To improve the efficiency and coverage of stateful network protocol fuzzing, this paper proposes a new method, using a rule-based state machine and a stateful rule tree to guide the generation of fuzz testing data. Th...To improve the efficiency and coverage of stateful network protocol fuzzing, this paper proposes a new method, using a rule-based state machine and a stateful rule tree to guide the generation of fuzz testing data. The method first builds a rule-based state machine model as a formal description of the states of a network protocol. This removes safety paths, to cut down the scale of the state space. Then it uses a stateful rule tree to describe the relationship between states and messages, and then remove useless items from it. According to the message sequence obtained by the analysis of paths using the stateful rule tree and the protocol specification, an abstract data model of test case generation is defined. The fuzz testing data is produced by various generation algorithms through filling data in the fields of the data model. Using the rule-based state machine and the stateful rule tree, the quantity of test data can be reduced. Experimental results indicate that our method can discover the same vulnerabilities as traditional approaches, using less test data, while optimizing test data generation and improving test efficiency.展开更多
With the combination of grid technology and Web services, the concept of Grid service arises for such purposes as service discovery, creation of dynamic services, lifecycle management and so forth. Authors compares th...With the combination of grid technology and Web services, the concept of Grid service arises for such purposes as service discovery, creation of dynamic services, lifecycle management and so forth. Authors compares the Web service with Grid service in respect of programming design, and states the characteristics of Grid service.展开更多
Memristive stateful logic is one of the most promising candidates to implement an in-memory computing system that computes within the storage unit.It can eliminate the costs for the data movement in the traditional vo...Memristive stateful logic is one of the most promising candidates to implement an in-memory computing system that computes within the storage unit.It can eliminate the costs for the data movement in the traditional von Neumann system.However,the instability in the memristors is inevitable due to the limitation of the current fabrication technology,which incurs a great challenge for the reliability of the memristive stateful logic.In this paper,the implication of device instability on the reliability of the logic event is simulated.The mathematical relationship between logic reliability and redundancy has been deduced.By combining the mathematical relationship with the vector-matrix multiplication in a memristive crossbar array,the logic error correction scheme with high throughput has been proposed.Moreover,a universal design paradigm has been put forward for complex logic.And the circuit schematic and the flow of the scheme have been raised.Finally,a 1-bit full adder(FA)based on the NOR logic and NOT logic is simulated and the mathematical evaluation is performed.It demonstrates the scheme can improve the reliability of the logic significantly.And compared with other four error corrections,the scheme which can be suitable for all kinds of R–R logics and V–R logics has the best universality and throughput.Compared with the other two approaches which also need additional complementary metal–oxide semiconductor(CMOS)circuits,it needs fewer transistors and cycles for the error correction.展开更多
Network protocol software is usually characterized by complicated functions and a vast state space.In this type of program,a massive number of stateful variables that are used to represent the evolution of the states ...Network protocol software is usually characterized by complicated functions and a vast state space.In this type of program,a massive number of stateful variables that are used to represent the evolution of the states and store some information about the sessions are prone to potentialflaws caused by violations of protocol specification requirements and program logic.Discovering such variables is significant in discovering and exploiting vulnerabilities in protocol software,and still needs massive manual verifications.In this paper,we propose a novel method that could automatically discover the use of stateful variables in network protocol software.The core idea is that a stateful variable features information of the communication entities and the software states,so it will exist in the form of a global or static variable during program execution.Based on recording and replaying a protocol program’s execution,varieties of variables in the life cycle can be tracked with the technique of dynamic instrument.We draw up some rules from multiple dimensions by taking full advantage of the existing vulnerability knowledge to determine whether the data stored in critical memory areas have stateful characteristics.We also implement a prototype system that can discover stateful variables automatically and then perform it on nine programs in Pro FuzzBench and two complex real-world software programs.With the help of available open-source code,the evaluation results show that the average true positive rate(TPR)can reach 82%and the average precision can be approximately up to 96%.展开更多
In deduplication, index-lookup disk bottleneck is a major obstacle which limits the throughput of backup processes. One way to minimize the effect of this issue and boost speed is to use very high course-grained chunk...In deduplication, index-lookup disk bottleneck is a major obstacle which limits the throughput of backup processes. One way to minimize the effect of this issue and boost speed is to use very high course-grained chunks for deduplication at a cost of low storage saving and limited scalability. Another way is to distribute the deduplication process among multiple nodes but this approach introduces storage node island effect and also incurs high communication cost. In this paper, we explore dCACH, a content-aware clustered and hierarchical deduplication system, which implements a hybrid of inline course grained and offline fine-grained distributed deduplication where routing decisions are made for a set of files instead of single files. It utilizes bloom filters for detecting similarity between a data stream and previous data streams and performs stateful routing which solves the storage node island problem. Moreover, it exploits the negligibly small amount of content shared among chunks from different file types to create groups of files and deduplicate each group in their own fingerprint index space. It implements hierarchical deduplication to reduce the size of fingerprint indexes at the global level, where only files and big sized segments are deduplicated. Locality is created and exploited first using the big sized segments deduplicated at the global level and second by routing a set of consecutive files together to one storage node. Furthermore, the use of bloom filter for similarity detection between streams has low communication and computation cost while it enables to achieve duplicate elimination performance comparable to single node deduplication. dCACH is evaluated using a prototype deployed on a server environment distributed over four separate machines. It is shown to have 10× the speed of Extreme_Binn with a minimal communication overhead, while its duplicate elimination effectiveness is on a par with a single node deduplication system.展开更多
The next-generation optical network is a service oriented network,which could be delivered by utilizing the generalized multiprotocol label switching(GMPLS) based control plane to realize lots of intelligent features ...The next-generation optical network is a service oriented network,which could be delivered by utilizing the generalized multiprotocol label switching(GMPLS) based control plane to realize lots of intelligent features such as rapid provisioning,automated protection and restoration(P&R),efficient resource allocation,and support for different quality of service(QoS) requirements.In this paper,we propose a novel stateful PCE-cloud(SPC)based architecture of GMPLS optical networks for cloud services.The cloud computing technologies(e.g.virtualization and parallel computing) are applied to the construction of SPC for improving the reliability and maximizing resource utilization.The functions of SPC and GMPLS based control plane are expanded according to the features of cloud services for different QoS requirements.The architecture and detailed description of the components of SPC are provided.Different potential cooperation relationships between public stateful PCE cloud(PSPC) and region stateful PCE cloud(RSPC) are investigated.Moreover,we present the policy-enabled and constraint-based routing scheme base on the cooperation of PSPC and RSPC.Simulation results for verifying the performance of routing and control plane reliability are analyzed.展开更多
基金supported by the Key Project of National Defense Basic Research Program of China (No.B1120132031)supported by the Cultivation and Development Program for Technology Innovation Base of Beijing Municipal Science and Technology Commission (No.Z151100001615034)
文摘To improve the efficiency and coverage of stateful network protocol fuzzing, this paper proposes a new method, using a rule-based state machine and a stateful rule tree to guide the generation of fuzz testing data. The method first builds a rule-based state machine model as a formal description of the states of a network protocol. This removes safety paths, to cut down the scale of the state space. Then it uses a stateful rule tree to describe the relationship between states and messages, and then remove useless items from it. According to the message sequence obtained by the analysis of paths using the stateful rule tree and the protocol specification, an abstract data model of test case generation is defined. The fuzz testing data is produced by various generation algorithms through filling data in the fields of the data model. Using the rule-based state machine and the stateful rule tree, the quantity of test data can be reduced. Experimental results indicate that our method can discover the same vulnerabilities as traditional approaches, using less test data, while optimizing test data generation and improving test efficiency.
文摘With the combination of grid technology and Web services, the concept of Grid service arises for such purposes as service discovery, creation of dynamic services, lifecycle management and so forth. Authors compares the Web service with Grid service in respect of programming design, and states the characteristics of Grid service.
基金Project supported by the National Key Research and Development Plan of the Ministry of Science of Technology of China (Grand Nos.2019YFB 2205100 and 2019YFB2205102)the National Natural Science Foundation of China (Grant Nos.61974164,62074166,61804181,62004219,and 62004220)the Science Support Program of the National University of Defense and Technology (Grand No.ZK20-06)。
文摘Memristive stateful logic is one of the most promising candidates to implement an in-memory computing system that computes within the storage unit.It can eliminate the costs for the data movement in the traditional von Neumann system.However,the instability in the memristors is inevitable due to the limitation of the current fabrication technology,which incurs a great challenge for the reliability of the memristive stateful logic.In this paper,the implication of device instability on the reliability of the logic event is simulated.The mathematical relationship between logic reliability and redundancy has been deduced.By combining the mathematical relationship with the vector-matrix multiplication in a memristive crossbar array,the logic error correction scheme with high throughput has been proposed.Moreover,a universal design paradigm has been put forward for complex logic.And the circuit schematic and the flow of the scheme have been raised.Finally,a 1-bit full adder(FA)based on the NOR logic and NOT logic is simulated and the mathematical evaluation is performed.It demonstrates the scheme can improve the reliability of the logic significantly.And compared with other four error corrections,the scheme which can be suitable for all kinds of R–R logics and V–R logics has the best universality and throughput.Compared with the other two approaches which also need additional complementary metal–oxide semiconductor(CMOS)circuits,it needs fewer transistors and cycles for the error correction.
基金Project supported by the National Natural Science Foundation of China(Nos.61902416 and 61902412)the Natural Science Foundation of Hunan Province,China(No.2019JJ50729)。
文摘Network protocol software is usually characterized by complicated functions and a vast state space.In this type of program,a massive number of stateful variables that are used to represent the evolution of the states and store some information about the sessions are prone to potentialflaws caused by violations of protocol specification requirements and program logic.Discovering such variables is significant in discovering and exploiting vulnerabilities in protocol software,and still needs massive manual verifications.In this paper,we propose a novel method that could automatically discover the use of stateful variables in network protocol software.The core idea is that a stateful variable features information of the communication entities and the software states,so it will exist in the form of a global or static variable during program execution.Based on recording and replaying a protocol program’s execution,varieties of variables in the life cycle can be tracked with the technique of dynamic instrument.We draw up some rules from multiple dimensions by taking full advantage of the existing vulnerability knowledge to determine whether the data stored in critical memory areas have stateful characteristics.We also implement a prototype system that can discover stateful variables automatically and then perform it on nine programs in Pro FuzzBench and two complex real-world software programs.With the help of available open-source code,the evaluation results show that the average true positive rate(TPR)can reach 82%and the average precision can be approximately up to 96%.
文摘In deduplication, index-lookup disk bottleneck is a major obstacle which limits the throughput of backup processes. One way to minimize the effect of this issue and boost speed is to use very high course-grained chunks for deduplication at a cost of low storage saving and limited scalability. Another way is to distribute the deduplication process among multiple nodes but this approach introduces storage node island effect and also incurs high communication cost. In this paper, we explore dCACH, a content-aware clustered and hierarchical deduplication system, which implements a hybrid of inline course grained and offline fine-grained distributed deduplication where routing decisions are made for a set of files instead of single files. It utilizes bloom filters for detecting similarity between a data stream and previous data streams and performs stateful routing which solves the storage node island problem. Moreover, it exploits the negligibly small amount of content shared among chunks from different file types to create groups of files and deduplicate each group in their own fingerprint index space. It implements hierarchical deduplication to reduce the size of fingerprint indexes at the global level, where only files and big sized segments are deduplicated. Locality is created and exploited first using the big sized segments deduplicated at the global level and second by routing a set of consecutive files together to one storage node. Furthermore, the use of bloom filter for similarity detection between streams has low communication and computation cost while it enables to achieve duplicate elimination performance comparable to single node deduplication. dCACH is evaluated using a prototype deployed on a server environment distributed over four separate machines. It is shown to have 10× the speed of Extreme_Binn with a minimal communication overhead, while its duplicate elimination effectiveness is on a par with a single node deduplication system.
基金supported by National Natural Science Foundation of China(No.61571061)Innovative Research Fund of Beijing University of Posts and Telecommunications (2015RC16)
文摘The next-generation optical network is a service oriented network,which could be delivered by utilizing the generalized multiprotocol label switching(GMPLS) based control plane to realize lots of intelligent features such as rapid provisioning,automated protection and restoration(P&R),efficient resource allocation,and support for different quality of service(QoS) requirements.In this paper,we propose a novel stateful PCE-cloud(SPC)based architecture of GMPLS optical networks for cloud services.The cloud computing technologies(e.g.virtualization and parallel computing) are applied to the construction of SPC for improving the reliability and maximizing resource utilization.The functions of SPC and GMPLS based control plane are expanded according to the features of cloud services for different QoS requirements.The architecture and detailed description of the components of SPC are provided.Different potential cooperation relationships between public stateful PCE cloud(PSPC) and region stateful PCE cloud(RSPC) are investigated.Moreover,we present the policy-enabled and constraint-based routing scheme base on the cooperation of PSPC and RSPC.Simulation results for verifying the performance of routing and control plane reliability are analyzed.
