Global ETD Search

111	On providing an efficient and reliable virtual block storage service Esterhuyse, Eben 03 1900 (has links) Thesis (MComm)--Stellenbosch University, 2001. / ENGLISH ABSTRACT: This thesis describes the design and implementation of a data storage service. Many clients can be served simultaneously in an environment where processes execute on different physical machines and communicate via message passing primitives. The service is provided by two separate servers: one that functions at the disk block level and another that maintains files. A prototype system was developed first in the form of a simple file store. The prototype served two purposes: (1) it extended the single-user Oberon system to create a multiuser system suitable to support group work in laboratories, and (2) it provided a system that could be measured to obtain useful data to design the final system. Clients access the service from Oberon workstations. The Oberon file system (known as the Ceres file system) normally stores files on a local disk. This system was modified to store files on a remote Unix machine. Heavily used files are cached to improve the efficiency of the system. In the final version of the system disk blocks are cached, not entire files. In this way the disks used to store the data are unified and presented as a separate virtual block service to be used by file systems running on client workstations. The virtual block server runs on a separate machine and is accessed via a network. The simplicity of the block server is appealing and should in itself improve reliability. The main concern is efficiency and the goal of the project was to determine whether such a design can be made efficient enough to serve its purpose. / AFRIKAANSE OPSOMMING:Hierdie tesis omskryf die ontwerp en implementasie van 'n data stoor diens. Verskeie gebruikers word bedien deur die diens wat funksioneer in 'n verspreide omgewing: 'n omgewing waar prosesse uitvoer op verskillende masjiene en met mekaar kommunikeer met behulp van boodskappe wat rondgestuur word. Die diens word verskaf deur twee bedieners: die eerste wat funksioneer op 'n blok vlak en die ander wat lers onderhou. 'n Prototipe leer diens is ontwikkel deur middel van 'n basiese leer stoor. Die prototipe het twee funksies verrig: (1) die enkel gebruiker Oberon stelsel is uitgebrei na 'n veelvoudige gebruiker stelsel bruikbaar vir groepwerk in 'n laboratorium omgewing, en (2) 'n stelsel is verskaf wat betroubare en akkurate data kon verskaf vir die ontwerp van die finale stelsel. Oberon werkstasies word gebruik met die leer diens. Die Oberon leer stelsel (ook bekend as die Ceres leer stelsel) stoor normaalweg leers op 'n lokale skyf. Hierdie bestaande stelsel is verander om leers te stoor op 'n eksterne Unix masjien. Leers wat die meeste in gebruik is word in geheue aangehou vir effektiwiteits redes. Die finale weergawe van die stelsel berg skyf blokke in geheue, nie leers nie. Hierdie metode laat dit toe om data te stoor op 'n standaard metode, bruikbaar deur verskillende tipes leer stelsels wat uitvoer op verskeie gebruikers se werkstasies. Die virtuele blok stoor voer uit op 'n aparte masjien en is bereikbaar via 'n netwerk. Die eenvoudige ontwerp van die diens is opsigself aanloklik en behoort betroubaarheid te verbeter. Die hoof bekommernis is effektiwiteit en die hoofdoel van die projek was om te bepaal of hierdie ontwerp effektief genoeg gemaak kon word. Oberon Computer storage devices Operating systems (Computers) Dissertations -- Mathematical sciences Dissertations -- Computer science Theses -- Mathematical sciences
112	Kernel support for embedded reactive systems Ackerman, M. C . (Marthinus Casper) 10 1900 (has links) Thesis (MSc)--Stellenbosch University , 1993. / ENGLISH ABSTRACT: Reactive systems are event driven state machines which usually do not terminate, but remain in perpetual interaction with their environment. Such systems usually interact 'With devices which introduce a high degree of concurrency and some real time constraints to the system. Because of the concurrent nature of reactive systems they are commonly implemented as communicating concurrent processes on one or more processors. Jeffay introduces a design paradigm which requires consumer processes to consume messages faster than they are produced by producer processes. If this is guaranteed, the real time constraints of such .. system are always met, and the correctness of the process interaction is guaranteed in terms of the message passing semantics. I developed the ESE kernel, which supports Jeffay systems by providing lightweight processes which communicate over asynchronous channels. Processes are scheduled non-preemptively according to the earliest deadline first policy when they have messages pending on their input channels. The Jeffay design method and the ESE kernel have been found to be highly suitable to implement embedded reactive systems. The general requirements of embedded reactive systems, and kernel support required by such systems, are discussed. / AFRIKAANSE OPSOMMING: Reaktiewe stelsels is toeatandsoutomate wat aangedryf word deur gebeure in hul omgewins. So 'n stelsel termineer gewoonlik nie, maar bly in 'n voortdurende wisselwerking met toestelle in sy omgewing. Toestelle in die omgewing van 'n reaktiewe stelsel veroorsaak in die algemeen 'n hoë mate van gelyklopendheid in die stelsel, en plaas gewoonlik sekere intydse beperkings op die stelsel. Gelyklopende stelsels word gewoonlik as stelsel. van kommunikerende prosesse geïmplementeer op een of meer prosessors. Jeffay beskryf 'n ontwerpsmetodologie waarvolgens die ontvanger van boodskappe hulle vinniger moet verwerk as wat die sender hulle kan stuur. Indien hierdie gedrag tussen alle pare kommunikerende prosesse gewaarborg kan word, sal die stelsel altyd sy intydse beperkings gehoorsaam, en word die korrektheid van interaksies tussen prosesse deur die semantiek van die boodskapwisseling gewaarborg. Die "ESE" bedryfstelselkern wat ek ontwikkel het, ondersteun stelsels wat ontwerp en geïmplementeer word volgens Jeffay se metode. Prosesse kommunikeer oor asinkrone kanale, en die ontvanger van die boodskap met die vroegste keertyd word altyd eerste geskeduleer. Jeffay se ontwerpsmetode en die "ESE" kern blyk in die praktyk baie geskik te wees vir reaktiewe stelsels wat as substelsels van groter stelsels uitvoer. Die vereistes van reaktiewe substelsels, en die kemondersteuning wat daarvoor nodig is, word bespreek. Operating systems (Computers) Dissertations -- Computer science Theses -- Computer science Dissertations -- Mathematical sciences Theses -- Mathematical sciences
113	An exfiltration subversion demonstration Murray, Jessica L. 06 1900 (has links) Approved for public release, distribution is unlimited / A dynamic subversion attack on the Windows XP Embedded operating system is demonstrated to raise awareness in developers and consumers of the risk of subversion in commercial operating systems that may be safety critical. SCADA (Supervisory Control and Data Acquisition) systems that monitor and control our critical infrastructure depend on embedded systems. The attack can be loaded onto a fielded system that has been subverted with a small software artifice. The artifice could be inserted into the system at any time in the system's lifecycle. The attack provides a flexible method for the attacker, who may not be the same individual who inserted the artifice, to gain total control of the subverted system. Due to the dynamic loading property of this subversion, the attacker does not have to decide the aspect of the system to be targeted until a time of her choice. The attack does not exploit an existing flaw in the target module but is possible because the initial artifice is inserted into the kernel of an operating system where adversaries have access to source code. This thesis discusses certain aspects of known methods for developing systems free from subversion. Several projects that utilized these methods are presented. / Civilian, Naval Postgraduate School Computer security Operating systems (Computers) Operating systems subversion Computer security Verifiable protection Software wiretap
114	Distributed load balancing in a multiple server system by shift-invariant protocol sequences. / CUHK electronic theses & dissertations collection January 2013 (has links) Zhang, Yupeng. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2013. / Includes bibliographical references (leaves 45-48). / Electronic reproduction. Hong Kong : Chinese University of Hong Kong, [2012] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Abstracts also in Chinese. Computer algorithms
115	Solo32, a Concurrent Pascal operating system with UNIX interfaces Wilde, Martin January 2010 (has links) Typescript (photocopy). / Digitized by Kansas Correctional Industries Operating systems (Computers) UNIX (Computer file)
116	An investigation of cluster analysis techniques as a means of structuring specifications in the design of complex systems Holden, Timothy Aloysius January 1978 (has links) Thesis (Ocean E.)--Massachusetts Institute of Technology, Dept. of Ocean Engineering; and, (M.S.)--Massachusetts Institute of Technology Sloan School of Management, 1978. / MICROFICHE COPY AVAILABLE IN ARCHIVES AND ENGINEERING. / Bibliography: leaves 153-156. / by Timothy A. Holden. / Ocean E. / M.S. Sloan School of Management Ocean Engineering Operating systems (Computers) Cluster analysis Engineering design Data processing
117	Design and Analysis of Decoy Systems for Computer Security Bowen, Brian M. January 2011 (has links) This dissertation is aimed at defending against a range of internal threats, including eaves-dropping on network taps, placement of malware to capture sensitive information, and general insider threats to exfiltrate sensitive information. Although the threats and adversaries may vary, in each context where a system is threatened, decoys can be used to deny critical information to adversaries making it harder for them to achieve their target goal. The approach leverages deception and the use of decoy technologies to deceive adversaries and trap nefarious acts. This dissertation proposes a novel set of properties for decoys to serve as design goals in the development of decoy-based infrastructures. To demonstrate their applicability, we designed and prototyped network and host-based decoy systems. These systems are used to evaluate the hypothesis that network and host decoys can be used to detect inside attackers and malware. We introduce a novel, large-scale automated creation and management system for deploying decoys. Decoys may be created in various forms including bogus documents with embedded beacons, credentials for various web and email accounts, and bogus financial in- formation that is monitored for misuse. The decoy management system supplies decoys for the network and host-based decoy systems. We conjecture that the utility of the decoys depends on the believability of the bogus information; we demonstrate the believability through experimentation with human judges. For the network decoys, we developed a novel trap-based architecture for enterprise networks that detects "silent" attackers who are eavesdropping network traffic. The primary contributions of this system is the ease of injecting, automatically, large amounts of believable bait, and the integration of various detection mechanisms in the back-end. We demonstrate our methodology in a prototype platform that uses our decoy injection API to dynamically create and dispense network traps on a subset of our campus wireless network. We present results of a user study that demonstrates the believability of our automatically generated decoy traffic. We present results from a statistical and information theoretic analysis to show the believability of the traffic when automated tools are used. For host-based decoys, we introduce BotSwindler, a novel host-based bait injection sys- tem designed to delude and detect crimeware by forcing it to reveal itself during the ex- ploitation of monitored information. Our implementation of BotSwindler relies upon an out-of-host software agent to drive user-like interactions in a virtual machine, seeking to convince malware residing within the guest OS that it has captured legitimate credentials. To aid in the accuracy and realism of the simulations, we introduce a novel, low overhead approach, called virtual machine verification, for verifying whether the guest OS is in one of a predefined set of states. We provide empirical evidence to show that BotSwindler can be used to induce malware into performing observable actions and demonstrate how this approach is superior to that used in other tools. We present results from a user to study to illustrate the believability of the simulations and show that financial bait infor- mation can be used to effectively detect compromises through experimentation with real credential-collecting malware. We present results from a statistical and information theo- retic analysis to show the believability of simulated keystrokes when automated tools are used to distinguish them. Finally, we introduce and demonstrate an expanded role for decoys in educating users and measuring organizational security through experiments with approximately 4000 university students and staff. Computer science Malware (Computer software) Cyber intelligence (Computer security)
118	Multi-Persona Mobile Computing Andrus, Jeremy Christian January 2015 (has links) Smartphones and tablets are increasingly ubiquitous, and many users rely on multiple mobile devices to accommodate work, personal, and geographic mobility needs. Pervasive access to always-on mobile computing has created new security and privacy concerns for mobile devices that often force users to carry multiple devices to meet those needs. The volume and popularity of mobile devices has commingled hardware and software design, and created tightly vertically integrated platforms that lock users into a single, vendor controlled ecosystem. My thesis is that lightweight mechanisms can be added to commodity operating systems to enable multiple virtual phones or tablets to run at the same time on a physical smartphone or tablet device, and to enable apps from multiple mobile platforms, such as iOS and Android, to run together on the same physical device, all while maintaining the low-latency and responsiveness expected of modern mobile devices. This dissertation presents two lightweight operating systems mechanisms, virtualization and binary compatibility, that enable multi-persona mobile computing. First, we present Cells, a mobile virtualization architecture enabling multiple virtual phones, or personas, to run simultaneously on the same physical cellphone in a secure and isolated manner. Cells introduces device namespaces that allow apps to run in a virtualized environment while still leveraging native devices such as GPUs to provide accelerated graphics. Second, we present Cycada, an operating system compatibility architecture that runs applications built for different mobile ecosystems, iOS and Android, together on a single Android device. Cycada introduces kernel-level code adaptation and diplomats to simplify binary compatibility support by reusing existing operating system code and unmodified frameworks and libraries. Both Cells and Cycada have been implemented in Android, and can run multiple Android virtual phones, and a mix of iOS and Android apps on the same device with good performance. Because mobile computing has become increasingly important, we also present a new way to teach operating systems in a mobile-centric way that incorporates the concepts of geographic mobility, sensor data acquisition, and resource-constrained design considerations. Computer science Computer engineering User interfaces (Computer systems) Operating systems (Computers)
119	Analysis of a coordination framework for mapping coarse-grain applications to distributed systems Schaefer, Linda Ruth 01 January 1991 (has links) A paradigm is presented for the parallelization of coarse-grain engineering and scientific applications. The coordination framework provides structure and an organizational strategy for a parallel solution in a distributed environment. Three categories of primitives which define the coordination framework are presented: structural, transformational. and operational. The prototype of the paradigm presented in this thesis is the first step towards a programming development tool. This tool will allow non-specialist programmers to parallelize existing sequential solutions through the distribution, synchronization and collection of tasks. The distributed control, multidimensional pipeline characteristics of the paradigm provide advantages which include load balancing through the use of self-directed workers, a simplified communication scheme ideally suited for infrequent task interaction, a simple programmer interface, and the ability of the programmer to use already existing code. Results for the parallelization of SPICE3Cl in a distributed system of fifteen SUN 3 workstations with one fileserver demonstrate linear speedup with slopes ranging from 0.7 to 0.9. A high-level abstraction of the system is presented in the form of a closed, single class, queuing network model. Using the Mean Value Analysis solution technique from queuing network theory, an expression for total execution time is obtained and is shown to be consistent with the well known Amdahl's Law. Our expression is in fact a refinement of Amdahl's Law which realistically captures the limitations of the system. We show that the portion of time spent executing serial code which cannot be enhanced by parallelization is a function of N, the number of workers in the system. Experiments reveal the critical nature of the communication scheme and the synchronization of the paradigm. Investigation of the synchronization center indicates that as N increases, visitations to the center increase and degrade system performance. Experimental data provides the information needed to characterize the impact of visitations on the perfoimance of the system. This characterization provides a mechanism for optimizing the speedup of an application. It is shown that the model replicates the system as well as predicts speedup over an extended range of processors, task count, and task size. Parallel programming (Computer science) MIMD computers -- Programming Electrical and Computer Engineering
120	Improving operating systems security: two case studies Wei, Jinpeng 14 August 2009 (has links) Malicious attacks on computer systems attempt to obtain and maintain illicit control over the victim system. To obtain unauthorized access, they often exploit vulnerabilities in the victim system, and to maintain illicit control, they apply various hiding techniques to remain stealthy. In this dissertation, we discuss and present solutions for two classes of security problems: TOCTTOU (time-of-check-to-time-of-use) and K-Queue. TOCTTOU is a vulnerability that can be exploited to obtain unauthorized root access, and K-Queue is a hiding technique that can be used to maintain stealthy control of the victim kernel. The first security problem is TOCTTOU, a race condition in Unix-style file systems in which an attacker exploits a small timing gap between a file system call that checks a condition and a use kernel call that depends on the condition. Our contributions on TOCTTOU include: (1) A model that enumerates the complete set of potential TOCTTOU vulnerabilities; (2) A set of tools that detect TOCTTOU vulnerabilities in Linux applications such as vi, gedit, and rpm; (3) A theoretical as well as an experimental evaluation of security risks that shows that TOCTTOU vulnerabilities can no longer be considered "low risk" given the wide-scale deployment of multiprocessors; (4) An event-driven protection mechanism and its implementation that defend Linux applications against TOCTTOU attacks at low performance overhead. The second security problem addressed in this dissertation is kernel queue or K-Queue, which can be used by the attacker to achieve continual malicious function execution without persistently changing either kernel code or data, which prevents state-of-the-art kernel integrity monitors such as CFI and SBCFI from detecting them. Based on our successful defense against a concrete instance of K-Queue-driven attacks that use the soft timer mechanism, we design and implement a solution to the general class of K-Queue-driven attacks, including (1) a unified static analysis framework and toolset that can generate specifications of legitimate K-Queue requests and the checker code in an automated way; (2) a runtime reference monitor that validates K-Queue invariants and guards such invariants against tampering; and (3) a comprehensive experimental evaluation of our static analysis framework and K-Queue Checkers. Control flow integrity Security and protection Reliability File systems management

Search results