Abstract: A mechanism called time-deterministic replay (TOR) that can reproduce the execution of a program, including its precise timing. Without TOR, reproducing the timing of an execution is difficult because there are many sources of timing variability. TOR uses a combination of techniques to either mitigate or eliminate most of these sources of variability. Using a prototype implementation of TOR in a Java Virtual Machine, we show it is possible to reproduce the timing to within 1.85% of the original execution. A study of one of the applications of TOR is described: the detection of a covert timing channel. Timing channels can be used to exfiltrate information from a compromised machine by subtly varying timing of the machine's outputs, TOR can detect this variation. Unlike prior solutions, which generally look for a specific type of timing channel, our approach can detect a wide variety of channels with high accuracy.

Abstract: A mechanism called time-deterministic replay (TOR) that can reproduce the execution of a program, including its precise timing. Without TOR, reproducing the timing of an execution is difficult because there are many sources of timing variability. TOR uses a combination of techniques to either mitigate or eliminate most of these sources of variability. Using a prototype implementation of TOR in a Java Virtual Machine, we show it is possible to reproduce the timing to within 1.85% of the original execution. A study of one of the applications of TOR is described: the detection of a covert timing channel. Timing channels can be used to exfiltrate information from a compromised machine by subtly varying timing of the machine's outputs, TOR can detect this variation. Unlike prior solutions, which generally look for a specific type of timing channel, our approach can detect a wide variety of channels with high accuracy.

Abstract: A system for locating a wireless device involves the use of the measured signal strength of various base stations in the building or outdoor area under analysis. A topological map of the building or outdoor area under analysis is created. The map is divided into cells, and signal intensities are collected in each cell. For each cell, the signal from a particular base station is fit to a statistical distribution, such as a Gaussian distribution, and the parameters of the statistical distribution are estimated. After a device obtains a set of signal strength measurements, a probabilistic technique is employed to estimate the probability of the existence of the measurements in each of the cells of the building or area under analysis. The estimated location is the cell with the highest probability. A mobile user is tracked with the use of a Markov chain and the system can be calibrated to account for equipment and environmental variations.

Abstract: According to the present invention a method, device and a computer program product is provided for packet-level routing. The method, the device and the respective computer program product may be used in a computer system being connected to a communications network. The computer system includes a kernel providing a first interface for sending and retrieving data packets to the data link layer, a second interface for sending and retrieving data packets to the network layer, and filtering means for controlling the transportation of data packets to and from the network layer.