RBAC Tutorial. Brad Spengler Open Source Security, Inc. Locaweb
|
|
- Joseph Moore
- 6 years ago
- Views:
Transcription
1 RBAC Tutoial Bad Spengle Open Souce Secuity, Inc. Locaweb
2 Oveview Why Access Contol? Goals Achitectue Implementation Lookup example Subject example Questions/Requests
3 Why Access Contol? Access Contol is just one pat of system secuity Useful tool, not a cue-all Moden mandatoy access contol uses decadesold technology and etains its antiquated assumptions See Labeled Secuity Potection Pofile (LSPP) Not Intenet-connected o even heteogenous Intanet-connected (3.3.4) No active attacke o caeless admin (3.3.0, 3.3.2) Basically only accidental downgade of sensitive info (4.1)
4 Why Access Contol? (cont.) Despite what Red Hat wants you to think, this is not the pupose of access contol:
5 Why Access Contol? (cont.) Often used as a last line of defense (memoy couption post-exploitation) Font line defense fo cetain bug classes (abitay file disclosue,../../../../etc/shadow) Typically not involved in educing TCB attack suface Pope sandboxes help hee, but sufficiently complex/efficient code will touch ae paths pef_counte()
6 Why Access Contol? (cont.) Paticulaly useful in combination with a hostile attack envionment NX, ASLR, othe useland hadening PaX can povide emoval of abitay code execution in memoy Access Contol can povide the same at the filesystem level
7 Goals Design aound Access Contol stengths in combination with anti-exploitation measues Potect entie system, not just specific fist-paty apps Don t ceate a famewok, ceate a system with specific intent Allows detection of stupid/wong usage and enables use education Human eadable, intuitive policy with undestandable eo messages and suggestions
8 Goals (cont.) Foce uses towad policies whee base ambient pemission is estictive and unpivileged Povide full-system leaning to automatically poduce secue policies Geneally bette than those a disto o use could ceate Tailoed to how softwae is used, not how it could be used in all configuations (inflation of ambient pemission)
9 Goals (cont.) Povide simple configuation fo leaning based on questions like what infomation is sensitive? Pefomance: < 1% impact SELinux claims 7% aveage hit, 10% hit on Apache
10 Files Sockets Resouces Capabilities Files Sockets Resouces Capabilities Achitectue Kenel modifications pefom policy enfocement and geneates leaning logs Useland tool pases and analyzes policy Policies have the following basic stuctue: Role 1 Role N Subjects Subjects
11 Achitectue - Roles Roles can be applied to a use o goup Eveything without a specific ole is given the default ole Abitay special oles can be ceated that can be enteed with optional authentication PAM-based authentication is also povided Access to a ole can be esticted by taintpopagated souce IP Maximum umask can be enfoced pe-ole
12 Achitectue - Subjects Subjects efe to binaies o scipts Nested subjects ae allowed: a subject whose policy is only applied when executed by anothe specified subject Subjects can inheit policy fom a moe geneic subject Allows to have a geneic subject fo unpivileged apps All othe subjects essentially show a diff of what makes them pivileged
13 Achitectue - Objects Objects ae files, sockets, esouces, capabilities, and PaX makings Files suppot access like ead, wite, execute, append-only, ceate, delete, hadlink, set suid/sgid, and hidden Can also ceate audit logs fo any of these accesses Sockets can be esticted by family (inet, netlink, etc) IPv4 sockets can be esticted by socket type, potocol, bind addess, connect destination, and pot
14 Achitectue Objects (cont.) Resouce policies oveide those set by setlimit() CPU time, memoy usage, max file size, etc Capabilities ae subsets of oot pivilege See False Boundaies and Abitay Code Execution ( PaX flag suppot allows mandatoy enfocement of PaX flags on use binaies o mandatoy emoval of flags fo poblem apps (e.g. PAX_MPROTECT on java)
15 Implementation Does not use LSM Histoy is inteesting initially a tojan hose to allow fo a commecial secuity module fom Immunix A decade late, still does not suppot stacking RBAC does much moe than the LSM inteface allows Meanwhile, gsecuity has emained compatible with all othe LSMs
16 Implementation (cont.) Gsecuity s RBAC system uses a combination of pathname and inode-based matching File objects suppot egula expessions, use anchos An ancho is the longest valid path component fom fs oot not containing a egex E.g.: /home/*/.ssh ancho is /home Inode/device pais ae detemined fo files that exist at enable time
17 Implementation (cont.) Non-existent files at enable time ae specially maked intenally Filenames ae kept stoed, used when ceating a file to find and instantiate the object Enables idea of policy eceation : an object s ules acoss all oles/subjects will pesist acoss deletion/enaming/e-ceation Filenames ae based on the system s default namespace, not pocess fs oot E.g. In a /sv1 choot, policy on and logging of a /bin/sh file will appea as /sv1/bin/sh
18 Implementation (cont.) Much talk in the past fom othe camps about insecuity of pathname-based matching Mostly aimed towad AppAmo (with some legitimate concens thee) Pitfalls of pathname-only matching: Rename Symlink Hadlink Mount
19 Implementation (cont.) Gsecuity s RBAC avoids poblems via hybid appoach Rename: equies ead/wite access on both the souce and destination name, ceate on new name (and delete if it exists), and delete on old name Symlink: Not followed by useland tool (e.g. policy on a /tmp/hello.txt symlink to /etc/shadow can t be ticked to gant access to /etc/shadow) Hadlink: Requies ceate and link pemission in addition to any pemission existing on souce Mount: equies CAP_SYS_ADMIN, not suppoted while RBAC is enabled
20 Implementation (cont.) No suppot yet fo filesystem namespaces (used by LXC) Use is somewhat nebulous, in concet with many combinations of namespaces (pid, net, use) Single-application sandbox Entie system in a containe Only handle cases whee files involved with the namespace ae accessible via the main namespace?
21 Implementation (cont.) Full-system leaning ceates a new subject fo a binay when it: Pefoms netwok activity Modifies a file in a potected path Reads a sensitive file Uses a capability When many files in a given diectoy ae accessed in the same way, access is educed to the diectoy Gives leaning pedictive powe many detemined by configuation
22 Lookup Example Given the following elevant objects: / h /home wcd /home/*/.bashc We will pefom a lookup on: /home/spende/.bashc /tmp/exploit
23 Lookup Example (cont.) At each step: Does an inode/dev exist fo this path component in policy? Match is ancho Found match Is this a egex ancho? Check egexes fo match (fist matches fist) Tavese to paent diectoy
24 Lookup Example (cont.) No inode/dev fo /home/spende/.bashc No inode/dev fo /home/spende Inode/dev found fo /home It s also an ancho Check /home/*/.bashc against /home/spende/.bashc Match found, ead-only access
25 Lookup Example (cont.) No inode/dev fo /tmp/exploit No inode/dev fo /tmp Inode/dev found fo / Also called the default object, as it catches all files without moe specific objects Match found, not able to ceate, not able to see file if it aleady exists
26 Subject Example /us/bin/cvs Inteesting binay as it opeates both as a seve and client, depending on the context Policy is fo the seve context (in pseve mode) un as use cvs, staight fom gsecuity.net
27 Subject Example (cont.) ole cvs u subject / / h -CAP_ALL connect disabled bind disabled subject /us/bin/cvs / /* h /etc/fstab /etc/ld.so.cache /etc/localtime /etc/nsswitch.conf /etc/mtab /etc/passwd /etc/goup /poc/meminfo /dev/uandom /dev/log w /dev/null w /lib x /us/lib x /home/cvs /home/cvs/cvsroot/val-tags /home/cvs/cvsroot/histoy /tmp wcd /va/lock/cvs wcd /va/un/.nscd_socket w /poc/sys/kenel/ngoups_max /poc/sys/kenel/vesion /va/un w a Allows chdi( / ) but no file/diectoy listing in /
28 Subject Example (cont.) ole cvs u subject / / h -CAP_ALL connect disabled bind disabled subject /us/bin/cvs / /* h /etc/fstab /etc/ld.so.cache /etc/localtime /etc/nsswitch.conf /etc/mtab /etc/passwd /etc/goup /poc/meminfo /dev/uandom /dev/log w /dev/null w /lib x /us/lib x /home/cvs /home/cvs/cvsroot/val-tags /home/cvs/cvsroot/histoy /tmp wcd /va/lock/cvs wcd /va/un/.nscd_socket w /poc/sys/kenel/ngoups_max /poc/sys/kenel/vesion /va/un No o mode, so inheits file and capability policy fom subject /, no capability use pemitted w a
29 Subject Example (cont.) ole cvs u subject / / h -CAP_ALL connect disabled bind disabled subject /us/bin/cvs / /* h /etc/fstab /etc/ld.so.cache /etc/localtime /etc/nsswitch.conf /etc/mtab /etc/passwd /etc/goup /poc/meminfo /dev/uandom /dev/log w /dev/null w /lib x /us/lib x /home/cvs /home/cvs/cvsroot/val-tags /home/cvs/cvsroot/histoy /tmp wcd /va/lock/cvs wcd /va/un/.nscd_socket w /poc/sys/kenel/ngoups_max /poc/sys/kenel/vesion /va/un No modification of CVS epositoy w a No abitay modification of CVS histoy
30 Subject Example (cont.) ole cvs u subject / / h -CAP_ALL connect disabled bind disabled subject /us/bin/cvs / /* h /etc/fstab /etc/ld.so.cache /etc/localtime /etc/nsswitch.conf /etc/mtab /etc/passwd /etc/goup /poc/meminfo /dev/uandom /dev/log w /dev/null w /lib x /us/lib x /home/cvs /home/cvs/cvsroot/val-tags /home/cvs/cvsroot/histoy /tmp wcd /va/lock/cvs wcd /va/un/.nscd_socket w /poc/sys/kenel/ngoups_max /poc/sys/kenel/vesion /va/un w a No wx access to filesystem
31 Subject Example (cont.) ole cvs u subject / / h -CAP_ALL connect disabled bind disabled subject /us/bin/cvs / /* h /etc/fstab /etc/ld.so.cache /etc/localtime /etc/nsswitch.conf /etc/mtab /etc/passwd /etc/goup /poc/meminfo /dev/uandom /dev/log w /dev/null w /lib x /us/lib x /home/cvs /home/cvs/cvsroot/val-tags /home/cvs/cvsroot/histoy /tmp wcd /va/lock/cvs wcd /va/un/.nscd_socket w /poc/sys/kenel/ngoups_max /poc/sys/kenel/vesion /va/un w a Waning! No netwok policy specified, allows any nomallypemitted netwok activity! Gadm will alet you to this
32 Questions/Requests? Tied RBAC befoe and had a policy question? Featues you would like to see? Thank you fo suppoting the eseach and development of gsecuity
Multidimensional Testing
Multidimensional Testing QA appoach fo Stoage netwoking Yohay Lasi Visuality Systems 1 Intoduction Who I am Yohay Lasi, QA Manage at Visuality Systems Visuality Systems the leading commecial povide of
More informationIn order to learn which questions have been answered correctly: 1. Print these pages. 2. Answer the questions.
In ode to lean which questions have been answeed coectly: 1. Pint these pages. 2. Answe the questions. 3. Send this assessment with the answes via: a. FAX to (212) 967-3498. O b. Mail the answes to the
More informationGCC-AVR Inline Assembler Cookbook Version 1.2
GCC-AVR Inline Assemble Cookbook Vesion 1.2 About this Document The GNU C compile fo Atmel AVR isk pocessos offes, to embed assembly language code into C pogams. This cool featue may be used fo manually
More informationAccelerating Storage with RDMA Max Gurtovoy Mellanox Technologies
Acceleating Stoage with RDMA Max Gutovoy Mellanox Technologies 2018 Stoage Develope Confeence EMEA. Mellanox Technologies. All Rights Reseved. 1 What is RDMA? Remote Diect Memoy Access - povides the ability
More informationConfiguring RSVP-ATM QoS Interworking
Configuing RSVP-ATM QoS Intewoking Last Updated: Januay 15, 2013 This chapte descibes the tasks fo configuing the RSVP-ATM QoS Intewoking featue, which povides suppot fo Contolled Load Sevice using RSVP
More informationCOEN-4730 Computer Architecture Lecture 2 Review of Instruction Sets and Pipelines
1 COEN-4730 Compute Achitectue Lectue 2 Review of nstuction Sets and Pipelines Cistinel Ababei Dept. of Electical and Compute Engineeing Maquette Univesity Cedits: Slides adapted fom pesentations of Sudeep
More informationSecure Collaboration in Mediator-Free Environments
Secue Collaboation in Mediato-Fee Envionments Mohamed Shehab School of Electical and Compute Engineeing Pudue Univesity West Lafayette, IN, USA shehab@pudueedu Elisa Betino Depatment of Compute Sciences
More informationUCB CS61C : Machine Structures
inst.eecs.bekeley.edu/~cs61c UCB CS61C : Machine Stuctues Lectue SOE Dan Gacia Lectue 28 CPU Design : Pipelining to Impove Pefomance 2010-04-05 Stanfod Reseaches have invented a monitoing technique called
More informationAny modern computer system will incorporate (at least) two levels of storage:
1 Any moden compute system will incopoate (at least) two levels of stoage: pimay stoage: andom access memoy (RAM) typical capacity 32MB to 1GB cost pe MB $3. typical access time 5ns to 6ns bust tansfe
More informationSlotted Random Access Protocol with Dynamic Transmission Probability Control in CDMA System
Slotted Random Access Potocol with Dynamic Tansmission Pobability Contol in CDMA System Intaek Lim 1 1 Depatment of Embedded Softwae, Busan Univesity of Foeign Studies, itlim@bufs.ac.k Abstact In packet
More informationAutomation Testing Frameworks for SharePoint application
Intenational Jounal of Compute Sciences and Engineeing Open Access Reseach Pape Volume-3, Issue-11 E-ISSN: 2347-2693 Automation Testing Famewoks fo ShaePoint application Madhu Dande 1 *, Neelima Galla
More informationThe Internet Ecosystem and Evolution
The Intenet Ecosystem and Evolution Contents Netwok outing: basics distibuted/centalized, static/dynamic, linkstate/path-vecto inta-domain/inte-domain outing Mapping the sevice model to AS-AS paths valley-fee
More informationAccess Control Mechanisms for Inter-organizational Workflow
Access Contol Mechanisms fo Inte-oganizational Wokflo Myong H. Kang, Joon S. Pak and Judith N. Fosche Naval Reseach Laboatoy Infomation Technology Division 4555 Ovelook Ave. Washington, DC 20375 {mkang,
More informationIBM Optim Query Tuning Offerings Optimize Performance and Cut Costs
IBM Optim Quey Tuning Offeings Optimize Pefomance and Cut Costs Saghi Amisoleymani Solution Achitect Integated Data Management amisole@us.ibm.com June 9, 2010 Disclaime Copyight IBM Copoation [cuent yea].
More informationPersistent Memory what developers need to know Mark Carlson Co-chair SNIA Technical Council Toshiba
Pesistent Memoy what developes need to know Mak Calson Co-chai SNIA Technical Council Toshiba 2018 Stoage Develope Confeence EMEA. All Rights Reseved. 1 Contents Welcome Pesistent Memoy Oveview Non-Volatile
More informationMIS to Prepress ICS. Version Date: File: ICS-MIS-Prepress-1.01.doc,.pdf. Origination & Prepress WG
MIS to Pepess ICS Vesion 1.01 Date: 2006-01-02 File: ICS-MIS-Pepess-1.01.doc,.pdf Oigination & Pepess WG Abstact This ICS defines the Inteface between the MIS and Pepess. It specifies the Pocesses fo a
More informationa Not yet implemented in current version SPARK: Research Kit Pointer Analysis Parameters Soot Pointer analysis. Objectives
SPARK: Soot Reseach Kit Ondřej Lhoták Objectives Spak is a modula toolkit fo flow-insensitive may points-to analyses fo Java, which enables expeimentation with: vaious paametes of pointe analyses which
More informationModule 6 STILL IMAGE COMPRESSION STANDARDS
Module 6 STILL IMAE COMPRESSION STANDARDS Lesson 17 JPE-2000 Achitectue and Featues Instuctional Objectives At the end of this lesson, the students should be able to: 1. State the shotcomings of JPE standad.
More informationMonitors. Lecture 6. A Typical Monitor State. wait(c) Signal and Continue. Signal and What Happens Next?
Monitos Lectue 6 Monitos Summay: Last time A combination of data abstaction and mutual exclusion Automatic mutex Pogammed conditional synchonisation Widely used in concuent pogamming languages and libaies
More informationSIMOCODE pro. Motor Management and Control Devices. SIMOCODE pro for Modbus RTU. Answers for industry. Edition 04/2015
SIMOCODE po Moto Management and Contol Devices SIMOCODE po fo Modbus RTU Geätehandbuch Configuation Manual Edition 04/2015 Answes fo industy. Intoduction 1 System configuation and commissioning with RTU
More informationCS 2461: Computer Architecture 1 Program performance and High Performance Processors
Couse Objectives: Whee ae we. CS 2461: Pogam pefomance and High Pefomance Pocessos Instucto: Pof. Bhagi Naahai Bits&bytes: Logic devices HW building blocks Pocesso: ISA, datapath Using building blocks
More informationCOSC 6385 Computer Architecture. - Pipelining
COSC 6385 Compute Achitectue - Pipelining Sping 2012 Some of the slides ae based on a lectue by David Culle, Pipelining Pipelining is an implementation technique wheeby multiple instuctions ae ovelapped
More informationCISC 662 Graduate Computer Architecture Lecture 6 - Hazards
CISC 662 Gaduate Compute Achitectue Lectue 6 - Hazads Michela Taufe http://www.cis.udel.edu/~taufe/teaching/cis662f07 Powepoint Lectue Notes fom John Hennessy and David Patteson s: Compute Achitectue,
More informationThe Processor: Improving Performance Data Hazards
The Pocesso: Impoving Pefomance Data Hazads Monday 12 Octobe 15 Many slides adapted fom: and Design, Patteson & Hennessy 5th Edition, 2014, MK and fom Pof. May Jane Iwin, PSU Summay Pevious Class Pipeline
More information1.3 Multiplexing, Time-Switching, Point-to-Point versus Buses
http://achvlsi.ics.foth.g/~kateveni/534 1.3 Multiplexing, Time-Switching, Point-to-Point vesus Buses n R m Aggegation (multiplexing) Distibution (demultiplexing) Simplest Netwoking, like simplest pogamming:
More informationIP Multicast Simulation in OPNET
IP Multicast Simulation in OPNET Xin Wang, Chien-Ming Yu, Henning Schulzinne Paul A. Stipe Columbia Univesity Reutes Depatment of Compute Science 88 Pakway Dive South New Yok, New Yok Hauppuage, New Yok
More informationConversion Functions for Symmetric Key Ciphers
Jounal of Infomation Assuance and Secuity 2 (2006) 41 50 Convesion Functions fo Symmetic Key Ciphes Deba L. Cook and Angelos D. Keomytis Depatment of Compute Science Columbia Univesity, mail code 0401
More informationdc - Linux Command Dc may be invoked with the following command-line options: -V --version Print out the version of dc
- CentOS 5.2 - Linux Uses Guide - Linux Command SYNOPSIS [-V] [--vesion] [-h] [--help] [-e sciptexpession] [--expession=sciptexpession] [-f sciptfile] [--file=sciptfile] [file...] DESCRIPTION is a evese-polish
More informationXFVHDL: A Tool for the Synthesis of Fuzzy Logic Controllers
XFVHDL: A Tool fo the Synthesis of Fuzzy Logic Contolles E. Lago, C. J. Jiménez, D. R. López, S. Sánchez-Solano and A. Baiga Instituto de Micoelectónica de Sevilla. Cento Nacional de Micoelectónica, Edificio
More informationA Two-stage and Parameter-free Binarization Method for Degraded Document Images
A Two-stage and Paamete-fee Binaization Method fo Degaded Document Images Yung-Hsiang Chiu 1, Kuo-Liang Chung 1, Yong-Huai Huang 2, Wei-Ning Yang 3, Chi-Huang Liao 4 1 Depatment of Compute Science and
More informationPrioritized Traffic Recovery over GMPLS Networks
Pioitized Taffic Recovey ove GMPLS Netwoks 2005 IEEE. Pesonal use of this mateial is pemitted. Pemission fom IEEE mu be obtained fo all othe uses in any cuent o futue media including epinting/epublishing
More informationAdvances in Automobile Engineering
nadvances in Automobile E gineeing ISSN: 2167-7670 Advances in Automobile Engineeing Kabi, 2012, 1:3 DOI: 10.4172/2167-7670.1000101 Reseach Aticle Open Access Netwok Achitectue of a Moden Automotive Infotainment
More informationTHE THETA BLOCKCHAIN
THE THETA BLOCKCHAIN Theta is a decentalized video steaming netwok, poweed by a new blockchain and token. By Theta Labs, Inc. Last Updated: Nov 21, 2017 esion 1.0 1 OUTLINE Motivation Reputation Dependent
More informationPipes, connections, channels and multiplexors
Pipes, connections, channels and multiplexos Fancisco J. Ballesteos ABSTRACT Channels in the style of CSP ae a poeful abstaction. The ae close to pipes and connections used to inteconnect system and netok
More informationUsing SPEC SFS with the SNIA Emerald Program for EPA Energy Star Data Center Storage Program Vernon Miller IBM Nick Principe Dell EMC
Using SPEC SFS with the SNIA Emeald Pogam fo EPA Enegy Sta Data Cente Stoage Pogam Venon Mille IBM Nick Pincipe Dell EMC v6 Agenda Backgound on SNIA Emeald/Enegy Sta fo block Intoduce NAS/File test addition;
More informationUser Visible Registers. CPU Structure and Function Ch 11. General CPU Organization (4) Control and Status Registers (5) Register Organisation (4)
PU Stuctue and Function h Geneal Oganisation Registes Instuction ycle Pipelining anch Pediction Inteupts Use Visible Registes Vaies fom one achitectue to anothe Geneal pupose egiste (GPR) ata, addess,
More informationAn Improved Resource Reservation Protocol
Jounal of Compute Science 3 (8: 658-665, 2007 SSN 549-3636 2007 Science Publications An mpoved Resouce Resevation Potocol Desie Oulai, Steven Chambeland and Samuel Piee Depatment of Compute Engineeing
More informationGetting Started PMW-EX1/PMW-EX3. 1 Rotate the grip with the RELEASE button pressed. Overview. Connecting the Computer and PMW-EX1/EX3
A PMW-EX1/PMW-EX3 Getting Stated Oveview This document descibes how to use the XDCAM EX Vesion Up Tool (heeafte Vesion Up Tool ) to upgade the PMW-EX1 and PMW-EX3 to vesion 1.20 (PMW-EX1) o vesion 1.10
More informationCSE4201. Computer Architecture
CSE 4201 Compute Achitectue Pof. Mokhta Aboelaze Pats of these slides ae taken fom Notes by Pof. David Patteson at UCB Outline MIPS and instuction set Simple pipeline in MIPS Stuctual and data hazads Fowading
More informationAdministrivia. CMSC 411 Computer Systems Architecture Lecture 5. Data Hazard Even with Forwarding Figure A.9, Page A-20
Administivia CMSC 411 Compute Systems Achitectue Lectue 5 Basic Pipelining (cont.) Alan Sussman als@cs.umd.edu as@csu dedu Homewok poblems fo Unit 1 due today Homewok poblems fo Unit 3 posted soon CMSC
More informationCommunication vs Distributed Computation: an alternative trade-off curve
Communication vs Distibuted Computation: an altenative tade-off cuve Yahya H. Ezzeldin, Mohammed amoose, Chistina Fagouli Univesity of Califonia, Los Angeles, CA 90095, USA, Email: {yahya.ezzeldin, mkamoose,
More informationIP Network Design by Modified Branch Exchange Method
Received: June 7, 207 98 IP Netwok Design by Modified Banch Method Kaiat Jaoenat Natchamol Sichumoenattana 2* Faculty of Engineeing at Kamphaeng Saen, Kasetsat Univesity, Thailand 2 Faculty of Management
More informationModeling a shared medium access node with QoS distinction
Modeling a shaed medium access node with QoS distinction Matthias Gies, Jonas Geutet Compute Engineeing and Netwoks Laboatoy (TIK) Swiss Fedeal Institute of Technology Züich CH-8092 Züich, Switzeland email:
More informationAll lengths in meters. E = = 7800 kg/m 3
Poblem desciption In this poblem, we apply the component mode synthesis (CMS) technique to a simple beam model. 2 0.02 0.02 All lengths in metes. E = 2.07 10 11 N/m 2 = 7800 kg/m 3 The beam is a fee-fee
More informationJournal of World s Electrical Engineering and Technology J. World. Elect. Eng. Tech. 1(1): 12-16, 2012
2011, Scienceline Publication www.science-line.com Jounal of Wold s Electical Engineeing and Technology J. Wold. Elect. Eng. Tech. 1(1): 12-16, 2012 JWEET An Efficient Algoithm fo Lip Segmentation in Colo
More informationRANDOM IRREGULAR BLOCK-HIERARCHICAL NETWORKS: ALGORITHMS FOR COMPUTATION OF MAIN PROPERTIES
RANDOM IRREGULAR BLOCK-HIERARCHICAL NETWORKS: ALGORITHMS FOR COMPUTATION OF MAIN PROPERTIES Svetlana Avetisyan Mikayel Samvelyan* Matun Kaapetyan Yeevan State Univesity Abstact In this pape, the class
More informationAutomatically Testing Interacting Software Components
Automatically Testing Inteacting Softwae Components Leonad Gallaghe Infomation Technology Laboatoy National Institute of Standads and Technology Gaithesbug, MD 20899, USA lgallaghe@nist.gov Jeff Offutt
More informationOn the Conversion between Binary Code and Binary-Reflected Gray Code on Boolean Cubes
On the Convesion between Binay Code and BinayReflected Gay Code on Boolean Cubes The Havad community has made this aticle openly available. Please shae how this access benefits you. You stoy mattes Citation
More informationLecture 8 Introduction to Pipelines Adapated from slides by David Patterson
Lectue 8 Intoduction to Pipelines Adapated fom slides by David Patteson http://www-inst.eecs.bekeley.edu/~cs61c/ * 1 Review (1/3) Datapath is the hadwae that pefoms opeations necessay to execute pogams.
More informationClass 21. N -body Techniques, Part 4
Class. N -body Techniques, Pat Tee Codes Efficiency can be inceased by gouping paticles togethe: Neaest paticles exet geatest foces diect summation. Distant paticles exet smallest foces teat in goups.
More informationIntroduction To Pipelining. Chapter Pipelining1 1
Intoduction To Pipelining Chapte 6.1 - Pipelining1 1 Mooe s Law Mooe s Law says that the numbe of pocessos on a chip doubles about evey 18 months. Given the data on the following two slides, is this tue?
More informationInput Layer f = 2 f = 0 f = f = 3 1,16 1,1 1,2 1,3 2, ,2 3,3 3,16. f = 1. f = Output Layer
Using the Gow-And-Pune Netwok to Solve Poblems of Lage Dimensionality B.J. Biedis and T.D. Gedeon School of Compute Science & Engineeing The Univesity of New South Wales Sydney NSW 2052 AUSTRALIA bbiedis@cse.unsw.edu.au
More informationReachable State Spaces of Distributed Deadlock Avoidance Protocols
Reachable State Spaces of Distibuted Deadlock Avoidance Potocols CÉSAR SÁNCHEZ and HENNY B. SIPMA Stanfod Univesity We pesent a family of efficient distibuted deadlock avoidance algoithms with applications
More informationDYNAMIC STORAGE ALLOCATION. Hanan Samet
ds0 DYNAMIC STORAGE ALLOCATION Hanan Samet Compute Science Depatment and Cente fo Automation Reseach and Institute fo Advanced Compute Studies Univesity of Mayland College Pak, Mayland 07 e-mail: hjs@umiacs.umd.edu
More informationComputer Science 141 Computing Hardware
Compute Science 141 Computing Hadwae Fall 2006 Havad Univesity Instucto: Pof. David Books dbooks@eecs.havad.edu [MIPS Pipeline Slides adapted fom Dave Patteson s UCB CS152 slides and May Jane Iwin s CSE331/431
More informationExploring non-typical memcache architectures for decreased latency and distributed network usage.
Syacuse Univesity SURFACE Electical Engineeing and Compute Science Technical Repots College of Engineeing and Compute Science 9-5-20 Exploing non-typical memcache achitectues fo deceased latency and distibuted
More informationMapReduce Optimizations and Algorithms 2015 Professor Sasu Tarkoma
apreduce Optimizations and Algoithms 2015 Pofesso Sasu Takoma www.cs.helsinki.fi Optimizations Reduce tasks cannot stat befoe the whole map phase is complete Thus single slow machine can slow down the
More informationA Recommender System for Online Personalization in the WUM Applications
A Recommende System fo Online Pesonalization in the WUM Applications Mehdad Jalali 1, Nowati Mustapha 2, Ali Mamat 2, Md. Nasi B Sulaiman 2 Abstact foeseeing of use futue movements and intentions based
More informationVoting-Based Grouping and Interpretation of Visual Motion
Voting-Based Gouping and Intepetation of Visual Motion Micea Nicolescu Depatment of Compute Science Univesity of Nevada, Reno Reno, NV 89557 micea@cs.un.edu Géad Medioni Integated Media Systems Cente Univesity
More informationSpiral Recognition Methodology and Its Application for Recognition of Chinese Bank Checks
Spial Recognition Methodology and Its Application fo Recognition of Chinese Bank Checks Hanshen Tang 1, Emmanuel Augustin 2, Ching Y. Suen 1, Olivie Baet 2, Mohamed Cheiet 3 1 Cente fo Patten Recognition
More information5 4 THE BERNOULLI EQUATION
185 CHATER 5 the suounding ai). The fictional wok tem w fiction is often expessed as e loss to epesent the loss (convesion) of mechanical into themal. Fo the idealied case of fictionless motion, the last
More informationDEADLOCK AVOIDANCE IN BATCH PROCESSES. M. Tittus K. Åkesson
DEADLOCK AVOIDANCE IN BATCH PROCESSES M. Tittus K. Åkesson Univesity College Boås, Sweden, e-mail: Michael.Tittus@hb.se Chalmes Univesity of Technology, Gothenbug, Sweden, e-mail: ka@s2.chalmes.se Abstact:
More informationThe Java Virtual Machine. Compiler construction The structure of a frame. JVM stacks. Lecture 2
Compile constuction 2009 Lectue 2 Code geneation 1: Geneating code The Java Vitual Machine Data types Pimitive types, including intege and floating-point types of vaious sizes and the boolean type. The
More informationDPICO: A High Speed Deep Packet Inspection Engine Using Compact Finite Automata
DPICO: A High Speed Deep Packet Inspection Engine Using Compact Finite Automata Chistophe L. Hayes and Yan Luo Depatment of Electical and Compute Engineeing Univesity of Massachusetts Lowell Lowell, MA,
More informationi-pcgrid Workshop 2016 April 1 st 2016 San Francisco, CA
i-pcgrid Wokshop 2016 Apil 1 st 2016 San Fancisco, CA Liang Min* Eddy Banks, Bian Kelley, Met Kokali, Yining Qin, Steve Smith, Philip Top, and Caol Woodwad *min2@llnl.gov, 925-422-1187 LDRD 13-ERD-043
More informationGARBAGE COLLECTION METHODS. Hanan Samet
gc0 GARBAGE COLLECTION METHODS Hanan Samet Compute Science Depatment and Cente fo Automation Reseach and Institute fo Advanced Compute Studies Univesity of Mayland College Pak, Mayland 07 e-mail: hjs@umiacs.umd.edu
More informationComputer Architecture. Pipelining and Instruction Level Parallelism An Introduction. Outline of This Lecture
Compute Achitectue Pipelining and nstuction Level Paallelism An ntoduction Adapted fom COD2e by Hennessy & Patteson Slide 1 Outline of This Lectue ntoduction to the Concept of Pipelined Pocesso Pipelined
More informationUser Specified non-bonded potentials in gromacs
Use Specified non-bonded potentials in gomacs Apil 8, 2010 1 Intoduction On fist appeaances gomacs, unlike MD codes like LAMMPS o DL POLY, appeas to have vey little flexibility with egads to the fom of
More informationMobile Code Security
Mobile Code Secuity Segio Loueio, Refik Molva, Yves Roudie {loueio molva oudie}@euecom.f Institut Euécom 2229 Route des Cêtes Sophia-Antipolis 06560 Valbonne - Fance Abstact: this aticle pesents two aspects
More informationAutomatic Generation of Reliable E Commerce Payment Processes
Infomation Systems Engineeing (WISE 2000), Hong Kong, China, June 2000. Automatic Geneation of Reliable E Commece Payment Pocesses Heiko Schuldt Andei Popovici Hans-Jög Schek Institute of Infomation Systems
More informationIllumination methods for optical wear detection
Illumination methods fo optical wea detection 1 J. Zhang, 2 P.P.L.Regtien 1 VIMEC Applied Vision Technology, Coy 43, 5653 LC Eindhoven, The Nethelands Email: jianbo.zhang@gmail.com 2 Faculty Electical
More informationHigh performance CUDA based CNN image processor
High pefomance UDA based NN image pocesso GEORGE VALENTIN STOIA, RADU DOGARU, ELENA RISTINA STOIA Depatment of Applied Electonics and Infomation Engineeing Univesity Politehnica of Buchaest -3, Iuliu Maniu
More informationCAM I/O Scheduler. Netflix, Inc. AsiaBSDCon 2015
CAM I/O Schedule ワーナーラーシュ フーメー Netflix, Inc. AsiaBSDCon 2015 東京 2015 年 4 月 15 日 http://people.feebsd.og/~imp/asiabsdcon2015/iosched-slides.pdf http://people.feebsd.og/~imp/asiabsdcon2015/pape.pdf Outline
More informationControlled Information Maximization for SOM Knowledge Induced Learning
3 Int'l Conf. Atificial Intelligence ICAI'5 Contolled Infomation Maximization fo SOM Knowledge Induced Leaning Ryotao Kamimua IT Education Cente and Gaduate School of Science and Technology, Tokai Univeisity
More informationEmbeddings into Crossed Cubes
Embeddings into Cossed Cubes Emad Abuelub *, Membe, IAENG Abstact- The hypecube paallel achitectue is one of the most popula inteconnection netwoks due to many of its attactive popeties and its suitability
More informationANALYTIC PERFORMANCE MODELS FOR SINGLE CLASS AND MULTIPLE CLASS MULTITHREADED SOFTWARE SERVERS
ANALYTIC PERFORMANCE MODELS FOR SINGLE CLASS AND MULTIPLE CLASS MULTITHREADED SOFTWARE SERVERS Daniel A Menascé Mohamed N Bennani Dept of Compute Science Oacle, Inc Geoge Mason Univesity 1211 SW Fifth
More informationAssessment of Track Sequence Optimization based on Recorded Field Operations
Assessment of Tack Sequence Optimization based on Recoded Field Opeations Matin A. F. Jensen 1,2,*, Claus G. Søensen 1, Dionysis Bochtis 1 1 Aahus Univesity, Faculty of Science and Technology, Depatment
More informationCMCS Mohamed Younis CMCS 611, Advanced Computer Architecture 1
CMCS 611-101 Advanced Compute Achitectue Lectue 6 Intoduction to Pipelining Septembe 23, 2009 www.csee.umbc.edu/~younis/cmsc611/cmsc611.htm Mohamed Younis CMCS 611, Advanced Compute Achitectue 1 Pevious
More informationDetection and Recognition of Alert Traffic Signs
Detection and Recognition of Alet Taffic Signs Chia-Hsiung Chen, Macus Chen, and Tianshi Gao 1 Stanfod Univesity Stanfod, CA 9305 {echchen, macuscc, tianshig}@stanfod.edu Abstact Taffic signs povide dives
More informationQuery Language #1/3: Relational Algebra Pure, Procedural, and Set-oriented
Quey Language #1/3: Relational Algeba Pue, Pocedual, and Set-oiented To expess a quey, we use a set of opeations. Each opeation takes one o moe elations as input paamete (set-oiented). Since each opeation
More informationarxiv: v2 [physics.soc-ph] 30 Nov 2016
Tanspotation dynamics on coupled netwoks with limited bandwidth Ming Li 1,*, Mao-Bin Hu 1, and Bing-Hong Wang 2, axiv:1607.05382v2 [physics.soc-ph] 30 Nov 2016 1 School of Engineeing Science, Univesity
More informationEffects of Model Complexity on Generalization Performance of Convolutional Neural Networks
Effects of Model Complexity on Genealization Pefomance of Convolutional Neual Netwoks Tae-Jun Kim 1, Dongsu Zhang 2, and Joon Shik Kim 3 1 Seoul National Univesity, Seoul 151-742, Koea, E-mail: tjkim@bi.snu.ac.k
More informationIS-IS Protocol Hardware Implementation for VPN Solutions
IS-IS Potocol Hadwae Implementation fo VPN Solutions MOHAMED ABOU-GABAL, RAYMOND PETERKIN, DAN IONESCU School of Infomation Technology and Engineeing (SITE) Univesity of Ottawa 161 Louis Pasteu, P.O. Box
More informationReader & ReaderT Monad (11A) Young Won Lim 8/20/18
Copyight (c) 2016-2018 Young W. Lim. Pemission is ganted to copy, distibute and/o modify this document unde the tems of the GNU Fee Documentation License, Vesion 1.2 o any late vesion published by the
More informationYou Are Here! Review: Hazards. Agenda. Agenda. Review: Load / Branch Delay Slots 7/28/2011
CS 61C: Geat Ideas in Compute Achitectue (Machine Stuctues) Instuction Level Paallelism: Multiple Instuction Issue Guest Lectue: Justin Hsia Softwae Paallel Requests Assigned to compute e.g., Seach Katz
More informationWireless ND. P. Thubert, E. Nordmark, S. Chakrabarti, C. Perkins. IETF 104 Prague
Wieless ND P. Thubet, E. Nodmak, S. Chakabati, C. Pekins IETF 104 Pague 1 Wieless IPv6 ND: poviding fo unmet expectations Solicited node multicast equies highly scalable L2 multicast IEEE does not povide
More informationGoal. Rendering Complex Scenes on Mobile Terminals or on the web. Rendering on Mobile Terminals. Rendering on Mobile Terminals. Walking through images
Goal Walking though s -------------------------------------------- Kadi Bouatouch IRISA Univesité de Rennes I, Fance Rendeing Comple Scenes on Mobile Teminals o on the web Rendeing on Mobile Teminals Rendeing
More informationNODAL AND LOOP ANALYSIS TECHNIQUES
NODAL AND LOOP ANALYSIS TECHNIQUES LEANING GOALS NODAL ANALYSIS LOOP ANALYSIS Deelop systematic techniques to determine all the oltages and currents in a circuit NODE ANALYSIS One of the systematic ways
More informationECE331: Hardware Organization and Design
ECE331: Hadwae Oganization and Design Lectue 16: Pipelining Adapted fom Compute Oganization and Design, Patteson & Hennessy, UCB Last time: single cycle data path op System clock affects pimaily the Pogam
More informationInformation Retrieval. CS630 Representing and Accessing Digital Information. IR Basics. User Task. Basic IR Processes
CS630 Repesenting and Accessing Digital Infomation Infomation Retieval: Basics Thosten Joachims Conell Univesity Infomation Retieval Basics Retieval Models Indexing and Pepocessing Data Stuctues ~ 4 lectues
More informationSOCIAL COMPUTING: AN INTELLIGENT AND RESPONSIVE SYSTEM
SOCIAL COMPUTING: AN INTELLIGENT AND RESPONSIVE SYSTEM Dev Rishi Tekiwal, Undegaduate Student Akapava De, Undegaduate Student Ezhilmaan D, Assistant Pofesso School of Computing Science and Engineeing,
More informationStochastic Optimization Fall 2010 Coopr Tutorial Project
Stochastic Optimization Fall 2010 Coop Tutoial Poject Hsin-Chan Huang Kiel Matin Table of Contents Installing Coop... 3 Useful Sites:... 3 Scipting Oveview... 3 Data Geneation... 4 Open Questions & Desied
More informationChapter 4 (Part III) The Processor: Datapath and Control (Pipeline Hazards)
Chapte 4 (Pat III) The Pocesso: Datapath and Contol (Pipeline Hazads) 陳瑞奇 (J.C. Chen) 亞洲大學資訊工程學系 Adapted fom class notes by Pof. M.J. Iwin, PSU and Pof. D. Patteson, UCB 1 吃感冒藥副作用怎麼辦? http://big5.sznews.com/health/images/attachement/jpg/site3/20120319/001558d90b3310d0c1683e.jpg
More informationCS 61C: Great Ideas in Computer Architecture. Pipelining Hazards. Instructor: Senior Lecturer SOE Dan Garcia
CS 61C: Geat Ideas in Compute Achitectue Pipelining Hazads Instucto: Senio Lectue SOE Dan Gacia 1 Geat Idea #4: Paallelism So9wae Paallel Requests Assigned to compute e.g. seach Gacia Paallel Theads Assigned
More informationMethod of controlling access to intellectual switching nodes of telecommunication networks and systems
ISSN (e): 2250 3005 Volume 05 Issue 05 ay 2015 Intenational Jounal of Computational Engineeing eseach (IJCE) ethod of contolling access to intellectual switching nodes of telecommunication netwoks and
More informationShortest Paths for a Two-Robot Rendez-Vous
Shotest Paths fo a Two-Robot Rendez-Vous Eik L Wyntes Joseph S B Mitchell y Abstact In this pape, we conside an optimal motion planning poblem fo a pai of point obots in a plana envionment with polygonal
More informationThe Screen Control Language (SCl) in Version 6 SAS/Ar: and SAS/FSp Software Chris Bailey, Yao Chen SAS Institute Inc., Cary, NC
The Sceen Contol Language (SCl) in Vesion 6 SAS/A: and SAS/FSp Softwae Chis Bailey, Yao Chen SAS Institute Inc., Cay, NC Abstact Explanations and examples povide the basis of this tutoial that explains
More informationEfficient protection of many-to-one. communications
Efficient potection of many-to-one communications Miklós Molná, Alexande Guitton, Benad Cousin, and Raymond Maie Iisa, Campus de Beaulieu, 35 042 Rennes Cedex, Fance Abstact. The dependability of a netwok
More information4.2. Co-terminal and Related Angles. Investigate
.2 Co-teminal and Related Angles Tigonometic atios can be used to model quantities such as
More informationTopological Characteristic of Wireless Network
Topological Chaacteistic of Wieless Netwok Its Application to Node Placement Algoithm Husnu Sane Naman 1 Outline Backgound Motivation Papes and Contibutions Fist Pape Second Pape Thid Pape Futue Woks Refeences
More information