Pub Date : 2015-08-20DOI: 10.1109/Trustcom.2015.494
Dennis Titze, J. Schütte
Dynamic loading of libraries is a widely used technique in Android applications. But including and executing external library code does not only have benefits, it can have severe detrimental security implications for the application and the user. In this paper we explain the mechanisms of loading external library code into an Android application and discuss resulting security implications. Since an attacker can easily impersonate libraries if the application does not perform the necessary verification, loading such code can introduce severe security problems. As a remedy, we present how external code can be verified and since currently available application often do not perform such verification, we introduce a novel way to enforce this verification. A prototype of this system has been published as open-source which can be easily integrated into existing apps and libraries.
{"title":"Preventing Library Spoofing on Android","authors":"Dennis Titze, J. Schütte","doi":"10.1109/Trustcom.2015.494","DOIUrl":"https://doi.org/10.1109/Trustcom.2015.494","url":null,"abstract":"Dynamic loading of libraries is a widely used technique in Android applications. But including and executing external library code does not only have benefits, it can have severe detrimental security implications for the application and the user. In this paper we explain the mechanisms of loading external library code into an Android application and discuss resulting security implications. Since an attacker can easily impersonate libraries if the application does not perform the necessary verification, loading such code can introduce severe security problems. As a remedy, we present how external code can be verified and since currently available application often do not perform such verification, we introduce a novel way to enforce this verification. A prototype of this system has been published as open-source which can be easily integrated into existing apps and libraries.","PeriodicalId":277092,"journal":{"name":"2015 IEEE Trustcom/BigDataSE/ISPA","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121383955","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-08-20DOI: 10.1109/Trustcom.2015.508
Daiyong Quan, Lihua Yin, Yunchuan Guo
Mobile-aware service systems are dramatically increasing the amount of personal data released to service providers as well as to third parties. Data may reveal individuals' physical conditions, habits, and sensitive information. It raises serious privacy concerns. Current approaches to mitigate the privacy concerns rely on the randomization. However, it is difficult to guarantee privacy levels with random noise. In this paper, we propose a data obfuscation mechanism based on the generalized version of the notion of differential privacy. We extend the standard definition to the settings where the inputs belong to an arbitrary domain of secrets. Then we enhance the mobility signature privacy with our mechanism. By adopting the expected distance as an indicator to measure the service quality loss, we compare our mechanism with the (k,d)- anonymity random method. On the real dataset, the results reveal that our mechanism adds less noise under the same privacy guarantee.
{"title":"Enhancing the Trajectory Privacy with Laplace Mechanism","authors":"Daiyong Quan, Lihua Yin, Yunchuan Guo","doi":"10.1109/Trustcom.2015.508","DOIUrl":"https://doi.org/10.1109/Trustcom.2015.508","url":null,"abstract":"Mobile-aware service systems are dramatically increasing the amount of personal data released to service providers as well as to third parties. Data may reveal individuals' physical conditions, habits, and sensitive information. It raises serious privacy concerns. Current approaches to mitigate the privacy concerns rely on the randomization. However, it is difficult to guarantee privacy levels with random noise. In this paper, we propose a data obfuscation mechanism based on the generalized version of the notion of differential privacy. We extend the standard definition to the settings where the inputs belong to an arbitrary domain of secrets. Then we enhance the mobility signature privacy with our mechanism. By adopting the expected distance as an indicator to measure the service quality loss, we compare our mechanism with the (k,d)- anonymity random method. On the real dataset, the results reveal that our mechanism adds less noise under the same privacy guarantee.","PeriodicalId":277092,"journal":{"name":"2015 IEEE Trustcom/BigDataSE/ISPA","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128792842","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-08-20DOI: 10.1109/Trustcom.2015.473
A. Basu, Toru Nakamura, Seira Hidano, S. Kiyomoto
Many a time, datasets containing private and sensitive information are useful for third-party data mining. To prevent identification of personal information, data owners release such data using privacy-preserving data publishing techniques. One well-known technique - k-anonymity - proposes that the records be grouped based on quasi-identifiers such that quasi-identifiers in a group have exactly the same values as any other in the same group. This process reduces the worst-case probability of re-identification of the records based on the quasi identifiers to 1/k. The problem of optimal k-anonymisation is NP-hard. Depending on the k-anonymisation method used and the number of quasi identifiers known to the attacker, the probability of re-identification could be lower than the worst-case guarantee. We quantify risk as the probability of re-identification and propose a mechanism to compute the empirical risk with respect to the cost of acquiring the knowledge about quasi-identifiers, using an real-world dataset released with some k-anonymity guarantee. In addition, we show that k-anonymity can be harmful because the knowledge of additional attributes other than quasi-identifiers can raise the probability of re-identification.
{"title":"k-anonymity: Risks and the Reality","authors":"A. Basu, Toru Nakamura, Seira Hidano, S. Kiyomoto","doi":"10.1109/Trustcom.2015.473","DOIUrl":"https://doi.org/10.1109/Trustcom.2015.473","url":null,"abstract":"Many a time, datasets containing private and sensitive information are useful for third-party data mining. To prevent identification of personal information, data owners release such data using privacy-preserving data publishing techniques. One well-known technique - k-anonymity - proposes that the records be grouped based on quasi-identifiers such that quasi-identifiers in a group have exactly the same values as any other in the same group. This process reduces the worst-case probability of re-identification of the records based on the quasi identifiers to 1/k. The problem of optimal k-anonymisation is NP-hard. Depending on the k-anonymisation method used and the number of quasi identifiers known to the attacker, the probability of re-identification could be lower than the worst-case guarantee. We quantify risk as the probability of re-identification and propose a mechanism to compute the empirical risk with respect to the cost of acquiring the knowledge about quasi-identifiers, using an real-world dataset released with some k-anonymity guarantee. In addition, we show that k-anonymity can be harmful because the knowledge of additional attributes other than quasi-identifiers can raise the probability of re-identification.","PeriodicalId":277092,"journal":{"name":"2015 IEEE Trustcom/BigDataSE/ISPA","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128568621","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-08-20DOI: 10.1109/Trustcom.2015.570
Todor Ivanov, Raik Niemann, Sead Izberovic, M. Rosselli, Karsten Tolle, R. Zicari
In this paper, we evaluate the performance of DataStax Enterprise (DSE) using the HiBench benchmark suite and compare it with the corresponding Cloudera's Distribution of Hadoop (CDH) results. Both systems, DSE and CDH were stress tested using CPU-bound (WordCount), I/O-bound (Enhanced DFSIO) and mixed (HiveBench) workloads. The experimental results showed that DSE is better than CDH in writing files, whereas CDH is better than DSE in reading files. Additionally, for DSE the read and write throughput difference is very minor, whereas for CDH the read throughput is much higher than the write throughput. The results we obtained show that the HiBench benchmark suite, developed specifically for Hadoop, can be successfully executed on top of the DataStax Enterprise (DSE).
在本文中,我们使用HiBench基准套件评估了DataStax Enterprise (DSE)的性能,并将其与相应的Cloudera's Distribution of Hadoop (CDH)结果进行了比较。两个系统,DSE和CDH都使用cpu绑定(WordCount), I/ o绑定(Enhanced DFSIO)和混合(HiveBench)工作负载进行了压力测试。实验结果表明,DSE在文件写入方面优于CDH,而CDH在文件读取方面优于DSE。此外,对于DSE,读吞吐量和写吞吐量的差异非常小,而对于CDH,读吞吐量远高于写吞吐量。我们获得的结果表明,专门为Hadoop开发的HiBench基准测试套件可以在DataStax Enterprise (DSE)之上成功执行。
{"title":"Performance Evaluation of Enterprise Big Data Platforms with HiBench","authors":"Todor Ivanov, Raik Niemann, Sead Izberovic, M. Rosselli, Karsten Tolle, R. Zicari","doi":"10.1109/Trustcom.2015.570","DOIUrl":"https://doi.org/10.1109/Trustcom.2015.570","url":null,"abstract":"In this paper, we evaluate the performance of DataStax Enterprise (DSE) using the HiBench benchmark suite and compare it with the corresponding Cloudera's Distribution of Hadoop (CDH) results. Both systems, DSE and CDH were stress tested using CPU-bound (WordCount), I/O-bound (Enhanced DFSIO) and mixed (HiveBench) workloads. The experimental results showed that DSE is better than CDH in writing files, whereas CDH is better than DSE in reading files. Additionally, for DSE the read and write throughput difference is very minor, whereas for CDH the read throughput is much higher than the write throughput. The results we obtained show that the HiBench benchmark suite, developed specifically for Hadoop, can be successfully executed on top of the DataStax Enterprise (DSE).","PeriodicalId":277092,"journal":{"name":"2015 IEEE Trustcom/BigDataSE/ISPA","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129258687","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-08-20DOI: 10.1109/Trustcom.2015.493
Baden Delamore, R. Ko
Large-scale Internet scanning has become increasingly common in the research community shedding light on the state of security at a global level. However, scans in the past have typically focused on addressing on the adoption of services and the ubiquity of protocols, with few focusing on the extent of vulnerability and exposures on the Internet. This paper explores the shellshock vulnerability in web applications by analysing the Alexa Top 1 Million, public-facing websites in the world to ascertain the pervasiveness and severity of shellshock. We achieved this by developing an algorithm that uses simple heuristics with multi-threading capabilities empowering us to perform rapid large-scale web application scanning across various hosts over the HTTP protocol. The results of our global scan were interesting, and illustrated the pervasiveness of shellshock and the potential impact it can have on an organisation -- despite this vulnerability being a known vulnerability at the time of our global scan. The results of which show that certain Web server configurations are particularly susceptible, and illustrates which popular top level domains and country's were most affected. Our findings also showed that while shellshock is easily detectable from an observational standpoint, there exists certain server configurations that allow the bug to be exploited even where cgi scripts are non-existent in the web server. We also discuss remediation guidelines and defensive security practices to protect hosts and organisations from such web-based attack vectors.
{"title":"A Global, Empirical Analysis of the Shellshock Vulnerability in Web Applications","authors":"Baden Delamore, R. Ko","doi":"10.1109/Trustcom.2015.493","DOIUrl":"https://doi.org/10.1109/Trustcom.2015.493","url":null,"abstract":"Large-scale Internet scanning has become increasingly common in the research community shedding light on the state of security at a global level. However, scans in the past have typically focused on addressing on the adoption of services and the ubiquity of protocols, with few focusing on the extent of vulnerability and exposures on the Internet. This paper explores the shellshock vulnerability in web applications by analysing the Alexa Top 1 Million, public-facing websites in the world to ascertain the pervasiveness and severity of shellshock. We achieved this by developing an algorithm that uses simple heuristics with multi-threading capabilities empowering us to perform rapid large-scale web application scanning across various hosts over the HTTP protocol. The results of our global scan were interesting, and illustrated the pervasiveness of shellshock and the potential impact it can have on an organisation -- despite this vulnerability being a known vulnerability at the time of our global scan. The results of which show that certain Web server configurations are particularly susceptible, and illustrates which popular top level domains and country's were most affected. Our findings also showed that while shellshock is easily detectable from an observational standpoint, there exists certain server configurations that allow the bug to be exploited even where cgi scripts are non-existent in the web server. We also discuss remediation guidelines and defensive security practices to protect hosts and organisations from such web-based attack vectors.","PeriodicalId":277092,"journal":{"name":"2015 IEEE Trustcom/BigDataSE/ISPA","volume":"326 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115840291","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-08-20DOI: 10.1109/Trustcom.2015.573
Junkai Chen, I-Lin Tang, Chun-Hsuan Chang
Extant face detection techniques cannot detect excessively inclined or angled faces, restricting the movement of the subject's facial posture and limiting the scope of face detection applications. Unlike conventional image processing techniques that train classifiers by using rotated frontal face images as positive samples, the researchers of this study employed real-time inclined face images as positive samples and adopted the AdaBoost algorithm for the training procedure. To verify the efficiency of the proposed detection method, the researchers employed three feature extraction methods, namely Haar-like features, histogram of oriented gradients (HOGs), and local binary patterns, to train classifiers from 719 self-developed positive samples and 719 conventional positive samples. Subsequently, a cross-detection experiment was conducted on the sample collections. In addition, the researchers further tested a self-developed video database comprising face videos of 20 subjects. The findings indicate that the proposed detection method outperformed conventional detection methods and improved considerably when coupled with the HOG feature extraction method.
现有的人脸检测技术无法检测到过度倾斜或倾斜的人脸,限制了受试者面部姿态的运动,限制了人脸检测的应用范围。与传统图像处理技术使用旋转正面人脸图像作为正样本训练分类器不同,本研究采用实时倾斜人脸图像作为正样本,并采用AdaBoost算法进行训练。为了验证所提检测方法的有效性,研究人员采用haar样特征、定向梯度直方图(histogram of oriented gradients, hog)和局部二值模式三种特征提取方法,分别从719个自主开发的阳性样本和719个常规阳性样本中训练分类器。随后,对采集的样品进行交叉检测实验。此外,研究人员进一步测试了一个由20名受试者的面部视频组成的自主开发的视频数据库。结果表明,该检测方法优于传统的检测方法,并与HOG特征提取方法相结合,具有明显的改进效果。
{"title":"Enhancing the Detection Rate of Inclined Faces","authors":"Junkai Chen, I-Lin Tang, Chun-Hsuan Chang","doi":"10.1109/Trustcom.2015.573","DOIUrl":"https://doi.org/10.1109/Trustcom.2015.573","url":null,"abstract":"Extant face detection techniques cannot detect excessively inclined or angled faces, restricting the movement of the subject's facial posture and limiting the scope of face detection applications. Unlike conventional image processing techniques that train classifiers by using rotated frontal face images as positive samples, the researchers of this study employed real-time inclined face images as positive samples and adopted the AdaBoost algorithm for the training procedure. To verify the efficiency of the proposed detection method, the researchers employed three feature extraction methods, namely Haar-like features, histogram of oriented gradients (HOGs), and local binary patterns, to train classifiers from 719 self-developed positive samples and 719 conventional positive samples. Subsequently, a cross-detection experiment was conducted on the sample collections. In addition, the researchers further tested a self-developed video database comprising face videos of 20 subjects. The findings indicate that the proposed detection method outperformed conventional detection methods and improved considerably when coupled with the HOG feature extraction method.","PeriodicalId":277092,"journal":{"name":"2015 IEEE Trustcom/BigDataSE/ISPA","volume":"134 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116248973","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-08-20DOI: 10.1109/Trustcom.2015.356
Sandeep Tamrakar, Jan-Erik Ekberg, Pekka Laitinen
Government Electronic IDs (EIds) are digital credentials issued to the citizens. In Europe, EIds are distributed in the form of identity cards or passports that allow for identity verification towards government and private services in the digital domain. This paper provides a reference design and implementation examples for Trusted Execution Environment (TEE) based EIds. Especially, the paper highlights the role of attestation during enrolment, a requirement that is not present in legacy EIds.
{"title":"On Rehoming the Electronic ID to TEEs","authors":"Sandeep Tamrakar, Jan-Erik Ekberg, Pekka Laitinen","doi":"10.1109/Trustcom.2015.356","DOIUrl":"https://doi.org/10.1109/Trustcom.2015.356","url":null,"abstract":"Government Electronic IDs (EIds) are digital credentials issued to the citizens. In Europe, EIds are distributed in the form of identity cards or passports that allow for identity verification towards government and private services in the digital domain. This paper provides a reference design and implementation examples for Trusted Execution Environment (TEE) based EIds. Especially, the paper highlights the role of attestation during enrolment, a requirement that is not present in legacy EIds.","PeriodicalId":277092,"journal":{"name":"2015 IEEE Trustcom/BigDataSE/ISPA","volume":"41 3","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114122183","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-08-20DOI: 10.1109/Trustcom.2015.490
Luciano Barreto, J. Fraga, Frank Siqueira
The concept of cloud federation, which recently became the focus of ongoing studies, enables cloud providers to establish trusts relationships and share resources and services. This paper presents an architectural model composed by software entities that provide the required support for building cloud federations, and specifies the algorithms for interaction between these entities for locating and acquiring resources in federated cloud providers. In this model, resources are located and obtained through a resource panel, which allows cloud providers to inform their resource needs, contracts established by providers are managed by resource brokers, and an identity provider is responsible for authentication and authorization support. Experimental results obtained through simulation demonstrate the feasibility of the proposed architectural model for cloud federations.
{"title":"Architectural Model and Security Mechanisms for Cloud Federations","authors":"Luciano Barreto, J. Fraga, Frank Siqueira","doi":"10.1109/Trustcom.2015.490","DOIUrl":"https://doi.org/10.1109/Trustcom.2015.490","url":null,"abstract":"The concept of cloud federation, which recently became the focus of ongoing studies, enables cloud providers to establish trusts relationships and share resources and services. This paper presents an architectural model composed by software entities that provide the required support for building cloud federations, and specifies the algorithms for interaction between these entities for locating and acquiring resources in federated cloud providers. In this model, resources are located and obtained through a resource panel, which allows cloud providers to inform their resource needs, contracts established by providers are managed by resource brokers, and an identity provider is responsible for authentication and authorization support. Experimental results obtained through simulation demonstrate the feasibility of the proposed architectural model for cloud federations.","PeriodicalId":277092,"journal":{"name":"2015 IEEE Trustcom/BigDataSE/ISPA","volume":"225 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114157368","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-08-20DOI: 10.1109/TRUSTCOM-BIGDATASE-ISPA.2015.613
Nentawe Gurumdimma, A. Jhumka, Maria Liakata, Edward Chuah, J. Browne
Resource-intensive applications such as scientific applications require the architecture or system on which they execute to display a very high level of dependability to reduce the impact of faults. Typically, the state of the underlying system is captured through messages that are recorded in a log file, which has been proven useful to system administrators in understanding the root-causes of system failures (and for their subsequent debugging). However, the time window between when the first error message is detected in the log file and time of the ensuing failure may not be large enough to allow the administrators to save the state of the running application, which will result in lost execution time. We thus address this fundamental question: Is it possible to extend this time window? The answer is positive: We show that, by using (i) resource usage logs to track anomalous resource usage and (ii) error logs to identify root-causes of system failures, it is possible to increase the time window, on average, by 50 minutes. These files were those obtained for the Ranger Supercomputer from TACC. We achieve this by applying anomaly detection techniques on resource usage data and conducting a root-cause analysis on error log files.
{"title":"Towards Increasing the Error Handling Time Window in Large-Scale Distributed Systems Using Console and Resource Usage Logs","authors":"Nentawe Gurumdimma, A. Jhumka, Maria Liakata, Edward Chuah, J. Browne","doi":"10.1109/TRUSTCOM-BIGDATASE-ISPA.2015.613","DOIUrl":"https://doi.org/10.1109/TRUSTCOM-BIGDATASE-ISPA.2015.613","url":null,"abstract":"Resource-intensive applications such as scientific applications require the architecture or system on which they execute to display a very high level of dependability to reduce the impact of faults. Typically, the state of the underlying system is captured through messages that are recorded in a log file, which has been proven useful to system administrators in understanding the root-causes of system failures (and for their subsequent debugging). However, the time window between when the first error message is detected in the log file and time of the ensuing failure may not be large enough to allow the administrators to save the state of the running application, which will result in lost execution time. We thus address this fundamental question: Is it possible to extend this time window? The answer is positive: We show that, by using (i) resource usage logs to track anomalous resource usage and (ii) error logs to identify root-causes of system failures, it is possible to increase the time window, on average, by 50 minutes. These files were those obtained for the Ranger Supercomputer from TACC. We achieve this by applying anomaly detection techniques on resource usage data and conducting a root-cause analysis on error log files.","PeriodicalId":277092,"journal":{"name":"2015 IEEE Trustcom/BigDataSE/ISPA","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116163927","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-08-20DOI: 10.1109/Trustcom.2015.498
Haining Meng, Xinhong Hei, Y. Li, Yanning Du, Guo Xie
Software aging is a crucial potential factor that affects software reliability. Software rejuvenation is a main effective method to counteract software aging. Aiming at software system suffering from security attack, a software rejuvenation model based on Markov regenerative stochastic Petri Nets is set up. Then the solution for the steady availability of the new model is derived via Markov regenerative theory. The numeric results show that, the optimal software rejuvenation schedule derived from the model can improve system availability, reduce downtime cost, and resist exterior attacks.
{"title":"A Rejuvenation Model for Software System under Normal Attack","authors":"Haining Meng, Xinhong Hei, Y. Li, Yanning Du, Guo Xie","doi":"10.1109/Trustcom.2015.498","DOIUrl":"https://doi.org/10.1109/Trustcom.2015.498","url":null,"abstract":"Software aging is a crucial potential factor that affects software reliability. Software rejuvenation is a main effective method to counteract software aging. Aiming at software system suffering from security attack, a software rejuvenation model based on Markov regenerative stochastic Petri Nets is set up. Then the solution for the steady availability of the new model is derived via Markov regenerative theory. The numeric results show that, the optimal software rejuvenation schedule derived from the model can improve system availability, reduce downtime cost, and resist exterior attacks.","PeriodicalId":277092,"journal":{"name":"2015 IEEE Trustcom/BigDataSE/ISPA","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125630928","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: