‘Renewable’ hydrogen: Prospects and challenges

N-Variant Execution (NVX) systems utilize artificial diversity techniques to enhance software security. The general idea is to run multiple different variants of the same program alongside each other while monitoring their diverging behavior on a malicious input. Existing NVX systems execute diversified program variants on a single host. This means the level of inter-variant diversity will be limited to what a single platform can offer, without costly emulation. This paper presents DMON, a novel distributed NVX design that executes native program variants across multiple heterogeneous hosts. Our approach greatly increases the level of diversity between the simultaneously running variants that can be supported, encompassing different ISAs and ABIs. Our evaluation shows that DMON can provide comparable performance to traditional, nondistributed NVX systems, while enhancing security.

show abstract

A reliable multicast transport protocol for information-centric networks

Stais

Xylomenos

Voulimeneas

2015

Journal of Network and Computer Applications

View full text Add to dashboard Cite

Abstract-In the past few years, many researchers have argued that the Internet should transition from its traditional endpointcentric architecture to an information-centric paradigm. One of the advantages of the information-centric model is that the network can easily aggregate requests for the same content and serve them via multicast. Indeed, most information-centric architectures proposed to date offer native support for multicast, promising a vast improvement in the efficiency of content distribution. However, designing efficient reliable transport protocols for multicast is a largely open issue, due to the problem of feedback implosion towards the sender as group size grows. In this paper we propose RMTPSI, a retransmission-based reliable error control protocol for multicast communication designed specifically for information-centric networks. We compare RMTPSI with existing approaches proposed for IP multicast and evaluate its performance via simulation, showing that our approach leads to more efficient content distribution and error recovery than previous solutions.

show abstract

Towards an error control scheme for a publish/subscribe network

Stais

Voulimeneas

Xylomenos

2013

View full text Add to dashboard Cite

Abstract-Many proposals for the next generation of the Internet suggest moving from an end-point oriented to an informationcentric oriented architecture. Many of these proposals are based on the publish/subscribe paradigm, which lends itself naturally to native multicast support, a key factor for efficient content distribution. However, the design of efficient reliable transport protocols for multicast is a largely open problem, due to the problem of feedback implosion towards the sender as group size grows. In this paper we propose a hierarchical retransmissionbased error control scheme for a native publish/subscribe internetwork. We compare our protocol with similar approaches proposed for IP multicast and evaluate its performance against IP multicast with unicast-based error control.

show abstract

You shall not (by)pass!

Voulimeneas

Vinck

Mechelinck

et al. 2022

View full text Add to dashboard Cite

Memory Protection Keys for Userspace (PKU) is a recent hardware feature that allows programs to assign virtual memory pages to protection domains, and to change domain access permissions using inexpensive, unprivileged instructions. Several in-process memory isolation approaches leverage this feature to prevent untrusted code from accessing sensitive program state and data. Typically, PKU-based isolation schemes need to be used in conjunction with mitigations such as CFI because untrusted code, when compromised, can otherwise bypass the PKU access permissions using unprivileged instructions or operating system APIs.Recently, researchers proposed fully self-contained PKUbased memory isolation schemes that do not rely on other mitigations. These systems use exploit-proof call gates to transfer control between trusted and untrusted code, as well as a sandbox that prevents tampering with the PKU infrastructure from untrusted code.In this paper, we show that these solutions are not complete. We first develop two proof-of-concept attacks against a state-of-the-art PKU-based memory isolation scheme. We then present Cerberus, a PKU-based sandboxing framework that can overcome limitations of existing sandboxes. We apply Cerberus to several memory isolation schemes, and show that it is practical, efficient, and secure.

show abstract

dMVX

Voulimeneas

Song

Larsen

et al. 2021

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Alexios Voulimeneas

Distributed Heterogeneous N-Variant Execution

A reliable multicast transport protocol for information-centric networks

Towards an error control scheme for a publish/subscribe network

You shall not (by)pass!

dMVX

Contact Info

Product

Resources

About