TINA (Telecommunications Information Networking Architecture) has been developed to support efficient operation of a wide range of complex services. TINA is effective in building advanced multimedia related services and provides effective solutions for complex service control and management along with a high level of quality of services. However the benefits and effectiveness of TINA for other types of services such as ordinary telephone services and facsimile messaging services are not clear. This paper clarifies how to apply TINA to control and management of computer telephony (CT) services and ordinary telephony services. We designed and implemented CT services in a distributed processing environment (DPE), and in particular a click-to-dial service, as a target for our study. We demonstrate the effectiveness of the design through qualitative and quantitative evaluation. The results of our study show that the distributed processing technique, based on component concepts makes it easy to build and extend CT services, and also that TINA service architecture is applicable to ordinary telephony and advanced CT services.

Internet Key Exchange (IKE) is very important as an entrance to secure communication over the Internet. The first phase of IKE is based on Diffie-Hellman (DH) key-agreement protocol. Since DH protocol on its own is vulnerable to man-in-the-middle (MIM) attack, IKE provides authentication to protect the protocol from MIM. This authentication owes a lot to public-key primitives whose implementation includes modular exponentiation. Since modular exponentiation is computationally expensive, attackers are motivated to abuse it for Denial-of-Service (DoS) attacks; computational burden caused by malicious requests may exhaust the CPU resource of the target. DoS attackers can also abuse inappropriate use of Cookies in IKE; as an anti-clogging token, Cookie must eliminate the responder's state during initial exchanges of the protocol while IKE Cookies do not. Thus a large number of malicious requests may exhaust the memory resource of the target. In search of resistance against those DoS attacks, this paper first reviews DoS-resistance of the current version of IKE and basic ideas on DoS-protection. The paper then proposes a DoS-resistant version of three-pass IKE Phase 1 where attackers are discouraged by heavy stateful computation they must do before the attack really burdens the target. DoS-resistance is evaluated in terms of the computational cost and the memory cost caused by bogus requests. The result shows that the proposed version gives the largest ratio of the attacker's cost to the responder's cost.

For cluster systems consisting of multiple processing nodes and shared servers which consist of an on-line and a backup shared server, we propose a hot-standby scheme for shared servers. In this scheme for shared servers, when the on-line shared server receives a command from a node, it sends only an update command and its data identifier to the backup shared server. Both the on-line and the backup shared server execute the update command independently, and the command result of the on-line shared server is identical to that of the backup shared server. When the on-line shared server fails, the backup reconstructs the shared data by using its own shared data and the user data from each node. We evaluated the system recovery time and the performance overhead for this hot-standby scheme. It enables the performance overhead to be ignored, and the system recovery time to be shortened to 20 seconds in cluster systems.

High accuracy, high reliability, and high performance have to be simultaneously satisfied to achieve high productivity of the latest processing equipment. High flexibility is also required because many options are available and processing equipment is modified frequently. A high-assurance-system (HAS) model for processing equipment has been developed according to the concept of an Autonomous Decentralized System (ADS). Heterogeneous devices, that have same function and diverse qualities, are utilized to assure the different requirements of high accuracy, high reliability, and high performance simultaneously. The Data Property (DP) and Assurance Manager (AM) are proposed in this model. Different accuracy, reliability, and performance indices characterize each device, and the DP describes the differences of the properties of the data transmitted from these heterogeneous devices. The AM assures not only high reliability but also high performance and high accuracy by utilizing the heterogeneity of data described by the DP. The HAS model was applied to a device-level system used in processing equipment, and its effectiveness was verified by simulating a pressure-control system.

This paper presents a framework for the nonblocking supervisory control of nondeterministic discrete event systems (DESs) using multiple deterministic model. Necessary and sufficient conditions for the existence of a multiple model nonblocking supervisor are obtained for a multiple deterministic model. We show that a multiple model nonblocking supervisor guarantees the nonblockingness of an original nondeterministic system.

Adaptive Agent Oriented Software Architecture (AAOSA) is a new approach to software design based on an agent-oriented architecture. In this approach, agents are considered adaptively communicating concurrent modules that are divided into a "white box" module responsible for communications and learning and a "black box" which is responsible for the independent specialized processes. An AAOSA system is actually parsing input in the interpretation phase. We will show that AAOSA can be applied to the parallel, and distributed parsing of context sensitive languages.

This paper presents a new design for testing SRAM-based field programmable gate arrays (FPGAs). The original FPGA's SRAM memory is modified so that the FPGA may have the facility to loop the testing configuration data inside the chip. The full testing of the FPGA is achieved by loading typically only one carefully chosen testing configuration data instead of the whole configurations data. The other required configurations data are obtained by shifting the first one inside the chip. As a result, the test becomes faster. This method does not need a large off-chip memory for the test. The evaluation results prove that this method is very effective when the complexity of the configurable blocks (CLBs) or the chip size increases.

In this paper, we propose the high-level service architecture supporting multimedia multicast. The proposed architecture specifies network-oriented and lightweight communication management, which includes group management, multiparty call control and multicast connection/multiple connections control. Many of the existing approaches handling multimedia multicast applications are dependent on specific transport technologies, such as the Internet and ATM, and lack effective communication management. On the other hand, our approach defines flexible and extensible communication management that can be applied to a variety of multimedia multicast applications, independently of transport technologies. Our architecture supports the separation of control from a terminal, which enables remote control and control mobility, so that a user can use a multicast service in a more various way. The architecture is overlaid above legacy transport networks so that the existing network protocols are used for connection control. This minimizes the modification to a legacy transport network and enhances the practicality of the architecture. In addition, terminal manager and virtual device concepts are introduced that hide the details of physical devices from an application designer. The architecture consists of several service components that effectively interact with each other on a distributed platform. To verify and evaluate our architecture, we have prototyped the high-level service architecture on a CORBA platform and analyzed the architecture using a simulation.

This paper proposes a model checking method for microcomputer programs. To deal with the state explosion problem, we adopt a compositional verification approach. Based on the proposed method, a microcomputer program for a real-life air-conditioner is verified. The program is large enough to cause state explosion. Among fourteen typical properties of the program, five properties are successfully verified by our method.

The purpose of this note is to carry out study on a 3-out-of-4:G warm standby system with nonidentical components. By using Markov model, the general form solution of stationary availability of the system is obtained. Examples are given to illustrate the solutions of transient and stationary availability of such system.

To develop distributed applications requires to consider not only functional requirements but also non-functional requirements such as distributions, synchronizations, and scheduling policies. Specifying such non-functional requirements is necessary for supporting on-line capabilities of Autonomous Decentralized Systems (ADS). However, the existing design notations and methods do not address such needs sufficiently enough to develop ADS applications systematically using object-oriented technique. In this paper, we propose an object-oriented design-level support for specifying concurrent, distributed, and autonomous object behaviors in developing dynamic distributed applications. We develop a high-level meta-object protocol called diMOP to deal with object distributions, method synchronizations, and method scheduling policies. In addition, we develop Class Diagram Supporting diMOP (CDSM) and Dynamically Configurable Object Statemachine (DCOS) for specifying non-functional behaviors and dynamic configuration behaviors, by extending the ordinary class diagram and state diagram of UML. A development environment called diMOPer is implemented to support our approach.

A large-scale primarily public system requires in addition to high reliability, a broad range of applications from control to information services. As construction is phased-in this system must be flexible, changeable and able to grows as the needs arise. However, a changing a system may lead to loss of reliability. A system that is able to change and grow in a reliable and stable manner is called an assurance system and the technology it uses is called assurance technology. This paper describes the basic technology, phased-in system construction and so on of assurance technology based on an autonomous decentralized system. It further discusses application of assurance technology to ATOS as an example of a large-scale transport operation control system. Note: ATOS; Autonomous Decentralized Transport Operation Control System

A lattice system in this paper is a system whose components are ordered like the elements of (m, n) matrix. A representative example of a lattice system is a connected-(r, s)-out-of-(m, n):F lattice system which is treated as a model of supervision system. It fails if and only if all components in an (r, s) sub lattice fail. We modify the lattice system so as to include a maintenance action and a restriction on the number of failed components. Then, this paper presents availability and MTBF of the repairable system, and reliability when the system stocks spare parts on hand to ensure the specified reliability level.

The Monte Carlo simulation is applied to fault tree analyses of the sequential failure logic. In order to make the validity of the technique clear, case studies for estimation of the statistically expected numbers of system failures during (0, t] are conducted for two types of systems using the multiple integration method as well as the Monte Carlo simulation. Results from these two methods are compared. This validates the Monte Carlo simulation in solving the sequential failure logic with respectably small deviation rates for those cases.

In a decentralised system the problems of fault tolerance, and in particular error recovery, vary greatly depending on the design assumptions. For example, in a distributed database system, if one disregards the possibility of undetected invalid inputs or outputs, the errors that have to be recovered from will just affect the database, and backward error recovery will be feasible and should suffice. Such a system is typically supporting a set of activities that are competing for access to a shared database, but which are otherwise essentially independent of each other--in such circumstances conventional database transaction processing and distributed protocols enable backward recovery to be provided very effectively. But in more general systems the multiple activities will often not simply be competing against each other, but rather will at times be attempting to co-operate with each other, in pursuit of some common goal. Moreover, the activities in decentralised systems typically involve not just computers, but also external entities that are not capable of backward error recovery. Such additional complications make the task of error recovery more challenging, and indeed more interesting. This paper provides a brief analysis of the consequences of various such complications, and outlines some recent work on advanced error recovery techniques that they have motivated.

This paper considers two simulation models for simple unreliable file systems with checkpointing and rollback recovery. In Model 1, the checkpoint is generated at a pre-specified time and the information on the main memory since the last checkpoint is back-uped in a secondary medium. On the other hand, in Model 2, the checkpointing is executed at the time when the number of transactions completed for processing is achieved at a pre-determined level. However, it is difficult to treat such models analytically without employing any approximation method, if queueing effects related with arrival and processing of transactions can not be ignored. We apply the generalized stochastic Petri net (GSPN) to represent the stochastic behaviour of systems under two checkpointing schemes. Throughout GSPN simulation, we evaluate quantitatively the maintainability of checkpoint models under consideration and examine the dependence of model parameters in the optimal checkpoint policies and their associated system availabilities.

We determine the optimum time TOPT to order a spare part for a system before the part in operation has failed. TOPT is a function of the part's failure-time distribution, the lead (delivery) time of the part, its inventory cost, and the cost of downtime while waiting delivery. The probabilities of the system's up and down states are obtained from a non-regenerative stochastic Petri net. TOPT is found by minimizing E[cost], the expected cost of inventory and downtime. Three cases are compared: 1) Exponential order and lead times, 2) Deterministic order time and exponential lead time, and 3) Deterministic order and lead times. In Case 1, it is shown analytically that, depending on the ratio of inventory to downtime costs, the optimum policy is one of three: order a spare part immediately at t = 0, wait until the part in operation fails, or order before failure at TOPT > 0. Numerical examples illustrate the three cases.

We deal here with diagnosis for failures of series/parallel structure system. The conventionals have assumed that the system failure is caused by a single minimal cut set (MCS). The purposes of this paper are to propose a new diagnosis method to identify all MCSs by utilizing the series/parallel structure and repair information without requiring an excessive number of inspections. Moreover, by applying our method to several types of series/parallel structure system, and to system having some kinds of probability distributions, desirable system for our method are persuaded. We evaluate not just the number of inspections but also the cost of diagnosis, and show the condition under which our method is effective.

This paper presents the effect of stress on device degradation in metal-oxide-semiconductor field-effect transistors (MOSFETs) due to stud bumping. Stud bumping above the MOSFET region generates interface traps at the Si/SiO2 interface and results in the degradation of transconductance in N-channel MOSFETs. The interface traps are apparently eliminated by both nitrogen and hydrogen annealing. However, the hot-carrier immunity after hydrogen annealing is one order of magnitude stronger than that after nitrogen annealing. This effect is explained by the termination of dangling bonds with hydrogen atoms.

Designing control and robotic systems as autonomous decentralized systems introduces a new degree of flexibility in the manufacturing and in the application of such systems. This flexibility is required for the systems to work in environments that are not totally predictable and that can change dynamically. In this paper, we present a new concept for real-time communication that supports this flexibility while still preserving real-time guarantees for hard real-time communication. The concept is designed to work on multiple-access busses. In particular, we consider its application on wireless local area networks and field-busses. The concept addresses requirements of hard-real time, soft real-time and non real-time communication. For this, we extend the TDMA (time- division multiple-access) approach for time-triggered hard-real time communication by the concept of shared channels that support event-triggered communication and coexist with hard real-time channels. A first implementation of concept has been carried out in the context of the CAN-bus.