Comparative Study of Containment Strategies in Solaris and Security Enhanced Linux

Eriksson, Magnus, Palmroos, Staffan

January 2007

To minimize the damage in the event of a security breach it is desirable to limit the privileges of remotely available services to the bare minimum and to isolate the individual services from the rest of the operating system. To achieve this there is a number of different containment strategies and process privilege security models that may be used. Two of these mechanisms are Solaris Containers (a.k.a. Solaris Zones) and Type Enforcement, as implemented in the Fedora distribution of Security Enhanced Linux (SELinux). This thesis compares how these technologies can be used to isolate a single service in the operating system. As these two technologies differ significantly we have examined how the isolation effect can be achieved in two separate experiments. In the Solaris experiments we show how the footprint of the installed zone can be reduced and how to minimize the runtime overhead associated with the zone. To demonstrate SELinux we create a deliberately flawed network daemon and show how this can be isolated by writing a SELinux policy. We demonstrate how both technologies can be used to achieve isolation for a single service. Differences between the two technologies become apparent when trying to run multiple instances of the same service where the SELinux implementation suffers from lack of namespace isolation. When using zones the administration work is the same regardless of the services running in the zone whereas SELinux requires a separate policy for each service. If a policy is not available from the operating system vendor the administrator needs to be familiar with the SELinux policy framework and create the policy from scratch. The overhead of the technologies is small and is not a critical factor for the scalability of a system using them.

Solaris Zones

Solaris Containers

SELinux

containment strategies

virtualization

Computer Sciences

Datavetenskap (datalogi)

“Women, you know that women they are very easy to deceive … ” : understandings of women's role in witchcraft-related violence among community groups and social workers in southern Nigeria and handling of such violence.

Mark, Faith

January 2017

This study aims to explore how social workers and community groups in southern Nigeria understand and interpret women's roles in witchcraft related violence and the implications those views have on the handling of such violence. This topic is of relevance for social work since knowledge about this problem can increase the awareness of violence and its implications when meeting clients that are exposed to it.     The study was conducted with an ethnographical approach using a combination of participant observations, semi structured and un-structured forms of interviews’ and seven focus group discussions. Four of the focus groups consisted of social workers who work with empowerment and advocacy for women and girls in Edo-state. The other three were made up of locals in a suburb of Benin City. In this study, I used Clifford Geertz (1973) interpretive anthropology as a comprehensive theory in analysing the results and the theoretical concepts from Mann Huyng Hurs (2006) theory on stages of Empowerment; an existing social disturbance, Conscientizing, Mobilizing, Maximizing and creating a new order. The results of this study show that understandings and interpretations of women’s role in witchcraft-related violence by the participating social workers and community members influences their views on what is to be considered violence and who are to be considered victims. Their views also influence their containment strategies and approaches on how to handle this violence.

Social workers

Community groups

Women

Witchcraft

Violence

Understanding

Containment strategies

Social Work

Socialt arbete

Computer Virus Spread Containment Using Feedback Control.

Yelimeli Guruprasad, Arun

12 1900

In this research, a security architecture based on the feedback control theory has been proposed. The first loop has been designed, developed and tested. The architecture proposes a feedback model with many controllers located at different stages of network. The controller at each stage gives feedback to the one at higher level and a decision about network security is taken. The first loop implemented in this thesis detects one important anomaly of virus attack, rate of outgoing connection. Though there are other anomalies of a virus attack, rate of outgoing connection is an important one to contain the spread. Based on the feedback model, this symptom is fed back and a state model using queuing theory is developed to delay the connections and slow down the rate of outgoing connections. Upon implementation of this model, whenever an infected machine tries to make connections at a speed not considered safe, the controller kicks in and sends those connections to a delay queue. Because of delaying connections, rate of outgoing connections decrease. Also because of delaying, many connections timeout and get dropped, reducing the spread. PID controller is implemented to decide the number of connections going to safe or suspected queue. Multiple controllers can be implemented to control the parameters like delay and timeout. Control theory analysis is performed on the system to test for stability, controllability, observability. Sensitivity analysis is done to find out the sensitivity of the controller to the delay parameter. The first loop implemented gives feedback to the architecture proposed about symptoms of an attack at the node level. A controller needs to be developed to receive information from different controllers and decision about quarantining needs to be made. This research gives the basic information needed for the controller about what is going on at individual nodes of the network. This information can also be used to increase sensitivity of other loops to increase the effectiveness of feedback architecture.

Computer viruses.

Feedback control systems.

Computer security.

PID

feedback

worm

containment

Měření těsnosti hermetických prostor na JE / Tightness measurement of hermetic compartments in NPP

Sklenár, Ondrej

January 2011

This diploma thesis deals with measuring the tightness of the hermetic area of nuclear power plant in the way of improving safety. Describes the layout and function of this area - the primary circuit of NPP with WWER 440/213 reactors, as well as methodology for leakage search and leakage calculation procedures. Personal contribution to the issue is a proposal improving tightness of the current state in hermetic area of NPP Jaslovské Bohunice – transition of jacketed pipe designed to collect water from the floor in the box of the steam generator to the heat exchanger of the shower system. This system belongs to the safety system designed to reduce pressure in the LOCA type of accident.

Modely a analýzy v kontejnmentovém systému s potlačením tlaku při haváriích s únikem chladiva / Models and analysis of the pressure suppression system containment, during the loss of coolant accidents

Studýnka, Radim

January 2014

This diploma thesis deals with a pressure suppression system containment during the loss of coolant accidents. It is focused on the containment systems of the nuclear power plants with VVER-440/V-213 reactors. There is described the process of loss of coolant accident. There was designed input model which consists of the zones representing the areas which are connected with junctions and heat structures. Were then selected input parameters for the model calculations. And finally, there have been several calculations for the selected parameters.

Comparison and Implementation of Query Containment Algorithms for XPath / Jämförelse och implementation av Query Containment-algoritmer för XPath

Wåreus, Linus, Wällstedt, Max

January 2016

This thesis investigates the practical aspects of implementing Query Containment algorithms for the query language XPath. Query Containment is the problem to decide if the results of one query are a subset of the results of another query for any database. Query Containment algorithms can be used for the purpose of optimising the querying process in database systems. Two algorithms have been implemented and compared, The Canonical Model and The Homomorphism Technique. The algorithms have been compared with respect to speed, ease of implementation, accuracy and usability in database systems. Benchmark tests were developed to measure the execution times of the algorithms on a specific set of queries. A simple database system was developed to investigate the performance gain of using the algorithms. It was concluded that The Homomorphism Technique outperforms The Canonical Model in every test case with respect to speed. The Canonical Model is however more accurate than The Homomorphism Technique. Both algorithms were easy to implement, but The Homomorphism Technique was easier. In the database system, there was performance to be gained by using Query Containment algorithms for a certain type of queries, but in most cases there was a performance loss. A database system that utilises Query Containment algorithms for optimisation would for every issued query have to evaluate if such an algorithm should be used. / Denna rapport undersöker de praktiska aspekterna av att implementera Query Containment-algoritmer för queryspråket XPath. Query Containment är problemet att avgöra om resultaten av en query är en delmängd av resultaten av en annan query, oavsett databas. Query Containment-algoritmer kan användas för ändamålet att optimera queryingprocessen i databassystem. Två algoritmer har implementerats och jämförts, The Canonical Model och The Homomorphism Technique. Algoritmerna har jämförts med avseende på hastighet, lätthet att implementera, exakthet och användbarhet i riktiga databassystem. Prestandatester utvecklades för att mäta exekveringstider för algoritmerna på specifikt framtagna queries. Ett enkelt databassystem utvecklades för att undersöka prestandavinsten av att använda algoritmerna. Slutsatsen att The Homomorphism Technique presterar bättre än The Canonical Model i samtliga testfall med avseende på hastighet drogs. The Canonical Model är dock mer exakt än The Homomorphism Technique. Båda algoritmerna var lätta att implementera, men The Homomorphism Technique var lättare. I databassystemet fanns det en prestandavinst i att använda Query Containment-algoritmer för en viss typ av queries, men i de flesta fall var det en prestandaförlust. Ett databassystem som använder Query Containment-algoritmer för optimering bör för varje query avgöra om en sådan algoritm ska användas.

Query Containment

XPath

Implementation

The Canonical Model

The Homomorphism Technique

Computer Sciences

Datavetenskap (datalogi)

Containment Strategy Formalism in a Probabilistic Threat Modelling Framework / Formalisering av inneslutningstrategier i ett ramverk för probabilistisk hotmodellering

Fahlander, Per

January 2021

Background - Foreseeing, mitigating and preventing cyber-attacks is more important than ever before. Advances in the field of probabilistic threat modelling can help organisations understand their own resilience profile against cyber-attacks. Previous research has proposed MAL, a meta language for capturing the attack logic of a considered domain and running attack simulations in a depicted model of the defender’s system. While this modality is already somewhat established, less is known about how to proactively model containment protocols for when an incident already has occurred. Purpose - By proposing a formalism for how to describe and reason about containment in a MAL-based system-specific model, this study aims to bridge the divide between probabilistic threat modelling and the containment phase in the incident response life-cycle. The main issues are how to formalise containment as well as how to reason about selecting the most beneficial strategy for a considered model. Method - The study firstly sets out to identify practical instances of incident containment in the literature. Then, some of these incidents and respective containment items will be encoded with a novel methodology. A containment strategy selection algorithm will be proposed that guides containment decisions by working with the encoded constructs and a system-specific model. Finally, the encoded items will be verified and the algorithm validated through example scenarios.  Result & Analysis - The verification tests showed that all implementations of encoded constructs yielded results according to expectation. Validity tests also indicated that the algorithm endorsed the correct solution to a significant extent. The null hypothesis, being that the number of correctly predicted containment strategies could be explained strictly by coincidence, was namely rejected by two validity tests with respective p-values of 8:2. 10-12 and 2:9 . 10-17, both < 0:05. Conclusion - The study demonstrates a viable methodology for describing and reasoning about containment of incidents in a MAL-based framework. This was indicated by verification and validity testing that confirmed the correctness of the incident and containment action implementations as well as that the propensity for the algorithm to favour containment strategies that align with human reasoning. / Bakgrund - Att förutse, mildra och förebygga cyberattacker är viktigare än någonsin tidigare. Framsteg inom området kring probabilistisk hotmodellering kan hjälpa organisationer att förstå sin egen motståndskraft mot cyber-attacker. Tidigare forskning har introducerat MAL, ett metaspråk för att fånga attacklogik inom en betraktad domän och köra attack simuleringar i en avbildad model av försvararens system. Medan denna modalitet redan är hyfsat etablerad är det mindre känt hur man aktivt kan modellera inneslutningsprotokoll för tillfällen då en incident redan har inträffat. Syfte - Genom att introducera en formalism för att beskriva och resonera om inneslutningsåtgärder givet en MAL-baserade system-specifika modell hoppas den här studien sammanlänka probabilistisk hotmodellering med inneslutningsfasen inom livscykeln för incidenthantering. Studien arbetar med hur man kan formalisera inneslutningsåtgärder samt hur man kan resonera för att välja den mest fördelaktiga strategin givet en modell. Metod - Studien syftar först till att identifiera praktiska exempel på inneslutning av incidenter i litteraturen. Därefter formaliseras några av dessa exempel på incidenter och inneslutningsåtgärder med en ny metod. En algoritm för att välja bland dessa inneslutningsåtgärder kommer också att introduceras. Slutligen kommer de formaliserade incidenterna och inneslutningsåtgärderna att verifieras samt algoritmen att valideras. Resultat & Analys - Verifieringstesterna visade att alla implementationer gav upphov till resultat som stämde med förväntningarna. Giltighetstester visade också att algoritmen i betydande grad valde rätt lösning. Nollhypotesen, d.v.s. att antalet korrekt förutsagda inneslutningsstrategier kunde förklaras strikt av slumpen, avvisades av två giltighetstester med respektive p-värden på 8; 2 . 10-12 och 2; 9 . 10-17, båda < 0; 05. Slutsats - Studien demonstrerar en realistisk metod för att beskriva och resonera kring inneslutning av incidenter i ett MAL-baserat ramverk. Verifikationstesterna bekräftade att implementationerna av incidenter och inneslutningsåtgärder var korrekta. Giltighetstesterna visade även att algoritmen valde inneslutningsstrategier som stämmer överens med mänskligt omdöme i en signifikant utsträckning.

mal

corelang

incident response

containment

threat modelling

Computer Sciences

Datavetenskap (datalogi)

On case-based learnability of languages

Globig, Christoph, Jantke, Klaus P., Lange, Steffen, Sakakibara, Yasubumi

17 January 2019

Case-based reasoning is deemed an important technology to alleviate the bottleneck of knowledge acquisition in Artificial Intelligence (AI). In case-based reasoning, knowledge is represented in the form of particular cases with an appropriate similarity measure rather than any form of rules. The case-based reasoning paradigm adopts the view that an Al system is dynamically changing during its life-cycle which immediately leads to learning considerations. Within the present paper, we investigate the problem of case-based learning of indexable classes of formal languages. Prior to learning considerations, we study the problem of case-based representability and show that every indexable class is case-based representable with respect to a fixed similarity measure. Next, we investigate several models of case-based learning and systematically analyze their strengths as well as their limitations. Finally, the general approach to case-based learnability of indexable classes of formal languages is prototypically applied to so-called containmet decision lists, since they seem particularly tailored to case-based knowledge processing.

info:eu-repo/classification/ddc/006.3

ddc:006.3

Particle orbits and diffusion in torsatrons

Potok, Robert Edward

January 1980

Thesis (Sc.D.)--Massachusetts Institute of Technology, Dept. of Nuclear Engineering, 1980. / MICROFICHE COPY AVAILABLE IN ARCHIVES AND SCIENCE. / Includes bibliographical references. / by Robert Edward Potok. / Sc.D.

Nuclear Engineering.

Fusion reactors

Nuclear reactors Containment

Plasma confinement

Particles (Nuclear physics)

Preferential Arrangement Containment in Strict Superpatterns

Liendo, Martha Louise

05 May 2012

Most results on pattern containment deal more directly with pattern avoidance, or the enumeration and characterization of strings which avoid a given set of patterns. Little research has been conducted regarding the word size required for a word to contain all patterns of a given set of patterns. The set of patterns for which containment is sought in this thesis is the set of preferential arrangements of a given length. The term preferential arrangement denotes strings of characters in which repeated characters are allowed, but not necessary. Cardinalities for sets of all preferential arrangements of given lengths and alphabet sizes are found, as well as cardinalities for sets where reversals fall into the same equivalence class and for sets in higher dimensions. The minimum word length and the word length necessary for a strict superpattern to contain all preferential arrangements for alphabet sizes two and three are also detailed.

preferential arrangements

superpatterns

pattern containment

Discrete Mathematics and Combinatorics

Mathematics

Physical Sciences and Mathematics