融合传统动态随机访问存储器(Dynamic Random Access Memory,DRAM)与新型非易失性内存(NonVolatile Memory,NVM)可构建平行架构或层次架构的异构内存系统.平行架构的异构内存系统往往需要通过页迁移技术把热点数据从NVM迁移到DRAM以提...融合传统动态随机访问存储器(Dynamic Random Access Memory,DRAM)与新型非易失性内存(NonVolatile Memory,NVM)可构建平行架构或层次架构的异构内存系统.平行架构的异构内存系统往往需要通过页迁移技术把热点数据从NVM迁移到DRAM以提高访存性能,然而在操作系统中实现热页监测和迁移会带来巨大的软件性能开销.硬件实现的层次架构由于增加了访存层次,对于访存局部性差的大数据应用反而增加了访存延迟.为此,本文提出可重构的异构内存架构,可以运行时在平行和层次架构间进行转换以动态适配不同应用的访存特性.设计了基于新型指令集架构RISC-V(Reduced Instruction Set Computing-V)的DRAM/NVM异构内存控制器,利用少量硬件计数器实现了访存踪迹统计和分析,并实现了DRAM和NVM物理页间的动态映射和高效迁移机制.实验表明,DRAM/NVM异构内存控制器可提高43%的应用性能.展开更多
采用直接功率注入法(direct power injection,DPI)对一款新型磁随机存储器(magneto resistive random access memory,MRAM)芯片进行了抗干扰测试。在存储数字“0”和“1”的情况下,对MRAM的电源引脚、数据引脚、控制引脚进行了干扰注入...采用直接功率注入法(direct power injection,DPI)对一款新型磁随机存储器(magneto resistive random access memory,MRAM)芯片进行了抗干扰测试。在存储数字“0”和“1”的情况下,对MRAM的电源引脚、数据引脚、控制引脚进行了干扰注入,对比了各引脚的失效功率。测试结果表明:MRAM在存储数字“0”时的敏感度比数字“1”时的敏感度低;与干扰从地引脚注入相比,干扰从电源引脚注入时芯片的敏感度更高;读取电路电磁敏感度和输出引脚与电源引脚具有较大相关性。这一研究结果可为提升新型存储器MRAM的芯片抗扰度及电路优化提供理论参考。展开更多
To resolve the problem of quantitative analysis in hybrid cloud,a quantitative analysis method,which is based on the security entropy,is proposed.Firstly,according to the information theory,the security entropy is put...To resolve the problem of quantitative analysis in hybrid cloud,a quantitative analysis method,which is based on the security entropy,is proposed.Firstly,according to the information theory,the security entropy is put forward to calculate the uncertainty of the system' s determinations on the irregular access behaviors.Secondly,based on the security entropy,security theorems of hybrid cloud are defined.Finally,typical access control models are analyzed by the method,the method's practicability is validated,and security and applicability of these models are compared.Simulation results prove that the proposed method is suitable for the security quantitative analysis of the access control model and evaluation to access control capability in hybrid cloud.展开更多
Traditional underwater acoustic communication networks(UACNs)generally use omnidirectional transmission technology that causes a large number of data-packet collisions,thus resulting in low network throughput and high...Traditional underwater acoustic communication networks(UACNs)generally use omnidirectional transmission technology that causes a large number of data-packet collisions,thus resulting in low network throughput and high end-to-end delays.Compared with omnidirectional transmission technology,directional technology only sends and receives data packets in a specified direction.This can significantly reduce the probability of collisions and improve network performance.However,it also causes a deafness problem,which occurs when the sending node sends a data packet to the receiving node but the receiving node is unable to reply to the sender,because its antenna beam is closed.To resolve this issue,this study proposes a collision classification media access control(CC-MAC)protocol for UACNs.With this protocol,the underwater acoustic channel is divided into two subchannels,and the nodes transmit corresponding data types on them.The sending node can estimate the current status of the receiving node(i.e.,no collision,normal collision,deafness)according to the type of the data packet received and the sub-channel it arrived on,and it can choose correct options to improve network efficiency.Finally,we verify the performance of CC-MAC via simulations,showing that the protocol achieved higher network throughput and lower end-toend delays.展开更多
In traditional framework,mandatory access control(MAC) system and malicious software are run in kernel mode. Malicious software can stop MAC systems to be started and make it do invalid. This problem cannot be solved ...In traditional framework,mandatory access control(MAC) system and malicious software are run in kernel mode. Malicious software can stop MAC systems to be started and make it do invalid. This problem cannot be solved under the traditional framework if the operating system(OS) is comprised since malwares are running in ring 0 level. In this paper,we propose a novel way to use hypervisors to protect kernel integrity and the access control system in commodity operating systems. We separate the access control system into three parts: policy management(PM),security server(SS) and policy enforcement(PE). Policy management and the security server reside in the security domain to protect them against malware and the isolation feather of the hypervisor can protect them from attacks. We add an access vector cache(AVC) between SS and PE in the guest OS,in order to speed up communication between the guest OS and the security domain. The policy enforcement module is retained in the guest OS for performance. The security of AVC and PE can be ensured by using a memory protection mechanism. The goal of protecting the OS kernel is to ensure the security of the execution path. We implementthe system by a modified Xen hypervisor. The result shows that we can secure the security of the access control system in the guest OS with no overhead compared with modules in the latter. Our system offers a centralized security policy for virtual domains in virtual machine environments.Keywords: hypervisor; virtualization; memo-展开更多
文摘融合传统动态随机访问存储器(Dynamic Random Access Memory,DRAM)与新型非易失性内存(NonVolatile Memory,NVM)可构建平行架构或层次架构的异构内存系统.平行架构的异构内存系统往往需要通过页迁移技术把热点数据从NVM迁移到DRAM以提高访存性能,然而在操作系统中实现热页监测和迁移会带来巨大的软件性能开销.硬件实现的层次架构由于增加了访存层次,对于访存局部性差的大数据应用反而增加了访存延迟.为此,本文提出可重构的异构内存架构,可以运行时在平行和层次架构间进行转换以动态适配不同应用的访存特性.设计了基于新型指令集架构RISC-V(Reduced Instruction Set Computing-V)的DRAM/NVM异构内存控制器,利用少量硬件计数器实现了访存踪迹统计和分析,并实现了DRAM和NVM物理页间的动态映射和高效迁移机制.实验表明,DRAM/NVM异构内存控制器可提高43%的应用性能.
文摘采用直接功率注入法(direct power injection,DPI)对一款新型磁随机存储器(magneto resistive random access memory,MRAM)芯片进行了抗干扰测试。在存储数字“0”和“1”的情况下,对MRAM的电源引脚、数据引脚、控制引脚进行了干扰注入,对比了各引脚的失效功率。测试结果表明:MRAM在存储数字“0”时的敏感度比数字“1”时的敏感度低;与干扰从地引脚注入相比,干扰从电源引脚注入时芯片的敏感度更高;读取电路电磁敏感度和输出引脚与电源引脚具有较大相关性。这一研究结果可为提升新型存储器MRAM的芯片抗扰度及电路优化提供理论参考。
基金Supported by the National Natural Science Foundation of China(No.60872041,61072066)Fundamental Research Funds for the Central Universities(JYI0000903001,JYI0000901034)
文摘To resolve the problem of quantitative analysis in hybrid cloud,a quantitative analysis method,which is based on the security entropy,is proposed.Firstly,according to the information theory,the security entropy is put forward to calculate the uncertainty of the system' s determinations on the irregular access behaviors.Secondly,based on the security entropy,security theorems of hybrid cloud are defined.Finally,typical access control models are analyzed by the method,the method's practicability is validated,and security and applicability of these models are compared.Simulation results prove that the proposed method is suitable for the security quantitative analysis of the access control model and evaluation to access control capability in hybrid cloud.
基金This work was supported by the National Key Research and Development Program of China(No.2018YFC0308500)National Natural Science Foundation of China(Nos.61901273,11774074,61771152,U1806201 and 11974090)+1 种基金Natural Science Foundation of Heilongjiang Province of China(No.YQ2019F002)Acoustic Science and Technology Laboratory,Science and Technology on Underwater Information and Control Laboratory,and by the Young Elite Scientists Sponsorship by CAST.
文摘Traditional underwater acoustic communication networks(UACNs)generally use omnidirectional transmission technology that causes a large number of data-packet collisions,thus resulting in low network throughput and high end-to-end delays.Compared with omnidirectional transmission technology,directional technology only sends and receives data packets in a specified direction.This can significantly reduce the probability of collisions and improve network performance.However,it also causes a deafness problem,which occurs when the sending node sends a data packet to the receiving node but the receiving node is unable to reply to the sender,because its antenna beam is closed.To resolve this issue,this study proposes a collision classification media access control(CC-MAC)protocol for UACNs.With this protocol,the underwater acoustic channel is divided into two subchannels,and the nodes transmit corresponding data types on them.The sending node can estimate the current status of the receiving node(i.e.,no collision,normal collision,deafness)according to the type of the data packet received and the sub-channel it arrived on,and it can choose correct options to improve network efficiency.Finally,we verify the performance of CC-MAC via simulations,showing that the protocol achieved higher network throughput and lower end-toend delays.
基金supported by the National 973 Basic Research Program of China under grant No.2014CB340600the National Natural Science Foundation of China under grant No.61370230 and No.61662022+1 种基金Program for New Century Excellent Talents in University Under grant NCET-13-0241Natural Science Foundation of Huhei Province under Grant No.2016CFB371
文摘In traditional framework,mandatory access control(MAC) system and malicious software are run in kernel mode. Malicious software can stop MAC systems to be started and make it do invalid. This problem cannot be solved under the traditional framework if the operating system(OS) is comprised since malwares are running in ring 0 level. In this paper,we propose a novel way to use hypervisors to protect kernel integrity and the access control system in commodity operating systems. We separate the access control system into three parts: policy management(PM),security server(SS) and policy enforcement(PE). Policy management and the security server reside in the security domain to protect them against malware and the isolation feather of the hypervisor can protect them from attacks. We add an access vector cache(AVC) between SS and PE in the guest OS,in order to speed up communication between the guest OS and the security domain. The policy enforcement module is retained in the guest OS for performance. The security of AVC and PE can be ensured by using a memory protection mechanism. The goal of protecting the OS kernel is to ensure the security of the execution path. We implementthe system by a modified Xen hypervisor. The result shows that we can secure the security of the access control system in the guest OS with no overhead compared with modules in the latter. Our system offers a centralized security policy for virtual domains in virtual machine environments.Keywords: hypervisor; virtualization; memo-