Abstract:This paper presents a list abstraction method. This method enjoys low space overhead by storing the edges between nodes in a list implicitly in a compact manner. It also enjoys high precision by keeping the length of lists. Specifically, the study introduces a so-called variable reachability vector to encode the reachability properties of variables to list nodes, and use variable reachability vector set with counters as an abstract model for each list state. Based on this model, abstract semantics are then defined for basic list operations. This approach could model all singly-linked lists including cyclic cases after a simple extension is brought in. On this basis, the study designs and implements a symbolic execution framework, which could automatically analyze programs manipulating lists automatically. Finally, this approach is applied to analyzing some typical list-manipulating programs for non-trivial properties, such as run-time errors, length related properties and termination.

Abstract:Speculative multithreading (SpMT) technology is an effective mechanism for automatic parallelization of irregular programs. However, just generating speculative threads based on the control flow graph which only contains branch probability information is not enough. It is inevitable that there may be excessive constraints resulting from control dependence and data dependence in practice. In the traditional thread partitioning algorithms, a key problem is that these existing evaluation methods do not integrate the data dependence with the control speculation in order to obtain the maximum benefit. In order to solve the inefficiency of evaluation for control dependence and data dependence, this paper proposes a path optimization based thread partitioning algorithm. In this algorithm, by introducing pre-computation technique and discussing the trade-offs between different speculative paths the study establishes an evaluation model to evaluate the control dependence and data dependence. Meanwhile, in order to reduce the side-effect of workload imbalance, some heuristics rules are designed. The experimental results show that there are interesting trade-offs between different speculative paths and it is possible to achieve a better performance. On average, the study achieved an average speedup of 1.83 on Olden benchmark suits.

Abstract:This paper analyzes 10 kinds of typical bad smells in 4 aspects to recommend a resolution sequence: causes, symptom, influence and resolution. The resolution sequence has also been validated by a questionnaire survey and two experiments.

Abstract:Internetware is an abstract of software system in open network environment. Its trust relationship is one of the most complex social relationships. In order to enhance adaptability of trust evolution model, improve prediction accuracy about trust evolution, and restrain production of selfish nodes effectively through discriminatory service and evolutionary game theories, this paper puts forward a trust evolution model that corresponds with characters of an open network: (1) Global profit function of entities based on discriminatory service is gained for enhancing adaptability of trust evolution model; (2) With the help of evolutionary game theory, and based on characters of Wright-Fisher model, a kind of Wright-Fisher multi-strategy trust evolution model of internetware is proposed for enhancing the prediction accuracy about trust evolution; (3) According to principle of fairness, incentive mechanism based on game is built, so as to inspire evolution of trust strategy and restrain production of selfish nodes effectively. The experimental results show that this model can more accurately reflect complexity character of open network. By adding incentive mechanism, internetware system can achieve the stable state more quickly, thus it can improve the efficiency of network more effectively and make the trust profit achieve optimal.

Abstract:This paper introduces the syntax and the distributed fixpoint semantics of a rule-based declarative language, Netlog. The strongly well-behaved programs were defined, which were proven insensitive to bounded message loss.

Abstract:Compared with flat textual documents, XML documents are annotated with many meaningful tags, which give information retrieval systems a clearer understanding on queried documents. In addition to structured query languages, such as SQL, XQuery and XPath, keyword queries are widely used for XML retrieval because of their simplicity and ease of use. Although a single keyword and its query intention may be ambiguous, two or more keywords can clarify the query intention if possible occurring contexts and interrelationships are considered. This paper proposes the XNodeRelation algorithm to understand users’ keyword queries in XML retrieval. In contrast to existing approaches, the study infers users’ query intention by taking into account both schematic and statistical information of the XML data and considering the possible occurring contexts and interrelationships of query keywords. Extensive experiments verify the effectiveness of this algorithm.

Abstract:Under the filter-and-refine framework and based on the learning techniques, a data-aware method for c-approximate nearest neighbor query for high-dimensional data is proposed in this paper. The study claims that data after random projection satisfies the entropy-maximizing criterion which is needed by the semantic hashing. The binary codes after random projection are treated as the labels, and a group of classifiers are trained, which are used for predicting the binary code for the query. The data objects are selected who’s Hamming distances between the query satisfying the threshold as the candidates. The real distances are evaluated on the candidate subset and the smallest one is returned. Experimental results on the synthetic datasets and the real datasets show that this method outperforms the existing work with shorter binary code, in addition, the performance and the result quality can be easily tuned.

Abstract:This paper proposes a join query processing algorithm CoLocationHashMapJoin (CHMJ). First the study designs a multi-copy consistency hash algorithm. The algorithm distributes the data of tables over the cluster according to the hash values of the join property, which improves the data locality while ensure data availability. Second, based on the multi-copy consistency hash algorithm, the study proposes a parallel join query processing algorithm called HashMapJoin. HashMapJoin improves the efficiency of join query significantly. CHMJ has been used in Tencent’s data warehouse system, and plays an important role in Tencent’s daily analysis tasks. The results show that CHMJ improves the efficiency of join query processing by five times comparing to Hive.

Abstract:A temporal XML indexing structure based on temporal encoding and linear order partition was studied. First, a temporal encoding method based on extended preorder encoding was proposed, by which the structural relationship between nodes can be determined. Second, based on detail analysis of relationship between time intervals, the concept of linear order partition was proposed, and algorithm to attain a linear order partition was also discussed. Then, a temporal structural summary was introduced which includes both structural and temporal information, and a temporal XML indexing mechanism—TempSumIndex was built based on temporal structural summary, then, both temporal querying and incremental updating algorithms of TempSumIndex were discussed. Finally, experiments were designed to compare the basic performance of TempSumIndex with existing temporal XML indexing methods, and the experimental results show that TempSumIndex has better performance.

Abstract:The Distributed denial of service (DDoS) attack is a major threat to the current network. Based on the attack packet level, the study divides DDoS attacks into network-level DDoS attacks and application-level DDoS attacks. Next, the study analyzes the detection and control methods of these two kinds of DDoS attacks in detail, and it also analyzes the drawbacks of different control methods implemented in different network positions. Finally, the study analyzes the drawbacks of the current detection and control methods, the development trend of the DDoS filter system, and corresponding technological challenges are also proposed.

Abstract:This paper proposes a global and declarative development model for sensor networking, within which the global and declarative programs are compiled into distributed programs that can be executed on virtual machines equipped on nodes, so that the developers declare the global functionality of a network.

Abstract:The chain measurement mechanism of trusted computing doesn’t easily extend to all applications in the terminal, so it is difficult for the terminal to always maintain the trust of the dynamic running environment of the terminal. To collect trustworthiness evidence in an objective, genuine, and comprehensive way, a trusted evidence collection agent based on TPM is designed and developed. Its main function is collecting the critical objects in the dynamic environment of the terminal, such as memory, process, disk files, network ports, policy data, and so on. First, the static and dynamic creditability of the agent is assured by the measurement function of trusted platform module (TPM) and isolation mechanism of trusted virtual machine monitor (TVMM), and then the creditability of original and transmit of the collecting evidences is assured by the encryption and signature function. This paper also implements a prototype of the agent in Windows platform. Based on the prototype, the paper examines the trustworthiness evaluation for executing the agent program in a local area network distributed computing environment. In this application, the performance of prototype is studied, and the feasibility of this approach is demonstrated.

Abstract:Aiming at different application needs, this paper presents a classification taxonomy, in which these applications are fallen into 4 categories: Delayed coverage of sensor being higher than or in target region, non-delayed coverage of sensor being higher than or in target region. Taking factors of sense regions and possible ones into account, it proposes different sensing models depending on different applications. Based on the above mentioned, themodels and nodes deployment methods are analyzed. The results indicate that the proposed sensing models and estimation methods agree with actual application than previous approaches.

Abstract:On the basis of minimum cut theory, the article proposes a min-cut multi-path (MCMP) routing algorithm, which select key paths of small quantity and distribute traffic evenly among the paths. MCMP is apt to implement and control congestion at bottleneck links. With real traffic datasets, experiments are carried on European and North American backbone networks. By comparisons with OSPF (open shortest path first) routing algorithm commonly used in intra-domain network and a multi-path routing algorithm used in optimal model, the maximum link load resulted from MCMP routing algorithm decreases over 41% and 20% separately.

Abstract:Filtering the spoofed packets with a false source addresses is the inherent requirement of the trustworthy and secure Internet. Routing based distributed packet filtering is effective, but its effectiveness has no solid theory analysis. In this paper, based on the inter-domain route distribution and the hierarchy of the Internet topology, the study establishes the route distribution tree model and ideal AS graph model using these two models analyze the effectiveness of maximum filtering and semi-maximum filtering. The analysis results verify the former experimental results and figure out the theoretical explanation. Maximum filtering can filter out most spoofed packets. Though it cannot reach 100%, maximum filtering can limit the number of the successful spoofing AS to the average AS path length of the Internet. On the ideal AS graph, semi-maximum filtering has the same effectiveness as the maximum filtering and its storage and computing overhead is much lower than maximum filtering, which provides the theoretical basis to use it in practice. The model-based analysis points out the inherent features of the inter-domain routing based distributed packet filtering, which conduces to design the subsidiary mechanism and the overall deployment in the whole Internet.

Abstract:This paper proposes an algorithm based on rounded partition function for k-anonymity. By rigorous theoretical proof, the study will show that a better upper bound on size of the anonymization groups can be obtained in non-trivial data sets. In particular, when the size of the original dataset is greater than 2k², the upper bound will be reduced to k+1. Further, the average size of all anonymization groups of the anonymous data will be close enough to k when the size of the original dataset is large enough. Experimental results on real datasets show that this algorithm is effective and feasible.

Abstract:The study proposes a verification mechanism based on reachability analysis of pushdown system to enforce existing declassification policies of language-based information flow security. The pushdown rules of store and match primitives are embedded in the abstract model after compact self-composition. The security property with respect to different declassification policies is violated when the illegal-flow state is reached in the pushdown system. The experimental results show improvement in precision, compared with the type-based mechanisms, and growth in effectiveness compared with the RNI-enforcement based on automated verification.

Abstract:The certificate-based encryption schemes often limit the message space to a particular group and are not adaptive to encrypt large messages. In order to solve this problem, the study extends the concept of key encapsulation mechanism with tags to the certificate-based encryption, and then proposes the notion and security model of the certificate-based key encapsulation mechanism with tags (CB-TKEM). In addition, the paper presents a construction of CB-TKEM that is provably secure against IND-CCA2 in the random oracle model.

Abstract:In recent years, virtualization technology is the novel trendy of computer architecture, and it provides a solution for security monitoring. Due to the highest privilege and the smaller trusted computing base of virtual machine monitor, security tools, deployed in an isolated virtual machine, can inspect the target virtual machine with the help of virtual machine monitor. This approach can enhance the effectiveness and anti-attack ability of security tools. From the aspect of the implementation technologies, existing research works can be classified into internal monitoring and external monitoring. According to the different targets, the related works about virtualization-based monitoring are introduced in this paper in detail, such as intrusion detection, honeypot, file integrity monitoring, malware detection and analysis, security monitoring architecture and the generality of monitoring. Finally, this paper summarizes the shortcomings of existing works, and presents the future research directions. It is significant for virtualization research and security monitoring research.

Abstract:A simulation component, oriented as a parallel framework for federate, was raised to facilitate federate development and improve execution performance of federate on multicore platform. Simulation components were employed to compose and assemble federates in parallel framework. With simulation engine management service, data distribution management service, object management service, component management service and load balancing of parallel framework, a multicore parallel environment was provided for simulation component, which also assured correct interactions between parallel federates and RTI. Experiments were carried out on the extra overhead introduced by parallel framework and performance comparisons between normal federate and parallel federate were made. Results showed that parallel framework fully exploited multicore processors with reduced execution time and improved performance of simulation system.

Abstract:A one-way isolation execution model based on hardware virtualization is proposed. In this model, the security application based on self-requirements can be divided into two parts: host process and security sensitive module (SSM). Isolated execution manager named SSMVisor, as the core component of isolation execution model, provides a one-way isolation execution environment for SSMs, not only to ensure security, but also to allow SSMs to call outside functions. As security application’s trusted computing base (TCB) only includes SSMs and SSMVisor, without operating system and the security unrelated module of the applications, the size of security application’s TCB is reduced effectively. A prototype system is not only compatible with the original operating system, but also light-weight. Experimental results show that the performance overhead of prototype system is very low, about 6.5%.

Abstract:The utilization bound for multiprocessor systems using the rate-monotonic scheduling algorithm and first fit allocation policy proposed by Lopez, et al. offers the best performance among all O(m) complexity schedulability tests. In this paper, a utilization bound is derived for the same target problem. The main difference between these two bounds lies in the technique to verify the schedulability of task sets on uniprocessors; the schedulability test here is performed based on the hyperbolic bound proposed by Bini, et al. The new bound surpasses the existing one under quite a lot parameter settings, and the combination of these two schedulability test methods, which are compatible with each other, can significantly improve the number of schedulable task sets with little extra overhead.