Papers by Miroslav Popovic
This paper describes a method for data leak protection (DLP) based on tracking sensitive informat... more This paper describes a method for data leak protection (DLP) based on tracking sensitive information as it flows inside file system on a host. The method is based on the idea that every flow from sensitive to non-sensitive object increases the security level of the target object to that of the source object. Any process which reads an object that contains sensitive data automatically itself becomes tagged as sensitive. When a process gets tagged, all subsequent write operations to any object make target objects also tagged. Any process created by a tagged process is also tagged. By spreading tags over all objects touched by a sensitive process, we have a guarantee that no one bit of sensitive information resides in a non-sensitive objects. Using any software tool to process a sensitive object results in a new sensitive object, this prevents bypassing security mechanisms. All objects tagged as sensitive are checked before being transferred out of the host according to security policy. The main goal of this method is to prevent covert channels for information leakage which use steganography, data modification, compression or encryption. It is implemented in Linux OS as a kernel module. It works with legacy applications, since all changes are on OS level.
One of the main application areas of modern engineering in computer based systems is development,... more One of the main application areas of modern engineering in computer based systems is development, production, deployment and maintenance of reactive systems. Today, the majority of functions in such systems are implemented in software, and modeled as a group of finite state machines (automata). The past decade has seen many R&D efforts in development of tool sets that support software
Abstract Building a very large-scale distributed system, such as a power distribution system, was... more Abstract Building a very large-scale distributed system, such as a power distribution system, was always regarded as a highly demanding undertaking in the area of engineering of computer based systems. Such systems nowadays are managing tens of millions of input ...
Massive parallel computing (MPC) originally appeared in the arena of multi-core processors and gr... more Massive parallel computing (MPC) originally appeared in the arena of multi-core processors and graphic processing units with parallel computing architecture. Nevertheless, most embedded software is still written in C, therefore C code parallelization is being subject of many ongoing R&D efforts. The most prominent approaches to parallelization of C code include Intel Cilk Plus, OpenCL, vfAnalyst, etc. The objective of this paper is to contribute to the automatic parallelization of existing sequential C code, without any source code modifications/annotations, by proposing two appropriate algorithms for parallelization, Block algorithm, and Operation based algorithm.
The paper presents the concept and characteristics of a PC based integrated control system named ... more The paper presents the concept and characteristics of a PC based integrated control system named GAUS. Special attention is paid to the application software development and testing methodology, oriented to the realization of complex industrial applications demanding distributed architecture and extensive batch control. Control over the large processing systems is facilitated by a decision support environment, based on system history and a neural network/self-organizing fuzzy modeling approach.
This paper discusses some problems in use of Intrusion Detection Systems (IDS), especially relate... more This paper discusses some problems in use of Intrusion Detection Systems (IDS), especially related to evasion attacks. Important characteristics of this type of attacks are presented, and possibilities for attack analyzed. Further along, characteristics of network and host based ...
... The working environment described here has been used in a couple of real-world projects, one ... more ... The working environment described here has been used in a couple of real-world projects, one of which has been presented in a simplified form as a case study of this paper. ... [8] Denise M. Woit, “Operational Profile Specification, Test Case Generation, and Reliability ...
Abstract In this paper we present a finite state machine (FSM) based implementation of SIP protoc... more Abstract In this paper we present a finite state machine (FSM) based implementation of SIP protocol stack for SIP user agent. Design decisions made during the development process, and the resulting characteristics of software product are discussed. Some characteristics ...
In this paper we present our original approach to the model-based statistical usage testing of a ... more In this paper we present our original approach to the model-based statistical usage testing of a class of communication protocol implementations that are based on the State design pattern and Java programming environment augmented with the class FSMSystem. The approach is based on the working environment that has been proven on a number of real-world projects. The working environment is created with the following set of tools: generic modeling environment with the operational profile model paradigm registered to it, operational profile model interpreter, generic test case generator, test case compiler, and the unit testing framework JUnit extended with the class TestBed that acts as both test driver and stub thus providing the complete test harness. In the paper we present the methodology of the model-based statistical usage testing of a class of communication protocol implementations, the tools that support this methodology, and the case study -the model based statistical usage testing of SIP INVITE client transaction, a part of the SIP protocol stack.
The issue of parallelization of large and complex software systems has been widely researched, bu... more The issue of parallelization of large and complex software systems has been widely researched, but no definite solution has been published yet. In the paper we introduce the concept of parallelization based on the identification of mutually independent data sets and refactoring legacy software for the purpose of adjusting it to execution as a task tree. Then we present implementation of the concept on existing distribution management system. Finally, we present the results of the performance evaluation based on a series of experiments made on the dual-core symmetric multiprocessor.
The authors present the software reliability and maintenance concept, which is used in the softwa... more The authors present the software reliability and maintenance concept, which is used in the software development, testing, and maintenance process, for automatic call distributor MEDIO ACD. The concept has been successfully applied on systems, which are installed and fully operational in Moscow and Saint Petersburg, Russia. The authors concentrate on two main issues: (i) set of fault-tolerant mechanisms needed for the system exploitation (error logging, checkpoint-restart, overload protection and tandem configuration support); (ii) MEDIO ACD software maintenance concept, in which the quality of the new software update is predicted on the basis of the current update's metrics and quality, and the new update's metrics. This forecast aids software maintenance efficiency, and cost reduction
Applied Intelligence, 2011
Most of the research effort in the field of HAP communications until now has been invested in the... more Most of the research effort in the field of HAP communications until now has been invested in the physical layer of the protocol stack, and in the radio related issues in particular. However, the overall system throughput is limited by the performance of the transport layer. Since HAPs will be used in networks with different topological complexity, various kinds of wireless communications links, bit error rates, and various mixtures of multimedia traffic, the control flow in such networks may present itself as a non-linear and stochastic process. Therefore we introduced a fuzzy control of the throughput in the TCP. Our approach is based on the off-line synthesis of the Takagi-Sugeno fuzzy controller based on the simulation data and on-line flow control by the synthesized controller that is built in the conventional TCP. In the paper we present the ns2-based simulation results.
The paper presents a software testing concept used for MICRONAS Intermetall MAS DSP C compiler MA... more The paper presents a software testing concept used for MICRONAS Intermetall MAS DSP C compiler MAS/C-Compiler. The concept is based on a specially developed software testing tool, which asserts whether the application generated by MAS/C-Compiler is valid or not. If not, it helps compiler designers to localize the bug, and to eliminate it. Compiler testing is viewed as a continual process. For each new compiler test case, the following two steps are conducted: (i) reference error-free source code is designed using commercially available high quality C++ reference compilers; (ii) a specially developed bit-exact testing tool is used to compare outputs of application produced by reference compiler and application produced by MAS/C-Compiler. Based on this comparison, bug localization and elimination is possible
Voice over IP (VoIP), a service that transfers voice signal packets over IP-based networks has be... more Voice over IP (VoIP), a service that transfers voice signal packets over IP-based networks has been in a focus of much attention in recent years. This paper describes one solution for a local PBX based on existing LAN hardware infrastructure, and specially developed USB VoIP modem device, PSTN/H.323 gateway software, and H.323 terminal software. It is designed as a low-cost modular solution for small and middle size companies, as well as for home networks.
The era of classical PBX-based call centers has passed. Those systems were proprietary and closed... more The era of classical PBX-based call centers has passed. Those systems were proprietary and closed, i.e. with fixed functionality. Today, the Internet and multimedia applications are becoming more and more popular across the world, and there is a lot of effort in both academia and industry to build and deploy modern Internet-based call centers. This paper should be viewed as a contribution to these efforts. It presents our approach to Internetbased virtual call center implementation. In contrast to other efforts, we consider the virtual call center as a universal infrastructure, which could be used as a telecommunication management network center and as an intelligent network service control point, too. In the paper we present our concept, the most interesting implementation details, and pilot network configuration.
Journal of Software Maintenance and Evolution: Research and Practice, 2001
In this paper we present a case study of the software maintenance practice that has been successf... more In this paper we present a case study of the software maintenance practice that has been successfully applied to real-time distributed systems, which are installed and fully operational in Moscow, St. Petersburg, and other cities across Russia. In this paper we concentrate on the software maintenance process, including customer request servicing, in-field error logging, role of information system, software deployment, and software quality policy, and especially the software quality prediction process. In this case study, the prediction process is shown to be integral and one of the most important parts of the software maintenance process. We include a software quality prediction procedure overview and an example of the actual practice. The quality of the new software update is predicted on the basis of the current update's quantity metrics data and quality data, and new update's quantity metrics data. For management, this forecast aids software maintenance efficiency, and cost reduction. For practitioners, the most useful result presented is the process for determining the value for the break point. We end this case study with five lessons learned.
Formal software verification typically involves some levels of static theorem proving which is a ... more Formal software verification typically involves some levels of static theorem proving which is a mathematical process of proving that the function computed by a program match the function specified. A theorem prover, such as THEO, automates this process. On the other hand, reverse engineering is a process inverse to traditional engineering. An example extracts the software specification from its source code. In this paper we present a formal software verification concept, which is based on automated theorem proving and reverse engineering. We are mainly concerned with communications software and with software for families of communication protocols in particular. In the paper we describe how to: (1) model a group of finite state machines using predicate calculus; (2) extract axiomatic software specification from the source code and log files; and (3) formally verify software for a given operational profile (set of test cases). The concept has been successfully applied to a call processing software for systems, which are installed and fully operational in Moscow and Saint Petersburg, Russia
In this paper we have approached one problem in development of distributed intrusion detection sy... more In this paper we have approached one problem in development of distributed intrusion detection systems (IDS), namely realization of communications among its nodes. During the last few years, a significant trend towards building of highly distributed IDS systems could be noticed. In this situation a reliable communications solution that would enable updating of signature bases and alert notification is required. We propose use of subscriber-publisher design pattern for this purpose. Data schemes that could be used in this case are described.
Uploads
Papers by Miroslav Popovic