This tutorial paper explores the mechanics of protecting computer-stored information from unauthorized use or modification. It concentrates on those architectural structures--whether hardware or software--that are necessary to support information protection. The paper develops in three main sections. Section I describes desired functions, design principles, and examples of elementary protection and authentication mechanisms. Any reader familiar with computers should find the first section to be reasonably accessible. Section II requires some familiarity with descriptor-based computer architecture. It examines in depth the principles of modern protection architectures and the relation between capability systems and access control list systems, and ends with a brief analysis of protected subsystems and protected objects. The reader who is dismayed by either the prerequisites or the level of detail in the second section may wish to skip to Section III, which reviews the state of the art and current research projects and provides suggestions for further reading. Glossary The following glossary provides, for reference, brief definitions for several terms as used in this paper in the context of protecting information in computers. Access The ability to make use of information stored in a computer system. Used frequently as a verb, to the horror of grammarians. Access control list A list of principals that are authorized to have access to some object. Authenticate To verify the identity of a person (or other agent external to the protection system) making a request.

The file system and modularization of a single-user operating system are described. The main points of interest are the openness of the system, which establishes no sharp boundary between itself and the user's programs, and the techniques used to make the system robust. 1.

This paper presents the design and implementation of the NCTUns 1.0 network simulator, which is a high-fidelity and extensible network simulator capable of simulating both wired and wireless IP networks. By using an enhanced simulation methodology, a new simulation engine architecture, and a distributed and open-system architecture, the NCTUns 1.0 network simulator is much more powerful than its predecessor-- the Harvard network simulator, which was released to the public in 1999. The NCTUns 1.0 network simulator consists of many components. In this paper, we will present the design and implementation of these components and their interactions in detail.

Abstract not found

With the proliferation of wireless devices with embedded processors, there is an increasing desire to deploy applications that run transparently over the varied architectures of these devices. Virtual machines are one solution for code mobility, providing a virtualized processor architecture that is implemented over the individual node architectures. Proposed virtual machines for embedded systems are generally slow and consume significant energy, making them unsuitable for devices with limited processing power and energy resources. Presented is a novel virtual machine architecture, Scylla, specially designed for mobile embedded systems, that is simple, fast and robust. In addition to a basic instruction set, Scylla supports inter-device communication, power management and error recovery. To make on-the-fly compilation extremely efficient, the instruction set closely matches popular processor architectures that can be found in embedded systems today. This paper describes Scylla, along ...

Studies have shown that workstations are idle a significant fraction of the time. Traditional idle resource harvesting systems define a social contract that permits guest jobs to run only when a workstation is idle. To enforce this contract, guest jobs are stopped and migrated as soon as the owner resumes use of their machines. However, such systems waste many opportunities to exploit idle cycles because of overly conservative estimates of resource contention. In this thesis, we present a new policy, called Linger-Longer, that refines the social contract to permit fine-grain cycle stealing. Linger-Longer allows guest jobs to linger on a machine at low priority even when local tasks are active. Also, we developed a new adaptive job migration scheme based on runtime cost/benefit analysis. Our simula-tion study shows that the Linger-Longer policy can improve the throughput of guest jobs on a cluster by up to 60 % with only a few percent slowdown of local jobs. The simulation also demonstrates that guest parallel jobs can perform better with our new approach than with the traditional run-time reconfiguration approach. To limit the impact of guest jobs' resource use, new local resource scheduling poli-

has become much more important throughout the computer industry both to improve security and to support multiple workloads on the same hardware with effective isolation between those workloads. The most widely used chip architecture, the Intel and AMD x86 processors, have begun to support virtualization, but the initial implementations show some limitations. This paper examines the virtualization properties of the Alpha architecture with particular emphasis on features that improve performance and security. It shows how the Alpha’s features of PALcode, address space numbers, software handling of translation buffer misses, lack of used and modified bits, and secure handling of unpredictable results all contribute to making virtualization of the Alpha particularly easy. The paper then compares the virtual architecture of the Alpha with Intel’s and AMD’s virtualization approaches for x86. It also comments briefly on Intel’s virtualization technology for Itanium, IBM’s zSeries and pSeries hypervisors and Sun’s UltraSPARC virtualization. It particularly identifies some differences between translation buffers on x86 and translation buffers on VAX and Alpha that can have adverse performance consequences. Categories and Subject Descriptors:

The DM/6000 hardware (a prototype, faulttolerant RS/6000 built at the TJ Watson Research Center) provides fault tolerance and a large, nonvolatile main memory. Running a commercial, general-purpose operating system on it, of itself, does nothing to increase software availability. In fact, the time to rebuild the contents of a large memory may decrease availability. We describe our techniques for hiding most of the main memory, which requires the operating system to access it only by way of services separate from the operating system. This can allow the memory and those access services to achieve much higher availability, which, in turn, increases the availability of the system as a whole. We also performed simulation studies to determine those conditions where this system organization can lead to improved performance for recoverable database applications. 1 Introduction The DM/6000 [1] is a prototype, fault-tolerant 4way multiprocessor RS/6000 with a large main memory built at the TJ...

Introduction ...................................................................................................................................................................... 2 2. Harmony structure ............................................................................................................................................................ 3 2.1 Application to system API........................................................................................................................................ 4 2.2 Policies ................................................................................................................................................................... 10 2.3 Mechanisms............................................................................................................................................................ 15 2.4 Prototype ......................................................................................................

This paper proposes a new methodology for easily constructing extensible and high-fidelity TCP/IP network simulators. The methodology uses a kernel-reentering technique to reuse the existing real-life network protocol stacks, real application programs that generate traffic, and real utility programs that configure, monitor, or gather network statistics to the maximum extent. Only an event scheduler and some modifications to the kernel are needed to "glue" these existing components to collectively simulate a network.