Web Camouflage: Protecting Your Clients from Browser-Sniffing Attacks

Browser cache and history are intended to be private, yet it's not difficult for malicious Web sites to "sniff" cache entries on visitors' computers and then use that information to more accurately deceive them. The authors' approach neutralizes the threat of URLs being discovered on client computers.     

在超立方互联网络中实现anycast通信模式的算法分析

Anycast是网络中一种新的通信方式，是IPv6的一个新特性．它要求数据包被路由到具有相同Anycast地址的一组网络节点中距离用户“最近”的一个节点．通过对anycast这一新型通信模式研究发现，Anycast通信的应用空间非常广阔，不仅可以满足大量地理位置分散的用户的需要，而且在互联网络中也有重要的应用．因此，anycast被引入到互联网络中，提出在超立方互联网络结构中实现anycast通信的有效算法，并对该算法的效率进行分析，结果表明该算法需O（3n-2k＋2）个时间步即可实现anycast通信．通过模拟实验，得到在某一超立方互联网络中实现anycast通信时链路缓冲区个数与丢包率间的关系，为网络设计提供理论指导；同时，通过对比实验结果得到，在超立方互联网络中引入anycast通信能够有效地提高网络性能．     

Internet上一种有效的QOS选播路由算法

为了提高网络服务的范围和服务质量 ,在 Internet经常采用一组复制服务器的方法。选播服务是一种新的网络服务模型 ,可以改善网络负载分布和简化某些网络应用。本文介绍了一个简单的基于 Internet选播服务模型 ,该模型对目前使用的网络路由算法和协议的影响不大 ,并且提出了服务于该模型的 Qo S路由算法 ,该算法采用随机策略来平衡网络负载和改善网络性能。在不同网络拓扑和不同网络参数下的模拟结果表明该算法具有良好的服务性能 ,并能有效平衡网络负载     

基于遗传算法的网络负载均衡的选播路由算法

在分析选播通信服务的基础上,提出了一种能实现网络负载均衡的基于遗传算法的选播QoS路由算法,该算法在满足业务带宽和时延的基本要求下,采用适合问题特点的遗传算子,将网络资源消耗和负载均衡分布作为目标函数进行优化,达到网络资源消耗较小,负载均衡分布的目的,仿真结果表明,该算法是有效且切实可行的。     

识别密码算法具体实现中潜在功耗攻击的理论分析方法

为验证密码算法具体实现技术抗功耗攻击的有效性,提出一种可发现在密码算法具体实现中可能存在的功耗攻击的分析方法,主要包括识别潜在攻击的基本理论、描述密码算法具体实现的增强数据相关图、根据基本理论和增强数据相关图以识别不同强度功耗攻击的算法,并给出针对一种典型的AES算法防护技术的分析结果.结合文中的结果以及密码算法部件抗功耗攻击能力的量化分析,可以建立相应的抗功耗攻击的设计流程.     

Entropy Regularized Likelihood Learning on Gaussian Mixture: Two Gradient Implementations for Automatic Model Selection

In Gaussian mixture modeling, it is crucial to select the number of Gaussians or mixture model for a sample data set. Under regularization theory, we aim to solve this kind of model selection problem through implementing entropy regularized likelihood (ERL) learning on Gaussian mixture via a batch gradient learning algorithm. It is demonstrated by the simulation experiments that this gradient ERL learning algorithm can select an appropriate number of Gaussians automatically during the parameter learning on a sample data set and lead to a good estimation of the parameters in the actual Gaussian mixture, even in the cases of two or more actual Gaussians overlapped strongly. We further give an adaptive gradient implementation of the ERL learning on Gaussian mixture followed with theoretic analysis, and find a mechanism of generalized competitive learning implied in the ERL learning.     

用ROUTE命令实现双网卡路由配置

当电脑中只有一块网卡时,不会注意到路由表的存在。当电脑中安装了两块或者两块以上的网卡时,就需要人为控制WINDOWS的路由表。本文用ROUTE命令来实现双网卡路由配置。     

Toward formal development of programs from algebraic specifications: Implementations revisited

Summary The program development process is viewed as a sequence of implementation steps leading from a specification to a program. Based on an elementary notion of refinement, two notions of implementation are studied: constructor implementations which involve a construction on top of the implementing specification, and abstractor implementations which additionally provide for abstraction from some details of the implemented specification. These subsume most formal notions of implementation in the literature. Both kinds of implementations satisfy a vertical composition and a (modified) horizontal composition property. All the definitions and results are shown to generalise to the framework of an arbitrary institution, and a way of changing institutions during the implementation process is introduced. All this is illustrated by means of simple concrete examples.An extended abstract of this paper appeared in [65]     

Toward formal development of programs from algebraic specifications: Implementations revisited

Summary The program development process is viewed as a sequence of implementation steps leading from a specification to a program. Based on an elementary notion of refinement, two notions of implementation are studied: constructor implementations which involve a construction “on top of” the implementing specification, and abstractor implementations which additionally provide for abstraction from some details of the implemented specification. These subsume most formal notions of implementation in the literature. Both kinds of implementations satisfy a vertical composition and a (modified) horizontal composition property. All the definitions and results are shown to generalise to the framework of an arbitrary institution, and a way of changing institutions during the implementation process is introduced. All this is illustrated by means of simple concrete examples. An extended abstract of this paper appeared in [65].     

Two Dimensional Aggregation Procedure: An Alternative to the Matrix Algebraic Algorithm

The aggregation procedure is an important theoretical and empirical topic of economics. It appears in the Microeconomics and Macroeconomics, in Panel and Cross-Sectional Data Analysis, in Data Mining Analysis, in Input–Output and Agent-based Computational Economics Modelling. The question of the choice of algorithm is became important since the size of the sample data has became more important, and despite of the speed of the computers. In this paper we present the “classical” algorithm (the “matrix algebraic” one) of aggregation of the two-dimensional sample data, and compare it to the alternative algorithms (the “vectorial” one) we developed. Then we present some extensions to the multidimensional aggregation.      

没有防火墙的网络攻击行为研究

介绍了防火墙技术的功能,分析了网络攻击的一般过程,设计了没有防火墙的网络攻击并模拟其实现过程。     

Parallel Implementations of the Selection Problem: A Case Study

The selection problem has been studied extensively on sequential machines. A linear average time solution and a linear worst-case solution are considered as the standard by most researchers. Theoretical work is also available on parallel models, but it has not been widely implemented on parallel machines. This paper presents an in-depth analysis of the implementation of the standard algorithms, on a number of multiprocessors and supercomputers from the entire spectrum of Flynn's classification, using both an imperative (C based languages with vendor specific parallel extensions) and a functional (SISAL) language. Very interesting results were obtained for all of the experiments performed, leading us to the conclusion that the selection problem has very efficient parallel implementations. Hand-tuned C programs with parallel extensions provided good efficiency but were time-consuming in terms of development. On the other hand, the SISAL code is fully portable and the same program was used on all the machines. The performances of SISAL implementations were comparable to the ones of the hand-tuned C implementations. On all the tests, the routines were able to sustain good speed-up and reasonable efficiency, even with a large number of processors. In two cases (one machine using SISAL, and one using a C-based language), we were able to obtain an efficiency higher than 80% with a configuration close or equal to the maximum number of processors.     

Transaction Fusion: A Model for Data Recovery from Information Attacks

The escalation of electronic attacks on databases in recent times demands fast and efficient recovery methods. The existing recovery techniques are too time-consuming as they first undo all malicious and affected transactions individually, and then redo all affected transactions, again, individually. In this paper, we propose a method that accelerates the undo and redo phases of the recovery. The method developed involves combining or fusing malicious or affected transactions occurring in groups. These fused transactions are executed during undo and redo phases instead of execution of individual transactions. By fusing relevant transactions into a single transaction, the number of operations such as start, commit, read, and write are minimized. Thus, data items which were required to be accessed multiple times in case of individual transactions are accessed only once in a fused transaction. The amount of log I/O's is reduced. This expedites the recovery procedure in the event of information attacks. A simulation analysis of the proposed model confirmed our claim.     

Social Software in Academic Libraries for Internal Communication and Knowledge Management: A Comparison of Two Reference Blog Implementations

This article investigates the adoption of new innovations for internal reference desk communication and knowledge management in academic libraries, specifically the use of social software tools. Actual implementations of the free blog software Wordpress from two university libraries are described including charts detailing advantages and disadvantages of the methods. In the context of the diffusion of innovation and organizational lag theories, the analyzed outcomes confirm that while social software tools are being used, relatively few institutions have exploited them for improving in-house processes. Without clearly articulated long-term gains, adoption of administrative innovations will follow the pattern of organizational lag.     

Speaking with One Voice: Risk Communication Lessons from the US Anthrax Attacks1

It is often said that in times of crises experts, officials, and organizations should speak with one voice. But this homily has not been subjected to either conceptual or empirical scrutiny. We begin those tasks in this paper. To pursue our analysis, we use statements from the popular and scholarly presses; we also use our interviews with local officials in New Jersey, USA, who had to respond to the anthrax attacks in the fall of 2001. We outline some of the meanings of the admonition to “speak with one voice” and discuss the rhetorical significance of the advice. Our argument is that it may be wise to speak with one voice, but this can not be taken for granted. Difference audiences may well need different messages or different kinds of messages. Speaking with multiple voices is often the most effective way to advance meaningful communication.     

Routing a Permutation in the Hypercube by Two Sets of Edge Disjoint Paths

Consider a hypercube regarded as a directed graph, with one edge in each direction between each pair of adjacent nodes. We show that any permutation on the hypercube can be partitioned into two partial permutations of the same size so that each of them can be routed by edge-disjoint directed paths. This result implies that the hypercube can be made rearrangeable by virtually duplicating each edge through time-sharing (or through the use of two wavelengths in the case of optical connection), rather than by physically adding edges as in previous approaches. When our goal is to route as many source–destination pairs of the given permutation as possible by edge-disjoint paths, our result gives a 2-approximate solution which improves previous ones.     

Protecting cryptographic keys: the trace-and-revoke approach

The authors describe two methods for protecting content by creating a legitimate distribution channel. One method broadcasts encrypted data to a selected set of users, and a tracing algorithm uncovers a compromised key's owner. The other method updates user keys to resecure a compromised network.     

Breaking the Model: Finalisation and a Taxonomy of Security Attacks

It is well known that security properties are not preserved by refinement, and that refinement can introduce new, covert, channels, such as timing channels. The finalisation step in refinement can be analysed to identify some of these channels, as unwanted finalisations that can break the assumptions of the formal model. We introduce a taxonomy of such unwanted finalisations, and give examples of attacks that exploit them.     

Portmanteau Model Diagnostics and Tests for Nonlinearity: A Comparative Monte Carlo Study of Two Alternative Methods

This paper employs an extensive Monte Carlo study to test the size and power of the BDS and close return methods of testing for departures from independent and identical distribution. It is found that the finite sample properties of the BDS test are far superior and that the close return method cannot be recommended as a model diagnostic. Neither test can be reliably used for very small samples, while the close return test has low power even at large sample sizes.