Archive for August, 2012
You could think of IMA as the unknown factor that adds cost effectiveness
into the ATM WAN equation. And because the result equals ATM benefits for all WAN
users, not just those with very high traffic loads, it’s worthwhile to quickly review
ATM’s WAN benefits.
Highly scalable bandwidth. ATM’s biggest claim to fame is its speed—from £ 1.544
Mbps to gigabit ranges, with 1.2 Gbps (SONET OC-12) as the maximum customer
premise bandwidth available. The benefit: incremental costs for incremental bandwidth,
resulting in increased efficiency on hightraffic WAN links and an opportunity to
“right-size” bandwidth needs even to very high user demand.
Network simplification through consolidation. ATM is the answer for combining
applications that traditionally required different networks because of the different
transport requirements of their traffic. This in turn lets network planners stop the
proliferation of complex parallel networks: for example; one carrying data, another
carrying voice, and another carrying video. ATM’s ability to consolidate all types
of traffic onto a single WAN link greatly reduces complexity, and simplifies network
management by eliminating these separately managed lines.
Bandwidth efficiency. Consolidation of diverse traffic types also lets network
managers with high volumes of traffic fully utilize high-speed WAN links, instead of
partially filling separate links with different types of traffic.
Quality of service. ATM offers bandwidth allocation based on user-defined needs and
prioritization, as well as load sharing of multiple technology types for guaranteed
quality of service (QoS). ATM’s traffic management controls enable seamless integration
of voice, video, and data while providing the separate management techniques
required by each type of traffic.
Open connectivity. Because ATM is not based on a specific type of physical
transport, it is compatible with all currently deployed physical networks. It can be
transported over twisted pair, coax, and fiber optics. And since ATM is a standard rather
than a proprietary protocol, it can run on any vendor’s standards-compliant products or be
purchased from any carrier.
Excellent fault tolerance. ATM networks can be built with very high levels of fault
tolerance at relatively low cost. IMA, for example, allows for load sharing and maximum
ATM infrastructure availability. Service providers have invested heavily in the ATM
infrastructure for reasons similar to those of enterprises: consolidation of traffic/backbones,
better bandwidth utilization, and so on. ATM can also be deployed as a private
network built from leased lines such as T1/E1, T3/E3, or OC-3/STM-1.
Taken in sum, ATM’s capabilities— scalable bandwidth, network simplification,
bandwidth efficiency, guaranteed QoS, open connectivity, fault tolerance, and infrastructure
availability—make it invaluable for corporate WANs. ATM is also a stable WAN technology
with an extensive public infrastructure. Up until now, the primary barrier to securing
ATM benefits in the WAN has been the limited availability of carrier service.
A TRIP Speaker(LS) establishes intra-domain and inter-domain “peering sessions” with
other TRIP Speakers to exchange routing information. The peering sessions are established
to exchange routes to telephony destinations. The peers update each other of new
routes learned by them. Each peer may in-turn learn about new routes from other peers
or through gateways registering telephony prefixes to them or through a static configuration
on the Location Servers. The peers also “withdraw” the routes they advertised to
the other peer on learning about the unavailability of the routes.TRIP peering sessions
use TCP for transport.
Apart from conveying the telephony destinations (prefixes) that a Location Server can
reach, a routing update also carries some more information about that route, called the
“attributes” associated with the route like capacity, cost, etc. These attributes are helpful
in describing characteristics of the route as well as in correct operation of the protocol.
They also help in enforcing policies and network design.
TRIP qualifies inter-domain sessions as running E-TRIP sessions ( External TRIP ) and
intra-domain sessions as I-TRIP (internal TRIP ).Figure 1 shows two ITADs. ITAD 1
has two Location Servers. Gateways G1 and G2 register with LS2 and Gateways G3 and
G4 register with LS1. LS1 and LS2 have I-TRIP peering. LS1 peers with LS3 in ITAD2
Figure 1 TRIP operation
Internal TRIP uses a link state mechanism to flood database updates over an arbitrary
topology same as open shortest path first. An attempt is made to synchronize routing
information among TRIP LSs within an ITAD to maintain a single unified view. To
achieve internal synchronization, internal peer connections are configured between LSs
of the same ITAD such that the resulting intra-domain Location Server topology is connected
and sufficiently redundant. When an update is received from an internal peer,
the routes in the update are checked to determine if they are newer than the version already
in the database. Newer routes are then flooded to all other peers in the same ITAD.
While updates within an ITAD are flooded onto internal peers, external TRIP updates
are point-to-point like Border Gateway Protocol. TRIP updates received by an ITAD
X from ITAD Y can be passed on to ITAD Z with or without any modifications ( with
X and Z not sharing any peering relation ). Thus a route ”advertisement” might reach a
peer after hopping through various TRIP Speakers in different ITADs.
Thus TRIP can be used for inter-domain as well as intra-domain routing. It is also
possible to use TRIP on a gateway as a registration protocol. When used in this way,
the TRIP Protocol shall run on the gateway in a “send-only” mode, only sending routing
information ( prefixes supported by the gateway ) to it’s peer ( a Location Server ).
TRIP - Telephony Routing over IP protocol
The participant should animate his virtual human representation in realtime,
however the human control is not straightforward: the complexity
of virtual human representation needs a large number of degrees of
freedom to be tracked. In addition, interaction with the environment
increases this difficulty even more. Therefore, the human control should
use higher level mechanisms to be able to animate the representation
with maximal facility and minimal input. We can divide the virtual
humans according to the methods to control them:
- Directly controlled virtual humans
- User-guided virtual humans
- Autonomous virtual humans
- Interactive Perceptive Actors
Direct controlled virtual humans
A complete representation of the participant’s virtual body should have
the same movements as the real participant body for more immersive
interaction. This can be best achieved by using a large number of
sensors to track every degree of freedom in the real body.
However, many of the current VE systems use head and hand tracking.
Therefore, the limited tracking information should be connected with
human model information and different motion generators in order to
“extrapolate” the joints of the body which are not tracked. This is
more than a simple inverse kinematics problem, because there are
generally multiple solutions for the joint angles to reach to the same
position, and the most realistic posture should be selected. In
addition, the joint constraints should be considered for setting the
Guided virtual humans
Guided virtual humans are those which are driven by the user but which
do not correspond directly to the user motion. They are based on the
concept of real-time direct metaphor, a method consisting of
recording input data from a VR device in real-time allowing us to
produce effects of different natures but corresponding to the input data.
There is no analysis of the real meaning of the input data. The
participant uses the input devices to update the transformation of the
eye position of the virtual human. This local control is used by
computing the incremental change in the eye position, and estimating
the rotation and velocity of the body center. The walking motor uses the
instantaneous velocity of motion, to compute the walking cycle length
and time, by which it computes the joint angles of the whole body. The
sensor information or walking can be obtained from various types of
input devices such as special gesture with DataGlove, or SpaceBall,
as well as other input methods.
Autonomous virtual humans
Autonomous actors are able to have a behavior, which means they must
have a manner of conducting themselves. The virtual human is assumed
to have an internal state which is built by its goals and sensor
information from the environment, and the participant modifies this
state by defining high level motivations, and state changes Typically,
the actor should perceive the objects and the other actors in the
environment through virtual sensors: visual, tactile and auditory
sensors. Based on the perceived information, the actor’s behavioral
mechanism will determine the actions he will perform. An actor may
simply evolve in his environment or he may interact with this
environment or even communicate with other actors. In this latter case,
we will consider the actor as a interactive perceptive actor.
The concept of virtual vision was first introduced by Renault
as a main information channel between the environment and the virtual
actor. The synthetic actor perceives his environment from a small
window in which the environment is rendered from his point of view. As
he can access z-buffer values of the pixels, the color of the pixels and
his own position, he can locate visible objects in his 3D environment. To
recreate the virtual audition, it requires a model a sound
environment where the Virtual Human can directly access to positional
and semantic sound source information of a audible sound event. For
virtual tactile sensors, our approach is based on spherical multisensors
attached to the articulated figure. A sensor is activated for any
collision with other objects. These sensors have been integrated in a
general methodology for automatic grasping.
Interactive Perceptive Actors
We define an interactive perceptive synthetic actor as an actor
aware of other actors and real people. Such an actor is also assumed to
be autonomous of course. Moreover, he is able to communicate
interactively with the other actors whatever their type and the real
people. For example, Emering et al. describe how a directly controlled
Virtual Human performs fight gestures which are recognized by a
autonomous virtual opponent.
Even with an ideal virtual table interface, traditional execution of queries involving WebCount or
WebPages would be extremely slow due to many high-latency calls to one or more Web search engines.
The optimizations that can reduce the number of external calls, and caching techniques are
important for avoiding repeated external calls. But these approaches can only go so far—even after
extensive optimization, a query involving WebCount or WebPages must issue some number of search engine calls.
In many situations, the high latency of the search engine will dominate the entire execution time of the
WSQ query. Any traditional non-parallel query plan involving WebCount or WebPages will be forced to
issue Web searches sequentially, each of which could take one or more seconds, and the query processor
is idle during each request. Since Web search engines are built to support many concurrent requests, a
traditional query processor is making poor use of available resources.
Thus, we want to find a way to issue as many concurrent Web searches as possible during query
processing. While a parallel query processor (such as Oracle, Informix, Gamma, or Volcano)
is a logical option to evaluate, it is also a heavyweight approach for our problem. For
example, suppose a query requires 50 independent Web searches (for 50 U.S. states, say).
To perform all 50 searches concurrently, a parallel query processor must not only dynamically
partition the problem in the correct way, it must then launch 50 query threads or processes.
Supporting concurrent Web searches during query processing is a problem of restricted scope
that does not require a full parallel DBMS.
In the remainder of this section we describe asynchronous iteration, a new query processing
technique that can be integrated easily into a traditional non-parallel query processor to
achieve a high number of concurrent Web searches with low overhead. Asynchronous iteration is
in fact a general query processing technique that can be used to handle a high number of
concurrent calls to any external sources. (In future work, we plan to compare asynchronous
iteration against the performance of a parallel query processor over a range of queries
involving many calls to external sources.) As described in the following subsections,
asynchronous iteration also opens up interesting new query optimization problems.
The law consists of rules that are recognized by a society and enforceable
by some authority. It can impose affirmative obligations to act
in certain ways or require people to refrain from certain actions. Although
laws are informed by ethics, they are not equivalent and therefore laws
aren’t entirely congruent with societal ethical norms. For example, we
might agree that lying to a friend is unethical, but lying to a friend is not
illegal. Lying under oath, on the other hand, is always illegal. Legal and
ethical considerations matter to security research in several ways:
• Adherence to ethical principles might be required to meet regulatory or
legal requirements (for example, common rule). Conversely, knowing
and respecting existing laws might be required by an ethical code (such
• A law might identify an individual party’s rights and responsibilities,
and clarify the line between beneficial acts and harmful ones by defining
• Ethical principals that are adopted by the computer security research
community can inform judicial, legislative, and regulatory decisions.
• Where a law is ill-fitting or its interpretation unclear, ethics creates an
objective and consistent way for us to reason about the acceptability of
Security is especially important in web-based applications, such as those you develop in ColdFusion. ColdFusion developers and administrators must fully understand the security risks that could affect their development and runtime environments so they can enable and restrict access appropriately.
You can implement development security by requiring a password to use the ColdFusion Administrator and a password for Remote Development Services (RDS), which allows developers to develop CFML pages remotely. You implement runtime security in your CFML pages and in the ColdFusion Administrator. ColdFusion has the following runtime security categories:
Programmatically determine the logged-in user and allow or disallow restricted functionality based on the roles assigned to that user. For more information about user security, see ColdFusion security features in Securing Applications in the Developing ColdFusion Applications.
Using the ColdFusion Administrator, define the actions and resources that the ColdFusion pages in and below a specified directory can use.
Note: If you have the Enterprise Edition of ColdFusion, you can configure multiple security sandboxes. If you have the Standard Edition of ColdFusion, you can only configure a single security sandbox.
Our CTK also supports traditional asymmetric (public-key) cryptographic signatures as yet
another possible technique for address authentication. Note that, unlike in the traditional
signature methods mentioned in the introduction, there is no need to bind the key to a
real-world identity – the key needs only to be bound to an email address the user has
already established a trusting relationship with. The creation of this trusting
relationship could take place in many different waysout of band, using a trust/risk
security framework as described in the next section, or using a CTK bootstrapping protocol
using C/R, which this time can be based on a cryptographic nonce challenge signed by the
receiver’s private key. The response must be signed by the sender’s private key and once
the bootstrapping is completed, it may be sufficient to rely on local checks of shared
hashes of past messages and not use challenge/response each time an email is received.
The extended sequence is described in Fig. 1.
Claim Tool Kit(CTK)
Fig. 1. Extended Newcomer Bootstrapping Sequence
By using a suitable trust-establishment protocol, effectively the requirement is changed
from the need to authenticate a realworld identity to the ability to recognise a
triggering entity for whom trust information can then be accessed. To allow for dynamic
enrolment of strangers and unknown entities (as it is required in the standard email system),
we have proposed an entity recognition (ER) process.
The ER process consists of four steps:
1. Triggering of the recognition mechanism.
2. Detective Work to recognize the entity using the available recognition scheme(s).
3. Discriminative Retention of information relevant for possible recall or recognition.
4. Upper-level Actions based on the outcome of recognition with a level of confidence in recognition.
Generally, in order to increase the level of confidence in whether it is a spoofing attack
or not, challenge/response, check of common hashes and signature verification as well as other
recognition/authentication schemes may be combined.
Trojan horse email offers the promise of something you might be interested in—an attachment containing a joke, a photograph, or a patch for a software vulnerability. When opened, however, the attachment may do any or all of the following:
- create a security vulnerability on your computer
- open a secret “backdoor” to allow an attacker future illicit access to your computer
- install software that logs your keystrokes and sends the logs to an attacker, allowing the attacker to ferret out your passwords and other important information
- install software that monitors your online transactions and activities
- provide an attacker access to your files
- turn your computer into a “bot” an attacker can use to send spam, launch denial-of-service attacks, or spread the virus to other computers
What to Look For
Trojan horse emails have come in a variety of packages over the years. One of the most notorious was the “Love Bug” virus, attached to an email with the subject line “I Love You” and which asked the recipient to view the attached “love letter.” Other Trojan horse emails have included the following:
- email posing as virtual postcard
- email masquerading as security bulletin from a software vendor requesting the recipient apply an attached “patch”
- email with the subject line “funny” encouraging the recipient to view the attached “joke”
- email claiming to be from an antivirus vendor encouraging the recipient to install the attached “virus sweeper” free of charge