the NASA Goddard Space Flight Center and the University of Maryland Institute for Advanced Computer Studies are studying mechanisms for installing and managing Storage Area Networks (SANs) that span multiple independe...
详细信息
the NASA Goddard Space Flight Center and the University of Maryland Institute for Advanced Computer Studies are studying mechanisms for installing and managing Storage Area Networks (SANs) that span multiple independent collaborating institutions using Storage Area Network Routers (SAN Routers). We present a framework for managing inter-site distributed SANs that uses Grid technologies to balance the competing needs to control local resources, share information, delegate administrative access, and manage the complex trust relationships between the participating sites.
A quorum system over a universe of logical elements is a collection of subsets (quorums) of elements, any two of which intersect. In numerous distributed algorithms, the elements of the universe reside on the nodes of...
详细信息
ISBN:
(纸本)1595933840
A quorum system over a universe of logical elements is a collection of subsets (quorums) of elements, any two of which intersect. In numerous distributed algorithms, the elements of the universe reside on the nodes of a physical network and the participating nodes accessthe system by contacting every element in some quorum, potentially causing the added network congestion induced by these quorum accesses to play a limiting factor in the performance of the algorithm. In this paper we initiate the study of algorithms to place universe elements on the nodes of a physical network so as to minimize the network congestion that results from quorum accesses, while also ensuring that no physical node is overloaded by access requests from clients. We consider two models, one in which communication routes can be chosen arbitrarily and one in which they are fixed in advance. We show that in either model, the optimal congestion (with respect to the load constraints) cannot be approximated to any factor (unless P=NP). However, we show that at most doubling the load on nodes allows us to achieve a congestion that is close to this optimal value. We also shed some light on the extent to which element migration can reduce congestion in this context. Copyright 2006 acm.
the iSCSI storage can provide high speed, easy management and low cost advantages to satisfy the requirements of small-size IT departments. Usually, the servers running iSCSI protocols suffer from the heavy IO process...
详细信息
the iSCSI storage can provide high speed, easy management and low cost advantages to satisfy the requirements of small-size IT departments. Usually, the servers running iSCSI protocols suffer from the heavy IO processing and therefore require an adapter card relieving the host CPU load. In this paper, we proposed an effective method which attempts to offload the processing of iSCSI and TCP/IP onto our designed host bus adapter card. the adapter card uses embedded Linux as operating system to perform iSCSI functions and hardware-accelerating CRC module to optimize the performance of iSCSI. the experimental results show that the iSCSI card can provide good performance with less host CPU load.
Disk drives are a performance bottleneck for data-intensive applications. Drive manufacturers have continued to increase the rotational speeds to meet performance requirements, but the faster drives consume more power...
详细信息
Disk drives are a performance bottleneck for data-intensive applications. Drive manufacturers have continued to increase the rotational speeds to meet performance requirements, but the faster drives consume more power and run hotter. Future drives will soon be operating at temperatures that threaten drive reliability. One strategy that has been proposed for increasing drive performance without sacrificing reliability is throttling. throttling delays service to I/O requests after the disk temperature exceeds a set threshold temperature until the temperatures drops. In this paper, we explore the possibility that a malicious attacker withthe ability to issue disk read requests may be able to exploit throttling to carry out a denial-of-service attack on a storage system. Our results reveal that damaging attacks are possible when throttling is used, and argue for the use of variable speed disks as a less vulnerable thermal management alternative.
the proceedings contain 19 papers. the topics discussed include: integrity constraints in trust management;declaration and enforcement of fine-grained access restrictions for a service-based geospatial data infrastruc...
详细信息
the proceedings contain 19 papers. the topics discussed include: integrity constraints in trust management;declaration and enforcement of fine-grained access restrictions for a service-based geospatial data infrastructure;future direction of accesscontrolmodels, architectures, and technologies;supporting conditional delegation in secure workflow management systems;a fine-grained, controllable, user-to-user delegation method in RBAC;relevancy based accesscontrol of versioned XML documents;provable bounds for portable and flexible privacy-preserving access rights;verifiable composition of accesscontrol and application features;adaptive trust negotiation and accesscontrol;and role mining with ORCA.
the administration of users and access rights in large enterprises is a complex and challenging task. Role-based accesscontrol (RBAC) is a powerful concept for simplifying accesscontrol. In particular. Enterprise Ro...
详细信息
ISBN:
(纸本)9781595930453
the administration of users and access rights in large enterprises is a complex and challenging task. Role-based accesscontrol (RBAC) is a powerful concept for simplifying accesscontrol. In particular. Enterprise Roles spanning across different IT systems are increasingly used as a basis for company-wide security management. However, the administration of roles in large organisations can become quite cumbersome and needs to be automated. During the past years, rules have been used to support automation of user and access rights administration. We discuss different rule-based approaches and propose a new method called rule-based provisioning of roles which combines the advantages of rules and roles. Experiences made during implementation of this approach are presented in two case studies. the results are evaluated and show that role-based accesscontrol in combination with rule-based provisioning can be successfully used in practice. A high level of automation can be achieved. Copyright 2005 acm.
accesscontrol features are often spread across and tangled with other functionality in a design. this makes modifying and replacing these features in a design difficult. Aspect-oriented modeling (AOM) techniques can ...
详细信息
ISBN:
(纸本)9781595930453
accesscontrol features are often spread across and tangled with other functionality in a design. this makes modifying and replacing these features in a design difficult. Aspect-oriented modeling (AOM) techniques can be used to support separation of accesscontrol concerns from other application design concerns. Using an AOM approach, accesscontrol features are described by aspect models and other application features are described by a primary model. Composition of aspect and primary models yields a design model in which accesscontrol features are integrated with other application features. In this paper, we present, through an example, an AOM approach that supports verifiable composition of behaviors described in accesscontrol aspect models and primary models. Given an aspect model, a primary model, and a specified property, the composition technique produces proof obligations as the behavioral descriptions in the aspect and primary models are composed. One has to discharge the proof obligations to establish that the composed model has the specified property. Copyright 2005 acm.
It has been recognized for some lime that software alone does not provide an adequate foundation for building a high-assurance trusted platform. the emergence of industry-standard trusted computing technologies promis...
详细信息
ISBN:
(纸本)9781595930453
It has been recognized for some lime that software alone does not provide an adequate foundation for building a high-assurance trusted platform. the emergence of industry-standard trusted computing technologies promises a revolution in this respect by providing roots of trust upon which secure applications can be developed. these technologies offer a particularly attractive platform for security in peer-to-peer environments. In this paper we propose a trusted computing architecture to enforce accesscontrol policies in such applications. Our architecture is based on an abstract layer of trusted hardware which can be constructed with emerging trusted computing technologies. A trusted reference monitor (TRM) is introduced beyond the trusted hardware. By monitoring and verifying the integrity and properties of running applications in a platform using the functions of trusted computing, the TRM can enforce various policies on behalf of object owners. We further extend this platform-based architecture to support user-based control policies, cooperating with existing services for user identity and attributes. this architecture and its refinements can be extended in future work to support general accesscontrolmodels such as lattice-based accesscontrol, role-based accesscontrol, and usage control. Copyright 2005 acm.
暂无评论