DOCSLIB.ORG

Runtime Analysis of Whole-System Provenance

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Runtime Analysis of Whole-System Provenance Pasquier, T., Han, X., Moyer, T., Bates, A., Hermant, O., Eyers, D., Bacon, J., & Seltzer, M. (2018). Runtime Analysis of Whole-System Provenance. In CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security: Toronto, Canada (2018) (pp. 1601-1616). Association for Computing Machinery (ACM). https://doi.org/10.1145/3243734.3243776 Peer reviewed version Link to published version (if available): 10.1145/3243734.3243776 Link to publication record in Explore Bristol Research PDF-document This is the author accepted manuscript (AAM). The final published version (version of record) is available online via ACM at https://dl.acm.org/citation.cfm?doid=3243734.3243776 . Please refer to any applicable terms of use of the publisher. University of Bristol - Explore Bristol Research General rights This document is made available in accordance with publisher policies. Please cite only the published version using the reference above. Full terms of use are available: http://www.bristol.ac.uk/red/research-policy/pure/user-guides/ebr-terms/ Runtime Analysis of Whole-System Provenance Thomas Pasquier∗ Xueyuan Han Thomas Moyer Adam Bates University of Bristol Harvard University University of North University of Illinois at Carolina at Charlotte Urbana-Champaign Olivier Hermant David Eyers Jean Bacon Margo Seltzer MINES ParisTech University of Otago University of Cambridge University of PSL Research University British Columbia ABSTRACT of Whole-System Provenance. In 2018 ACM SIGSAC Conference on Com- Identifying the root cause and impact of a system intrusion remains puter and Communications Security (CCS ’18), October 15–19, 2018, Toronto, ON, Canada. ACM, New York, NY, USA, 16 pages. https://doi.org/10.1145/ a foundational challenge in computer security. Digital provenance 3243734.3243776 provides a detailed history of the flow of information within a com- puting system, connecting suspicious events to their root causes. Although existing provenance-based auditing techniques provide 1 INTRODUCTION value in forensic analysis, they assume that such analysis takes Timely investigation of system intrusions remains a notoriously place only retrospectively. Such post-hoc analysis is insufficient for difficult challenge [66, 94, 96]. While security monitoring tools pro- realtime security applications; moreover, even for forensic tasks, vide an initial notification of foul play13 [ , 41, 86, 91, 95, 97], these prior provenance collection systems exhibited poor performance indicators are rarely sufficient in and of themselves. Instead, craft- and scalability, jeopardizing the timeliness of query responses. ing an appropriate response to a security incident often requires We present CamQuery, which provides inline, realtime prove- scouring terabytes of audit logs to determine an adversary’s method nance analysis, making it suitable for implementing security appli- of entry, how their reach spread through the system, and their ul- cations. CamQuery is a Linux Security Module that offers support for timate mission objective. Such investigations not only require a both userspace and in-kernel execution of analysis applications. We human-in-the-loop, but are excruciatingly slow, at times requiring demonstrate the applicability of CamQuery to a variety of runtime months of investigation and thousands of employee hours [56]. security applications including data loss prevention, intrusion detec- This delay between an event’s occurrence and its diagnosis repre- tion, and regulatory compliance. In evaluation, we demonstrate that sents a tremendous window of opportunity for attackers – as they CamQuery reduces the latency of realtime query mechanisms, while continue to exploit the system, defenders are still just getting their imposing minimal overheads on system execution. CamQuery thus bearings. enables the further deployment of provenance-based technologies Digital provenance (or provenance for short) refers to the data to address central challenges in computer security. being used in a variety of ways to address the challenges of forensic audits. By parsing individual records into causal relationship graphs CCS CONCEPTS that describe a system’s execution, provenance enables defenders to leverage the full historical context of a system and to reason • Security and privacy ! Operating systems security; Infor- about the interrelationships between different events and objects. mation flow control; Intrusion detection systems; With provenance, forensic investigations can trace back a given KEYWORDS security indicator (e.g., a port scan) to the attacker’s point of entry (e.g., a malicious email attachment) [53] and then trace forward Whole-system Provenance; Information Flow Tracking; Graph Pro- from the entry point to determine what other actions the attacker cessing; Linux Kernel has taken on the system. ACM Reference Format: Unfortunately, provenance-based auditing’s growing popularity Thomas Pasquier, Xueyuan Han, Thomas Moyer, Adam Bates, Olivier Her- has uncovered significant limitations in its performance and scala- mant, David Eyers, Jean Bacon, and Margo Seltzer. 2018. Runtime Analysis bility. Early efforts to integrate provenance querying into produc- tion systems indicated that, even for modestly small organisations ∗Part of this work was completed at Harvard University and at the University of (e.g., 150 workstations), forensic queries can take on the order of Cambridge. hours or days to complete [61]. In an actual attack scenario, where a timely incident response could make the difference between vic- Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed tory and defeat, such delays are unacceptable. Moreover, to date, for profit or commercial advantage and that copies bear this notice and the full citation provenance-aware systems have supported causal reasoning only on the first page. Copyrights for components of this work owned by others than ACM as an after-the-fact forensic activity [54]; this is unfortunate, be- must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a cause provenance is also invaluable to a variety of runtime security fee. Request permissions from [email protected]. tasks such as access control [76, 77], integrity measurement [92], CCS ’18, October 15–19, 2018, Toronto, ON, Canada and regulatory compliance [8, 15, 68, 81]. To date, the design of low © 2018 Association for Computing Machinery. ACM ISBN 978-1-4503-5693-0/18/10...$15.00 latency mechanisms for realtime provenance analysis has not been https://doi.org/10.1145/3243734.3243776 given adequate consideration in the literature. The goal of this work is to bridge the gap between runtime secu- rity monitoring and post-hoc forensic analysis. In support of this P S Pckt T Q goal, we consider methods for the deep integration of provenance 1 1 A 1 1 capture and analysis within the operating system. We introduce CamQuery, a framework that supports runtime analysis of prove- nance and thus enables its practical use for a variety of security Flows P S Pckt T info. applications. CamQuery pairs a runtime kernel-layer reference mon- 2 2 B 2 itor – expanding and modifying CamFlow [79] – with a novel query version module mechanism that enables runtime provenance analysis and even mediation of system events. CamQuery modules present a Figure 1: A simple provenance DAG: two processes (P and Q) familiar vertex-centric API, as popularised by modern graph pro- exchange packets (PcktA and PcktB ) through their respective cessing systems such as GraphChi [57] and GraphX [40]. In these sockets (S and T ). vertex-centric platforms, full-graph analysis routines are expressed in terms of a small program that runs in parallel on every vertex (node) in the system. The graph-structured nature of provenance messages, and network packets; activities are tasks; and agents are data makes this model a good fit and permits use of a familiar users and groups. API. While these applications run directly over the live provenance In practice, it is impossible to represent a mutable process or file stream, provenance can be simultaneously persisted to facilitate as a single vertex while simultaneously ensuring that the graph additional post-mortem and/or forensic analysis. remains acyclic [21]. For example, in a naive representation, a pro- CamQuery To demonstrate the generality of , we consider sev- cess that both reads and writes a file immediately creates a cycle, eral exemplar query applications in § 5. 1) a data loss prevention because the process depends on the file (due to the read), and the file scheme [18] popular in provenance-security based community; 2) depends on the process (due to the write). Cycles are problematic. a provenance based intrusion detection scheme; 3) a mechanism to Edges in the provenance graph represent dependencies between the apply constraints on information flow; and 4) a provenance signa- states of different objects and express causal relationships. There- ture scheme. These case studies illustrate the rich space of design fore, an object must depend only on the past (i.e., the state of an possibilities that are enabled through runtime provenance analysis. object cannot depend on a future state). The most commonly used CamQuery The source code for , along with associated applications cycle avoidance
Load more

Recommended publications
  • Automatic Benchmark Profiling Through Advanced Trace Analysis Alexis Martin, Vania Marangozova-Martin
    Automatic Benchmark Profiling through Advanced Trace Analysis Alexis Martin, Vania Marangozova-Martin To cite this version: Alexis Martin, Vania Marangozova-Martin. Automatic Benchmark Profiling through Advanced Trace Analysis. [Research Report] RR-8889, Inria - Research Centre Grenoble – Rhône-Alpes; Université Grenoble Alpes; CNRS. 2016. hal-01292618 HAL Id: hal-01292618 https://hal.inria.fr/hal-01292618 Submitted on 24 Mar 2016 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Automatic Benchmark Profiling through Advanced Trace Analysis Alexis Martin , Vania Marangozova-Martin RESEARCH REPORT N° 8889 March 23, 2016 Project-Team Polaris ISSN 0249-6399 ISRN INRIA/RR--8889--FR+ENG Automatic Benchmark Profiling through Advanced Trace Analysis Alexis Martin ∗ † ‡, Vania Marangozova-Martin ∗ † ‡ Project-Team Polaris Research Report n° 8889 — March 23, 2016 — 15 pages Abstract: Benchmarking has proven to be crucial for the investigation of the behavior and performances of a system. However, the choice of relevant benchmarks still remains a challenge. To help the process of comparing and choosing among benchmarks, we propose a solution for automatic benchmark profiling. It computes unified benchmark profiles reflecting benchmarks’ duration, function repartition, stability, CPU efficiency, parallelization and memory usage.
    [Show full text]
  • Automated Performance Testing for Virtualization with Mmtests
    Automated Performance Testing For Virtualization with MMTests Dario Faggioli <[email protected]> Software Engineer - Virtualization Specialist, SUSE GPG: 4B9B 2C3A 3DD5 86BD 163E 738B 1642 7889 A5B8 73EE https://about.me/dario.faggioli https://www.linkedin.com/in/dfaggioli/ https://twitter.com/DarioFaggioli (@DarioFaggioli) Testing / Benchmarking / CI Tools & Suites • OpenQA • Jenkins • Kernel CI • Autotest / Avocado-framework / Avocado-vt • Phoronix Test Suite • Fuego • Linux Test Project • Xen-Project’s OSSTests • … • ... SRSLY THINKING I’ll TALK ABOUT & SUGGEST USING ANOTHER ONE ? REALLY ? Benchmarking on Baremetal What’s the performance impact of kernel code change “X” ? Baremetal Baremetal Kernel Kernel (no X) VS. (with X) CPU MEM CPU MEM bench bench bench bench I/O I/O bench bench Benchmarking in Virtualization What’s the performance impact of kernel code change “X” ? Baremetal Baremetal Baremetal Baremetal Kernel Kernel Kernel (no X) Kernel (no X) (with X) (with X) VM VS. VM VS. VM VS. VM Kernel Kernel Kernel (no X) Kernel (no X) (with X) (with X) CPU MEM CPU MEM CPU MEM CPU MEM bench bench bench bench bench bench bench bench I/O I/O I/O I/O bench bench bench bench Benchmarking in Virtualization What’s the performance impact of kernel code change “X” ? Baremetal Baremetal Baremetal Baremetal Kernel Kernel Kernel (no X) Kernel (no X) (with X) (with X) VM VS. VM VS. VM VS. VM Kernel Kernel Kernel (no X) Kernel (no X) (with X) (with X) We want to run the benchmarks inside VMs CPU MEM CPU MEM CPU MEM CPU MEM bench bench bench bench bench bench bench bench I/O I/O I/O I/O bench bench bench bench Benchmarking in Virtualization What’s the performance impact of kernel code change “X” ? Baremetal Baremetal Baremetal Baremetal Kernel Kernel Kernel (no X) Kernel (no X) (with X) (with X) VM VS.
    [Show full text]
  • Zhodnocení Použitelnosti Raspberry Pi Pro Distribuované Výpočty
    Univerzita Karlova v Praze Matematicko-fyzikální fakulta BAKALÁŘSKÁ PRÁCE Petr Stefan Zhodnocení použitelnosti Raspberry Pi pro distribuované výpoèty Katedra softwarového inženýrství Vedoucí bakaláøské práce: RNDr. Martin Kruli¹, Ph.D. Studijní program: Informatika Studijní obor: Obecná informatika Praha 2015 Prohla¹uji, že jsem tuto bakaláøskou práci vypracoval(a) samostatně a výhradně s použitím citovaných pramenù, literatury a dalších odborných zdrojù. Beru na vědomí, že se na moji práci vztahují práva a povinnosti vyplývající ze zákona è. 121/2000 Sb., autorského zákona v platném znění, zejména skuteènost, že Univerzita Karlova v Praze má právo na uzavření licenční smlouvy o užití této práce jako ¹kolního díla podle x60 odst. 1 autorského zákona. V Praze dne 29. èervence 2015 Petr Stefan i ii Název práce: Zhodnocení použitelnosti Raspberry Pi pro distribuované výpoèty Autor: Petr Stefan Katedra: Katedra softwarového inženýrství Vedoucí bakaláøské práce: RNDr. Martin Kruli¹, Ph.D., Katedra softwarového inženýrství Abstrakt: Cílem práce bylo zhodnotit výkonnostní vlastnosti mikropočítače Rasp- berry Pi, a to především z hlediska možnosti sestavení výpoèetního klastru z více těchto jednotek. Součástí práce bylo vytvoření sady testù pro měření výpočetního výkonu procesoru, propustnosti operační paměti, rychlosti zápisu a čtení z per- sistentního úložiště (paměťové karty) a propustnosti síťového rozhraní Ethernet. Na základě porovnání výsledků získaných měřením na Raspberry Pi a na vhod- ném reprezentativním vzorku dalších běžně dostupných počítačů bylo provedeno doporučení, zda je konstrukce Raspberry Pi klastru opodstatněná. Tyto výsledky rovněž poskytly přibližné ekonomické a výkonnostní projekce takového řešení. Klíčová slova: Raspberry Pi výkon distribuovaný výpoèet benchmark Title: Assessing Usability of Raspberry Pi for Distributed Computing Author: Petr Stefan Department: Department of Software Engineering Supervisor: RNDr.
    [Show full text]
  • Automatic Benchmark Profiling Through Advanced Trace Analysis
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by Hal - Université Grenoble Alpes Automatic Benchmark Profiling through Advanced Trace Analysis Alexis Martin, Vania Marangozova-Martin To cite this version: Alexis Martin, Vania Marangozova-Martin. Automatic Benchmark Profiling through Advanced Trace Analysis. [Research Report] RR-8889, Inria - Research Centre Grenoble { Rh^one-Alpes; Universit´eGrenoble Alpes; CNRS. 2016. <hal-01292618> HAL Id: hal-01292618 https://hal.inria.fr/hal-01292618 Submitted on 24 Mar 2016 HAL is a multi-disciplinary open access L'archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destin´eeau d´ep^otet `ala diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publi´esou non, lished or not. The documents may come from ´emanant des ´etablissements d'enseignement et de teaching and research institutions in France or recherche fran¸caisou ´etrangers,des laboratoires abroad, or from public or private research centers. publics ou priv´es. Automatic Benchmark Profiling through Advanced Trace Analysis Alexis Martin , Vania Marangozova-Martin RESEARCH REPORT N° 8889 March 23, 2016 Project-Team Polaris ISSN 0249-6399 ISRN INRIA/RR--8889--FR+ENG Automatic Benchmark Profiling through Advanced Trace Analysis Alexis Martin ∗ † ‡, Vania Marangozova-Martin ∗ † ‡ Project-Team Polaris Research Report n° 8889 — March 23, 2016 — 15 pages Abstract: Benchmarking has proven to be crucial for the investigation of the behavior and performances of a system. However, the choice of relevant benchmarks still remains a challenge. To help the process of comparing and choosing among benchmarks, we propose a solution for automatic benchmark profiling.
    [Show full text]
  • Xeon Platinum 8280 Vs. AMD EPYC 7742 - Ubuntu Linux
    www.phoronix-test-suite.com Xeon Platinum 8280 vs. AMD EPYC 7742 - Ubuntu Linux AMD EPYC and Intel Xeon benchmarks by Michael Larabel... Mix of single and multi-threaded workloads. Admittedly somewhat random tests with the intent of just being to doing some validation on Phoronix Test Suite 9.4 and checking out the graphing code, PDF generation, etc. Take the actual results as you wish. Automated Executive Summary 2 x EPYC 7742 had the most wins, coming in first place for 61% of the tests. Based on the geometric mean of all complete results, the fastest (2 x EPYC 7742) was 1.2x the speed of the slowest (2 x Xeon Platinum 8280). The results with the greatest spread from best to worst included: Tungsten Renderer (Scene: Volumetric Caustic) at 3.53x - MBW (Test: Memory Copy - Array Size: 4096 MiB) at 3.22x - Parboil (Test: OpenMP MRI Gridding) at 3.02x - Hackbench (Count: 32 - Type: Process) at 3.01x - Tachyon (Total Time) at 2.62x - C-Ray (Total Time - 4K, 16 Rays Per Pixel) at 2.37x - dav1d (Video Input: Chimera 1080p) at 2.33x Xeon Platinum 8280 vs. AMD EPYC 7742 - Ubuntu Linux - Coremark (CoreMark Size 666 - Iterations Per Second) at 2.3x - dav1d (Video Input: Summer Nature 1080p) at 2.17x - GraphicsMagick (Operation: Sharpen) at 2.17x. Test Systems: 2 x Xeon Platinum 8280 Processor: 2 x Intel Xeon Platinum 8280 @ 4.00GHz (56 Cores / 112 Threads), Motherboard: GIGABYTE MD61-SC2-00 v01000100 (T15 BIOS), Chipset: Intel Sky Lake-E DMI3 Registers, Memory: 12 x 32 GB DDR4-2933MT/s HMA84GR7CJR4N-WM, Disk: 280GB INTEL SSDPED1D280GA, Graphics:
    [Show full text]
  • Fair Benchmarking for Cloud Computing Systems
    Fair Benchmarking for Cloud Computing Systems Authors: Lee Gillam Bin Li John O’Loughlin Anuz Pranap Singh Tomar March 2012 Contents 1 Introduction .............................................................................................................................................................. 3 2 Background .............................................................................................................................................................. 4 3 Previous work ........................................................................................................................................................... 5 3.1 Literature ........................................................................................................................................................... 5 3.2 Related Resources ............................................................................................................................................. 6 4 Preparation ............................................................................................................................................................... 9 4.1 Cloud Providers................................................................................................................................................. 9 4.2 Cloud APIs ...................................................................................................................................................... 10 4.3 Benchmark selection ......................................................................................................................................
    [Show full text]
  • Aligning Intent and Behavior in Software Systems: How Programs Communicate & Their Distribution and Organization
    © 2020 William B. Dietz ALIGNING INTENT AND BEHAVIOR IN SOFTWARE SYSTEMS: HOW PROGRAMS COMMUNICATE & THEIR DISTRIBUTION AND ORGANIZATION BY WILLIAM B. DIETZ DISSERTATION Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science in the Graduate College of the University of Illinois at Urbana-Champaign, 2020 Urbana, Illinois Doctoral Committee: Professor Vikram Adve, Chair Professor John Regehr, University of Utah Professor Tao Xie Assistant Professor Sasa Misailovic ABSTRACT Managing the overwhelming complexity of software is a fundamental challenge because complex- ity is the root cause of problems regarding software performance, size, and security. Complexity is what makes software hard to understand, and our ability to understand software in whole or in part is essential to being able to address these problems effectively. Attacking this overwhelming complexity is the fundamental challenge I seek to address by simplifying how we write, organize and think about programs. Within this dissertation I present a system of tools and a set of solutions for improving the nature of software by focusing on programmer’s desired outcome, i.e. their intent. At the program level, the conventional focus, it is impossible to identify complexity that, at the system level, is unnecessary. This “accidental complexity” includes everything from unused features to independent implementations of common algorithmic tasks. Software techniques driving innovation simultaneously increase the distance between what is intended by humans – developers, designers, and especially the users – and what the executing code does in practice. By preserving the declarative intent of the programmer, which is lost in the traditional process of compiling and linking and building software, it is easier to abstract away unnecessary details.
    [Show full text]
  • Download Vol 8, No 3&4, Year 2015
    The International Journal on Advances in Systems and Measurements is published by IARIA. ISSN: 1942-261x journals site: http://www.iariajournals.org contact: [email protected] Responsibility for the contents rests upon the authors and not upon IARIA, nor on IARIA volunteers, staff, or contractors. IARIA is the owner of the publication and of editorial aspects. IARIA reserves the right to update the content for quality improvements. Abstracting is permitted with credit to the source. Libraries are permitted to photocopy or print, providing the reference is mentioned and that the resulting material is made available at no cost. Reference should mention: International Journal on Advances in Systems and Measurements, issn 1942-261x vol. 8, no. 3 & 4, year 2015, http://www.iariajournals.org/systems_and_measurements/ The copyright for each included paper belongs to the authors. Republishing of same material, by authors or persons or organizations, is not allowed. Reprint rights can be granted by IARIA or by the authors, and must include proper reference. Reference to an article in the journal is as follows: <Author list>, “<Article title>” International Journal on Advances in Systems and Measurements, issn 1942-261x vol. 8, no. 3 & 4, year 2015, http://www.iariajournals.org/systems_and_measurements/ IARIA journals are made available for free, proving the appropriate references are made when their content is used. Sponsored by IARIA www.iaria.org Copyright © 2015 IARIA International Journal on Advances in Systems and Measurements Volume 8, Number
    [Show full text]
  • Phoronix Test Suite V4.0.1 (Suldal)
    www.phoronix-test-suite.com Phoronix Test Suite v4.0.1 (Suldal) User Manual Phoronix Test Suite v4.0.1 Test Client Documentation Getting Started Overview The Phoronix Test Suite is the most comprehensive testing and benchmarking platform available for Linux, Solaris, Mac OS X, and BSD operating systems. The Phoronix Test Suite allows for carrying out tests in a fully automated manner from test installation to execution and reporting. All tests are meant to be easily reproducible, easy-to-use, and support fully automated execution. The Phoronix Test Suite is open-source under the GNU GPLv3 license and is developed by Phoronix Media in cooperation with partners. Version 1.0 of the Phoronix Test Suite was publicly released in 2008. The Phoronix Test Suite client itself is a test framework for providing seamless execution of test profiles and test suites. There are more than 200 tests available by default, which are transparently available via OpenBenchmarking.org integration. Of these default test profiles there is a range of sub-systems that can be tested and a range of hardware from mobile devices to desktops and worksrtations/servers. New tests can be easily introduced via the Phoronix Test Suite's extensible test architecture, with test profiles consisting of XML files and shell scripts. Test profiles can produce a quantitative result or other qualitative/abstract results like image quality comparisons and pass/fail. Using Phoronix Test Suite modules, other data can also be automatically collected at run-time such as the system power consumption, disk usage, and other software/hardware sensors. Test suites contain references to test profiles to execute as part of a set or can also reference other test suites.
    [Show full text]
  • Process Authentication for High System Assurance
    168 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 11, NO. 2, MARCH/APRIL 2014 Process Authentication for High System Assurance Hussain M.J. Almohri, Member, IEEE, Danfeng (Daphne) Yao, Member, IEEE, and Dennis Kafura, Member, IEEE Abstract—This paper points out the need in modern operating system kernels for a process authentication mechanism, where a process of a user-level application proves its identity to the kernel. Process authentication is different from process identification. Identification is a way to describe a principal; PIDs or process names are identifiers for processes in an OS environment. However, the information such as process names or executable paths that is conventionally used by OS to identify a process is not reliable. As a result, malware may impersonate other processes, thus violating system assurance. We propose a lightweight secure application authentication framework in which user-level applications are required to present proofs at runtime to be authenticated to the kernel. To demonstrate the application of process authentication, we develop a system call monitoring framework for preventing unauthorized use or access of system resources. It verifies the identity of processes before completing the requested system calls. We implement and evaluate a prototype of our monitoring architecture in Linux. The results from our extensive performance evaluation show that our prototype incurs reasonably low overhead, indicating the feasibility of our approach for cryptographically authenticating applications and their processes in the operating system. Index Terms—Operating system security, process authentication, secret application credential, system call monitoring Ç 1INTRODUCTION YPICAL operating system kernels enforce minimal re- User authentication through techniques such as password Tstrictions on the applications permitted to execute, or public-key cryptosystem is common in multiuser system resulting in the ability of malicious programs to abuse or network environments.
    [Show full text]
  • Pipenightdreams Osgcal-Doc Mumudvb Mpg123-Alsa Tbb
    pipenightdreams osgcal-doc mumudvb mpg123-alsa tbb-examples libgammu4-dbg gcc-4.1-doc snort-rules-default davical cutmp3 libevolution5.0-cil aspell-am python-gobject-doc openoffice.org-l10n-mn libc6-xen xserver-xorg trophy-data t38modem pioneers-console libnb-platform10-java libgtkglext1-ruby libboost-wave1.39-dev drgenius bfbtester libchromexvmcpro1 isdnutils-xtools ubuntuone-client openoffice.org2-math openoffice.org-l10n-lt lsb-cxx-ia32 kdeartwork-emoticons-kde4 wmpuzzle trafshow python-plplot lx-gdb link-monitor-applet libscm-dev liblog-agent-logger-perl libccrtp-doc libclass-throwable-perl kde-i18n-csb jack-jconv hamradio-menus coinor-libvol-doc msx-emulator bitbake nabi language-pack-gnome-zh libpaperg popularity-contest xracer-tools xfont-nexus opendrim-lmp-baseserver libvorbisfile-ruby liblinebreak-doc libgfcui-2.0-0c2a-dbg libblacs-mpi-dev dict-freedict-spa-eng blender-ogrexml aspell-da x11-apps openoffice.org-l10n-lv openoffice.org-l10n-nl pnmtopng libodbcinstq1 libhsqldb-java-doc libmono-addins-gui0.2-cil sg3-utils linux-backports-modules-alsa-2.6.31-19-generic yorick-yeti-gsl python-pymssql plasma-widget-cpuload mcpp gpsim-lcd cl-csv libhtml-clean-perl asterisk-dbg apt-dater-dbg libgnome-mag1-dev language-pack-gnome-yo python-crypto svn-autoreleasedeb sugar-terminal-activity mii-diag maria-doc libplexus-component-api-java-doc libhugs-hgl-bundled libchipcard-libgwenhywfar47-plugins libghc6-random-dev freefem3d ezmlm cakephp-scripts aspell-ar ara-byte not+sparc openoffice.org-l10n-nn linux-backports-modules-karmic-generic-pae
    [Show full text]
  • Comparative Assessment of Cloud Compute Services Using Run-Time Meta-Data
    C: 40 C: 40 M: 2 M: 2 Y: 10 Y: 10 K: 0 K: 0 Comparative Assessment of Cloud Compute Services using Run-Time Meta-Data Michael Menzel C: 76 C: 76 Michael Menzel: Comparative Assessment of Cloud Compute Services using Run-Time Meta-Data Services using Run-Time of Cloud Compute Assessment Comparative Michael Menzel: M: 47 M: 47 Y: 30 ISBN 978-3-7375-5175-5 Y: 30 K: 5 K: 5 Comparative Assessment of Cloud Compute Services using Run-Time Meta-Data A Framework for Performance Measurements and Virtual Machine Image Introspections vorgelegt von Dipl. Wirt.-Inf. Michael Menzel geb. in Mainz von der Fakultät IV - Elektrotechnik und Informatik der Technischen Universität Berlin zur Erlangung des akademischen Grades Doktor der Ingenieurwissenschaften - Dr.-Ing. - genehmigte Dissertation Promotionsausschuss: Vorsitzender: Prof. Dr. Uwe Nestmann Gutachter: Prof. Dr. Stefan Tai Gutachter: Prof. Dr. Alexander Mädche Gutachter: Prof. Dr. Odej Kao Tag der wissenschaftlichen Aussprache: 21.04.2015 Berlin 2015 ii Credits As most projects in life, a dissertation stands on the shoulders of giants. Foremost, it is the result of collaborations, ongoing discussions, and inspirations from many ac- quaintances, companions, and friends. A particularly inspiring giant that supervised the present work is Prof. Stefan Tai whom I like to thank for his patient advises, engage- ment, and steady support of this project. Furthermore, I am deeply thankful I had the luck to spend time with the most intriguing colleagues1. The way all of them engage in discussions and strive for the best is remarkable. Companionships between like-minded researchers develop unaffected by distance or time zones.
    [Show full text]