1,721,131 research outputs found
Towards Democratic Computing
No full textThe Internet fosters democratic principles, bringing information, services, and social contacts to everyone's fingertips. Conversely, rampant monopolization, exploitation, and manipulation trends cause doubts about the democratization effects of the Internet. We argue that key functionality atop the core 'Transport Internet' shall be made publicly available and governed as meta-services. Thereupon, innovators shall be able to build real services easily for a competitive market, while the underlying meta-services ensure interoperability and are publicly governed to counter undemocratic and antisocial mechanisms. The proposed meta-services represent rather well-known functionality, and the proposed list is not comprehensive. What is new is their joint consideration as pillars of 'democratic computing'. We introduce our vision as a basis for discussions about the feasibility, potential benefits, and threats, and about the most pressing meta-services to start with. We propose a public ledger (largely equivalent to an existing blockchain yet publicly governed) as underlying technology along with the Web and the core Transport Internet, with the following meta-services atop: neutral edge computing for the provision of storage and computing; trust management; AI serving; persistent metaverse; and mission-critical provisioning. For each meta-service, we will discuss smaller or larger steps that were already made towards their conceptualization
Generating Training Data Sets for Machine Learning Approaches with GIPS
No full textMachine Learning (ML) and its application is a research area that has become increasingly important, especially in the last decade. ML approaches in the field of supervised learning depend on labeled data sets for their training process. But, in some problem domains, the collection and generation of labeled training data can be hard because, for example, the underlying problem is in general hard to solve algorithmically. This paper proposes a conceptual framework for the generation of labeled training data sets for supervised learning approaches based on the GIPS framework. For this purpose, GIPS combines Graph Transformation (GT) with Integer Linear Programming (ILP) techniques to solve graph-based optimization problems to obtain labels for data points. A prototypical implementation is used to demonstrate the functionality of our solution in the context of a small-scale Virtual Network Embedding (VNE) example. The evaluation of our prototype shows promising results when compared to an optimal ILP-based implementation
Enforcing Flexible Access Control Policies in a Rust-based Linux Security Module
Full text linkIn Betriebssystemen durchgesetzte Sicherheitspolitiken sind von zentraler Bedeutung um die Sicherheitsanforderungen von Anwendungen zu unterstützen. Für eine Vielzahl von Anwendungen ist attributbasierte Zugriffskontrolle (ABAC) wegen ihrer Flexibilität, Ausdrucksstärke und Skalierbarkeit zu einer beliebten Klasse von Politiken geworden. Standardbetriebssysteme nutzen allerdings vorrangig restriktivere Sicherheitspolitiken, die eng mit ihren Abstraktionen verknüpft sind. Dies limitiert nicht nur die Anwendbarkeit für dynamischere Einsatzzwecke, sondern es erschwert auch formale Analysen von Politiken, die Korrektheitsgarantien ermöglichen. Um diese Vorteile in Standardbetriebssystemen nutzen zu können, und um die Herausforderungen dieser Integration zu untersuchen, stellen wir eine erste Version des Rust DABAC LSMs vor, einem Linux Security Module (LSM), das flexible, formelbasierte ABAC Politiken mit zustandsverändernden Post-Conditions unterstützt. Wir nutzen dazu ein Referenzmonitor-Architekturschema als Basis und entscheiden uns aufgrund der Korrektheitsgarantien für eine Implementierung in Rust. Zusätzlich zur Implementierung und ihrer umfassenden Evaluierung steuern wir eine Analyse des Stands der Technik zu ABAC-Implementierungen in Linux sowie eine Anforderungsspezifikation und ein gründliches Design des Rust DABAC LSMs bei. Der Fokus des Entwurfs liegt auf der Anwendbarkeit der Referenzmonitor-Architektur im Linux-Kernel und auf Leistungsverbesserungen durch Caching. Unsere Ergebnisse zeigen den Grad der Praxistauglichkeit des Rust DABAC LSMs. Einzelne aufeinanderfolgende Anfragen werden effizient abgewickelt, jedoch führen die strengen Anforderungen der durchgesetzten dynamischen ABAC-Politiken nach wechselseitigem Ausschluss zu Leistungseinbußen bei Sperrkonflikten. Für die ausgewählte Architektur und solche Politiken zeigen wir auch, dass die Caching-Verfahren die Performanz der Variante ohne Caching nicht effektiv verbessern können. Eine qualitative Analyse bestätigt die Tatsache, dass die monolithische Architektur von Linux die ordnungsgemäße Erfüllung des Verifizierbarkeitskriteriums der Referenzmonitoreigenschaften verhindert. Darüber hinaus kommen wir zu dem Schluss, dass sich die Unterstützung von Rust im Kernel zwar noch im Anfangsstadium befindet, für die Implementierung aber größtenteils genügt und stetig besser wird.Access control policies enforced in operating systems are pivotal to support security requirements of applications. For a wide range of applications, attribute-based access control (ABAC) has become a popular class of policies due to its flexibility, expressiveness and scalability. Mainstream operating systems (OSs), however, predominantly use more restrictive policies, which are tightly coupled to their abstractions. Not only does this limit the applicability to more dynamic use cases, it also impedes formal policy analysis to enable correctness guarantees. In order to provide these benefits to a mainstream OS and to explore the challenges this integration poses, we present a first version of the Rust DABAC LSM, a Linux Security Module (LSM) that supports flexible, formula-based ABAC policies with state-changing post-conditions. We base this on a reference monitor architecture pattern and choose to implement it in Rust for its correctness guarantees. In addition to the implementation and its comprehensive evaluation, we contribute an analysis of the state of the art in ABAC implementations in Linux, and an extensive requirements specification and design of the Rust DABAC LSM. The design focuses on applicability of the reference monitor architecture to the Linux kernel and on performance-enhancements through caching. Our evaluation results show the degree of practical viability of using the Rust DABAC LSM. Individual subsequent requests are handled efficiently, although strict locking requirements of the enforced dynamic ABAC policies imply a performance penalty under lock contention. For the chosen architecture and such policies, we also show that the caching solutions could not effectively improve over the performance of the no-caching variant. A qualitative analysis reaffirms the fact that Linux’s monolithic architecture impedes fulfilling the verifiability reference monitor criterion. We also conclude that Rust support in the kernel is still in its early stages, but mostly suffices for the implementation and keeps improving
Going Beyond Counting First Authors in Author Co-citation Analysis
Full text linkThe present study examines one of the fundamental aspects of author co-citation analysis (ACA) - the way co-citation
counts are defined. Co-citation counting provides the data on which all subsequent statistical analyses and mappings
are based, and we compare ACA results based on two different types of co-citation counting - the traditional type that
only counts the first one among a cited work's authors on the one hand and a non-traditional type that takes into
account the first 5 authors of a cited work on the other hand. Results indicate that the picture produced through this non-traditional author co-citation counting contains more coherent author groups and is therefore considerably clearer. However, this picture represents fewer specialties in the research field being studied than that produced through the traditional first-author co-citation counting when the same number of top-ranked authors is selected and analyzed. Reasons for these effects are discussed
FogFrame: IoT Service Deployment and Execution in the Fog
No full textDespite existing theoretical foundations, the adoption
of fog computing is still at its very beginning. A particular
research challenge is the combination of decentralized data
processing needed for Internet of Things (IoT) services with
the benefits of fog computing. In this paper, we consider fog
computing as an umbrella paradigm that comprises three levels of
resources in the network: IoT devices, edge and cloud resources.
These resources have become a foundation for a fog landscape.
In this work, we address questions of how to virtualize resources
in the fog landscape, how to control the fog landscape, and how
to deploy and execute services in the fog landscape. To address
these questions, we present the architecture and implementation
details of a fog computing framework, called FogFrame
State Management for Efficient Event Pattern Detection
Full text linkEvent Stream Processing (ESP) Systeme überwachen kontinuierliche Datenströme, um benutzerdefinierte Queries auszuwerten. Die Herausforderung besteht darin, dass die Queryverarbeitung zustandsbehaftet ist und die Anzahl von Teilübereinstimmungen mit der Größe der verarbeiteten Events exponentiell anwächst.
Die Dynamik von Streams und die Notwendigkeit, entfernte Daten zu integrieren, erschweren die Zustandsverwaltung. Erstens liefern heterogene Eventquellen Streams mit unvorhersehbaren Eingaberaten und Queryselektivitäten. Während Spitzenzeiten ist eine erschöpfende Verarbeitung unmöglich, und die Systeme müssen auf eine Best-Effort-Verarbeitung zurückgreifen. Zweitens erfordern Queries möglicherweise externe Daten, um ein bestimmtes Event für eine Query auszuwählen. Solche Abhängigkeiten sind problematisch: Das Abrufen der Daten unterbricht die Stream-Verarbeitung. Ohne eine Eventauswahl auf Grundlage externer Daten wird das Wachstum von Teilübereinstimmungen verstärkt.
In dieser Dissertation stelle ich Strategien für optimiertes Zustandsmanagement von ESP Systemen vor. Zuerst ermögliche ich eine Best-Effort-Verarbeitung mittels Load Shedding. Dabei werden sowohl Eingabeeevents als auch Teilübereinstimmungen systematisch verworfen, um eine Latenzschwelle mit minimalem Qualitätsverlust zu garantieren. Zweitens integriere ich externe Daten, indem ich das Abrufen dieser von der Verwendung in der Queryverarbeitung entkoppele. Mit einem effizienten Caching-Mechanismus vermeide ich Unterbrechungen durch Übertragungslatenzen. Dazu werden externe Daten basierend auf ihrer erwarteten Verwendung vorab abgerufen und mittels Lazy Evaluation bei der Eventauswahl berücksichtigt. Dabei wird ein Kostenmodell verwendet, um zu bestimmen, wann welche externen Daten abgerufen und wie lange sie im Cache aufbewahrt werden sollen. Ich habe die Effektivität und Effizienz der vorgeschlagenen Strategien anhand von synthetischen und realen Daten ausgewertet und unter Beweis gestellt.Event stream processing systems continuously evaluate queries over event streams to detect user-specified patterns with low latency. However, the challenge is that query processing is stateful and it maintains partial matches that grow exponentially in the size of processed events.
State management is complicated by the dynamicity of streams and the need to integrate remote data. First, heterogeneous event sources yield dynamic streams with unpredictable input rates, data distributions, and query selectivities. During peak times, exhaustive processing is unreasonable, and systems shall resort to best-effort processing. Second, queries may require remote data to select a specific event for a pattern. Such dependencies are problematic: Fetching the remote data interrupts the stream processing. Yet, without event selection based on remote data, the growth of partial matches is amplified.
In this dissertation, I present strategies for optimised state management in event pattern detection. First, I enable best-effort processing with load shedding that discards both input events and partial matches. I carefully select the shedding elements to satisfy a latency bound while striving for a minimal loss in result quality. Second, to efficiently integrate remote data, I decouple the fetching of remote data from its use in query evaluation by a caching mechanism. To this end, I hide the transmission latency by prefetching remote data based on anticipated use and by lazy evaluation that postpones the event selection based on remote data to avoid interruptions. A cost model is used to determine when to fetch which remote data items and how long to keep them in the cache.
I evaluated the above techniques with queries over synthetic and real-world data. I show that the load shedding technique significantly improves the recall of pattern detection over baseline approaches, while the technique for remote data integration significantly reduces the pattern detection latency
Variations on the Author
Full text link“Variations on the Author” discusses two of Eduardo Coutinho’s recent films (Um Dia na Vida, from 2010, and Últimas Conversas, posthumously released in 2015) and their contribution to the general question of documentary authorship. The director’s filmography is characterized by a consistent yet self-effacing form of authorial self-inscription: Coutinho often features as an interviewer that rather than express opinions propels discourses; an interviewer that is good at listening. This mode of self-inscription characterizes him as an author who is not expressive but who is nonetheless markedly present on the screen. In Um Dia na Vida, however, Coutinho is completely absent form the image, while Últimas Conversas, on the contrary, includes a confessional prologue that moves the director from the margins to the center of his films. This article examines the ways in which these works stand out in the filmography of a director who offers new insights into the notion of cinematic authorship
Elastic Data Stream Processing
Full text linkData stream processing systems are used to process data from high velocity data sources like financial, sensor, or logistics data. Many use cases force these systems to use a distributed setup to be able to fulfill the strict requirements regarding expected system throughput and end-to-end latency. The major challenge for a distributed data stream processing system is unpredictable load peaks. Most systems use overprovisioning to solve this problem, which leads to a low system utilization and high monetary cost for the user. This doctoral thesis studies a potential solution to this problem by automatic scaling in or out based on the changing workload. This approach is called elastic scaling and allows a cost-efficient execution of the system with a high quality of service.
In this thesis, we present our elastic scaling data stream processing system FUGU and address three major challenges of such systems: 1) consideration of user-defined end-to-end latency constraints during the elastic scaling, 2) study of different auto-scaling techniques, and 3) combination of elastic scaling with different fault tolerance techniques.
First, we demonstrate how our system considers user-defined end-to-end latency constraints during the scaling decisions. Each scaling decision causes short latency peaks, because the processing needs to be paused while operators are moved. FUGU estimates the latency peaks for different scaling decisions, tries to minimize the created latency peak and at the same time to achieve similar monetary costs like alternative approaches.
Second, we study different auto-scaling techniques for elastic-scaling data stream
processing systems. Auto-scaling techniques are a very important part of such systems as they derive the scaling decisions. In this thesis, we study three auto-scaling techniques: Threshold-based Scaling, Reinforcement Learning and the novel Online Parameter Optimization. The Online Parameter Optimization overcomes the shortcomings of the two other approaches by avoiding manual tuning and being robust towards different workload patterns.
Finally, we present an integration of an elastic scaling with different replication techniques for high availability to allow to minimize the spent monetary cost and to ensure at the same time a maximal recovery time. We leverage two replication approaches in FUGU and evaluate a trade-off between recovery time and overhead. FUGU estimates the recovery time and adaptively optimizes the used replication technique for each operator.
All these contributions are carefully evaluated in three real-world scenarios and we
discuss the relationship of our contributions towards related work
Appropriate Similarity Measures for Author Cocitation Analysis
Full text linkWe provide a number of new insights into the methodological discussion about author cocitation analysis. We first argue that the use of the Pearson correlation for measuring the similarity between authors’ cocitation profiles is not very satisfactory. We then discuss what kind of similarity measures may be used as an alternative to the Pearson correlation. We consider three similarity measures in particular. One is the well-known cosine. The other two similarity measures have not been used before in the bibliometric literature. Finally, we show by means of an example that our findings have a high practical relevance.information science;Pearson correlation;cosine;similarity measure;author cocitation analysis
- …
