Framework de Kernel para um sistema de segurança imunologica

Carbone, Martim d'Orey Posser de Andrade

23 June 2006

Orientador: Paulo Licio de Geus / Dissertação (mestrado) - Universidade Estadual de Campinas, Instituto de Computação / Made available in DSpace on 2018-08-07T00:53:39Z (GMT). No. of bitstreams: 1 Carbone_Martimd'OreyPosserdeAndrade_M.pdf: 997778 bytes, checksum: 199d19777ac058e5c7dcecaa5c43639f (MD5) Previous issue date: 2006 / Resumo: O crescimento alarmante da quantidade e da sofisticação dos ataques aos quais estão sujeitos os sistemas computacionais modernos traz à tona a necessidade por novos sistemas de segurança mais eficientes. Na natureza, há um sistema biológico que realiza esta tarefa com notável eficácia: o sistema imunológico humano. Este sistema é capaz de garantir a sobrevivência de um ser humano por décadas, além de ser capaz de aprender sobre novas ameaças e criar defesas para combatê-Ias. Sua eficácia, somada à semelhança entre o cenário da segurança biológica e o da segurança computacional, motivou a criação do projeto Imuno, cujo objetivo é a construção de um sistema de segurança para computadores baseado nos princípios do sistema imunológico humano. Após o estudo inicial, a modelagem conceitual do sistema e a implementação de protótipos restritos de certas funcionalidades do sistema Imuno, este trabalho tem como objetivo avançar rumo à construção de um sistema de segurança imunológico completo, de escopo geral. Para isso, torna-se necessária a implementação de uma framework em nível de sistema operacional, que suporte as funcionalidades relacionadas à prevenção, detecção e resposta que serão utilizadas por este sistema de segurança. Projetada para o kernel Linux 2.6, esta framework é composta por algumas frameworks pré-existentes, como Lima Security Modules (LSM), Netfilter, Class-based Kernel Resource Management (CKRM), BSD Secure Levels (SEClvl) e UndoFS, ajustadas de acordo com os requisitos levantados para a framework; e somadas a uma nova arquitetura de ganchos multifuncionais. Esta arquitetura expande a infraestrutura nativa dos ganchos LSM, tornando-os flexíveis e genéricos o bastante para serem utilizados com outras funcionalidades de segurança além de controle de acesso, como detecção e resposta, além de poderem ser controlados do espaço de usuário em tempo real. Um protótipo foi implementado para a versão 2.6.12 do Linux e submetido a testes, visando avaliar tanto o impacto de desempenho gerado como também o seu comportamento em um cenário de ataque simulado. Os resultados destes testes são expostos no final deste trabalho, junto com as conclusões gerais sobre o projeto e propostas de extensão / Abstract: The alarming growth in the quantity and the sophistication of the attacks that threaten modem computer systems shows the need for new, more efticient security systems. In nature, there is a biological system that accomplishes this task with a remarkable efticiency: the human immune system. Not only this system is capable of assuring the survival of a human being for decades; it is also capable of learning about new threats and creating defenses to fight them. Its efticiency, combined with the similarity that exists between the biological and the computer security problems, has motivated the creation of the Imuno project, whose goal is the construction of a computer security system based on the principIes of the human immune system. After initial studies, the system's conceptual modeling and the implementation of prototypes of certain Imuno functionalities, this project's goal is to advance towards the construction of a complete, general scope immune security system. In order to accomplish that, the implementation of an operating system leveI framework that supports the prevention, detection and response security functionalities to be used by such a system is necessary. Designed for the 2.6 Linux kernel, this framework is composed of several pre-existing frameworks, such as Linux Security Modules (L8M), Netfilter, Class-based Kernel Resource Management (CKRM), BSD Secure Levels (8EClvl) and UndoFS, adjusted according to the framework requirements; and supplemented by a new multifunctional hook architecture. This architecture expands L8M's native hook infrastructure, making them flexible and generic enough to be used by other security functionalities beyond access control, such as detection and response, and also capable of being controlled from userspace in real-time. A prototype has been implemented for Linux version 2.6.12 and submitted to various tests, aiming to evaluate the performance overhead it creates and its behavior in a simulated attack situation. These tests' results are shown at the end of this document, along with a general conclusion about the project and extension proposals / Mestrado / Mestre em Ciência da Computação

Internet - Medidas de segurança

Sistemas operacionais (Computadores)

Computadores - Medidas de segurança

Linux (Computer operating system)

Operating systems (Computers)

Computers - Security measures

A Performance Comparison of Hypervisors for Cloud Computing

Sridharan, Suganya

01 January 2012

The virtualization of IT infrastructure enables the consolidation and pooling of IT resources so that they can be shared over diverse applications to offset the limitation of shrinking resources and growing business needs. Virtualization provides a logical abstraction of physical computing resources and creates computing environments that are not restricted by physical configuration or implementation. Virtualization is very important for cloud computing because the delivery of services is simplified by providing a platform for optimizing complex IT resources in a scalable manner, which makes cloud computing more cost effective. Hypervisor plays an important role in the virtualization of hardware. It is a piece of software that provides a virtualized hardware environment to support running multiple operating systems concurrently using one physical server. Cloud computing has to support multiple operating environments and Hypervisor is the ideal delivery mechanism. The intent of this thesis is to quantitatively and qualitatively compare the performance of VMware ESXi 4.1, Citrix Systems Xen Server 5.6 and Ubuntu 11.04 Server KVM Hypervisors using standard benchmark SPECvirt_sc2010v1.01 formulated by Standard Performance Evaluation Corporation (SPEC) under various workloads simulating real life situations.

Thesis

University of North Florida

UNF

Cloud computing

Virtual computer systems

Operating systems (Computers)

School of Computing

2012

Computer Sciences

World Wide Graphics

Timmons, Alysha Marie

01 January 2001

The scope of this project describes World Wide Graphics (WWG) a software package that provides instructors with the tools needed to present a web-based presentation to a group of students while having the ability of enhancing the prepared HTML slide with userdrawn graphics and highlighting.

Internet in higher education

HTML (Document markup language)

Operating systems (Computers)

Teaching -- Aids and devices

Educational technology

Digital Communications and Networking

Instructional Media Design

Taxonomy of synchronization and barrier as a basic mechanism for building other synchronization from it

Braginton, Pauline

01 January 2003

A Distributed Shared Memory(DSM) system consists of several computers that share a memory area and has no global clock. Therefore, an ordering of events in the system is necessary. Synchronization is a mechanism for coordinating activities between processes, which are program instantiations in a system.

Computers -- Access control

Algorithms -- Data processing

Data structures (Computer science)

Time-sharing computer systems

Numerical taxonomy

Synchronous data transmission systems

OS and Networks

A multi-agent architecture for internet distributed computing system

Samson, Rodelyn Reyes

01 January 2003

This thesis presents the developed taxonomy of the agent-based distributed computing systems. Based on this taxonomy, a design, implementation, analysis and distribution protocol of a multi-agent architecture for internet-based distributed computing system was developed. A prototype of the designed architecture was implemented on Spider III using the IBM Aglets software development kit (ASDK 2.0) and the language Java.

Computer architecture

Internet

Computer networks

Parallel programming (Computer science)

Java (Computer program language)

Systems Architecture

System-wide Performance Analysis for Virtualization

Jensen, Deron Eugene

13 June 2014

With the current trend in cloud computing and virtualization, more organizations are moving their systems from a physical host to a virtual server. Although this can significantly reduce hardware, power, and administration costs, it can increase the cost of analyzing performance problems. With virtualization, there is an initial performance overhead, and as more virtual machines are added to a physical host the interference increases between various guest machines. When this interference occurs, a virtualized guest application may not perform as expected. There is little or no information to the virtual OS about the interference, and the current performance tools in the guest are unable to show this interference. We examine the interference that has been shown in previous research, and relate that to existing tools and research in root cause analysis. We show that in virtualization there are additional layers which need to be analyzed, and design a framework to determine if degradation is occurring from an external virtualization layer. Additionally, we build a virtualization test suite with Xen and PostgreSQL and run multiple tests to create I/O interference. We show that our method can distinguish between a problem caused by interference from external systems and a problem from within the virtual guest.

Computer systems -- Evaluation

Cloud computing -- Research

System design -- Research

Input-output analysis

Computer and Systems Architecture

Data Storage Systems

Securing resource constrained platforms with low-cost solutions.

Arslan Khan (17592498)

11 December 2023

<p dir="ltr">This thesis focuses on securing different attack surfaces of embedded systems while meeting the stringent requirements imposed by these systems. Due to the specialized architecture of embedded systems, the security measures should be customized to match the unique requirements of each specific domain. To this end, this thesis identified novel security architectures using techniques such as anomaly detection, program analysis, compartmentalization, etc. This thesis synergizes work at the intersection of programming languages, compilers, computer architecture, operating systems, and embedded systems. </p>

System and network security

Operating systems

embeded system

systems security

programming language correction

compartmentalization concept

Operating systems (Computers)

firmware security inspection techno...

Towards a model for teaching distributed computing in a distance-based educational environment

Le Roux, Petra

02 1900

Several technologies and languages exist for the development and implementation of distributed systems. Furthermore, several models for teaching computer programming and teaching programming in a distance-based educational environment exist. Limited literature, however, is available on models for teaching distributed computing in a distance-based educational environment. The focus of this study is to examine how distributed computing should be taught in a distance-based educational environment so as to ensure effective and quality learning for students. The required effectiveness and quality should be comparable to those for students exposed to laboratories, as commonly found in residential universities. This leads to an investigation of the factors that contribute to the success of teaching distributed computing and how these factors can be integrated into a distance-based teaching model. The study consisted of a literature study, followed by a comparative study of available tools to aid in the learning and teaching of distributed computing in a distance-based educational environment. A model to accomplish this teaching and learning is then proposed and implemented. The findings of the study highlight the requirements and challenges that a student of distributed computing in a distance-based educational environment faces and emphasises how the proposed model can address these challenges. This study employed qualitative research, as opposed to quantitative research, as qualitative research methods are designed to help researchers to understand people and the social and cultural contexts within which they live. The research methods employed are design research, since an artefact is created, and a case study, since “how” and “why” questions need to be answered. Data collection was done through a survey. Each method was evaluated via its own well-established evaluation methods, since evaluation is a crucial component of the research process. / Computing / M. Sc. (Computer Science)

Distributed systems

Distributed computing

Qualitative research

Case Study

Distance-based educational environment

Survey

004.360715

Internet -- Distance education

Autonomic management in a distributed storage system

Tauber, Markus

January 2010

This thesis investigates the application of autonomic management to a distributed storage system. Effects on performance and resource consumption were measured in experiments, which were carried out in a local area test-bed. The experiments were conducted with components of one specific distributed storage system, but seek to be applicable to a wide range of such systems, in particular those exposed to varying conditions. The perceived characteristics of distributed storage systems depend on their configuration parameters and on various dynamic conditions. For a given set of conditions, one specific configuration may be better than another with respect to measures such as resource consumption and performance. Here, configuration parameter values were set dynamically and the results compared with a static configuration. It was hypothesised that under non-changing conditions this would allow the system to converge on a configuration that was more suitable than any that could be set a priori. Furthermore, the system could react to a change in conditions by adopting a more appropriate configuration. Autonomic management was applied to the peer-to-peer (P2P) and data retrieval components of ASA, a distributed storage system. The effects were measured experimentally for various workload and churn patterns. The management policies and mechanisms were implemented using a generic autonomic management framework developed during this work. The motivation for both groups of experiments was to test management policies with the objective to avoid unsatisfactory situations with respect to resource consumption and performance. Such unsatisfactory situations occur when either the P2P layer or the data retrieval mechanism is configured statically. In a statically configured P2P system two unsatisfactory situations can be identified. The first arises when the frequency with which P2P node states are verified is low and membership churn is high. The P2P node state becomes inaccurate due to a high membership churn, leading to errors during the routing process and a reduction in performance. In this situation it is desirable to increase the frequency to increase P2P state accuracy. The converse situation arises when the frequency is high and churn is low. In this situation network resources are used unnecessarily, which may also reduce performance, making it desirable to decrease the frequency. In ASA’s data retrieval mechanism similar unsatisfactory situations can be identified with respect to the degree of concurrency (DOC). The DOC controls the eagerness with which multiple redundant replicas are retrieved. An unsatisfactory situation arises when the DOC is low and there is a large variation in the times taken to retrieve replicas. In this situation it is desirable to increase the DOC, because by retrieving more replicas in parallel a result can be returned to the user sooner. The converse situation arises when the DOC is high, there is little variation in retrieval time and there is a network bottleneck close to the requesting client. In this situation it is desirable to decrease the DOC, since the low variation removes any benefit in parallel retrieval, and the bottleneck means that decreasing parallelism reduces both bandwidth consumption and elapsed time for the user. The experimental evaluations of autonomic management show promising results, and suggest several future research topics. These include optimisations of the managed mechanisms, alternative management policies, different evaluation methods, and the application of developed management mechanisms to other facets of a distributed storage system. The findings of this thesis could be exploited in building other distributed storage systems that focus on harnessing storage on user workstations, since these are particularly likely to be exposed to varying, unpredictable conditions.

621.382

Towards a model for teaching distributed computing in a distance-based educational environment

Le Roux, Petra

02 1900

Several technologies and languages exist for the development and implementation of distributed systems. Furthermore, several models for teaching computer programming and teaching programming in a distance-based educational environment exist. Limited literature, however, is available on models for teaching distributed computing in a distance-based educational environment. The focus of this study is to examine how distributed computing should be taught in a distance-based educational environment so as to ensure effective and quality learning for students. The required effectiveness and quality should be comparable to those for students exposed to laboratories, as commonly found in residential universities. This leads to an investigation of the factors that contribute to the success of teaching distributed computing and how these factors can be integrated into a distance-based teaching model. The study consisted of a literature study, followed by a comparative study of available tools to aid in the learning and teaching of distributed computing in a distance-based educational environment. A model to accomplish this teaching and learning is then proposed and implemented. The findings of the study highlight the requirements and challenges that a student of distributed computing in a distance-based educational environment faces and emphasises how the proposed model can address these challenges. This study employed qualitative research, as opposed to quantitative research, as qualitative research methods are designed to help researchers to understand people and the social and cultural contexts within which they live. The research methods employed are design research, since an artefact is created, and a case study, since “how” and “why” questions need to be answered. Data collection was done through a survey. Each method was evaluated via its own well-established evaluation methods, since evaluation is a crucial component of the research process. / Computing / M. Sc. (Computer Science)

Distributed systems

Distributed computing

Qualitative research

Case Study

Distance-based educational environment

Survey

004.360715

Internet -- Distance education