Multi-functioning in virtual monitoring and assessment of ultimate dynamics of thin-walled bridges is treated in present paper. The approach enables multiple functions in virtual monitoring of the bridges made of inte...Multi-functioning in virtual monitoring and assessment of ultimate dynamics of thin-walled bridges is treated in present paper. The approach enables multiple functions in virtual monitoring of the bridges made of integrated thin-walled members with their hierarchical configuration. Theoretical, numerical and experimental in situ assessments of the problem are presented. Some results of structural application are submitted.展开更多
Cloud computing is a new computing model. The resource monitoring tools are immature compared to traditional distributed computing and grid computing. In order to better monitor the virtual resource in cloud computing...Cloud computing is a new computing model. The resource monitoring tools are immature compared to traditional distributed computing and grid computing. In order to better monitor the virtual resource in cloud computing, a periodically and event-driven push (PEP) monitoring model is proposed. Taking advantage of the push and event-driven mechanism, the model can provide comparatively adequate information about usage and status of the resources. It can simplify the communication between Master and Work Nodes without missing the important issues happened during the push interval. Besides, we develop "mon" to make up for the deficiency of Libvirt in monitoring of virtual CPU and memory.展开更多
Three kinds of vulnerabilities that may exist in some of current virtualization-based security monitoring systems were proposed: page mapping problem,lack of overall protection,and inherent limitations. Aiming at the...Three kinds of vulnerabilities that may exist in some of current virtualization-based security monitoring systems were proposed: page mapping problem,lack of overall protection,and inherent limitations. Aiming at these vulnerabilities,relative attack methods were presented in detail. Our experiments show that the attack methods,such as page mapping attack,data attack,and non-behavior detection attack,can attack simulated or original security monitors successfully. Defenders,who need to effectively strengthen their security monitors,can get an inspiration from these attack methods and find some appropriate solutions.展开更多
Recently,virtualization technologies have been widely used in industry.In order to monitor the security of target systems in virtualization environments,conventional methods usually put the security monitoring mechani...Recently,virtualization technologies have been widely used in industry.In order to monitor the security of target systems in virtualization environments,conventional methods usually put the security monitoring mechanism into the normal functionality of the target systems.However,these methods are either prone to be tempered by attackers or introduce considerable performance overhead for target systems.To address these problems,in this paper,we present a concurrent security monitoring method which decouples traditional serial mechanisms,including security event collector and analyzer,into two concurrent components.On one hand,we utilize the SIM framework to deploy the event collector into the target virtual machine.On the other hand,we combine the virtualization technology and multi-core technology to put the event analyzer into a trusted execution environment.To address the synchronization problem between these two concurrent components,we make use of Lamport's ring buffer algorithm.Based on the Xen hypervisor,we have implemented a prototype system named COMO.The experimental results show that COMO can monitor the security of the target virtual machine concurrently within a little performance overhead.展开更多
With analysis of limitations Trusted Computing Group (TCG) has encountered, we argued that virtual machine monitor (VMM) is the appropriate architecture for implementing TCG specification. Putting together the VMM...With analysis of limitations Trusted Computing Group (TCG) has encountered, we argued that virtual machine monitor (VMM) is the appropriate architecture for implementing TCG specification. Putting together the VMM architecture, TCG hardware and application-oriented "thin" virtual machine (VM), Trusted VMM-based security architecture is present in this paper with the character of reduced and distributed trusted computing base (TCB). It provides isolation and integrity guarantees based on which general security requirements can be satisfied.展开更多
This paper introduces a self-sensing anthropomorphic robot hand driven by Twisted String Actuators(TSAs).The use of TSAs provides several advantages such as muscle-like structures,high transmission ratios,large output...This paper introduces a self-sensing anthropomorphic robot hand driven by Twisted String Actuators(TSAs).The use of TSAs provides several advantages such as muscle-like structures,high transmission ratios,large output forces,high efficiency,compactness,inherent compliance,and the ability to transmit power over distances.However,conventional sensors used in TSA-actuated robotic hands increase stiffness,mass,volume,and complexity,making feedback control challenging.To address this issue,a novel self-sensing approach is proposed using strain-sensing string based on Conductive Polymer Composite(CPC).By measuring the resistance changes in the strain-sensing string,the bending angle of the robot hand's fingers can be estimated,enabling closed-loop control without external sensors.The developed self-sensing anthropomorphic robot hand comprises a 3D-printed structure with five fingers,a palm,five self-sensing TSAs,and a 3D-printed forearm.Experimental studies validate the self-sensing properties of the TSA and the anthropomorphic robot hand.Additionally,a real-time Virtual Reality(VR)monitoring system is implemented for visualizing and monitoring the robot hand's movements using its self-sensing capabilities.This research contributes valuable insights and advancements to the field of intelligent prosthetics and robotic end grippers.展开更多
Security tools are rapidly developed as network security threat is becoming more and more serious.To overcome the fundamental limitation of traditional host-based anti-malware system which is likely to be deceived and...Security tools are rapidly developed as network security threat is becoming more and more serious.To overcome the fundamental limitation of traditional host-based anti-malware system which is likely to be deceived and attacked by malicious codes,VMM-based anti-malware systems have recently become a hot research field.In this article,the existing malware hiding technique is analyzed,and a detecting model for hidden process based on "In-VM" idea is also proposed.Based on this detecting model,a hidden process detection technology which is based on HOOK SwapContext on the VMM platform is also implemented successfully.This technology can guarantee the detecting method not to be attacked by malwares and also resist all the current process hiding technologies.In order to detect the malwares which use remote injection method to hide themselves,a method by hijacking sysenter instruction is also proposed.Experiments show that the proposed methods guarantee the isolation of virtual machines,can detect all malware samples,and just bring little performance loss.展开更多
With the capability of the virtual machine monitor, a novel approach for logging system activities is designed. In the design, the vip operating system runs on the virtual machine monitor as non-privileged mode. The...With the capability of the virtual machine monitor, a novel approach for logging system activities is designed. In the design, the vip operating system runs on the virtual machine monitor as non-privileged mode. The redirecting and monitoring modules are added into the virtual machine monitor. When a vip application is calling a system call, it is trapped and redirected from the least privileged level into the virtual machine monitor running in the most privileged level. After logging is finished. it returns to the vip operating system running in the more privileged level and starts the system call. Compared with the traditional methods for logging system activities, the novel method makes it more difficult to destroy or tamper the logs. The preliminary evaluation shows that the prototype is simple and efficient.展开更多
Virtual machine monitors (VMMs) play a central role in cloud computing. Their reliability and availability are critical for cloud computing. Virtualization and device emu- lation make the VMM code base large and the...Virtual machine monitors (VMMs) play a central role in cloud computing. Their reliability and availability are critical for cloud computing. Virtualization and device emu- lation make the VMM code base large and the interface be- tween OS and VMM complex. This results in a code base that is very hard to verify the security of the VMM. For exam- ple, a misuse of a VMM hyper-call by a malicious vip OS can corrupt the whole VMM. The complexity of the VMM also makes it hard to formally verify the correctness of the system's behavior. In this paper a new VMM, operating sys- tem virtualization (OSV), is proposed. The multiprocessor boot interface and memory configuration interface are virtu- alized in OSV at boot time in the Linux kernel. After booting, only inter-processor interrupt operations are intercepted by OSV, which makes the interface between OSV and OS sim- ple. The interface is verified using formal model checking, which ensures a malicious OS cannot attack OSV through the interface. Currently, OSV is implemented based on the AMD Opteron multi-core server architecture. Evaluation re- sults show that Linux running on OSV has a similar perfor- mance to native Linux. OSV has a performance improvement of 4%-13% over Xen.展开更多
The increasing requirements of intensive interoperaterbility among the distributed nodes desiderate the high performance network connections, owing to the substantial growth of cloud computing and datacenters. Network...The increasing requirements of intensive interoperaterbility among the distributed nodes desiderate the high performance network connections, owing to the substantial growth of cloud computing and datacenters. Network I/O virtualization aggregates the network resource and separates it into manageable parts for particular servers or devices, which provides effective consolidation and elastic management with high agility, flexibility and scalability as well as reduced cost and cabling. However, both network I/O virtualization aggregation and the increasing network speed incur higher traffic density, which generates a heavy system stress for I/O data moving and I/O event processing. Consequently, many researchers have dedicated to enhancing the system performance and alleviating the system overhead for high performance networking virtualizatiou. This paper first elaborates the mainstreaming I/O virtualization methodologies, including device emulation, split-driver model and hardware assisted model. Then, the paper discusses and compares their specific advantages in addition to performance bottlenecks in practical utilities. This paper mainly focuses on the comprehensive survey of state- of-the-art approaches for performance optimizations and improvements as well as the portability management for network I/O virtualization. The approaches include various novel data delivery schemes, overhead mitigations for interrupt processing and adequate resource allocations for dynamic network states. Finally, we highlight the diversity of I/O virtualization besides the performance improvements in network virtualization infrastructure.展开更多
Static cache partitioning can reduce inter- application cache interference and improve the composite performance of a cache-polluted application and a cache- sensitive application when they run on cores that share the...Static cache partitioning can reduce inter- application cache interference and improve the composite performance of a cache-polluted application and a cache- sensitive application when they run on cores that share the last level cache in the same multi-core processor. In a virtu- alized system, since different applications might run on dif- ferent virtual machines (VMs) in different time, it is inappli- cable to partition the cache statically in advance. This paper proposes a dynamic cache partitioning scheme that makes use of hot page detection and page migration to improve the com- posite performance of co-hosted virtual machines dynami- cally according to prior knowledge of cache-sensitive appli- cations. Experimental results show that the overhead of our page migration scheme is low, while in most cases, the com- posite performance is an improvement over free composition.展开更多
文摘Multi-functioning in virtual monitoring and assessment of ultimate dynamics of thin-walled bridges is treated in present paper. The approach enables multiple functions in virtual monitoring of the bridges made of integrated thin-walled members with their hierarchical configuration. Theoretical, numerical and experimental in situ assessments of the problem are presented. Some results of structural application are submitted.
基金Project supported by the Shanghai Leading Academic Discipline Project(Grant No.J50103)the Ph D Programs Foundation of Ministry of Education of China(Grant No.200802800007)+1 种基金the Key Laboratory of Computer System and Architecture(Institute of Computing Technology,Chinese Academy of Sciences)the Innovation Project of Shanghai Municipal Education Commission(Grant No.11YZ09)
文摘Cloud computing is a new computing model. The resource monitoring tools are immature compared to traditional distributed computing and grid computing. In order to better monitor the virtual resource in cloud computing, a periodically and event-driven push (PEP) monitoring model is proposed. Taking advantage of the push and event-driven mechanism, the model can provide comparatively adequate information about usage and status of the resources. It can simplify the communication between Master and Work Nodes without missing the important issues happened during the push interval. Besides, we develop "mon" to make up for the deficiency of Libvirt in monitoring of virtual CPU and memory.
基金Supported by National 242 Plan Project(2005C48)the Technology Innovation Programme Major Projects of Beijing Institute of Technology(2011CX01015)
文摘Three kinds of vulnerabilities that may exist in some of current virtualization-based security monitoring systems were proposed: page mapping problem,lack of overall protection,and inherent limitations. Aiming at these vulnerabilities,relative attack methods were presented in detail. Our experiments show that the attack methods,such as page mapping attack,data attack,and non-behavior detection attack,can attack simulated or original security monitors successfully. Defenders,who need to effectively strengthen their security monitors,can get an inspiration from these attack methods and find some appropriate solutions.
基金supported in part by National Natural Science Foundation of China(NSFC)under Grant No.61100228 and 61202479the National High-tech R&D Program of China under Grant No.2012AA013101+1 种基金the Strategic Priority Research Program of the Chinese Academy of Sciences under Grant No.XDA06030601 and XDA06010701Open Found of Key Laboratory of IOT Application Technology of Universities in Yunnan Province Grant No.2015IOT03
文摘Recently,virtualization technologies have been widely used in industry.In order to monitor the security of target systems in virtualization environments,conventional methods usually put the security monitoring mechanism into the normal functionality of the target systems.However,these methods are either prone to be tempered by attackers or introduce considerable performance overhead for target systems.To address these problems,in this paper,we present a concurrent security monitoring method which decouples traditional serial mechanisms,including security event collector and analyzer,into two concurrent components.On one hand,we utilize the SIM framework to deploy the event collector into the target virtual machine.On the other hand,we combine the virtualization technology and multi-core technology to put the event analyzer into a trusted execution environment.To address the synchronization problem between these two concurrent components,we make use of Lamport's ring buffer algorithm.Based on the Xen hypervisor,we have implemented a prototype system named COMO.The experimental results show that COMO can monitor the security of the target virtual machine concurrently within a little performance overhead.
基金Supported by the National Program on Key Basic Re-search Project of China (G1999035801)
文摘With analysis of limitations Trusted Computing Group (TCG) has encountered, we argued that virtual machine monitor (VMM) is the appropriate architecture for implementing TCG specification. Putting together the VMM architecture, TCG hardware and application-oriented "thin" virtual machine (VM), Trusted VMM-based security architecture is present in this paper with the character of reduced and distributed trusted computing base (TCB). It provides isolation and integrity guarantees based on which general security requirements can be satisfied.
基金supported by the Anhui Provincial Key Research and Development Program No.2022f04020008National Natural Science Foundation of China No.62301522Anhui Provincial Nature Science Foundation No.1908085MF196.
文摘This paper introduces a self-sensing anthropomorphic robot hand driven by Twisted String Actuators(TSAs).The use of TSAs provides several advantages such as muscle-like structures,high transmission ratios,large output forces,high efficiency,compactness,inherent compliance,and the ability to transmit power over distances.However,conventional sensors used in TSA-actuated robotic hands increase stiffness,mass,volume,and complexity,making feedback control challenging.To address this issue,a novel self-sensing approach is proposed using strain-sensing string based on Conductive Polymer Composite(CPC).By measuring the resistance changes in the strain-sensing string,the bending angle of the robot hand's fingers can be estimated,enabling closed-loop control without external sensors.The developed self-sensing anthropomorphic robot hand comprises a 3D-printed structure with five fingers,a palm,five self-sensing TSAs,and a 3D-printed forearm.Experimental studies validate the self-sensing properties of the TSA and the anthropomorphic robot hand.Additionally,a real-time Virtual Reality(VR)monitoring system is implemented for visualizing and monitoring the robot hand's movements using its self-sensing capabilities.This research contributes valuable insights and advancements to the field of intelligent prosthetics and robotic end grippers.
基金National High Technical Research and Development Program of China(863 Program)under Grant No. 2008AA01Z414
文摘Security tools are rapidly developed as network security threat is becoming more and more serious.To overcome the fundamental limitation of traditional host-based anti-malware system which is likely to be deceived and attacked by malicious codes,VMM-based anti-malware systems have recently become a hot research field.In this article,the existing malware hiding technique is analyzed,and a detecting model for hidden process based on "In-VM" idea is also proposed.Based on this detecting model,a hidden process detection technology which is based on HOOK SwapContext on the VMM platform is also implemented successfully.This technology can guarantee the detecting method not to be attacked by malwares and also resist all the current process hiding technologies.In order to detect the malwares which use remote injection method to hide themselves,a method by hijacking sysenter instruction is also proposed.Experiments show that the proposed methods guarantee the isolation of virtual machines,can detect all malware samples,and just bring little performance loss.
文摘With the capability of the virtual machine monitor, a novel approach for logging system activities is designed. In the design, the vip operating system runs on the virtual machine monitor as non-privileged mode. The redirecting and monitoring modules are added into the virtual machine monitor. When a vip application is calling a system call, it is trapped and redirected from the least privileged level into the virtual machine monitor running in the most privileged level. After logging is finished. it returns to the vip operating system running in the more privileged level and starts the system call. Compared with the traditional methods for logging system activities, the novel method makes it more difficult to destroy or tamper the logs. The preliminary evaluation shows that the prototype is simple and efficient.
文摘Virtual machine monitors (VMMs) play a central role in cloud computing. Their reliability and availability are critical for cloud computing. Virtualization and device emu- lation make the VMM code base large and the interface be- tween OS and VMM complex. This results in a code base that is very hard to verify the security of the VMM. For exam- ple, a misuse of a VMM hyper-call by a malicious vip OS can corrupt the whole VMM. The complexity of the VMM also makes it hard to formally verify the correctness of the system's behavior. In this paper a new VMM, operating sys- tem virtualization (OSV), is proposed. The multiprocessor boot interface and memory configuration interface are virtu- alized in OSV at boot time in the Linux kernel. After booting, only inter-processor interrupt operations are intercepted by OSV, which makes the interface between OSV and OS sim- ple. The interface is verified using formal model checking, which ensures a malicious OS cannot attack OSV through the interface. Currently, OSV is implemented based on the AMD Opteron multi-core server architecture. Evaluation re- sults show that Linux running on OSV has a similar perfor- mance to native Linux. OSV has a performance improvement of 4%-13% over Xen.
基金This work was supported by the National High Technology Research and Development 863 Program of China under Grant No. 2012AA010905, the National Natural Science Foundation of China under Grant Nos. 61272100 and 61202374, the Ministry of Education Major Project of China under Grant No. 313035, and the National Research Foundation (NRF) Singapore under its CREATE Program.
文摘The increasing requirements of intensive interoperaterbility among the distributed nodes desiderate the high performance network connections, owing to the substantial growth of cloud computing and datacenters. Network I/O virtualization aggregates the network resource and separates it into manageable parts for particular servers or devices, which provides effective consolidation and elastic management with high agility, flexibility and scalability as well as reduced cost and cabling. However, both network I/O virtualization aggregation and the increasing network speed incur higher traffic density, which generates a heavy system stress for I/O data moving and I/O event processing. Consequently, many researchers have dedicated to enhancing the system performance and alleviating the system overhead for high performance networking virtualizatiou. This paper first elaborates the mainstreaming I/O virtualization methodologies, including device emulation, split-driver model and hardware assisted model. Then, the paper discusses and compares their specific advantages in addition to performance bottlenecks in practical utilities. This paper mainly focuses on the comprehensive survey of state- of-the-art approaches for performance optimizations and improvements as well as the portability management for network I/O virtualization. The approaches include various novel data delivery schemes, overhead mitigations for interrupt processing and adequate resource allocations for dynamic network states. Finally, we highlight the diversity of I/O virtualization besides the performance improvements in network virtualization infrastructure.
文摘Static cache partitioning can reduce inter- application cache interference and improve the composite performance of a cache-polluted application and a cache- sensitive application when they run on cores that share the last level cache in the same multi-core processor. In a virtu- alized system, since different applications might run on dif- ferent virtual machines (VMs) in different time, it is inappli- cable to partition the cache statically in advance. This paper proposes a dynamic cache partitioning scheme that makes use of hot page detection and page migration to improve the com- posite performance of co-hosted virtual machines dynami- cally according to prior knowledge of cache-sensitive appli- cations. Experimental results show that the overhead of our page migration scheme is low, while in most cases, the com- posite performance is an improvement over free composition.
