The paper describes a new algorithm for deducing type information of partially declared objects i... more The paper describes a new algorithm for deducing type information of partially declared objects in Ada based PDLs (program design languages). The type information is deduced from the usage context of the objects. The algorithm tries to implement an 'insight' into the design, by checking every detail in the design using all available information deduced from its usage. In this way, the algorithm provides better type checking of incomplete designs, which allows earlier detection of design errors. This algorithm is intended to be a part of an Ada based PDL processor. A prototype of this algorithm was implemented in Prolog. Some examples demonstrating the usefulness of the algorithm are given with their resource consumption. The implementation described indicates that this algorithm should be a worthwhile addition to any Ada based PDL processor.<<ETX>>
Monitoring the location of user equipment is an important problem in many industries, including d... more Monitoring the location of user equipment is an important problem in many industries, including direct broadcasting satellites and others, where the physical location of the user determines the availability of the service or is crucial for the securiv or operation of the service. In this article we study four schemes for detecting the movement of user equipment, such as o set-top terminal, wireless local loop (fixed wireless] phones, and other "nonmovable" equipment, using existing (or emerging] communication infrastructures. The first two schemes are network-centric, which means that the nefwork infrastructure determines the location. The two other schemes are terminal-centric, which means that they rely on the user's device. We start with the currently used scheme, which is based on the telephone network's caller ID features. and show how it can be undermined. Then we describe three more robust schemes: one that uses the cellular phone's enhanced 91 1 service, one that uses the Global Positioning System, and one that measures the time-difference-of-arrival of the satellite's broadcast. We discuss the accuracy, features, and vulnerabilities of eoch scheme. We also present possible attacks on these schemes that ollow the attackers to conceal their movement, and evaluate the complexity and cost of the attacks.
ABSTRACT Monitoring the location of user equipment is an important problem in many industries, in... more ABSTRACT Monitoring the location of user equipment is an important problem in many industries, including direct broadcasting satellites and others, where the physical location of the user determines the availability of the service or is crucial for the security or operation of the service. In this article we study four schemes for detecting the movement of user equipment, such as a set-top terminal, wireless local loop (fixed wireless) phones, and other “nonmovable” equipment, using existing (or emerging) communication infrastructures. The first two schemes are network-centric, which means that the network infrastructure determines the location. The two other schemes are terminal-centric, which means that they rely on the user&#39;s device. We start with the currently used scheme, which is based on the telephone network&#39;s caller ID features, and show how it can be undermined. Then we describe three more robust schemes: one that uses the cellular phone&#39;s enhanced 911 service, one that uses the Global Positioning System, and one that measures the time-difference-of-arrival of the satellite&#39;s broadcast. We discuss the accuracy, features, and vulnerabilities of each scheme. We also present possible attacks on these schemes that allow the attackers to conceal their movement, and evaluate the complexity and cost of the attacks
The Direct Access File System (DAFS) is an emerging industrial standard for network-attached stor... more The Direct Access File System (DAFS) is an emerging industrial standard for network-attached storage. DAFS takes advantage of new user-level network interface standards. This enables a user-level file system structure in which client-side functionality ...
In this paper we present StarFish, a highly-available geographically-dispersed block storage syst... more In this paper we present StarFish, a highly-available geographically-dispersed block storage system built from commodity servers running FreeBSD, which are connected by standard high-speed IP networking gear. StarFish achieves high availability by transparently replicating data over multiple storage sites. StarFish is accessed via a host-site appliance that masquerades as a host-attached storage device, hence it requires no special hardware or software in the host computer. We show that a StarFish system with 3 replicas and a write quorum size of 2 is a good choice, based on a formal analysis of data availability and reliability: 3 replicas with individual availability of 99%, a write quorum of 2, and read-only consistency gives better than 99.9999% data availability. Although StarFish increases the per-request latency relative to a direct-attached RAID, we show how to design a highly-available StarFish configuration that provides most of the performance of a direct-attached RAID on...
This paper describes the design and implementation of the Lucent Personalized Web Assis tant LPWA... more This paper describes the design and implementation of the Lucent Personalized Web Assis tant LPWA LPWA is a software system that enables a user to browse the Web in a person alized simple private and secure fashion and to lter junk e mail spam LPWA generates secure consistent and pseudonymous aliases personae for Web users Each alias consists of an alias username an alias password and an alias e mail address The alias e mail addresses allow web sites to send messages to users and enable e ective ltering of junk e mail spam LPWA forwards mail addressed to the alias e mail address to the actual user LPWA allows users to lter incoming messages based on the recipient address the alias e mail which is an e ective method for detecting and blocking spam A trial version of LPWA became available to the public at http lpwa com in June It has so far as of May attracted more than users
he WorldWide Web has become an immensely popular and powerful medium in recent years. To attract ... more he WorldWide Web has become an immensely popular and powerful medium in recent years. To attract more users, many Web sites offer personalized services, whereby users identify themselves and register their information preferences. On return visits, they conveniently receive a personalized selection of information. These personalized services, however, raise user concerns with respect to convenience and privacy. Registration for these services lets information providers use a variety of tools to collect extensive profiles of users who visit their Web sites. Moreover , registration typically requires the user to specify a unique username and a secret password. Upon each return visit, the user must provide the same username and password. Sound security would dictate that users choose (and remember!) a different password for each site. An additional problem arises when naive users choose the same username and password for a Web site as they use for their own company's computers, thu...
The paper describes a new algorithm for deducing type information of partially declared objects i... more The paper describes a new algorithm for deducing type information of partially declared objects in Ada based PDLs (program design languages). The type information is deduced from the usage context of the objects. The algorithm tries to implement an 'insight' into the design, by checking every detail in the design using all available information deduced from its usage. In this way, the algorithm provides better type checking of incomplete designs, which allows earlier detection of design errors. This algorithm is intended to be a part of an Ada based PDL processor. A prototype of this algorithm was implemented in Prolog. Some examples demonstrating the usefulness of the algorithm are given with their resource consumption. The implementation described indicates that this algorithm should be a worthwhile addition to any Ada based PDL processor.<<ETX>>
Monitoring the location of user equipment is an important problem in many industries, including d... more Monitoring the location of user equipment is an important problem in many industries, including direct broadcasting satellites and others, where the physical location of the user determines the availability of the service or is crucial for the securiv or operation of the service. In this article we study four schemes for detecting the movement of user equipment, such as o set-top terminal, wireless local loop (fixed wireless] phones, and other "nonmovable" equipment, using existing (or emerging] communication infrastructures. The first two schemes are network-centric, which means that the nefwork infrastructure determines the location. The two other schemes are terminal-centric, which means that they rely on the user's device. We start with the currently used scheme, which is based on the telephone network's caller ID features. and show how it can be undermined. Then we describe three more robust schemes: one that uses the cellular phone's enhanced 91 1 service, one that uses the Global Positioning System, and one that measures the time-difference-of-arrival of the satellite's broadcast. We discuss the accuracy, features, and vulnerabilities of eoch scheme. We also present possible attacks on these schemes that ollow the attackers to conceal their movement, and evaluate the complexity and cost of the attacks.
ABSTRACT Monitoring the location of user equipment is an important problem in many industries, in... more ABSTRACT Monitoring the location of user equipment is an important problem in many industries, including direct broadcasting satellites and others, where the physical location of the user determines the availability of the service or is crucial for the security or operation of the service. In this article we study four schemes for detecting the movement of user equipment, such as a set-top terminal, wireless local loop (fixed wireless) phones, and other “nonmovable” equipment, using existing (or emerging) communication infrastructures. The first two schemes are network-centric, which means that the network infrastructure determines the location. The two other schemes are terminal-centric, which means that they rely on the user&#39;s device. We start with the currently used scheme, which is based on the telephone network&#39;s caller ID features, and show how it can be undermined. Then we describe three more robust schemes: one that uses the cellular phone&#39;s enhanced 911 service, one that uses the Global Positioning System, and one that measures the time-difference-of-arrival of the satellite&#39;s broadcast. We discuss the accuracy, features, and vulnerabilities of each scheme. We also present possible attacks on these schemes that allow the attackers to conceal their movement, and evaluate the complexity and cost of the attacks
The Direct Access File System (DAFS) is an emerging industrial standard for network-attached stor... more The Direct Access File System (DAFS) is an emerging industrial standard for network-attached storage. DAFS takes advantage of new user-level network interface standards. This enables a user-level file system structure in which client-side functionality ...
In this paper we present StarFish, a highly-available geographically-dispersed block storage syst... more In this paper we present StarFish, a highly-available geographically-dispersed block storage system built from commodity servers running FreeBSD, which are connected by standard high-speed IP networking gear. StarFish achieves high availability by transparently replicating data over multiple storage sites. StarFish is accessed via a host-site appliance that masquerades as a host-attached storage device, hence it requires no special hardware or software in the host computer. We show that a StarFish system with 3 replicas and a write quorum size of 2 is a good choice, based on a formal analysis of data availability and reliability: 3 replicas with individual availability of 99%, a write quorum of 2, and read-only consistency gives better than 99.9999% data availability. Although StarFish increases the per-request latency relative to a direct-attached RAID, we show how to design a highly-available StarFish configuration that provides most of the performance of a direct-attached RAID on...
This paper describes the design and implementation of the Lucent Personalized Web Assis tant LPWA... more This paper describes the design and implementation of the Lucent Personalized Web Assis tant LPWA LPWA is a software system that enables a user to browse the Web in a person alized simple private and secure fashion and to lter junk e mail spam LPWA generates secure consistent and pseudonymous aliases personae for Web users Each alias consists of an alias username an alias password and an alias e mail address The alias e mail addresses allow web sites to send messages to users and enable e ective ltering of junk e mail spam LPWA forwards mail addressed to the alias e mail address to the actual user LPWA allows users to lter incoming messages based on the recipient address the alias e mail which is an e ective method for detecting and blocking spam A trial version of LPWA became available to the public at http lpwa com in June It has so far as of May attracted more than users
he WorldWide Web has become an immensely popular and powerful medium in recent years. To attract ... more he WorldWide Web has become an immensely popular and powerful medium in recent years. To attract more users, many Web sites offer personalized services, whereby users identify themselves and register their information preferences. On return visits, they conveniently receive a personalized selection of information. These personalized services, however, raise user concerns with respect to convenience and privacy. Registration for these services lets information providers use a variety of tools to collect extensive profiles of users who visit their Web sites. Moreover , registration typically requires the user to specify a unique username and a secret password. Upon each return visit, the user must provide the same username and password. Sound security would dictate that users choose (and remember!) a different password for each site. An additional problem arises when naive users choose the same username and password for a Web site as they use for their own company's computers, thu...
Uploads
Papers by Eran Gabber