Recent automotive systems require various data, including data from on-board sensors and external sources to recognize environmental conditions. As the amount of sensor data used in automotive systems increases, processes that use such data become increasingly complicated. In addition, similar data processing can be duplicated over multiple applications. To address these issues, a data stream management system (DSMS) for automotive systems based on a data integration architecture has been developed. However, hard real-time deadlines cannot be guaranteed due to unpredictable load changes caused by data streams. For example, the arrival time and CPU utilization requested by data streams from vehicle-to-vehicle communications change rapidly depending on environmental conditions. We propose the reservation-based operator path earliest deadline first (ROP-EDF) scheduling algorithm for an automotive DSMS under overload conditions. The proposed algorithm reserves processor time preferentially for hard real-time tasks so that tasks can meet deadlines under overload conditions. ROP-EDF can be used for load testing on a single processor system. Experimental results show the effectiveness of the proposed algorithm compared with existing algorithms relative to the deadline miss ratio under overload conditions.
In traditional public key encryption schemes, data encrypted by a public key pk can be decrypted only by a secret key sk corresponding to pk, and the relation between pk and sk is static. Therefore, the schemes are unsuitable for control of access to a single data by several users. Meanwhile, functional encryption (FE) is an encryption scheme that provides more sophisticated and flexible relations between pk and sk. Thus, FE enables only one pk to encrypt the data with any conditions for decryption, so it is considered a very useful tool for the access control of data on the cloud server. However, implementing the current FE scheme is a non-trivial task because the deep knowledge of the scheme is required. This is an obstacle factor to deploy the FE scheme in the real-world security systems. In this paper, we propose an implementation of the FE (Ciphertext-Policy FE and Key-Policy FE, which are useful classes of FE) library usable even for people who do not have the deep knowledge of these schemes.
We propose a new secret sharing scheme realizing general access structures, which is based on unauthorized subsets. In the proposed scheme, we can select a subset of participants without restrictions and reduce the number of shares distributed to any participant who belongs to the selected subset.
The leaking of information has increased in recent years. To address this problem, we previously proposed a function for tracing the diffusion of classified information in a guest OS using a virtual machine monitor (VMM). This function makes it possible to grasp the location of classified information and detect information leakage without modifying the source codes of the guest OS. The diffusion of classified information is caused by a file operation, child process creation, and inter-process communication (IPC). In a previous study, we implemented the proposed function for a file operation and child process creation excluding IPC using a kernel-based virtual machine (KVM). In this paper, we describe the design of the proposed function for IPC on a KVM without modifying the guest OS. The proposed function traces the local and remote IPCs inside the guest OS from the outside so as to trace the information diffusion. Because IPC with an outside computer might cause information leakage, tracing the IPCs enables the detection of such a leakage. We also report the evaluation results including the traceability and performance of the proposed function.
The Domain Name System (DNS), whose major function is to manage associations between domain names and IP addresses, plays a major role in managing the Internet. Thus, a DNS impairment would significantly impact society. A major cause of DNS impairment is Distributed Denial of Service (DDoS) attack on authoritative DNS servers. Our study focuses on the recently emerging DDoS attack known as the DNS Water Torture Attack. This attack causes open resolvers, which are improperly configured cache DNS servers that accept requests from both LAN and WAN, to send many queries to resolve domains managed by target servers. Domain names for resolving sent in this attack include varying random subdomains. Cache servers certainly will not have cached data for these queries, and so a huge volume of queries converges to the target authoritative servers via cache servers. In this paper, we propose a detection method for this attack using the Naive Bayes Classifier. Experimental results show that our method is capable of detecting this attack with a 95.59% detection rate. Moreover, the results of performance simulation show that our method is fast enough to process more than 2.3Gbps of traffic on the fly.
The Internet currently provides a multitude of services, which have become essential for everyday life such as disclosure of company information, online services, and e-commerce. Therefore, interruptions to these services greatly inconvenience the public. A denial of service (DoS) attack affects regular users' access to a network resource. DoS tools usually include a function for monitoring the status of the targeted server that allows the attacker to confirm the effectiveness of the current attack and the defense activities of the server, and thus plan further attacks. By observing the effectiveness of the current attack, the attacker can adjust the attack intensity to match the server's status. Depending on the defense response, the perpetrator can judge whether their attack is being mitigated using certain techniques. If the attacker observes a defensive response to the attack, the attacker can respond by changing the attack method, abandoning the attack, or targeting a more vulnerable server. We propose a method that allows the server to maintain its service to users relatively unaffected by the attacks, responds optimally to each attacker, and impedes the attacker's ability to detect defensive responses. In this paper, we implement our proposed method and evaluate the effectiveness of the system.
In this paper, we propose a new mathematical model for evaluating a given anonymized dataset that risks being re-identified. Many anonymization algorithms have been proposed in the area called privacy-preserving data publishing (PPDP), but, no anonymization algorithms are suitable for all scenarios because many factors, e.g., a requirement of accuracy, a domain of attributes, a size of dataset, and sensitivities of attributes, are involved. In order to address the issues of anonymization, we propose a new mathematical model based on the Zipf distribution. Our model is simple, but it fits well with the real distribution of trajectory data. We demonstrate the primary property of our model and we extend it to a more complex environment. Using our model, we define the theoretical bound for reidentification, which yields the appropriate optimal level for anonymization.
The current trend for high-performance distributed file systems is object-based architecture that uses local object storage to store the file data. The IO performance of such systems depends on the local object storage that manages the underlying low-level storage, such as Fusion IO ioDrive, a flash device connected through PCI express. It provides OpenNVM flash primitives, such as atomic batch write and sparse addressing. We designed an object storage using OpenNVM whose goal is to maximize IOPS/bandwidth performance. Using the sparse address space, it is possible to design object storage as an array of fixed-size regions. Using atomic batch write, the object storage supports the ACID properties in each write. Our prototype implementation achieves 740, 000 IOPS for object creations using 16 threads, which is 12 times better than DirectFS. The write performance achieves 97.7% of the physical peak performance on average.