INVESTIGATING ESCAPE VULNERABILITIES IN CONTAINER RUNTIMES

Michael J Reeves (10797462)

14 May 2021

Container adoption has exploded in recent years with over 92% of companies using containers as part of their cloud infrastructure. This explosion is partly due to the easy orchestration and lightweight operations of containers compared to traditional virtual machines. As container adoption increases, servers hosting containers become more attractive targets for adversaries looking to gain control of a container to steal trade secrets, exfiltrate customer data, or hijack hardware for cryptocurrency mining. To control a container host, an adversary can exploit a vulnerability that enables them to escape from the container onto the host. This kind of attack is termed a “container escape” because the adversary is able to execute code on the host from within the isolated container. The vulnerabilities which allow container escape exploits originate from three main sources: (1) container profile misconfiguration, (2) the host’s Linux kernel, and (3) the container runtime. While the first two cases have been studied in the literature, to the best of the author’s knowledge, there is, at present, no work that investigates the impact of container runtime vulnerabilities. To fill this gap, a survey over container runtime vulnerabilities was conducted investigating 59 CVEs for 11 different container runtimes. As CVE data alone would limit the investigation analysis, the investigation focused on the 28 CVEs with publicly available proof of concept (PoC) exploits. To facilitate this analysis, each exploit was broken down into a series of high-level commands executed by the adversary called “steps”. Using the steps of each CVE’s corresponding exploit, a seven-class taxonomy of these 28 vulnerabilities was constructed revealing that 46% of the CVEs had a PoC exploit which enabled a container escape. Since container escapes were the most frequently occurring category, the nine corresponding PoC exploits were further analyzed to reveal that the underlying cause of these container escapes was a host component leaking into the container. This survey provides new insight into system vulnerabilities exposed by container runtimes thereby informing the direction of future research.

Applied Computer Science

Computer System Security

containers

Container Runtime,

Security

vulnerability survey

CVE survey

Gender and Contextual Perspective in Countering Violent Extremism (CVE): Examining Inclusion of Women and Contextual Factors in Online Approaches to CVE

Theuri, Naomi

January 2017

A holistic approach to Counter Violent Extremism (CVE) in the Internet Environment and Social Media is essential. This thesis focuses on gender and context consideration in online approaches to CVE through use of a literature review and samples of online counter-narrative campaigns. This has led to determination of the extent to which gender and context have been considered in online approaches to CVE and identifying what they mean for CVE online, while highlighting full participation of women in online approaches that are aimed at countering violent extremism as well as the critical role of contextual factors in online approaches to CVE. In addition, the thesis shows that more research is needed to fill the gaps identified. These gaps are the role of women in online CVE campaigns as well as contextual factors that are associated to violent extremism. More so, online narratives should be all rounded since this study found that CVE narratives have failed to identify a predictable psychosocial trajectory to explain de-radicalization processes that are crucial to disengage radicals.

Context

Counter-narratives

Criminology

Gender

Radicalization Theory

Social Sciences

Samhällsvetenskap

The Terror Experts: Discourse, discipline, and the production of terrorist subjects at a university research center

McLean, Liam Christopher

21 December 2018

No description available.

Cultural Anthropology

Higher Education

terrorism

counterterrorism

terrorism expertise

security

CVE

radicalization

universities

boundary objects

boundary work

Mobile Collaborative Virtual Environments: A Paradigm Shift from Desktop to Mobile Online Communities

Farooq, Umer

13 January 2003

There are myriad examples of virtual communities and environments available for collaborative activities. However, most of these environments are confined to the desktop and thus preclude collaboration while users are on the move. Through a scenario-based design process, this article establishes the importance of mobile collaborative environments that are readily accessible for users on mobile devices. The element of mobile accessibility for collaborative environments renders them ubiquitous—they can be used anywhere and at any time. A working prototype is then presented that has been developed to supplement an existing desktop-based online virtual community. The prototype illustrates a generic, extensible and platform-independent architecture for translating a desktop collaborative environment into a mobile system. Based on the prototype, we also foresee its application for users in fieldwork settings, particularly for learning and educational activities of teachers, students, and peers through collaboration in a distributed environment. / Master of Science

Mobile Education (M-Education)

Toward a system for design collaboration that supports interaction and information sharing

Lee, Seunghyun

18 May 2009

This thesis presents two empirical studies of four pairs of design students collaborating on two small products design sessions in both face-to-face and distributed settings while using computer-mediated communication (CMC) technologies and a Collaborative Virtual Environment (CVE). To gain insight about the way designers communicate and collaborate, the observation focused on how much time the students worked "together" and "individually" in the design process. Each design process was video recorded and analyzed with a video analysis software Observer XT. The first study shows that both teams worked together to arrive at a design concept then they divided the work for each person to work independently (either the 3D modeling task or the 2D graphic task) to produce the final design. Teams worked together less than fifty percent of the overall work time because they could not share design information effectively using the computing technology tools on the collaborative design process. Findings of the first study suggested plausible design criteria for communication tools for distributed collaboration that supports interaction and sharing design information. The second study used the same methodology and experimental procedures as those used in study. However, participants were provided a shared tool such as NetMeeting Whiteboard and Shared program that support shared sketching abilities or shared viewing of 3D objects. The study shows that teams spent more time working together when using programs that support shared sketching abilities or shared viewing of 3D objects. The shared program and the whiteboard function from NetMeeting helped the design teams to share more information. Participants commented that this program helped facilitate the collaborative process by enabling them each to perform multiple tasks such as talking with their teammates and observing 3D object in a shared view at the same time. Participants also reported that they found the distributed setting a more engaging environment to work with teammates because they were "forced to be engaged" and "forced to communicate better," and that they "concentrated more using hand gestures on camera." Although two studies showed that current CVE (Unreal) did not lead to effective collaboration, several potential features such as creating virtual mock-ups for the brainstorming within a virtual environment were introduced. Participants consider real time 3D visualization effective in the design process and thus very promising in the collaborative setting if they can share ideas easily within a 3D virtual environment.

CVE

CMC

Computer-supported collaborative design

Design collaboration

Industrial design Social aspects

Teams in the workplace

Group work in research

Groupware (Computer software)

CRAbCVE- Uma arquitetura para viabilização de CVEs através da Internet / CRAbCVE- An Architecture for CVEs through the Internet

Gomes, George Allan Menezes

January 2005

GOMES, George Allan Menezes. CRAbCVE- Uma arquitetura para viabilização de CVEs através da Internet. 2005. 184 f. Dissertação (Mestrado em ciência da computação)- Universidade Federal do Ceará, Fortaleza-CE, 2005. / Submitted by Elineudson Ribeiro (elineudsonr@gmail.com) on 2016-07-11T16:25:59Z No. of bitstreams: 1 2005_dis_gamgomes.pdf: 4975181 bytes, checksum: 1f5070528d52778cc7956833013d5af3 (MD5) / Approved for entry into archive by Rocilda Sales (rocilda@ufc.br) on 2016-07-18T13:38:20Z (GMT) No. of bitstreams: 1 2005_dis_gamgomes.pdf: 4975181 bytes, checksum: 1f5070528d52778cc7956833013d5af3 (MD5) / Made available in DSpace on 2016-07-18T13:38:20Z (GMT). No. of bitstreams: 1 2005_dis_gamgomes.pdf: 4975181 bytes, checksum: 1f5070528d52778cc7956833013d5af3 (MD5) Previous issue date: 2005 / Although the complexities of many tasks encountered in modern societies require the join effort of groups of people in order to be accomplished, cooperative work is still a difficult job. Usually the difficulties arise due to lack of appropriate coordination, poor definition of the context in which the activities are to be performed individually or in group; thus, generating redundancies, inconsistencies and contradictions within the workgroup. In order to overcome these problems, a new field of research, called Computer Supported Cooperative Work (CSCW), was created to seek means of properly supporting work groups. Despite the favorable results achieved by CSCW, thus far, tools that provide a high level of interaction among the group members and the leaders of sub-groups are still not satisfactory. The use of virtual reality within cooperative systems allows the interactions among participants to be highly spontaneous, because, in virtual environments, communication by means of image, text and audio is possible. The Collaborative Virtual Environments (CVEs), which employ shared virtual reality technology, have proved to possess great potential for collaborative work. Therefore, collaborative virtual environments have been developed taking into consideration the results obtained by CSCW research. Nonetheless, developing CVEs is complicated, since they demand a great deal of resources, and need to incorporate concepts and recommendations from several research fields, such as Virtual Reality (VR), Computer Supported Cooperative Work and l Distributed Computing. The main objective of this dissertation is to design a generic architecture (CRAbCVE) for allowing distribution of several collaborative virtual environments within a network of servers on the Internet. This architecture defines specialized components, capable of distributing the processing that takes place in the CVE, thus obtaining a great computational power at low costs. Another important objective is the specification of a Model of Authorship in CVEs (MAC) for helping to integrate the CRAbCVE architecture into the framework of collaborative work. All models proposed herein have been incorporated into a prototype system and a simple case study has been analyzed. / A complexidade das tarefas do mundo atual requer cada vez mais a cooperação das pessoas para sua execução. Entretanto cooperar não é uma tarefa fácil, e, muitas vezes, por falta de coordenação adequada ou por uma definição pobre do contexto em que as atividades dos participantes individualmente ou do grupo serão realizadas, são geradas redundâncias, inconsistências e contradições dentro do trabalho em grupo. Para evitar esses problemas, a área de CSCW (Computer Supported Cooperative Work) vem buscando meios de suportar adequadamente o trabalho em equipe. Apesar dos bons resultados alcançados pela área de CSCW, o principal obstáculo enfrentado pelos seus desenvolvedores é fornecer interatividade a suas aplicações. O uso de realidade virtual em sistemas cooperativos permite aos participantes interagirem com o mais alto grau de naturalidade, pois através do ambiente virtual é possível a comunicação por meio de imagem, texto e áudio. Os CVEs (Collaborative Virtual Environments) fazem uso da tecnologia de realidade virtual distribuída e apresentam grande potencial para o suporte ao trabalho colaborativo. Por conseguinte, esses ambientes virtuais colaborativos têm sido desenvolvidos, levando em consideração os resultados obtidos na área de CSCW. Entretanto, desenvolver CVEs é uma tarefa complicada, pois eles são grandes consumidores de recursos, e precisam incorporar conceitos e recomendações de várias áreas de pesquisa, como a de Realidade Virtual (RV), a de Trabalho Colaborativo Assistido por Computador (CSCW) e a de Sistemas Computacionais Distribuídos. O principal objetivo dessa dissertação é a definição de uma arquitetura de uso genérico, a CRAbCVE, projetada para viabilizar vários Ambientes virtuais colaborativos (CVEs) distribuídos em uma rede de servidores na Internet. Essa arquitetura define componentes especializados, capazes de distribuir, através da Internet, o processamento de todo o CVE; obtendo-se, assim, um grande poder computacional a um baixo custo. Outro importante objetivo é a definição do modelo MAC (Modelo de Autoria em CVEs), que visa auxiliar o emprego da arquitetura CRAbCVE no trabalho colaborativo. Os modelos propostos foram incorporados em um sistema protótipo e um estudo de caso simples foi analisado.

Ciência da computação

Colaboração Assistida por Computador

Realidade Virtual

Sistemas Distribuídos

Contribution attended for computer

Deterring violent extremism in America by utilizing good counter-radicalization practices from abroad: a policy perspective

Bonanno, Amy Fires

03 1900

Approved for public release; distribution is unlimited / The problem of violent extremism is approaching a critical point in America. American government and community leaders must find an effective approach to deterring violent extremism immediately. A national and comprehensive approach to deter violent extremism in America is currently lacking. This comparative policy perspective seeks to determine whether the United Kingdom and Australia have good practices to deter violent extremism that can be useful in America. Secondly, this thesis also seeks to determine whether the United States can implement potential good practices to deter violent extremism. After a thorough review of the issue of violent extremism in America, this thesis studies similar background, research, and violent extremism issues in the United Kingdom and Australia. This thesis concludes that a variety of good practices in the United Kingdom and Australia can counter radicalize and deter violent extremists in America. The findings and recommendations from this research include challenges and a way forward to implement certain potential best practices for the United States. The arguments offer viable options and alternatives that the United States should consider when creating a national deterring-violent-extremism strategy. The details and information regarding understanding and implementing good practices to deter violent extremism in America are contained in this thesis. / Major, New York Army National Guard, Latham, New York

countering/counter-violent extremism

deterring violent extremism

counter-radicalization

country study

CVE

DVE

deterrence

policy perspective

good practices

terrorism

anti-terrorism

approach

Europe

CRAbCVE- Uma arquitetura para viabilização de CVEs através da Internet / CRAbCVE- An Architecture for CVEs through the Internet

Gomes, George Allan Menezes

January 2005

GOMES, George Allan Menezes. CRAbCVE- Uma arquitetura para viabilização de CVEs através da Internet. 2005. 170 f. : Dissertação (mestrado) - Universidade Federal do Ceará, Centro de Ciências, Departamento de Computação, Fortaleza-CE, 2005. / Submitted by guaracy araujo (guaraa3355@gmail.com) on 2016-06-30T19:31:13Z No. of bitstreams: 1 2005_dis_gamgomes.pdf: 4975181 bytes, checksum: 1f5070528d52778cc7956833013d5af3 (MD5) / Approved for entry into archive by guaracy araujo (guaraa3355@gmail.com) on 2016-06-30T19:32:25Z (GMT) No. of bitstreams: 1 2005_dis_gamgomes.pdf: 4975181 bytes, checksum: 1f5070528d52778cc7956833013d5af3 (MD5) / Made available in DSpace on 2016-06-30T19:32:25Z (GMT). No. of bitstreams: 1 2005_dis_gamgomes.pdf: 4975181 bytes, checksum: 1f5070528d52778cc7956833013d5af3 (MD5) Previous issue date: 2005 / Although the complexities of many tasks encountered in modern societies require the join effort of groups of people in order to be accomplished, cooperative work is still a difficult job. Usually the difficulties arise due to lack of appropriate coordination, poor definition of the context in which the activities are to be performed individually or in group; thus, generating redundancies, inconsistencies and contradictions within the workgroup. In order to overcome these problems, a new field of research, called Computer Supported Cooperative Work (CSCW), was created to seek means of properly supporting work groups. Despite the favorable results achieved by CSCW, thus far, tools that provide a high level of interaction among the group members and the leaders of sub-groups are still not satisfactory. The use of virtual reality within cooperative systems allows the interactions among participants to be highly spontaneous, because, in virtual environments, communication by means of image, text and audio is possible. The Collaborative Virtual Environments (CVEs), which employ shared virtual reality technology, have proved to possess great potential for collaborative work. Therefore, collaborative virtual environments have been developed taking into consideration the results obtained by CSCW research. Nonetheless, developing CVEs is complicated, since they demand a great deal of resources, and need to incorporate concepts and recommendations from several research fields, such as Virtual Reality (VR), Computer Supported Cooperative Work and l Distributed Computing. The main objective of this dissertation is to design a generic architecture (CRAbCVE) for allowing distribution of several collaborative virtual environments within a network of servers on the Internet. This architecture defines specialized components, capable of distributing the processing that takes place in the CVE, thus obtaining a great computational power at low costs. Another important objective is the specification of a Model of Authorship in CVEs (MAC) for helping to integrate the CRAbCVE architecture into the framework of collaborative work. All models proposed herein have been incorporated into a prototype system and a simple case study has been analyzed. / A complexidade das tarefas do mundo atual requer cada vez mais a cooperação das pessoas para sua execução. Entretanto cooperar não é uma tarefa fácil, e, muitas vezes, por falta de coordenação adequada ou por uma definição pobre do contexto em que as atividades dos participantes individualmente ou do grupo serão realizadas, são geradas redundâncias, inconsistências e contradições dentro do trabalho em grupo. Para evitar esses problemas, a área de CSCW (Computer Supported Cooperative Work) vem buscando meios de suportar adequadamente o trabalho em equipe. Apesar dos bons resultados alcançados pela área de CSCW, o principal obstáculo enfrentado pelos seus desenvolvedores é fornecer interatividade a suas aplicações. O uso de realidade virtual em sistemas cooperativos permite aos participantes interagirem com o mais alto grau de naturalidade, pois através do ambiente virtual é possível a comunicação por meio de imagem, texto e áudio. Os CVEs (Collaborative Virtual Environments) fazem uso da tecnologia de realidade virtual distribuída e apresentam grande potencial para o suporte ao trabalho colaborativo. Por conseguinte, esses ambientes virtuais colaborativos têm sido desenvolvidos, levando em consideração os resultados obtidos na área de CSCW. Entretanto, desenvolver CVEs é uma tarefa complicada, pois eles são grandes consumidores de recursos, e precisam incorporar conceitos e recomendações de várias áreas de pesquisa, como a de Realidade Virtual (RV), a de Trabalho Colaborativo Assistido por Computador (CSCW) e a de Sistemas Computacionais Distribuídos. O principal objetivo dessa dissertação é a definição de uma arquitetura de uso genérico, a CRAbCVE, projetada para viabilizar vários Ambientes virtuais colaborativos (CVEs) distribuídos em uma rede de servidores na Internet. Essa arquitetura define componentes especializados, capazes de distribuir, através da Internet, o processamento de todo o CVE; obtendo-se, assim, um grande poder computacional a um baixo custo. Outro importante objetivo é a definição do modelo MAC (Modelo de Autoria em CVEs), que visa auxiliar o emprego da arquitetura CRAbCVE no trabalho colaborativo. Os modelos propostos foram incorporados em um sistema protótipo e um estudo de caso simples foi analisado

Ciência da computação

ColaboraçãoaAssistida por computador

Realidade Virtual

Sistemas distribuídos

Contribution attended for computer

Virtual reality

Distributed systems

La volonté du public à contacter le Centre de prévention de la radicalisation menant à la violence : une analyse des enjeux à la recherche d’aide pour un proche radicalisé

Chevrette, Rosalie

12 1900

Les communautés sont des acteurs de premier plan dans les efforts de prévention de la radicalisation. En effet, la famille et les amis sont parmi les premiers à pouvoir observer certains comportements laissant présager l’adhésion à une forme d’extrémisme violent. Néanmoins, nous n’en savons encore que très peu quant au point de vue des communautés relativement au fait de contacter une ressource formelle ou informelle pour un cas de radicalisation. Cette étude s’intéresse alors à mieux comprendre les enjeux qui influencent la volonté de contacter le Centre de prévention de la radicalisation menant à la violence (CPRMV), un organisme indépendant de la police, pour un proche dans une situation de radicalisation. Pour ce faire, nous avons réalisé des entretiens et des focus group menés auprès de 29 individus habitant le Grand Montréal et s’identifiant soit en tant que Québécois, Juif, Musulman, Latino-Américain ou Africain. Les résultats suggèrent la présence d’une multitude d’enjeux à la prise de contact avec une ressource ; certains ayant été identifiés par la majorité des participants, alors que d’autres semblent être plutôt propres à une communauté particulière. Parmi les résultats partagés par l’ensemble des répondants, il a été possible d’observer que la méconnaissance des ressources disponibles et la crainte des répercussions apparaissent comme des enjeux centraux. De plus, les résultats suggèrent que les participants entrevoient la radicalisation comme un phénomène essentiellement lié à l’islam, ce qui pourrait être expliqué par l’influence des représentations véhiculées par les médias, et qui pourrait conséquemment avoir une incidence sur la manière de comprendre et d’identifier un cas de radicalisation. Enfin, la zone grise que représentent les comportements associés à la radicalisation semble poser problème dans l’évaluation de la gravité de la situation et ultimement la décision de faire appel à une ressource d’aide, telle que le CPRMV, ou à la police. / Communities are key players in efforts to prevent radicalization. In fact, family members and friends are among the first to observe changes or early signs suggesting that someone might be heading toward a form of violent extremism. Yet, we still know very little about communitybased views on reaching out to a formal or informal resource regarding a possible case of radicalization. This study seeks to better understand the issues that influence the willingness to contact the Center for the Prevention of Radicalization leading to Violence (CPRLV), a Montreal-based independent organization. For this purpose, we conducted interviews and focus groups with 29 individuals living in Greater Montreal, who self-identify as Quebecers or as Jewish, Muslim, Latin American or African. The results suggest the presence of a multitude of issues inhibiting reaching out to a specific resource; while some have been identified by most participants, others seem to be rather specific to a community. Among the results shared by all respondents, it has been observed that the lack of knowledge of available resources and the fear of repercussions appear to be central issues. Moreover, the results suggest that the participants perceive radicalization as a phenomenon essentially linked to Islam, which could be explained by the influence of media representation of the issue and could consequently have an impact on their way of understanding and identifying a radicalization-prone case. Finally, the gray area surrounding the behaviors associated with radicalization appears to be a problem in assessing the severity of the situation and ultimately the decision to reach out to an aid resource, such as the CPRLV, or the police.

Radicalisation

Radicalization

CVE

Prévention

Recherche d'aide

Signalement

Communauté

Help-seeking

Reporting

Community

Nástroj pro snazší zabezpečení počítačů s OS Linux / A Tool for Easily Securing Computers with Linux

Barabas, Maroš

January 2009

The purpose of this thesis is to explain new approaches to scanning and locking vulnerabilities in computer security and to design a new system to improve security of computers running the Linux operating system. The purpose of this system is to analyze remote operating systems and detect and lock down vulnerabilities by existing security standards.