gain, and identify the optimal multisource multipath redundancy level and intrusion detection settings for maximizing the lifetime of the WSN while satisfying application quality-of-service requirements. A main contribution of our research dissertation is that our dynamic redundancy management protocol design addresses the issues of "how many paths to use" and "what paths to use" in multisource multipath routing for intrusion tolerance. Another contribution is that we take an integrated approach combining intrusion detection and tolerance in the protocol design to address the issue of "how much intrusion detection is enough" to prevent security failure and prolong the WSN lifetime time. We demonstrate resiliency of our dynamic redundancy management protocol design for intrusion detection and tolerance against sophisticated attacker behaviors, including selective and random capture, as well as persistent, random, opportunistic and insidious attacks, by model-based performance analysis with results supported by extensive simulation based on ns3. / Ph. D.

Wireless sensor networks

multisource multipath routing

dynamic redundancy management

energy conservation

reliability

security

intrusion detection

intrusion tolerance

performance analysis.

An architecture to resilient and highly available identity providers based on OpenID standard / Uma arquitetura para provedores de identidade resistente e altamente disponíveis com base no padrão OpenID

Cunha, Hugo Assis

26 September 2014

Submitted by Lúcia Brandão (lucia.elaine@live.com) on 2015-07-14T15:58:20Z No. of bitstreams: 1 Dissertação - Hugo Assis Cunha.pdf: 4753834 bytes, checksum: 4304c038b5fb3c322af4b88ba5d58195 (MD5) / Approved for entry into archive by Divisão de Documentação/BC Biblioteca Central (ddbc@ufam.edu.br) on 2015-07-20T14:08:11Z (GMT) No. of bitstreams: 1 Dissertação - Hugo Assis Cunha.pdf: 4753834 bytes, checksum: 4304c038b5fb3c322af4b88ba5d58195 (MD5) / Approved for entry into archive by Divisão de Documentação/BC Biblioteca Central (ddbc@ufam.edu.br) on 2015-07-20T14:12:26Z (GMT) No. of bitstreams: 1 Dissertação - Hugo Assis Cunha.pdf: 4753834 bytes, checksum: 4304c038b5fb3c322af4b88ba5d58195 (MD5) / Made available in DSpace on 2015-07-20T14:12:26Z (GMT). No. of bitstreams: 1 Dissertação - Hugo Assis Cunha.pdf: 4753834 bytes, checksum: 4304c038b5fb3c322af4b88ba5d58195 (MD5) Previous issue date: 2014-09-26 / Não Informada / Quando se trata de sistemas e serviços de autenticação seguros, há duas abordagens principais: a primeira procura estabelecer defesas para todo e qualquer tipo de ataque. Na verdade, a maioria dos serviços atuais utilizam esta abordagem, a qualsabe-sequeéinfactívelefalha. Nossapropostautilizaasegundaabordagem, a qual procura se defender de alguns ataques, porém assume que eventualmente o sistema pode sofrer uma intrusão ou falha e ao invés de tentar evitar, o sistema simplesmente as tolera através de mecanismos inteligentes que permitem manter o sistema atuando de maneira confiável e correta. Este trabalho apresenta uma arquiteturaresilienteparaserviçosdeautenticaçãobaseadosemOpenIDcomuso deprotocolosdetolerânciaafaltaseintrusões, bemcomoumprotótipofuncional da arquitetura. Por meio dos diversos testes realizados foi possível verificar que o sistema apresenta um desempenho melhor que um serviço de autenticação do OpenID padrão, ainda com muito mais resiliência, alta disponibilidade, proteção a dados sensíveis e tolerância a faltas e intrusões. Tudo isso sem perder a compatibilidade com os clientes OpenID atuais. / Secure authentication services and systems typically are based on two main approaches: the first one seeks to defend itself of all kind of attack. Actually, the major current services use this approach, which is known for present failures as well as being completely infeasible. Our proposal uses the second approach, which seeks to defend itself of some specific attacks, and assumes that eventually the system may suffer an intrusion or fault. Hence, the system does not try avoiding the problems, but tolerate them by using intelligent mechanisms which allow the system keep executing in a trustworthy and safe state. This research presents a resilient architecture to authentication services based on OpenID by the use of fault and intrusion tolerance protocols, as well as a functional prototype. Through the several performed tests, it was possible to note that our system presents a better performance than a standard OpenID service, but with additional resilience, high availability, protection of the sensitive data, beyond fault and intrusion tolerance, always keeping the compatibility with the current OpenID clients.

Tolerância a faltas e intrusões

Sistemas resilientes

Replicação de máquinas de estado

Fault and intrusion tolerance

Resilient systems

State machine replication

OpenID