Intrusion-Tolerant Server Architecture for Survivable Services

Survivable systems are increasingly needed in a wide range of applications. As a step toward realizing survivable systems, this paper presents architecture of intrusion-tolerant servers. It is to deliver intended services transparently to the clients even when a computing node fails due to failures, intrusions, and other threats. In order to deliver only secure results to the client, we need an algorithm to decide agreement on results from replicated servers. For this purpose, a secure and practical decentralized voting algorithm for the architecture is proposed in the paper. Through the experiments on a test-bed, especially, for web services, the approach turned out very effective in terms of extra cost and considered to be able to cope with both confidentiality and integrity attacks.     

一种新型多层可生存信息服务架构

针对分布信息系统面临的安全威胁,综合P2P网络的无集中控制、漂移、共享等特性,虚拟化技术的共存、隔离、异构等特性提出一种新型多层可生存信息服务结构－CUIRASS,有效提高了部件失效和被入侵状态下持续服务的能力。该架构应用多样化服务群破坏黑客入侵传播过程,并利用虚拟化技术克服多样化服务的部署难题;采用基于定制的服务代理节点和服务代理节点协同实现分布拒绝服务攻击的抵御;构造服务代理层实现安全相关信息的过滤和覆盖网路由,有效隐藏服务节点信息,破坏黑客信息收集过程;提出综合多种漂移方式的动态可生存服务模式,利用虚拟化实现服务的重配置、快速备份和恢复,克服传统的主备模式和集群模式存在的开销大和实时性差的问题。     

外包数据库的新模式——虚拟服务器结构*

从安全性与可操作性的双重需求出发构造一个外包数据库模式分析框架,提出基于虚拟服务器模式（virtual server architecture,VSA）的外包数据库模式,并设计以同态密文操作策略为核心技术的系统实现方案,证实VSA模式相对于传统模式的优势。     

JBoss消息服务器体系结构分析与改进研究

JBoss是目前得到普遍应用的一种J2EE服务器,它免费使用并开放源码,采用JMX体系结构实现,系统设计紧凑,扩展性和维护性好。研究了JBoss的消息服务器,分析其体系结构和实现,指出其中存在的问题并加以改进。主要对消息服务器的可靠性和实时性做了改进工作。     

入侵容忍技术在Web服务器系统的应用

结合入侵容忍通用模型SITAR和分散选举技术,提出了一个具有入侵容忍特性的Web服务器系统.在设计中应用了多代理、多样性、冗余等技术,在响应的一致性协商过程参考Byzantine容错算法,并引入Hash算法和加密技术,加强系统的安全,提高运行效率.     

虚拟现实环境下的分布式服务器架构策略研究

虚拟现实环境下,数据实时性和系统稳定性的高要求对服务器架构的设计和优化提出了新的挑战。针对虚拟现实环境下海量数据存储效率的提升和系统性能的优化,提出了一种新的分布式服务器架构,该架构基于分布式协调框架ZooKeeper、分布式缓存架构Redis以及MongoDB分片机制,并改进一致性Hash算法来优化Redis缓存架构,同时优化MongoDB分片的负载均衡机制。经过相应的仿真验证,该架构在虚拟现实环境下具有有效性。     

一种新的大型通用分布式服务器架构

目前许多大型应用如电子商务系统、电子邮件系统、企业信息系统等都是基于大型分布式服务器系统。给出了一种新的大型分布式服务器系统架构的设计与实现,该分布式服务器体系结构为各种大型应用系统提供了一个统一的服务器架构和开发模型。它能够高效处理大量并发业务,容易随着系统业务规模扩大而扩展,并且适用于目前所有操作系统和硬件平台。     

一种新的直播服务器实现框架

提出了一种新颖的直播服务器构架,在服务器中采用轮询式处理模式,并以RTP、RTSP和UDP协议为基础构造协议栈。在此基础上从两个方面考虑提高直播服务器的性能：在服务器中应用简单的平滑策略以平滑数据的发送过程,增加直播服务器的并发数;以音频数据的发送时间为基准进行媒体数据的发送,以增加服务器对视频流帧率波动的适应性。所提出的直播服务器实现框架和提高服务器性能的措施对于开发直播服务器的实践活动具有参考意义。     

An extensible and lightweight architecture for adaptive server applications

Server applications augmented with behavioral adaptation logic can react to environmental changes, creating self‐managing server applications with improved quality of service at runtime. However, developing adaptive server applications is challenging due to the complexity of the underlying server technologies and highly dynamic application environments. This paper presents an architecture framework, the Adaptive Server Framework (ASF), to facilitate the development of adaptive behavior for legacy server applications. ASF provides a clear separation between the implementation of adaptive behavior and the business logic of the server application. This means a server application can be extended with programmable adaptive features through the definition and implementation of control components defined in ASF. Furthermore, ASF is a lightweight architecture in that it incurs low CPU overhead and memory usage. We demonstrate the effectiveness of ASF through a case study, in which a server application dynamically determines the resolution and quality to scale an image based on the load of the server and network connection speed. The experimental evaluation demonstrates the performance gains possible by adaptive behavior and the low overhead introduced by ASF. Copyright © 2007 John Wiley & Sons, Ltd.     

基于事件驱动和QoS控制的Web服务器体系结构*

Web服务器在满足大量且不断上升的用户需求方面扮演着关键角色,但Web服务器也面临高并发的用户请求、不同的QoS需求和访问控制等众多挑战。针对这些挑战提出了一种采用事件驱动和QoS控制的新型Web服务器体系结构,并依此开发出命名为Epdds的原型服务器。通过对Epdds服务器的性能分析及与其他Web服务器性能对比,进一步验证了此种Web服务器体系结构的可行性和有效性。     

Performance analysis of a peer-to-peer I/O architecture in video server environments

In the personal computing (PC) and workstation environments, more and more I/O adapters are becoming complete functional subsystems that are intelligent enough to handle I/O operations on their own without much intervention from the host processor. The IBM Subsystem Control Block (SCB) architecture has been defined to enhance the potential of these intelligent adapters by defining services and conventions that deliver command information and data to and from the adapters. The SCB architecture has two operating modes. The Locate Mode represents the conventional, interrupt-driven I/O protocol used in many current personal computers. The Move Mode embodies an advanced, peer-to-peer I/O protocol proposed for the next generation of personal computers. In this paper, we would like to discuss and present a performance analysis of the SCB architecture in typical video server environments. In particular, we study a video server capable of providing support for simultaneous MPEG-1 video streams to multiple clients on a 16-Mbps token-ring network. We also consider the performance impact of a hypothetical 100-Mbps token-ring technology on the video server performance.     

基于入侵容忍的分布式数据库安全体系结构

分析了分布式数据库系统的结构及其面临的安全问题,提出了一种基于容侵技术的分布式数据库体系结构。从事务处理的角度出发,结合入侵检测和容侵技术,对被攻击的部分进行定位和修复,为合法用户提供不间断的服务。采用门限秘密共享技术,实现关键数据的机密性。     

Design and implementation of a client‐server architecture for taxonomy manager

Taxonomy Manager (TM) is a computer‐based, full‐text method dedicated to represent biological knowledge allowing scientists to continuously revise and reorganize the conceptual framework of data and their interpretation. The system architecture distinguishes clients and a task oriented server. TM provides a distinct, precise, yet user‐friendly, formalism for knowledge specification by biologic experts and for factual knowledge input by general scientists on interactive interfaces. An incremental compiler translates and transforms new information specified within full‐text editors into an internal format and back again. A retrieval dialog allows access to the results of text analyses including information units and associated rules, and a browser offers free navigation through the network of data. External users can access the information contained within TM by a communication protocol. Copyright © 1999 John Wiley & Sons, Ltd.     

基于B/S软件体系结构的研究

在软件开发过程中,软件体系结构的设计起着非常重要的作用,用它来指导整个软件的开发,可以准确地满足用户的需要并降低软件的开发成本。将软件体系结构与分层思想相结合,给出了当前广泛应用的基于B／S的软件体系结构的框架和框架的具体实现,指出了设计及应用过程中应该注意的问题。     

Algebraic connectivity metric for spare capacity allocation problem in survivable networks

For studying survivability of telecommunication networks, one should be able to differentiate topologies of networks by means of a robust numerical measure that can characterize the degree of immunity of a given network to possible failures of its elements. An ideal metric should be also sensitive to such topological features as the existence of nodes or links whose failures are catastrophic in that they lead to disintegration of a given network structure. In this paper, we show that the algebraic connectivity, adopted from spectral graph theory, namely the second smallest eigenvalue of the Laplacian matrix of the network topology, is a numerical index that characterizes a network’s survivability better than the average node degree that has been traditionally used for this purpose. This proposition is validated by extensive studies involving solutions of the spare capacity allocation problem for a variety of networks.     

基于TOGAF的车载信息服务业信息化架构研究

通过对TOGAF架构方法的深入研究,提出一种基于TOGAF架构和SST方法的信息化规划方法,并将此方法应用到车载信息服务企业的信息化规划案例中,给出该企业信息系统总体架构。     

论伪分布式多媒体服务器系统设计

文章提出了一种可扩展的与分布式结构相似的服务器系统结构，并讨论了用IP Multicast实现服务器系统的方法。利用该结构可以低成本构建大规模的视频应用系统。     

可生存的存储系统模型及其体系结构研究*

本文首先提出了一种可生存性存储系统的形式化模型定义,后结合模型给出了可生存性存储系统的体系结构。为可生存存储系统的设计构造提供指导思想,并系统可生存性的衡量提供基本方法。     

高顽存性存储网格模型

结合网格技术和存储技术,提出了基于域的存储网格模型。在域模型架构下,深入分析了域划分原则、元数据目录服务和数据容错等问题,重点探讨了数据高顽存性存储策略的设计。在比较复制、分片冗余等不同数据冗余策略特点的基础上,提出了一种混合式的数据冗余策略。模拟实验表明它兼具复制策略和分片冗余策略的优点,既保持了存储数据的整体可靠性水平,又弥补了低冗余度下编码复制可靠性偏低的不足,使冗余存储数据具有更好的可靠性效果。     

网络可存活生成树的快速恢复算法

如何应对网络链接失效是具有挑战性的问题之一,通常采用包含两棵生成树的可存活连接来预防链接失效。由于网络数据传输速率的高速增长,当两棵生成树的共享链接失效时,可存活连接中的生成树将全部失效。针对可存活连接中共享链接的失效提出了一种快速恢复算法,该算法通过搜索失效链接的可替换链接集,将失效概率最小的链接加入原可存活连接中的生成树,生成新的可存活连接。实验结果表明,该算法能够在显著降低恢复时间和时间复杂度的情形下,同时保证可存活连接的存活度接近当前网络的最优存活度。当网络节点数在10～100变化时,提出的算法比现有算法在恢复时间上的平均优化高达34.42%,同时在存活度上的误差不超过1%。