Global ETD Search

151	Provable Protection of Confidential Data in Microkernel-Based Systems Völp, Marcus 31 January 2011 (has links) Although modern computer systems process increasing amounts of sensitive, private, and valuable information, most of today’s operating systems (OSs) fail to protect confidential data against unauthorized disclosure over covert channels. Securing the large code bases of these OSs and checking the secured code for the absence of covert channels would come at enormous costs. Microkernels significantly reduce the necessarily trusted code. However, cost-efficient, provable confidential-data protection in microkernel-based systems is still challenging. This thesis makes two central contributions to the provable protection of confidential data against disclosure over covert channels: • A budget-enforcing, fixed-priority scheduler that provably eliminates covert timing channels in open microkernel-based systems; and • A sound control-flow-sensitive security type system for low-level operating-system code. To prevent scheduling-related timing channels, the proposed scheduler treats possibly leaking, blocked threads as if they were runnable. When it selects such a thread, it runs a higher classified budget consumer. A characterization of budget-consumer time as a blocking term makes it possible to reuse a large class of existing admission tests to determine whether the proposed scheduler can meet the real-time guarantees of all threads we envisage to run. Compared to contemporary information-flow-secure schedulers, significantly more real-time threads can be admitted for the proposed scheduler. The role of the proposed security type system is to prove those system components free of security policy violating information flows that simultaneously operate on behalf of differently classified clients. In an open microkernel-based system, these are the microkernel and the necessarily trusted multilevel servers. To reduce the complexity of the security type system, C++ operating-system code is translated into a corresponding Toy program, which in turn is complemented with calls to Toy procedures describing the side effects of interactions with the underlying hardware. Toy is a non-deterministic intermediate programming language, which I have designed specifically for this purpose. A universal lattice for shared-memory programs enables the type system to check the resulting Toy code for potentially harmful information flows, even if the security policy of the system is not known at the time of the analysis. I demonstrate the feasibility of the proposed analysis in three case studies: a virtual-memory access, L4 inter-process communication and a secure buffer cache. In addition, I prove Osvik’s countermeasure effective against AES cache side-channel attacks. To my best knowledge, this is the first security-type-system-based proof of such a countermeasure. The ability of a security type system to tolerate temporary breaches of confidentiality in lock-protected shared-memory regions turned out to be fundamental for this proof. info:eu-repo/classification/ddc/004 ddc:004 Betriebssystem
152	Design and Implementation of Multi-core Support for an Embedded Real-time Operating System for Space Applications Zhang, Wei January 2015 (has links) Nowadays, multi-core processors are widely used in embedded applications due to the advantages of higher performance and lower power consumption. However, the complexity of multi-core architectures makes it a considerably challenging task to extend a single-core version of a real-time operating system to support multi-core platform. This thesis documents the process of design and implementation of a multi-core version of RODOS - an embedded real-time operating system developed by German Aerospace Center and the University of Würzburg - on a dual-core platform. Two possible models are proposed: Symmetric Multiprocessing and Asymmetric Multiprocessing. In order to prevent the collision of the global components initialization, a new multi-core boot loader is created to allow that each core boots up in a proper manner. A working version of multi-core RODOS is implemented that has an ability to run tasks on a multi-core platform. Several test cases are applied and verified that the performance on the multi-core version of RODOS achieves around 180% improved than the same tasks running on the original RODOS. Deadlock free communication and synchronization APIs are provided to let parallel applications share data and messages in a safe manner. real-time operating system multi-core architecture embedded system Elektroteknik och elektronik
153	Empirical Testing of the CySeMoL Tool for Cyber Security Assessment – Case Study of Linux Server and MySQL Rabbani, Talvia January 2016 (has links) In this Master Thesis, several common applications used with MySQL and Linux server are modelled using the Enterprise Architecture Analysis Tool (EAAT) and the Cyber Security Modelling Language (CySeMoL), both developed by the Department of Industrial Information and Control System (ICS) at KTH. The objective of this study is to use the CySeMoL tool to evaluate the feasibility and correctness of the tool by simulating some particular type of attacks on a real life Linux server. A few common applications with MySQL on a Linux server and two Linux operating system services are modelled and explained together with their detailed information and defense mechanisms. A real life penetration test has then been carried out in order to validate the simulated results from the tool. The results of the analysis suggest that the security vulnerability predictions done by CySeMoL on a Linux server has good predictive performance. / I denna Masteruppsats modelleras ett antal vanliga applikationer på en MySQL- och Linuxplattform med hjälp av Enterprise Architecture Analysis Tool (EAAT) tillsammans med Cybersecurity Modeling Language (CySeMoL). Båda dessa är utvecklade vid avdelningen för industriella informations- och styrsystem (ICS) på KTH. Syftet med denna studie är att validera korrektheten av CySeMoL-verktygets sårbarhetsprediktioner genom att simulera ett antal specifika cyberattacker mot en Linuxplattform. Ett antal vanligt förekommande applikationer på en MySQL-plattform samt två operativsystemstjänster i en Linuxserver modelleras. Penetrationstest utförs därefter för att validera resultaten som simuleras i CySeMoL-verktyget. Studien visar att CySeMols förutsägelser stämmer väl med resultaten av penetrationstesterna. Cyber Security CySeMoL EAAT Operating System Server Application Modeling. Elektroteknik och elektronik
154	End-to-end security architecture for cloud computing environments / Architecture de sécurité de bout en bout et mécanismes d'autoprotection pour les environnements Cloud Wailly, Aurélien 30 September 2014 (has links) La virtualisation des infrastructures est devenue un des enjeux majeurs dans la recherche, qui fournissent des consommations d'énergie moindres et des nouvelles opportunités. Face à de multiples menaces et des mécanismes de défense hétérogènes, l'approche autonomique propose une gestion simplifiée, robuste et plus efficace de la sécurité du cloud. Aujourd'hui, les solutions existantes s'adaptent difficilement. Il manque des politiques de sécurité flexibles, une défense multi-niveaux, des contrôles à granularité variable, ou encore une architecture de sécurité ouverte. Ce mémoire présente VESPA, une architecture d'autoprotection pour les infrastructures cloud. VESPA est construit autour de politiques qui peuvent réguler la sécurité à plusieurs niveaux. La coordination flexible entre les boucles d'autoprotection réalise un large spectre de stratégies de sécurité comme des détections et des réactions sur plusieurs niveaux. Une architecture extensible multi plans permet d'intégrer simplement des éléments déjà présents. Depuis peu, les attaques les plus critiques contre les infrastructures cloud visent la brique la plus sensible: l'hyperviseur. Le vecteur d'attaque principal est un pilote de périphérique mal confiné. Les mécanismes de défense mis en jeu sont statiques et difficile à gérer. Nous proposons une approche différente avec KungFuVisor, un canevas logiciel pour créer des hyperviseurs autoprotégés spécialisant l'architecture VESPA. Nous avons montré son application à trois types de protection différents : les attaques virales, la gestion hétérogène multi-domaines et l'hyperviseur. Ainsi la sécurité des infrastructures cloud peut être améliorée grâce à VESPA / Since several years the virtualization of infrastructures became one of the major research challenges, consuming less energy while delivering new services. However, many attacks hinder the global adoption of Cloud computing. Self-protection has recently raised growing interest as possible element of answer to the cloud computing infrastructure protection challenge. Yet, previous solutions fall at the last hurdle as they overlook key features of the cloud, by lack of flexible security policies, cross-layered defense, multiple control granularities, and open security architectures. This thesis presents VESPA, a self-protection architecture for cloud infrastructures. Flexible coordination between self-protection loops allows enforcing a rich spectrum of security strategies. A multi-plane extensible architecture also enables simple integration of commodity security components.Recently, some of the most powerful attacks against cloud computing infrastructures target the Virtual Machine Monitor (VMM). In many case, the main attack vector is a poorly confined device driver. Current architectures offer no protection against such attacks. This thesis proposes an altogether different approach by presenting KungFuVisor, derived from VESPA, a framework to build self-defending hypervisors. The result is a very flexible self-protection architecture, enabling to enforce dynamically a rich spectrum of remediation actions over different parts of the VMM, also facilitating defense strategy administration. We showed the application to three different protection scheme: virus infection, mobile clouds and hypervisor drivers. Indeed VESPA can enhance cloud infrastructure security Sécurité Virtualisation Cloud computing Autonomique Hyperviseur Système d'exploitation Security Virtualization Cloud computing Autonomic computing Hypervisor Operating system
155	A Performance comparison Between ASP.NET Core and Express.js for creating Web APIs Karlsson, Oliver January 2021 (has links) Modern web applications are growing in complexity and becoming more widely used. Using frameworks to build APIs is a popular way for both hobby developers and businesses to speed up development time and save costs. With this dependence on frameworks to be the foundation for potentially large applications comes the need to understand their performance qualities and which areas they are best suited for. This study compares the performance of the two similarly popular frameworks ASP.NET Core and Express.js, when used together with a MySQL Database to build Web APIs. This was done by building two different API implementations in each framework, one employing a RESTful approach and the other using the new querying language GraphQL. Experiments were run where the peak CPU usage, peak memory usage and response times were measured.The results of the experiments were that in a RESTful API, ASP.NET Core is faster at serving requests during lower loads whereas Express.js outperforms ASP.NET Core when faced with a higher amount of concurrent requests that fetch a lot of data. In a GraphQL API Express.js was able to perform similarly or better in all cases in terms of response times and resource usage compared to ASP.NET Core. API Framework REST GraphQL HTTP SQL ASP.NET Core Express.js Operating System CPU Memory Response times. Computer Engineering Datorteknik
156	An Evaluation of Software-Based Traffic Generators using Docker / En utvärdering utav mjukvarubaserade trafikgeneratorer med Docker Wong, Sai Man January 2018 (has links) The Information and Communication Technology (ICT) industry and network researchers use traffic generator tools to a large extent to test their systems. The industry uses reliable and rigid hardware-based platform tools for high-performance network testing. The research community commonly uses software-based tools in, for example, experiments because of economic and flexibility aspects. As a result, it is possible to run these tools on different systems and hardware. In this thesis, we examine the software traffic generators Iperf, Mausezahn, Ostinato in a closed loop physical and virtual environment to evaluate the applicability of the tools and find sources of inaccuracy for a given traffic profile. For each network tool, we measure the throughput from 64- to 4096-byte in packet sizes. Also, we encapsulate each tool with container technology using Docker to reach a more reproducible and portable research. Our results show that the CPU primarily limits the throughput for small packet sizes, and saturates the 1000 Mbps link for larger packet sizes. Finally, we suggest using these tools for simpler and automated network tests. / IT-branschen och nätverksforskare använder sig av trafikgeneratorer till stor del för att testa sina system. Industrin använder sig av stabila och pålitliga hårdvaruplattformar för högpresterande nätverkstester. Forskare brukar använda mjukvarubaserade verktyg i till exempel experiment på grund av ekonomiska och flexibilitet skäl. Det är därför möjligt att använda dessa verktyg på olika system och hårdvaror. I denna avhandling undersöker vi mjukvarutrafikgeneratorerna Iperf, Mausezahn, Ostinato i en isolerad fysisk och virtuell miljö, det vill säga för att utvärdera användbarheten av verktygen och hitta felkällor för en given trafikprofil. För varje nätverksverktyg mäter vi genomströmningen från 64 till 4096 byte i paketstorlekar. Dessutom paketerar vi varje verktyg med molnteknologin Docker för att nå ett mer reproducerbart och portabelt arbete. Våra resultat visar att processorn begränsar genomströmningen för små paketstorlekar och saturerar 1000 Mbps-länken för större paketstorlekar. Slutligen föreslår vi att man kan använda dessa verktyg för enklare och automatiserade nätverkstester. Software-Based Traffic Generator Throughput Packet Size Benchmark Operating System Virtualization Container Docker Automation Computer Sciences Datavetenskap (datalogi)
157	Operating System Support for Modern Applications Yang, Ting 01 May 2009 (has links) Computer systems now run drastically different workloads than they did two decades ago. The enormous advances in hardware power, such as processor speed, memory and storage capacity, and network bandwidth, enable them to run new kinds as well as a large number of applications simultaneously. Software technologies, such as garbage collection and multi-threading, also reshape applications and their behaviors, introducing more challenges to system resource management. However, existing general-purpose operating systems do not provide adequate support for these modern applications. These operating systems were designed over two decades ago, when garbage-collected applications were not prevalent and users interacted with systems using consoles and command lines, rather than graphical user interfaces. As a result, they fail to allow necessary coordinations among resource management components to ensure consistent performance guarantees. For example, garbage-collected applications cannot adjust themselves to maintain high throughput under dynamic memory pressure, simply because existing virtual memory managers do not collect and expose enough information to them. Furthermore, despite the increasing demand of supporting co-existing interactive applications in desktop environment, resource managers (especially memory and disk I/O) mostly focus on optimizing throughput. They each work independently, ignoring the response time requirements that the CPU scheduler attempts to satisfy. Consequently, pressure on any of these resources can significantly degrade application responsiveness. In order to deliver robust performance to these modern applications, an operating system has to coordinate its resource managers (e.g., CPU, memory, and disk I/O), as well as cooperate with resource managers in the user space, such as the garbage collector and the thread manger. To support garbage-collected applications, we present CRAMM, a system that enables them to predict an appropriate heap size using information supplied by the underlying operating system, allowing them to maintain high throughput in the face of changing memory pressure. To support highly interactive workloads, we present Redline, a system that manages CPU, memory, and disk I/O in an integrated manner. It uses lightweight specifications to drive CPU scheduling and to coordinate memory and disk I/O management to serve the needs of interactive applications. Such coordination enables it to maintain responsiveness in the face of extreme resource contention, without sacrificing resource utilization. We also show that Redline can be used to support response time sensitive multi-threaded server applications. Our experiences and extensive experiments show that we can coordinate resource managers, both inside and outside the operating system, efficiently without destroying the modularity of the existing system. Such coordination prevents resource managers from working at cross purposes, and dramatically improve the performance of applications when facing heavy resource contention, sometimes by orders of magnitude. CPU scheduling Garbage collection I/O management Memory management Operating system Resource management Computer Sciences Systems Architecture
158	Advancing digital twins of wire arc-DED through process control with a multi-modal sensor array Betts, Jeffery Logan 13 December 2024 (has links) (PDF) The goal of this work was to advance digital twins of wire-arc directed energy deposition (arc-DED) through process control with a multi-modal sensor array. Digital twins allow for synchronization, context, and visualization of in situ data. Additionally digital twins allow for bi-directional communication between the virtual and physical system, allowing for process control.This work implemented feedback control of the contact tip to work piece distance (CTWD), established a standard method to create modular unified robot description format (URDF) of the arc-DED system, and produced a complex component while collecting multi-modal data within the digital twin for robotic additive welding (DRAW) powered by Robot Operating System 2 (ROS2). This work also developed a robust pre- and post-processing framework in Python for three-dimensional FE thermal models of arc-DED. The framework looked at the effects of processing parameters and model convergence, through a full factorial design of experiments. Controlling CTWD is critical for wire-arc DED, and this work implemented a novel method of feedback control that can measure the weld bead height in situ. It is imperative for digital twins to have a comprehensive and accurate virtual representation. The standard method to create a URDF for arc-DED outlined in this work includes the entire robotic welding cell, all robotic axes, and sensors in an accurate, and modular framework. Following this development a large complex geometry (42.78 lb) using arc-DED, and DRAW reliably captured approximately 200 Gb of multi-modal data over the twenty-two hours of manufacturing time. This demonstrated the ability to produce a forty-two-pound complex component, four times larger than the next largest component produced on this system prior. Finally, this demonstrated the reliability of utilizing ROS 2 for multi-modal data capture and process control. Engineering Mechanical Engineering
159	Ein Betriebssystem für konfigurierbare Hardware Krutz, David 22 January 2007 (has links) In dieser Arbeit wird die Möglichkeit der Unterstützung des Hardwareentwurfs mit VHDL durch ein Hardwarebetriebssystem untersucht. Durch die Wiederverwendung von Betriebssystemmodulen sollen die Entwicklungszeit verkürzt, die Nachnutzbarkeit von Entwürfen verbessert und die Zuverlässigkeit erhöht werden. Um ein Betriebssystemkonzept umzusetzen, müssen spezielle Anforderungen an die Programmiersprache gestellt werden. Diese werden von VHDL nicht erfüllt. Daher wird ein Strukturcompiler vorgestellt, der unter Beibehaltung der Syntax der Sprache VHDL den zusätzlichen Anforderungen gerecht wird. Der Strukturcompiler verbindet das Anwendungsprogramm mit den Betriebssystemmodulen und erzeugt daraus ein VHDL-Programm, das mit den typischen FPGA-Entwicklungswerkzeugen simuliert oder synthetisiert werden kann. Bei der Entwicklung des Betriebssystems für konfigurierbare Hardware hat sich herausgestellt, dass sich dieses nur eingebettet in ein Gesamtkonzept für den Entwurf von heterogene Systeme sinnvoll anwenden lässt. Deshalb wird in dieser Arbeit eine Methode für die Entwicklung von heterogenen Systemen auf Basis eines Signalflussgraphen diskutiert. Angewendet wurde das Betriebssystemkonzept auf verschiedenen FPGA-Karten, sowohl käuflich erworbene als auch Eigenentwicklungen. Das für diese Karten erstellte Betriebssystem umfasst dabei Module zur Kommunikation zwischen FPGA und PC sowie zur Anbindung verschiedener externer Peripheriegeräte, wie z.B. Speicher. Es wurde ebenfalls untersucht wie Prozessoren als Bestandteil der konfigurierbaren Hardware in das Betriebssystemkonzept integriert werden können. Im Rahmen dieser Arbeit wurden auch viele Beispielanwendungen untersucht. Diese wurden einerseits zum Testen des Strukturcompilers und der Betriebssystemmodule benutzt. Andererseits fand das Betriebssystemkonzept für konfigurierbare Hardware auch Anwendung in verschiedenen Projekten. / This work investigates the possibility of describing a hardware design independent of special hardware. This is realized with the concept of an operating system. The re-use of operating system modules reduces the time of development and also increases the reliability. Additionally, the change of a development platform has no influence on the application algorithm anymore. In order to apply the concept of an operating system special constraints have to be fulfilled by the hardware description language, which is not supported by VHDL. For that reason a structure compiler has been developed. The structure compiler connects the application program with the operating system modules and produces a VHDL program, which can be used to simulate or to program the FPGA with the typical VHDL development tools. In the progress of developing the operating system concept for reconfigurable hardware it was realized that such a concept can only be used in connection with a design methodology for heterogeneous systems. In this work a design methodology based on a declarative language represented as signal flow graph is discussed. The operating system concept for reconfigurable hardware was tested on different FPGA boards. For these cards an operating system was developed. The operating system contains modules for the communication with the PC over different interfaces as well as modules for accessing different exterior peripheries, i.e. memory. Additionally, the integration of processors as part of the configurable hardware within the operating system concept was investigated. For the verification of the structure compiler and the operating system modules some examples have been developed. The operating system concept for configurable hardware was also applied in different projects. heterogenes System Betriebssystem VHDL FPGA heterogeneous system operating system VHDL FPGA 004 Informatik 28 Informatik, Datenverarbeitung ddc:004
160	Predlog proširenja Android operativnog sistema servisima digitalne televizije / One approach to the extension of Android operating system with digital TV services Lukić Nemanja 02 October 2014 (has links) <p>Ova disertacija se bavi istraživanjem u oblasti integracije servisa digitalne televizije u moderne uređaje potrošačke elektronike. Cilj teze je da razvije pristup za sistemsko proširenje Android operativnog sistema servisima digitalne televizije, i da predloži rešenje koje omogućuje rad u realnom vremenu. Kvalitet rešenja se ocenjuje odgovarajućim metrikama preko ocene kvaliteta implementirane Java objektno orijentisane sprege za TV servise. Osnovni doprinos teze se ogleda u definisanju jedinstvene programske sprege servisa digitalne televizije na platformama koje prate paradigmu virtuelne mašine. Predloženo rešenje omogućuje razvoj aplikacija optimizovanih za izvršavanje na TV uređajima i dalje sprezanje podataka TV servisa sa ostatkom Android ekosistema.</p> / <p>This PhD dissertation addresses the problem of integration of the digital TV services inside modern consumer electronic devices. The main focus of the dissertation is a development of systematic approach for extension of Android operating system with support for digital television. Combined with this, the dissertation describes solution in form of hardware platform with accompanying software that closely follows this approach and achieves real-time performance. Quality of proposed solution is benchmarked using metrics for measuring quality of object-oriented program code. The main contribution of the dissertation is unification of system software API for digital television on Android-based platforms. Proposed solution allows development of TV-centric software capable of real-time performance, and further native integration of data coming from DVB broadcast into Android ecosystem.</p>

Search results