DOCSLIB.ORG

Improved Kernel Security Through Code Validation, Diversification, and Minimization Dannie Michael Stanley Purdue University

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Improved Kernel Security Through Code Validation, Diversification, and Minimization Dannie Michael Stanley Purdue University Purdue University Purdue e-Pubs Open Access Dissertations Theses and Dissertations Fall 2013 Improved Kernel Security Through Code Validation, Diversification, and Minimization Dannie Michael Stanley Purdue University Follow this and additional works at: https://docs.lib.purdue.edu/open_access_dissertations Part of the Computer Sciences Commons Recommended Citation Stanley, Dannie Michael, "Improved Kernel Security Through Code Validation, Diversification, and Minimization" (2013). Open Access Dissertations. 44. https://docs.lib.purdue.edu/open_access_dissertations/44 This document has been made available through Purdue e-Pubs, a service of the Purdue University Libraries. Please contact [email protected] for additional information. Graduate School ETD Form 9 (Revised 12/07) PURDUE UNIVERSITY GRADUATE SCHOOL Thesis/Dissertation Acceptance This is to certify that the thesis/dissertation prepared By Dannie Michael Stanley Entitled Improved Kernel Security Through Code Validation, Diversification, and Minimization Doctor of Philosophy For the degree of Is approved by the final examining committee: Eugene H. Spafford Chair Dongyan Xu Samuel Liles Sonia Fahmy To the best of my knowledge and as understood by the student in the Research Integrity and Copyright Disclaimer (Graduate School Form 20), this thesis/dissertation adheres to the provisions of Purdue University’s “Policy on Integrity in Research” and the use of copyrighted material. Approved by Major Professor(s): ____________________________________Eugene H. Spafford _______________Dongyan Xu _____________________ Approved by: Sunil Prabhakar / William J. Gorman 12/02/2013 Head of the Graduate Program Date IMPROVED KERNEL SECURITY THROUGH CODE VALIDATION, DIVERSIFICATION, AND MINIMIZATION A Dissertation Submitted to the Faculty of Purdue University by Dannie M. Stanley In Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy December 2013 Purdue University West Lafayette, Indiana ii To my wife, my parents, and my children. iii ACKNOWLEDGMENTS I would like to express my deep appreciation and gratitude to my advisors Dr. Eugene H. Spafford and Dr. Dongyan Xu for their patience, guidance, encouragement and the many wonderful opportunities that they afforded me. I am fortunate to have the opportunity to learn from such highly respected and accomplished mentors. I would also like to thank my additional committee members Dr. Sonia Fahmy and Dr. Samuel Liles for their guidance and helpful feedback. I would also like to thank Dr. Ryan Riley. Ryan has been a peer-mentor to me. He helped guide me through the early years of graduate school. I am forever indebted to him and aspire to follow in his footsteps. Finally, I would like to thank my wife. She is my champion. She provided light when the rigors of graduate school were casting a shadow. She has sacrificed beyond what I wished for her and has done so with grace. iv TABLE OF CONTENTS Page LIST OF TABLES :::::::::::::::::::::::::::::::: vii LIST OF FIGURES ::::::::::::::::::::::::::::::: viii ABSTRACT ::::::::::::::::::::::::::::::::::: ix 1 Introduction :::::::::::::::::::::::::::::::::: 1 1.1 Background ::::::::::::::::::::::::::::::: 1 1.2 Contributions :::::::::::::::::::::::::::::: 2 1.2.1 Diversification :::::::::::::::::::::::::: 2 1.2.2 Validation :::::::::::::::::::::::::::: 3 1.2.3 Minimization :::::::::::::::::::::::::: 4 1.3 Terminology ::::::::::::::::::::::::::::::: 4 1.4 Models :::::::::::::::::::::::::::::::::: 4 1.4.1 Computation Model :::::::::::::::::::::: 4 1.4.2 Execution Model :::::::::::::::::::::::: 6 1.4.3 Process Memory Model ::::::::::::::::::::: 7 1.4.4 Threat Model :::::::::::::::::::::::::: 10 2 Related Work ::::::::::::::::::::::::::::::::: 11 2.1 Attack Techniques ::::::::::::::::::::::::::: 11 2.1.1 Buffer Overflow Attack ::::::::::::::::::::: 11 2.1.2 Format String Attack :::::::::::::::::::::: 14 2.1.3 Integer Overflow Attack :::::::::::::::::::: 14 2.1.4 Return and Jump-Oriented Programming :::::::::: 15 2.2 Mitigation Techniques ::::::::::::::::::::::::: 19 2.2.1 Hardware Fault Isolation :::::::::::::::::::: 19 2.2.2 Reference Monitors ::::::::::::::::::::::: 21 2.2.3 Control Flow Integrity ::::::::::::::::::::: 22 2.2.4 NX :::::::::::::::::::::::::::::::: 22 2.2.5 Stack Canaries ::::::::::::::::::::::::: 25 2.2.6 System Randomization ::::::::::::::::::::: 26 2.2.7 ROP Defenses :::::::::::::::::::::::::: 28 2.3 Kernel Specialization and Minimization :::::::::::::::: 29 2.3.1 Kernel Specialization :::::::::::::::::::::: 29 2.3.2 Operating System Minimization :::::::::::::::: 30 3 Validating the Integrity of Included Kernel Components :::::::::: 32 v Page 3.1 Introduction ::::::::::::::::::::::::::::::: 32 3.2 Chapter Organization :::::::::::::::::::::::::: 34 3.3 Design :::::::::::::::::::::::::::::::::: 34 3.3.1 Problem ::::::::::::::::::::::::::::: 34 3.3.2 Approach :::::::::::::::::::::::::::: 37 3.4 Implementation ::::::::::::::::::::::::::::: 41 3.4.1 Experimental Setup ::::::::::::::::::::::: 43 3.4.2 Patch Validation :::::::::::::::::::::::: 43 3.5 Evaluation :::::::::::::::::::::::::::::::: 47 3.6 Discussion :::::::::::::::::::::::::::::::: 48 3.7 Summary :::::::::::::::::::::::::::::::: 49 4 Increasing the Diversity of Included Kernel Components ::::::::: 50 4.1 Introduction ::::::::::::::::::::::::::::::: 50 4.2 Chapter Organization :::::::::::::::::::::::::: 53 4.3 Design :::::::::::::::::::::::::::::::::: 53 4.3.1 Record Field Order Randomization :::::::::::::: 53 4.3.2 Suitability of a Record for Field Reordering ::::::::: 56 4.3.3 Subroutine Argument Order Randomization ::::::::: 59 4.4 Implementation ::::::::::::::::::::::::::::: 62 4.4.1 Record Field Order Randomization :::::::::::::: 62 4.4.2 RFOR Fitness Check :::::::::::::::::::::: 66 4.4.3 Subroutine Argument Order Randomization ::::::::: 69 4.5 Evaluation :::::::::::::::::::::::::::::::: 71 4.5.1 Security Benefits :::::::::::::::::::::::: 71 4.5.2 Randomizability Analysis ::::::::::::::::::: 72 4.5.3 Performance ::::::::::::::::::::::::::: 76 4.6 Discussion :::::::::::::::::::::::::::::::: 77 4.7 Summary :::::::::::::::::::::::::::::::: 78 5 Ensuring the Minimality of Included Kernel Components ::::::::: 79 5.1 Introduction ::::::::::::::::::::::::::::::: 79 5.2 Related Work :::::::::::::::::::::::::::::: 80 5.3 Chapter Organization :::::::::::::::::::::::::: 80 5.4 Design :::::::::::::::::::::::::::::::::: 81 5.4.1 Problem ::::::::::::::::::::::::::::: 81 5.4.2 Approach :::::::::::::::::::::::::::: 81 5.5 Implementation ::::::::::::::::::::::::::::: 86 5.6 Evaluation :::::::::::::::::::::::::::::::: 88 5.7 Discussion :::::::::::::::::::::::::::::::: 89 5.8 Summary :::::::::::::::::::::::::::::::: 90 6 Conclusions :::::::::::::::::::::::::::::::::: 91 6.1 Summary :::::::::::::::::::::::::::::::: 91 vi Page 6.1.1 Validation :::::::::::::::::::::::::::: 91 6.1.2 Diversification :::::::::::::::::::::::::: 92 6.1.3 Minimization :::::::::::::::::::::::::: 92 6.2 Future Work ::::::::::::::::::::::::::::::: 92 LIST OF REFERENCES :::::::::::::::::::::::::::: 94 VITA ::::::::::::::::::::::::::::::::::::::: 100 vii LIST OF TABLES Table Page 4.1 RFOR Fitness Report for task struct ::::::::::::::::::: 75 4.2 Performance impact of RFOR ::::::::::::::::::::::: 76 4.3 Time to compile kernel ::::::::::::::::::::::::::: 76 viii LIST OF FIGURES Figure Page 1.1 Computation model :::::::::::::::::::::::::::: 5 1.2 Execution model :::::::::::::::::::::::::::::: 6 1.3 Task memory model :::::::::::::::::::::::::::: 7 1.4 Call stack model :::::::::::::::::::::::::::::: 9 2.1 Return-oriented adder gadget ::::::::::::::::::::::: 17 2.2 Privilege execution modes ::::::::::::::::::::::::: 20 2.3 Microkernel and Monolithic Kernel Designs ::::::::::::::: 30 3.1 Run-Time Patch-Level Validation ::::::::::::::::::::: 40 3.2 Load-Time Optimized Patch-Level Validation :::::::::::::: 40 4.1 Record field order randomization. \R" represents a general-purpose pro- cessor register :::::::::::::::::::::::::::::::: 56 4.2 Subroutine argument order randomization. \SP" represents the stack pointer register. \BP" represents the stack base pointer register. :::: 61 4.3 AST-based randomization ::::::::::::::::::::::::: 63 4.4 Record size variation :::::::::::::::::::::::::::: 64 4.5 Variable initializers ::::::::::::::::::::::::::::: 65 4.6 AST of a cast from one pointer type to another ::::::::::::: 67 5.1 Reactivation of functions over time (log scale) :::::::::::::: 88 5.2 KIS keeps it simple ::::::::::::::::::::::::::::: 89 ix ABSTRACT Stanley, Dannie M. Ph.D., Purdue University, December 2013. Improved Kernel Secu- rity Through Code Validation, Diversification, and Minimization. Major Professors: Eugene H. Spafford and Dongyan Xu. The vast majority of hosts on the Internet, including mobile clients, are running one of three commodity, general-purpose operating system families. In such operating systems the kernel software executes at the highest processor privilege level. If an adversary is able to hijack the kernel software then by extension he has full control of the system. This control includes the ability to disable protection mechanisms and hide evidence of compromise. The lack of diversity in commodity, general-purpose operating systems enables attackers to craft a single kernel exploit that has the potential to infect millions of hosts. If enough variants of the vulnerable software exist, then mass exploitation is much more difficult to achieve. We introduce novel kernel diversification techniques to improve kernel security. Many modern kernels
Load more

Recommended publications
  • Building Embedded Linux Systems ,Roadmap.18084 Page Ii Wednesday, August 6, 2008 9:05 AM
    Building Embedded Linux Systems ,roadmap.18084 Page ii Wednesday, August 6, 2008 9:05 AM Other Linux resources from O’Reilly Related titles Designing Embedded Programming Embedded Hardware Systems Linux Device Drivers Running Linux Linux in a Nutshell Understanding the Linux Linux Network Adminis- Kernel trator’s Guide Linux Books linux.oreilly.com is a complete catalog of O’Reilly’s books on Resource Center Linux and Unix and related technologies, including sample chapters and code examples. ONLamp.com is the premier site for the open source web plat- form: Linux, Apache, MySQL, and either Perl, Python, or PHP. Conferences O’Reilly brings diverse innovators together to nurture the ideas that spark revolutionary industries. We specialize in document- ing the latest tools and systems, translating the innovator’s knowledge into useful skills for those in the trenches. Visit con- ferences.oreilly.com for our upcoming events. Safari Bookshelf (safari.oreilly.com) is the premier online refer- ence library for programmers and IT professionals. Conduct searches across more than 1,000 books. Subscribers can zero in on answers to time-critical questions in a matter of seconds. Read the books on your Bookshelf from cover to cover or sim- ply flip to the page you need. Try it today for free. main.title Page iii Monday, May 19, 2008 11:21 AM SECOND EDITION Building Embedded Linux SystemsTomcat ™ The Definitive Guide Karim Yaghmour, JonJason Masters, Brittain Gilad and Ben-Yossef, Ian F. Darwin and Philippe Gerum Beijing • Cambridge • Farnham • Köln • Sebastopol • Taipei • Tokyo Building Embedded Linux Systems, Second Edition by Karim Yaghmour, Jon Masters, Gilad Ben-Yossef, and Philippe Gerum Copyright © 2008 Karim Yaghmour and Jon Masters.
    [Show full text]
  • Proceedings of the Linux Symposium Volume
    Proceedings of the Linux Symposium Volume Two July 19th–22nd, 2006 Ottawa, Ontario Canada Contents Evolution in Kernel Debugging using Hardware Virtualization With Xen 1 Nitin A. Kamble Improving Linux Startup Time Using Software Resume (and other techniques) 17 Hiroki Kaminaga Automated Regression Hunting 27 A. Bowen, P. Fox, J. Kenefick, A. Romney, J. Ruesch, J. Wilde, & J. Wilson Hacking the Linux Automounter—Current Limitations and Future Directions 37 Ian Maxwell Kent & Jeff Moyer Why NFS Sucks 51 Olaf Kirch Efficient Use of the Page Cache with 64 KB Pages 65 Dave Kleikamp and Badari Pulavarty Startup Time in the 21st Century: Filesystem Hacks and Assorted Tweaks 71 Benjamin C.R. LaHaise Using Hugetlbfs for Mapping Application Text Regions 75 H.J. Lu, K. Doshi, R. Seth, & J. Tran Towards a Better SCM: Revlog and Mercurial 83 Matt Mackall Roadmap to a GL-based composited desktop for Linux 91 K.E. Martin and K. Packard Probing the Guts of Kprobes 101 A. Mavinakayanahalli, P. Panchamukhi, J. Keniston, A. Keshavamurthy, & M. Hiramatsu Shared Page Tables Redux 117 Dave McCracken Extending RCU for Realtime and Embedded Workloads 123 Paul E. McKenney OSTRA: Experiments With on-the-fly Source Patching 139 Arnaldo Carvalho de Melo Design and Implementation to Support Multiple Key Exchange Protocols for IPsec 143 K. Miyazawa, S. Sakane, K. Kamada, M. Kanda, & A. Fukumoto The State of Linux Power Management 2006 151 Patrick Mochel I/O Workload Fingerprinting in the Genetic-Library 165 Jake Moilanen X86-64 XenLinux: Architecture, Implementation, and Optimizations 173 Jun Nakajima, Asit Mallick GCC—An Architectural Overview, Current Status, and Future Directions 185 Diego Novillo Shared-Subtree Concept, Implementation, and Applications in Linux 201 Al Viro & Ram Pai The Ondemand Governor 215 Venkatesh Pallipadi & Alexey Starikovskiy Linux Bootup Time Reduction for Digital Still Camera 231 Chan-Ju Park A Lockless Pagecache in Linux—Introduction, Progress, Performance 241 Nick Piggin The Ongoing Evolution of Xen 255 I.
    [Show full text]
  • Proceedings of the Linux Symposium
    Reprinted from the Proceedings of the Linux Symposium July 23rd–26th, 2008 Ottawa, Ontario Canada Conference Organizers Andrew J. Hutton, Steamballoon, Inc., Linux Symposium, Thin Lines Mountaineering C. Craig Ross, Linux Symposium Review Committee Andrew J. Hutton, Steamballoon, Inc., Linux Symposium, Thin Lines Mountaineering Dirk Hohndel, Intel Gerrit Huizenga, IBM Dave Jones, Red Hat, Inc. Matthew Wilson, rPath C. Craig Ross, Linux Symposium Proceedings Formatting Team John W. Lockhart, Red Hat, Inc. Gurhan Ozen, Red Hat, Inc. Eugene Teo, Red Hat, Inc. Kyle McMartin, Red Hat, Inc. Jake Edge, LWN.net Robyn Bergeron Dave Boutcher, IBM Mats Wichmann, Intel Authors retain copyright to all submitted papers, but have granted unlimited redistribution rights to all as a condition of submission. SELinux for Consumer Electronics Devices Yuichi Nakamura Yoshiki Sameshima Hitachi Software Engineering Hitachi Software Engineering [email protected] [email protected] Abstract without security updates, because the process of updating introduces several problems. Some CE As the number of network-connect Consumer Electron- devices do not have a network updater. To fix vul- ics (CE) devices has increased, the security of these de- nerabilities for such devices, manufacturers have to vices has become important. SELinux is widely used recall devices, and re-write flash ROM. Even if de- for PC servers to prevent attacks from a network. How- vices do have a network updater, security patches ever, there are problems in applying SELinux to CE de- tend to be delayed or not provided, because prepar- vices. SELinux kernel, userland, and policy consume ing updates is a heavy task for manufacturers. Up- hardware resources unacceptably.
    [Show full text]
  • TLPI-Bibliography.Pdf
    BIBLIOGRAPHY Aho, A.V., Kernighan, B.W., and Weinberger, P. J. 1988. The AWK Programming Language. Addison-Wesley, Reading, Massachusetts. Albitz, P., and Liu, C. 2006. DNS and BIND (5th edition). O’Reilly, Sebastopol, California. Anley, C., Heasman, J., Lindner, F., and Richarte, G. 2007. The Shellcoder’s Handbook: Discovering and Exploiting Security Holes. Wiley, Indianapolis, Indiana. Bach, M. 1986. The Design of the UNIX Operating System. Prentice Hall, Englewood Cliffs, New Jersey. Bhattiprolu, S., Biederman, E.W., Hallyn, S., and Lezcano, D. 2008. “Virtual Servers and Checkpoint/Restart in Mainstream Linux,” ACM SIGOPS Operating Systems Review, Vol. 42, Issue 5, July 2008, pages 104–113. http://www.mnis.fr/fr/services/virtualisation/pdf/cr.pdf Bishop, M. 2003. Computer Security: Art and Science. Addison-Wesley, Reading, Massachusetts. Bishop, M. 2005. Introduction to Computer Security. Addison-Wesley, Reading, Massachusetts. Borisov, N., Johnson, R., Sastry, N., and Wagner, D. 2005. “Fixing Races for Fun and Profit: How to abuse atime,” Proceedings of the 14th USENIX Security Symposium. http://www.cs.berkeley.edu/~nks/papers/races-usenix05.pdf Bovet, D.P., and Cesati, M. 2005. Understanding the Linux Kernel (3rd edition). O’Reilly, Sebastopol, California. Butenhof, D.R. 1996. Programming with POSIX Threads. Addison-Wesley, Reading, Massachusetts. Further information, as well as source code for the programs in this book, can be found at http://homepage.mac.com/dbutenhof/Threads/Threads.html. Chen, H., Wagner, D., and Dean, D. 2002. “Setuid Demystified,” Proceedings of the 11th USENIX Security Symposium. http://www.cs.berkeley.edu/~daw/papers/setuid-usenix02.pdf Comer, D.E.
    [Show full text]
  • Linux Symposium 2007 As Shown by the Many Related Presentations at This Confer - Ence (E.G., KVM, Lguest, Vserver)
    Warren Henson of Google asked about other plans for For filesystems, Jon observed that disks are getting larger long-term storage and backup. Jepson said that that but not faster, so fsck time can be a problem. New filesys - sounds like a great thing for Google to do. Right now they tems such as chunkfs and tilefs are more scalable and sub - are stuck with the server (a low-power device, sealed with divide a disk so that only the active part needs to be fsck’d. a hard disk) and aren’t currently addressing that problem, The btrfs filesystem is extent-based, with subvolumes. It although Google has provided gmail accounts. In response supports snapshot checksumming, online fsck, and faster to Henson’s mention of alternative projects from other or - fsck. Jon talked about ext4 with its 48-bit block numbers ganizations, Jepson said that they would like to work with and use of extents. [Editor’s note: Also see the article in these groups and try every week. When these efforts fail, the June 2007 issue of ;login: about ext4.] the kids lose, in her opinion. Since Jepson spoke, Intel has Jon finds reiser4 interesting, but the project is unfortu - announced that they plan to work with OLPC, and Intel is nately stalled because Hans Reiser is no longer able to now listed as a supporter on the laptop.org site. work on it. It needs a new champion. Jon talked about virtualization. It is getting more attention, Linux Symposium 2007 as shown by the many related presentations at this confer - ence (e.g., KVM, lguest, Vserver).
    [Show full text]
  • Unified Kernel/User-Space Efficient Linux Tracing Architecture
    UNIVERSITE´ DE MONTREAL´ UNIFIED KERNEL/USER-SPACE EFFICIENT LINUX TRACING ARCHITECTURE DAVID GOULET DEPARTEMENT´ DE GENIE´ INFORMATIQUE ET GENIE´ LOGICIEL ECOLE´ POLYTECHNIQUE DE MONTREAL´ MEMOIRE´ PRESENT´ E´ EN VUE DE L'OBTENTION DU DIPLOME^ DE MA^ITRISE ES` SCIENCES APPLIQUEES´ (GENIE´ INFORMATIQUE) AVRIL 2012 © David Goulet, 2012. UNIVERSITE´ DE MONTREAL´ ECOLE´ POLYTECHNIQUE DE MONTREAL´ Ce m´emoireintitul´e: UNIFIED KERNEL/USER-SPACE EFFICIENT LINUX TRACING ARCHITECTURE pr´esent´epar : GOULET David en vue de l'obtention du dipl^omede : Ma^ıtrise`esSciences Appliqu´ees a ´et´ed^ument accept´epar le jury constitu´ede : M. ANTONIOL Giuliano, Ph.D., pr´esident M. DAGENAIS Michel, Ph.D., membre et directeur de recherche M. BOIS Guy, Ph.D., membre iii For a free and common knowledge for everyone on earth regardless of gender, race or color . Pour un savoir libre et commun pour tous sans distinction de genre, race ou couleur . iv LICENSE Unified Kernel/User-space Efficient Linux Tracing Architecture by David Goulet is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License Based on the work at lttng.org Copyleft This is a contribution to the global intellectual commons which provides the greatest benefit to all people and help realizing universal and free access to culture, education and research. v ACKNOWLEDGEMENTS First of all, I would like to thanks my director Michel Dagenais for giving me the oppor- tunity to work with him and learn from his immense legacy in the tracing world which is still growing today. I will not thank him however for the pain endure during the Lafayette mountain hiking which greatly diminish my ability to walk the next morning.
    [Show full text]
  • Buried Alive in Patches: 6 Months of Picking up the Pieces of the Linux 2.5 Kernel
    Buried alive in patches: 6 months of picking up the pieces of the Linux 2.5 kernel Dave Jones SuSE Labs [email protected], http://www.codemonkey.org.uk Abstract would then push known good parts to Linus at such a time that he is ready for them. When development began on the 2.5 Linux ker- When the 2.4 kernel diverged to the 2.5 devel- nel, I volunteered to forward port 2.4 fixes to opment branch, there was still a considerable 2.5, and keep them in sync ready for when Li- number of fixes going into 2.4. Alan was busy nus was ready to accept them. Additionally, I with other projects at the time, and so it was collected the small bits Linus frequently over- suggested that ‘someone’ should pick up the looked, and perhaps more importantly, tried to bits going into 2.4 and make sure they don’t keep the 2.5-dj tree in a usable, bootable state get left behind for 2.5. even when 2.5 mainline wasn’t. Without fully thinking through the conse- quences, I decided to step forward, and got a 1 Introduction lot more than I bargained for, but learned a lot, and had a lot of fun on the way. With the advent of a new development series of the Linux kernel, Linus Torvalds typically 2 The problems hands off the current tree to someone else, who becomes maintainer of that stable series, and The easy part of the job looks something like work on the development branch accelerates, this: whilst the stable branch collects fixes and up- dates rather than new features.
    [Show full text]
  • “Embedded Linux Development Made Easier” User's Manual
    \Embedded Linux development made easier" User's manual Version: 2.10.2 August 4, 2009 About Evidence S.r.l. Evidence is a company operating in the field of software for embedded real-time systems. It started in 2002 as a spin-off company of the Real-Time Systems (ReTiS) Lab of the Scuola Superiore Sant'Anna (Pisa, Italy). Today, Evidence is a dynamic company having collaborations in the field of electronics, telecommunications, automotives, and industrial automation. People at Evidence are experts in the domain of embedded and real-time systems, with a deep knowledge on the design and specification flow of embedded software, especially for the embedded market. Besides providing consultancy services, Evidence also provides: BSPs based on Linux for embedded devices, evaluation boards featuring most innovative 8, 16 and 32-bit microcontrollers for the embedded market, development tools for making embedded software development easier, and tools for the schedulability analysis of real-time tasks running on your final product. Contact Info Evidence Srl, Via Carducci 64/A Localit´aGhezzano 56010 S.Giuliano Terme PISA Italy Tel: +39 050 99 11 224 Fax: +39 050 99 10 812 For more information about Evidence products, please send an e-mail to the follow- ing address: [email protected]. Other information about the Evidence product line can be found at the Evidence web site at: http://www.evidence.eu.com. This document is Copyright 2005-2009 Evidence S.r.l. Information and images contained within this document are copyright and the property of Evidence S.r.l. All trademarks are hereby acknowledged to be the properties of their respective owners.
    [Show full text]
  • System Design for Software Packet Processing
    System Design for Software Packet Processing Sangjin Han Electrical Engineering and Computer Sciences University of California at Berkeley Technical Report No. UCB/EECS-2019-112 http://www2.eecs.berkeley.edu/Pubs/TechRpts/2019/EECS-2019-112.html August 14, 2019 Copyright © 2019, by the author(s). All rights reserved. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission. System Design for Software Packet Processing By Sangjin Han A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Computer Science in the Graduate Division of the University of California, Berkeley Committee in charge: Professor Sylvia Ratnasamy, Chair Professor Scott Shenker Professor Dorit Hochbaum Summer 2019 System Design for Software Packet Processing Copyright 2019 by Sangjin Han 1 Abstract System Design for Software Packet Processing by Sangjin Han Doctor of Philosophy in Computer Science University of California, Berkeley Professor Sylvia Ratnasamy, Chair The role of software in computer networks has never been more crucial than today, with the advent of Internet-scale services and cloud computing. The trend toward software- based network dataplane—as in network function virtualization—requires software packet processing to meet challenging performance requirements, such as supporting exponentially increasing link bandwidth and microsecond-order latency.
    [Show full text]
  • The Official Ubuntu Book, 7Th Edition.Pdf
    ptg8126969 Praise for Previous Editions of The Official Ubuntu Book “The Official Ubuntu Book is a great way to get you started with Ubuntu, giving you enough information to be productive without overloading you.” —John Stevenson, DZone book reviewer “OUB is one of the best books I’ve seen for beginners.” —Bill Blinn, TechByter Worldwide “This book is the perfect companion for users new to Linux and Ubuntu. It covers the basics in a concise and well-organized manner. General use is covered separately from troubleshooting and error-handling, making the book well-suited both for the beginner as well as the user that needs extended help.” —Thomas Petrucha, Austria Ubuntu User Group “I have recommended this book to several users who I instruct regularly on ptg8126969 the use of Ubuntu. All of them have been satisfied with their purchase and have even been able to use it to help them in their journey along the way.” —Chris Crisafulli, Ubuntu LoCo Council, Florida Local Community Team “This text demystifies a very powerful Linux operating system . In just a few weeks of having it, I’ve used it as a quick reference a half-dozen times, which saved me the time I would have spent scouring the Ubuntu forums online.” —Darren Frey, Member, Houston Local User Group This page intentionally left blank ptg8126969 The Official Ubuntu Book Seventh Edition ptg8126969 This page intentionally left blank ptg8126969 The Official Ubuntu Book Seventh Edition Matthew Helmke Amber Graner With Kyle Rankin, Benjamin Mako Hill, ptg8126969 and Jono Bacon Upper Saddle River, NJ • Boston • Indianapolis • San Francisco New York • Toronto • Montreal • London • Munich • Paris • Madrid Capetown • Sydney • Tokyo • Singapore • Mexico City Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks.
    [Show full text]
  • Analysis of Ignored Patches in the Linux Kernel Development
    Friedrich-Alexander-Universität Erlangen-Nürnberg Faculty of Engineering, Department of Computer Science SEBASTIAN DUDA MASTER THESIS ANALYSIS OF IGNORED PATCHES IN THE LINUX KERNEL DEVELOPMENT Submitted on 20 December 2019 Supervisors: Prof. Dr. Dirk Riehle, M.B.A. Maximilian Capraro, M.Sc. Professorship for Open Source Software Faculty of Engineering, Department of Computer Science Friedrich-Alexander-Universität Erlangen-Nürnberg Versicherung Ich versichere, dass ich die Arbeit ohne fremde Hilfe und ohne Benutzung anderer als der angegebenen Quellen angefertigt habe und dass die Arbeit in gleicher oder ähnlicher Form noch keiner anderen Prüfungsbehörde vorgelegen hat und von dieser als Teil einer Prüfungsleistung angenommen wurde. Alle Ausführungen, die wörtlich oder sinngemäß übernommen wurden, sind als solche gekennzeichnet. Erlangen, 20 December 2019 License This work is licensed under the Creative Commons Attribution 4.0 International license (CC BY 4.0), see https://creativecommons.org/licenses/by/4.0/ Erlangen, 20 December 2019 i Abstract The importance of Linux in industry increases continuously with the ascending variety of products running Linux based software. Use cases are not only lim- ited to consumer applications but also high-performance computer and business- critical control technology. The usage of software in critical application requires a certification (e.g. IEC 61508), which demands the documentation of andthe compliance with the software development process. As a result, the analysis of the Linux kernel development process becomes equally more valuable. The Linux kernel development process is well understood, documented, and re- searched. However, some actions of contributors or maintainers do not comply with the process. One of these actions is ignoring patches.
    [Show full text]
  • Linux Sea Sven Vermeulen Linux Sea Sven Vermeulen Copyright © 2009-2013 Sven Vermeulen
    Linux Sea Sven Vermeulen Linux Sea Sven Vermeulen Copyright © 2009-2013 Sven Vermeulen Abstract The book "Linux Sea" offers a gentle yet technical (from end-user perspective) introduction to the Linux operating system, using Gentoo Linux as the example Linux distribution. It does not nor will it ever talk about the history of the Linux kernel or Linux distributions or dive into details that are less interesting for Linux users. For various topics, the online Gentoo Handbook offers a very detailed approach and as such is mandatory reading for any Gentoo Linux user who wants to know the full power of this Operating System. Although there is definitely overlap between "Linux Sea" and the online Gentoo Handbook, "Linux Sea" is by no means meant to replace the online Gentoo Handbook. "Linux Sea" will attempt to focus on topics that everyday users would probably need to know to continue working with Gentoo Linux. The version you are reading currently is v1.14 and has been generated on 2013/10/06. PDF [http://swift.siphos.be/ linux_sea/linux_sea.pdf] and ePUB [http://swift.siphos.be/linux_sea/linux_sea.epub] versions are available as well. You are free to share (copy, distribute and transmit) the work as well as remix (adapt) the work under the conditions of the Creative Commons Attribution Noncommercial Share Alike 2.0 license, available at http://creativecommons.org/licenses/by-nc-sa/2.0/be/deed.en Table of Contents 1. What is Linux? ......................................................................................................... 1
    [Show full text]