- 1 - S 21. Directory-based Administration of Virtual Private Networks: Policy & Configuration. Charles A Kunzinger.
|
|
- Ruby Pitts
- 6 years ago
- Views:
Transcription
1 - 1 - S 21 Diretory-based Administration of Virtual Private Networks: Poliy & Configuration Charles A Kunzinger kunzinge@us.ibm.om
2 - 2 - Clik here Agenda to type page title What is a VPN? What is VPN Poliy? "Box Configuration" & "Network Configuration" Shemas: Unambiguous desriptions Some examples Future Work
3 - 3 - What is a VPN? Clik here to type Remote page title Branh Offie or Corporate Intranet User Another Company's Intranet Internet / Other Publi Network A VPN (Virtual Private Network) is an extension of an enterprise's private intranet, aross a publi network (suh as the Internet), reating a seure onnetion enrypt the user's datagrams validate the user's datagrams authentiate the soure of the datagrams establish & maintain ryptographi serets
4 - 4 - VPN Customer Value Clik here to type page title Corporate Intranet Remote User Branh Offie or Another Company's Intranet Internet / Other Publi Network Easy, seure aess to enterprise networks and resoures: Remote users and remote loations an aess required information whenever they need to and from wherever they are Worldwide Aess: Internet aess is available worldwide, where other forms of onnetivity may be either not available or may be more expensive Cost Savings: Cost effetive aess to the Internet via a loal all to an ISP, versus expensive leased lines, long-distane alls and toll-free telephone numbers Estimated 20%-47% savings in WAN osts and 60%-80% savings in remote aess dial-up osts, per Infonetis Researh, In
5 VPN Business Opportunities Remote Aess Branh Offie Connetion Business Partner/Supplier Network Corporate Intranet Corporate Intranet Corporate Intranet Internet Internet Internet Remote User Branh Offie Intranet Business Partner/Supplier Intranets Remote Aess Senario Problems: High administrative workload ost, expensive 800 or long distane osts Solutions: VPNs exploit world-wide ISP reah and lower onnetivity and administrative osts Branh Offie Connetion Senario Problems: Expensive Leased Line onnetions or part-time dial onnetions to home offie Solutions: VPNs provide 24-hour ease-of-use onnetivity via inexpensive Internet links Business Partner/Supplier Network Senario Problems: Set-up/operational ost prohibitively high for smaller business partners; geographi limitations Solutions: VPNs provide global, seure, ost-effetive, end-to-end inter-ompany ommuniation via Internet
6 Where Does IPSe Fit? Appliations TCP/UDP IP S-MIME S-HTTP SET IPSe (ISAKMP) Others... SOCKS V5 SSL TLS IPSe (AH, ESP), paket filtering, tunneling Network Interfae CHAP, PAP,MS-CHAP Network Layer (AH, ESP) protets user data Appliation Layer (ISAKMP) manages seurity assoiations and seurely generates and refreshes ryptographi keys
7 Seurity Taxonomy Seurity Cryptography Algorithms (AH, ESP) Shared Key Message Digest Publi/Private Key Pairs Seurity Servies Confidentiality Authentiation Integrity Replay Protetion Management Key Management Key Distribution Certifiates Seurity Assoiation (ISAKMP)
8 - 8 - Clik here Poliy to type Issues page title There are three: What should it be: eah ompany must analyze its own situation and set its own poliy Where it should be defined: per-box entralized, network-entri How it should be stored: LDAP Shema Retrieval methods
9 - 9 - Clik Who here sets to VPN type Poliy? page title VPN's owner-operator sets the poliy: Membership Aess ontrols Seurity details: enryption requirements authentiation requirements allowable protools: http, ftp, telnet,..., mail VPN's members (lients, servers, gateways) exeute poliy, but do not set it: Centralized database with single point of ontrol Download box onfigurations, whih arry out the VPN poliy
10 Clik here to type page title Company seurity poliy: profiles, natural language desriptions, VPN topology,... Gui/Shema Mapping VPN Poliy LDAP Flows with IPSe onfig data Map "Poliy" into GUI into VPN Shema Pre-defined profiles for typial onfigurations: Branh Offie Interonnet Supplier Networks Remote Aess Centralized definition for all IPSe boxes in a given VPN onsisteny heking ompany-wide definition Database management: individual boxes "pull in" their own onfiguration data onfiguration data must be authentiated, but not neessarily kept onfidential Central Repository
11 Box & Network Configuration Clik here to type page title Today most boxes are onfigured on an individual basis: Firewalls guard your perimeter, regardless of what's done (or not done) at the far end of the ommuniations path In today's VPN world, pairwise onfiguration of boxes is the norm: same algorithms, shared keys, et. In tomorrow's VPN world, network-wide onfiguration of boxes will be ritial: "Branh Offie" is a mesh onnetion "Business Partner" typially involves multiple enterprises "Remote Users" may aess their home networks or their business partners' networks A given box may simultaneously partiipate in multiple senarios
12 Box & Network Configuration... Clik here to type page title Remote Aess Corporate Intranet Remote Site Internet Business Partner A given box may partiipate in multiple VPNs: e.g., Branh Offie and Supplier Networks Eah box (lient, server, gateway) has its own Shema The olletion of individual Shemas must implement a ompany's network-wide poliy onsistently
13 Poliy, Clik here Parameters, to type page & Shema title Poliy: desribes what you want your VPN to do for you Parameters: detailed box-speifi values that IPse/IKE must instantiate Shema: formal mehanism to desribe how IPSe and IKE onfiguration will be stored in the ommon database, for eventual retrieval via LDAP mehanisms
14 IPSe Shema Clik here to type page title Voabulary is largely "IPse-speifi": preise tehnial meanings ould be daunting to "non-experts" Standardized, open desription of the onfiguration of a single VPN-apable box Two types of objets are desribed: Generi: an apply to many Seurity Assoiations; reusable; unambiguous depition of orporate VPN poliy Traffi-speifi: define the end points between whih a given SA an be instantiated; link topology to abstrat poliy
15 VPN Shema Overview Clik here to type page title Poliy Rule Traffi Profile Traffi Profile Traffi Profile ISAKMP Ation IPse Ation Validity Period Validity Period Phase 2 Phase 1 ISAKMP Proposal ISAKMP Proposal IPSe Proposal IPSe Proposal IPSe Proposal IPSe Proposal D-H Group D-H Group IPSe Transform Legend: Independent of end points End point speifi
16 Shema Model Clik here to type page title If (onditions met) then (take indiated ation) Conditions: Traffi Profile: soure & destination addresses, ports, interfaes, protools, ID Validity Period IPSe Ation: proxies' addresses, ports, protools Ations: ISAKMP Ation IPSe Ation
17 Shema Classes... Clik here to type page title A single Poliy Rule an point to: multiple Traffi Profiles multiple Validity Periods single ISAKMP Ation single IPSe Ation ISAKMP Ation: Phase 1 exhange mode, lifetimes, publi key (ertifiate) information, pointer to "ISAKMP Proposals" ISAKMP Proposal: algorithms & authentiation methods, lifetimes, D-H group. (multiple per "ISAKMP Ation") IPse Ation: proxy info, tunnel end point, lifetimes, pointer to protetion suites, pointer to a oupled "ISAKMP Proposal". IPSe Transforms: algorithm details, lifetimes, D-H group. (multiple per "IPSeAtion") D-H Group: general D-H group harateristis; pointed to by "IPSe Proposals" and "ISAKMP Proposals There ae some "non-standards" items in the Shema: ISAKMP Connetion "Lifetime" for ISAKMP Connetion as well as for ISAKMP SA Override values for Lifetimes
18 Branh Offie Senario Clik here to type page title H1 H3 SG IKE SA IPSe SA SG1 H2 Only SG1 and SG2 have VPN Shemas Phase 1 SA terminates at SG1 & SG2 Phase 2 SA(s) terminate at SG1 and SG2 If a multiple host pairs levy the same speial requirements on the Gateways, then appropriate "proxy info" must be inluded in the IPSe Ation defined in both SG1's and SG2's shema If multiple host pairs levy different speial requirements on the Gateways, then multiple Poliy Rules must be reated
19 Supplier Network (Nested Tunnels) Clik here to type page title IKE SA H1 IKE SA SG1 IPSe SA SG2 IPSe SA H2 Independent IKE negotiations: SG1 & SG2 have a set of SAs between them H1 and H2 have a set of SAs between them H1-H2 SAs are nested inside SG1-SG2 IPSe SA SG1-SG2 IPSe SA(s) must inlude "proxy info" on intranet end points: eah "proxy pair" needs a different SG1-SG2 IPSe SA eah different IPSe SA implies a separate IPSe Ation eah IPSe Ation implies a distint Poliy Rule......and so on as we get into even more omplex examples
20 Box Configuration Impliations... Clik here to type page title A VPN Shema alone is not suffiient to guarantee network-wide onsistent poliy: It guarantees unambiguous "per-box" desriptions of IPSe harateristis It does not guarantee aeptable end-to-end results In previous two examples, a network topology diagram was needed to visualize the orret "shema" to onstrut If boxes are onfigured individually, then eah administrator must work off the same topology diagram, inluding the speifi IP address & port information Boxes that partiipate in all three IBM senarios (Branh Offie, Supplier, Remote Aess) will be espeially diffiult to onfigure aurately
21 Clik Poliy here to Questions... type page title Mehanisms for a box to retrieve its own onfiguration information from Diretory? Mehanisms for heking onsisteny aross a large set of individually onfigured boxes? outright misonfiguration errors (e.g., does eah rule have a "mirror image"?) overlapping poliy rules (what breaks the ties?) Consisteny of terminology between GUI panels and LDAP Shema? Mapping of GUI entries into the Shema formats?
22 IBM Clik VPN here Poliy to type Groundrules page title Sine "Shema" is to be an open standard, it takes preedene over GUIs IBM GUIs must demonstrate one-to-one mapping onto the VPN Shema All profiles possible that an be onfigured with a GUI must map into a mathing Shema GUIs need not support all profiles that are possible under VPN Shema GUI terminology must be ommon aross all IBM VPN produts, but an use more"olloquial" terms than the Shema
23 Clik Sanity here to Chek... type page title Define a benhmark "omplex VPN onfiguration" involving: lients, servers, firewalls, and routers elements from all senarios: branh offie, supplier, remote aess Demonstrate "per box" onfiguration using GUI Produe omposite LDAP VPN Shema Learn from our mistakes...
24 Sample Configuration Clik here to type page title H2 H1 Example VPN Poliy GW1 1. GW1 and GW2 must enrypt and authentiate from all hosts, exept from H2 and H3, that flows between GW1 and GW2, using DES and HMAC-MD5. Keys must be refreshed at least one every 20 minutes. 2. Traffi from H1 to H2 must be enrypted and authentiated end-to-end using 3DES and HMAC-SHA1. Keys must be refreshed at least one very 10 minutes with PFS. 3. Traffi between H2 nd H3 must be authentiated by GW2 and GW1. Keys must be refreshed with PFS one every 60 minutes. 4. GW1 must rejet all traffi from the "blue" intranet exept for pakets from H1. And GW1 and GW3 must authentiate trafi flowing between themselves. 5. GW2 must rejet all traffi to or from the "non-yellow" intranets. GW3 INTERNET GW2 H3
25 Future Work Clik here to type page title LDAP-based "VPN Shema" aepted by IETF by 1Q'99 (industry-wide goal) IBM "Value-Adds" for VPNs: Develop user-friendly front-end network onfiguration tool--"point & lik" will: Apply named poliy elements between speifi VPN-enabled boxes Automatially generate orresponding VPN shema and load into entral database Develop automated onsisteny heker for VPN Poliy aross large numbers of boxes
CA Test Data Manager 4.x Implementation Proven Professional Exam (CAT-681) Study Guide Version 1.0
Implementation Proven Professional Study Guide Version 1.0 PROPRIETARY AND CONFIDENTIAL INFORMATION 2017 CA. All rights reserved. CA onfidential & proprietary information. For CA, CA Partner and CA Customer
More informationCA Privileged Access Manager 3.x Proven Implementation Professional Exam (CAT-661) Study Guide Version 1.0
Exam (CAT-661) Study Guide Version 1.0 PROPRIETARY AND CONFIDENTIAL INFMATION 2018 CA. All rights reserved. CA onfidential & proprietary information. For CA, CA Partner and CA Customer use only. No unauthorized
More informationCA Single Sign-On 12.x Proven Implementation Professional Exam (CAT-140) Study Guide Version 1.5
Study Guide Version 1.5 PROPRIETARY AND CONFIDENTIAL INFORMATION 2018 CA. All rights reserved. CA onfidential & proprietary information. For CA, CA Partner and CA Customer use only. No unauthorized use,
More informationAlgorithms, Mechanisms and Procedures for the Computer-aided Project Generation System
Algorithms, Mehanisms and Proedures for the Computer-aided Projet Generation System Anton O. Butko 1*, Aleksandr P. Briukhovetskii 2, Dmitry E. Grigoriev 2# and Konstantin S. Kalashnikov 3 1 Department
More informationCA Privileged Identity Manager r12.x (CA ControlMinder) Implementation Proven Professional Exam (CAT-480) Study Guide Version 1.5
Proven Professional Exam (CAT-480) Study Guide Version 1.5 PROPRIETARY AND CONFIDENTIAL INFORMATION 2016 CA. All rights reserved. CA onfidential & proprietary information. For CA, CA Partner and CA Customer
More informationDETECTION METHOD FOR NETWORK PENETRATING BEHAVIOR BASED ON COMMUNICATION FINGERPRINT
DETECTION METHOD FOR NETWORK PENETRATING BEHAVIOR BASED ON COMMUNICATION FINGERPRINT 1 ZHANGGUO TANG, 2 HUANZHOU LI, 3 MINGQUAN ZHONG, 4 JIAN ZHANG 1 Institute of Computer Network and Communiation Tehnology,
More informationOutline: Software Design
Outline: Software Design. Goals History of software design ideas Design priniples Design methods Life belt or leg iron? (Budgen) Copyright Nany Leveson, Sept. 1999 A Little History... At first, struggling
More informationMake your process world
Automation platforms Modion Quantum Safety System Make your proess world a safer plae You are faing omplex hallenges... Safety is at the heart of your proess In order to maintain and inrease your ompetitiveness,
More informationAdobe Certified Associate
Adobe Certified Assoiate About the Adobe Certified Assoiate (ACA) Program The Adobe Certified Assoiate (ACA) program is for graphi designers, Web designers, video prodution designers, and digital professionals
More informationOn - Line Path Delay Fault Testing of Omega MINs M. Bellos 1, E. Kalligeros 1, D. Nikolos 1,2 & H. T. Vergos 1,2
On - Line Path Delay Fault Testing of Omega MINs M. Bellos, E. Kalligeros, D. Nikolos,2 & H. T. Vergos,2 Dept. of Computer Engineering and Informatis 2 Computer Tehnology Institute University of Patras,
More informationWhat are Cycle-Stealing Systems Good For? A Detailed Performance Model Case Study
What are Cyle-Stealing Systems Good For? A Detailed Performane Model Case Study Wayne Kelly and Jiro Sumitomo Queensland University of Tehnology, Australia {w.kelly, j.sumitomo}@qut.edu.au Abstrat The
More informationEpisode 12: TCP/IP & UbiComp
Episode 12: TCP/IP & UbiComp Hannes Frey and Peter Sturm University of Trier Outline Introdution Mobile IP TCP and Mobility Conlusion Referenes [1] James D. Solomon, Mobile IP: The Unplugged, Prentie Hall,
More informationCA Release Automation 5.x Implementation Proven Professional Exam (CAT-600) Study Guide Version 1.1
Exam (CAT-600) Study Guide Version 1.1 PROPRIETARY AND CONFIDENTIAL INFORMATION 2016 CA. All rights reserved. CA onfidential & proprietary information. For CA, CA Partner and CA Customer use only. No unauthorized
More informationCA Identity Suite 14.x Implementation Proven Professional Exam (CAT-760) Study Guide Version 1.1
Study Guide Version 1.1 PROPRIETARY AND CONFIDENTIAL INFORMATION 2018 CA. All rights reserved. CA onfidential & proprietary information. For CA, CA Partner and CA Customer use only. No unauthorized use,
More informationAustralian Journal of Basic and Applied Sciences. A new Divide and Shuffle Based algorithm of Encryption for Text Message
ISSN:1991-8178 Australian Journal of Basi and Applied Sienes Journal home page: www.ajbasweb.om A new Divide and Shuffle Based algorithm of Enryption for Text Message Dr. S. Muthusundari R.M.D. Engineering
More informationA DYNAMIC ACCESS CONTROL WITH BINARY KEY-PAIR
Malaysian Journal of Computer Siene, Vol 10 No 1, June 1997, pp 36-41 A DYNAMIC ACCESS CONTROL WITH BINARY KEY-PAIR Md Rafiqul Islam, Harihodin Selamat and Mohd Noor Md Sap Faulty of Computer Siene and
More informationEstablishing Secure Ethernet LANs Using Intelligent Switching Hubs in Internet Environments
Establishing Seure Ethernet LANs Using Intelligent Swithing Hubs in Internet Environments WOEIJIUNN TSAUR AND SHIJINN HORNG Department of Eletrial Engineering, National Taiwan University of Siene and Tehnology,
More informationFine-Grained Capabilities for Flooding DDoS Defense Using Client Reputations
Fine-Grained Capabilities for Flooding DDoS Defense Using Client Reputations ABSTRACT Maitreya Natu University of Delaware 103 Smith Hall Newark, DE 19716, USA natu@is.udel.edu Reently proposed apability
More informationCA Agile Requirements Designer 2.x Implementation Proven Professional Exam (CAT-720) Study Guide Version 1.0
Exam (CAT-720) Study Guide Version 1.0 PROPRIETARY AND CONFIDENTIAL INFORMATION 2017 CA. All rights reserved. CA onfidential & proprietary information. For CA, CA Partner and CA Customer use only. No unauthorized
More informationCA Service Desk Manager 14.x Implementation Proven Professional Exam (CAT-181) Study Guide Version 1.3
Exam (CAT-181) Study Guide Version 1.3 PROPRIETARY AND CONFIDENTIAL INFORMATION 2017 CA. All rights reserved. CA onfidential & proprietary information. For CA, CA Partner and CA Customer use only. No unauthorized
More informationPBFT: A Byzantine Renaissance. The Setup. What could possibly go wrong? The General Idea. Practical Byzantine Fault-Tolerance (CL99, CL00)
PBFT: A Byzantine Renaissane Pratial Byzantine Fault-Tolerane (CL99, CL00) first to be safe in asynhronous systems live under weak synhrony assumptions -Byzantine Paos! The Setup Crypto System Model Asynhronous
More informationDoS-Resistant Broadcast Authentication Protocol with Low End-to-end Delay
DoS-Resistant Broadast Authentiation Protool with Low End-to-end Delay Ying Huang, Wenbo He and Klara Nahrstedt {huang, wenbohe, klara}@s.uiu.edu Department of Computer Siene University of Illinois at
More informationZyzzyva: Speculative Byzantine Fault Tolerance By Ramakrishna Kotla,* Allen Clement, Edmund Wong, Lorenzo Alvisi, and Mike Dahlin
: Speulative Byzantine Fault Tolerane By Ramakrishna Kotla,* Allen Clement, Edmund Wong, Lorenzo Alvisi, and Mike Dahlin doi:10.1145/1400214.1400236 Abstrat A longstanding vision in distributed systems
More informationConstructing Transaction Serialization Order for Incremental. Data Warehouse Refresh. Ming-Ling Lo and Hui-I Hsiao. IBM T. J. Watson Research Center
Construting Transation Serialization Order for Inremental Data Warehouse Refresh Ming-Ling Lo and Hui-I Hsiao IBM T. J. Watson Researh Center July 11, 1997 Abstrat In typial pratie of data warehouse, the
More informationCA API Management 8.x Implementation Proven Professional Exam (CAT-560) Study Guide Version 1.1
Exam (CAT-560) Study Guide Version 1.1 PROPRIETARY AND CONFIDENTIAL INFORMATION 2016 CA. All rights reserved. CA onfidential & proprietary information. For CA, CA Partner and CA Customer use only. No unauthorized
More informationPipelined Multipliers for Reconfigurable Hardware
Pipelined Multipliers for Reonfigurable Hardware Mithell J. Myjak and José G. Delgado-Frias Shool of Eletrial Engineering and Computer Siene, Washington State University Pullman, WA 99164-2752 USA {mmyjak,
More informationBatch Auditing for Multiclient Data in Multicloud Storage
Advaned Siene and Tehnology Letters, pp.67-73 http://dx.doi.org/0.4257/astl.204.50. Bath Auditing for Multilient Data in Multiloud Storage Zhihua Xia, Xinhui Wang, Xingming Sun, Yafeng Zhu, Peng Ji and
More informationManaging Handover Authentication in Big-domain Wireless Environment
Managing Handover Authentiation in Big-domain Wireless Environment Changsheng Wan, Aiqun Hu, Juan Zhang Managing Handover Authentiation in Big-domain Wireless Environment Changsheng Wan *1, Aiqun Hu *1,
More informationSVC-DASH-M: Scalable Video Coding Dynamic Adaptive Streaming Over HTTP Using Multiple Connections
SVC-DASH-M: Salable Video Coding Dynami Adaptive Streaming Over HTTP Using Multiple Connetions Samar Ibrahim, Ahmed H. Zahran and Mahmoud H. Ismail Department of Eletronis and Eletrial Communiations, Faulty
More informationAccommodations of QoS DiffServ Over IP and MPLS Networks
Aommodations of QoS DiffServ Over IP and MPLS Networks Abdullah AlWehaibi, Anjali Agarwal, Mihael Kadoh and Ahmed ElHakeem Department of Eletrial and Computer Department de Genie Eletrique Engineering
More informationWhat about asynchronous systems? The Game of Paxos. Quorum Systems. The Game of Paxos
What about asynhronous systems? FLP says onsensus annot be solved... For benign failures, Paos provides net best thing always safe And for Byzantine failures? The Game of Paos Proesses are ompeting to
More informationPROJECT PERIODIC REPORT
FP7-ICT-2007-1 Contrat no.: 215040 www.ative-projet.eu PROJECT PERIODIC REPORT Publishable Summary Grant Agreement number: ICT-215040 Projet aronym: Projet title: Enabling the Knowledge Powered Enterprise
More informationMulti-Channel Wireless Networks: Capacity and Protocols
Multi-Channel Wireless Networks: Capaity and Protools Tehnial Report April 2005 Pradeep Kyasanur Dept. of Computer Siene, and Coordinated Siene Laboratory, University of Illinois at Urbana-Champaign Email:
More informationA Lightweight Intrusion-Tolerant Overlay Network
A Lightweight Intrusion-Tolerant Overlay Network Rafael R. Obelheiro and Joni da Silva Fraga Department of Automation and Systems Federal University of Santa Catarina, Brazil Email: rro@das.ufs.br, fraga@das.ufs.br
More informationCA PPM 14.x Implementation Proven Professional Exam (CAT-222) Study Guide Version 1.2
CA PPM 14.x Implementation Proven Professional Exam (CAT-222) Study Guide Version 1.2 PROPRIETARY AND CONFIDENTIAL INFMATION 2016 CA. All rights reserved. CA onfidential & proprietary information. For
More informationConfiguring VPN from Proventia M Series Appliance to Proventia M Series Appliance
Configuring VPN from Proventia M Series Appliance to Proventia M Series Appliance January 13, 2004 Overview Introduction This document describes how to configure a VPN tunnel from one Proventia M series
More informationRobust Dynamic Provable Data Possession
Robust Dynami Provable Data Possession Bo Chen Reza Curtmola Department of Computer Siene New Jersey Institute of Tehnology Newark, USA Email: b47@njit.edu, rix@njit.edu Abstrat Remote Data Cheking (RDC)
More informationA Formal Hybrid Analysis Technique for Composite Web Services Verification
A Formal Hybrid Analysis Tehnique for Composite Web Servies Verifiation MAY HAIDAR 1,2, HICHAM H. HALLAL 1 1 Computer Siene Department / Department of Eletrial Engineering Fahad Bin Sultan University P.O
More informationVerification of Parameterized Concurrent Programs By Modular Reasoning about Data and Control
Verifiation of Parameterized Conurrent Programs By Modular Reasoning about Data and Control Azadeh Farzan Zahary Kinaid University of Toronto azadeh,zkinaid@s.toronto.edu Abstrat In this paper, we onsider
More informationThe AMDREL Project in Retrospective
The AMDREL Projet in Retrospetive K. Siozios 1, G. Koutroumpezis 1, K. Tatas 1, N. Vassiliadis 2, V. Kalenteridis 2, H. Pournara 2, I. Pappas 2, D. Soudris 1, S. Nikolaidis 2, S. Siskos 2, and A. Thanailakis
More informationAutomated System for the Study of Environmental Loads Applied to Production Risers Dustin M. Brandt 1, Celso K. Morooka 2, Ivan R.
EngOpt 2008 - International Conferene on Engineering Optimization Rio de Janeiro, Brazil, 01-05 June 2008. Automated System for the Study of Environmental Loads Applied to Prodution Risers Dustin M. Brandt
More informationCA Unified Infrastructure Management 8.x Implementation Proven Professional Exam (CAT-540) Study Guide Version 1.1
Management 8.x Implementation Proven Professional Exam (CAT-540) Study Guide Version 1.1 PROPRIETARY AND CONFIDENTIAL INFORMATION 2017 CA. All rights reserved. CA onfidential & proprietary information.
More informationScalable P2P Search Daniel A. Menascé George Mason University
Saling the Web Salable P2P Searh aniel. Menasé eorge Mason University menase@s.gmu.edu lthough the traditional lient-server model irst established the Web s bakbone, it tends to underuse the Internet s
More informationDisplacement-based Route Update Strategies for Proactive Routing Protocols in Mobile Ad Hoc Networks
Displaement-based Route Update Strategies for Proative Routing Protools in Mobile Ad Ho Networks Mehran Abolhasan 1 and Tadeusz Wysoki 1 1 University of Wollongong, NSW 2522, Australia E-mail: mehran@titr.uow.edu.au,
More informationA {k, n}-secret Sharing Scheme for Color Images
A {k, n}-seret Sharing Sheme for Color Images Rastislav Luka, Konstantinos N. Plataniotis, and Anastasios N. Venetsanopoulos The Edward S. Rogers Sr. Dept. of Eletrial and Computer Engineering, University
More informationVerifying Interaction Protocol Compliance of Service Orchestrations
Verifying Interation Protool Compliane of Servie Orhestrations Andreas Shroeder and Philip Mayer Ludwig-Maximilians-Universität Münhen, Germany {shroeda, mayer}@pst.ifi.lmu.de Abstrat. An important aspet
More informationA Load-Balanced Clustering Protocol for Hierarchical Wireless Sensor Networks
International Journal of Advanes in Computer Networks and Its Seurity IJCNS A Load-Balaned Clustering Protool for Hierarhial Wireless Sensor Networks Mehdi Tarhani, Yousef S. Kavian, Saman Siavoshi, Ali
More informationConnection Guide. Installing the printer locally (Windows) What is local printing? Installing the printer using the Software and Documentation CD
Page 1 of 7 Connetion Guide Installing the printer loally (Windows) Note: When installing a loally attahed printer, if the operating system is not supported y the Software and Doumentation CD, then the
More informationPartial Character Decoding for Improved Regular Expression Matching in FPGAs
Partial Charater Deoding for Improved Regular Expression Mathing in FPGAs Peter Sutton Shool of Information Tehnology and Eletrial Engineering The University of Queensland Brisbane, Queensland, 4072, Australia
More informationConnection Guide. Installing the printer locally (Windows) What is local printing? Installing the printer using the Software and Documentation CD
Connetion Guide Page 1 of 5 Connetion Guide Installing the printer loally (Windows) Note: If the Software and Doumentation CD does not support the operating system, you must use the Add Printer Wizard.
More informationHEXA: Compact Data Structures for Faster Packet Processing
Washington University in St. Louis Washington University Open Sholarship All Computer Siene and Engineering Researh Computer Siene and Engineering Report Number: 27-26 27 HEXA: Compat Data Strutures for
More informationAutomatic Physical Design Tuning: Workload as a Sequence Sanjay Agrawal Microsoft Research One Microsoft Way Redmond, WA, USA +1-(425)
Automati Physial Design Tuning: Workload as a Sequene Sanjay Agrawal Mirosoft Researh One Mirosoft Way Redmond, WA, USA +1-(425) 75-357 sagrawal@mirosoft.om Eri Chu * Computer Sienes Department University
More informationCA PPM 15.x Proven Implementation Professional Exam (CAT-223) Study Guide Version 1.3
CA PPM 15.x Proven Implementation Professional Exam (CAT-223) Study Guide Version 1.3 PROPRIETARY AND CONFIDENTIAL INFORMATION 2018 CA. All rights reserved. CA onfidential & proprietary information. For
More informationOvidSP Quick Reference Card
OvidSP Quik Referene Card Searh in any of several dynami modes, ombine results, apply limits, use improved researh tools, develop strategies, save searhes, set automati alerts and RSS feeds, share results...
More informationTRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS 1. Preserving Privacy in Distributed Systems
TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS Presering Priay in Distributed Systems Yuriy Brun and Nenad Medidoi, Member, IEEE Computer Soiety Abstrat We present stile, a tehnique for distributing
More informationTLP 350CV Setup Guide
TLP 350V Setup Guide The Extron TouhLink 3.5 inh able ubby TLP 350V provide users with aess to AV onnetivity using onvenient pullout ables. It also provides simple and versatile onfiguration and ontrol
More informationThe SODA AOSE Methodology
The SODA AOSE Methodology Multiagent Systems LM Sistemi Multiagente LM Ambra Molesini & Andrea Omiini {ambra.molesini, andrea.omiini}@unibo.it Dipartimento di Informatia Sienza e Ingegneria (DISI) Alma
More informationMultiple-Criteria Decision Analysis: A Novel Rank Aggregation Method
3537 Multiple-Criteria Deision Analysis: A Novel Rank Aggregation Method Derya Yiltas-Kaplan Department of Computer Engineering, Istanbul University, 34320, Avilar, Istanbul, Turkey Email: dyiltas@ istanbul.edu.tr
More informationUplink Channel Allocation Scheme and QoS Management Mechanism for Cognitive Cellular- Femtocell Networks
62 Uplink Channel Alloation Sheme and QoS Management Mehanism for Cognitive Cellular- Femtoell Networks Kien Du Nguyen 1, Hoang Nam Nguyen 1, Hiroaki Morino 2 and Iwao Sasase 3 1 University of Engineering
More informationCleanUp: Improving Quadrilateral Finite Element Meshes
CleanUp: Improving Quadrilateral Finite Element Meshes Paul Kinney MD-10 ECC P.O. Box 203 Ford Motor Company Dearborn, MI. 8121 (313) 28-1228 pkinney@ford.om Abstrat: Unless an all quadrilateral (quad)
More informationCase 1: VPN direction from Vigor2130 to Vigor2820
LAN to LAN IPSec VPN between Vigor2130 and Vigor2820 using Aggressive mode In this document we will introduce how to create a LAN to LAN IPSec VPN between Vigor2130 and a Vigor2820 using Aggressive mode.
More informationDetecting Outliers in High-Dimensional Datasets with Mixed Attributes
Deteting Outliers in High-Dimensional Datasets with Mixed Attributes A. Koufakou, M. Georgiopoulos, and G.C. Anagnostopoulos 2 Shool of EECS, University of Central Florida, Orlando, FL, USA 2 Dept. of
More informationCapturing Large Intra-class Variations of Biometric Data by Template Co-updating
Capturing Large Intra-lass Variations of Biometri Data by Template Co-updating Ajita Rattani University of Cagliari Piazza d'armi, Cagliari, Italy ajita.rattani@diee.unia.it Gian Lua Marialis University
More informationA service-oriented UML profile with formal support
A servie-oriented UML profile with formal support Roberto Bruni 1, Matthias Hölzl 3, Nora Koh 2,3, Alberto Lluh Lafuente 1, Philip Mayer 3, Ugo Montanari 1, and Andreas Shroeder 3 1 University of Pisa,
More informationConnection Guide. Supported operating systems. Installing the printer using the Software and Documentation CD. Connection Guide
Connetion Guide Page 1 of 6 Connetion Guide Supported operating systems Using the software CD, you an install the printer software on the following operating systems: Windows 8.1 Windows Server 2012 R2
More informationDesign Implications for Enterprise Storage Systems via Multi-Dimensional Trace Analysis
Design Impliations for Enterprise Storage Systems via Multi-Dimensional Trae Analysis Yanpei Chen, Kiran Srinivasan, Garth Goodson, Randy Katz University of California, Berkeley, NetApp In. {yhen2, randy}@ees.berkeley.edu,
More informationImproved flooding of broadcast messages using extended multipoint relaying
Improved flooding of broadast messages using extended multipoint relaying Pere Montolio Aranda a, Joaquin Garia-Alfaro a,b, David Megías a a Universitat Oberta de Catalunya, Estudis d Informàtia, Mulimèdia
More informationRAC 2 E: Novel Rendezvous Protocol for Asynchronous Cognitive Radios in Cooperative Environments
21st Annual IEEE International Symposium on Personal, Indoor and Mobile Radio Communiations 1 RAC 2 E: Novel Rendezvous Protool for Asynhronous Cognitive Radios in Cooperative Environments Valentina Pavlovska,
More information1. Introduction. 2. The Probable Stope Algorithm
1. Introdution Optimization in underground mine design has reeived less attention than that in open pit mines. This is mostly due to the diversity o underground mining methods and omplexity o underground
More informationTest Case Generation from UML State Machines
Test Case Generation from UML State Mahines Dirk Seifert To ite this version: Dirk Seifert. Test Case Generation from UML State Mahines. [Researh Report] 2008. HAL Id: inria-00268864
More informationFast Distribution of Replicated Content to Multi- Homed Clients Mohammad Malli Arab Open University, Beirut, Lebanon
ACEEE Int. J. on Information Tehnology, Vol. 3, No. 2, June 2013 Fast Distribution of Repliated Content to Multi- Homed Clients Mohammad Malli Arab Open University, Beirut, Lebanon Email: mmalli@aou.edu.lb
More informationarxiv:cs/ v1 [cs.ni] 12 Dec 2006
Optimal Filtering for DDoS Attaks Karim El Defrawy ICS Dept. UC Irvine keldefra@ui.edu Athina Markopoulou EECS Dept. UC Irvine athina@ui.edu Katerina Argyraki EE Dept. Stanford Univ. argyraki@stanford.edu
More informationA Dual-Hamiltonian-Path-Based Multicasting Strategy for Wormhole-Routed Star Graph Interconnection Networks
A Dual-Hamiltonian-Path-Based Multiasting Strategy for Wormhole-Routed Star Graph Interonnetion Networks Nen-Chung Wang Department of Information and Communiation Engineering Chaoyang University of Tehnology,
More informationConfiguration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview
Configuration Guide How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall Overview This document describes how to implement IPsec with pre-shared secrets establishing
More informationTorpedo Trajectory Visual Simulation Based on Nonlinear Backstepping Control
orpedo rajetory Visual Simulation Based on Nonlinear Bakstepping Control Peng Hai-jun 1, Li Hui-zhou Chen Ye 1, 1. Depart. of Weaponry Eng, Naval Univ. of Engineering, Wuhan 400, China. Depart. of Aeronautial
More informationSpeeding up Consensus by Chasing Fast Decisions
Speeding up Consensus by Chasing Fast Deisions Balaji Arun, Sebastiano Peluso, Roberto Palmieri, Giuliano Losa, Binoy Ravindran ECE, Virginia Teh, USA {balajia,peluso,robertop,giuliano.losa,binoy}@vt.edu
More informationFlow Demands Oriented Node Placement in Multi-Hop Wireless Networks
Flow Demands Oriented Node Plaement in Multi-Hop Wireless Networks Zimu Yuan Institute of Computing Tehnology, CAS, China {zimu.yuan}@gmail.om arxiv:153.8396v1 [s.ni] 29 Mar 215 Abstrat In multi-hop wireless
More informationASSESSING THE VALUE OF DETECTIVE CONTROL IN IT SECURITY
Assoiation for Information Systems AIS Eletroni Library (AISeL) AMCIS 00 Proeedings Amerias Conferene on Information Systems (AMCIS) Deember 00 ASSESSING THE VALUE OF DETECTIVE CONTROL IN IT SECURITY Huseyin
More informationSelf-aware and Self-expressive Camera Networks
1 Self-aware and Self-expressive Camera Networks Bernhard Rinner, Lukas Esterle, Jennifer Simonjan, Georg Nebehay, Roman Pflugfelder, Peter R. Lewis and Gustavo Fernández Domínguez Abstrat Reent advanes
More informationSystem-Level Parallelism and Throughput Optimization in Designing Reconfigurable Computing Applications
System-Level Parallelism and hroughput Optimization in Designing Reonfigurable Computing Appliations Esam El-Araby 1, Mohamed aher 1, Kris Gaj 2, arek El-Ghazawi 1, David Caliga 3, and Nikitas Alexandridis
More informationA Multi-Head Clustering Algorithm in Vehicular Ad Hoc Networks
International Journal of Computer Theory and Engineering, Vol. 5, No. 2, April 213 A Multi-Head Clustering Algorithm in Vehiular Ad Ho Networks Shou-Chih Lo, Yi-Jen Lin, and Jhih-Siao Gao Abstrat Clustering
More informationarxiv: v1 [cs.db] 13 Sep 2017
An effiient lustering algorithm from the measure of loal Gaussian distribution Yuan-Yen Tai (Dated: May 27, 2018) In this paper, I will introdue a fast and novel lustering algorithm based on Gaussian distribution
More informationIPSec. Overview. Overview. Levente Buttyán
IPSec - brief overview - security associations (SAs) - Authentication Header (AH) protocol - Encapsulated Security Payload () protocol - combining SAs (examples) Overview Overview IPSec is an Internet
More informationCOST PERFORMANCE ASPECTS OF CCD FAST AUXILIARY MEMORY
COST PERFORMANCE ASPECTS OF CCD FAST AUXILIARY MEMORY Dileep P, Bhondarkor Texas Instruments Inorporated Dallas, Texas ABSTRACT Charge oupled devies (CCD's) hove been mentioned as potential fast auxiliary
More informationCisco Collaborative Knowledge
Ciso Collaborative Knowledge Ciso on Ciso: How Ciso Servies Upskilled 14,400 Employees and Transformed into a Consultative, Solutions-Selling Organization. It is estimated that by 2020, roughly four out
More informationPerformance Benchmarks for an Interactive Video-on-Demand System
Performane Benhmarks for an Interative Video-on-Demand System. Guo,P.G.Taylor,E.W.M.Wong,S.Chan,M.Zukerman andk.s.tang ARC Speial Researh Centre for Ultra-Broadband Information Networks (CUBIN) Department
More informationDECT Module Installation Manual
DECT Module Installation Manual Rev. 2.0 This manual desribes the DECT module registration method to the HUB and fan airflow settings. In order for the HUB to ommuniate with a ompatible fan, the DECT module
More informationExploring the Commonality in Feature Modeling Notations
Exploring the Commonality in Feature Modeling Notations Miloslav ŠÍPKA Slovak University of Tehnology Faulty of Informatis and Information Tehnologies Ilkovičova 3, 842 16 Bratislava, Slovakia miloslav.sipka@gmail.om
More informationDiscovery and Verification of Neighbor Positions in Mobile Ad Hoc Networks
IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. 12, NO. 2, FEBRUARY 2013 289 Disovery and Verifiation of Neighbor Positions in Mobile Ad Ho Networks Maro Fiore, Member, IEEE, Claudio Ettore Casetti, Member,
More informationTitle: Time-Based Tree Graphs for Stabilized Force Structure Representations
Paper for the 8 th International Command & Control Researh & Tehnology Symposium Title: Time-Based Tree Graphs for Stabilized Fore Struture Representations Submitted by: Sam Chamberlain U.S. Army Researh
More information'* ~rr' _ ~~ f' lee : eel. Series/1 []J 0 [[] "'l... !l]j1. IBM Series/1 FORTRAN IV. I ntrod uction ...
---- --- - ----- - - - --_.- --- Series/1 GC34-0132-0 51-25 PROGRAM PRODUCT 1 IBM Series/1 FORTRAN IV I ntrod ution Program Numbers 5719-F01 5719-F03 0 lee : eel II 11111111111111111111111111111111111111111111111
More informationThis fact makes it difficult to evaluate the cost function to be minimized
RSOURC LLOCTION N SSINMNT In the resoure alloation step the amount of resoures required to exeute the different types of proesses is determined. We will refer to the time interval during whih a proess
More informationCSCE 715: Network Systems Security
CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Security in Network Layer Implementing security in application layer provides flexibility in security
More informationSecure VPNs for Enterprise Networks
Secure Virtual Private Networks for Enterprise February 1999 Secure VPNs for Enterprise Networks This document provides an overview of Virtual Private Network (VPN) concepts using the. Benefits of using
More informationPerformance Improvement of TCP on Wireless Cellular Networks by Adaptive FEC Combined with Explicit Loss Notification
erformane Improvement of TC on Wireless Cellular Networks by Adaptive Combined with Expliit Loss tifiation Masahiro Miyoshi, Masashi Sugano, Masayuki Murata Department of Infomatis and Mathematial Siene,
More informationImplementing Load-Balanced Switches With Fat-Tree Networks
Implementing Load-Balaned Swithes With Fat-Tree Networks Hung-Shih Chueh, Ching-Min Lien, Cheng-Shang Chang, Jay Cheng, and Duan-Shin Lee Department of Eletrial Engineering & Institute of Communiations
More informationchecking for optimal egress point in ibgp routing
heking for optimal egress point in ibgp routing Mar Olivier Buob (CORE/CPN/NEO), Mikaël Meulle (CORE/CPN/RIV), Steve Uhlig (Delft Universit of Tehnolog) 0/0/07 agenda 2 3 introdution internet routing border
More informationChapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,
Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls 32.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 32.2 Figure 32.1 Common structure
More informationDubins Path Planning of Multiple UAVs for Tracking Contaminant Cloud
Proeedings of the 17th World Congress The International Federation of Automati Control Dubins Path Planning of Multiple UAVs for Traking Contaminant Cloud S. Subhan, B.A. White, A. Tsourdos M. Shanmugavel,
More informationAcoustic Links. Maximizing Channel Utilization for Underwater
Maximizing Channel Utilization for Underwater Aousti Links Albert F Hairris III Davide G. B. Meneghetti Adihele Zorzi Department of Information Engineering University of Padova, Italy Email: {harris,davide.meneghetti,zorzi}@dei.unipd.it
More information