The maintenance of a system on a ship has limitations when the ship is engaged in a voyage because of limited maintenance resources. When a system fails, it is either repaired instantly on ship with probability p or remains unrepaired during the voyage with probability 1-p owing to the lack of maintenance resources. In the latter case, the system is repaired after the voyage. We propose two management policies for the overhaul interval of an IFR system: one manages the overhaul interval by number of voyages and the other manages it by the total voyage time. Our goal is to determine the optimal policy that ensures the required availability of the system and minimizes the expected cost rate.

The write operations on emerging Non-Volatile Memory (NVM), such as NAND Flash and Phase Change Memory (PCM), usually incur high access latency, and are required to be optimized. In this paper, we propose Asymmetric Read-Write (ARW) policies to minimize the write traffic sent to NVM. ARW policies exploit the asymmetry costs of read and write operations, and make adjustments on the insertion policy and hit-promotion policy of the replacement algorithm. ARW can reduce the write traffic to NVM by preventing dirty data blocks from frequent evictions. We evaluate ARW policies on systems with PCM as main memory and NAND Flash as disk. Simulation results on an 8-core multicore show that ARW adopted on the last-level cache (LLC) can reduce write traffic by more than 15% on average compared to LRU baseline. When used on both LLC and DRAM cache, ARW policies achieve an impressive reduction of 40% in write traffic without system performance degradation. When employed on the on-disk buffer of the Solid State Drive (SSD), ARW demonstrates significant reductions in both write traffic and overall access latency. Moreover, ARW policies are lightweight, easy to implement, and incur negligible storage and runtime overhead.

In heterogeneous networks, network selection is an important task for reconfigurable mobile devices (MDs). In the reconfigurable MD architecture that has been standardized by the European Telecommunications Standards Institute (ETSI), the network selection functionality is handled by a software component called Mobility Policy Manager (MPM). In this paper, we present an implementation of the MPM whereby a reconfigurable MD conforming to the ETSI standard can select the most appropriate radio access network (RAN) to use. We implemented a reconfigurable MD test-bed compliant with the ETSI standard, and show that the network selection driven by the MPM enhances the throughput of the receiving MD by about 26% compared to the arbitrary network selection provided by a conventional reconfigurable MD without the functionality of MPM, verifying the functionality of the MPM.

A one-shot system is a system that can be used only once during its life, and whose failures are detected only through inspections. In this paper, we discuss an inspection policy problem of one-shot system composed of multi-unit in series. Failed units are minimally repaired when failures are detected and all units in the system are replaced when the nth failure is detected after the last replacement. We derive the expected cost rate approximately. Our goal is to determine the optimal inspection policy that minimizes the expected cost rate.

As energy consumption of cache memories increases, an energy-efficient cache management mechanism is required. While a dynamic cache resizing mechanism is one promising approach to the energy reduction of microprocessors, one problem is that its effect is limited by the existence of dead-on-fill blocks, which are not used until their evictions from the cache memory. To solve this problem, this paper proposes a cache management policy named FLEXII, which can reduce the number of dead-on-fill blocks and help dynamic cache resizing mechanisms further reduce the energy consumption of the cache memories.

Caching is considered widely as an efficient way to reduce access latency and network bandwidth consumption. En-route caching, where caches are associated with routing nodes in the network, is proposed in the context of Web cache to exploit fully the potential of caching. To make sensible replacement and placement decision for en-route caching, traditional caching schemes either engage computation-intensive algorithm like dynamic programming or suffer from inferior performance in terms of average access latency. In this article, we propose a new caching scheme with cost-based replacement and random placement, which is named CRRP. The cost-based replacement of CRRP introduces probing request to timely perceive cost change and the random placement is independent of current caching state, of O(1) computational complexity of placement decision. Through extensive simulations, we show that CRRP outperforms a wide range of caching schemes and is very close to the traditional dynamic-programming-based algorithm, in terms of average access delay.

We propose a notion of attribute-based identification (ABID) in two flavors: prover-policy ABID (PP-ABID) and verifier-policy ABID (VP-ABID). In a PP-ABID scheme, a prover has an authorized access policy written as a boolean formula over attributes, while each verifier maintains a set of attributes. The prover is accepted when his access policy fits the verifier's set of attributes. In a VP-ABID scheme, a verifier maintains an access policy written as a boolean formula over attributes, while each prover has a set of authorized attributes. The prover is accepted when his set of attributes satisfies the verifier's access policy. Our design principle is first to construct key-policy and ciphertext-policy attribute-based key encapsulation mechanisms (KP-ABKEM and CP-ABKEM). Second, we convert KP-ABKEM and CP-ABKEM into challenge-and-response PP-ABID and VP-ABID, respectively, by encapsulation-and-decapsulation. There, we show that KP-ABKEM and CP-ABKEM only have to be secure against chosen-ciphertext attacks on one-wayness (OW-CCA secure) for the obtained PP-ABID and VP-ABID to be secure against concurrent man-in-the-middle attacks (cMiM secure). According to the design principle, we construct concrete KP-ABKEM and CP-ABKEM with the OW-CCA security by enhancing the KP-ABKEM of Ostrovsky, Sahai and Waters and CP-ABKEM of Waters, respectively. Finally, we obtain concrete PP-ABID and VP-ABID schemes that are proved to be selectively secure in the standard model against cMiM attacks.

This paper presents the opportunity-based software rejuvenation policy and the optimization problem of software rejuvenation trigger time maximizing the system performance index. Our model is based on a basic semi-Markov software rejuvenation model by Dohi et al. 2000 under the environment where possible time, called opportunity, to execute software rejuvenation is limited. In the paper, we consider two stochastic point processes; renewal process and Markovian arrival process to represent the opportunity process. In particular, we derive the existence condition of the optimal trigger time under the two point processes analytically. In numerical examples, we illustrate the optimal design of the rejuvenation trigger schedule based on empirical data.

Oriental ink painting, called Sumi-e, is one of the most distinctive painting styles and has attracted artists around the world. Major challenges in Sumi-e simulation are to abstract complex scene information and reproduce smooth and natural brush strokes. To automatically generate such strokes, we propose to model the brush as a reinforcement learning agent, and let the agent learn the desired brush-trajectories by maximizing the sum of rewards in the policy search framework. To achieve better performance, we provide elaborate design of actions, states, and rewards specifically tailored for a Sumi-e agent. The effectiveness of our proposed approach is demonstrated through experiments on Sumi-e simulation.

Chip Multiprocessors (CMPs) allow different applications to share LLC (Last Level Cache). Since each application has different cache capacity demand, LLC capacity should be partitioned in accordance with the demands. Existing partitioning algorithms estimate the capacity demand of each core by stack processing considering the LRU (Least Recently Used) replacement policy only. However, anti-thrashing replacement algorithms like BIP (Binary Insertion Policy) and BIP-Bypass emerged to overcome the thrashing problem of LRU replacement policy in a working set greater than the available cache size. Since existing stack processing cannot estimate the capacity demand with anti-thrashing replacement policy, partitioning algorithms also cannot partition cache space with anti-thrashing replacement policy. In this letter, we prove that BIP replacement policy is not feasible to stack processing but BIP-bypass is. We modify stack processing to accommodate BIP-Bypass. In addition, we propose the pipelined hardware of modified stack processing. With this hardware, we can get the success function of the various capacities with anti-thrashing replacement policy and assess the cache capacity of shared cache adequate to each core in real time.

For real-time services, such as VoIP and videoconferencing supplied through a multi-domain MPLS network, it is vital to guarantee end-to-end QoS of the inter-domain paths. Thus, it is important to allocate an appropriate QoS class to the inter-domain paths in each transit domain. Because each domain has its own policy for QoS class allocation, each domain must then allocate an appropriate QoS class adaptively based on the estimation of the QoS class allocation policies adopted in other domains. This paper proposes an adaptive method for acquiring a QoS class allocation policy through the use of reinforcement learning. This method learns the appropriate policy through experience in the actual QoS class allocation process. Thus, the method can adapt to a complex environment where the arrival of inter-domain path requests does not follow a simple Poisson process and where the various QoS class allocation policies are adopted in other domains. The proposed method updates the allocation policy whenever a QoS class is actually allocated to an inter-domain path. Moreover, some of the allocation policies often utilized in the real operational environment can be updated and refined more frequently. For these reasons, the proposed method is designed to adapt rapidly to variances in the surrounding environment. Simulation results verify that the proposed method can quickly adapt to variations in the arrival process of inter-domain path requests and the QoS class allocation policies in other domains.

We propose a new security model based on MLS Policy to achieve a better security performance on confidentiality, integrity and availability. First, it realizes a combination of BLP model and Biba model through a two-dimensional independent adjustment of integrity and confidentiality. And, the subject's access range is adjusted dynamically according to the security label of related objects and the subject's access history. Second, the security level of the trusted subject is extended to writing and reading privilege range respectively, following the principle of least privilege. Third, it adjusts the objects' security levels after adding confidential information to prevent the information disclosure. Fourth, it uses application-oriented logic to protect specific applications to avoid the degradation of security levels. Thus, it can ensure certain applications operate smoothly. Lastly, examples are presented to show the effectiveness and usability of the proposed model.

This paper firstly provides the extended Canetti-Krawzcyk (eCK) security model for predicate-based authenticated key exchange (AKE) that guarantees resistance to leakage of ephemeral secret keys. Moreover, we propose two-pass key-policy (resp. session-policy) attribute-based AKE protocol secure in the proposed predicate-based eCK security model based on key-policy (resp. ciphertext-policy) attribute-based encryption. The proposed protocols have advantages in security against leakage of ephemeral secret keys and the round complexity compared to the previous predicate-based AKE protocols.

BGP dictates routing between autonomous systems with rich policy mechanisms in today's Internet. Operators translate high-level policy principles into low-level configurations of multiple routers without a comprehensive understanding of the actual effect on the network behaviors, making the routing management and operation an error-prone and time-consuming procedure. A fundamental question to answer is: how to verify the intended routing principles against the actual routing effects of an ISP? In this paper, we develop a methodology RPIM (Routing Policy Inference Model) towards this end. RPIM extracts from the routing tables various policy patterns, which represent certain high-level policy intentions of network operators, and then maps the patterns into specific design primitives that the ISP employs. To the best of our knowledge, we are the first to infer routing policies in ISP networks comprehensively from the aspects of business relationship, traffic engineering, scalability and security. We apply RPIM to 11 ASes selected from RIPE NCC RIS project, and query IRR database to validate our approach. Vast majority of inferred policies are confirmed by the policy registries, and RPIM achieves 96.23% accuracy excluding validation difficulties caused by incompleteness of the IRR database.

In routing, we usually use OSPF with Dijkstra or RIP with Bellman-Ford, but they can only treat single metric routing problem. With multiple metrics, we would use the weighted average of the metrics or techniques from operations research, but they are not suitable for routing because they lack validity and simplicity. Here, we propose a routing algorithm to deal with the three security metrics proposed by I. A. Almerhag and M. E. Woodward, and show an example routing policy. Besides, we make a study on the constraints of the metrics and the routing policies, and come to the precondition of the proposed routing algorithm.

In disk-based storage systems, non-volatile write caches have been widely used to reduce write latency as well as to ensure data consistency at the level of a storage controller. Write cache policies should basically consider which data is important to cache and evict, and they should also take into account the real I/O features of a non-volatile device. However, existing work has mainly focused on improving basic cache operations, but has not considered the I/O cost of a non-volatile device properly. In this paper, we propose a pattern-aware write cache policy, PAW for a NAND flash memory in disk-based mobile storage systems. PAW is designed to face a mix of a number of sequential accesses and fewer non-sequential ones in mobile storage systems by redirecting the latter to a NAND flash memory and the former to a disk. In addition, PAW employs the synergistic effect of combining a pattern-aware write cache policy and an I/O clustering-based queuing method to strengthen the sequentiality with the aim of reducing the overall system I/O latency. For evaluations, we have built a practical hard disk simulator with a non-volatile cache of a NAND flash memory. Experimental results show that our policy significantly improves the overall I/O performance by reducing the overhead from a non-volatile cache considerably over a traditional one, achieving a high efficiency in energy consumption.

Least-squares policy iteration is a useful reinforcement learning method in robotics due to its computational efficiency. However, it tends to be sensitive to outliers in observed rewards. In this paper, we propose an alternative method that employs the absolute loss for enhancing robustness and reliability. The proposed method is formulated as a linear programming problem which can be solved efficiently by standard optimization software, so the computational advantage is not sacrificed for gaining robustness and reliability. We demonstrate the usefulness of the proposed approach through a simulated robot-control task.

Policy in security devices such as firewalls and Network Intrusion Prevention Systems (NIPS) is usually implemented as a sequence of rules. This allows network packets to proceed or to be discarded based on rule's decision. Since attack methods are increasing rapidly, a huge number of security rules are generated and maintained in security devices. Under attack or during heavy traffic, the policy configured wrong creates security holes and prevents the system from deciding quickly whether to allow or deny a packet. Anomalies between the rules occur when there is overlap among the rules. In this paper, we propose a new method to detect anomalies among rules and generate new rules without configuration error in multiple security devices as well as in a single security device. The proposed method cuts the overlap regions among rules into minimum overlap regions and finds the abnormal domain regions of rules' predicates. Classifying rules by the network traffic flow, the proposed method not only reduces computation overhead but blocks unnecessary traffic among distributed devices.

In and we have presented a simulation-based algorithm for optimizing the average reward in a parameterized continuous-time, finite-state semi-Markov Decision Process (SMDP). We approximated the gradient of the average reward. Then, a simulation-based algorithm was proposed to estimate the approximate gradient of the average reward (called GSMDP), using only a single sample path of the underlying Markov chain. GSMDP was proved to converge with probability 1. In this paper, we give bounds on the approximation and estimation errors for GSMDP algorithm. The approximation error of that approximation is the size of the difference between the true gradient and the approximate gradient. The estimation error, the size of the difference between the output of the algorithm and its asymptotic output, arises because the algorithm sees only a finite data sequence.

We present a new variant of Attribute based encryption (ABE) called Dual-Policy ABE. Basically, it is a conjunctively combined scheme between Key-Policy and Ciphertext-Policy ABE, the only two previous types of ABE. Dual-Policy ABE allows simultaneously two access control mechanisms over encrypted data: one involves policies over objective attributes ascribed to data and the other involves policies over subjective attributes ascribed to user credentials. The previous two types of ABE can only allow either functionality above one at a time.