DOCSLIB.ORG

Chapter 6 Protection of Information in Computer Systems

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Chapter 6 Protection of Information in Computer Systems TOPICS IN THE ENGINEERING OF COMPUTER SYSTEMS CHAPTER 6 PROTECTION OF INFORMATION IN COMPUTER SYSTEMS JANUARY 2002 TABLE OF CONTENTS Table of Contents 6–1 Overview 6–5 Glossary 6–7 A. Introduction to secure systems 6–13 1. Attack classification 6–14 2. Protection is a negative goal 6–15 3. Design principles 6–18 4. Protection model 6–21 5. Trusted computing base 6–23 B. Cryptography as a building block for secure systems 6–25 1. Model for ciphers 6–26 2. Cryptography 6–29 3. Unbreakable cipher (one-time pad) and random generators 6–30 4. Pseudo-random number generators 6–32 5. A short-key shared-secret cipher: Data Encryption Standard (DES) 6–32 6. A public-key cipher: Rivest, Shamir, and Adleman (RSA) 6–35 7. Cryptographic hash functions 6–36 C. Authentication 6–39 1. Authentication of claimed identity 6–40 2. Message authentication 6–43 3. Message authentication terminology 6–43 4. Authentication is different from confidentiality 6–44 5. Authentication model 6–45 6. Properties of sign and verify 6–47 7. Computing a MAC 6–48 8. Computing a digital signature 6–49 © 1999–2002 by M. Frans Kaashoek and Jerome H. Saltzer 6–2 Protection of Information in Computer Systems 9. Key distribution 6–49 D. Authorization 6–51 1. Thesimpleguardmodel 6–51 2. Example: dynamics of use in a multi-user time-sharing system 6–54 3. The caretaker model 6–57 4. Non-discretionary access control with the flow-control model 6–58 E. Confidentiality 6–63 1. Using virtual memory to provide confidentiality within a shared system 6–63 2. Sealing primitives: communicating privately over untrusted networks 6–67 3. A shared-secret sealing system 6–69 4. A public-key sealing system 6–70 5. Achieving both confidentiality and authentication 6–71 F. Cryptographic protocols 6–75 1. Example: key distribution 6–75 2. Designing cryptographic protocols 6–79 3. An incorrect key distribution protocol 6–81 4. A key distribution protocol using a public-key system 6–84 5. Example: the secure socket layer (SSL) protocol 6–85 G. Advanced authentication 6–91 1. Reasoning about authentication protocols 6–92 2. Authentication in distributed systems 6–95 3. Authentication across administrative realms 6–97 4. Authenticating public keys 6–99 5. Authenticating certificates 6–100 6. Certificate chains 6–103 7. Example: server authentication with SSL 6–104 Acknowledgements 6–106 Appendix 6–A. War Stories: Protection System Failures 6–107 1. Residues: profitable garbage 6–107 2. A weak design causes two failures 6–110 3. The multiply–buggy password transformation 6–111 4. Controlling the configuration 6–112 5. The kernel trusts the user 6–113 6. An attack on our system would be too expensive 6–114 7. Meremortalsmustbeabletofigureouthowtouseit 6–115 8. The Web can be a dangerous place 6–115 9. The re–used password. 6–116 Draft Version of January 27, 2002 3:27 pm Table of Contents 6–3 10. Signalling with clandestine channels 6–117 11. Itseemstobeworkingjustfine 6–118 12. The incomplete check of parameters 6–121 13. Spoofing the operator 6–121 14. The special case that failed. 6–121 15. A thorough system penetration job. 6–122 16. Framing Enigma 6–122 Index of concepts 6–125 Last page 6–125 Draft Version of January 27, 2002 3:27 pm 6–4 Protection of Information in Computer Systems Draft Version of January 27, 2002 3:27 pm 6–5 CHAPTER 6Protection of Information in Computer Systems Overview Secure computer systems ensure that users’ privacy and possessions are protected. Security is a broad topic, ranging from issues such as not allowing your friend to read your files to protecting to a nation’s infrastructure against terrorist attacks. Defending against an intentionally malicious user is a negative goal. The designer of a computer system has to assure that there is no way in which the attacker can breach the security of the system. The designer must develop good security mechanisms and must ensure that an attacker cannot side step these security mechanism. For example, often the simplest way for an attacker to steal confidential information is to bribe someone on the inside who can provide the information. Because security is a negative goal, it requires a different design approach from the one we have seen in the previous chapters. We will introduce the safety net approach, which has two guidelines: 1. Consider everything that possibly could go wrong. An attacker has to find only one hole in the security of the system to achieve his objective. The designer must therefore consider any attack that has security implications; these attacks include snooping on private conversations, exploiting programming mistakes in the software, breaking locks, guessing passwords, bribing a guard, reconstructing information from the radiation of electronic circuits, abusing the maintenance procedures to change the system, inspecting the trash for useful information, etc. These attacks might be launched either from the outside or from the inside, for example, by an employee who may even have permission to use the system. 2. Assume you will make errors. Because the designer must plan for everything that might go wrong, he must also assume he will make errors. Furthermore, because an attacker has no incentive to report errors, the designer must have a plan for detecting errors quickly, repairing them, and avoiding repeating the same mistake. Such a plan includes designing for feedback to find errors quickly, designing for iteration to repair errors quickly, designing multiple layers of defense so that one error won’t break the security of the system, certifying the system to ensure that the design meets the specification and the implementation meets the design, and designing audits and checklists so that previous mistakes aren’t repeated. The conceptual model for protecting computer systems against attackers is based on the client-server model, in which a client module, on behalf of some user, sends a request to a server. To achieve security, the server has to answer the following three questions before performing the requested operation: 1. Who is the user making the request? Draft Version of January 27, 2002 3:26 pm 6–6 Protection of Information in Computer Systems 2. Is the request actually the one that the user made? 3. Is the user permitted to make such a request? The server should answer all of these questions for every request. To protect against inside attacks (users that have the appropriate permissions, but abuse them) or attackers that successfully break the security mechanisms, the server should also maintain audits of who used the system, what authorization decisions have been made, etc. This information can be used to determine who the attacker was after the attack and bring him to justice. In the end, a primary instrument to deter attackers is detection and punishment. Draft Version of January 27, 2002 3:26 pm Glossary 6–7 Glossary Access-control list (ACL)—A list of principals that are authorized to have access to some object. Active attack—An attack in which the intruder can create, delete, and manipulate messages destined for a principal (including substituting one message for another by replaying a message that was copied earlier). Appropriateness—A property of a message in cryptographic protocol: if the message is appropriate, then it is a member of this instance of this protocol (i.e., it is not copied from another instance of this protocol or from another protocol). Authentication—Verifying the identity of a principal or the authenticity of a message (its origin and integrity). Authentication keys—Cryptographic keys used for signing and verifying messages. Authentication tag—A cryptographically-computed string, associated with a message, that allows a receiver to verify the authenticity of the message. Authorization—Granting a principal permission to perform some operation, such as reading certain information. Block cipher—A class of ciphers in which a message is fragmented into fixed-size blocks, each of which is cryptographically transformed independently. Capability—In a computer system, an unforgeable ticket, which when presented is taken as incontestable proof that the presenter is authorized to have access to the object named in the ticket. Cascading change propagation—A property of a cryptographic transformation: changing a single bit in the cleartext message causes changes in all subsequent cipher blocks of that message. Certificate—A message that certifies the binding of a principal identifier to a key. Certificate authority (CA)—A principal that signs certificates. Certify (v.)—To check the accuracy, correctness, and completeness of a security or protection mechanism. Cipher—A cryptographic transformation that transform their input in such a way that it is difficult to reconstruct the input from the output, unless one knows a secret. Cipher-block chaining (CBC)—In cipher-block chaining, the result of encrypting one block is one of the inputs to the encryption of the next block. CBC encryption exhibits cascading change propagation. Draft Version of January 27, 2002 3:26 pm 6–8 Protection of Information in Computer Systems Ciphertext—A message that has been transformed cryptographically. Compare with plaintext. Cleartext—Synonym for plaintext. Computationally secure—Security based on the hardness of computational problems. Most cryptography for confidentiality and authentication is based on problems that have such a large work factor that they require years of computing time (instead of being impossible to solve). Confidentiality—Limiting information access to authorized principals. Synomym for secrecy. Confidentiality keys—Cryptographic keys used to seal or unseal messages. Confinement—Allowing a (perhaps) untrusted program to have access to data, while ensuring that the program cannot release information. Covert channel—A hidden communication channel in flow-controlled access-control system.
Load more

Recommended publications
  • 1.3 Μm Emitting Srf2:Nd3+ Nanoparticles for High Contrast In
    Nano Research 1 DOINano 10.1007/s12274Res -014-0549-1 3+ 1.3 µm emitting SrF2:Nd nanoparticles for high contrast in vivo imaging in the second biological window. Irene Villa1, Anna Vedda1, Irene Xochilt Cantarelli2, Marco Pedroni2, Fabio Piccinelli2, Marco Bettinelli2, Adolfo Speghini2, Marta Quintanilla3, Fiorenzo Vetrone3, Ueslen Rocha4, Carlos Jacinto4, Elisa Carrasco5, Francisco Sanz Rodríguez5, Ángeles Juarranz de la Cruz5, Blanca del Rosal6, Dirk H. Ortgies6, Patricia Haro Gonzalez6, José García Solé6, and Daniel Jaque García6 () Nano Res., Just Accepted Manuscript • DOI: 10.1007/s12274-014-0549-1 http://www.thenanoresearch.com on July 29, 2014 © Tsinghua University Press 2014 Just Accepted This is a “Just Accepted” manuscript, which has been examined by the peer-review process and has been accepted for publication. A “Just Accepted” manuscript is published online shortly after its acceptance, which is prior to technical editing and formatting and author proofing. Tsinghua University Press (TUP) provides “Just Accepted” as an optional and free service which allows authors to make their results available to the research community as soon as possible after acceptance. After a manuscript has been technically edited and formatted, it will be removed from the “Just Accepted” Web site and published as an ASAP article. Please note that technical editing may introduce minor changes to the manuscript text and/or graphics which may affect the content, and all legal disclaimers that apply to the journal pertain. In no event shall TUP be held responsible for errors or consequences arising from the use of any information contained in these “Just Accepted” manuscripts. To cite this manuscript please use its Digital Object Identifier (DOI®), which is identical for all formats of publication.
    [Show full text]
  • Project Verona
    Are we done? We now have a perfectly - secure cipher ! No ! are ! In fact as as the . - - if we can share of this can use same mechanism to Keys very long , long message keys length , " [ the itself ) • share " message One-time restriction Malleable Issues with the one-time pad: - : . Never . ! One-time Very important reuse the one-time pad to encrypt two messages Completely broken = ① = ① Mz C k M , and Cz k Suppose , = C +0 ④ k ⑦ Mz can this to recover Then , ④ Cz (k mi) ( ) , f- leverage messages = ← m ④ Mz learn the ✗or of two ! , messages One-time pad reuse : - Verona . Project (US counter-intelligence operation against U.s.sk during Cold War) ↳ ~ Soviets reused some in codebook to of ~ 3000 sent Soviet pages led decryption messages by intelligence over 37- year period [notably exposed espionage by Julius and Ethel Rosenberg ] - Microsoft Point-to-point Tunneling CMS- PPTP) in Windows 98 /NT (used for VPN) ↳ Same key (in stream cipher) used for both server → client communication AND for client → server ↳ communication (RCH) - 802.11 : client and server use WEP both same key to encrypt traffic one-time reuse (can even recover small many problems just beyond pad key after observing number of frames ! ) - : one-time no can the : M#ble pad provides integrity ; anyone modify ciphertext m ← K +0 C ← ' replace c with c. ④ m ' ' ⇒ = k ④ c ④ m ④ m ← 's cored into ( ) m adversary change now ✗ original message . a then tem If satisfies 114/3 / Ml . cipher perfect secrecy , : s to most . This that about Intuition Every ciphertext can decrypt at 1kt IMI messages means ciphertext leaks information the all Cannot be .
    [Show full text]
  • Toolbox of Action
    AlpInnoCT Toolbox of Action Solutions and approaches for Combined Transport in the Alpine Space Handbook with results from the AlpInnoCT Project Foreword 03 Combined Transport in the Alpine Space — RoLa – Rolling Highway. Source: www.ralpin.com/media/ Results from the AlpInnoCT Project The Alps are a sensitive ecosystem to be protected from pollutant emissions & climate change. Continued growth in freight traffic ModaLohr. Source: www.txlogistik.eu/ volume leads to environmental and social problems. These trends reinforce the need to review existing transport modes & develop innovative models to protect the Alpine Space. Therefore, the project Alpine Innovation for Combined Transport (AlpInnoCT) tackled the main challenges to raise CT efficiency and productivity. This included new approaches like the application of production industry knowhow as well as the analysis of existing strategies, policies and processes. Verona Quadrante Europa. Source:www.ferpress.it/ This Toolbox of Action summarizes the main results and aims transport-logistic2015- interporto-quadrante- to provide information for political and economic decision makers europa-presentazione- and the civil society, on how Combined Transport can be fostered progetto-easyconnecting/ in Europe and the Alpine Space for a successful shift of freight traffic, from road to rail. The AlpInnoCT project was carried out in the framework of the Alpine Space Programme – European Territorial Cooperation 2014 – 2020 (INTERREG VB), funded by the European Regional Development Fund (ERDF) and national
    [Show full text]
  • Commerce Parkway, Verona, WI 53593 P608.845.7930 F608.845.5648 Engineeredconstruction.Com
    ENGINEERED CONSTRUCTION, INC. 525 Commerce Parkway, Verona, WI 53593 p608.845.7930 f608.845.5648 engineeredconstruction.com 6515 Grand Teton Plaza, Suite 120, Madison, Wisconsin 53719 p608.829.4444 f608.829.4445 dimensionivmadison.com Beale Enterprises LLC 529 Commerce Parkway Verona, WI 53593 Architecture : Dimension IV − Madison Design Group 6515 Grand Teton Plaza, Suite 120, Madison, WI 53719 p: 608.829.4444 www.dimensionivmadison.com General Engineered Construction, Inc. Contractor: 525 Commerce Parkway, Verona, WI 53593 p: 608.845.7930 engineeredconstruction.com PROJECT/BUILDING DATA: CODE INFORMATION SUMMARY: NEW 1 STORY BUILDING APPLICABLE CODE 2009 WISCONSIN COMMERCIAL BUILDING CODE BUILDING AREAS 2009 INTERNATION BUILDING CODE TOTAL BUILDING AREA = 8,525SF FIRST FLOOR AREA = 8,125 SF CONSTRUCTION TYPE MEZZANINE FLOOR AREA = 400 SF TYPE VB = 1 STORY BUILDING PARKING COUNTS OCCUPANCY ARCHITECTURAL ABBREVIATIONS LEGEND TOTAL PARKING SPACES = 6 S1 - STORAGE (PRIVATE GARAGE) FIRE SPRINKLER + - AND FIN - FINISH PREFAB - PREFABRICATED BUILDING IS NON SPRINKLERED @ - AT FLR - FLOOR PERIM - PERIMETER AB - ANCHOR BOLT FND - FOUNDATION PC - PLUMBING CONTRACTOR AFF - ABOVE FINISH FLOOR FOM - FACE OF MASONRY P/C - PRECAST / PRESTRESSED FIRE RESISTANCE RATING BUILDING ELEMENTS RENDERING IS REPRESENTATIVE ONLY - SEE DOCUMENTS FOR ALL BUILDING INFORMATION LIST OF DRAWINGS ALT - ALTERNATE FOS - FACE OF STUD P/T - POST TENSIONED STRUCTURAL FRAME (COLUMNS & BEAMS) = 0 HOUR ALUM - ALUMINUM FTG - FOOTING PT - PRESSURE TREATED PROJECT PERSPECTIVE BEARING WALLS (EXTERIOR AND INTERIOR) = 0 HOUR ARCH - ARCHITECT / ARCHITECTURAL FUT - FUTURE NON-BEARING WALLS (EXTERIOR) = SHEET FV - FIELD VERIFY R - RADIUS 0 HOUR < 30' TO PROPERTY LINE BRD - BOARD RD - ROOF DRAIN NO RATING > 30' TO PROPERTY LINE NO.
    [Show full text]
  • Bounded Model Checking of Pointer Programs Revisited?
    Bounded Model Checking of Pointer Programs Revisited? Witold Charatonik1 and Piotr Witkowski2 1 Institute of Computer Science, University of Wroclaw, [email protected] 2 [email protected] Abstract. Bounded model checking of pointer programs is a debugging technique for programs that manipulate dynamically allocated pointer structures on the heap. It is based on the following four observations. First, error conditions like dereference of a dangling pointer, are express- ible in a fragment of first-order logic with two-variables. Second, the fragment is closed under weakest preconditions wrt. finite paths. Third, data structures like trees, lists etc. are expressible by inductive predi- cates defined in a fragment of Datalog. Finally, the combination of the two fragments of the two-variable logic and Datalog is decidable. In this paper we improve this technique by extending the expressivity of the underlying logics. In a sequence of examples we demonstrate that the new logic is capable of modeling more sophisticated data structures with more complex dependencies on heaps and more complex analyses. 1 Introduction Automated verification of programs manipulating dynamically allocated pointer structures is a challenging and important problem. In [11] the authors proposed a bounded model checking (BMC) procedure for imperative programs that manipulate dynamically allocated pointer struc- tures on the heap. Although in this procedure an explicit bound is assumed on the length of the program execution, the size of the initial data structure is not bounded. Therefore, such programs form infinite and infinitely branching transition systems. The procedure is based on the following four observations. First, error conditions like dereference of a dangling pointer, are expressible in a fragment of first-order logic with two-variables.
    [Show full text]
  • Dipartimento Di Informatica E Scienze Dell'informazione
    Dipartimento di Informatica e • • Scienze dell'Informazione ••• • High performance implementation of Python for CLI/.NET with JIT compiler generation for dynamic languages. by Antonio Cuni Theses Series DISI-TH-2010-05 DISI, Universit`adi Genova v. Dodecaneso 35, 16146 Genova, Italy http://www.disi.unige.it/ Universit`adegli Studi di Genova Dipartimento di Informatica e Scienze dell'Informazione Dottorato di Ricerca in Informatica Ph.D. Thesis in Computer Science High performance implementation of Python for CLI/.NET with JIT compiler generation for dynamic languages. by Antonio Cuni July, 2010 Dottorato di Ricerca in Informatica Dipartimento di Informatica e Scienze dell'Informazione Universit`adegli Studi di Genova DISI, Univ. di Genova via Dodecaneso 35 I-16146 Genova, Italy http://www.disi.unige.it/ Ph.D. Thesis in Computer Science (S.S.D. INF/01) Submitted by Antonio Cuni DISI, Univ. di Genova [email protected] Date of submission: July 2010 Title: High performance implementation of Python for CLI/.NET with JIT compiler generator for dynamic languages. Advisor: Davide Ancona DISI, Univ. di Genova [email protected] Ext. Reviewers: Michael Leuschel STUPS Group, University of D¨usseldorf [email protected] Martin von L¨owis Hasso-Plattner-Institut [email protected] Abstract Python is a highly flexible and open source scripting language which has significantly grown in popularity in the last few years. However, all the existing implementations prevent programmers from developing very efficient code. This thesis describes a new and more efficient implementation of the language, obtained by developing new techniques and adapting old ones which have not yet been applied to Python.
    [Show full text]
  • Aubio Documentation Release 0.5.0-Alpha
    aubio Documentation Release 0.5.0-alpha Paul Brossier Jan 19, 2021 Contents 1 Quick links 3 2 Project pages 5 3 Features 7 4 Content 9 4.1 Installing aubio..............................................9 4.2 Downloading aubio............................................ 10 4.3 Building aubio.............................................. 11 4.4 Build options............................................... 14 4.5 Installing aubio for Python........................................ 19 4.6 Python documentation.......................................... 20 4.7 Command line tools........................................... 48 4.8 Developing with aubio.......................................... 66 4.9 About................................................... 68 Index 71 i ii aubio Documentation, Release 0.5.0-alpha aubio is a collection of algorithms and tools to label and transform music and sounds. It scans or listens to audio signals and attempts to detect musical events. For instance, when a drum is hit, at which frequency is a note, or at what tempo is a rhythmic melody. aubio features include segmenting a sound file before each of its attacks, performing pitch detection, tapping the beat and producing midi streams from live audio. Contents 1 aubio Documentation, Release 0.5.0-alpha 2 Contents CHAPTER 1 Quick links • Python documentation • Command line tools • Developing with aubio • Building aubio 3 aubio Documentation, Release 0.5.0-alpha 4 Chapter 1. Quick links CHAPTER 2 Project pages • Project homepage: https://aubio.org • aubio on github: https://github.com/aubio/aubio • aubio on pypi: https://pypi.python.org/pypi/aubio • Doxygen documentation: https://aubio.org/doc/latest/ • Mailing lists: https://lists.aubio.org • Travis Continuous integration page • Appveyor Continuous integration page • Landscape python code validation • ReadTheDocs documentation 5 aubio Documentation, Release 0.5.0-alpha 6 Chapter 2.
    [Show full text]
  • Database Synchronization Between Mobile Devices and Classical Relational Database Management Systems
    Faculty of Engineering and Natural Sciences Database synchronization between mobile devices and classical relational database management systems MASTER'S THESIS submitted in partial fulfillment of the requirements for the academic degree Diplom-Ingenieur in the Master's Program SOFTWARE ENGINEERING Submitted by Gergely Kalapos At the Institute for Application Oriented Knowledge Processing Advisor a.Univ.-Prof. Dr. Josef Küng Linz, January, 2015 Eidesstattliche Erklärung Ich erkläre an Eides statt, dass ich die vorliegende Masterarbeit selbstständig und ohne fremde Hilfe verfasst, andere als die angegebenen Quellen und Hilfsmittel nicht benutzt bzw. die wörtlich oder sinngemäß entnommenen Stellen als solche kenntlich gemacht habe. Die vorliegende Masterarbeit ist mit dem elektronisch übermittelten Textdokument identisch. Gergely Kalapos Linz, January 2015 Statutory Declaration I declare that I have developed and written the enclosed master thesis entirely on my own, and have not used sources or means beyond those that are explicitly declared in the text. All thoughts from others and literal quotations are clearly indicated. Gergely Kalapos Linz, January 2015 ii Abstract One significant change in the IT industry in the past years was the rapid expansion of mobile devices. As these devices evolve they became part of different information systems and applications running on these devices communicate with other software components as any other software does. Although the performance of these Smartphones and Tablet-PCs also evolved there are some significant differences between classical PCs, Servers and these mobile devices: The latter will never have the same reliable network as a Server in a server room or a desktop PC connecting to a network via a fixed network cable.
    [Show full text]
  • VPN-Geddon Denied
    Security Now! Transcript of Episode #744 Page 1 of 24 Transcript of Episode #744 VPN-geddon Denied Description: This week we look at Microsoft's force-feeding of Windows 10 feature updates, the creation of a tool to keep Win7 and 8 updates freely flowing for free, the continuing evolution of a new highly secure programming language, an update to Microsoft's RDP client for iOS, Avast and AVG in the doghouse, some VERY severe authentication bypasses in OpenBSD, and a note about the WireGuard VPN. Then we take a look at the report which every security website breathlessly covered - and got wrong. High quality (64 kbps) mp3 audio file URL: http://media.GRC.com/sn/SN-744.mp3 Quarter size (16 kbps) mp3 audio file URL: http://media.GRC.com/sn/sn-744-lq.mp3 SHOW TEASE: It's time for Security Now!. Steve is here to talk about forced Microsoft Windows updates. We're going to talk about Microsoft turning to Rust for systems programming, a brand new VPN Steve likes an awful lot, and why you might have read some headlines about VPN-geddon you don't have to worry about. It's all coming up next on Security Now!. Leo Laporte: This is Security Now! with Steve Gibson, Episode 744, recorded Tuesday, December 10th, 2019: VPN-geddon Denied. It's time for Security Now!, the show where we talk about your security and privacy online with our good friend, Steve Gibson. Hello, Steverino. Steve Gibson: Yo, Leo. Great to be with you again. Leo: Good to see you.
    [Show full text]
  • Proceedings Der Linux Audio Conference 2018
    Proceedings of the Linux Audio Conference 2018 June 7th - 10th, 2018 c-base, in partnership with the Electronic Studio at TU Berlin Berlin, Germany Published by Henrik von Coler Frank Neumann David Runge http://lac.linuxaudio.org/2018 All copyrights remain with the authors. This work is licensed under the Creatice Commons Licence CC BY-SA 4.0 Published online on the institutional repository of the TU Berlin: DOI 10.14279/depositonce-7046 https://doi.org/10.14279/depositonce-7046 Credits Layout: Frank Neumann Typesetting: LATEX and pdfLaTeX Logo Design: The Linuxaudio.org logo and its variations copyright Thorsten Wilms c 2006, imported into "LAC 2014" logo by Robin Gareus Thanks to: Martin Monperrus for his webpage "Creating proceedings from PDF files" ii Partners and Sponsors Linuxaudio.org Technische Universität Berlin c-base Spektrum CCC Video Operation Center MOD Devices HEDD Native Instruments Ableton iii iv Foreword Welcome everyone to LAC 2018 in Berlin! This is the 15th edition of the Linux Audio Conference, or LAC, the international conference with an informal, workshop-like atmosphere and a unique blend of scientific and technical papers, tutorials, sound installations and concerts centering on the free GNU/Linux oper- ating system and open source software for audio, multimedia and musical applications. We hope that you will enjoy the conference and have a pleasant stay in Berlin! Henrik von Coler Robin Gareus David Runge Daniel Swärd Heiko Weinen v vi Conference Organization Core Team Henrik von Coler Robin Gareus David Runge
    [Show full text]
  • Change Management Implementation Strategies for Small Businesses
    Walden University ScholarWorks Walden Dissertations and Doctoral Studies Walden Dissertations and Doctoral Studies Collection 2019 Change Management Implementation Strategies for Small Businesses Oneeka Rena' Rivers Walden University Follow this and additional works at: https://scholarworks.waldenu.edu/dissertations Part of the Health and Medical Administration Commons This Dissertation is brought to you for free and open access by the Walden Dissertations and Doctoral Studies Collection at ScholarWorks. It has been accepted for inclusion in Walden Dissertations and Doctoral Studies by an authorized administrator of ScholarWorks. For more information, please contact [email protected]. Walden University College of Management and Technology This is to certify that the doctoral study by Oneeka R. Rivers has been found to be complete and satisfactory in all respects, and that any and all revisions required by the review committee have been made. Review Committee Dr. Denise Land, Committee Chairperson, Doctor of Business Administration Faculty Dr. Rollis Erickson, Committee Member, Doctor of Business Administration Faculty Dr. Judith Blando, University Reviewer, Doctor of Business Administration Faculty The Office of the Provost Walden University 2019 Abstract Change Management Implementation Strategies for Small Businesses by Oneeka R. Rivers MA, University of South Carolina, 2010 BS, College of Charleston, 2006 Doctoral Study Submitted in Partial Fulfillment of the Requirements for the Degree of Doctor of Business Administration Walden University December 2019 Abstract Most organizational change initiatives fail because managers lack effective change management strategies. The purpose of this single case study was to explore change management strategies that outpatient care facility managers used to positively affect process improvements. The population consisted of 6 managers who completed change initiatives at a military, outpatient medical facility in Texas and 6 of their team members.
    [Show full text]
  • META-TRACING JUST-IN-TIME COMPILATION for RPYTHON Inaugural-Dissertation Zur Erlangung Des Doktorgrades Der Mathematisch-Naturwi
    META-TRACINGJUST-IN-TIMECOMPILATIONFORRPYTHON Inaugural-Dissertation zur Erlangung des Doktorgrades der Mathematisch-Naturwissenschaftlichen Fakultät der Heinrich-Heine-Universität Düsseldorf vorgelegt von Carl Friedrich Bolz September 2012 ABSTRACT Many dynamic languages are implemented using traditional inter- preters because implementing just-in-time (JIT) compilers for them is too complex. This limits their performance and restricts their ap- plicability. This thesis describes meta-tracing, a technique that makes it possible to apply a single tracing JIT compiler across a wide va- riety of languages. Meta-tracing is flexible enough to incorporate typical JIT techniques such as run-time type feedback and unboxing. With the help of several case studies, meta-tracing is applied to vari- ous language implementations. Performance measurements of using meta-tracing show improvements by up to factor 50 for implemen- tations of production languages. Meta-tracing can thus simplify the implementation of high-performance virtual machines for dynamic languages significantly, making these languages more practical ina wider context. iii ZUSAMMENFASSUNG Viele dynamische Programmiersprachen sind durch klassische In- terpreter implementiert, weil das Implementieren von Just-in- Time-Compilern für sie zu komplex ist. Dies schränkt ihre Geschwindigkeit und ihre Anwendbarkeit ein. In dieser Arbeit wird Meta-Tracing beschrieben, eine Methode, die es möglich macht, einen einzigen Tracing-JIT-Compiler auf eine große Bandbreite an Sprachen anzuwenden. Der Ansatz ist flexibel genug, typische JIT- Techniken zu ermöglichen, z.B. Laufzeit-Typ-Feedback und Unbox- ing. Mit Hilfe mehrerer Fallstudien wird Meta-Tracing evaluiert, indem es auf verschiedene Sprachimplementierungen angewendet wird. Geschwindigkeitsmessungen zeigen Verbesserungen von bis zu einem Faktor 50 für Implementierungen von Produktionssprachen.
    [Show full text]