A Framework to Protect Mobile Agents by using Reference States

合集下载

高二英语科技词汇单选题40题

高二英语科技词汇单选题40题

高二英语科技词汇单选题40题1. When you want to save a document, you can click on the “Save” _____.A.buttonB.menuC.windowD.tool答案:A。

“button”是按钮的意思,保存文档时点击的是“Save”按钮。

“menu”是菜单,“window”是窗口,“tool”是工具,都不符合语境。

2. The _____ allows you to type in text on a computer.A.keyboardB.mouseC.monitorD.printer答案:A。

“keyboard”是键盘,用来在电脑上输入文本。

“mouse”是鼠标,“monitor”是显示器,“printer”是打印机,都不是用来输入文本的。

3. A program that helps you manage your files is called a _____ manager.A.fileB.textC.imageD.video答案:A。

“file manager”是文件管理器,用来管理文件。

“text”是文本,“image”是图像,“video”是视频,都不是管理文件的程序。

4. The _____ is the main part of a computer where all the processing happens.A.cpuB.ramC.hard driveD.monitor答案:A。

“cpu”是中央处理器,是电脑的主要部分,所有的处理都在那里进行。

“ram”是随机存取存储器,“hard drive”是硬盘,“monitor”是显示器,都不是主要处理部分。

5. To connect to the internet, you need a _____ connection.A.wirelessB.wiredC.bluetoothD.optical答案:A。

外文翻译---在战争中移动代理的通信中间件对于数据流作用

外文翻译---在战争中移动代理的通信中间件对于数据流作用

A MOBILE AGENT-BASED COMMUNICATIONSMIDDLEWAREFOR DATA STREAMING IN THE BATTLEFIELDABSTRACTIn this paper we introduce the FlexFeed framework in the context of military combat operations. FlexFeed realizesthe notion of Agile Computing for streaming data communicationsand implements a flexible, robust and efficient]publish/subscribe infrastructure for dynamic ad hoc environmentunder resource and policy constraints. Theframework uses mobile software agents for underlyingconfiguration and policy enforcement. The paper illustratesthe effectiveness of the framework with quantitativeexperiments over simulated scenarios.INTRODUCTIONDependable communication capabilities are amongst the most important technical requirements for mission successin military operations. Complex missions involving coalitionforces, robotic support units, remote sensor beds andautonomous vehicles will require underlying communicationinfrastructures that are more flexible, efficient, androbust in order successfully operate in the face of enemyattacks.Most communications between peers in the battlefield areeither to exchange state and environmental information orto relay command and control messages. State informationincludes, for instance, relative position of troops and vehicles(enemy and friendly), sensor data from unmanned vehiclesor sensor beds, situation data, etc. This type of datais often transmitted as streams of arbitrary durations, suchas video-feeds from a camera sensor or continuous GPSposition data from moving vehicles or troops.Furthermore, the communications infrastructure must adjustto changes in overall mission goals and operationstempo. During monitoring and recognition missions, conservingpower might be the primary objective function toextend the life of network resources. However, as engagementtakes place, the communications infrastructure mayneed to quickly shift into a high performance mode to effectivelysupport and optimize the kill chain as the primaryobjective.In this paper we present FlexFeed, a mobile-agent basedcommunications framework, applied to the battlefield scenario.Our proposal leverages from years of research in thefields of mobile ad hoc networks and intelligent softwareagents to build an efficient, self-configurable, and selfhealingcommunications network for these types of environments.After an introductory description of the environment andsystem requirements, we will discuss the related work inthis area and the concepts proposed in FlexFeed. A briefdescription of the implementation details of frameworkwill be then followed by case studies, presented and experimentallyevaluated on a simulated network to illustrateFlexFeed capabilities.COMMUNICATIONS IN THE BATTLEFIELDAs part of the Army’s Objective Force to be deployedwithin the next decade, Future Combat Systems (FCS) isenvisioned as a system of systems that will integrate severallightweight, highly mobile components including newgenerations of manned and unmanned military vehicles, hese light vehicleswill partially replace heavy armored slower vehiclesin order to bring unprecedented levels of dynamism andagility to the combat theater.Furthermore, FCS operations will heavily rely on informationsuperiority to quickly take control of the battlefield and react to enemy movements and changesof strategy. This capability depends on the notion of universaltasking, where resources and information are directlyavailable at any timeto the edge warriors and commandersin the field.An enabling key-capability for this vision is an efficientand adaptive communications infrastructure to support andextend edge warrior capabilities and provide access tocritical information at any time, while at the same timeensuring optimal resource utilization and security both atthe infrastructure and information levels. Figure 1 shows aschematic view of some of the elements involved in theseeypes of operations.In general, a communications model capable of supportingFCS requirements is an ad-hoc publish/subscribe model.Soldiers and systems in the network will subscribe to sen2of 8 data and state information to plan and coordinate localtasks in response to high level instructions from the commandand control center.Figure 1 –Communications infrastructure in the battlefieldBased on FCS requirements, an appropriate data communicationsframework must be capable of satisfying the followingrequirements:a) Ad hoc: In most cases, as illustrated in figure 1, networksbetween nodes will be ad hoc, formed by proximityduring the operation itself. The communications infrastructuremust not depend on pre-established infrastructuralcomponents or centralized management stations. This capabilityis important both from a scalability and robustnessperspective, eliminating (or mitigating) single points offailure in the network.b) Efficiency: Communications and computational resourcesin the battlefield are expected to be limited andoften times, battery operated. Ad hoc sensor beds andsmall autonomous vehicles deployed during the operationwill have a life-span strictly limited by their battery life. Inmost cases, it is imperative that the communications infrastructure operate efficiently across different types of applicationsand scenarios to extend the life of network resources.c) Heterogeneity: Systems in the battlefield tend varygreatly in terms of computation and communications capabilities.Lightweight attack vehicles, small robotic units,and unmanned aerial vehicles will all have different degreesof computation and sensing capabilities andaccess tothe wireless environment.d) Application-aware Capabilities: A common limitation inmost communications frameworks currently available isthe lack of interaction between applications and theunderlyingdata transmission protocols. This limitation is oftenaccepted in lieu of the benefit of layer isolation and inmaking protocols interchangeable. For improved efficiencyhowever, the communications infrastructure canand should benefit from data-aware protocols at all levels.d) Robustness to External Attacks: The communicationsinfrastructure must be able to resist to both physical andnetwork attacks. Degradation with loss of communicationresources must be graceful and most importantly, must beselective. Special types of operations and tasks that arecritical to the overall operation must have precedence overless relevant tasks. This requirement goes beyond theconventionalnotion of quality of service in data networks.Ideally, the framework must be aware of the importance ofdata transmission not only in terms of data-type, source,and destination, but also in terms of high level goals andmission OPTEMPO in order to makeprioritization decisions.c) Robustness to Environmental Changes: The environmentalconditions, topology, and size of the network willvary significantly. In the battlefield, nodes can arbitrarilyjoin and leave the network. Nodes can be physically destroyedor made unavailable at any time. Anappropriatecommunications infrastructure must be able to cope withthese changes quickly and efficiently.e) Reactive and Proactive OPTEMPO Adaptability: Theframework must also be able to properly adapt to changein overall mission goals or situation in the battlefield. Forinstance, changes in operational tempo can be eitherpushed to or autonomously detected by framework nodes,which should automatically result in changes in the communicationsbehavior. Forinstance, when precursors ofengagement are identified, the framework, in accordancewith global policies, must autonomously switch from apower efficient mode a low latency, high performancemode to support combat systems.f) Proactive Resource Manipulation for Survivability andImproved Efficiency: This notion was initially proposedwithin the context of Agile Computing (Suri, 2002). It refersto the notion of granting the framework with the abilityto proactively manipulate physical (or logical) resourcesin the framework in order to recover criticalconnectivity segments or to significantly improve performance.g) High Level Policies for Monitoring and Control: From ahuman perspective, monitoring and control of such complexsystems is a very difficult task. An appropriate frameworkfor these types of systems must support interfaces topolicy infrastructures that would allow humans to easilydefine and establish constraints and obligations to regulatethe overalloperation of the framework. From an optimizationperspective, most policies would ultimately result inlow level constraints taken into account by the frameworkwhen deciding about resource allocation.In the last few years, a number of research proposals havebeen introduced to address some of these mon to most of them is the notion of a customizablepublish/subscribe communications mechanism capable toefficiently support messaging and data streaming.RELATED WORKConventional topic-based publish/subscribe systems suchas such as Vitria (Skeen, 1998), TPS (Eugster et al., 2001)3 of 8and JORAM (Maistre, 2003) leveraged form multicast protocolsand the assumption of a clear hierarchy on data andevents to build efficient multicast groups for topic-baseddata distribution. Multicast based protocols often providean efficient solution to the problem but they assume thatonly nodes participating in the multicast group wouldshare the data for distribution (at the level of the multicasttree). Furthermore, most multicast protocols assume data(or events) to be strictly hierarchical and processing capabilitiesfor data transformation within the hierarchy mustbe available a priori at all nodes.A number of gossip-based (or epidemic) protocols werealso proposed in the same context (Lin and Marzullo,1999; Ganesh et al., 2001; Eugster et al., 2003). In general, these are efficient and scalable protocols but assume nodata hierarchy and often make no attempt for cost or constraintoptimization based on data stream aggregationandfiltering.Multicast protocols specifically designed for peer-to-peernetworks such Scribe (Rowstron et al., 2001) and HiCan(Ratnasamy et al., 2001) came to solve scalability issues inaddressing and group coordination. They too, however,assumed that only nodes subscribedto the multicast groupwould participate in the multicast tree and that data processingcapabilities are available at all nodes a priori.Alternatives to the multicast option were also proposed atthe level of unicast routing in the form of data-aware customizedad hoc routing protocols. An important exampleof these types of data-centric routing protocols is DirectedDiffusion (Intanagonwiwat et al. 2000). The Directed Diffusionprotocol proposes a highly scalable data-aware decentralizedrouting algorithm. The protocol supports thecreation of data distribution trees including nodes that arenot directly subscribing for the data. The protocol, however,also assumes that data transformation capabilities areavailable a priori at each node, which is not a realistic assumptionfor the types of environments envisioned in FCS.More recently, Baehni et al. (2004) proposed a data-awaremulticast protocol (daMulticast) for peer-to-peer networks.The approach leveraged from some of thedata-centrictechniques for data description and group membership,significantly improving reliability and at the same timereducing the memory complexity involved in maintaininggroup membership at each node.In the most part, the approaches share the notion of usingdata-aware techniques for resource or performance optimization.The problem, however, is that data-aware frameworksare usually highly customized to a set of applicationsor data types, often requiring significant time andeffort to support new scenarios or capabilities. In manycases, such changes are not even possible, as hardwaremight have been already deployed or might be under externaladministrative control, like in the case of combat orMilitary Operations Other than War (MOOTW) coalitionoperations.THE FLEXFEED FRAMEWORKIn this paper we propose FlexFeed, a mobile-agent basedcommunications framework designed to support highlycustomized data streams in mobile ad-hoc network environmentsunder policy and resource constraints.The concepts implemented in FlexFeed were first introducedby Carvalho et al. (2002). The fundamental ideas ofthe framework are based on the concepts of Agile Computing(Suri, 2002) where network and system resources areopportunistically exploited to transparently support applicationrequests in a manner that is efficient, robust, andadaptable to changes in the environment.The FlexFeed framework is essentially based on three coreconcepts: a) Opportunistic resource exploitation; b) Flexibilityand run time self-configuration via on-demand codeand process migration; and c) In-stream data processing.Inthe framework, these capabilities are combined and extendedto address the requirements identified in the typesof environments expected in FCS.The framework uses data-aware mobile agents to bettercustomize multicast trees and to provide in-stream dataprocessing (i.e. to take advantage of the multi-hop natureof the communications path in these types of environmentsto distribute computation data processing loads). Specializedagents can be injected in the framework by authorizedparties at run-time, allowing for great flexibility and supportof highly specialized data streams. The overall behaviorof the framework is regulated by high level policiesdefined, verified, and distributed by an integrated policyinfrastructure designed for multi-agent systems. A proof-concept version of the FlexFeed framework was developedand tested both in simulated and physical environments.The framework was also demonstrated in actuallive exercises conducted by theArmy (ARL QL2, 2004)and the demonstrations for the Navy (ONR NAIMT,2004). In the subsequent items, we will briefly discuss theimplementation details of the framework, followed by experimentalsimulation results of illustrative case studies.THE FRAMEWORK COMPONENTSThe FlexFeed framework is a distributed application-leveliddleware that is installed in all participating systems.te middleware provides an API that allows applications specify services or requests for data streaming.At heimplementation , the framework combines amobile agent system with resource coordination and allo4of 8cation mechanism and a policy infrastructure to determined configure, at runtime, efficient data distribution treesbetween applications.The mobile agent system gives the framework the abilityto move code and computation between nodes to enable,on demand, new data-specific capabilities in nodes thatwill participate in the data distribution tree. Process migrationis used to improve survivability and system performance.AlthoughFlexFeed can be easily configured to workwith different agent systems, our proof of concept implementationwas developed on top of the NOMADS agentsystem (Suri et al., 2000; Groth and Suri, 2000).NOMADS is a mobile agent system for Java-based agents.It provides two implementations: Oasis and Spring. Oasisincorporates a custom Java-compatible Virtual Machine(named Aroma) whereas Spring is a pure Java implementation.The Aroma VM is a clean-room VM designed toprovide the enhanced capabilities of execution state captureand resource control.The resource coordination component (referred to in thispaper as the ‘coordinator’) is the intelligent part of theframework. It is responsible for realizing the notion of agilecomputing in the context of data streaming. The ‘coordinator’can be implemented as a distributed process or asa centralized component operating in one of the nodes ofthe framework. All experiments and examples shown inthis paper are based on one specific implementation of acentralized coordination algorithm (ULM) but decentralizedalternatives are also available.The policy infrastructure is independent of the framework.The goal of the policy framework is to provide a high levelinterface to the system in order to allow both human operatorsand applications to establish, query and modify highlevel requirements and constraints that will regulate howthe framework should operate. Furthermore, the policyinfrastructure is also responsible for validation, verification,disambiguation, and distribution of policies throughoutthe system. Policies can also be used to regulate andconstrain the autonomous behavior of the framework, providingbounds for self-adjustments to operation tempo andto the proactive manipulation of resources. Currently,FlexFeed uses KAoS (Bradshaw et al., 1997; Bradshaw etal. 2002; Bradshaw et al., 2003) as its policy framework.Access to these components is available at each nodethrough a common API. In order to participate in theframework, applications at each node can obtain an instanceof the FlexFeedManager Component (Figure 2).The FlexFeedManager provides the access API to the framework and allows applications to register, advertisecapabilities, and request data streams from other resources.Transparent to the applications, FlexFeedManagers at communicate in a peer-to-peer fashion to exchangestate and plan resource utilization. When a client places arequest for a data stream from a sensor as illustrated infigure 2, it specifies the source of the data and the requirementsfor the data stream (for example, resolutionand frame rate in the case of a video stream).That information, along with resource availability informationfrom local nodes, is used to build the data distributiontree from source to client. If using a centralized coordinator,the planning is done at one single location using globalstate data. Decentralized coordination algorithms rely onpeer to peer negotiation between FlexFeedManagers anduse only local state for planning.The client is allowed to specify any type of data, grantedthat it provides to the framework the necessary informationfor cost calculation and the code (in the form of mobileagents) necessary to manipulate (e.g. aggregation and filtering)the data for optimization. Because FlexFeed supportson-demand code deployment, trusted applicationscan provide new components to the framework at run time,enabling the support of previously unknown data types.The client can also provide complex data processing requestssuch as the one illustrated in figure 3. In that example,the client is specifying (through a graph structure) twodistinct data sources that should be merged with a specific(client-provided) processing element (FS) and then, discriminativelydelivered to two sink nodes. Details aboutthe data types and processing elements are embedded inthe graph node and edge components, using a pre-defineddata structure provided by the framework.The FlexFeed framework will load the appropriate softwarecomponents specified by the client (either from theclient host of from a common codebase) and will identifythe network resources necessary to support the request.The location of the logical fusion element (FS) can be atany intermediate node between the source and sink elements,based on resource availability, policies, and overallcosts for computation and data transmission.After mapping the request to the physical network, theframework will monitor environmental changes (such assignificant variations in resource availability or link failure)to transparently recalculate and adjust the data treeuntil the request is terminated by the client.CASE STUDIES AND EXPERIMENTAL RESULTSThe framework was tested in a simulated network wherepacket drops and bandwidthconstraints could be carefullycontrolled. The goal of these tests was to demonstrate theeffectiveness of on demand configuration of data-awarestreaming in the improvement of data quality and reductionof jitter. These metrics are highly relevant to applicationssuch as the remote control of unmanned vehicles.The overhead of the framework was also measure in termsof induced latency in the stream. The computational overheadfor running intermediate processing elements andfilters was disregarded and the coordination mechanismused in the experiments was the centralized ULM (Carvalho,2005) algorithm, based on an iterative version ofDijkstra’s shortest path algorithm applied in localized partsof the graph.The experiments were conducted on a 100baseT networkwith full connectivity. Bandwidth limitations betweenUA V and other nodes were simulated on a fixed wirednetwork. Figure 4 provides a schematic view of the testnetworks.Figure 4 – Schematic illustration of the environment consideredfor experiments In this configuration, nodes ‘S1’ and ‘S2’ represent two dismounted soldiers in direct communications range witheach other and with a tank nearby ‘T2’. All nodes are incommunications range with an unmanned aerial vehicle‘UA V’ on a fixed flying pattern over enemy territory.The bandwidth available from the UA V to the remainingnodes is variable and can be severely constrained at differenttimes. Our experimental procedure explores differentoperational scenarios on top of this configuration. The goalis to quantitatively illustrate how the FlexFeed frameworkimproves data communications by reducing delays betweenimage updates and the variance between packet arrivaltimes (jitter). In our experimental setup, each node isrepresented by a separate laptop. The bandwidth limitationson the UAV are simulated by a gateway runningNISTNet (Carson, 2002). Figure 5 shows the experimentalsetup designed to simulate the environment illustrated infigure 1.The centralized coordination node (not shown in figure 5)receives state information such as CPU and bandwidthavailability from each of the 4 nodes involved in the test.The frequency of updates is proportional to the rate ofchange in these metrics. When a client makes a request fora data stream, it specifies the source node (UA V), framerate, and resolution. The coordinator nodewill receive therequest and will handle it appropriately, building a datadistribution tree from the source, based on current globalsystem state.Optimizing Bandwidth UtilizationIn the first scenario, soldier ‘S1’ temporarily assumes controlof the UA V, taking it o ut of the flying pattern andcloser to enemy positions. Unaware of the fact that the vehicleis now under remote control, soldier ‘S2’ also requestsa video stream from the UA V’s camera. In this example,both video streams were requested at a 320x240resolution with 3 frames per second.Under unconstrained conditions, the combined streamsrequire the UA V to send approximately 50 KBps of data.In the initial condition the bandwidth limitation is 100KBps (equivalent to unconstrained bandwidth in this example)so there are no packet drops and the average delaybetween images is 271 milliseconds, which represents astream of approximately 2.69 frames per second. Note thatthe resulting frame-rate, even under unconstrained bandwidthconditions, only approximates the requested framerate.This is due to the delays involved in actual imagecapture (which is camera dependent), compression, andserialization.The bandwidth available from the UA V is then progressivelyreduced to a maximum of 40 KBps, 30 KBps, and6 of 8then 24 KBps. At each step, the average delay betweenimages is measure at each client ‘S1’ and ‘S2’.When the coordinator is inactive, that is, when the frameworkis not making any attempt to optimize data streams,the sensor (UA V) sends a unicast stream to each of theclients. Both streams will compete for the limited bandwidthand the delays at each client increase significantlywith the reduction in bandwidth availability. These resultsare shown in figure 6, with their 95% confidence errormargins.Figure 6 – Effects of bandwidth reduction without datastream coordination.In this example, as the bandwidth availability decreases,the delays quickly increase to the point where criticaltasks, such as the remote control of the UA V, are completelycompromised. A minimum frame-rate of 2 fps isrequired1, in this example, to safely navigate the UA V so itis clear that even small constraints in bandwidth availabilitycan compromise this task. Furthermore, we can verifythe well known bandwidth stealing behavior between clients,where bandwidth is not equally shared betweenstreams. This behavior has been previously reported in IPnetworks (Tschudin and Ossipov, 2004) and could compromisecritical tasks such as the control of the UA V.Figure 4 – Data distribution tree created by FlexFeedWhen the FlexFeed coordinator is enabled, the frameworkidentifies the stream requests and attempts to globally optimizedata distribution. In this specific case, the coordinator(which, is a centralized process) determines that bothstreams are similar (in fact, equal) and the overall bandwidthutilization can be reduced with a multicast-like datadistribution tree. The framework opportunistically identi-1 Although it is commonly accepted that a minimum of four frames persecond is necessary to remotely operate robotic vehicles, for illustrationpurposes in this example, the minimum requirement for teleoperationis assumed to be two frames per second.fies node ‘T2’ as a potential intermediate processing elementand builds the distribution tree illustrated in figure 4.Under the same bandwidth constraints, the framework ensuresthat the lowest capacity link (from the UA V) is notsaturated and delays between images are kept within reasonablebounds.Furthermore, the variance in delay (jitter) is significantlysmaller, ensuring that critical processes maintain minimum levels of throughput and quality of service.FlexFeed OverheadThe overhead of framework basically falls into two maincategories: a) the number of additional control messagesinvolved on sharing state between nodes (or betweennodes and the centralized coordinator) and b) the time requiredto determine, locate, and configure the nodes thatwill participate in the data stream. Both factors are highlydependent on the type of coordination mechanism used inthe framework (centralized, zone-based, or local), the complexityof the data, the scale of the network, its level ofconnectivity, and the frequency of state updates.In our example, the network topology is static and variationsin resource availability are small so our attention isfocused primarily on the delays (latency) caused by thecentralized coordination algorithm. Table 1 shows the averagedelays and their 95% confidence error margins observedin each test, both with and without the coordinator.The delays were measured as the average between the timeof the second client ‘S2’ request and the time when thefirst image is delivered to that client.When the coordinator is present (second column), there isan up-front cost in terms of latency that is due to the timespend in identifying and configuring network resources fordata distribution. When the coordinator is not present, theresponse to the data request is relatively fast at first but thedelays increase as the bandwidth is reduced. This is basicallydue to the fact that initial images are being lost on thesaturated channel when the coordinator is not present.FlexFeed versus MulticastThe data distribution tree presented in this example resemblesa data multicast tree, often obtained with conventionaldata multicast algorithms. As previously noted, FlexFeed7 of 8goes beyond conventional and data-aware multicast approachesby building a tree that include nodesthat are notnecessarily part of the multicast group (node T2 in thiscase). These nodes are opportunistically discovered andconfigured, at runtime by the framework, based on its currentresource availability, role in the network, and systempolicies.Furthermore, the configuration of node T2 can be highlydata-dependent and arbitrarily complex. In these examples,the intermediate node was use merely as a splitting pointfor the data distribution tree. It could also have receivedcustomized code to perform in-stream data transformationor specialized filtering.Consider the case where the request place by soldier ‘S2’was for a lower res olution video stream from the samesource. Multicast algorithms would often regard this as anindependent request or would have assumed that one of thenodes in the multicast group would be able to reduce theresolution of the stream to include the new request in thedata hierarchy. Data-centric protocol like Directed Diffusionwould also depend on an intermediate node’s a prioricapabilities to construct the low resolution data from thehigh resolution stream.In FlexFeed, the request placed by soldier ‘S2’ can sp ecifyreferences to data-specific code that will be installed, ondemand, on node ‘T2’ to act as a processing element. Thecode would be installed only in the necessary nodes (asdetermined by the coordination algorithms) and would beremoved when no longer necessary.Another extension of the same capability is the transparentenforcement of information release policies. In this case,upon S2’s data request, FlexFeed would query the policyframework for constraints or obligations involving the request.Consider, for example, that policies were previouslydefined to constrain unrestricted access from S2 to thatspecific data source. In that case the framework will,transparent to node ‘S2’, identify an intermediate node forpolicy enforcement and will deploy the customized datafilters (specified as part of the policy) to ensure compliancewith the specified requirements. This feature of Flex-Fleed has been extensively demonstrated by (Suri, Bradshawet al, 2003; Suri, Carvalho et al, 2003) in multiplesimulations and real life exercises.CONCLUSIONS AND FUTURE WORKIn this paper we have introduced the FlexFeed frameworkin the context of military combat operations. The conceptproposed in FlexFeed goes beyond current data-centricrouting approaches and data-aware multicast. It realizesthe notion of agile computing in the context of data communicationsand offers the basis for a truly customizablemiddleware for data communications in extreme environments.The framework is currently implemented and has beentested in several small scale exercises including soldiersoperating in conjunction with robotic units and remote systems.The framework currently relies on a centralized coordinationalgorithm for resource allocation. We are currentlydeveloping fully decentralized (and zone-based)algorithms to improve scalability, robustness, and performance.。

高二英语科技词汇单选题40题

高二英语科技词汇单选题40题

高二英语科技词汇单选题40题1. In the field of technology, a "processor" is different from a "controller" _____.A. significantlyB. slightlyC. rarelyD. frequently答案:A。

本题主要考查词义辨析。

“significantly”意为“显著地”;“slightly”意为“轻微地”;“rarely”意为“很少地”;“frequently”意为“频繁地”。

在科技领域,“processor”(处理器)和“controller”(控制器)的差别是显著的,所以选A。

2. The new software is designed to _____ the efficiency of the system.A. enhanceB. reduceC. maintainD. destroy答案:A。

“enhance”表示“提高,增强”;“reduce”表示“减少”;“maintain”表示“维持”;“destroy”表示“破坏”。

新软件的目的是提高系统效率,故选A。

3. When it comes to data storage, "hard drive" and "solid state drive" have different _____.A. capacitiesB. speedsC. featuresD. prices答案:C。

“capacities”指“容量”;“speeds”指“速度”;“features”指“特点,特征”;“prices”指“价格”。

在数据存储方面,“hard drive”(机械硬盘)和“solid state drive”( 固态硬盘)有不同的特征,所以选C。

4. In the world of technology, "algorithm" is often used to _____ complex problems.A. solveB. createC. avoidD. ignore答案:A。

高二英语现代科技单选题30题

高二英语现代科技单选题30题

高二英语现代科技单选题30题1.The new smartphone has a powerful _____.A.processorB.screenC.cameraD.battery答案:A。

本题考查现代科技名词。

processor 是处理器,智能手机强大通常是指处理器性能强。

screen 是屏幕,虽然屏幕也很重要但不是强大的主要体现。

camera 是摄像头,不是通常说的强大的主要方面。

battery 是电池,与强大不太直接相关。

2.Modern technology has brought us many advanced _____.A.devicesB.toolsC.instrumentsD.equipments答案:A。

devices 通常指电子设备等小器具。

tools 一般指手工工具等。

instruments 指乐器或精密仪器。

equipments 是错误用法,equipment 是不可数名词。

3.The latest laptop is equipped with a high-resolution _____.A.displayB.monitorC.screenD.show答案:C。

display 比较宽泛,可以指各种展示。

monitor 通常指显示器,但比较正式。

screen 就是电脑等设备的屏幕,更符合语境。

show 表示表演或展示,不合适。

4.One of the key features of 5G technology is its high-speed _____.A.connectionB.linkC.relationD.tie答案:A。

connection 指连接,5G 的高速连接很常见表达。

link 一般指链接。

relation 是关系。

tie 是领带或联系,都不合适。

5.The smart home system is controlled by a central _____.A.controllerB.operatorC.managerD.director答案:A。

高二英语科技流派单选题50题(带答案)

高二英语科技流派单选题50题(带答案)

高二英语科技流派单选题50题(带答案)1.With the development of technology,________has become an important part of our daily life.puterB.the computerC.a computerputers答案:D。

本题考查名词的用法。

“computer”是可数名词,根据句意,这里泛指电脑,用复数形式表示一类事物。

选项A 是单数形式,不能泛指所有电脑;选项 B 加了定冠词the,表示特定的某一台电脑;选项C“a computer”表示一台电脑,不符合题意。

2.The________of mobile phones has greatly changed people's communication methods.A.inventionB.inventC.inventorD.inventive答案:A。

本题考查名词辨析。

“invention”是名词“发明”;“invent”是动词“发明”;“inventor”是名词“发明家”;“inventive”是形容词“有发明才能的”。

根据句意,手机的发明改变了人们的交流方式,应选名词“发明”。

3.________is one of the most important inventions in moderntechnology.A.The InternetB.InternetC.An InternetD.Internets答案:A。

“Internet”是特定的事物,前面要加定冠词the。

选项B 缺少定冠词;选项C“an Internet”错误,Internet 是特定的事物,不能用不定冠词;选项D“Internets”错误,Internet 没有复数形式。

4.The new________can store a large amount of data.A.hard diskB.hard disksC.a hard diskD.the hard disk答案:A。

Border Protect:边境保护解决方案说明书

Border Protect:边境保护解决方案说明书

BORDER PROTECTOperations depend on access to reliable, secure, and real-time data to maintain border security. You need a streamlined and intuitive way to operationalize tremendous amounts of data and multimedia from disparate systems including: video sources, CAD, RMS, SCADA/IOT, sensors, resource locations, alerts, social media and more. Converting information into actionable response is vital to the security of those working in Border Enforcement Security Task force (BEST) operations centers. Motorola’s Border Protect solution provides data that is streamlined into a common operating picture, customized to your operations. Enhance your operations using real-time situational awareness to secure our border and keep personnel and assets safe.STREAMLINE OPERATIONSWhat if your mission critical communications and operational data sources were streamlined into a single intuitive operating position? What if you could instantly send out targeted emergency messages, warning tones to threat or mass notifications at a moment’s notice? What if you could pull up any standard operating procedure (SOP) relevant to the situation at a click of a button? What if you could be one step ahead of any incident that could turn into an emergency? Border Protect provides real-time integration of your disparate operational command, control, communications, computers, intelligence, surveillance and Reconnaissance (C4ISR) data sources used in your Combat Information Center, Border Enforcement Security Operation Centers, or other command environments and converges them, to improve decision-making and achieve safer outcomes.EXAMPLEAgents are required to be the eyes and ears on the ground, but human abilities only go so far. There is extensive technology in place to support agents’ daily border security detail that can be integrated into Border Protect: including: aerial drones and towers providing long range radar and camera video feeds of land, air and marine threats, pressure point sensors detecting foot or vehicle traffic, gate monitoring, border checkpoint records and more.Border Enforcement Security Task Force Operations Centers can monitor multi-layered data from deployed security devices via Border Protect. Personnel gain real-time intelligence on suspicious activities, which are video mapped on a common operating picture to help determine where agents should be dispatched. Border Protect allows agents in the field to monitor maps and data via tablets and a range of mobile devices. With a holistic view of where threats are most likely to occur, higher command can turn that visibility into actionable and shareable intelligence, sending agents to locations that pose the greatest threat.FEATURESREAL-TIME VIDEO AGGREGATION & MANAGEMENTVirtually monitor the land border, ports and air with unlimited simultaneous camera views from fixed, body-worn, recorded, or real-time mobile video feeds, all aggregated into one position from several video management systems (VMS), or even from multiple vendors. Easily reference the video source, date, time and location with full reporting and auditing functionality for after action analysis. THREAT DETECTION AND ALERTING Receive real-time alerts from C4ISR and sensors, including intrusion detection systems (IDS), perimeter sensors (RADAR/SONAR/ CBRNE), access control systems, gunshot detection systems, cybersecurity, and weather alerts to support proactive enforcement and more informed coordinated emergency response or law enforcement interdiction. Physical security, access control mechanisms: control and monitoring of door locks, fire alarms, turnstiles / man-traps, vehicle barriers, duress buttons, and vault sensors. IDENTITY MANAGEMENT SYSTEMS Biometrics, card scanners, and other perimeter and border identification mechanisms, facial and gait recognition, including interfaces to external databases. Automatic Identification System (AIS) for vessels and aircraft used to help identify objects of interest. STANDARD OPERATING PROCEDURES (SOPs) – STATIC & DYNAMIC WORKFLOWSHighly configurable and customer definable workflows and procedures unique to your environment. Integrate and scale existing applications to support, streamline, and complete workflows. Create action plans that define sequences of steps within Border Protect that guide responders and officials through a series of actions when reacting to situations. The situation log created while executing an action plan records any actions taken during the response. Action plans implement the established best practices for an organization and are unique to each Border Protect environment.UNIFIED VOICE AND DATA COLLABORATIONIntegrate LMR communications to monitor and communicate directly with field personnel and distribute actionable intelligence through voice. Also, integrate push-to-talk applications (WAVE) to allow units to communicate no matter the device (computer, smartphone, and tablet), the frequency used or the agency. It also allows for state & local interoperability collaboration, as needed.ACTUAL PRODUCT PHOTOS PERIMETER DETECTIONActively monitor gates, ports, piers, airfields,and perimeter by having sensors and videodetect any disturbance or breach and alertunits immediately.MASS NOTIFICATIONActivate automatic or manual alerts withseveral Mass Notification Systems (MNS) viaSMS/MMS, email, LMR (voice and text), pre-recorded or text-to-speech telephone calls,smartphone applications, computer desktoppop-up, social media, cable TV channels,notification boards, and various other types ofsignage with the push of a button to informpersonnel or civilians of the threat condition.VIDEO SYNOPSISIntegrate various video ingestion solutions toreview hours of recorded footage in minutes toquickly identify events, behavior and suspects,items or people of interest. Filter based oncolor, direction, size, speed, of objects andother characteristics.MOBILE CLIENT VIDEO AND PHOTOUPLOADSend short video clips and images to personnelin the field to support situational awareness.ADVANCED SEARCH AND QUERYQuery personnel, national or federal recordssystems, and databases to quickly extractintelligence.GEOSPATIAL MAPPINGVisualize all C4ISR available data from cameralocations, radar, sensors, CAD incidents, fieldpersonnel, social media, and more on anintuitive map that can be customized with youragency’s mapping layers. 2D and 3D mappingavailable.ACTIVITY LOGAudit all actions performed by the operator ina summary view to meet investigation andlegal requirements, support training, andprovide transparency to the community.RULES & CORRELATION ENGINEAutomatically or manually associate relateddata together from disparate physical andcyber inputs for a more comprehensive threatassessment while providing command staffand management with simplified dashboardand reporting capabilities.ON PREMISE. SCALEABLE.PROTOCOL AGNOSTIC.Manage data no matter the volume, allowinginstallations to add or reduce data sourcesregardless of size.Border Protect provides complete situational awareness in your operations center environment by leveraging your existing investments. By integrating all of your data and systems, your operations can take siloed data sources and create a comprehensive view and streamlined workflows. OUTCOME OF OPERATIONS A safe and secure border depends on personnel and technology working to maintain its security. With a secure, on-premise CSIM/PSIM platform, operations can achieve a big-data enhanced operating picture that provides more reliable and accurate information. Units protecting the border will gain heightened situational awareness by having instant access to critical information, and respond more quickly and intelligently to the threat at hand. Not only will units have the capability to collaborate more, they will also have the ability to seamlessly share information with state and local first responders. Border Protect is the solution that takes all yo ur agencies data sources and brings them together into one unified picture, ultimately streamlining your operations.ENHANCE YOUR OPERATING PICTURE Border Protect is built to aggregate real-time information across border operations for enhanced information sharing, collaboration, and analysis. Now your emergency operator, threat analysts, agents , special forces, physical security officer and other responders can have instant access to real-time alerts, mass notifications, records and communications. Safeguard the border with the power of Border Protect.SENSORS SECURITY MANAGEMENTRadar Sonar AIS CBRNEAlarms CONVERGED SECURITYBorder Protect is a unified platform that meets security and network compliances for border operations. Designed to aggregate and analyze data from multiple inputs making the data meaningful and actionable. Increasing situational awareness with one common operating picture. Enabling you to be your best in the moments that matter.For more information about Border Protect contact your Motorola representative orvisit /BorderSecurityMotorola Solutions, Inc. 500 W. Monroe Street Chicago, IL 60661 U.S.A. 800-367-2346 MOTOROLA, MOTO, MOTOROLA SOLUTIONS and the Stylized M Logo are trademarks or registered trademarks ofMotorola Trademark Holdings, LLC and are used under license. All other trademarks are the property of their respectiveowners. © 2017 Motorola Solutions, Inc. All rights reserved. 4-2018。

网络信息安全英语练习题

网络信息安全英语练习题

网络信息安全英语练习题网络信息安全是现代社会中一个非常重要的议题,它涉及到保护数据不被未授权访问、修改、破坏或泄露。

以下是一些英语练习题,旨在帮助学生更好地理解和掌握网络信息安全的相关概念。

1. Multiple Choice Questions (选择题)Choose the correct answer from the options provided.a) What does "cybersecurity" refer to?- A) The study of cybernetics- B) The practice of protecting information systems from theft or damage- C) The design of computer networks- D) The creation of cyberspaceb) Which of the following is a common method used by hackers to gain unauthorized access to a system?- A) Social engineering- B) Social networking- C) Social media marketing- D) Social sciencec) What is a "firewall"?- A) A physical barrier to prevent fire from spreading- B) A software or hardware that monitors and controlsincoming and outgoing network traffic- C) A type of antivirus software- D) A network protocold) What is the purpose of "encryption" in cybersecurity?- A) To make data unreadable to unauthorized users- B) To increase the speed of data transmission- C) To reduce the size of data files- D) To improve the quality of network connections2. Fill in the Blanks (填空题)Fill in the blanks with the appropriate words from the list provided.- breach, protocol, phishing, malware, vulnerabilitya) A computer virus is a type of _______ that can cause damage to a system or steal information.b) An email that appears to be from a legitimate source butis actually designed to trick the recipient into revealing sensitive information is known as _______.c) A _______ is a set of rules governing the format and transmission of data over a network.d) A _______ in a system is a weakness that can be exploited by an attacker.e) A _______ of data security occurs when unauthorized accessis gained, often resulting in data loss or corruption.3. True or False (判断题)Determine whether the statements below are true or false.a) Two-factor authentication is a security measure that requires two different methods of verification to access a system. (True / False)b) Public Wi-Fi networks are always secure and safe to usefor online banking. (True / False)c) A strong password should include a mix of upper and lower case letters, numbers, and special characters. (True / False)d) It is not necessary to update software regularly because updates are only for new features. (True / False)e) VPNs (Virtual Private Networks) can provide an extra layer of security by encrypting internet traffic. (True / False)4. Short Answer Questions (简答题)Answer the following questions in a few sentences.a) What is the significance of using strong passwords?b) Explain the concept of "zero-day" vulnerabilities.c) How can users protect themselves from phishing attacks?d) What are some best practices for maintaining network security at home?e) Describe the role of a cybersecurity analyst.These exercises are designed to test and reinforce knowledge on various aspects of network information security. By practicing with these questions, students can enhance their understanding of the subject and be better prepared to tackle real-world cybersecurity challenges.。

高二英语科技前沿动态单选题50题

高二英语科技前沿动态单选题50题

高二英语科技前沿动态单选题50题1. The new technology enables us to communicate ______ than ever before.A. more easilyB. most easilyC. easierD. easy答案:A。

本题考查副词比较级的用法。

“than”是比较级的标志,A 选项“more easily”是“easily”的比较级形式,符合语法规则;B 选项“most easily”是最高级形式,不符合语境;C 选项“easier”是形容词比较级,此处需要副词修饰动词“communicate”;D 选项“easy”是形容词原级,不能与“than”连用。

2. The development of 5G technology has brought ______ changes to our lives.A. a great deal ofB. a number ofC. the number ofD. a lot答案:B。

本题考查短语的用法。

A 选项“a great deal of”修饰不可数名词;B 选项“a number of”修饰可数名词复数,表示“许多”,符合“changes”(可数名词复数);C 选项“the number of”表示“……的数量”;D 选项“a lot”需要加“of”才能修饰名词。

3. The latest smart phone has a ______ camera that can take amazing pictures.A. high-resolutionB. high-resolvingC. highly-resolutionD. highly-resolving答案:A。

“high-resolution”是一个复合形容词,表示“高分辨率的”,B、D 选项的形式错误,C 选项“highly-resolution”的表述不正确。

高三英语询问技术创新单选题50题

高三英语询问技术创新单选题50题

高三英语询问技术创新单选题50题1. Many tech companies are investing heavily in ______ to improve data security.A. artificial intelligenceB. blockchainC. virtual realityD. augmented reality答案:B。

解析:本题考查新兴科技词汇的理解。

A选项人工智能主要用于模拟人类智能,如语音识别、图像识别等,与数据安全关联不大。

B选项区块链是一种分布式账本技术,以其安全性和不可篡改的特性被广泛用于数据安全领域,符合题意。

C选项虚拟现实主要是创建虚拟环境,与数据安全不是直接相关。

D选项增强现实是将虚拟信息叠加到现实世界,和数据安全关系不紧密。

2. The ______ technology has made it possible for self - driving cars to navigate complex roads.A. 5GB. cloud computingC. big dataD. Internet of Things答案:A。

解析:5G技术具有低延迟、高带宽等特性,这些特性使得自动驾驶汽车能够在复杂的道路上进行导航,因为它能快速传输数据。

B选项云计算主要是提供计算资源的网络服务,与自动驾驶汽车导航关系不直接。

C选项大数据侧重于数据的收集、存储和分析,不是直接助力自动驾驶导航的关键。

D选项物联网强调设备之间的连接,并非自动驾驶汽车导航的最主要技术支持。

3. Tech startups are exploring the potential of ______ in the field of medical diagnosis.A. quantum computingB. gene editingC. nanotechnologyD. all of the above答案:D。

中考英语科技创新驱动因素单选题40题

中考英语科技创新驱动因素单选题40题

中考英语科技创新驱动因素单选题40题1.Smartphones are one of the most important technological inventions. They have brought great changes to our lives. The main part of a smartphone is the _____.A.screenB.cameraC.batteryD.processor答案:D。

处理器是智能手机的核心部件,决定了手机的运行速度和性能。

屏幕主要用于显示图像,相机用于拍照,电池提供电力,但处理器是智能手机最重要的部分之一。

2.With the development of technology, more and more people are using wearable devices. A wearable device usually has a _____.A.sensorB.strapC.displayD.chip答案:A。

可穿戴设备通常有传感器来监测各种数据。

表带是用来佩戴的部分,显示屏用于显示信息,芯片是设备的核心部件之一,但可穿戴设备的主要特点是有传感器。

3.In the field of artificial intelligence, data is very important. The place where data is stored is called a _____.A.databaseB.serverC.programD.software答案:A。

数据库是存储数据的地方。

服务器主要用于提供服务和处理请求,程序是一组指令,软件是一系列程序的集合。

4.The new energy vehicle is driven by electricity. The device that stores electricity in a new energy vehicle is called a _____.A.batteryB.motorC.chargerD.controller答案:A。

高二英语全球安全意识广阔视野单选题40题

高二英语全球安全意识广阔视野单选题40题

高二英语全球安全意识广阔视野单选题40题1. The ______ of global warming on food security is a major concern.A. impactB. effectC. influenceD. result答案:A。

本题考查名词辨析。

“impact”强调强烈的冲击和影响;“effect”侧重于结果、效果;“influence”多指潜移默化的影响;“result”是结果。

全球变暖对粮食安全的强烈影响,用“impact”更恰当。

2. We need to take ______ measures to protect the environment from further damage.A. effectiveB. efficientC. affectiveD. effectual答案:A。

“effective”表示能产生预期效果的;“efficient”侧重效率高;“affective”指情感方面的;“effectual”有效的,但不如“effective”常用。

保护环境采取能产生效果的措施,用“effective”。

3. The international community is making ______ efforts to address the issue of global terrorism.A. considerableB. considerateC. regardedD. regarding答案:A。

“considerable”大量的、相当多的;“considerate”体贴的;“regarded”被认为;“regarding”关于。

国际社会为解决全球恐怖主义问题付出大量努力,用“considerable”。

4. The ______ of natural disasters has increased in recent years due to climate change.A. frequencyB. frequentC. frequentlyD. infrequency答案:A。

八年级英语信息安全保护方法单选题30题

八年级英语信息安全保护方法单选题30题

八年级英语信息安全保护方法单选题30题1.We need to install a good _____ to protect our computer from viruses.A.softwareB.firewallC.hardwareD.program答案:B。

本题考查信息安全相关名词。

选项A“software”是软件,不能直接保护电脑免受病毒侵害。

选项B“firewall”防火墙,可以阻止病毒和恶意软件的入侵,符合题意。

选项C“hardware”是硬件,与防病毒关系不大。

选项D“program”程序,比较宽泛,不一定能起到保护电脑免受病毒侵害的作用。

2.Which one is an important tool for information security?A.keyboardB.mouseC.antivirus softwareD.monitor答案:C。

选项A“keyboard”键盘是输入设备,与信息安全关系不大。

选项B“mouse”鼠标也是输入设备,与信息安全无直接关系。

选项C“antivirus software”杀毒软件是信息安全的重要工具,正确。

选项D“monitor”显示器只是输出设备,不能保障信息安全。

3.A _____ can prevent unauthorized access to a network.A.routerB.switchC.gatewayD.server答案:C。

选项A“router”路由器主要用于网络连接和路由选择。

选项B“switch”交换机用于连接多台设备。

选项C“gateway”网关可以防止未经授权的访问网络,符合题意。

选项D“server”服务器主要提供服务,不能防止未经授权的访问。

4.The _____ is used to store important data securely.A.diskB driveC.cloud storageD.hard drive答案:C。

高二英语全球安全意识广阔单选题40题

高二英语全球安全意识广阔单选题40题

高二英语全球安全意识广阔单选题40题1.There are many ways to protect the environment. We should try our best to reduce pollution. Which of the following is NOT a way to protect the environment?ing public transportation.ing disposable products.C.Recycling waste.D.Planting trees.答案:B。

使用一次性产品不是保护环境的方法,反而会增加污染。

A 选项使用公共交通可以减少汽车尾气排放;C 选项回收废物可以减少垃圾;D 选项植树可以改善环境。

本题考查对环境保护方法的理解以及词汇辨析。

2.We should take actions to protect the environment. What should we do when we see litter on the ground?A.Leave it there.B.Pick it up and put it in the trash can.C.Kick it aside.D.Ignore it.答案:B。

看到地上有垃圾应该捡起来扔到垃圾桶里。

A 选项把它留在那里会破坏环境;C 选项把它踢到一边也不是正确的做法;D 选项忽视它同样不利于环境保护。

本题考查对环境保护的实际行动以及日常行为的判断。

3.Which of the following activities can cause damage to the environment?A.Turning off the lights when leaving a room.B.Walking instead of driving.ing too much water.ing reusable bags.答案:C。

头脑特工队2英语

头脑特工队2英语

头脑特工队2英语The highly anticipated movie, "Secret Agent Squad 2," is a thrilling action-packed sequel that is set to captivate audiences worldwide. Building upon the success of the first installment, this film takes viewers deeper into the world of undercover intelligence operations."Secret Agent Squad 2" picks up where the previous movie left off, following the adventures of a team of elite intelligence agents who work tirelessly to protect global security. Led by the charismatic and skilled Agent Smith, the squad is composed of individuals with diverse backgrounds and unique expertise.In this sequel, the team faces a new and formidable enemy organization known as the Shadow Syndicate. Comprised of cunning criminals and master manipulators, the Shadow Syndicate poses a significant threat to international peace.As the stakes rise, the Secret Agent Squad must employ their elite training and advanced technology to dismantle the syndicate and prevent their malicious plans from unfolding.The movie combines heart-pounding action sequences with clever espionage tactics. From high-speed car chases through bustling city streets to intense hand-to-hand combat in exotic locations, the adrenaline-fueled scenes keep audiences on the edge of their seats. The impressive cinematography and cutting-edge visual effects further enhance the cinematic experience, immersing viewers in the world of covert operations.Apart from the thrilling action, "Secret Agent Squad 2" also delves into the personal lives of the agents, adding depth to the characters. Audiences will witness their struggles, aspirations, and the sacrifices they make to protect their loved ones and uphold justice. This emotionalaspect adds a relatable and human element to the film, connecting viewers with the characters on a deeper level.The film's ensemble cast delivers exceptional performances, showcasing their versatility as action starsand portraying the complexities of their characters. Witheach member bringing their unique skills and personalities to the team, the chemistry between the agents adds a layer of camaraderie and humor amidst the chaos."Secret Agent Squad 2" offers a thrilling blend of action, suspense, and relatable characters, making it a must-watchfor fans of the spy genre. As the team battles against time and a formidable enemy, audiences will be captivated by the intense sequences, heart-stopping moments, and unexpected twists. Get ready for an exhilarating cinematic experiencethat will leave viewers eagerly awaiting the next installment of the Secret Agent Squad franchise.。

高三英语社会责任单选题40题

高三英语社会责任单选题40题

高三英语社会责任单选题40题1. We should take actions to protect the environment. Which of the following is NOT an effective way?A. Reduce waste.B. Use more plastic bags.C. Plant more trees.D. Save water.答案:B。

解析:A 选项“Reduce waste( 减少浪费)”是环保的有效方式,能减少对资源的消耗。

C 选项“Plant more trees 多种树)”可以改善环境,吸收二氧化碳等。

D 选项“Save water 节约用水)”有助于保护水资源。

而B 选项“Use more plastic bags( 多用塑料袋)”会造成白色污染,不利于环境保护。

2. What can we do to help protect the ecosystem?A. Cut down more trees.B. Pollute the rivers.C. Protect wild animals.D. Waste energy.答案:C。

解析:A 选项“Cut down more trees(多砍树)”会破坏生态系统。

B 选项“Pollute the rivers 污染河流)”对生态环境有害。

D 选项“Waste energy( 浪费能源)”不利于可持续发展。

C 选项“Protect wild animals 保护野生动物)”有助于维护生态平衡。

3. Which activity is beneficial for the environment?A. Driving cars everywhere.B. Throwing rubbish everywhere.C. Recycling paper.D. Using disposable products.答案:C。

介绍中国生物安全政策立场主张和取得的成就

介绍中国生物安全政策立场主张和取得的成就

介绍中国生物安全政策立场主张和取得的成就China's position on biosafety policy and its achievementsChina has made great strides in developing its biosafety policy and has achieved significant milestones inprotecting public health and the environment. With a commitment to enhancing biosafety regulations and practices, China has embraced a comprehensive approach that encompasses various aspects of biotechnology, genetically modified organisms (GMOs), and biosecurity.中国生物安全政策立场主张和取得成就:中国在发展生物安全政策方面取得了重大进展,在保护公共卫生和环境方面取得了显著的里程碑。

为了加强生物安全法规和实践,中国采取了全面的方法,包括生物技术、转基因生物体以及生物安全的各个方面。

Firstly, China has established a robust regulatory framework for biosafety that covers a wide range ofactivities related to biotechnology research and applications. The country has implemented laws and regulations focusing on the safe handling, transportation, import/export, and release of GMOs, ensuring strict compliance with international standards.中国已经建立了一个健全的生物安全监管框架,涵盖了与生物技术研究和应用相关的各种活动。

高三英语非谓语动词单选题40题

高三英语非谓语动词单选题40题

高三英语非谓语动词单选题40题1._____ environmental protection an important issue has become a consensus among people.A.MakingB.MadeC.To makeD.Make答案:A。

本题考查非谓语动词作主语。

动名词短语making environmental protection an important issue 作主语,表示“使环境保护成为一个重要问题”这件事。

B 项made 是过去分词,不能作主语;C 项to make 通常表示目的,在此语境不合适;D 项make 是动词原形,不能直接作主语。

2._____ smart phones so popular is their various functions.A.MakingB.MadeC.To makeD.Make答案:A。

动名词短语making smart phones so popular 作主语,表示“使智能手机如此受欢迎”这件事。

B 项made 是过去分词,不能作主语;C 项to make 表示目的,与题意不符;D 项make 是动词原形,不能作主语。

3._____ artificial intelligence develop rapidly is crucial for manyindustries.A.MakingB.MadeC.To makeD.Make答案:A。

动名词短语making artificial intelligence develop rapidly 作主语,表示“使人工智能快速发展”这件事。

B 项made 是过去分词,不能作主语;C 项to make 虽可表目的,但在此处不如动名词自然;D 项make 是动词原形,不能作主语。

4._____ renewable energy sources widely used is essential for a sustainable future.A.MakingB.MadeC.To makeD.Make答案:A。

模块必刷题 Unit 3 基础篇

模块必刷题 Unit 3 基础篇

模块必刷题Unit 3 基础篇一、单项选择1.Daniel wonders ________ he should go to for help.A.what B.whom C.how D.where2.Kitty looks a little pale. She ________ ill today. But I’m not sure.A.maybe B.must be C.may be D.can’t be 3.Enough sleep is very important for health. If you ________ for your favourite TV programmes, you will feel sleepy in class.A.pick up B.stay up C.get up D.set up4.— ________ do you like that book?—Quite interesting. It’s worth ________.A.How; to read B.What; reading C.How; reading D.What; to read 5.The problem is easy enough for me ________.A.to work out B.to work it out C.working out D.to working out it 6.The old scientist is strict ________ himself and strict ________ his work.A.in; with B.with; in C.in; in D.with; with7.At that time I had no choice but ________ him to the nearest post office.A.followed B.following C.to following D.to follow8.I think your suggestions will be ________ to me. I’m looking forward to ________ you soon. A.value; hear from B.value; hearing fromC.valuable; hear from D.valuable; hearing from9.We expect a holiday without homework ________ we can relax.A.so that B.such as C.for example D.as well 10.—How is Helen in the new school?—She is doing very well. There is ________ to ________.A.nothing; worry about B.nothing; worryC.something; worry about D.something; worry11.She hardly has any time for her sports, ________?A.does she B.doesn’t she C.will she D.won’t she12.He doesn’t know ________ the broken computer.A.how to do with B.how can they deal withC.how to deal with D.how they can do with13.I often doubt ________ he says.A.whether to believe what B.whether should I believe whatC.if to believe that D.whether to believe that14.Thanks for offering me ________. They really help me a lot.A.so many useful advices B.so many useful suggestionsC.so much useful advice D.so much useful suggestion 15.—Excuse me, could I take the seat?—Sorry, ________.A.here you are B.it’s taken C.take it D.never mind二、根据汉语提示填空16.The teacher asks us not to keep our ________ (令人担忧的事) to ourselves.17.We have already got more than 100 ________ (答复) to our advertisement.18.The two friends had a fight in the school so they walked home in ________ (沉默). 19.Kim is interested in science subjects, especially ________ (化学).20.There is no ________ (疑问) that Nantong will develop into a modern city in the near future. 21.If you cannot describe your ________ (产品) in one sentence, you cannot sell it. 22.They promised that they would do ________ (任何) they could to stop the pollution. 23.When you walk up the ________ (楼梯), you must pay attention to your steps.24.My bike is broken. Will you help me fix the ________ (车轮)?25.I’ve never ____ the decision to work in West China.(后悔)三、用所给单词的正确形式填空26.One of your ________ (suggest) is useful to us and we will take it.27.The photo provides ________ (value) information about the old villages.28.In this game, if you answer a question ________ (correct), you will get one point. 29.You can make a ________ (choose) among these colourful pictures.30.The old man can’t sleep well. He is often still ________ (wake) until midnight. 31.Which do you enjoy ________ (spend) your weekend, staying at home or shopping?32.I hear someone ________ (offer) you some useful advice already.33.How ________ (solve) the problem will be discussed at tomorrow’s meeting.34.We were all busy at that moment and nobody ___________ (notice) him come into the room. 35.I hope the problem ________ (deal) with as soon as possible.36.— Has Steven finished his report today?— I have no idea. He ________ (do) it this morning.37.She ________ (not force) me — I wanted to go.38.Visiting Kyoto is an excellent chance ________ (learn) about Japanese culture. 39.Among all those girls, nobody but the twins ________ (prefer) country music.40.—I’ve already decided not to try out for the general manager.—Really? I thought you ________ (not give) up the chance forever.四、完成句子41.这些短信很无聊,不值得回复。

on Trusted and Non-Trusted Agent Places

on Trusted and Non-Trusted Agent Places

DiplomarbeitProtecting Integrity and Secrecyof Mobile Agents on Trusted and Non-Trusted Agent PlacesLars Fischer22.04.20031.Gutachterin:Prof.Dr.Claudia Eckert2.Gutachterin:Prof.Dr.Ute BormannUniversit¨a t Bremen Fachbereich3AbstractMobile Software Agents are at the mercy of the agent places they visit on their itinerary.But certain applications have a need for protection of secrecy and integrity of parts of the mobile agents data space.In this paper I will introduce a definition of the term Mobile Software Agent that is derived from a general definition of the term agent and the definition of Wooldridge and Jennings in1998.I will divide the agents dataspace into four types of data which are used as base for my protection ter I define types of agent operations based on applictions that are proposed by Wooldridge and Jennings.To protect integrity and secrecy of static program and static results of an agent(data types0and2)some protocols have been proposed in dif-ferent papers.I will examine these protocols and extract general methods from these protocols.As result of this examinations I will incorporate a new method,the Code-Place-Result Relations,into the Chained Digital Signature protocols from Karjoth,Asokan and G¨u l¸c¨u to counter Inter-leaving Attacks that have been developed by Volker Roth.The examined protocols will then be classified by protection class and used methods.I will show relations between my types of agent operations,protocols,my methods and my protection classes.Of the eight protocols that I will examine I will propose three protocols for further usage;Environmental Key Generation(by Schneier and Riordan)and the two improved Chained Digital Signature Protocols.Additionally I will propose Digital Signatures to provide integrity of static parts.Digital Signatures need a working public key infrastructure or other systems for key distribution to work.Environmental Key Generation is only usable in some settings,for example to protect the identity of an originator of an agent within a mobile ad hoc network.I will introduce a Traffic Information Agent System as an example analysis of threats and recommendations how to protect certain security objectives.In my conclusion I will compare the protection of integrity and secrecy in mobile agents with the protection in the client-server model.Contents1Introduction91.1Scope of this Work (9)1.2Contents of this Paper (10)2Mobile Agent Basics112.1Agent Definitions (11)2.1.1Software-Agents (12)2.1.2Agent Systems (12)2.1.2.1Agents and Agent Places (14)2.1.3Mobile Agents (14)2.1.4Mobile and Other Codes (15)2.1.4.1Daemons versus Agents (15)2.1.4.2Itineraries (16)2.2Types of Attack by Malicious Agent Places (17)2.3Work for Agents (17)2.3.1Agent Scenarios (17)2.3.1.1The Virtual Milk Boy Scenario (18)2.3.1.2The Traffic Management Scenario (19)2.3.2General Applications for Agents (19)2.3.3Classification of Agent Operations (19)2.3.4Importance of Security for Mobile Agents (20)2.4Conclusion (21)3Notation and Security Objectives233.1Notation (23)3.2Models (24)3.2.1Protection Classes (24)3.2.2Chain of Partial Results (25)3.3Security Objectives (25)3.3.1Integrity (26)3.3.1.1Integrity of Type2Data (26)3.3.2Secrecy (27)3.3.3Other Objectives (29)3.3.3.1Accountability (29)3.4Conclusion (29)34CONTENTS 4Methods and Protocols314.1Introducing the Protocols (31)4.1.1Append Only Container (32)4.1.2Multi-Hops Protocol (35)4.1.3Chained MAC Protocol (37)4.1.4Caring Agent Place Encapsulation (38)4.1.5Publicly Verifiable Chained Digital Signatures (41)4.1.6Chained Digital Signatures with Forward Privacy (44)4.1.7Environmental Key Generation (44)4.1.8Time Limited Blackbox Security (45)4.1.9Other Solutions (47)4.2Classification and Abstraction (48)4.2.1Classes Summary (48)4.2.2Protection Classes and Agent Operations (49)4.2.3Protection Classes and Protocols (50)4.2.4Agent Operations and Protocols (51)4.2.5Methods and Protocols (51)4.2.6Methods and Protection Classes (53)4.3Conclusion (54)5Threat Analysis on a T.I.A.S.575.1Motivation (57)5.2The Traffic Information Agent System (58)5.2.1The Network (58)5.2.2The Agent Places (59)5.2.3The Traffic Information Agents (59)5.2.4Security Objectives (61)5.2.4.1Priority of Objectives (62)5.3Threat Analysis (63)5.3.1Objects of the Analysis (63)5.3.2Attacking the System (63)5.3.2.1Description of the Attacks (64)5.3.3Summary of Prerequisites (70)5.3.3.1Grades of Difficulty (70)5.3.3.2List of Weighted Prerequisites (71)5.3.3.3Calculating the Difficulty of Attacks (71)5.4Countermeasures Recommendation (72)5.4.1Countering Privacy Attacks (73)5.4.1.1Prevent Attackers From Learning OIDs (73)5.4.1.2Prevent Attackers from Reading the Route (74)5.4.2Countering Attacks on Accuracy (74)5.4.3Countering Denial Of Service Attacks (75)5.4.4Recommendations Summary (75)5.4.5Analyzing Effects of the Recommendations (75)5.5Conclusion (76)5.5.1Improvements (77)CONTENTS5 6Conclusion796.1Borderlines of Security (79)6.2Agent Security and Mobile Code (80)6.3Fields of Work for Mobile Agents (80)6.4Future Works (80)6.5Famous Last Words (81)6CONTENTSList of Figures2.1Agent System (13)3.1Notation (24)4.1Header Box of a Protocol Description (32)4.2A Backward Chaining Relation (34)4.3Scheme of the Interleaving Attack([Rot01a]) (34)4.4Caring Agent Place Encapsulation Scheme (39)5.1Sketch of the Traffic Information Agent’s Program (60)5.2Attack A) (65)5.3Attack B) (66)5.4Attack C) (67)5.5Attack D) (67)5.6Attack E) (68)5.7Attack F) (69)5.8Attack G) (70)List of Tables2.1Types of Data (13)2.2Processing Concepts (16)3.1Abbreviation of Protection Classes (24)4.1Classes Summary (48)4.2Protection Classes and Protocols (50)4.3Methods Used in Protocols (52)4.4Methods and Protection Classes (53)5.1Priority of Protection Against Attacks (64)5.2List of Attack Prerequisites (71)5.3Attacks and Prerequisites (72)5.4Attacks and Prerequisites (76)78LIST OF FIGURESChapter1IntroductionMyfirst move toward mobile agents has been made in a lecture by Claudia Eck-ert on operating systems1.As part of a brief introduction to the model of mobile agents,security issues have been discussed.The problem of malicious agents that attack agent places can be compared to the problem of malicious processes attacking operating systems.The protection of mobile agents from malicious agent places is a new situation and occurring problems are more difficult to solve.A mobile agent is executed by the agent place it is visiting.To enable the agent place to do this,the place has to read and understand code and data of the agent.During execution the state of the agent is changed and eventually the agent is transferred to the next agent place.The general problems are:How to make the agent place do exactly those manipulations to the agent that result from a correct interpretation of the agents program and state,and how to reveal only those data to the agent place that it is authorized to know?Today some protocols to protect mobile agents have been developed.Within this work protocols that aim at the protection of secrecy and integrity of mobile agents are discussed.The goal is to examine the used methods that are included within the pro-tocols,determine the type of protection a protocol provides andfind relations between them and possible application types.Nowadays mobile agents are mentioned in an increasing number of publica-tions.The applications that are developed range from network management to integrated teamwork environments.Considering the variety of applications,and the different tasks that agents can fulfill within an application,and the different constraints of protocols,it is difficult to see what security protocol is used best within a specific application.In this work this will be done within an example to show how to use the knowledge gained from the previous examination. 1.1Scope of this WorkThis paper is an examination of protocols that protect secrecy or integrity of mobile agents on non-trusted agent places.Attacks during migration are not1University of Bremen,Department of Computer Science,summer term2001,lecture“Be-triebssyteme2”by Claudia Eckert910CHAPTER1.INTRODUCTION considered in order to allow to focus on the control the places have over agents .For the same reason this paper includes no study on the different ways a network of agent places can be organized or methods that attack the network, like masquerading attacks.The examination is done in an abstract way,the introduced protocols work regardless of the used programming language or representation of data.1.2Contents of this PaperThis is a work on integrity and secrecy of mobile code by the example of mobile agents.The goal is to summarize and classify existing protocols and introduce own improvements.Chapter2,“Mobile Agent Basics”introduces the concept of mobile agents, applications and security problems that stem from malicious agent places.Within chapter3the notation used to describe the protocols and considered security objectives are introduced.“Methods and Protocols”,the fourth chapter,includes the description and discussion of protocols to protect integrity and secrecy of mobile agents.The chapter is completed with an examination on the relations between agent types, protocols,security classes and methods.Within chapter5an agent system to distribute data on traffic conditions within a vehicle based dynamic ad hoc network is sketched and analyzed in regard to the threats from malicious agent places.The work is closed with a summary on the conclusions of this work in chap-ter6.Chapter2Mobile Agent BasicsThis chapter should introduce the reader to the goals of this paper and introduce a view on mobile software agents.First I will propose a definition of mobile agents that is based on a summary of the definitions found in literature and my own thoughts.Later in this chapter I will describe some applications for which mobile agents can be used.Besides providing a glimpse into the motivation for mobile agent use,this should give us some insight into the required security features.These applications shall then be classified to obtain a more abstract handle.Furthermore,the premises and restrictions on which this paper is based are introduced in this chapter.2.1Agent DefinitionsThe discussion on agents is s centered around many similar yet different defi-nitions.I do not intend to end this discussion here,but would like to clarify my point of view on agent systems.This section will define the general terms connected to mobile software agents as they will be used in this paper.A precise definition of agents is still a subject for discussions.A definition given by N.R.Jennings and M.Wooldridge in[JW98]defines them as computer systems:An agent is an encapsulated computer system that is situated in someenvironment and that is capable offlexible,autonomous action in thatenvironment in order to meet its design objectives.In my Opinion this definition is erroneous in the sense that it is solely focused on computer systems while the term agent is used much longer in other contexts than computer science.In order to not neglect the older usage and to emphasize that agents are a model closely related to the real world I will start with a more general definition of agents,which is nevertheless quite similar to the above definition.Definition1(agent)An agent is an encapsulated system with an unique identity that is situated in some environment and that is capable of autonomous action in that environment in order to follow a plan or assignment on behalf of some entity.The agent is1112CHAPTER2.MOBILE AGENT BASICS able to interact with its environment,especially to communicate with other entities.It is able to actively make modifications to or react to changes in its environment.Actions and reactions of an agent are results of its plan.2.1.1Software-AgentsThis definition of agents does not specify whether an agent is an entity from the realm of computer science or an entity from the material world.To specialize the term agent toward software agent we define:Definition2(software agent)A software agent is an agent in the form of software that is situated within a computer environment.The agent program is similar to the plan or assignment mentioned within th definition of agent.Software agents differ significantly from human agents because they completely depend on the computer system that executes their program while human agents might at least have some basic abilities that are independent from the environment.The security problem at hand is that the executing computer has complete control over the agent and the computer is possibly controlled by a person with malicious intentions.The data of software agents can be divided into static and dynamic data. Examples of static parts of an agent are static program code,static data or static status information,e.g.the identity of the software agent.Obviously dynamic and static parts raise different security issues and need different pro-tection methods.Within this paper static and dynamic parts are sometimes referred to as program and data.This is because program code is often thought of as static and the data as dynamic.Dynamic data can be broken down further into three types:fixed size change-able,dynamically allocated static and dynamically allocated changeable data. Together with the static data I have enumerated and described them as shown in table2.1.The data types provide a model which subdivides data space based on the changes that are allowed,unlike the known subdivision based on the function into text and data segments of the known process model[Tan01].I have taken the freedom of simplifying this listing and have not denoted classifications for the deletion of data,which means a decrease of the size of the agent space.This simplification is valid as deletion could be abstracted as a modification of the data to values that denote deleted.Therefore data that should be deletable has to be classified as changeable.To enhance readability I will further refer to software agents as agents.2.1.2Agent SystemsIn the sections above,the places where agents roam have been referred to as environment,which is too abstract to use for discussion.In this section the “environment”should become more specific.The Agent System(fig2.1)includes everything that is directly involved in executing,migrating and securing the agent which is not part of the underlying network or the operating system.The agent system includes the agent places, the algorithms and protocols that implement the environment in which the agents act.2.1.AGENT DEFINITIONS13 0static Data is set at the beginningof the agent’s life-cycle and nochanges are authorized.An ex-ample is the agent’s program.1fixed size changeable Data that is set at the begin-ning of the life-cycle but to whichchanges to the values could beauthorized,a global variable orexecution state for example.2dynamically allocated static Data for which space is allocatedduring the life-cycle of the agentbut to which no changes are au-thorized later.One example forthis type is a result that has beencomputed by the agent.3dynamically allocated changeable Data for which space is allo-cated during the life-cycle andto which changes might be au-thorized.This type comprises ofanything else,for example a dy-namically allocated counter vari-able.Table2.1:Types of DataAgent SystemAgent PlaceAgentsAgent ModellData RepresentationAgent Place InterfacesMigration ProtocolsSecurity ProtocolsAgent Communication ProtocolFigure2.1:Agent System14CHAPTER2.MOBILE AGENT BASICS2.1.2.1Agents and Agent PlacesTechnically an agent place executes the agents code and provides an interface through which the agent interacts with the environment.The place itself is part of a network of agent places.An agent place can host one or more agents.Mobile Agents might migrate between agent places.Migration,as well,is initiated through the agent places interface.The environment of an agent place is comprised of all agents,objects and other recognizable elements with which the agent can interact.All interaction is done through an interface which the agent place provides.The entity that is denoted agent place has different names in various papers. It is called server in[KAG98],host is used in[ST98],agent places in[ZMG98] and as a last example it is called host platform in[TM01].I decided to use the term agent place because the term host is also used to address a single computer.For example the term platform is used to describe a host with a operating system’s environment or the platform that is provided by java.A server is but one part of a client-server relationship,which is obviously missing in this context.To conclude my usage of the terms:An agent place is a platform that runs agents on a host.2.1.3Mobile AgentsIn[Nwa95]Hyacinth Nwana gives an overview of agents and defines some specific terms for different types of agents.Some of the types specify how an agent works, for example mobile agents,collaborative agents and reactive agents.Other types specify what an agent does,like the interface agent,or information agent which I will describe later in this chapter.I will try to distinguish between classifications of what an agent does,how an agent does things and what capabilities an agent or agent system has.Within this section I will introduce the capability mobility, which describes the most important agent type in a paper on mobile agents.The mobile agent is an agent which has the ability to migrate between agent places.I define it as follows:Definition3(mobile software agent)A mobile software agent is a software agent that is capable of changing the agent place it is executed on during execution.The transfer between two agent places is called migration.The mobile software agent can migrate between two agent places.The agents life-cycle does not end during migration;it is explicitly terminated.To achieve this,the agent’s data runtime information has to be preserved during migration. The life-cycle of an agent starts with the creation and ends with the deletion of a unique identifier for this agent.After a migration the data that constituted the agent is deleted at the origin of the migration.But at the destination the agent continues existing with the same identity and data.Mobility is not only a feature of the agent but of the environment in which the agent is situated in.Actually much of the work of a migration has to be implemented into the agent place,last but not least the ability to send and receive agents.It is the agent which is mobile,while the environment has to support this.2.1.AGENT DEFINITIONS15To enhance readability again,I will generally use the term agent as synonym for mobile software agent in this paper.If I wish to emphasize the feature of mobility I I will explicitly use the full term mobile agent.An agent which does not have the ability to migrate is explicitly called immobile.Strong or Weak Migration Migration can appear either as strong migra-tion or weak migration.The latter means that the agent is executed from the beginning of its program after the migration.Strong migration keeps the exe-cution state of an agent after the migration.The agents execution resumes at the point where it stopped as the migration started.Weak migration simply executes the agents program from the start.The type of migration is a main characteristic of the whole agent system.2.1.4Mobile and Other CodesThe mobile agents can be seen as special types of mobile code.Mobile Code,in general,is transferred before it is executed.A daemon,for example,is immo-bile but operates as autonomously as an agent.This section will compare the different types of programs.Mobile code in general is code that is transferred for execution.The classical mobile code is solely transferred before execution,either as code on demand on behalf of the executing entity or as remote evaluation by an entity that wishes to have code executed pared to agents,the classical mobile code only consists of static data(type0).Agents differ from classical mobile code, in that they are code that is even transferred multiple times during execution.Security needs of classical mobile code and mobile agents are quite simi-lar but with some constraints,which make the solution for agents much more complicated.With mobile code the security problems only have to be solved between the two hosts that are involved.The number and identity of the hosts involved in the complete execution of an agent is,in the worst case,not specified from the start.This means that,if not restricted,not all hosts are known when the agent is started.In table2.2I have joined the common processing concepts process and dae-mon together with the mobile agents and mobile code.2.1.4.1Daemons versus AgentsWhile most of the differences between the processing concepts should be clear from table2.2I would like to draw some attention to the difference between daemons and immobile agents.Daemons are programs that run autonomously in the background[Tan01].Most of them implement servers that provide some kind of service to the outside world.Daemons can be used for any work that does not need human intervention.Numerous examples can be found on any modern computer,like the at-daemon found on most UNIX based operating systems.Daemons and immobile agents run autonomous and fulfill their tasks using means of communication with the environment in which they are situated.On an abstract level both concepts are equal.My opinion is that the reason for different terms,used for mostly equal concepts,is simply a historical ing an adequate level of abstraction,daemons and agents are indistinguishable.In16CHAPTER2.MOBILE AGENT BASICS Process A program in execution.(consists of program,dynamic data and execution state)The con-cept Processes is superior to the other con-cepts.Mobile Code Program code is transferred from the hostwhere it is stored to the host where it is exe-cuted.Daemon Processes that run autonomous in the back-ground on afixed host.Daemons can com-municate with other processes through variouschannels.Immobile Agent Autonomous entities that are situated in anenvironment and communicate with entitieswithin this environment.Mobile Agent A immobile agent that is mobile:it can betransferred during execution.Mobile agentswork autonomously like daemons.Table2.2:Processing Conceptsthefirst case the environment is some agent place’s interface and in the latter case the environment is that of the operating system.Practically daemons are background processes within the environment provided by the operating system and agents are autonomous entities within the environment provided by an agent place running within an operating system.2.1.4.2ItinerariesThe itinerary of an agent is the sequence of platforms it visits.In[KAG98]four classes of itineraries are introduced which are summarized below.The classes are ordered from the strictest predetermined itinerary to an itinerary that is not predetermined at all.Class1)The agent’s route is set before the agent visits thefirst agent place.Al-though these itineraries are at leastflexible,they can be protected mosteasily by using basically the same techniques as for classical mobile codes. Class2)The agent has afixed list of agent places that it has to visit which isfixed, but it decides in which sequence these places will be visited during itsitinerary.Class3)All agent places that the agent is allowed to visit are set at the start.The agent visits no places that are not on its list,but it is free to choose whichplace it is going to visit when.Class4)The agent might even visit agent places that are not known from the start.The agent freely chooses which place it will visit next from all places thathe recognizes during runtime.This list is not complete.Other requirements for an itinerary can be thought of.At least this classes can be combined.For an example imagine an agent2.2.TYPES OF ATTACK BY MALICIOUS AGENT PLACES17system where the agent can move freely between a set of trusted hosts.But to visit non trusted hosts he has to move on a predetermined route between two trusted hosts.This can lead to different security strategies being used for different parts of the itinerary.2.2Types of Attack by Malicious Agent Places The agent depends completely on the agent place it is executed on.If this place is malicious it could attack the agent,like any process that is executed can be attacked by the host that executes it.With even one additional point of attack that is the migration of the agent.In[Hoh98a]Fritz Hohls gives a list of attacks that might be launched against a mobile agent by malicious agent places.I roughly sorted these attacks into classes that aim directly at the agent’s data space,at the communication,exe-cution or transportation of the agent.An attack on the transportation includes masquerading attacks as men-tioned by Hohl as well as eavesdropping on the agent’s migration.These kinds of attacks can quite well be countered by classical network solutions.Although these methods are transparent to the agent.Attacks on the execution of an agent involve denial of execution and incorrect execution.Hohl lists incorrect execution,manipulation of controlflow and spying out of the controlflow which I put into this category.It is an attack on the communication of the agent,if the attack aims at messages between the agent and its environment.This includes communication with the interface of the agent place.I have sorted spying out of communications and manipulation of the communication between agents and returning wrong results of system calls issued by the agent described by Hohl into this category.The agent place should guarantee that no other agents be able to interfere with the agent’s communications.But the place itself is in the best position to attack such communications.Thefirst type of attacks,the attack at the data is aimed directly at the data of the agent.This includes spying on existing code or data or unauthorized manipulation of the same.Fritz Hohl does mention those attack but makes no difference between authorized and unauthorized actions.This distinction is,in my opinion important because technically every action of an agent is performed by the agent place.The difference between actions is that they are allowed if they result from the correct and authorized execution of the agent and otherwise are not.2.3Work for AgentsThis section briefly introduces applications that can make use of mobile agents. The goal is to get some ideas of the possibilities the agent paradigm brings and how mobile agents work conceptually.2.3.1Agent ScenariosWithin this section I tell afictive story that might happen in a networked world in which agents are used to assist in day-to-day business.The goal is to get18CHAPTER2.MOBILE AGENT BASICS a more vivid picture of possible agent’s operations,to help imagine why the protection of agents is crucial and what it is we have to protect from whom. This scenario does not cover every possible situation,but it will at least point out some ideas.2.3.1.1The Virtual Milk Boy ScenarioYour household-stock-agent,while doing its regularly fridge-review,recognizes that your milk-reserves are running low.After seeing that your normal milk-consumption-rate indicates that your next breakfast would be rather milk-less it decides to better get your milk reservesfilled up now.It bundles some other regular household needs together and sends an e-commerce-agent to purchase the needed items.Armed with its list of items your e-commerce-agent visits the virtual shops it knowns(They are stored on another list).On its itinerary through the various shops it collects offers from their clerk-agents.It might as well share infor-mations with other e-commerce-agents about unknown shops,quality of service and prices at different shops.Having gathered the needed information it returns and communicates the data to your personalfinancial-agent and the household-stock-agent.After the decision which items to buy where has been made,a buy-agent is trusted with the needed amount of electronic money.It leaves to make the purchases.If any agent is confronted with a situation it can not handle,it will inform your user-interface-agent.This agent then will communicate the situation to you.Depending on the urgency of the situation it will inform you through daily report,instant message or whatever communications medium you use.This scenario includes the e-commerce-agent which can be implemented as a mobile agent.It has two tasks.Thefirst is to collect offers and compare them.The second mobile agent’s task is to pay afixed amount of money at a shop.The payment probably is handled by a separate buy-agent.This is called comparison shopping(see[YCK+00]and[DEW97]).The other agents mentioned are not mobile beyond the borders of your home system.The goal of automated comparison shopping is to rid the from some of his day to day business.The scenario can of course be implemented by classical,non-agent methods. But classical methods probably consume more bandwidth on your home con-nection to the net.Additionally your home system has to be connected to the network during the whole time,no matter how long the shopping takes.Taking a look at the scenario,some security objectives raise almost immedi-ately.The electronic money must be protected from unauthorized manipulation and disclosure,probably there are electronic contracts that have to be signed and should be kept secret as well.The shopping list should be kept private and definitely must not be changed by the shops.At last,if the agent compares the different offers from the shops no shop should be able to read or modify the offers of other shops.。

辽宁省沈阳市东北育才学校2021届高三下学期第九次模拟考试英语试题

辽宁省沈阳市东北育才学校2021届高三下学期第九次模拟考试英语试题

辽宁省沈阳市东北育才学校2021届高三下学期第九次模拟考试英语试题学校:___________姓名:___________班级:___________考号:___________一、阅读选择Located in the Atlantic Ocean halfway between Norway and Iceland, the Faroe Islands are a still-somewhat-undiscovered destination. Known for sweeping landscapes and sometimes-harsh weather, these islands definitely deserve a spot on your bucket list.Fun things available here·See the famous Mulafossur Waterfall in Gasadalur·Hike to Trælanípa to see the Sørvágsvatn, the “floating lake”·Hike to the Kallur Lighthouse on Kalsoy·Go sea kayaking·Attend a music festival (I loved the G! Festival)·Drive out to the town of Gjógv·See Saksun Church and the surrounding scenery·Explore the capital city of TórshavnGetting aroundRenting a car and driving is the best way to fully experience the Faroe Islands. Public transport does exist, but buses don’t run to most places very frequently. It is recommended that you book your car ahead of time, especially during the summer. (Search for rental cars here.)Where to stayThanks to the roads, bridges, and tunnels, nothing is very far away in the Faroe Islands. You can get from Tórshavn to Tjørnuvkí or Gjógv in just over an hour— meaning you could easily base yourself in Tórshavn for your whole trip if you wanted.If you do feel like staying outside of the capital for a night or two, consider makingGjógv your second base: Funningur is the only accommodation available in Gjógv, but it’s lovely. A nice guesthouse and restaurant sitting on a hill overlooking the village. (Read reviews on TripAdvisor | Book here)1.Which of the following fun things on Faroe Islands are NOT mentioned?A.Enjoy music. B.Tour around the capital city.C.Hike to the mountains. D.Appreciate water scenery.2.For a whole-trip plan, it’s convenient for visitors to live in .A.Gjógv B.Tórshavn C.Trælanpía D.Tjørnuvkí3.What’s the possible title of the passage?A.A Travel Guide to Faroe Islands B.Top Things to Do on Faroe Islands C.Some Quick Facts about Faroe Islands D.The Best Destination for Your Bucket ListI grew up as a country girl. My sister and I didn’t play video games. We didn’t have cable TV. Summers were filled with swimming in the pond and picking wild blackberries for Grandma to make a pie. Autumn was filled with corn mazes and crunching through leaves in the woods. And winter was all about building igloos near the frozen lake.My high school had zero diversity. Most people here could visit their entire extended family within 30 miles’ drive. And many were perfectly happy w ith the prospect of staying in rural northeast Ohio forever.It was in high school that I began to realize that I wanted something beyond what I knew inside my Midwest bubble. I loved reading and learning about new places, so I spent the rest of my high school career saving up so that I could go on a Lord of the Rings–themed tour of New Zealand when I graduated.After that initial trip to New Zealand, I was fully infected with the travel bug. I joined my college marching band simply because it would mean international performance tours every two years. And I began to realize that I couldn’t imagine my life without travel in it.I got a great education from both my little rural high school and my little rural Ohio college. But, the more I traveled, the more acutely aware I became of the fact that traveling made up for my education in a way that textbooks and PowerPoint presentations in lecture halls just simply could not.So, is travel the best education? Well, I don’t know if it deserves the superlative of th e “best”. But travel is definitely really valuable and a necessary part of becoming a global citizen of the world.4.Which word best describes the author’s childhood?A.Lonely. B.Carefree. C.Difficult. D.Bittersweet. 5.What can be inferred about the author as a high school student?A.She liked to judge others. B.She was in favor of a rural life. C.Her idea of traveling took roots. D.She was never concerned about money. 6.Why is traveling important to the author?A.She could apply the knowledge from the textbooks.B.She could go on international performance tours.C.She could receive scholarship where she traveled.D.She could learn beyond the school and textbooks.7.What message is mainly conveyed in the text?A.East and west, home is the best. B.He who doesn’t advance loses ground. C.Life without travel can only call it survival. D.A person to travel, perhaps lonely, may be free.“Buzz. Buzz. The queen is that way,” said one honey bee to another. “Pass it on.” Honey bees can’t speak, of course, but scientists have found that the insects combine teamwork and chemicals to relay the queen’s location to the rest of the community, revealing an extraordinary means of long distance, mass communication.Individual honey bees communicate with the chemical called pheromones, which scientists have long known. But just how these individual signals work together to gather tens of thousands of bees around a queen has remained a mystery.In the new study, Dieu My Nguyen, a scientist at the University of Colorado, and his colleagues focused on a colony of western honey bees, the most common honey bee species in the world. The researchers set up a flat, pizza box–size arena with a transparent ceiling, in which the bees could walk around, but not fly. They put the queen bee into a cage on one side and released the worker honey bees on the other. The scientists then recorded the insects’ movements from above with a camera and an AI software tracking bees that were releasing pheromones.Once the first worker honey bees located the queen, they began to gather chains of evenly spaced bees that extended outward from the queen, with each bee sending out pheromones to its neighbor down the line. The findings are the first direct observations of this collective communication in honey bees. Like smelly bread crumbs, the branching communication lines guided far-off honey bees back to the queen’s location — a feat no single bee could achieve alone.Mark Carroll, an insect biologist at the U.S. Department of Agriculture, cautions that the work was done in a closed, practically 2D space. In reality, he notes, honey bee colonies are 3D, and they often have to fight with elements like wind and rain, which make communicating more complicated. “The next step will be to observe natural honey bee swarms and see if they’re actually doing this.” he says.8.What is the focus of the new study?A.Why worker bees gather around a queen bee.B.How pheromones function in a bee’s body.C.Why insects’ mass communication is limited to short distances.D.H ow the queen’s location is passed on to the rest of the colony.9.What is mainly talked about in Paragraph 3?A.The process of the experiment. B.The equipment required for the experiment.C.The technique used in the experiment. D.The species chosen for the experiment. 10.What does the underlined word “feat” in Paragraph 4 refer to?A.Direction. B.Movement. C.Location. D.Relay. 11.What’s Mark Carroll’s attitude to the study?A.Doubtful. B.Reliable. C.Realistic. D.Influential.Google is getting further into the business of saving lives. The internet giant announces that users of its Android phones in New Zealand will receive warnings of damaging earthquakes about to strike their locations. And those earthquakes will be detected not by the usual seismometers, but by the phones themselves.Traditional warnings, even if they only come seconds before a quake hits, can buy people enough time to survive the quake. These systems are practical, but they are difficult and expensive to develop. One system, known as ShakeAlert, cost $60 million to build and needs more than $30 million annually to operate. Such an earthquake warning system as developed by Google can cut down this expense and has great potential globally.A phone-based network makes earthquake detection possible because modern devices are equipped with motion sensors that monitor movement, such as when a user picks up or rotates the phone. Those sensors can also be programmed to detect the distinctive shaking caused by the pressure and waves of earthquakes.Google has built quake-sensing capabilities directly into its more than 2 billion active Android phones. When a Android phone detects an earthquake signal, it sends word, along with a rough location, to a central server and more than 100 phones need to sound the alarm before Google believes it. Android phones have been publicly detecting earthquakes worldwide since last year and have detected more than 1000 quakes. The warnings have performed well in terms of speed and accuracy when compared with ShakeAlert. Regardless of it, false alarms haven’t been too hard to weed out.The Android system still has a lot to prove, including its ability to detect quakes that start in less populated regions. New Zealand will pose a particular challenge, because much of its population is gathered in a few cities. That means phones might not warn of a quake that starts far from downtown until after the trembling has already begun. Until the system’s performance is clear, Google should be cautious of promising too much.12.What can we learn from the text?A.Traditional earthquake warnings are ineffective.B.Residents in New Zealand have benefited from the new warning system.C.Motion sensors are built in Android cellphones.D.ShakeAlert system cost $90 million in total.13.Compared to traditional warnings, which is NOT the advantage of Android warning system?A.Speedier B.Cheaper C.More accurate D.More practical 14.What can we infer from the underlined sentence in Paragraph 4?A.It is too hard to identify false alarms. B.Some false warnings are easy to get rid of.C.False warnings happen frequently. D.It is impossible to avoid issuing false warnings.15.What’s the best title of the article?A.Google’s Effort to Detect Earthquakes B.Google’s Promise to Save More Lives C.Google’s New Challenge in New Zealand D.Google’s Announcement about New Zealand二、七选五We know that choosing a college major can be stressful.16.! Here’s what you needto know about college majors before you commit.Career preparationChoose a major because it will prepare you for a specific career path or advanced study. Maybe you already know that you want to be a nurse, a physical therapist, or a web developer.17.. Make sure you’re ready for the coursework required for the career of your dreams.Earning potentialFuture earning potential is worth considering. After all, college is such a big investment. The majors that lead to the highest salaries include just about any type of engineering, mathematics, computer science, and economics.18.. That six figure salary may not be worth it if you're not happy at the office.19.Some students choose a major simply because they love the subject matter. If your love is philosophy, don’t write it off just because you're not sure about what the job market holds for philosophers. Many liberal arts majors provide students with critical thinking skills and writing abilities that are highly valued by employers.Explore your interestsIf you truly have no idea what you want to study, that's okay.20.. That gives you four semesters to play the field.Make the most of any required general education courses—choose ones that interest you. Exploring your interests will help you find your best fit major—and maybe even your ideal career.A.Many schools don't require students to declare a major until the second yearB.The most exciting aspects of college life is that it fosters new passionsC.A double major provides you with an understanding of two academic fields D.However, keep your quality of life in mind, tooE.But have no fearF.Before you decide, check out the curriculaG.Subjects you love三、完形填空After thirty-three years of managing a grocery store in my small hometown of Athens, Alabama, I decided to sell our business and retire.How could I retire but still have afeeling of 21 with my community? After all, they are the people who 22 my effort when I first opened the business and I wanted to give something back.Knowing my 23 , a friend told me about a hospice meeting and asked if I would be interested in becoming a hospice volunteer. I was so 24 ! Here was my opportunity to serve my community, give back to it, 25 friendships and begin new ones.26 with information from my new training class, I was assigned my first job. With27 knees, I knocked on the door. Then came the 28 couple who were struggling to care for each other. At first they were a little 29 to let anyone into their lives, but soon they appreciated the bunches of roses from my garden. My rose garden was my greatest 30 .A fresh red bunch of “Dolly Partons” or the creamy pink “Barbara Bushes” always seemed to 31 their sick room.My garden of eight to ten bushes, inspired by their32 , began to grow. Twenty, then forty, then sixty-five bushes, a whole yard of wonderful fragrant roses just waited to be cut and they seemed to know their 33 and outdid themselves with big blooms. The roses began to appear at weddings, teas, and on other social 34 in our community. Just another way I found to give back.My 35 job continued. When I got a call from the hospice with the words “Someone has asked for you ”, I was filled with great humanity and was really ready to help.21.A.connection B.business C.occupation D.communication 22.A.made B.supported C.put D.discovered 23.A.target B.dream C.decision D.dilemma 24.A.amused B.shocked C.excited D.disappointed 25.A.maintain B.develop C.find D.preserve 26.A.Taught B.Equipped C.Instructed D.Occupied 27.A.broken B.shaking C.twisting D.soften 28.A.familiar B.energetic C.elderly D.elegant 29.A.unwilling B.thrilled C.shocked D.ashamed 30.A.right B.concern C.reward D.pride 31.A.takeup B.gowith C.tidyup D.brightenup 32.A.impression B.treatment C.affection D.comfort 33.A.plan B.importance C.purpose D.faith 34.A.cases B.occasions C.situations D.conditions 35.A.last B.personal C.essential D.voluntary四、用单词的适当形式完成短文阅读下面短文,在空白处填入1个适当的单词或括号内单词的正确形式。

  1. 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
  2. 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
  3. 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。

A Framework to Protect Mobile Agents by Using Reference States*Fritz HohlInstitute of Parallel and Distributed High-Performance SystemsUniversity of Stuttgart, D-70565 Stuttgart, GermanyFritz.Hohl@informatik.uni-stuttgart.deAbstractTo protect mobile agents from attacks by their execution environments,or hosts,one class of protection mechanisms uses“reference states”to detect modification attacks.Ref-erence states are agent states that have been produced by non-attacking,or reference hosts.This paper examines this class of mechanisms and presents the bandwidth of the achieved protection.First,the notion of reference states is introduced.This notion allows to define a protection scheme that can be used to realize a whole class of mecha-nisms to protect mobile agents.To do so,after an initial analysis of already existing approaches,the abstract fea-tures of these approaches are extracted.A discussion exam-ines the strengths and weaknesses of the general protection scheme,and a framework is presented that allows an agent programmer to choose an appropriate protection level us-ing this scheme.An example illustrates the usage of the framework and its overhead.1.IntroductionMobile agents are program instances that are able to mi-grate from one agent platform to another,thus fulfilling tasks on behalf of a user or another entity.They consist of three parts:code,a data state(e.g.instance variables),and an execution state that allows them to continue their pro-gram on the next platform.For the area of mobile agents, security is a very important aspect since neither the provid-er of an agent platform or an agent-based service,nor the owner of an agent wants to be harmed by employing this technology.This is a non-trivial requirement in mobile agent systems,asfirst,the executing party has no vital in-terest to execute a program correctly,and second,the em-ployer of a program has to give away the control over the execution.While the mechanisms that allow the executing party to protect its system seem to be feasible today,the protection of the agent,and,in turn its owner,is still subject of ongo-ing research.One way to protect agents is to follow an organizational approach,i.e.to make sure that only trustworthy parties ex-ecute an agent.Unfortunately,such an approach either se-verely restricts the agent’s autonomy,requires a critical mass of infrastructure in order to be used or disallows a number of advantages of the mobile agent technology.An-other way to protect agents is to use special,trusted, tamper-free hardware(see e.g.[9]).This approach seems to be not attractive since it requires a host to buy specialized hardware that does notfit into existing systems and may not scale up efficiently,If neither organizational mechanisms nor special hard-ware can be used,mobile agents have to be protected by software means only.Currently,there are two approaches that try to protect an agent from all major attacks.Thefirst approach,which is called Mobile Cryptography[7],aims at converting agents into programs that work on encrypted da-ta,i.e.the operations use encrypted parameters and return encrypted results without the need to decrypt these data during execution.The second approach based completely on software is called Time-limited Blackbox Protection [3].Here,the agent code is obfuscated using techniques that are hard to analyse by programs.Since such an obfus-cation can be broken by a human attacker given enough time,the agent bears an expiration date,after which the agent gets invalid.Successful attacks before this expiration date are impossible.Unfortunately,both approaches are not yet mature enough to be used.As long as complete software protection does not suc-ceed,other protection mechanisms have to be examined. These mechanisms will not be able to prevent every attack, but will provide at least protection from certain attack classes.As we will see,one important class of protection mechanisms uses“reference states”,i.e.agent states that have been produced by non-attacking,or reference hosts to detect modification attacks of malicious hosts.* This work was funded by the Deutsche Forschungs-gemeinschaft (DFG) by grant no. RO 1086/4-2.2.Attacks, Reference behaviour, and Reference States 2This paper will examine this class of mechanisms and present the bandwidth of the achieved protection.For that purpose,a new general definition of attacks against mobile agents is presented in Section 2.To allow a practicable pro-tection scheme,the notion of reference states is introduced.This notion allows to realize a whole number of mecha-nisms to protect mobile agents.After an initial analysis of existing approaches in Section 3,the abstract features of these approaches are extracted.A discussion of the strengths and weaknesses of the general protection scheme is given in Section 4.In Section 5,a framework is presented that allows an agent programmer to choose a specific level of protection using the reference states scheme.An exam-ple illustrates the advantages of the framework in Section 6.After having measured the example in terms of over-head, Section 7 concludes this paper.2.Attacks, Reference behaviour, and Refer-ence StatesIn this section,we will examine the question of what an attack against a mobile agent is,and whether and how the answer leads to protection schemes.First,the used agent model is defined.2.1Agent execution modelIn this paper,the following model of the execution of a mo-bile agent will be used (see Figure 1).The agent is a construct consisting of code,data state,and execution state.The aim of an agent is to fulfil a task on behalf of its owner.For this purpose,the agent migrates along a sequence of hosts.The host takes the initial agent state,i.e.data and execution state,and starts an execution session.In this session,the host processes the agent using the code and some input,producing a resulting agent state.The input includes all the data injected from the outside of the agent,i.e.both communication with partners residing on other hosts and data received directly by or via the cur-rent host.The latter e.g.includes results from system calls like random numbers or the current system time.When the agent migrates to another host or dies,the execution ses-sion is finished on this host.The resulting state produced by one host is used as the initial state on the next host.Sincecode and other constant parts of an agent are digitally signed, an attacker cannot modify them undetected.2.2Attacks and reference behaviourThe term “attack”related to mobile agent protection is rarely defined explicitly,but most often used in an intuitive manner.Since the term is normally understood as a viola-tion of the expectations of the agent programmer or owner we can define attack as follows:Definition:An attack is a difference in behavior between the attacking host and a non-attacking or refer-ence host,i.e.one that acts as expected (“reference behav-ior ”)given the same state and resources (and unambiguous, complete specifications).In this definition,attacks include different behaviour due to (unintentional)errors,caused by a misinterpretation of the specifications or by technical faults.Although this definition seems to be intuitively under-standable,the term “reference behaviour”needs more ex-planation.One can argue that first,no two implementations of a specification behave equally,and second,the behav-iour of even the same implementation may differ,depend-ing on external factors,such as e.g.the actual state of thread scheduling.This may be true for a number of sys-tems,but not on the level our notion of behaviour is situated on.We denote with “behaviour”the level of expectation of the agent programmer,i.e.the way the system has to be-have in order to execute an agent.If this behaviour differs from the specification,the system acts in a way the pro-grammer did not expect,so it is likely the agent will fail to run.This expectation of the programmer,based on the specification,will probably not determine the behaviour of the system in every detail (e.g.the implementation of inte-gers at the bit level),but is,at an overall level,an adequate model of the system.Therefore,the difference in behaviour cannot be measured automatically on a low level,but by us-ing the knowledge of the programmer to compare two exe-cutions instead.The attack definition above leads to a protection scheme where the difference in behaviour is measured to prove or at least detect misbehaviour.There are two problems that restrict the practicability of this solution.First,some of the behaviour of the host cannot be observed from the outside of the host.In principle,either all malicious behaviour sooner or later results in perceptible actions,or -if the ma-licious behaviour does not result in a perceptible action -this behaviour does not matter since it has no consequenc-es.Practically,it is too difficult to control all future actions of a host.Second,it is at least difficult to provide the reference host with the state and resources of the untrusted host.As aa g e n t c r e a t i o ninputexecutionhost 1inputexecutionhost 2inputexecutionhost 3inputexecutionhost 4a g e n t t e r m i n a t i o nm i g r a t i o nm i g r a t i o nm i g r a t i o ninitial state resulting stateFig. 1: Agent execution modelhost may e.g.offer a whole database,such a provision would require the transfer of possibly very much data.Ad-ditionally,if this data has to be transported from the un-trusted host,no one can check the equivalence of this data set to the one stored in the untrusted host.2.3Reference statesWhat can be done practically is to measure not the dif-ference in behaviour between an untrusted and a reference host,but the difference in the variable parts of an agent computed from the untrusted host on one hand and a refer-ence host on the other hand,given the complete input dur-ing the computation. This leads us to:Definition:A reference state consists of the variable parts(i.e.the state)of a mobile agent executed by a host showing reference behavior.The input includes all the data injected from the outside of the agent,i.e.both communication with partners resid-ing on other hosts and data received directly by or via the current host.The latter includes e.g.results from system calls like random numbers or the current system time.If we are able to measure the difference in state,we are able to detect attacks,that differ in the resulting state from a reference state.These attacks include write or modifica-tion attacks of the variable parts of the agent and attacks, where the agent code is not executed according to the spec-ifications.What cannot be detected by this approach are read attacks and attacks where the party that mediates input and output modifies or suppresses them.3.Analysis of Existing ApproachesIn this section,we will analyse three existing approach-es that use a kind of reference state to detect attacks by the host.First,we will describe the mechanisms and state the level of protection they offer.Afterwards we will classify them according to criteria like the used moment of check-ing and the used reference data.3.1State appraisalFarmer,Guttman and Swarup present in[2]a“state ap-praisal”mechanism that checks the validity of the state of an agent as thefirst step of executing an agent arrived at a host.This checking mechanism only considers the current state of the arrived agent.The mechanism can consist e.g. of a set of conditions that have to be fulfilled after the exe-cution session.In this case,the reference data is structured as a set of rules.These rules are formulated by the program-mer who stated relations between certain elements of the state.The check is done by the host that received an agent,and it is in the interest of this host to do so as it wants to execute only valid,i.e.untampered agents(which else might attack him).If the host does not check the agent(e.g. because the host collaborates with the attacking host),an attack against an agent cannot be detected.The question of which further attacks cannot be detected depends partly on the used checking mechanism.If e.g.for the conditions,only boolean and numerical operators are used(i.e.constructs that are not turing complete),there are computations that can be done by programs,but not by con-ditions.Therefore,there may be computations that cannot be checked by this kind of rules.The lack of the input to the agent also leads to attacks that cannot be detected.Imagine e.g.an agent that remotely receives prices for a good from different shops.Then a lowest price is computed and the other prices are removed.The host may modify the execu-tion and/or the prices at its will without being detected as it is impossible tofind an inconsistency in the resulting state without the used prices.3.2Server replicationIn[6],Minsky et al.propose to use a fault tolerance mechanism to also detect attacks by malicious hosts.The authors assume for every stage,i.e.an execution session on one host,a set of independent,replicated hosts,i.e.hosts that offer the same set of resources(e.g.the same data),but do not share the same interest in attacking a host(e.g.be-cause they are operated by different organizations).Every execution step is processed in parallel by all replicated hosts.After the execution,the hosts vote about the result of the step.At all hosts of the next step,the votes(i.e.the re-sulting agent states)are collected.The executions with the most votes wins,and the next step is executed.Obviously, even(n/2-1)malicious hosts can be tolerated.From our point of view,this means that an execution is checked by using a set of other executions,and by counting the number of equal results.Since the hosts work in parallel,the input to the agent has to be shared and one host must not be able to hold back input to the other hosts.The server replication approach can detect all attacks that result in a different agent state.Collaboration attacks of up to(n/2-1)malicious hosts of the same step can be detected.Additionally,even attacks between collaborating hosts of different steps can be found as long as the above condition holds.3.3Execution tracesApart from checking the inherent integrity of agents or comparing agent states resulting from parallel execution, the third major idea to check the execution of an agent is tolet the executing host produce an execution protocol or trace.In[8],Vigna presents an approach that uses this idea to allow an agent owner to check the execution sessions at different hosts when a fraud is suspected.For this purpose, every host records a trace that looks like the one in Figure 2b.A trace consists of pairs(n,s)where n denotes the identifier of the executed code statement.In case this state-ment modifies the state of the agent using information from the outside of the agent(i.e.“input”in our terms),s de-notes the list of variable-value pairs that state the content of these variables after executing this statement.After the execution,the host creates a hash of the trace and a hash of the resulting agent state.Theses hashes are signed by the host and are sent to the next host,together with the code and state of the agent.The trace itself has to be stored by the host.The agent continues to fulfil its task and returns to its home host afterwards.Now,the agent owner can decide whether he/she wants to check the agent or not.In case of a suspicion,he/she requests the traces from the corresponding hosts starting at thefirst host.First, he/she computes a hash of the received trace and compares this hash with the one stored at the next host.If these hashes are identical,the host commits on this trace.Then the agent with its initial state is re-executed.In case of statements that used input from the outside,the values recorded in the trace are used.If a hash of the resulting state of the agent on this host is equal to the one signed by this host(which can be provided also by the next host),this host did not cheat,and the checking process continues.The case that the following host pretends to have received a different in-itial agent state,is prevented by sending back a signed mes-sage that commits this state back to the sending host.This approach detects all attacks that result in a different state as long as the host does not lie about the input to the agent.Note that the owner can only determine which host played wrong,but not the difference in the agent state as only hashes of the final states exist.3.4AnalysisTo obtain a better understanding of the protection band-width of the class of mechanisms that use a reference state, we have to extract the generic attributes from the presented mechanisms and the relations between these attributes. These attributes are:Moment of checkingThe reference state can be checked eithera) after every execution session on one hostb) after the agent has finished its taskSince the overall aim is to identify the host(s)that at-tacked an agent during its journey,and since malicious hosts may occur anywhere along the route,choosing b)also means thatfirst,the route,i.e.the list of visited hosts has to be stored somewhere in a secure way.This can happen ei-ther by dynamically recording the stations,appending this information digitally signed to the agent data,or by sending this information to the owner upon every migration,or by having an apriori,signed itinerary.Second,the used refer-ence data has to be stored for every of the execution ses-sions,since,without this precaution,the malicious host cannot be identified.In principle,one could think of checking in smaller time intervals,e.g.on the level of single statements.In reality though,you have to wait until an agent has left a host since a host can always run two agents,a correctly executed one and a manipulated one.Then,the agent that was executed correctly can be used to produce the(correct)checking out-put while the manipulated agent migrates to the next host. Therefore,using a smaller time interval would not prove the correct execution of the migrated agent.Used reference dataDepending on the moment of checking,the reference data used by the algorithm might differ.If the execution is checked after an execution session or after the agent ful-filled its task,a combination of the initial state,the resulting state,the input to the session,the execution log and the rep-licated resources can be used.Used checking algorithmIndependent from the moment of checking,any of the following checking algorithms can be used(note that the presented algorithms mark only some points in the contin-uous bandwidth of possible algorithms):rulesThis term subsumes simple(i.e.non turing complete) rule mechanisms that allow to check e.g.postconditions in form of first order logic (like moneySpent + mon-eyRest = moneyInitial). As has been argued in Section3.1, such mechanisms may not detect all attacks, butoften rules are easy to state and to check. Rules mayuse any of the presented reference data.re-executionRe-executions aims at executing an agent according to the reference specification given the same set of con-ditions (i.e. input) as the execution to check. As forrules, the whole checking process can be automated,10read(x)11y=x+z12m=y+113k=cryptInput 14m=m+kFig. 2a: Code frag-ment 10x=5111213k=214Fig. 2b: Trace of the code fragment4.Strengths and Weaknesses of Mechanisms Using Reference States5i.e. supported by system mechanisms. After having re-executed the specified amount of statements (i.e. one, or a session, or a task), both executions are compared.This can be done either by comparing the “execution logs” that can contain e.g. changes in data and execu-tion state, or by comparing the resulting agent states.Therefore, re-execution needs input, initial agent state, and execution log or resulting agent state as reference data.The power of the approach depends on the level of detail of the execution log. In case of using only theresulting state,the host can lie about the messages sent to communication partners (such as “send $100 to the host”).Even if the log contains such messages,it is not possible to check whether such a message was actually sent by just looking at the logs.It can be argued that it is impossible to restore theconditions of the original executions for checking asthese conditions may include e.g. racing conditions in case of parallel threads (this is no problem for agentsystems that allow only one thread per agent). Imaginee.g.that an agent computes a list out of an input,wherethe ordering of the elements depends on the timing of two threads the agent uses.Then the list cannot be com-pared simply with the list of another execution as the other list may contain the same elements, but in differ-ent order. To solve this problem and the problem that input should be authenticated, a more powerful algo-rithm is needed.arbitrary programThis is the most powerful algorithm as it includes the presented ones and allows for more, e.g. to check the reception of messages. Since this algorithm is notknown in advance, the system can offer only basic sup-port, i.e. the possibility to execute the program when checking is required. Therefore, any of the referencedata may be used by this checking mechanism.The combination of these attributes opens a space of po-tential mechanisms that is much larger than the three ap-proaches we have seen in this section.If we want to allow the programmer to choose a protection mechanism that is appropriate for his/her specific application,we have to of-fer him/her a framework instead of a single mechanism.4.Strengths and Weaknesses of MechanismsUsing Reference StatesAs mentioned before,mechanisms using reference states cannot detect all possible attacks by malicious hosts. In this section,we will analyse the bandwidth of the result-ing protection,identify applications that cannot be protect-ed and discuss possible extensions.4.1Resulting protection bandwidthThe protection bandwidth depends on the used at-tributes.i.e.the moment of checking,the used reference da-ta,and the checking algorithm.A mechanism at the lower end of the protection scale uses only the weakest attributes, i.e.it checks after the execution task,uses the resulting agent state,and employs rules to check the execution.Since the agent is checked after fulfilling its task,a compromised agent continues to work on other hosts.Unwanted actions the agent may have done as a result of the attack in interac-tions with honest partners can be blamed to the attacker,but it may be difficult to compensate them after the agent re-turned home.Checking only the resulting states by using rules does not allow to detect all attacks.If a rule e.g. checks whether the initial money equals the spent sum plus the remaining amount,an attack that led to an unwanted purchase cannot be uncovered.Although this mechanism can be performed very efficiently and does not delay the ex-ecution on the different hosts,it is not very powerful from a security point of view.A mechanism at the higher end of the protection scale checks after every execution session,uses all possible ref-erence data and allows for an arbitrary checking algorithm. If the next host checks the execution of the former host,it can be sure to execute an untampered agent in case of a suc-cessful check.Since the mechanism allows for re-execut-ing the agent,the computation of a former host is compre-hensible.Obviously,this mechanism is more powerful than the simple one above.But its disadvantage is its computa-tional and communication overhead:first,the computation is roughly doubled,and second,the system has to transport one more agent state plus the input at a host.In case of the detection of a fraud,the question of the consequences remains.In a setting where an attacker can harm a party without consequences,just detecting attacks is useless.Only if legal,organizational or social steps can be taken, schemes like the presented one make sense.4.2Applications that cannot be protectedAttacks that do not result in a different agent state can-not be detected by using the presented protection scheme. Especially read attacks,i.e.attacks that aim solely at the knowledge of agent data,lie outside the scope,as these at-tacks do not leave traces in the agent state.If the goal is to achieve a complete agent protection,other mechanisms have to be developed for this purpose.Other attacks that cannot be detected arefirst,attacks where the executing host lies about the input an agent receives.Second,attacks, where the host forces the agent to do something(like buy-ing a good),and,subsequently,migrates another,not com-promised version of the agent.5. A Checking Framework for Mobile-Agents-Systems65. A Checking Framework for Mobile-Agents-SystemsIn this section,a framework is presented that supports the implementation of a wide range of checking mecha-nisms using reference states.It provides functionality for employing the generic attributes found in the last section. The idea is to let the agent programmer decide about the check mechanism a host has to execute and to offer basic functionality like signing by the framework.Although it is implemented for the mobile agents system Mole[1],the presented scheme can be used for nearly every mobile agent platform implemented in Java that uses a weak mi-gration scheme,and offers callback methods in agents to the host.This is the case for most systems.Since we want to support the generic attributes,we explain the framework in relation to these attributes.Moment of checkingHere we need callbacks for the different moments(see Fig.3),i.e.after an execution session on one host,and after the agent fulfilled its task.The callback for the check mo-ment after an execution session is called check-AfterSession.It is called as thefirst action on the next host,as it would be useless to check a session on the same host since then the host could also manipulate the check. The callback for the moment after the agentfinishes its task is called checkAfterTask.It is called by the last host that executes the agent, often the home host of the agent. Used reference dataHere we have to make sure that,at the end of an execu-tion session,we have the needed data in a form that allows to check the execution.The initial and resulting states are no problem since it is exactly this portion of data that has to be transported to and from the executing host.Replicated resources are simply objects that are appended to the agent (although this part may be large).To create an input list or an execution log,two ways can be followed.Either this in-formation is collected by a modified Virtual Machine,or written to special containers by code that is instrumented either automatically or ing manually instru-mented code has the advantage that the programmer can specify the type and format of the data,which can be more efficient if the checking algorithm is also provided by him/ her.Finally,we want to choose which reference data will be used for checking.In case of creating reference data by manually instrumented code,this is done by the program-mer in the routines that create this data,but if we have au-tomatic support for creating reference data,this has to be pointed out to the framework.This can be done by declar-ing the implementation of interfaces named Initial-StateRequester,ResultingStateRequester, Input-Requester,ExecutionLogRequester, and ResourceRequester,similar to the usage of Clonable in Java.Used checking algorithmAs the“arbitrary program”alternative is the most pow-erful approach and includes all other alternatives,it is enough to execute code written by the agent programmer when we want to check an execution.If we want to support the other approaches,we can let the programmer include supporting code.Rules can be supported by encoding the rules manually as program statements.Support for re-exe-cution may happen on different levels.The problem is the question of how the original code can be used for re-execu-tion.First,the code has to be executed a second time using the input taken from the reference input data.Second,out-put actions can be suppressed as they are not needed for checking the execution.Third,the resulting state has to be compared with the one of the original execution in a man-ner that can be specified by the agent programmer(due to the problems discussed in the last section).Solutions to this problem include a modified execution environment(i.e.a Java Virtual Machine)that is able to use the reference input set instead(in this case the unmodified code can be used), a copy of the original code,automatically instrumented by statements that do the needed actions(i.e.second execu-tion,output suppression,and state comparison),andfinally, a copy of the original code that is instrumented manually by the programmer.To explore this aspect,the last solution was examined for the example application(see next sec-tion).Callbacks in the agent checkAfterSession()Host calls this method when agent arrives checkAfterTask()This method is called by the last host Interfaces implemented by agent InitialStateRequesterdeclares need for initial state ResultingStateRequesterdeclares need for resulting state InputRequesterdeclares need for input ExecutionLogRequesterdeclares need for execution log ResourceRequesterdeclares need for replicate host resources Fig. 3: Framework methods agent。

相关文档
最新文档