In this study, a low-cost, power-saving and reliable Multiple Server Backup System (MSBS) was configured and tested. The MSBS is based on a Dynamic Backup Server System (DBSS) and is able to recover many different server functions. To configure the DBSS, the mode segmentation method is introduced to simplify system control design and improve applicability to other systems. Experiments based on a mail server showed that the DBSS has sufficient ability to deal with various types of issues, including software and hardware failures. Furthermore, it is important to evaluate the virtual server performance in recovering target server functions. The well-known clock time inaccuracy problem of the virtual server is solved using the network access method regardless of the failure.
In this paper, we consider Peer-to-Peer Video-on-Demand (P2P VoD) systems based on the BitTorrent file sharing protocol. Since the Rarest First policy adopted in the original BitTorrent protocol frequently fails to collect pieces corresponding to a video file by their playback time, we need to develop a new piece selection rule particularly designed for P2P VoDs. In the proposed scheme, we assume the existence of a media server which can upload any piece upon request, and try to bound the load of such media server with two techniques. The first technique is to estimate pieces which are not held by any peer and prefetch them from the media server. The second technique is to switch the mode of each peer according to the estimated size of the P2P network. The performance of the proposed scheme is evaluated by simulation.
In this paper, a soft-error-tolerant BILBO (Built-In Logic Block Observer) FF (flip-flop) is presented. The proposed FF works as a soft-error-tolerant FF in system operations and as a BILBO FF in manufacturing testing. The construction of the proposed FF is based on that of an existing soft-error-tolerant FF, namely a BISER (Built-In Soft Error Resilience) FF. The proposed FF contains a reconfigurable C-element with XNOR calculation capability, which works as a C-element for soft-error-tolerance during system operations and as an XNOR gate employed in linear feedback shift registers (LFSRs) during manufacturing testing. The evaluation results shown in this paper indicate that the area of the proposed FF is 8.5% smaller than that of a simple combination of the existing BISER and BILBO FFs. In addition, the sum of CLK-Q delay and D-CLK setup times on system operations for the proposed FF is 19.7% shorter than that for the combination.
A new state estimation algorithm is presented for a class of LTI systems that have an input disturbance in polynomial form and a sinusoidal sensor disturbance in the measurement output. Adaptation rules are developed for identifying the unknown magnitude, phase and frequency of the sensor disturbance from the system output measurement. For the application of the identification result to the state estimation problem, the sinusoidal signal with arbitrary initial phase has been considered in this paper. In order to test the performance of the proposed algorithm, comparative computer simulations have been carried out with a robust state observer. Simulation results show the effectiveness of the proposed method.
Jongwook YANG Juhoon BACK Jin H. SEO
In this letter, we propose a new observer error linearization approach that is called reduced-order dynamic observer error linearization (RDOEL), which is a modified version of dynamic observer error linearization (DOEL). We introduce the concepts and properties of RDOEL, and provide a complete solution to RDOEL with one integrator. Moreover, we show that it is also a complete solution to a simple case of DOEL.
SeongHan SHIN Kazukuni KOBARA Hideki IMAI
An augmented PAKE (Password-Authenticated Key Exchange) protocol is said to be secure against server-compromise impersonation attacks if an attacker who obtained password verification data from a server cannot impersonate a client without performing off-line dictionary attacks on the password verification data. There are two augmented PAKE protocols where the first one [12] was proposed in the IEEE Communications Letters and the second one [15] was submitted to the IEEE P1363.2 standard working group [9]. In this paper, we show that these two augmented PAKE protocols [12], [15] (claimed to be secure) are actually insecure against server-compromise impersonation attacks. More specifically, we present generic server-compromise impersonation attacks on these augmented PAKE protocols [12],[15].
Masato ASAHARA Kenji KONO Toshinori KOJIMA Ai HAYAKAWA
Many services rely on the Internet to provide their customers with immediate access to information. To provide a stable service to a large number of customers, a service provider needs to monitor demand fluctuations and adjust the number and the location of replica servers around the world. Unfortunately, Flash crowds make it quite difficult to determine good number and locations of replica servers because they must be repositioned very quickly to respond to rapidly changing demands. We are developing ExaPeer, an infrastructure for dynamically repositioning replica servers on the Internet on the basis of demand fluctuations. In this paper we introduce ExaPeer Server Reposition (EPSR), a mechanism that quickly finds appropriate number and locations of replica servers. EPSR is designed to be lightweight and responsive to Flash crowds. EPSR enables us to position replica servers so that no server becomes overloaded. Even though no dedicated server collects global information such as the distribution of clients or the load of all servers over the Internet, the peer-to-peer approach enables EPSR to find number and locations of replica servers quickly enough to respond to flash crowds. Simulation results demonstrate that EPSR locates high-demand areas, estimates their scale correctly and determines appropriate number and locations of replica servers even if the demand for a service increases/decreases rapidly.
The robust reduced order observer for a class of discrete-time Lipschitz nonlinear systems with external disturbance is proposed. It is shown that the proposed observer design can suppress the effect on the estimation error of external disturbance up to the prescribed level. Also, linear matrix inequalities are used to represent sufficient conditions on the existence of the proposed observer. Moreover, the maximum admissible Lipschitz constant of the proposed design is obtained for a given disturbance attenuation level. Finally, an illustrative example is given to verify the effectiveness of the proposed design.
Hiroki WADA Hidetoshi OYA Kojiro HAGINO Yasumitsu EBINUMA
This paper deals with a design problem of an observer-based robust stabilizing controller for a class of polytopic uncertain systems. The proposed controller synthesis differs from the conventional quadratic stabilization based on Lyapunov criterion and is based on the computation of the system's trajectory. In this paper, we show a LMI-based design method of the observer-based robust controller. The effectiveness of the proposed controller design approach is presented through a simple numerical example.
This paper proposes a robust state observer for multi-input multi-output LTI systems. Unknown inputs of polynomial form and high-frequency measurement noises are considered in the system model. The unknown inputs and the noises are not in the same form. Multiple integrations of both the observer error signal and the measurement output are used for the observer design. The existence condition of the proposed observer is shown to be the same as that of the proportional-integral (PI) observer. Computer simulations show the effectiveness of the proposed observer.
Young Ik SON Goo-Jong JEONG In Hyuk KIM
Disturbance attenuation for a class of time-delay systems is performed by a combined simple adaptive control (SAC) with a new configuration of disturbance observer (DOB). The nominal system results from the Pade approximation, which is in the form of a non-minimum phase LTI system. For the implementation of SAC and DOB, two parallel feedforward compensators (PFC) are designed with the inverses of PD- and PID-controller, respectively. Simulation results show the effectiveness of the proposed controller to compensate the disturbance response and uncertain delay time.
Toshihiro YOKOYAMA Miyuki HANAOKA Makoto SHIMAMURA Kenji KONO Takahiro SHINAGAWA
Secure operating systems (secure OSes) are widely used to limit the damage caused by unauthorized access to Internet servers. However, writing a security policy based on the principle of least privilege for a secure OS is a challenge for an administrator. Considering that remote attackers can never attack a server before they establish connections to it, we propose a novel scheme that exploits phases to simplify security policy descriptions for Internet servers. In our scheme, the entire system has two execution phases: an initialization phase and a protocol processing phase. The initialization phase is defined as the phase before the server establishes connections to its clients, and the protocol processing phase is defined as the phase after it establishes connections. The key observation is that access control should be enforced by the secure OS only in the protocol processing phase to defend against remote attacks. Since remote attacks cannot be launched in the initialization phase, a secure OS is not required to enforce access control in this phase. Thus, we can omit the access-control policy in the initialization phase, which effectively reduces the number of policy rules. To prove the effectiveness of our scheme, we wrote security policies for three kinds of Internet servers (HTTP, SMTP, and POP servers). Our experimental results demonstrate that our scheme effectively reduces the number of descriptions; it eliminates 47.2%, 27.5%, and 24.0% of policy rules for HTTP, SMTP, and POP servers, respectively, compared with an existing SELinux policy that includes the initialization of the server.
Byounghee SON Youngchoong PARK Euiseok NAHM
The paper introduces both high-speed transmission and quality of system to offer the Internet services on a HFC (Hybrid Fiber Coaxial) network. This utilizes modulating the phase and the amplitude to the signal of the IPMS (Internet Protocol Multicasting Service). An IP-cable transmitter, IP-cable modem, and IP-cable management servers that support 30-Mbps IPMS on the HFC were developed. The system provides a 21 Mbps HDTV transporting stream on a cable TV network. It can sustain a clear screen for a long time.
In this paper, we discuss software performability evaluation considering the real-time property; this is defined as the attribute that the system can complete the task within the stipulated response time limit. We assume that the software system has two operational states from the viewpoint of the end users: one is operating with the desirable performance level according to specification and the other is with degraded performance level. The dynamic software reliability growth process with performance degradation is described by the extended Markovian software reliability model with imperfect debugging. Assuming that the software system can process the multiple tasks simultaneously and that the arrival process of the tasks follows a nonhomogeneous Poisson process, we analyze the distribution of the number of tasks whose processes can be completed within the processing time limit with the infinite server queueing model. We derive several software performability measures considering the real-time property; these are given as the functions of time and the number of debugging activities. Finally, we illustrate several numerical examples of the measures to investigate the impact of consideration of the performance degradation on the system performability evaluation.
Jong Hyeon YUN Yong Hun PARK Dong Min SEO Seok Jae LEE Jae Soo YOO
Most large-scale distributed file systems decouple a metadata operation from read and write operations for a file. In the distributed file systems, a certain server named a metadata server (MDS) is responsible for maintaining the metadata information of the file systems. In this paper, we propose a new metadata management scheme in order to provide the high metadata throughput and scalability for a cluster of MDSs. First, we derive a new metadata distribution technique. Then, we present a load balancing technique based on the distribution technique. Several experiments show that our scheme outperforms existing metadata management scheme in terms of scalability and load balancing.
This paper presents a robust reduced order observer for a class of Lipschitz nonlinear systems with external disturbance. Sufficient conditions on the existence of the proposed observer are characterized by linear matrix inequalities. It is also shown that the proposed observer design can reduce the effect on the estimation error of external disturbance up to the prescribed level. Finally, a numerical example is provided to verify the proposed design method.
Daiki NOBAYASHI Yutaka NAKAMURA Takeshi IKENAGA Yoshiaki HORI
With the growth of the Internet, various types of services are rapidly expanding; such services include the World Wide Web (WWW), the File Transfer Protocol (FTP), and remote login. Consequently, managing authentication information, e.g., user ID/password pairs, keys, and certificates- is difficult for users, since the amount of required authentication information has been increased. To address this problem, researchers have developed a Single Sign-On (SSO) system that makes all the services available for a user via a one-time authentication: however, existing authentication systems cannot provide such SSO services for all kind of services on the Internet, even if the service provider deploys the SSO server. Further, existing systems also cannot provide the SSO service which does not make it conscious of a network domain to a user on secure network environment. Therefore, in this paper, we propose a new SSO system with a hardware token and a key management server to improve the safety, ubiquity, and adaptability of services. Further, we implement the proposed system and show its effectiveness through evaluation. Adding any functions for this system provides various conveniences to us. We also explore the ability to add functions to this system; for example, we add high trust connection functionality for a Web server and show its effectiveness.
This paper presents a new scheme for Timed-Release Encryption (TRE), which is mainly designed for global use. TRE aims to control the timing of disclosing information. The major approach to TRE assumes that any participants can receive a time token broadcasted by a trusted agent, called a time server. Our scheme is based on this approach and allows participants to generate an encrypted message that can be decrypted using designated or any authenticated time servers including even those which are authenticated after encryption. In this sense, our scheme has a more flexible framework in terms of message decryption.
Bing-Fei WU Li-Shan MA Jau-Woei PERNG
This investigation applies the adaptive fuzzy-neural observer (AFNO) to synchronize a class of unknown chaotic systems via scalar transmitting signal only. The proposed method can be used in synchronization if nonlinear chaotic systems can be transformed into the canonical form of Lur'e system type by the differential geometric method. In this approach, the adaptive fuzzy-neural network (FNN) in AFNO is adopted on line to model the nonlinear term in the transmitter. Additionally, the master's unknown states can be reconstructed from one transmitted state using observer design in the slave end. Synchronization is achieved when all states are observed. The utilized scheme can adaptively estimate the transmitter states on line, even if the transmitter is changed into another chaos system. On the other hand, the robustness of AFNO can be guaranteed with respect to the modeling error, and external bounded disturbance. Simulation results confirm that the AFNO design is valid for the application of chaos synchronization.
Hiroshi MATSUURA Kazumasa TAKAMI
In the Next-Generation Network (NGN), accommodating a wide variety of customer networks through virtual private network (VPN) technologies is one of the key issues. In particular, a core network provider has to provide bandwidth-assured and secured data transmission for individual private networks while performing optimal and flexible path selection. We present hierarchically distributed path computation elements (HDPCEs) that enable a virtual private network (VPN) provider to guarantee end-to-end required bandwidth and to maintain the secrecy of the link-state information of each customer from other customers. In previous studies, a VPN provider only considered link states in the provider network and did not consider customer domains connected by the provider network. HDPCEs, which are distributed to customer domains, communicate with an HDPCE for the provider network, and these HDPCEs enable the guarantee of necessary bandwidth for a data transmission from one customer domain to another via a provider network. We propose a new path-selection algorithm in each HDPCE and cooperation scheme to interwork HDPCEs, which are suitable for VPN requirements. In the evaluation, the superiority of HDPCE-based VPN path selection over legacy OSPF-TE-based VPN path selection is demonstrated in two typical VPN models: the dedicated model and shared model.