Logo des Repositoriums

Auflistung nach Autor:in "Weis, Torben"

1 - 5 von 5
  • Textdokument
    Group-based Memory Management in Fyr
    (Tagungsband des FG-BS Herbsttreffens 2020, 2020) Weis, Torben; Zdankin, Peter; Carl, Oskar; Waltereit, Marian
    Albeit being introduced decades ago, C and C++ are still the most commonly used programming languages for operating systems. These languages have no reliable mechanisms to deal with memory safety issues, such as use-after-free or data race conditions, that are a leading cause for security bugs in operating systems and other critical software. Tools such as Valgrind have been developed to identify errors, but the errors must occur during the analysis, as they are not found otherwise. Several modern programming languages such as Rust, Go and Swift have emerged aiming to solve some of the issues by providing memory safety guarantees at compile or run time. However, these languages introduce new limitations, especially concerning software development for performance-critical or resource-constrained systems. In this paper, we introduce a new approach to automatic memory management that manages the lifetime of object groups instead of individual objects. We show that group-based memory management can remove some of the restrictions of modern programming languages while satisfying important memory safety constraints. Furthermore, we show how group-based memory management is implemented in our new systems programming language Fyr.
  • Konferenzbeitrag
    How to configure proof-of-work functions to stop spam
    (Sicherheit 2005, Sicherheit – Schutz und Zuverlässigkeit, 2005) Golze, Sebastian; Mühl, Gero; Weis, Torben
    Spam email is a growing problem for today's Internet infrastructure. Besides many filtering techniques, proof-of-work functions have been proposed to fight spam email. Proof-of-work functions are moderately hard cryptographic functions which allow a computer to proof that a certain amount of resources has been spent. Since spammers have limited resources calculating proof-of-work functions can reduce the amount of email they can send out. In this paper, we put the costs of calculating proof-of-work functions in relation to the potential profit. This relation must be known in order to parameterize these functions such that a spammer makes no profit. We investigate in detail the monetary costs of different categories of proof-of-work functions. This allows us to determine how much hardware resources have to be spent per email message in order to make sending spam email unprofitable. The main result of our work is that proof-of-work functions must be a lot harder to calculate than usually assumed by other authors.
  • Konferenzbeitrag
    Lastregelung von web services mittels Proof-of-Work Funktionen
    (Kommunikation in Verteilten Systemen (KiVS), 2005) Golze, Sebastian; Mühl, Gero; Weis, Torben; Jäger, Michael C.
    Kostenlos frei angebotene Web Services sind anfällig für Überlastsituationen, die beispielsweise durch eine zu große Anzahl von Clients oder durch zu häufig anfragende Clients verursacht werden können. Auch Denial-of-Service Angriffe durch bösartige Clients können Überlastsituationen verursachen. Eine Lösung wäre, den betroffenen Web Service kostenpflichtig zu machen. Dies scheitert jedoch in der Praxis meist an der umständlichen Erhebung. In diesem Artikel erläutern wir, wie mittels Proof-of-Work Funktionen eine Lastregelung von Web Services realisiert werden kann. Proof-of-Work Funktionen er- möglichen Clients nachzuweisen, dass sie eine gewisse Menge von Rechenleistung oder anderen Ressourcen erbracht haben. Durch die Regelung wird sichergestellt, dass alle Clients weiterhin Zugriff haben, aber die Zugriffe von zu häufig nachfragenden Clients eingeschränkt werden.
  • Textdokument
    Persistent Streams: The Internet With Ephemeral Storage
    (Tagungsband des FG-BS Herbsttreffens 2021, 2021) Carl, Oskar; Zdankin, Peter; Schaffeld, Matthias; Matkovic, Viktor; Yu, Yang; Elbers, Timo; Weis, Torben
    Communication in the internet today is transient by default. Because of this, whenever an application needs to store data even for a moment, its provider needs to develop an application-specific solution, which is often done using client-server models. This is costly at scale, and generally requires users to concede control over the data they generate to allow application providers to generate revenue from the collected data to finance the operation of these servers. This also leads to a lock-in effect, which is prohibitive for new applications entering a market. To solve these issues, we propose persistent streams, an application-agnostic communication protocol that includes ephemeral and persistent storage and is able to handle both discrete as well as continuous (streaming) data. Including storage into the communication path removes the need for application servers completely. Even though the protocol relies on (cloud) servers as transmission and storage proxies, we expect the emergence of new storage technologies like non-volatile main memory to alleviate some issues this introduces. We also show the general applicability of this solution using different kinds of applications as examples. Overall, persistent streams have the potential to greatly reduce the burdens on application providers while also enabling users to exercise increased control over their data.
  • Textdokument
    Requirements and Mechanisms for Smart Home Updates
    (INFORMATIK 2020, 2021) Zdankin, Peter; Carl, Oskar; Waltereit, Marian; Matkovic, Viktor; Weis, Torben
    The interconnection of sensors and actuators of smart home devices creates dependencies that allow for ubiquitous services. These devices can be subject to transformative changes through software updates that might lead to unintended consequences. Users have no tools to predict the negative consequences caused by updating their smart home. In this paper, we address this problem and propose mechanisms that enable organized update planning in a smart home. We compare self-description standard approaches that allow reasoning about resulting functionality before updates are installed. Updating devices to their latest versions is not necessarily the best way to update smart homes, therefore we discuss multi-objective optimization in the update process. Finally, outsourcing functionality to external providers might reduce the complexity of certain tasks, but can also pose threats if the wrong tasks are offloaded.