The security performance of cloud services is a key factor influencing users’selection of Cloud Service Providers(CSPs).Continuous monitoring of the security status of cloud services is critical.However,existing rese...The security performance of cloud services is a key factor influencing users’selection of Cloud Service Providers(CSPs).Continuous monitoring of the security status of cloud services is critical.However,existing research lacks a practical framework for such ongoing monitoring.To address this gap,this paper proposes the first NonCollaborative Container-Based Cloud Service Operation State Continuous Monitoring Framework(NCCMF),based on relevant standards.NCCMF operates without the CSP’s collaboration by:1)establishing a scalable supervisory index system through the identification of security responsibilities for each role,and 2)designing a Continuous Metrics Supervision Protocol(CMA)to automate the negotiation of supervisory metrics.The framework also outlines the supervision process for cloud services across different deployment models.Experimental results demonstrate that NCCMF effectively monitors the operational state of two real-world IoT(Internet of Things)cloud services,with an average supervision error of less than 15%.展开更多
为了更高效地推广科学施肥技术,开发集成了基于Arc GIS Runtime for WPF的触摸屏施肥咨询系统。使用既有瓦片影像高效生成高清离线多级瓦片缓存地图包技术和基于专家知识库的施肥方案,降低了用户门槛,提升了用户体验,使得测土配方施肥...为了更高效地推广科学施肥技术,开发集成了基于Arc GIS Runtime for WPF的触摸屏施肥咨询系统。使用既有瓦片影像高效生成高清离线多级瓦片缓存地图包技术和基于专家知识库的施肥方案,降低了用户门槛,提升了用户体验,使得测土配方施肥技术面向基层的全面推广变得更为可行。展开更多
近年来,传统的外业调绘模式逐渐向内外业一体化模式转变。本文以地理国情内外业一体化系统为依托,重点研究了ESRI的离线编辑关键技术,介绍了基于ArcGIS Runtime SDK for Android实现的离线编辑功能,以面修形算法为例,在细粒度的几何编...近年来,传统的外业调绘模式逐渐向内外业一体化模式转变。本文以地理国情内外业一体化系统为依托,重点研究了ESRI的离线编辑关键技术,介绍了基于ArcGIS Runtime SDK for Android实现的离线编辑功能,以面修形算法为例,在细粒度的几何编辑基础上实现了常见的外业编辑业务。展开更多
Runtime systems play an important role in parallel programming and parallel compilation. In this paper,goals and key techniques of runtime systems are presented. And some experiences and its trend are given in the end.
Containerization is a fundamental component of modern cloud-native infrastructure,and Kubernetes is a prominent platform of container orchestration systems.However,containerization raises significant security concerns...Containerization is a fundamental component of modern cloud-native infrastructure,and Kubernetes is a prominent platform of container orchestration systems.However,containerization raises significant security concerns due to the nature of sharing a kernel among multiple containers,which can lead to container breakout or privilege escalation.Kubernetes cannot avoid it as well.While various tools,such as container image scanning and configuration checking,can mitigate container workload vulnerabilities,these are not foolproof and cannot guarantee perfect isolation or prevent every active threat in runtime.As such,a policy enforcement solution is required to tackle the problem,and existing solutions based on LSM(Linux Security Module)frameworks may not be adequate for some situations.To address this,we propose an enforcement system based on BPF-LSM,which leverages eBPF(extended Berkeley Packet Filter)technology to provide fine-grained control and dynamic adoption of security policies.In this paper,we compare different LSM implementations to highlight the challenges of current enforcement solutions before detailing the design of our eBPF-based Kubernetes Runtime Instrumentation and Enforcement System(KRSIE).Finally,we evaluate the effectiveness of our system using a real-world scenario,as measuring the performance of a policy enforcement system is a complex task.Our results show that KRSIE can successfully control containers’behaviors using LSM hooks at container runtime,offering improved container security for cloud-native infrastructure.展开更多
Reflective real-time component model is a special component model, which can identify timing constraint characteristics of component and support dynamic design-time amendment of real-time component according to users...Reflective real-time component model is a special component model, which can identify timing constraint characteristics of component and support dynamic design-time amendment of real-time component according to users' requirements. The reflective real-time component runtime environment is a bearing space and reflective infrastructure for this special component model. It consists of three parts and manages the lifecycle and various relevant services of reflective real-time component. In this paper its mechanism and relevant key techniques in design and realization are formally specified with the communicating sequential processing (CSP) and the extended timed communicating sequential processing (TCSP). Finally a prototype is established. Experimental study shows that this runtime environment can introduce a relevant reflective infrastructure guaranteeing dynamic and real-time features of software component.展开更多
Web applications represent one of the principal vehicles by which attackers gain access to an organization’s network or resources.Thus,different approaches to protect web applications have been proposed to date.Of th...Web applications represent one of the principal vehicles by which attackers gain access to an organization’s network or resources.Thus,different approaches to protect web applications have been proposed to date.Of them,the two major approaches are Web Application Firewalls(WAF)and Runtime Application Self Protection(RASP).It is,thus,essential to understand the differences and relative effectiveness of both these approaches for effective decisionmaking regarding the security of web applications.Here we present a comparative study between WAF and RASP simulated settings,with the aim to compare their effectiveness and efficiency against different categories of attacks.For this,we used computation of different metrics and sorted their results using F-Score index.We found that RASP tools scored better than WAF tools.In this study,we also developed a new experimental methodology for the objective evaluation ofweb protection tools since,to the best of our knowledge,nomethod specifically evaluates web protection tools.展开更多
To quick customize and develop intelligent campus internet of things (ICIOT) system more efficiently, in this paper an approach based on runtime model to managing intelligent campus wireless sensor networks is propose...To quick customize and develop intelligent campus internet of things (ICIOT) system more efficiently, in this paper an approach based on runtime model to managing intelligent campus wireless sensor networks is proposed. Firstly, manageability of intelligent campus wireless sensors is abstracted as runtime models which automatically and immediately propagate any observable runtime changes of target resources to corresponding architecture models. Then, a composite model of intelligent campus wireless sensors is constructed through merging their runtime models in order to manage different kinds of devices in a unified way. Finally, a customized model is constructed according to the personalized management requirement and the synchronization between the customized model and the composite model is ensured through model transformation. Thus, all the management tasks can be carried through executing operating programs on the customized model. In the part of the teaching area schools conducted experiments and compared with the traditional method, this method can be more effective management of campus facilities, more energy efficient and orderly, which can reach a 16.7% energy saving.展开更多
Heating,ventilation,and air conditioning system runtime is a crucial metric for establishing the connection between system operation and energy performance.Similar homes in the same location can have varying runtime d...Heating,ventilation,and air conditioning system runtime is a crucial metric for establishing the connection between system operation and energy performance.Similar homes in the same location can have varying runtime due to different factors.To understand such heterogeneity,this study conducted an energy signature analysis of heating and cooling system runtime for 5,014 homes across the US>using data from ecobee smart thermostats.Two approaches were compared for the energy signature analysis:(1)using daily mean outdoor temperature and(2)using the difference between the daily mean outdoor temperature and the indoor thermostat setpoint(delta T)as the independent variable.The best-fitting energy signature parameters(balance temperatures and slopes)for each house were estimated and statistically analyzed.The results revealed significant differences in balance temperatures and slopes across various climates and individual homes.Additionally,we identified the impact of housing characteristics and weather conditions on the energy signature parameters using a long absolute shrinkage and selection operator(LASSO)regression.Incorporating delta T into the energy signature model significantly enhances its ability to detect hidden impacts of various features by minimizing the influence of setpoint preferences.Moreover,our cooling slope analysis highlights the significant impact of outdoor humidity levels,underscoring the need to include latent loads in building energy models.展开更多
The study aims to address the challenge of dynamic assessment in power systems by proposing a design scheme for an intelligent adaptive power distribution system based on runtime verification.The system architecture i...The study aims to address the challenge of dynamic assessment in power systems by proposing a design scheme for an intelligent adaptive power distribution system based on runtime verification.The system architecture is built upon cloud-edge-end collaboration,enabling comprehensive monitoring and precise management of the power grid through coordinated efforts across different levels.Specif-ically,the study employs the adaptive observer approach,allowing dynamic adjustments to observers to reflect updates in requirements and ensure system reliability.This method covers both structural and parametric adjustments to specifications,including updating time protection conditions,updating events,and adding or removing responses.The results demonstrate that with the implementation of adaptive observers,the system becomes more flexible in responding to changes,significantly enhancing its level of efficiency.By employing dynamically changing verification specifications,the system achieves real-time and flexible verification.This research provides technical support for the safe,efficient,and reliable operation of electrical power distribution systems.展开更多
In recent decades,significant advancements have been made in the rigorous runtime analysis of evolutionary algorithms(EAs).However,in the context of non-elitist EAs and the use of crossover,it is challenging to engage...In recent decades,significant advancements have been made in the rigorous runtime analysis of evolutionary algorithms(EAs).However,in the context of non-elitist EAs and the use of crossover,it is challenging to engage in any meaningful theoretical discussion due to the increasing complexity of the EA's population distribution as the EA runs.This paper aims to gain insight into the rigorous runtime analysis of the(μ,λ)EA with crossover,focusing on its optimization of the Jump test function,by investigating the population distribution during the optimization process.It is proposed that,under typical circumstances,the population distribution will first reach a stable and fully-diverged state before attaining the global optimum.Consequently,the optimization process is divided into two parts,based on whether the population distribution has reached this state.By investigating this state,the authors are able to provide a better upper bound on the runtime of the EA.Furthermore,a series of experiments were conducted to validate our theoretical results,which also offered insights into the impact of different parameters on this state.展开更多
In recent years,human-cyber-physical systems(HCPSs)have become increasingly complex due to the widespread adoption of environmental sensing and behavioral adaption.Apart from the tight coupling between application log...In recent years,human-cyber-physical systems(HCPSs)have become increasingly complex due to the widespread adoption of environmental sensing and behavioral adaption.Apart from the tight coupling between application logic and sensing-adaptation modules,such applications are mainly constrained by erroneous sensing and abnormal adaptation issues,often resulting in misjudgment of scenarios or adaptation behaviors that deviate from intended goals.Reliability in constructing and maintaining such application systems faces significant challenges,especially as human-cyber-physical scenarios exhibit dynamic uncertainties and evolving requirements,further exacerbating the development difficulty.To address these challenges,we design and implement SEPAL,a consistency-driven programming framework and runtime support for HCPSs with reliable environmental sensing and dynamic adaptation.SEPAL simplifies the design of environmental sensing and behavioral adaption in HCPSs through a unified programming framework,and transparently manages the reliability of sensing and the unbiasedness of adaptation through its two built-in consistency-based services.SEPAL also provides a flexible browser-based management interface and a customizable interface design language for ease of usage.Case studies and evaluations demonstrate SEPAL’s facilitation of reliable support for various HCPSs,as well as the effectiveness and efficiency of environmental sensing and behavioral adaption capabilities.展开更多
Dynamic optimization relies on runtime profile information to improve the performance of program execution. Traditional profiling techniques incur significant overhead and are not suitable for dynamic optimization. In...Dynamic optimization relies on runtime profile information to improve the performance of program execution. Traditional profiling techniques incur significant overhead and are not suitable for dynamic optimization. In this paper, a new profiling technique is proposed, that incorporates the strength of both software and hardware to achieve near-zero overhead profiling. The compiler passes profiling requests as a few bits of information in branch instructions to the hardware, and the processor executes profiling operations asynchronously in available free slots or on dedicated hardware. The compiler instrumentation of this technique is implemented using an Itanium research compiler. The result shows that the accurate block profiling incurs very little overhead to the user program in terms of the program scheduling cycles. For example, the average overhead is 0.6% for the SPECint95 benchmarks. The hardware support required for the new profiling is practical. The technique is extended to collect edge profiles for continuous phase transition detection. It is believed that the hardware-software collaborative scheme will enable many profile-driven dynamic optimizations for EPIC processors such as the Itanium processors.展开更多
The execution of composite Web services with WS-BPEL relies on externally autonomous Web services. This implies the need to constantly monitor the running behavior of the involved parties. Moreover, monitoring the exe...The execution of composite Web services with WS-BPEL relies on externally autonomous Web services. This implies the need to constantly monitor the running behavior of the involved parties. Moreover, monitoring the execution of composite Web services for particular patterns is critical to enhance the reliability of the processes. In this paper, we propose an aspect-oriented framework as a solution to provide monitoring and recovery support for composite Web services. In particular, this framework includes 1) a stateful aspect based template, where history-based pointcut specifies patterns of interest cannot be violated within a range, while advice specifies the associated recovery action; 2) a tool support for runtime monitoring and recovery based on aspect-oriented execution environment. Our experiments indicate that the proposed monitoring approach incurs minimal overhead and is efficient.展开更多
基金supported in part by the Intelligent Policing and National Security Risk Management Laboratory 2023 Opening Project(No.ZHKFYB2304)the Fundamental Research Funds for the Central Universities(Nos.SCU2023D008,2023SCU12129)+2 种基金the Natural Science Foundation of Sichuan Province(No.2024NSFSC1449)the Science and Engineering Connotation Development Project of Sichuan University(No.2020SCUNG129)the Key Laboratory of Data Protection and Intelligent Management(Sichuan University),Ministry of Education.
文摘The security performance of cloud services is a key factor influencing users’selection of Cloud Service Providers(CSPs).Continuous monitoring of the security status of cloud services is critical.However,existing research lacks a practical framework for such ongoing monitoring.To address this gap,this paper proposes the first NonCollaborative Container-Based Cloud Service Operation State Continuous Monitoring Framework(NCCMF),based on relevant standards.NCCMF operates without the CSP’s collaboration by:1)establishing a scalable supervisory index system through the identification of security responsibilities for each role,and 2)designing a Continuous Metrics Supervision Protocol(CMA)to automate the negotiation of supervisory metrics.The framework also outlines the supervision process for cloud services across different deployment models.Experimental results demonstrate that NCCMF effectively monitors the operational state of two real-world IoT(Internet of Things)cloud services,with an average supervision error of less than 15%.
文摘Runtime systems play an important role in parallel programming and parallel compilation. In this paper,goals and key techniques of runtime systems are presented. And some experiences and its trend are given in the end.
基金supported by the Institute of Information&Communications Technology Planning&Evaluation (IITP)grant funded by the Korea Government (MSIT), (No.2020-0-00952,Development of 5G edge security technology for ensuring 5G+service stability and availability,50%)the Institute of Information and Communications Technology Planning and Evaluation (IITP)grant funded by the MSIT (Ministry of Science and ICT),Korea (No.IITP-2023-2020-0-01602,ITRC (Information Technology Research Center)support program,50%).
文摘Containerization is a fundamental component of modern cloud-native infrastructure,and Kubernetes is a prominent platform of container orchestration systems.However,containerization raises significant security concerns due to the nature of sharing a kernel among multiple containers,which can lead to container breakout or privilege escalation.Kubernetes cannot avoid it as well.While various tools,such as container image scanning and configuration checking,can mitigate container workload vulnerabilities,these are not foolproof and cannot guarantee perfect isolation or prevent every active threat in runtime.As such,a policy enforcement solution is required to tackle the problem,and existing solutions based on LSM(Linux Security Module)frameworks may not be adequate for some situations.To address this,we propose an enforcement system based on BPF-LSM,which leverages eBPF(extended Berkeley Packet Filter)technology to provide fine-grained control and dynamic adoption of security policies.In this paper,we compare different LSM implementations to highlight the challenges of current enforcement solutions before detailing the design of our eBPF-based Kubernetes Runtime Instrumentation and Enforcement System(KRSIE).Finally,we evaluate the effectiveness of our system using a real-world scenario,as measuring the performance of a policy enforcement system is a complex task.Our results show that KRSIE can successfully control containers’behaviors using LSM hooks at container runtime,offering improved container security for cloud-native infrastructure.
基金the National Defence Foundation of China(Grant No.10104010201)
文摘Reflective real-time component model is a special component model, which can identify timing constraint characteristics of component and support dynamic design-time amendment of real-time component according to users' requirements. The reflective real-time component runtime environment is a bearing space and reflective infrastructure for this special component model. It consists of three parts and manages the lifecycle and various relevant services of reflective real-time component. In this paper its mechanism and relevant key techniques in design and realization are formally specified with the communicating sequential processing (CSP) and the extended timed communicating sequential processing (TCSP). Finally a prototype is established. Experimental study shows that this runtime environment can introduce a relevant reflective infrastructure guaranteeing dynamic and real-time features of software component.
文摘Web applications represent one of the principal vehicles by which attackers gain access to an organization’s network or resources.Thus,different approaches to protect web applications have been proposed to date.Of them,the two major approaches are Web Application Firewalls(WAF)and Runtime Application Self Protection(RASP).It is,thus,essential to understand the differences and relative effectiveness of both these approaches for effective decisionmaking regarding the security of web applications.Here we present a comparative study between WAF and RASP simulated settings,with the aim to compare their effectiveness and efficiency against different categories of attacks.For this,we used computation of different metrics and sorted their results using F-Score index.We found that RASP tools scored better than WAF tools.In this study,we also developed a new experimental methodology for the objective evaluation ofweb protection tools since,to the best of our knowledge,nomethod specifically evaluates web protection tools.
文摘To quick customize and develop intelligent campus internet of things (ICIOT) system more efficiently, in this paper an approach based on runtime model to managing intelligent campus wireless sensor networks is proposed. Firstly, manageability of intelligent campus wireless sensors is abstracted as runtime models which automatically and immediately propagate any observable runtime changes of target resources to corresponding architecture models. Then, a composite model of intelligent campus wireless sensors is constructed through merging their runtime models in order to manage different kinds of devices in a unified way. Finally, a customized model is constructed according to the personalized management requirement and the synchronization between the customized model and the composite model is ensured through model transformation. Thus, all the management tasks can be carried through executing operating programs on the customized model. In the part of the teaching area schools conducted experiments and compared with the traditional method, this method can be more effective management of campus facilities, more energy efficient and orderly, which can reach a 16.7% energy saving.
基金supported by the National Science Foundation(award OAC-2005572)the State of Illinois,USA.
文摘Heating,ventilation,and air conditioning system runtime is a crucial metric for establishing the connection between system operation and energy performance.Similar homes in the same location can have varying runtime due to different factors.To understand such heterogeneity,this study conducted an energy signature analysis of heating and cooling system runtime for 5,014 homes across the US>using data from ecobee smart thermostats.Two approaches were compared for the energy signature analysis:(1)using daily mean outdoor temperature and(2)using the difference between the daily mean outdoor temperature and the indoor thermostat setpoint(delta T)as the independent variable.The best-fitting energy signature parameters(balance temperatures and slopes)for each house were estimated and statistically analyzed.The results revealed significant differences in balance temperatures and slopes across various climates and individual homes.Additionally,we identified the impact of housing characteristics and weather conditions on the energy signature parameters using a long absolute shrinkage and selection operator(LASSO)regression.Incorporating delta T into the energy signature model significantly enhances its ability to detect hidden impacts of various features by minimizing the influence of setpoint preferences.Moreover,our cooling slope analysis highlights the significant impact of outdoor humidity levels,underscoring the need to include latent loads in building energy models.
基金supported by the China Electric Power ResearchInstitute and Electric Power Research Institute State Grid AnhuiElectric Power Co.,Ltd.,China(5400-202355201A-1-1-ZN).
文摘The study aims to address the challenge of dynamic assessment in power systems by proposing a design scheme for an intelligent adaptive power distribution system based on runtime verification.The system architecture is built upon cloud-edge-end collaboration,enabling comprehensive monitoring and precise management of the power grid through coordinated efforts across different levels.Specif-ically,the study employs the adaptive observer approach,allowing dynamic adjustments to observers to reflect updates in requirements and ensure system reliability.This method covers both structural and parametric adjustments to specifications,including updating time protection conditions,updating events,and adding or removing responses.The results demonstrate that with the implementation of adaptive observers,the system becomes more flexible in responding to changes,significantly enhancing its level of efficiency.By employing dynamically changing verification specifications,the system achieves real-time and flexible verification.This research provides technical support for the safe,efficient,and reliable operation of electrical power distribution systems.
文摘In recent decades,significant advancements have been made in the rigorous runtime analysis of evolutionary algorithms(EAs).However,in the context of non-elitist EAs and the use of crossover,it is challenging to engage in any meaningful theoretical discussion due to the increasing complexity of the EA's population distribution as the EA runs.This paper aims to gain insight into the rigorous runtime analysis of the(μ,λ)EA with crossover,focusing on its optimization of the Jump test function,by investigating the population distribution during the optimization process.It is proposed that,under typical circumstances,the population distribution will first reach a stable and fully-diverged state before attaining the global optimum.Consequently,the optimization process is divided into two parts,based on whether the population distribution has reached this state.By investigating this state,the authors are able to provide a better upper bound on the runtime of the EA.Furthermore,a series of experiments were conducted to validate our theoretical results,which also offered insights into the impact of different parameters on this state.
基金supported by the National Key Research and Development Program of China under Grant No.2022YFB4501801the National Natural Science Foundation of China under Grant Nos.62302209 and 62472210+1 种基金the Leading-Edge Technology Program of Jiangsu Natural Science Foundation under Grant No.BK20202001support from the Collaborative Innovation Center of Novel Software Technology and Industrialization,Jiangsu,China.
文摘In recent years,human-cyber-physical systems(HCPSs)have become increasingly complex due to the widespread adoption of environmental sensing and behavioral adaption.Apart from the tight coupling between application logic and sensing-adaptation modules,such applications are mainly constrained by erroneous sensing and abnormal adaptation issues,often resulting in misjudgment of scenarios or adaptation behaviors that deviate from intended goals.Reliability in constructing and maintaining such application systems faces significant challenges,especially as human-cyber-physical scenarios exhibit dynamic uncertainties and evolving requirements,further exacerbating the development difficulty.To address these challenges,we design and implement SEPAL,a consistency-driven programming framework and runtime support for HCPSs with reliable environmental sensing and dynamic adaptation.SEPAL simplifies the design of environmental sensing and behavioral adaption in HCPSs through a unified programming framework,and transparently manages the reliability of sensing and the unbiasedness of adaptation through its two built-in consistency-based services.SEPAL also provides a flexible browser-based management interface and a customizable interface design language for ease of usage.Case studies and evaluations demonstrate SEPAL’s facilitation of reliable support for various HCPSs,as well as the effectiveness and efficiency of environmental sensing and behavioral adaption capabilities.
文摘Dynamic optimization relies on runtime profile information to improve the performance of program execution. Traditional profiling techniques incur significant overhead and are not suitable for dynamic optimization. In this paper, a new profiling technique is proposed, that incorporates the strength of both software and hardware to achieve near-zero overhead profiling. The compiler passes profiling requests as a few bits of information in branch instructions to the hardware, and the processor executes profiling operations asynchronously in available free slots or on dedicated hardware. The compiler instrumentation of this technique is implemented using an Itanium research compiler. The result shows that the accurate block profiling incurs very little overhead to the user program in terms of the program scheduling cycles. For example, the average overhead is 0.6% for the SPECint95 benchmarks. The hardware support required for the new profiling is practical. The technique is extended to collect edge profiles for continuous phase transition detection. It is believed that the hardware-software collaborative scheme will enable many profile-driven dynamic optimizations for EPIC processors such as the Itanium processors.
基金supported by the National Natural Science Foundation of China under Grant Nos. 60673112, 90718033the National Basic Research 973 Program of China under Grant No. 2009CB320704the High-Tech Research and Development 863 Program of China under Grand Nos. 2006AA01Z19B, 2007AA010301
文摘The execution of composite Web services with WS-BPEL relies on externally autonomous Web services. This implies the need to constantly monitor the running behavior of the involved parties. Moreover, monitoring the execution of composite Web services for particular patterns is critical to enhance the reliability of the processes. In this paper, we propose an aspect-oriented framework as a solution to provide monitoring and recovery support for composite Web services. In particular, this framework includes 1) a stateful aspect based template, where history-based pointcut specifies patterns of interest cannot be violated within a range, while advice specifies the associated recovery action; 2) a tool support for runtime monitoring and recovery based on aspect-oriented execution environment. Our experiments indicate that the proposed monitoring approach incurs minimal overhead and is efficient.
