Improving operating systems security: two case studies

Wei, Jinpeng

14 August 2009

Malicious attacks on computer systems attempt to obtain and maintain illicit control over the victim system. To obtain unauthorized access, they often exploit vulnerabilities in the victim system, and to maintain illicit control, they apply various hiding techniques to remain stealthy. In this dissertation, we discuss and present solutions for two classes of security problems: TOCTTOU (time-of-check-to-time-of-use) and K-Queue. TOCTTOU is a vulnerability that can be exploited to obtain unauthorized root access, and K-Queue is a hiding technique that can be used to maintain stealthy control of the victim kernel. The first security problem is TOCTTOU, a race condition in Unix-style file systems in which an attacker exploits a small timing gap between a file system call that checks a condition and a use kernel call that depends on the condition. Our contributions on TOCTTOU include: (1) A model that enumerates the complete set of potential TOCTTOU vulnerabilities; (2) A set of tools that detect TOCTTOU vulnerabilities in Linux applications such as vi, gedit, and rpm; (3) A theoretical as well as an experimental evaluation of security risks that shows that TOCTTOU vulnerabilities can no longer be considered "low risk" given the wide-scale deployment of multiprocessors; (4) An event-driven protection mechanism and its implementation that defend Linux applications against TOCTTOU attacks at low performance overhead. The second security problem addressed in this dissertation is kernel queue or K-Queue, which can be used by the attacker to achieve continual malicious function execution without persistently changing either kernel code or data, which prevents state-of-the-art kernel integrity monitors such as CFI and SBCFI from detecting them. Based on our successful defense against a concrete instance of K-Queue-driven attacks that use the soft timer mechanism, we design and implement a solution to the general class of K-Queue-driven attacks, including (1) a unified static analysis framework and toolset that can generate specifications of legitimate K-Queue requests and the checker code in an automated way; (2) a runtime reference monitor that validates K-Queue invariants and guards such invariants against tampering; and (3) a comprehensive experimental evaluation of our static analysis framework and K-Queue Checkers.

Control flow integrity

Security and protection

Reliability

File systems management

Elements of a decision support system for chief nurse executives /

Barton, Amy J. Gocsik.

January 1993

Thesis (Ph. D.)--University of Florida, 1993. / Typescript. Vita. Includes bibliographical references (leaves 150-158).

Exploring Event Log Analysis with Minimum Apriori Information

Makanju, Adetokunbo

02 April 2012

The continued increase in the size and complexity of modern computer systems has led to a commensurate increase in the size of their logs. System logs are an invaluable resource to systems administrators during fault resolution. Fault resolution is a time-consuming and knowledge intensive process. A lot of the time spent in fault resolution is spent sifting through large volumes of information, which includes event logs, to find the root cause of the problem. Therefore, the ability to analyze log files automatically and accurately will lead to significant savings in the time and cost of downtime events for any organization. The automatic analysis and search of system logs for fault symptoms, otherwise called alerts, is the primary motivation for the work carried out in this thesis. The proposed log alert detection scheme is a hybrid framework, which incorporates anomaly detection and signature generation to accomplish its goal. Unlike previous work, minimum apriori knowledge of the system being analyzed is assumed. This assumption enhances the platform portability of the framework. The anomaly detection component works in a bottom-up manner on the contents of historical system log data to detect regions of the log, which contain anomalous (alert) behaviour. The identified anomalous regions are then passed to the signature generation component, which mines them for patterns. Consequently, future occurrences of the underlying alert in the anomalous log region, can be detected on a production system using the discovered pattern. The combination of anomaly detection and signature generation, which is novel when compared to previous work, ensures that a framework which is accurate while still being able to detect new and unknown alerts is attained. Evaluations of the framework involved testing it on log data for High Performance Cluster (HPC), distributed and cloud systems. These systems provide a good range for the types of computer systems used in the real world today. The results indicate that the system that can generate signatures for detecting alerts, which can achieve a Recall rate of approximately 83% and a false positive rate of approximately 0%, on average.

Event Log Analysis

Network Management

Data Mining

Systems Management

Anomaly Detection

Square pegs and round holes: application of ISO 9000 in healthcare

Thornber, Michael John

January 2002

This research examines the application of the ISO 9000 model for quality management in healthcare. Exploratory case study is made of three healthcare provider organisations: community health service; independent practitioner association; Maori health network. Three research models are developed to examine identified gaps and areas of interest in healthcare quality management literature. The first model relates to differences between generic standards and specification standards. The second model relates to the fit of healthcare service delivery systems and ISO 9000. The third model relates to exploration of the linkages and co-ordination of an integrated care delivery network. One proposition and two hypotheses are developed in relation to the models, and are closely associated with gaps in healthcare service quality knowledge. Strong support is found for the first hypothesis though not the second hypothesis, and there are also some unexpected results. There is strong support that the process of implementing the ISO 9000 model will enhance healthcare management performance, even though the outcomes are unpredictable. There are indications supporting the notion that implementation of the ISO 9000 model will increase effective linkages and co-ordination within integrated care delivery networks. The body of evidence accumulated during the study did not, however, permit a valid conclusion regarding the hypothesis. The findings of the study can be extended to other healthcare service areas and through interpretation and extrapolation they add value to healthcare service quality research in general. In particular, the findings of the three case studies in this research suggest that future models for healthcare service quality should include a comprehensive generic model for quality management of individual and integrated healthcare service organisations.

Business-IT Alignment and Shared Understanding Between Business and IS Executives: A Cognitive Mapping Investigation

Tan, Felix B.

January 2001

Whole document restricted, see Access Instructions file below for details of how to access the print copy. / Achieving and sustaining business-IT alignment in organisations continues to be a management challenge into the new millennium. As organisations strive toward this end, researchers are attempting to better understand the alignment phenomenon. Empirical research into business-IT alignment is dominated by studies examining the relationship between business strategy, information technology and performance. Investigations into the factors enabling or inhibiting alignment are emerging. This research has traditionally taken a behavioural perspective. There is evidence of little research that examines the issue through a cognitive lens. This thesis builds on and extends the study of business-IT alignment by investigating the cognition of the key stakeholders of the alignment process - business and IS executives. Drawing on Personal Construct Theory (Kelly, 1955), this study uses a cognitive mapping methodology known as the repertory grid technique to investigate two questions: i) is there a positive relationship between business-IT alignment and shared understanding between business and IS executives?; and ii) are there differences in the cognitive maps of business and IS executives in companies that report high business-IT alignment and those that report low business-IT alignment? Shared understanding is defined as cognition that is held in common between and that which is distributed amongst business and IS executives. It is portrayed in the form of a cognitive map for each company. The study proposes that business-IT alignment is directly related to the shared understanding between business and IS executives and that the cognitive maps of these executive groups are less diverse in companies that report a high level of alignment. Eighty business and IS executives from six companies were interviewed. Cognitive maps were elicited from the research participants from which diversity between cognitive maps of business and IS executives are measured. A collective cognitive map was produced to illustrate the quality of the shared understanding in each company. The state of business-IT alignment in each company was also measured. The results of the study suggest that there is a strong positive link between business-IT alignment and shared understanding between business and IS executives. As expected, companies with a high-level of business-IT alignment demonstrate high quality shared understanding between its business and IS executives as measured and portrayed by their collective cognitive maps. The investigation further finds significant diversity in the structure and content of the cognitive maps of these executive groups in companies reporting a low-level of alignment. This study concludes that shared understanding, between business and IS executives, is important to business-IT alignment. Reconciling the diversity in the cognitive maps of business and IS executives is a step toward achieving and sustaining alignment. Practical approaches to developing shared understanding are proposed. A methodology to aid organisations in assessing shared understanding between their business and IS executives is also outlined. Finally research on business-IT alignment continues to be a fruitful and important field of IS research. This study suggests that the most interesting issues are at the interface between cognition and behaviour. The process of business-IT alignment in organisations is characterised by the individuality and commonality in the cognition of key stakeholders, its influence on the behaviour of these members and hence the organisational action taken.

Supporting the emergence of a shared services organisation: Managing change in complex health ICT projects

Day, Karen Jean

January 2008

Although there is a high risk of failure in the implementation of ICT projects (which appears to extend to health ICT projects), we continue to implement health information systems in order to deliver quality, cost-effective healthcare. The purpose of the research was to participate in and study the change management as a critical success factor in health ICT projects, and to examine people’s responses to change so as to develop understanding and theory that could be used in future change management programmes. The research was conducted within the context of a large infrastructure project that resulted from the emergence of a shared services organisation (from two participating District Health Boards in Auckland, New Zealand). Action research (AR) formed the basis of the methodology used, and provided the foundation for a change management programme: the AR intervention. Grounded theory (GT) was used for some of the data analysis, the generation of themes by means of constant comparison and the deeper examination of the change process using theoretical sampling. AR and GT together supported the development of theory regarding the change process associated with health ICT projects. Health ICT projects were revealed in the findings as exhibiting the properties of complex adaptive systems. This complexity highlighted the art of change management as a critical success factor for such projects. The fabric of change emerged as a composite of processes linked to project processes and organisational processes. The turning point in the change process from the before state to the after state is marked by a capability crisis which requires effective patterns of leadership, sensitive targeting of communication, effective learning, and management of increased workload and diminishing resources during the course of health ICT projects. A well managed capability crisis period as a component of change management can substantially contribute to health ICT project success.

Square pegs and round holes: application of ISO 9000 in healthcare

Thornber, Michael John

January 2002

This research examines the application of the ISO 9000 model for quality management in healthcare. Exploratory case study is made of three healthcare provider organisations: community health service; independent practitioner association; Maori health network. Three research models are developed to examine identified gaps and areas of interest in healthcare quality management literature. The first model relates to differences between generic standards and specification standards. The second model relates to the fit of healthcare service delivery systems and ISO 9000. The third model relates to exploration of the linkages and co-ordination of an integrated care delivery network. One proposition and two hypotheses are developed in relation to the models, and are closely associated with gaps in healthcare service quality knowledge. Strong support is found for the first hypothesis though not the second hypothesis, and there are also some unexpected results. There is strong support that the process of implementing the ISO 9000 model will enhance healthcare management performance, even though the outcomes are unpredictable. There are indications supporting the notion that implementation of the ISO 9000 model will increase effective linkages and co-ordination within integrated care delivery networks. The body of evidence accumulated during the study did not, however, permit a valid conclusion regarding the hypothesis. The findings of the study can be extended to other healthcare service areas and through interpretation and extrapolation they add value to healthcare service quality research in general. In particular, the findings of the three case studies in this research suggest that future models for healthcare service quality should include a comprehensive generic model for quality management of individual and integrated healthcare service organisations.

Business-IT Alignment and Shared Understanding Between Business and IS Executives: A Cognitive Mapping Investigation

Tan, Felix B.

January 2001

Whole document restricted, see Access Instructions file below for details of how to access the print copy. / Achieving and sustaining business-IT alignment in organisations continues to be a management challenge into the new millennium. As organisations strive toward this end, researchers are attempting to better understand the alignment phenomenon. Empirical research into business-IT alignment is dominated by studies examining the relationship between business strategy, information technology and performance. Investigations into the factors enabling or inhibiting alignment are emerging. This research has traditionally taken a behavioural perspective. There is evidence of little research that examines the issue through a cognitive lens. This thesis builds on and extends the study of business-IT alignment by investigating the cognition of the key stakeholders of the alignment process - business and IS executives. Drawing on Personal Construct Theory (Kelly, 1955), this study uses a cognitive mapping methodology known as the repertory grid technique to investigate two questions: i) is there a positive relationship between business-IT alignment and shared understanding between business and IS executives?; and ii) are there differences in the cognitive maps of business and IS executives in companies that report high business-IT alignment and those that report low business-IT alignment? Shared understanding is defined as cognition that is held in common between and that which is distributed amongst business and IS executives. It is portrayed in the form of a cognitive map for each company. The study proposes that business-IT alignment is directly related to the shared understanding between business and IS executives and that the cognitive maps of these executive groups are less diverse in companies that report a high level of alignment. Eighty business and IS executives from six companies were interviewed. Cognitive maps were elicited from the research participants from which diversity between cognitive maps of business and IS executives are measured. A collective cognitive map was produced to illustrate the quality of the shared understanding in each company. The state of business-IT alignment in each company was also measured. The results of the study suggest that there is a strong positive link between business-IT alignment and shared understanding between business and IS executives. As expected, companies with a high-level of business-IT alignment demonstrate high quality shared understanding between its business and IS executives as measured and portrayed by their collective cognitive maps. The investigation further finds significant diversity in the structure and content of the cognitive maps of these executive groups in companies reporting a low-level of alignment. This study concludes that shared understanding, between business and IS executives, is important to business-IT alignment. Reconciling the diversity in the cognitive maps of business and IS executives is a step toward achieving and sustaining alignment. Practical approaches to developing shared understanding are proposed. A methodology to aid organisations in assessing shared understanding between their business and IS executives is also outlined. Finally research on business-IT alignment continues to be a fruitful and important field of IS research. This study suggests that the most interesting issues are at the interface between cognition and behaviour. The process of business-IT alignment in organisations is characterised by the individuality and commonality in the cognition of key stakeholders, its influence on the behaviour of these members and hence the organisational action taken.

Supporting the emergence of a shared services organisation: Managing change in complex health ICT projects

Day, Karen Jean

January 2008

Although there is a high risk of failure in the implementation of ICT projects (which appears to extend to health ICT projects), we continue to implement health information systems in order to deliver quality, cost-effective healthcare. The purpose of the research was to participate in and study the change management as a critical success factor in health ICT projects, and to examine people’s responses to change so as to develop understanding and theory that could be used in future change management programmes. The research was conducted within the context of a large infrastructure project that resulted from the emergence of a shared services organisation (from two participating District Health Boards in Auckland, New Zealand). Action research (AR) formed the basis of the methodology used, and provided the foundation for a change management programme: the AR intervention. Grounded theory (GT) was used for some of the data analysis, the generation of themes by means of constant comparison and the deeper examination of the change process using theoretical sampling. AR and GT together supported the development of theory regarding the change process associated with health ICT projects. Health ICT projects were revealed in the findings as exhibiting the properties of complex adaptive systems. This complexity highlighted the art of change management as a critical success factor for such projects. The fabric of change emerged as a composite of processes linked to project processes and organisational processes. The turning point in the change process from the before state to the after state is marked by a capability crisis which requires effective patterns of leadership, sensitive targeting of communication, effective learning, and management of increased workload and diminishing resources during the course of health ICT projects. A well managed capability crisis period as a component of change management can substantially contribute to health ICT project success.

Square pegs and round holes: application of ISO 9000 in healthcare

Thornber, Michael John

January 2002

This research examines the application of the ISO 9000 model for quality management in healthcare. Exploratory case study is made of three healthcare provider organisations: community health service; independent practitioner association; Maori health network. Three research models are developed to examine identified gaps and areas of interest in healthcare quality management literature. The first model relates to differences between generic standards and specification standards. The second model relates to the fit of healthcare service delivery systems and ISO 9000. The third model relates to exploration of the linkages and co-ordination of an integrated care delivery network. One proposition and two hypotheses are developed in relation to the models, and are closely associated with gaps in healthcare service quality knowledge. Strong support is found for the first hypothesis though not the second hypothesis, and there are also some unexpected results. There is strong support that the process of implementing the ISO 9000 model will enhance healthcare management performance, even though the outcomes are unpredictable. There are indications supporting the notion that implementation of the ISO 9000 model will increase effective linkages and co-ordination within integrated care delivery networks. The body of evidence accumulated during the study did not, however, permit a valid conclusion regarding the hypothesis. The findings of the study can be extended to other healthcare service areas and through interpretation and extrapolation they add value to healthcare service quality research in general. In particular, the findings of the three case studies in this research suggest that future models for healthcare service quality should include a comprehensive generic model for quality management of individual and integrated healthcare service organisations.