Secure and Efficient In-Process Monitor and Multi-Variant Execution

Yeoh, SengMing

01 February 2021

Control flow hijacking attacks such as Return Oriented Programming (ROP) and data oriented attacks like Data Oriented Programming (DOP) are problems still plaguing modern software today. While there have been many attempts at hardening software and protecting against these attacks, the heavy performance cost of running these defenses and intrusive modifications required has proven to be a barrier to adoption. In this work, we present Monguard, a high-performance hardware assisted in-process monitor protection system utilizing Intel Memory Protection Keys (MPK) to enforce execute-only memory, combined with code randomization and runtime binary patching to effectively protect and hide in-process monitors. Next, we introduce L-MVX, a flexible lightweight Multi-Variant Execution (MVX) system running in the in-process monitor system that aims to solve some of the performance problems of recent MVX defenses through selective program call graph protection and in-process monitoring, maintaining security guarantees either by breaking attacker assumptions or creating a scenario where a particular attack only works on a single variant. / Master of Science / Memory corruption attacks are still prevalent on modern software. While there have been many attempts at hardening software and preventing against these attacks, the heavy performance cost of running these defenses and intrusive modifications required have proven to be a barrier to adoption. In this work, we present L-MVX, a high-performance hardware assisted in-process monitor protection system that provides an unintrusive and efficient way to defend against these attacks on monitor systems. We also introduce L-MVX, a flexible lightweight process monitoring engine running on L-MVX that aims to solve some of the performance problems of recent monitor defenses.

Multi-Variant Execution

In-Process Monitor

Memory Isolation

ScriptSpaces: An Isolation Abstraction for Web Browsers

Deka, Amarjyoti

02 September 2010

Current web browsers are ill-prepared to manage execution of scripts embedded in web pages, because they treat all JavaScript code executing in a page as one unit. All code shares the same namespace, same security domain, and shares uncontrolled access to the same heap; some browsers even use the same thread for multiple tabs or windows. This lack of isolation frequently causes problems that range from loss of functionality to security compromises. ScriptSpace is an abstraction that provides separate, isolated execution environments for parts or all of a web page. Within each ScriptSpace, we maintain the traditional, single-threaded JavaScript environment to provide compatibility with existing code written under this assumption. Multiple ScriptSpaces within a page are isolated with respect to namespace, CPU, and memory consumption. The user has the ability to safely terminate failing scripts without affecting the functionality of still-functional components of the page, or of other pages. We implemented a prototype of ScriptSpace based on the Firefox 3.0 browser. Rather than mapping ScriptSpaces to OS-level threads, we exploit a migrating-thread model in which threads enter and leave the ScriptSpaces associated with the respective sections of the document tree during the event dispatching process. A proportional share scheduler ensures that the number of bytecode instructions executed within each ScriptSpace is controlled. Our prototype can isolate resource-hogging gadgets within an iGoogle Mashup page as well as across multiple pages loaded in the browser and still retain interactive response. / Master of Science

Resource Control

JavaScript

Web Browsers

Isolation

Acoustic prediction and noise control of a refrigeration compressor

Rankle, Hugo Elias Camargo

05 September 2009

In this study, the prediction and control of the acoustic radiation from a Bristol H25A refrigeration compressor are investigated. For the acoustic prediction, a modal decomposition approach is used. To this end, a boundary element model of the shell is created, and it is used to compute the modal radiation efficiency curves of the shell. These radiation efficiencies are then used in conjunction with the experimentally measured spring forces to obtain the acoustic power radiated by the compressor. Of twenty-three structural modes included in the analysis, it is found that eight have high radiation efficiency and six contribute significantly to the total radiated power. The analytically predicted overall radiated sound power of 82.2 dBA agrees very well with the 82 dBA experimentally measured. For the noise control of the compressor, three approaches are investigated to reduce the forces transmitted to the shell and thus the radiation. (a) The spring mounts are moved to various locations on the shell, (b) dynamic vibration absorbers (DVAs) are added to the mounts, and (c) low modulus materials are inserted between the mounts and the springs to create an impedance mismatch. For all three approaches, efficient analytical methods to compute the radiated acoustic power upon the system modifications are developed. The most promising approach is the insertion of the low modulus materials, which yields a reduction of 6.4 dBA on the total radiated acoustic power. The addition of DVAs and the relocation of the mounts yield a reduction of 5.5 dBA and 1.7 dBA in the total radiated acoustic power, respectively. / Master of Science

LD5655.V855 1995.R365

radiation vibration isolation

Isolated Architecture: Finding Solidarity In Isolation

Pessotti, Philippe Campos

15 June 2021

Throughout history, humans have stigmatized solitude. We see it as an inconvenience, something to avoid, a punishment. As a society today, we are constantly locked on to our phones, televisions, friend groups and generally being around people. It is an over stimulation that has damaging effects to our mental well-being. We need to be around people because we are a social species. Because of this we think the idea of being alone as a problem, as something strange, an unwanted behavior. I believe there is a misunderstanding between the idea of isolation with separation and loneliness. The world's population is increasing every year and we often find ourselves trapped in overcrowded cities. Finding a special quiet place to get away and gather your thoughts is difficult in an environment like this. This is a major stress factor that contributes to the large spread of depression and anxiety that we find in our world. These cities come with many stressors such as density, excessive stimuli, competition and materialism, disconnection and even uncertainty in a constantly moving and changing environment. This thesis is the exploration of intentional solitude which is the idea of wanting to be alone. Being alone has many benefits that go beyond what most people think. Scientists and psychologists today are finding that isolation can be very beneficial to the human mind and can be therapeutic if done so by choice. Intentional solitude can also be beneficial for groups as well. This works when individual group members set off and isolate for a certain period and then regroup later to share their own experience. By doing this, the group gains new experiences and ideas that would otherwise be unachievable if done so alone. To best achieve solidarity, the design of the wellness retreat will include a main communal building, called the hearth, and a set of smaller individual structures, called shelters. These shelters will be located at different points throughout the site and provide an isolated, natural experience for self-reflection. The hearth will be the area for communal gatherings and to share ideas and experiences found through isolation. / Master of Architecture / People in todays society are so consumed by their phones, media and life itself that they often forget to save time for themselves. Research has shown that finding time for solitude and isolation to gather ones thoughts and relax has proven to be a major help in terms of mental health. This thesis involves a wellness retreat which was designed for such people in order to help them reflect on themselves through the exposure to architecture and the natural environment. The project involves two major aspects. One is the main central communal building called the hearth. This is where all the visitors will reconvene everyday to share their personal experiences. The second part of this project are the separate isolation shelters that are spread out through the wooded site. These locations will be used for personal intentional solitude. This is where each visitor will spend most of their time alone with both architecture and nature. The shelters and the hearth are connected to each other through several trails on the site.

Architecture

Nature

Solitude

Wellness Retreat

Isolation

A Defense-In-Depth Security Architecture for Software Defined Radio Systems

Hitefield, Seth D.

27 January 2020

Modern wireless communications systems are constantly evolving and growing more complex. Recently, there has been a shift towards software defined radios due to the flexibility soft- ware implementations provide. This enables an easier development process, longer product lifetimes, and better adaptability for congested environments than conventional hardware systems. However, this shift introduces new attack surfaces where vulnerable implementa- tions can be exploited to disrupt communications or gain unauthorized access to a system. Previous research concerning wireless security mainly focuses on vulnerabilities within pro- tocols rather than in the radios themselves. This dissertation specifically addresses this new threat against software radios and introduces a new security model intended to mitigate this threat. We also demonstrate example exploits of waveforms which can result in either a denial-of-service or a compromise of the system from a wireless attack vector. These example exploits target vulnerabilities such as overflows, unsanitized control inputs, and unexpected state changes. We present a defense-in-depth security architecture for software radios that protects the system by isolating components within a waveform into different security zones. Exploits against vulnerabilities within blocks are contained by isolation zones which protects the rest of the system from compromise. This architecture is inspired by the concept of a microkernel and provides a minimal trusted computing base for developing secure radio systems. Unlike other previous security models, our model protects from exploits within the radio protocol stack itself and not just the higher layer application. Different isolation mechanisms such as containers or virtual machines can be used depending on the security risk imposed by a component and any security requirements. However, adding these isolation environments incurs a performance overhead for applications. We perform an analysis of multiple example waveforms to characterize the impact of isolation environments on the overall performance of an application and demonstrate the overhead generated from the added isolation can be minimal. Because of this, our defense-in-depth architecture should be applied to real-world, production systems. We finally present an example integration of the model within the GNU Radio framework that can be used to develop any waveform using the defense-in-depth se- curity architecture. / Doctor of Philosophy / In recent years, wireless devices and communication systems have become a common part of everyday life. Mobile devices are constantly growing more complex and with the growth in mobile networks and the Internet of Things, an estimated 20 billion devices will be connected in the next few years. Because of this complexity, there has been a recent shift towards using software rather than hardware for the primary functionality of the system. Software enables an easier and faster development process, longer product lifetimes through over- the-air updates, and better adaptability for extremely congested environments. However, these complex software systems can be susceptible to attack through vulnerabilities in the radio interfaces that allow attackers to completely control a targeted device. Much of the existing wireless security research only focuses on vulnerabilities within different protocols rather than considering the possibility of vulnerabilities in the radios themselves. This work specifically focuses on this new threat and demonstrates example exploits of software radios. We then introduce a new security model intended to protect against these attacks. The main goal of this dissertation is to introduce a new defense-in-depth security architecture for software radios that protects the system by isolating components within a waveform into different security zones. Exploits against the system are contained within the zones and unable to compromise the overall system. Unlike other security models, our model protects from exploits within the radio protocol stack itself and not just the higher layer application. Different isolation mechanisms such as containers or virtual machines can be used depending on the security risk imposed by a component and any security requirements for the system. However, adding these isolation environments incurs a performance overhead for applications. We also perform a performance analysis with several example applications and show the overhead generated from the added isolation can be minimal. Therefore, the defense-in-depth model should be the standard method for architecting wireless communication systems. We finally present a GNU Radio based framework for developing waveforms using the defense- in-depth approach.

Wireless Communications

Software radio

Security

Isolation

Festival in a Box: Development and qualitative evaluation of an outreach programme to engage socially isolated people with dementia

Eades, M., Lord, Kathryn, Cooper, C.

January 2016

No / We co-designed and piloted ‘Festival in a Box’, an outreach programme to enable socially isolated people with dementia to engage with and enjoy cultural activities in their homes. It comprised 3–4 weekly home visits, each led by a professional artist to create art works using materials brought in ‘the box’. Activities included music, poetry, pottery, crafts and photography. We qualitatively interviewed 13 participants (6 people with dementia, 4 artists, 3 befrienders). Six participants with dementia completed, enjoyed and engaged with the planned visits. Main themes were: engagement, reflection on value of previous cultural activities, precariousness and isolation in current neighbourhood and the importance of a voice and being heard. Befrienders reported their preconceptions of what participants could do were challenged. Artists reported shifts in their preconceptions about dementia and the influence of the project on their professional practice. We propose that the ‘Festival in a Box’ pilot study suggests a means through which community arts festivals could work with socially isolated people with dementia to contribute to the creation of ‘Dementia Friendly Communities’. A larger-scale pilot study is now needed to develop this hypothesis.

Arts

Cultural activities

Dementia

Isolation

Pilot trial

Vibration Isolation of a Horizontal Rigid Plate Supported by Pre-bent Struts

Jeffers, Ann E.

05 January 2006

The purpose of this research is to analyze a new type of vibration isolator consisting of two pre-bent struts which are clamped at both ends and intermediately bonded with a viscoelastic filler. The proposed isolation device has the ability to support a relatively large static load with little deflection and offers a low axial resistance under dynamic excitation, making it ideal for isolating vertical vibrations. In this research, four of these vibration isolators are used to support a rigid, square plate. The symmetric case is analyzed first. Then the plate has a center of mass which is located at some distance from the geometric center of the plate. When the system is subjected to vertical harmonic base excitations, this eccentric weight introduces rotational as well as vertical motions of the plate. This research will investigate the effects of various eccentricities on the efficiency of the vibration isolators in the configuration described. The displacement transmissibility will be the measure of the isolators' effectiveness at mitigating vibrations transmitted from the base to the rigid plate. For each case, the nonlinear equilibrium equations and the governing equations of motion for small vibrations about equilibrium are numerically solved, and the transmissibility is calculated and plotted over a wide range of frequencies. These plots are used to recognize ranges of frequencies for which isolation is achieved and frequencies at which resonance occurs in the system. At the resonant frequencies, the physical behavior of the system is analyzed to determine the types of vibration modes which occur in the system. A free vibration analysis is also performed to obtain a better understanding of resonances in the system. / Master of Science

vibration isolation

buckled structures

dynamic response

A natural solution to photoprotection and isolation of the potent polyene antibiotic, marinomycin A

Bailey, C.S., Zarins-Tutt, J.S., Agbo, M., Gao, H., Diego-Taboada, A., Gan, M., Hamed, Refaat B., Abraham, E.R., Mckenzie, G., Evans, P.A., Goss, R.J.M.

17 February 2020

Yes / The photoprotection and isolation of marinomycin A using sporopollenin exine capsules (SpECs) derived from the spores of the plant Lycopodium clavatum is described. The marinomycins have a particularly short half-life in natural light, which severely impacts their potential biological utility given that they display potent antibiotic and anticancer activity. The SpEC encapsulation of the marinomycin A dramatically increases the half-life of the polyene macrodiolide to the direct exposure to UV radiation by several orders of magnitude, thereby making this a potentially useful strategy for other light sensitive bioactive agents. In addition, we report that the SpECs can also be used to selectively extract culture broths that contain the marinomycins, which provides a significantly higher recovery than with conventional XAD resins and provides concomitant photoprotection.

Photoprotection

Isolation

Marinomycin A

Antibiotic

Lycopodium clavatum

Lake in the Sky

Glasson-Darling, Meredith Elane

27 June 2019

This is a fiction novel about grief, isolation, and loss that takes place in an unnamed rural whaling village in Arctic Alaska. There is also a time-traveling dragon in it. / Master of Fine Arts

Arctic

magical realism

dragon

grief

isolation

Isolation, Identification and Cultivation of Four Phytopathogenic Fungi

Parks, Leroy W.

08 1900

This investigation includes a morphological and cultural study of four rather common pathogenic fungi one of which attacks Zinnia elegans, one Lagerstroemia indica, one Ligustrum lodense and one Euonymus japonica. The problem includes, first, a determination of the genera of these four fungi as revealed by their morphology in natural habitat; second, a determination of the growth and cultural characteristics of these on Cornmeal, Potato, Bean, Prune and Carrot agars; third, a comparison of the growth and cultural characteristics of these in natural habitat with the same on the various agars used; and fourth, an evaluation of the five artificial culture media in so far as their usage is concerned in the growth and cultivation of these four species of fungi.

pathogenic fungi

isolation

identification

cultivation

Phytopathogenic fungi.