Kozo Itano

OpenJava: A Class-Based Macro System for Java

This paper presents OpenJava, which is a macro system that we have developed for Java. With traditional macro systems designed for non object-oriented languages, it is difficult to write a number of macros typical in object-oriented programming since they require the ability to access a logical structure of programs. One of the drawbacks of traditional macro systems is that abstract syntax trees are used for representing source programs. This paper first points out this problem and then shows how OpenJava addresses this problem. A key idea of Open-Java is to use metaobjects, which was originally developed for reflective computing, for representing source programs.

Capability-Based Egress Network Access Control for Transferring Access Rights

In conventional egress network access control (NAC) using access control lists (ACLs), modifying ACLs is a heavy task for administrators. To enable rapid configuration without a large amount of effort by administrators, we introduce capabilities to egress NAC. In our egress NAC, a user can transfer his/her access rights (capabilities) to other persons without asking administrators. To realize capability-based egress NAC, we use DNS messages and IP options to carry capabilities. A resolver of the client sends the user name, domain name, and service name as DNS query messages to a DNS cache server, which issues capabilities according to a policy and sends them as DNS answer messages to the client. The client kernel includes these capabilities in the IP options of packets and sends them to the router. The router checks the capabilities of the packets to determine whether to pass or block them. In this paper, we describe the design and implementation of our method in detail. Experimental results show that our method does not reduce the routers performance

Enhancing access control with SysGuard, a reference monitor supporting portable and composable kernel module

To install security modules or reference monitors into operating system kernels is a common and effective way for enhancing access control for networks. However, security modules in conventional kernel-level reference monitors are usually not portable to other kernels and require detailed knowledge about kernel internals. Furthermore, different security modules are often not composable and conflict with each other. This paper describes a reference monitor called SysGuard that addresses these problems. SysGuard uses modules called guards that are invoked before or after the execution of system calls. Unlike kernel-specific security modules, guards are attached to standard system calls that enhance their portability. The guard scoping on a per-process basis improves composability of individual guards, and it is implemented efficiently by using a per-process jump table of system calls. This paper describes the implementation of restricted execution environments for networks by composing simple and portable guards, and shows the advantages of the SysGuard security framework.

A Traffic Analysis Using Cardinalities and Header Information

Recently, the variety and vastness of computer networks have increased rapidly. To keep networks stable and reliable, network administrators have to understand the nature of network traffic flows. We have developed a cardinality-analysis method that analyzes cardinalities in TCP/IP headers. The cardinalities can be used to detect abnormal traffic such as DDoS attacks and Internet worms. However there is much unclassified traffic remaining. In this paper, we propose further analysis that consists of two parts: 1) select service port numbers and 2) analyze the volume of inflow and outflow for each service along with packet sizes. The method proposed can analyze the behavior of hosts and services in detail. We applied the proposed analysis to the traffic captured at the University of Tsukuba’s campus network and demonstrated the ability of classifying services into four groups: download type, upload type, both way type, and control or real time communication type, which normally can’t be classified by cardinality analysis.

Name-Level approach for egress network access control

Conventional egress network access control (NAC) at the network layer has two problems. Firstly, wild card “*” is not allowed for a policy. Secondly, we have to run a Web browser for authentication even if we do not use the Web. To solve these problems, this paper proposes a name-level method for egress NAC. Since it evaluates the policy at the DNS server, this method enables a wild card to be used in the policy. Since each DNS query message carries user identification by using Transaction Signature (TSIG), the authentication for any service is performed without Web browsers. The DNS server configures a packet filter dynamically to pass authorized packets. This paper describes the implementation of the DNS server, the packet filter, and the resolver of the method. Experimental results show that the method scales up to 160 clients with a DNS server and a router.

A P2P Approach to Scalable Network-Booting

Network-booting is widely adopted in universities that have to maintain many client computers. In conventional network-booting systems, the primary bottleneck is the disk image distribution servers and the network to these servers. To eliminate this bottleneck, peer-to-peer (P2P) methods must work. However, existing P2P methods, including BitTorrent, do not work well for network-booting because they are highly optimized for distributing an entire large file, while network-booting requires certain parts of a large file. In the present study, aiming to solve the problems described above, we describe a new network-booting system that uses a P2P method. In our P2P-based network-booting system, a client node receives disk blocks not only from central distribution servers but also from the other client nodes that already have the demanded disk blocks. To the best of our knowledge, our network-booting system is the first effective implementation of a network-booting system that uses a P2P method in a local area network. Unlike conventional P2P systems, the proposed network-booting system can deal with demanded parts of a large disk image. We performed experiments with 112 client nodes in real classrooms on a university campus. The results of the experiments show that our implementation scales well as the number of client nodes grows.

A Method for Analyzing Network Traffic Using Cardinality Information in Firewall Logs

Recently, the variety and vastness in networks have increased rapidly. To keep networks stable and reliable, network administrators have to understand the nature of network traffic flows. In this paper, we propose a method to analyze network traffic using firewall logs. The characteristics of our method are 1) the use of the aggregate flow information, and 2) the use of cardinality information of aggregate flows. Here, the cardinality information shows the number of servers/clients, and contributes to finding P2P software and Intranet viruses. The experimental results confirm that the session level cardinality information acquired by the proposed method can find P2P software and other types of applications.

Securing RPC with a Reference Monitor for System Calls

This paper proposes a method to improve access control for RPC by using a reference monitor for system calls. The proposed method uses a set of kernel extension modules. Unlike conventional packet filters, some kernel modules can handle RPC-level parameters, such as program numbers and procedure numbers for filtering RPC messages. Furthermore, these filtering modules can decode arguments of individual procedures based on virtual machine instructions. Another kernel module confirms a user identifier and group identifiers in the RPC request messages. Therefore, individual RPC servers can use those identifiers for improving security. The performance decline cased by those kernel modules is small and less than the variation of communication times over a 100Mbps LAN.

An incremental pattern matching algorithm for the pipelined lexical scanner

Lexical scan is a basic part of language processors such as assemblers, compilers, and source code interpreters [2]. The lexical scan takes a large amount of processing time, although the processing algorithm is rather simple and regular. Hence, the hardware realization is especially effective for the speed-up of the processing. Based on the experience of the design and evaluation of a hardware lexical scanner [1,5], an efficient pattern matching algorithm was devised to be incorporated in the pipelined lexical scanner [3]. In this approach, variable-length character strings are converted into compact binary form for the easiness of manipulation in addition to the usual lexical scan. In this paper, details of the lexical scanning algorithm with string compaction are disclosed. The algorithm is based on the associative lexical table and the character stream oriented pattern matching algorithm. The performance evaluation is also given for the actual sample programs of C and PASCAL.