AMMP-EXTN: A User Privacy and Collaboration Control Framework for a Multi-User Collaboratory Virtual Reality System

Ma, Wenjun

01 October 2007

In this thesis, we propose a new design of privacy and session control for improving a collaborative molecular modeling CVR system AMMP-VIS [1]. The design mainly addresses the issue of competing user interests and privacy protection coordination. Based on our investigation of AMMP-VIS, we propose a four-level access control structure for collaborative sessions and dynamic action priority specification for manipulations on shared molecular models. Our design allows a single user to participate in multiple simultaneous sessions. Moreover, a messaging system with text chatting and system broadcasting functionality is included. A 2D user interface [2] for easy command invocation is developed in Python. Two other key aspects of system implementation, the collaboration Central deployment and the 2D GUI for control are also discussed. Finally, we describe our system evaluation plan which is based on an improved cognitive walkthrough and heuristic evaluation as well as statistical usage data.

Privacy protection

Access control

Collaborative Virtual Environment

CVE survey

System evaluation

GUI

Molecular modeling

Computer Sciences

AMMP-EXTN: A User Privacy and Collaboration Control Framework for a Multi-User Collaboratory Virtual Reality System

Ma, Wenjun

01 October 2007

In this thesis, we propose a new design of privacy and session control for improving a collaborative molecular modeling CVR system AMMP-VIS [1]. The design mainly addresses the issue of competing user interests and privacy protection coordination. Based on our investigation of AMMP-VIS, we propose a four-level access control structure for collaborative sessions and dynamic action priority specification for manipulations on shared molecular models. Our design allows a single user to participate in multiple simultaneous sessions. Moreover, a messaging system with text chatting and system broadcasting functionality is included. A 2D user interface [2] for easy command invocation is developed in Python. Two other key aspects of system implementation, the collaboration Central deployment and the 2D GUI for control are also discussed. Finally, we describe our system evaluation plan which is based on an improved cognitive walkthrough and heuristic evaluation as well as statistical usage data.

Privacy protection

Access control

Collaborative Virtual Environment

CVE survey

System evaluation

GUI

Molecular modeling

Computer Sciences

INVESTIGATING ESCAPE VULNERABILITIES IN CONTAINER RUNTIMES

Michael J Reeves (10797462)

14 May 2021

Container adoption has exploded in recent years with over 92% of companies using containers as part of their cloud infrastructure. This explosion is partly due to the easy orchestration and lightweight operations of containers compared to traditional virtual machines. As container adoption increases, servers hosting containers become more attractive targets for adversaries looking to gain control of a container to steal trade secrets, exfiltrate customer data, or hijack hardware for cryptocurrency mining. To control a container host, an adversary can exploit a vulnerability that enables them to escape from the container onto the host. This kind of attack is termed a “container escape” because the adversary is able to execute code on the host from within the isolated container. The vulnerabilities which allow container escape exploits originate from three main sources: (1) container profile misconfiguration, (2) the host’s Linux kernel, and (3) the container runtime. While the first two cases have been studied in the literature, to the best of the author’s knowledge, there is, at present, no work that investigates the impact of container runtime vulnerabilities. To fill this gap, a survey over container runtime vulnerabilities was conducted investigating 59 CVEs for 11 different container runtimes. As CVE data alone would limit the investigation analysis, the investigation focused on the 28 CVEs with publicly available proof of concept (PoC) exploits. To facilitate this analysis, each exploit was broken down into a series of high-level commands executed by the adversary called “steps”. Using the steps of each CVE’s corresponding exploit, a seven-class taxonomy of these 28 vulnerabilities was constructed revealing that 46% of the CVEs had a PoC exploit which enabled a container escape. Since container escapes were the most frequently occurring category, the nine corresponding PoC exploits were further analyzed to reveal that the underlying cause of these container escapes was a host component leaking into the container. This survey provides new insight into system vulnerabilities exposed by container runtimes thereby informing the direction of future research.

Applied Computer Science

Computer System Security

containers

Container Runtime,

Security

vulnerability survey

CVE survey