Search For:

Displaying 1-50 out of 133 total
Accurate Inter-Transaction Dependency Tracking for Repairable DBMS
Found in: Network Computing and Applications, IEEE International Symposium on
By Shweta Bajpai, Alexey Smirnov, Tzi-cker Chiueh
Issue Date:July 2007
pp. 161-168
A reparable database management system has the ability to automatically undo the set of transactions that are corrupted by a human error or malicious attack. The key technical challenge to building repairable database management systems is how to accuratel...
 
Scalable network-based buffer overflow attack detection
Found in: Symposium On Architecture For Networking And Communications Systems
By Fu-Hau Hsu, Fanglu Guo, Tzi-cker Chiueh
Issue Date:December 2006
pp. 163-172
Buffer overflow attack is the main attack method that most if not all existing malicious worms use to propagate themselves from machine to machine. Although a great deal of research has been
 
Checking Array Bound Violation Using Segmentation Hardware
Found in: Dependable Systems and Networks, International Conference on
By Lap-chung Lam, Tzi-cker Chiueh
Issue Date:July 2005
pp. 388-397
The ability to check memory references against their associated array/buffer bounds helps programmers to detect programming errors involving address overruns early on and thus avoidmany difficult bugs down the line. This paper proposes a novel approach cal...
 
A Portable Implementation Framework for Intrusion-Resilient Database Management Systems
Found in: Dependable Systems and Networks, International Conference on
By Alexey Smirnov, Tzi-cker Chiueh
Issue Date:July 2004
pp. 443
An intrusion-resilient database management system is the one that is capable of restoring its consistency after being compromised by a malicious attack or a human error. More specifically, an intrusion-resilient mechanism helps to quickly repair a database...
 
Accurate and Efficient Inter-Transaction Dependency Tracking
Found in: Data Engineering, International Conference on
By Tzi-cker Chiueh, Shweta Bajpai
Issue Date:April 2008
pp. 1209-1218
A reparable database management system has the ability to automatically undo the set of transactions that are corrupted by a human error or malicious attack. The key technical challenge to building repairable database management systems is how to accuratel...
 
Speculative Memory State Transfer for Active-Active Fault Tolerance
Found in: Cluster Computing and the Grid, IEEE International Symposium on
By Maohua Lu,Tzi-cker Chiueh
Issue Date:May 2012
pp. 268-275
Virtualization provides the possibility of whole machine migration and thus enables a new form of fault tolerance that is completely transparent to applications and operating systems. The most seamless virtualization-based fault tolerance configuration is ...
 
Optimization of an Instrumentation Tool for Stripped Win32/X86 Binaries
Found in: Parallel and Distributed Systems, International Conference on
By Santosh Sonawane,Tzi-cker Chiueh
Issue Date:December 2011
pp. 134-141
Many software security, instruction set architecture virtualization and performance enhancement techniques require instrumentation of application program binaries either to add run-time checks or to perform dynamic analysis and transformation. Unfortunatel...
 
Execution Trace-Driven Automated Attack Signature Generation
Found in: Computer Security Applications Conference, Annual
By Susanta Nanda, Tzi-cker Chiueh
Issue Date:December 2008
pp. 195-204
In its most general form, an attack signature is a program that can correctly determine if an input network packet sequence can successfully attack a protected network application. Filter rules used in firewall and network intrusion prevention systems (NIP...
 
Web Application Attack Prevention for Tiered Internet Services
Found in: Information Assurance and Security, International Symposium on
By Susanta Nanda, Lap-Chung Lam, Tzi-Cker Chiueh
Issue Date:September 2008
pp. 186-191
Because most web application attacks exploit vulnerabilities that result from lack of input validation, a promising approach to thwarting these attacks is to apply validation checks on tainted portions of the operands used in security-sensitive operations,...
 
Efficient Logging and Replication Techniques for Comprehensive Data Protection
Found in: Mass Storage Systems and Technologies, IEEE / NASA Goddard Conference on
By Maohua Lu, Shibiao Lin, Tzi-cker Chiueh
Issue Date:September 2007
pp. 171-184
Mariner is an iSCSI-based storage system that is designed to provide comprehensive data protection on commodity ATA disk and Gigabit Ethernet technologies while offering the same performance as those without any such protection. In particular, Mariner supp...
 
CTCP: A Transparent Centralized TCP/IP Architecture for Network Security
Found in: Computer Security Applications Conference, Annual
By Fu-Hau Hsu, Tzi-cker Chiueh
Issue Date:December 2004
pp. 335-344
Many network security problems can be solved in a centralized TCP (CTCP) architecture, in which an organization's edge router transparently proxies every TCP connection between an internal host and an external host on the Internet. This paper describes the...
 
Quality of Service Guarantee on 802.11 Networks
Found in: High-Performance Interconnects, Symposium on
By Srikant Sharma, Kartik Gopalan, Ningning Zhu, Pradipta De, Gang Peng, Tzi-cker Chiueh
Issue Date:August 2001
pp. 0099
Abstract: Rether [1] was originally developed to support guaranteed Quality of Service (QoS) for shared Ethernet LANs. With the growing popularity of wireless LANs, we modified the Rether protocol to provide QoS guarantee on wireless networks. In this pape...
 
An integrated processing pipeline for irregular volume data
Found in: International Workshop on Volume Graphics
By Tzi-Cker Chiueh
Issue Date:June 2005
pp. 147-237
Very large irregular-grid volume data sets are typically represented as tetrahedral mesh and require substantial disk I/O and rendering computation. One effective way to reduce this demanding resource requirement is compression. Previous research showed ho...
 
Accurate Application-Specific Sandboxing for Win32/Intel Binaries
Found in: Information Assurance and Security, International Symposium on
By Wei Li, Lap-chung Lam, Tzi-cker Chiueh
Issue Date:August 2007
pp. 375-382
Comparing the system call sequence of a network application against a sandboxing policy is a popular approach to detecting control-hijacking attack, in which the attacker exploits such software vulnerabilities as buffer overflow to take over the control of...
 
How to Automatically and Accurately Sandbox Microsoft IIS
Found in: Computer Security Applications Conference, Annual
By Wei Li, Lap-chung Lam, Tzi-cker Chiueh
Issue Date:December 2006
pp. 213-222
Comparing the system call sequence of a network application against a sandboxing policy is a popular approach to detecting control-hijacking attack, in which the attacker exploits such software vulnerabilities as buffer overflow to take over the control of...
 
Shuttle: Facilitating Inter-Application Interactions for OS-Level Virtualization
Found in: IEEE Transactions on Computers
By Zhiyong Shan,Xin Wang,Tzi-cker Chiueh
Issue Date:May 2014
pp. 1220-1233
OS-level virtualization generates a minimal start-up and run-time overhead on the host OS and thus suits applications that require both good isolation and high efficiency. However, multiple-member applications required for forming a system may need to occa...
 
Evaluation of a Server-Grade Software-Only ARM Hypervisor
Found in: 2013 IEEE 6th International Conference on Cloud Computing (CLOUD)
By Alexey Smirnov,Mikhail Zhidko,Yingshiuan Pan,Po-Jui Tsao,Kuang-Chih Liu,Tzi-Cker Chiueh
Issue Date:June 2013
pp. 855-862
Because of its enormous popularity in embedded systems and mobile devices, ARM CPU is arguably the most used CPU in the world. The resulting economies of scale benefit entices system architects to ponder the feasibility of building lower-cost and lower-pow...
 
Cloud-Based Application Whitelisting
Found in: 2013 IEEE 6th International Conference on Cloud Computing (CLOUD)
By Jennia Hizver,Tzi-cker Chiueh
Issue Date:June 2013
pp. 636-643
Cloud computing ushers in an era of consolidated information technology infrastructure that is elastic, available and scalable. Virtualization is a critical building block in this evolution and enables centralized, consistent, and policy-driven administrat...
 
SIDE: Isolated and efficient execution of unmodified device drivers
Found in: 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
By Yifeng Sun,Tzi-cker Chiueh
Issue Date:June 2013
pp. 1-12
Buggy device drivers are a major threat to the reliability of their host operating system. There have been myriad attempts to protect the kernel, but most of them either required driver modifications or incur substantial performance overhead. This paper de...
 
Malware Clearance for Secure Commitment of OS-Level Virtual Machines
Found in: IEEE Transactions on Dependable and Secure Computing
By Zhiyong Shan, Xin Wang, Tzi-cker Chiueh
Issue Date:March 2013
pp. 70-83
A virtual machine(VM) can be simply created upon use and disposed upon the completion of the tasks or the detection of error. The disadvantage of this approach is that if there is no malicious activity, the user has to redo all of the work in her actual wo...
 
Intelligent Urban Video Surveillance System for Automatic Vehicle Detection and Tracking in Clouds
Found in: 2013 IEEE 27th International Conference on Advanced Information Networking and Applications (AINA)
By Yi-Ling Chen,Tse-Shih Chen,Tsiao-Wen Huang,Liang-Chun Yin,Shiou-Yaw Wang,Tzi-Cker Chiueh
Issue Date:March 2013
pp. 814-821
Nowadays, digital surveillance systems are ubiquitously installed and continuously generate huge amount of video data. Very often, human inspection of the recorded videois still required for threat detection. Even though automated techniques exist to facil...
 
Encryption Domain Text Retrieval
Found in: 2012 IEEE 4th International Conference on Cloud Computing Technology and Science (CloudCom)
By Tzi-cker Chiueh,Dilip N Simha,Alankar Saxena,Saurabh Bhola,Ping-Hung Lin,Cheng-En Pang
Issue Date:December 2012
pp. 107-112
This paper proposes efficient indexing and querying services on encrypted user documents stored in the cloud. We develop few sophisticated techniques to ensure that any network intruder or even the cloud service provider itself is oblivious to both user da...
 
Peregrine: An All-Layer-2 Container Computer Network
Found in: 2012 IEEE 5th International Conference on Cloud Computing (CLOUD)
By Tzi-cker Chiueh,Cheng-Chun Tu,Yu-Cheng Wang,Pai-Wei Wang,Kai-Wen Li,Yu-Ming Huang
Issue Date:June 2012
pp. 686-693
ITRI container computer is a modular computer designed to be a building block for constructing cloud-scale data centers. Rather than using a traditional data center network architecture, which is typically based on a combination of Layer 2 switches and Lay...
 
Surreptitious Deployment and Execution of Kernel Agents in Windows Guests
Found in: Cluster Computing and the Grid, IEEE International Symposium on
By Tzi-cker Chiueh,Matthew Conover,Bruce Montague
Issue Date:May 2012
pp. 507-514
As more and more virtual machines (VM) are packed into a physical machine, refactoring common kernel components shared by the virtual machines running on the same physical machine significantly reduces the overall resource consumption. A refactored kernel ...
 
Enforcing Mandatory Access Control in Commodity OS to Disable Malware
Found in: IEEE Transactions on Dependable and Secure Computing
By Zhiyong Shan,Xin Wang,Tzi-cker Chiueh
Issue Date:July 2012
pp. 540-554
Enforcing a practical Mandatory Access Control (MAC) in a commercial operating system to tackle malware problem is a grand challenge but also a promising approach. The firmest barriers to apply MAC to defeat malware programs are the incompatible and unusab...
 
Hypervisor Support for Efficient Memory De-duplication
Found in: Parallel and Distributed Systems, International Conference on
By Ying-Shiuan Pan,Jui-Hao Chiang,Han-Lin Li,Po-Jui Tsao,Ming-Fen Lin,Tzi-cker Chiueh
Issue Date:December 2011
pp. 33-39
Memory de-duplication removes the memory state redundancy among virtual machines that run on the same physical machine by identifying common memory pages shared by these virtual machines and storing only one copy for each of common memory pages. A standard...
 
Physical Machine State Migration
Found in: Parallel and Distributed Systems, International Conference on
By Jui-Hao Chiang,Maohua Lu,Tzi-cker Chiueh
Issue Date:December 2011
pp. 25-32
A powerful functionality enabled by modern virtualization technologies is the ability to move a virtual machine (VM) from one physical machine to another, which enables unprecedented flexibility for system fault tolerance and load balancing. However, no si...
 
Automated Discovery of Credit Card Data Flow for PCI DSS Compliance
Found in: Reliable Distributed Systems, IEEE Symposium on
By Jennia Hizver,Tzi-cker Chiueh
Issue Date:October 2011
pp. 51-58
Credit cards are key instruments in personal financial transactions. Credit card payment systems used in these transactions and operated by merchants are often targeted by hackers to steal the card data. To address this threat, the payment card industry es...
 
Scalable Index Update for Block-Level Continuous Data Protection
Found in: Networking, Architecture, and Storage, International Conference on
By Maohua Lu,Dilip Simha,Tzi-cker Chiueh
Issue Date:July 2011
pp. 372-381
A block-level continuous data protection (CDP) system logs every disk update to a network storage server it protects, so as to support more flexible recovery time objective (RTO) and recovery point objective (RPO). To provide efficient access to historical...
 
An Incremental File System Consistency Checker for Block-Level CDP Systems
Found in: Reliable Distributed Systems, IEEE Symposium on
By Maohua Lu, Tzi-cker Chiueh, Shibiao Lin
Issue Date:October 2008
pp. 157-162
A block-level continuous data protection (CDP) system logs every disk block update from an application server (e.g., a file or DBMS server) to a storage system so that any disk updates within a time window are undoable, and thus is able to provide a more f...
 
Availability and Fairness Support for Storage QoS Guarantee
Found in: Distributed Computing Systems, International Conference on
By Peng Gang, Tzi-cker Chiueh
Issue Date:June 2008
pp. 589-596
Multi-dimensional storage virtualization (MDSV) technology allows multiple virtual disks, each with a distinct combination of capacity, latency and bandwidth requirements, to be multiplexed on a physical disk storage system with performance isolation. This...
 
Automated Format String Attack Prevention for Win32/X86 Binaries
Found in: Computer Security Applications Conference, Annual
By Wei Li, Tzi-cker Chiueh
Issue Date:December 2007
pp. 398-409
A format string attack exploits the fact that variadic func- tions determine the exact number of input arguments based on the format string argument, and compromises the vic- tim application's address space by accessing data areas be- yond the original inp...
 
Automatic Patch Generation for Buffer Overflow Attacks
Found in: Information Assurance and Security, International Symposium on
By Alexey Smirnov, Tzi-cker Chiueh
Issue Date:August 2007
pp. 165-170
Control-hijacking attacks exploit vulnerabilities in network services to take control of them and eventually their underlying machines. Although much work has been done on detection and prevention of control-hijacking attacks, most of them did not address ...
 
Transparent and Accurate Traffic Load Estimation for EnterpriseWireless LAN
Found in: Network Computing and Applications, IEEE International Symposium on
By Gang Wu, Fanglu Guo, Tzi-cker Chiueh
Issue Date:July 2007
pp. 69-78
The exponential increase in the deployment of IEEE 802.11-based wireless LAN (WLAN) technology has transformed it into an essential building block of the networking infrastructure of commercial enterprises. How to effectively manage these WLAN networks and...
 
Portable and Efficient Continuous Data Protection for Network File Servers
Found in: Dependable Systems and Networks, International Conference on
By Ningning Zhu, Tzi-cker Chiueh
Issue Date:June 2007
pp. 687-697
Continuous data protection, which logs every update to a file system, is an enabling technology to protect file systems against malicious attacks and/or user mistakes, because it allows each file update to be undoable. Existing implementations of continuou...
 
Transparent Reliable Multicast for Ethernet-Based Storage Area Networks
Found in: Network Computing and Applications, IEEE International Symposium on
By Shibiao Lin, Maohua Lu, Tzi-cker Chiueh
Issue Date:July 2007
pp. 87-94
As disk storage density increases and data availability requirements become ever more demanding, data replication is increasingly an indispensable feature of enterprise-class storage systems. For highly available storage systems, every disk block is typica...
 
Autonomic Resource Management for Multiple-Spanning-Tree Metro-Ethernet Networks
Found in: Network Computing and Applications, IEEE International Symposium on
By Shibiao Lin, Srikant Sharma, Tzi-cker Chiueh
Issue Date:July 2007
pp. 239-248
Viking [13] is a multi-spanning-tree Ethernet architecture that is designed to leverage commodity Ethernet switches to support Metro-Ethernet services. In particular, it exploits VLAN switching to provide network-wide load balancing across a metro-area net...
 
Foreign Code Detection on the Windows/X86 Platform
Found in: Computer Security Applications Conference, Annual
By Susanta Nanda, Wei Li, Lap-Chung Lam, Tzi-cker Chiueh
Issue Date:December 2006
pp. 279-288
As new attacks againstWindows-based machines emerge almost on a daily basis, there is an increasing need to
 
A General Dynamic Information Flow Tracking Framework for Security Applications
Found in: Computer Security Applications Conference, Annual
By Lap Chung Lam, Tzi-cker Chiueh
Issue Date:December 2006
pp. 463-472
Many software security solutions require accurate tracking of control/data dependencies among information objects in network applications. This paper presents a general dynamic information flow tracking framework (called GIFT) for C programs that allows an...
 
Spoof Detection for Preventing DoS Attacks against DNS Servers
Found in: Distributed Computing Systems, International Conference on
By Fanglu Guo, Jiawu Chen, Tzi-cker Chiueh
Issue Date:July 2006
pp. 37
The Domain Name System (DNS) is a critical element of the Internet infrastructure. Even a small part of the DNS infrastructure being unavailable for a very short period of time could potentially upset the entire Internet and is thus totally unacceptable. U...
 
Accurate and Automated System Call Policy-Based Intrusion Prevention
Found in: Dependable Systems and Networks, International Conference on
By Lap Chung Lam, Wei Li, Tzi-cker Chiueh
Issue Date:June 2006
pp. 413-424
One way to prevent control hijacking attack is to compare a network application?s run-time system calls with a pre-defined normal system call behavior model, and raise an alert upon detecting a mismatch. This paper describes a system called PAID, which can...
 
BIRD: Binary Interpretation using Runtime Disassembly
Found in: Code Generation and Optimization, IEEE/ACM International Symposium on
By Susanta Nanda, Wei Li, Lap-Chung Lam, Tzi-cker Chiueh
Issue Date:March 2006
pp. 358-370
The majority of security vulnerabilities published in the literature are due to software bugs. Many researchers have developed program transformation and analysis techniques to automatically detect or eliminate such vulnerabilities. So far, most of them ca...
 
Automated and Safe Vulnerability Assessment
Found in: Computer Security Applications Conference, Annual
By Fanglu Guo, Yang Yu, Tzi-cker Chiueh
Issue Date:December 2005
pp. 150-159
As the number of system vulnerabilities multiplies in recent years, vulnerability assessment has emerged as a powerful system security administration tool that can identify vulnerabilities in existing systems before they are exploited. Although there are m...
 
Network-Centric Buffer Cache Organization
Found in: Distributed Computing Systems, International Conference on
By Gang Peng, Srikant Sharma, Tzi-cker Chiueh
Issue Date:June 2005
pp. 219-228
A pass-through server such as an NFS server backed by an iSCSI[1] storage server only passes data between the storage server and NFS clients. Ideally it should require at most one data copying operation on sending or receiving, as in normal IP routers. In ...
 
Scalable and Robust WLAN Connectivity Using Access Point Array
Found in: Dependable Systems and Networks, International Conference on
By Fanglu Guo, Tzi-cker Chiueh
Issue Date:July 2005
pp. 288-297
With the enormous economies of scale of Wireless LAN (WLAN) hardware, the price of commodity WLAN access points has dropped to the level that is even cheaper than some WLAN adapters. In this paper we propose to put together an array of off-the-shelf access...
 
Design, Implementation, and Evaluation of a Repairable Database Management System
Found in: Data Engineering, International Conference on
By Tzi-cker Chiueh, Dhruv Pilania
Issue Date:April 2005
pp. 1024-1035
Although conventional database management systems are designed to tolerate hardware and to a lesser extent even software errors, they cannot protect themselves against syntactically correct and semantically damaging transactions, which could arise because ...
 
Tracing the Root of
Found in: Computer Security Applications Conference, Annual
By Amit Purohit, Vishnu Navda, Tzi-cker Chiueh
Issue Date:December 2004
pp. 284-303
In most existing systems, the authorization check for system resource access is based on the user ID of the running processes. Such systems are vulnerable to password stealing/cracking attacks. Considering that remote attackers usually do not have physical...
 
Design, Implementation, and Evaluation of A Repairable Database Management System
Found in: Computer Security Applications Conference, Annual
By Tzi-cker Chiueh, Dhruv Pilania
Issue Date:December 2004
pp. 179-188
Although conventional database management systems are designed to tolerate hardware and to a lesser extent even software errors, they cannot protect themselves against syntactically correct and semantically damaging transactions, which could arise because ...
 
Evaluation of a wireless enterprise backbone network architecture
Found in: High-Performance Interconnects, Symposium on
By A. Raniwala, Tzi-cker Chiueh
Issue Date:August 2004
pp. 98-104
IEEE 802.11 wireless LAN technology is mainly used as an access network within corporate enterprises. All the WLAN access points are eventually connected to a wired backbone to reach the Internet or enterprise computing resources. We aim to expand WLAN int...
 
OmniCon: A Mobile IP-Based Vertical Handoff System for Wireless LAN and GPRS Links
Found in: Parallel Processing Workshops, International Conference on
By Srikant Sharma, Inho Baek, Yuvrajsinh Dodia, Tzi-cker Chiueh
Issue Date:August 2004
pp. 330-337
Wi-Fi based hotspots offer mobile users broadband wireless Internet connectivity in public work spaces and corporate/university campuses. Despite aggressive deployment of these hotspots in recent years, high-speed wireless Internet access remains restricte...
 
 1  2 Next >>