Secure operating systems (secure OSes) are widely used to limit the damage caused by unauthorized access to Internet servers. However, writing a security policy based on the principle of least privilege for a secure OS is a challenge for an administrator. Considering that remote attackers can never attack a server before they establish connections to it, we propose a novel scheme that exploits phases to simplify security policy descriptions for Internet servers. In our scheme, the entire system has two execution phases: an initialization phase and a protocol processing phase. The initialization phase is defined as the phase before the server establishes connections to its clients, and the protocol processing phase is defined as the phase after it establishes connections. The key observation is that access control should be enforced by the secure OS only in the protocol processing phase to defend against remote attacks. Since remote attacks cannot be launched in the initialization phase, a secure OS is not required to enforce access control in this phase. Thus, we can omit the access-control policy in the initialization phase, which effectively reduces the number of policy rules. To prove the effectiveness of our scheme, we wrote security policies for three kinds of Internet servers (HTTP, SMTP, and POP servers). Our experimental results demonstrate that our scheme effectively reduces the number of descriptions; it eliminates 47.2%, 27.5%, and 24.0% of policy rules for HTTP, SMTP, and POP servers, respectively, compared with an existing SELinux policy that includes the initialization of the server.

In this paper, we propose a new modeling method to express discrete-time hybrid systems with parameter uncertainty as a mixed logical dynamical (MLD) model. In analysis and control of hybrid systems, there are problem formulations in which convex polyhedra are computed, but for high-dimensional systems, it is difficult to solve these problems within a practical computation time. The key idea of this paper is to use an interval method, which is one of the classical methods in verified numerical computation, and to regard an interval as an over-approximation of a convex polyhedron. By using the obtained MLD model, analysis and synthesis of robust control systems are formulated.

This paper presents a new hierarchical mode segmentation of the observed driving behavioral data based on the multi-level abstraction of the underlying dynamics. By synthesizing the ideas of a feature vector definition revealing the dynamical characteristics and an unsupervised clustering technique, the hierarchical mode segmentation is achieved. The identified mode can be regarded as a kind of symbol in the abstract model of the behavior. Second, the grammatical inference technique is introduced to develop the context-dependent grammar of the behavior, i.e., the symbolic dynamics of the human behavior. In addition, the behavior prediction based on the obtained symbolic model is performed. The proposed framework enables us to make a bridge between the signal space and the symbolic space in the understanding of the human behavior.

To realize the harmonious cooperation with the operator, the man-machine cooperative system must be designed so as to accommodate with the characteristics of the operator's skill. One of the important considerations in the skill analysis is to investigate the switching mechanism underlying the skill dynamics. On the other hand, the combination of the feedforward and feedback schemes has been proved to work successfully in the modeling of human skill. In this paper, a new stochastic switched skill model for the sliding task, wherein a minimum jerk motion and feedback schemes are embedded in the different discrete states, is proposed. Then, the parameter estimation algorithm for the proposed switched skill model is derived. Finally, some advantages and applications of the proposed model are discussed.

SoC has driven the evolution of embedded systems or consumer electronics. Multi-core/multi-IP is the key technology to integrate many functions on a SoC for future embedded applications. In this paper, the transition of SoC and its required functions for cellular phones as an example is described. And the state-of-the-art multi-core technology of homogeneous type and heterogeneous type are shown. When many cores and IPs are integrated on a chip, collaboration between cores and IPs becomes important to meet requirement. To realize it, "MPSoC Platform" concept and elementary technology for this platform is described.

Networking technologies have recently been evolving and network applications are now expected to support flexible composition of upper-layer network services, such as security, QoS, or personal firewall. We propose a multi-platform framework called FreeNA* that extends existing applications by incorporating the services based on user definitions. This extension does not require users to modify their systems at all. Therefore, FreeNA is valuable for experimental system usage. We implemented FreeNA on both Linux and Microsoft Windows operating systems, and evaluated their functionality and performance. In this paper, we describe the design and implementation of FreeNA including details on how to insert network services into existing applications and how to create services in a multi-platform environment. We also give an example implementation of a service with SSL, a functionality comparison with relevant systems, and our performance evaluation results. The results show that FreeNA offers finer configurability, composability, and usability than other similar systems. We also show that the throughput degradation of transparent service insertion is 2% at most compared with a method of directly inserting such services into applications.

To realize huge-scale information services, many Distributed Hash Table (DHT) based systems have been proposed. For example, there are some proposals to manage item-level product traceability information with DHTs. In such an application, each entry of a huge number of item-level IDs need to be available on a DHT. To ensure data availability, the soft-state approach has been employed in previous works. However, this does not scale well against the number of entries on a DHT. As we expect 1010 products in the traceability case, the soft-state approach is unacceptable. In this paper, we propose Distributed-to-Distributed Data Copy (D3C). With D3C, users can reconstruct the data as they detect data loss, or even migrate to another DHT system. We show why it scales well against the number of entries on a DHT. We have confirmed our approach with a prototype. Evaluation shows our approach fits well on a DHT with a low rate of failure and a huge number of data entries.

It is known that the schedulability of a non-preemptive task set with fixed priority can be determined in pseudo-polynomial time. However, since Rate Monotonic scheduling is not optimal for non-preemptive scheduling, the applicability of existing polynomial time tests that provide sufficient schedulability conditions, such as Liu and Layland's bound, is limited. This letter proposes a new sufficient condition for non-preemptive fixed priority scheduling that can be used for any fixed priority assignment scheme. It is also shown that the proposed schedulability test has a tighter utilization bound than existing test methods.

We propose an Edge-write architecture which performs eager update propagation for update requests for the corresponding secondary server, whereas it lazily propagates updates from other secondary servers. Our architecture resolves consistency problems caused by read/update decoupling in the conventional lazy update propagation-based system. It also improves overall scalability by alleviating the performance bottleneck at the primary server in compensation for increased but bounded response time. Such relaxed consistency management enables a read request to choose whether to read the replicated data immediately or to refresh it. We use the age of a local data copy as the freshness factor so that a secondary server can make a decision for freshness control independently. As a result, our freshness-controlled edge-write architecture benefits by adjusting a tradeoff between the response time and the correctness of data.

Higher-order rewrite systems (HRSs) and simply-typed term rewriting systems (STRSs) are computational models of functional programs. We recently proposed an extremely powerful method, the static dependency pair method, which is based on the notion of strong computability, in order to prove termination in STRSs. In this paper, we extend the method to HRSs. Since HRSs include λ-abstraction but STRSs do not, we restructure the static dependency pair method to allow λ-abstraction, and show that the static dependency pair method also works well on HRSs without new restrictions.

This paper describes the architecture of an integrated platform developed for improving the development efficiency of system LSIs built into digital consumer electronics equipment such as flat-panel TVs and optical disc recorders. The reason for developing an integrated platform is to improve the development efficiency of system LSIs that serve the principal functions of the said equipment. The key is to build a common interface between each software layer, with the system LSI located at the lowest layer. To make this possible, the hardware architecture of the system LSI is divided into five blocks according to its main functionality. In addition, a middleware layer is placed over the operating system to improve the ease of porting old applications and developing new applications in the higher layer. Based on this platform, a system LSI called UniPhierTM has been developed and used in 156 product families of digital consumer electronics equipment (as of December 2008).

Packet classification categorizes incoming packets into multiple forwarding classes based on pre-defined filters. This categorization makes information accessible for quality of service or security handling in the network. In this paper, we propose a scheme which combines the Aggregate Bit Vector algorithm and the Pruned Tuple Space Search algorithm to improve the performance of packet classification in terms of speed and storage. We also present the procedures of incremental update. Our scheme is evaluated with filter databases of varying sizes and characteristics. The experimental results demonstrate that our scheme is feasible and scalable.

The single input rule modules connected fuzzy inference method (SIRMs method) by Yubazaki et al. can decrease the number of fuzzy rules drastically in comparison with the conventional fuzzy inference methods. Moreover, Seki et al. have proposed a functional-type SIRMs method which generalizes the consequent part of the SIRMs method to function. However, these SIRMs methods can not be applied to XOR (Exclusive OR). In this paper, we propose a "kernel-type SIRMs method" which uses the kernel trick to the SIRMs method, and show that this method can treat XOR. Further, a learning algorithm of the proposed SIRMs method is derived by using the steepest descent method, and compared with the one of conventional SIRMs method and kernel perceptron by applying to identification of nonlinear functions, medical diagnostic system and discriminant analysis of Iris data.

This paper proposes an enhanced method for estimating the a priori Signal-to-Disturbance Ratio (SDR) to be employed in the Acoustic Echo and Noise Suppression (AENS) system for full-duplex hands-free communications. The proposed a priori SDR estimation technique is modified based upon the Two-Step Noise Reduction (TSNR) algorithm to suppress the background noise while preserving speech spectral components. In addition, a practical approach to determine accurately the Echo Spectrum Variance (ESV) is presented based upon the linear relationship assumption between the power spectrum of far-end speech and acoustic echo signals. The ESV estimation technique is then employed to alleviate the acoustic echo problem. The performance of the AENS system that employs these two proposed estimation techniques is evaluated through the Echo Attenuation (EA), Noise Attenuation (NA), and two speech distortion measures. Simulation results based upon real speech signals guarantee that our improved AENS system is able to mitigate efficiently the problem of acoustic echo and background noise, while preserving the speech quality and speech intelligibility.

This letter investigates an ADILC (Iterative Learning Control with Advanced Output Data) scheme for nonminimum phase systems using a partially known impulse response. ADILC has a simple learning structure that can be applied to both minimum phase and nonminimum phase systems. However, in the latter case, the overall control time horizon must be considered in the input update law, which makes the dimension of the matrices in the convergence condition very large. Also, this makes it difficult to find a proper learning gain matrix. In this letter, a new sufficient condition is derived from the convergence condition, which can be used to find the learning gain matrix for nonminimum phase systems if we know the first part of the impulse response up to a sufficient order. Based on this, an iterative learning control scheme is proposed using the estimation of the first part of the impulse response for nonminimum phase systems.

Network intrusion detection systems rely on a signature-based detection engine. When under attack or during heavy traffic, the detection engines need to make a fast decision whether a packet or a sequence of packets is normal or malicious. However, if packets have a heavy payload or the system has a great deal of attack patterns, the high cost of payload inspection severely diminishes detection performance. Therefore, it would be better to avoid unnecessary payload scans by checking the protocol fields in the packet header, before executing their heavy operations of payload inspection. When payload inspection is necessary, it is better to compare a minimum number of attack patterns. In this paper, we propose new methods to classify attack signatures and make pre-computed multi-pattern groups. Based on IDS rule analysis, we grouped the signatures of attack rules by a multi-dimensional classification method adapted to a simplified address flow. The proposed methods reduce unnecessary payload scans and make light pattern groups to be checked. While performance improvements are dependent on a given networking environment, the experimental results with the DARPA data set and university traffic show that the proposed methods outperform the most recent Snort by up to 33%.

Following the last proposal of the nonlinear Piece in Hand method, which has 3-layer structure, 2-layer nonlinear Piece in Hand method is proposed. Both of them aim at enhancing the security of existing and future multivariate public key cryptosystems. The new nonlinear Piece in Hand is compared with the 3-layer method and PMI+, which was proposed by Ding, et al.

Let us introduce n ( ≥ 2) mappings fi (i=1,,n ≡ 0) defined on reflexive real Banach spaces Xi-1 and let fi:Xi-1 → Yi be completely continuous on bounded convex closed subsets Xi-1(0) ⊂ Xi-1. Moreover, let us introduce n set-valued mappings Fi : Xi-1 Yi → Fc(Xi) (the family of all non-empty compact subsets of Xi), (i=1,,n ≡ 0). Here, we have a fixed point theorem in weak topology on the successively recurrent system of set-valued mapping equations:xi ∈ Fi(xi-1, fi(xi-1)), (i=1,,n ≡ 0). This theorem can be applied immediately to analysis of the availability of system of circular networks of channels undergone by uncertain fluctuations and to evaluation of the tolerability of behaviors of those systems.

This paper proposes a parallelized DVC framework that treats each bitplane independently to reduce the decoding time. Unfortunately, simple parallelization generates inaccurate bit probabilities because additional side information is not available for the decoding of subsequent bitplanes, which degrades encoding efficiency. Our solution is an effective estimation method that can calculate the bit probability as accurately as possible by index assignment without recourse to side information. Moreover, we improve the coding performance of Rate-Adaptive LDPC (RA-LDPC), which is used in the parallelized DVC framework. This proposal selects a fitting sparse matrix for each bitplane according to the syndrome rate estimation results at the encoder side. Simulations show that our parallelization method reduces the decoding time by up to 35[%] and achieves a bit rate reduction of about 10[%].

Location Based Services (LBS) are expected to become one of the major drivers of ubiquitous services due to recent inception of GPS-enabled mobile devices, the development of Web2.0 paradigm, and emergence of 3G broadband networks. Having this vision in mind, Community Context-attribute-oriented Collaborative Information Environment (CCCIE) based Autonomous Decentralized Community System (ADCS) is proposed to enable provision of services to specific users in specific place at specific time considering various context-attributes. This paper presents autonomous community construction technology that share service discovered by one member among others in flexible way to improve timeliness and reduce network cost. In order to meet crucial goal of real-time and context-aware community construction (provision of service/ service information to users with common interests), and defining flexible service area in highly dynamic operating environment of ADCS, proposed progressive ripple based service discovery technique introduces novel idea of snail's pace and steady advancing search followed by swift boundary confining mechanism; while service area construction shares the discovered service among members in defined area to further improve timeliness and reduce network cost. Analysis and empirical results verify the effectiveness of the proposed technique.