@article{VandenhoutenBehrensSchnor2004, author = {Vandenhouten, Ralf and Behrens, Thomas and Schnor, Bettina}, title = {Entwicklung eines Gatewaysystems f{\"u}r telematikbasiertes Ger{\"a}temonitoring}, issn = {0949-8214}, year = {2004}, language = {de} } @book{Schnor2004, author = {Schnor, Bettina}, title = {Seminarband: Sensornetze}, series = {Technischer Bericht}, journal = {Technischer Bericht}, publisher = {Universit{\"a}t Potsdam, Institut f{\"u}r Informatik}, address = {Potsdam}, issn = {0946-7580}, year = {2004}, language = {de} } @article{SchneidenbachSchnorPetri2003, author = {Schneidenbach, Lars and Schnor, Bettina and Petri, Stefan}, title = {Architecture and Implementation of the Socket Interface on Top of GAMMA}, isbn = {0-7695-2037-5}, year = {2003}, language = {en} } @article{SchneidenbachSchnor2007, author = {Schneidenbach, Lars and Schnor, Bettina}, title = {Design Issues in the Implementation of MPI2 One Sided Communication in Ethernet based Networks}, isbn = {978-0-88986-637-9}, year = {2007}, abstract = {In current research, one sided communication of the MPI2 standard is pushed as a promising technique [6, 7, 10, 18]. But measurements of applications and MPI2 primitives show a different picture [17]. In this paper we analyze de sign issues of MPI2 one sided communication and its im plementations. We focus on asynchronous communication for parallel applications in Ethernet cluster environments. Further, one sided communication is compared to two sided communication. This paper will prove that the key problem to performance is not only the implementation of MPI2 one sided communication - it is the design.}, language = {en} } @article{SchneidenbachSchnor2005, author = {Schneidenbach, Lars and Schnor, Bettina}, title = {Migration of MPI Applications to IPv6 Networks}, isbn = {0-88986-468-3}, year = {2005}, language = {en} } @article{SchefflerSchnor2004, author = {Scheffler, Thomas and Schnor, Bettina}, title = {Securing Next generation Mobile Networks}, isbn = {0-86341-388-9}, year = {2004}, language = {en} } @article{SchefflerSchnor2005, author = {Scheffler, Thomas and Schnor, Bettina}, title = {Privacy Requirements for Embedded Sensor Devices}, isbn = {978-3-800729-09-8}, year = {2005}, abstract = {This paper analyses data privacy issues as they arise from different deployment scenarios for networks that use embedded sensor devices. Maintaining data privacy in pervasive environments requires the management and implementation of privacy protection measures close to the data source. We propose a set of atomic privacy parameters that is generic enough to form specific privacy classes and might be applied directly at the embedded sensor device.}, language = {en} } @misc{SahlmannSchefflerSchnor2018, author = {Sahlmann, Kristina and Scheffler, Thomas and Schnor, Bettina}, title = {Ontology-driven Device Descriptions for IoT Network Management}, series = {2018 Global Internet of Things Summit (GIoTS)}, journal = {2018 Global Internet of Things Summit (GIoTS)}, publisher = {IEEE}, address = {New York}, isbn = {978-1-5386-6451-3}, doi = {10.1109/GIOTS.2018.8534569}, pages = {295 -- 300}, year = {2018}, abstract = {One particular challenge in the Internet of Things is the management of many heterogeneous things. The things are typically constrained devices with limited memory, power, network and processing capacity. Configuring every device manually is a tedious task. We propose an interoperable way to configure an IoT network automatically using existing standards. The proposed NETCONF-MQTT bridge intermediates between the constrained devices (speaking MQTT) and the network management standard NETCONF. The NETCONF-MQTT bridge generates dynamically YANG data models from the semantic description of the device capabilities based on the oneM2M ontology. We evaluate the approach for two use cases, i.e. describing an actuator and a sensor scenario.}, language = {en} } @misc{SahlmannClemensNowaketal.2020, author = {Sahlmann, Kristina and Clemens, Vera and Nowak, Michael and Schnor, Bettina}, title = {MUP}, series = {Postprints der Universit{\"a}t Potsdam : Mathematisch-Naturwissenschaftliche Reihe}, journal = {Postprints der Universit{\"a}t Potsdam : Mathematisch-Naturwissenschaftliche Reihe}, number = {1094}, issn = {1866-8372}, doi = {10.25932/publishup-48901}, url = {http://nbn-resolving.de/urn:nbn:de:kobv:517-opus4-489013}, pages = {23}, year = {2020}, abstract = {Message Queuing Telemetry Transport (MQTT) is one of the dominating protocols for edge- and cloud-based Internet of Things (IoT) solutions. When a security vulnerability of an IoT device is known, it has to be fixed as soon as possible. This requires a firmware update procedure. In this paper, we propose a secure update protocol for MQTT-connected devices which ensures the freshness of the firmware, authenticates the new firmware and considers constrained devices. We show that the update protocol is easy to integrate in an MQTT-based IoT network using a semantic approach. The feasibility of our approach is demonstrated by a detailed performance analysis of our prototype implementation on a IoT device with 32 kB RAM. Thereby, we identify design issues in MQTT 5 which can help to improve the support of constrained devices.}, language = {en} } @article{SahlmannClemensNowaketal.2020, author = {Sahlmann, Kristina and Clemens, Vera and Nowak, Michael and Schnor, Bettina}, title = {MUP}, series = {Sensors}, volume = {21}, journal = {Sensors}, number = {1}, publisher = {MDPI}, address = {Basel}, issn = {1424-8220}, doi = {10.3390/s21010010}, pages = {21}, year = {2020}, abstract = {Message Queuing Telemetry Transport (MQTT) is one of the dominating protocols for edge- and cloud-based Internet of Things (IoT) solutions. When a security vulnerability of an IoT device is known, it has to be fixed as soon as possible. This requires a firmware update procedure. In this paper, we propose a secure update protocol for MQTT-connected devices which ensures the freshness of the firmware, authenticates the new firmware and considers constrained devices. We show that the update protocol is easy to integrate in an MQTT-based IoT network using a semantic approach. The feasibility of our approach is demonstrated by a detailed performance analysis of our prototype implementation on a IoT device with 32 kB RAM. Thereby, we identify design issues in MQTT 5 which can help to improve the support of constrained devices.}, language = {en} } @book{PolzeSchnor2005, author = {Polze, Andreas and Schnor, Bettina}, title = {Grid-Computing : [Seminar im Sommersemester 2003]}, publisher = {Universit{\"a}tsverlag Potsdam}, address = {Potsdam}, isbn = {978-3-937786-28-7}, url = {http://nbn-resolving.de/urn:nbn:de:kobv:517-opus-33162}, publisher = {Universit{\"a}t Potsdam}, pages = {1-34 ; 2-36}, year = {2005}, abstract = {1. Applikationen f{\"u}r weitverteiltes Rechnen Dennis Klemann, Lars Schmidt-Bielicke, Philipp Seuring 2. Das Globus-Toolkit Dietmar Bremser, Alexis Krepp, Tobias Rausch 3. Open Grid Services Architecture Lars Trieloff 4. Condor, Condor-G, Classad Stefan Henze, Kai K{\"o}hne 5. The Cactus Framework Thomas Hille, Martin Karlsch 6. High Performance Scheduler mit Maui/PBS Ole Weidner, J{\"o}rg Schummer, Benedikt Meuthrath 7. Bandbreiten-Monitoring mit NWS Alexander Ritter, Gregor H{\"o}fert 8. The Paradyn Parallel Performance Measurement Tool Jens Ulferts, Christian Liesegang 9. Grid-Applikationen in der Praxis Steffen Bach, Michael Blume, Helge Issel}, language = {de} } @book{MihahnSchnor2004, author = {Mihahn, Michael and Schnor, Bettina}, title = {Fault-Tolerant Grid Peer Services}, series = {Technischer Bericht}, journal = {Technischer Bericht}, publisher = {Universit{\"a}t Potsdam, Institut f{\"u}r Informatik}, address = {Potsdam}, issn = {0946-7580}, year = {2004}, language = {en} } @article{LuckowSchnor2005, author = {Luckow, Andr{\´e} and Schnor, Bettina}, title = {Migol : a Fault-Tolerant Service Framework for MPI Applications in the Grid}, isbn = {978-3-540-29009-4}, year = {2005}, abstract = {In a distributed, inherently dynamic Grid environment the reliability of individual resources cannot be guaranteed. The more resources and components are involved the more error-prone is the system. Therefore, it is important to enhance the dependability of the system with fault-tolerance mechanisms. In this paper, we present Migol, a fault-tolerant, self-healing Grid service infrastructure for MPI applications. The benefit of the Grid is that in case of a failure an application may be migrated and restarted from a checkpoint file on another site. This approach requires a service infrastructure which handles the necessary activities transparently for an application. But any migration framework cannot support fault-tolerant applications, if it is not fault-tolerant itself.}, language = {en} } @article{LuckowSchnor2006, author = {Luckow, Andr{\´e} and Schnor, Bettina}, title = {Migol : a Fault Tolerant Service Framework for Grid Computing : Evolution to WSRF (2006)}, year = {2006}, language = {en} } @article{LuckowSchnor2008, author = {Luckow, Andr{\´e} and Schnor, Bettina}, title = {Migol : a fault-tolerant service framework for MPI applications in the grid}, doi = {10.1016/j.future.2007.03.007}, year = {2008}, abstract = {Especially for sciences the provision of massive parallel CPU capacity is one of the most attractive features of a grid. A major challenge in a distributed, inherently dynamic grid is fault tolerance. The more resources and components involved, the more complicated and error-prone becomes the system. In a grid with potentially thousands of machines connected to each other the reliability of individual resources cannot be guaranteed.The benefit of the grid is that in case of a failure ail application may be migrated and restarted from a checkpoint file on another site. This approach requires a service infrastructure which handles the necessary activities transparently. In this article, we present Migol, a fault-tolerant and self-healing grid middleware for MPI applications. Migol is based on open standards and extends the services of the Globus toolkit to support the fault tolerance of grid applications.Further, the Migol framework itself is designed with special focus on fault tolerance. For example, Migol eplicates ritical services and uses a ring-based replication protocol to achieve data consistency. (c) 2007 Elsevier B.V. All rights reserved.}, language = {en} } @article{LuckowJhaKimetal.2009, author = {Luckow, Andre and Jha, Shantenu and Kim, Joohyun and Merzky, Andre and Schnor, Bettina}, title = {Adaptive distributed replica-exchange simulations}, issn = {1364-503X}, doi = {10.1098/rsta.2009.0051}, year = {2009}, abstract = {Owing to the loose coupling between replicas, the replica-exchange (RE) class of algorithms should be able to benefit greatly from using as many resources as available. However, the ability to effectively use multiple distributed resources to reduce the time to completion remains a challenge at many levels. Additionally, an implementation of a pleasingly distributed algorithm such as replica-exchange, which is independent of infrastructural details, does not exist. This paper proposes an extensible and scalable framework based on Simple API for Grid Applications that provides a general-purpose, opportunistic mechanism to effectively use multiple resources in an infrastructure-independent way. By analysing the requirements of the RE algorithm and the challenges of implementing it on real production systems, we propose a new abstraction (BIGJOB), which forms the basis of the adaptive redistribution and effective scheduling of replicas.}, language = {en} } @misc{LorenzKiekhebenSchnor2017, author = {Lorenz, Claas and Kiekheben, Sebastian and Schnor, Bettina}, title = {FaVe: Modeling IPv6 firewalls for fast formal verification}, series = {International Conference on Networked Systems (NetSys) 2017}, journal = {International Conference on Networked Systems (NetSys) 2017}, publisher = {IEEE}, address = {New York}, doi = {10.1109/NetSys.2017.7903956}, pages = {8}, year = {2017}, abstract = {As virtualization drives the automation of networking, the validation of security properties becomes more and more challenging eventually ruling out manual inspections. While formal verification in Software Defined Networks is provided by comprehensive tools with high speed reverification capabilities like NetPlumber for instance, the presence of middlebox functionality like firewalls is not considered. Also, they lack the ability to handle dynamic protocol elements like IPv6 extension header chains. In this work, we provide suitable modeling abstractions to enable both - the inclusion of firewalls and dynamic protocol elements. We exemplarily model the Linux ip6tables/netfilter packet filter and also provide abstractions for an application layer gateway. Finally, we present a prototype of our formal verification system FaVe.}, language = {en} } @article{LorenzClemensSchroetteretal.2022, author = {Lorenz, Claas and Clemens, Vera Elisabeth and Schr{\"o}tter, Max and Schnor, Bettina}, title = {Continuous verification of network security compliance}, series = {IEEE transactions on network and service management}, volume = {19}, journal = {IEEE transactions on network and service management}, number = {2}, publisher = {Institute of Electrical and Electronics Engineers}, address = {New York}, issn = {1932-4537}, doi = {10.1109/TNSM.2021.3130290}, pages = {1729 -- 1745}, year = {2022}, abstract = {Continuous verification of network security compliance is an accepted need. Especially, the analysis of stateful packet filters plays a central role for network security in practice. But the few existing tools which support the analysis of stateful packet filters are based on general applicable formal methods like Satifiability Modulo Theories (SMT) or theorem prover and show runtimes in the order of minutes to hours making them unsuitable for continuous compliance verification. In this work, we address these challenges and present the concept of state shell interweaving to transform a stateful firewall rule set into a stateless rule set. This allows us to reuse any fast domain specific engine from the field of data plane verification tools leveraging smart, very fast, and domain specialized data structures and algorithms including Header Space Analysis (HSA). First, we introduce the formal language FPL that enables a high-level human-understandable specification of the desired state of network security. Second, we demonstrate the instantiation of a compliance process using a verification framework that analyzes the configuration of complex networks and devices - including stateful firewalls - for compliance with FPL policies. Our evaluation results show the scalability of the presented approach for the well known Internet2 and Stanford benchmarks as well as for large firewall rule sets where it outscales state-of-the-art tools by a factor of over 41.}, language = {en} } @article{LiskeRebensburgSchnor2007, author = {Liske, Stefan and Rebensburg, Klaus and Schnor, Bettina}, title = {SPIT-Erkennung, -Bekanntgabe und -Abwehr in SIP-Netzwerken}, isbn = {978-3-540-69961-3}, year = {2007}, abstract = {SPAM ist in den letzten Jahren zur großten Bedrohung der E-Mail-Kommunikation herangewachsen - jedoch nicht nur auf diesen Kommunikationsweg beschrankt. Mit steigender Anzahl von VoIP-Anschl{\"u}ssen werden auch hier die teilnehmenden Benutzer mit SPAM-Anrufen (SPIT) konfrontiert werden. Neben derzeit diskutierten juristischen Maßnahmen m{\"u}ssen auch technische Abwehrmaßnahmen geschaffen werden, welche SPAM erkennen und vermeiden k{\"o}nnen. Dieser Beitrag stellt zwei Erweiterungen f{\"u}r das VoIP-Protokoll SIP vor, welche es erstens den Providern erm{\"o}glichen, SPIT-Einsch{\"a}tzungen {\"u}ber den Anrufer zum angerufenen Benutzer zu {\"u}bermitteln und zweitens den Angerufenen die M{\"o}glichkeit geben, mit einer Kostenanforderung auf potentielle SPIT-Anrufe zu reagieren.}, language = {de} } @article{LiangLiuLiuetal.2015, author = {Liang, Feng and Liu, Yunzhen and Liu, Hai and Ma, Shilong and Schnor, Bettina}, title = {A Parallel Job Execution Time Estimation Approach Based on User Submission Patterns within Computational Grids}, series = {International journal of parallel programming}, volume = {43}, journal = {International journal of parallel programming}, number = {3}, publisher = {Springer}, address = {New York}, issn = {0885-7458}, doi = {10.1007/s10766-013-0294-1}, pages = {440 -- 454}, year = {2015}, abstract = {Scheduling performance in computational grid can potentially benefit a lot from accurate execution time estimation for parallel jobs. Most existing approaches for the parallel job execution time estimation, however, require ample past job traces and the explicit correlations between the job execution time and the outer layout parameters such as the consumed processor numbers, the user-estimated execution time and the job ID, which are hard to obtain or reveal. This paper presents and evaluates a novel execution time estimation approach for parallel jobs, the user-behavior clustering for execution time estimation, which can give more accurate execution time estimation for parallel jobs through exploring the job similarity and revealing the user submission patterns. Experiment results show that compared to the state-of-art algorithms, our approach can improve the accuracy of the job execution time estimation up to 5.6 \%, meanwhile the time that our approach spends on calculation can be reduced up to 3.8 \%.}, language = {en} }