[show abstract][hide abstract] ABSTRACT: The present paper refers to the development of two repositories with quite different characteristics: the interdisciplinary institutional repository of the National Hellenic Research Foundation (Helios) and the Pandektis repository containing content from the fields of Humanities and cultural heritage content. Facts regarding the material included in the repositories are provided and several aspects of the repositories implementation are selectively presented. Issues that receive particular attention are certain extensions to the DSpace software platform that have been implemented (name authority control, advanced search functions, object linking, etc) as well as the development and maintenance of the systems infrastructure required for repository operation.
[show abstract][hide abstract] ABSTRACT: One of the most serious security threats in the Internet today are the Distributed Denial of Service (DDoS) attacks, due to the significant service disruption they can create and the difficulty to prevent them. The aim of the DDoS attacks is the disruption of services by attempting to limit access to a machine or service instead of subverting the service itself. The difficulty in the prevention is due to design decisions of the Internet that created an open resource access model emphasizing on functionality and simplicity, but not on security. In this thesis, we propose two new provider-based, deterministic packet marking models that can be used to characterize DDoS attack streams. Such common characterization can be used to make filtering at the destination-end provider more effective. In this direction we propose a rate control scheme that protects destination domains by limiting the amount of traffic during an attack, while leaving a large percentage of legitimate traffic unaffected. The above features enable providers to offer enhanced security protection against such attacks as a value-added service to their customers, hence offer positive incentives for them to deploy the proposed models. Furthermore, we propose an anti-spoofing mechanism that uses the proposed models to build a mapping table that can be used as a fast way to filter spoofed packets and a mechanism for detecting and filtering false marking attacks. Finally, we discuss approaches based on the proposed models for detecting DDoS attacks. We quantitatively evaluate the proposed marking models using a snapshot of the actual Internet topology, in terms of the achieved differentiation of attack traffic and legitimate traffic in cases of full and partial deployment, for different sizes of providers and for IPv4 and IPv6 protocols. Furthermore, we qualitatively evaluate the proposed models in terms of the desired properties that a defense model must has. Finally, we propose an elaborate metric for evaluating defense models, that can capture factors such as the usage of services and the priorities of the provider that deploys the defense model.