Kcofi: Complete Control-Flow Integrity for Commodity Operating System Kernels

Total Page:16

File Type:pdf, Size:1020Kb

Kcofi: Complete Control-Flow Integrity for Commodity Operating System Kernels KCoFI: Complete Control-Flow Integrity for Commodity Operating System Kernels John Criswell, Nathan Dautenhahn, and Vikram Adve Department of Computer Science University of Illinois at Urbana-Champaign Email: fcriswell,dautenh1,[email protected] Abstract that is comprehensive, efficient, and straightforward to im- plement. However, operating systems pose three challenges We present a new system, KCoFI, that is the first we for existing CFI techniques. First, not all targets of indirect know of to provide complete Control-Flow Integrity protection control transfers can be determined statically from the kernel for commodity operating systems without using heavyweight code. Interrupts can occur at any instruction boundary, so the complete memory safety. Unlike previous systems, KCoFI kernel must be able to transfer control to any interrupted protects commodity operating systems from classical control- instruction on a return from interrupt. Second, operating flow hijack attacks, return-to-user attacks, and code segment systems operations affect control flow in complicated ways. modification attacks. We formally verify a subset of KCoFI’s Signal handler dispatch, for example, modifies the program design by modeling several features in small-step semantics counter in interrupted program state saved in memory [7], [8], and providing a partial proof that the semantics maintain and efficient user-kernel memory copying functions modify control-flow integrity. The model and proof account for oper- interrupted kernel state [7] to recover from page protection ations such as page table management, trap handlers, context faults. Third, operating systems have access to privileged switching, and signal delivery. Our evaluation shows that hardware that invalidate assumptions commonly made by CFI KCoFI prevents all the gadgets found by an open-source techniques. As an example, some CFI systems [4], [9] assume Return Oriented Programming (ROP) gadget-finding tool in the that the code segment is non-writable. Errant DMA and MMU FreeBSD kernel from being used; it also reduces the number configurations can invalidate that assumption [5], [6]. of indirect control-flow targets by 98.18%. Our evaluation also shows that the performance impact of KCoFI on web server Most solutions for enforcing CFI [4], [10], [9] do not bandwidth is negligible while file transfer bandwidth using protect commodity operating system code. The few that do OpenSSH is reduced by an average of 13%, and at worst protect system-level code have serious limitations: Hyper- 27%, across a wide range of file sizes. PostMark, an extremely Safe [6] only protects a hypervisor and does not provide file-system intensive benchmark, shows 2x overhead. Where control-flow integrity for operations found in operating systems comparable numbers are available, the overheads of KCoFI (e.g., signal handler dispatch); it also does not protect against are far lower than heavyweight memory-safety techniques. return to user (ret2usr) attacks [11] that corrupt the program counter saved on interrupts, traps, and system calls to execute code belonging to less-privileged software. The kGuard [11] I. INTRODUCTION system, designed to thwart ret2usr attacks, enforces a very weak CFI variant that only ensures that control-flow is directed Despite much research, memory safety attacks are still a at virtual addresses within the kernel; some of its protection is scourge for C/C++ programmers. Worse yet, most commodity probabilistic, and it does not handle attacks that use the MMU operating systems are written in C/C++ and are therefore to change the instructions within the code segment. Secure susceptible to memory safety attacks. As the operating system Virtual Architecture (SVA) [12], [5] provides comprehensive (OS) is part of the Trusted Computing Base (TCB) in nearly all protection against control hijacking attacks, but it does so with commodity systems, a vulnerability in the OS can undermine heavyweight memory-safety techniques that have relatively the security of an entire system. high overheads even after being optimized by techniques using Many memory safety attacks work by diverting a pro- sophisticated whole-program pointer analysis [13]. gram’s control flow to instructions of the attackers choosing; Furthermore, only the original CFI system [4] formally these instructions may be injected by the attacker [1] or proves that it enforces control-flow integrity, and it does not may already exist within the program [2], [3]. Control-flow model features such as virtual memory, trap handlers, context integrity (CFI) is a family of security policies that thwart such switching, and signal delivery found in modern operating sys- attacks. Traditional CFI requires that all computed branches tems. Having an approach for enforcing control-flow integrity (e.g., returns from functions and indirect function calls) jump on these operations that has been formally verified would to virtual addresses that are designated as correct via static increase confidence that the approach works correctly. analysis [4]. Additional restrictions to CFI [5], [6] require that the instructions do not change. We have built a system named KCoFI (Kernel Control Flow Integrity, pronounced “coffee”) that aims to provide compre- Enforcing CFI on commodity operating system kernel hensive, efficient, and simple protection against control flow code could provide protection against control hijack attacks attacks for a complete commodity operating system. KCoFI operates between the software stack and processor. Essentially, to modify any memory location. We additionally assume that KCoFI uses traditional label-based protection for programmed the attacker is using such corruption to modify control-data, indirect jumps [4] but adds a thin run-time layer linked into the including targets that are not of concern to traditional CFI OS that protects some key OS data structures like thread stacks techniques, e.g., processor state (including the PC and stack and monitors all low-level state manipulations performed by pointer) saved in memory after a context-switch; trap and the OS. Our system provides the first comprehensive control- interrupt handler tables; invalid pointer values in user-kernel flow integrity enforcement for commodity OS kernels that copy operations; malicious MMU reconfiguration; etc. Non- does not rely on slower and more sophisticated memory safety control data attacks [15] are excluded from our model. techniques. Our protection thwarts both classical control flow Notice that external attackers in our model can influence attacks as well as ret2usr attacks. To verify that our design OS behavior only through system calls, I/O, and traps. For correctly enforces control-flow integrity, we have built a formal example, dynamically loaded device drivers are assumed not model of key features of our system (including the new to be malicious, but may also be buggy (just like the rest of protections for OS operations) using small-step semantics and the OS kernel), and will be protected from external attack. provided a partial proof that our design enforces control-flow We assume that the system is employing secure boot features integrity. The proofs are encoded in the Coq proof system and such as those found in AEGIS [16] or UEFI [17] to ensure are mechanically verified by Coq. that KCoFI and the kernel are not corrupted on disk and are The contributions of our system are as follows. the first pieces of software loaded on boot. We further assume that the attacker does not have physical access to the machine; • We provide the first complete control-flow integrity hardware-based attacks are outside the scope of our model. solution for commodity operating systems that does not rely on sophisticated whole-program analysis or III. KCOFI INFRASTRUCTURE a much stronger and more expensive security policy like complete memory safety. KCoFI has several unique requirements. First, it must in- strument commodity OS kernel code; existing CFI enforcement • We have built a formal model of kernel execution with mechanisms use either compiler or binary instrumentation [4], small-step semantics that supports virtual to physical [10], [18]. Second, KCoFI must understand how and when address translation, trap handling, context switching, OS kernel code interacts with the hardware. For example, it and signal handler dispatch. We use the model to must understand when the OS is modifying hardware page provide a partial proof that our design prevents CFI tables in order to prevent errors like writeable and executable violations. (We do not verify our implementation.) memory. Third, KCoFI must be able to control modification of • We evaluate the security of our system for the interrupted program state in order to prevent ret2usr attacks. FreeBSD 9.0 kernel on the x86-64 architecture. We The Secure Virtual Architecture (SVA) [12], [5] provides find that all the Return Oriented Programming (ROP) the infrastructure that KCoFI needs. As Figure 1 shows, gadgets found by the ROPGadget tool [14] become SVA interposes a compiler-based virtual machine between the unusable as branch targets. We also find that our sys- hardware and the system software (such as an operating system tem reduces the average number of possible indirect or hypervisor). All software, including the operating system branch targets by 98.18%. and/or hypervisor, is compiled to the virtual instruction set • We evaluate the performance of our system and find that SVA provides. The SVA virtual machine (VM) translates that KCoFI has far lower
Recommended publications
  • Ebook - Informations About Operating Systems Version: August 15, 2006 | Download
    eBook - Informations about Operating Systems Version: August 15, 2006 | Download: www.operating-system.org AIX Internet: AIX AmigaOS Internet: AmigaOS AtheOS Internet: AtheOS BeIA Internet: BeIA BeOS Internet: BeOS BSDi Internet: BSDi CP/M Internet: CP/M Darwin Internet: Darwin EPOC Internet: EPOC FreeBSD Internet: FreeBSD HP-UX Internet: HP-UX Hurd Internet: Hurd Inferno Internet: Inferno IRIX Internet: IRIX JavaOS Internet: JavaOS LFS Internet: LFS Linspire Internet: Linspire Linux Internet: Linux MacOS Internet: MacOS Minix Internet: Minix MorphOS Internet: MorphOS MS-DOS Internet: MS-DOS MVS Internet: MVS NetBSD Internet: NetBSD NetWare Internet: NetWare Newdeal Internet: Newdeal NEXTSTEP Internet: NEXTSTEP OpenBSD Internet: OpenBSD OS/2 Internet: OS/2 Further operating systems Internet: Further operating systems PalmOS Internet: PalmOS Plan9 Internet: Plan9 QNX Internet: QNX RiscOS Internet: RiscOS Solaris Internet: Solaris SuSE Linux Internet: SuSE Linux Unicos Internet: Unicos Unix Internet: Unix Unixware Internet: Unixware Windows 2000 Internet: Windows 2000 Windows 3.11 Internet: Windows 3.11 Windows 95 Internet: Windows 95 Windows 98 Internet: Windows 98 Windows CE Internet: Windows CE Windows Family Internet: Windows Family Windows ME Internet: Windows ME Seite 1 von 138 eBook - Informations about Operating Systems Version: August 15, 2006 | Download: www.operating-system.org Windows NT 3.1 Internet: Windows NT 3.1 Windows NT 4.0 Internet: Windows NT 4.0 Windows Server 2003 Internet: Windows Server 2003 Windows Vista Internet: Windows Vista Windows XP Internet: Windows XP Apple - Company Internet: Apple - Company AT&T - Company Internet: AT&T - Company Be Inc. - Company Internet: Be Inc. - Company BSD Family Internet: BSD Family Cray Inc.
    [Show full text]
  • A Critical Review of Acquisitions Within the Australian Vocational Education and Training Sector 2012 to 2017 Kristina M. Nicho
    A Critical Review of Acquisitions within the Australian Vocational Education and Training Sector 2012 to 2017 Kristina M. Nicholls Victoria University Business School Submitted in fulfilment of requirements for the degree of Doctor of Business Administration 2020 Abstract A Critical Review of Acquisitions within the Vocational Education and Training Sector 2012 to 2017 Organisations often look to acquisitions as a means of achieving their growth strategy. However, notwithstanding the theoretical motivations for engaging in acquisitions, research has shown that the acquiring organisation, following the acquisition, frequently experiences a fall in share price and degraded operating performance. Given the failure rates that are conservatively estimated at over 50%, the issue of acquisitions is worthy of inquiry in order to determine what factors make for a successful or alternately an unsuccessful outcome. The focus of this study is the vocational education sector in Australia, where private registered training organisations [RTOs] adopted acquisitions as a strategy to increase their market share and/or support growth strategies prompted by deregulation and a multi-billion dollar training investment by both Australian State and Federal governments in the past ten years. Fuelled by these changes in Government policy, there was a dramatic growth in RTO acquisitions between the period 2012 and 2017. Many of these acquisitions ended in failure, including several RTOs that listed on the Australian Stock Exchange [ASX]. This study investigates acquisitions of Australian RTOs, focusing on the period from 2012 to 2017 [study period]. The aim is to understand what factors contributed to the success and/or failure of acquisitions of registered training organisations in the Australian Private Education Sector.
    [Show full text]
  • Total Cost of Ownership and Open Source Software
    What Place Does Open Source Software Have In Australian And New Zealand Schools’ and Jurisdictions’ ICT Portfolios? TOTAL COST OF OWNERSHIP AND OPEN SOURCE SOFTWARE Research paper by Kathryn Moyle Department of Education and Children’s Services South Australia July 2004 1 Contents Contents 2 List of tables and diagrams 3 Abbreviations 4 Acknowledgements 5 Executive summary 6 Options for future actions 7 Introduction 9 Key questions 9 Open source software and standards 9 Comparison of open source and proprietary software licences 11 Building on recent work 12 Contexts 14 Use of ICT in schools 14 Current use of open source software in Australia and New Zealand 14 Procurement and deployment of ICT 15 Department of Education and Children’s Services, South Australia 16 What is total cost of ownership? 17 Purpose of undertaking a total cost of ownership analysis 17 Why undertake total cost of ownership work? 17 How can total cost of ownership analyses help schools, regions and central agencies plan? 17 Total cost of ownership analyses should not be undertaken in isolation 18 Total cost of ownership and open source software 18 Review of literature 19 Open source software in government schools 19 Total cost of ownership 20 Total cost of ownership in schools 21 Total cost of ownership, open source software and schools 23 Summary 25 Undertaking a financial analysis 26 Principles underpinning a total cost of ownership 26 Processes 27 Testing a financial model: Total Cost of Ownership in a school 33 Scenario 33 Future plans 40 ICT deployment options
    [Show full text]
  • Real-Time Operating System in Java
    University of Wollongong Theses Collection University of Wollongong Theses Collection University of Wollongong Year Real-time operating system in Java Qinghua Lu University of Wollongong Lu, Qinghua, Real-time operating system in Java, MA thesis, School of Computer Science and Software Engineering, University of Wollongong, 2007. http://ro.uow.edu/theses/29 This paper is posted at Research Online. http://ro.uow.edu.au/theses/29 Real-time Operating System in Java A thesis submitted in fulfilment of the requirements for the award of the degree Master of Computer Science -Research from UNIVERSITY OF WOLLONGONG by Qinghua Lu School of Computer Science & Software Engineering August, 2007 1 Dedicated to My Parents, Lu Changyou and Luo Xiue! 2 The following papers were written as part of this research. 1. McKerrow, P.J., Lu, Q., Zhou, Z.Q. and Chen, L. (2007), Developing real-time systems in Java on Macintosh, Submitted to AUC’07, Apple University Consortium, Gold Coast, September, 23-26, 2007. 2. McKerrow, P.J., Lu, Q., Zhou, Z.Q. and Chen, L. (2007), Software development of embedded systems on Macintosh, Submitted to AUC’07, Apple University Consortium, Gold Coast, September, 23-26, 2007. 3 Declaration I, Qinghua Lu, declare that this thesis, submitted in fulfilment of the requirements for the award of Master of Computer Science -Research, in the School of Computer Science & Software Engineering, University of Wollongong, is wholly my own work unless otherwise referenced or acknowledged. The document has not been submitted for qualifications
    [Show full text]
  • Alpha ELT Listing
    Lienholder Name Lienholder Address City State Zip ELT ID 1ST ADVANTAGE FCU PO BX 2116 NEWPORT NEWS VA 23609 CFW 1ST COMMAND BK PO BX 901041 FORT WORTH TX 76101 FXQ 1ST FNCL BK USA 47 SHERMAN HILL RD WOODBURY CT 06798 GVY 1ST LIBERTY FCU PO BX 5002 GREAT FALLS MT 59403 ESY 1ST NORTHERN CA CU 1111 PINE ST MARTINEZ CA 94553 EUZ 1ST NORTHERN CR U 230 W MONROE ST STE 2850 CHICAGO IL 60606 GVK 1ST RESOURCE CU 47 W OXMOOR RD BIRMINGHAM AL 35209 DYW 1ST SECURITY BK WA PO BX 97000 LYNNWOOD WA 98046 FTK 1ST UNITED SVCS CU 5901 GIBRALTAR DR PLEASANTON CA 94588 W95 1ST VALLEY CU 401 W SECOND ST SN BERNRDNO CA 92401 K31 360 EQUIP FIN LLC 300 BEARDSLEY LN STE D201 AUSTIN TX 78746 DJH 360 FCU PO BX 273 WINDSOR LOCKS CT 06096 DBG 4FRONT CU PO BX 795 TRAVERSE CITY MI 49685 FBU 777 EQUIPMENT FIN LLC 600 BRICKELL AVE FL 19 MIAMI FL 33131 FYD A C AUTOPAY PO BX 40409 DENVER CO 80204 CWX A L FNCL CORP PO BX 11907 SANTA ANA CA 92711 J68 A L FNCL CORP PO BX 51466 ONTARIO CA 91761 J90 A L FNCL CORP PO BX 255128 SACRAMENTO CA 95865 J93 A L FNCL CORP PO BX 28248 FRESNO CA 93729 J95 A PLUS FCU PO BX 14867 AUSTIN TX 78761 AYV A PLUS LOANS 500 3RD ST W SACRAMENTO CA 95605 GCC A/M FNCL PO BX 1474 CLOVIS CA 93613 A94 AAA FCU PO BX 3788 SOUTH BEND IN 46619 CSM AAC CU 177 WILSON AVE NW GRAND RAPIDS MI 49534 GET AAFCU PO BX 619001 MD2100 DFW AIRPORT TX 75261 A90 ABLE INC 503 COLORADO ST AUSTIN TX 78701 CVD ABNB FCU 830 GREENBRIER CIR CHESAPEAKE VA 23320 CXE ABOUND FCU PO BX 900 RADCLIFF KY 40159 GKB ACADEMY BANK NA PO BX 26458 KANSAS CITY MO 64196 ATF ACCENTRA CU 400 4TH
    [Show full text]
  • Page 14 Street, Hudson, 715-386-8409 (3/16W)
    JOURNAL OF THE AMERICAN THEATRE ORGAN SOCIETY NOVEMBER | DECEMBER 2010 ATOS NovDec 52-6 H.indd 1 10/14/10 7:08 PM ANNOUNCING A NEW DVD TEACHING TOOL Do you sit at a theatre organ confused by the stoprail? Do you know it’s better to leave the 8' Tibia OUT of the left hand? Stumped by how to add more to your intros and endings? John Ferguson and Friends The Art of Playing Theatre Organ Learn about arranging, registration, intros and endings. From the simple basics all the way to the Circle of 5ths. Artist instructors — Allen Organ artists Jonas Nordwall, Lyn Order now and recieve Larsen, Jelani Eddington and special guest Simon Gledhill. a special bonus DVD! Allen artist Walt Strony will produce a special DVD lesson based on YOUR questions and topics! (Strony DVD ships separately in 2011.) Jonas Nordwall Lyn Larsen Jelani Eddington Simon Gledhill Recorded at Octave Hall at the Allen Organ headquarters in Macungie, Pennsylvania on the 4-manual STR-4 theatre organ and the 3-manual LL324Q theatre organ. More than 5-1/2 hours of valuable information — a value of over $300. These are lessons you can play over and over again to enhance your ability to play the theatre organ. It’s just like having these five great artists teaching right in your living room! Four-DVD package plus a bonus DVD from five of the world’s greatest players! Yours for just $149 plus $7 shipping. Order now using the insert or Marketplace order form in this issue. Order by December 7th to receive in time for Christmas! ATOS NovDec 52-6 H.indd 2 10/14/10 7:08 PM THEATRE ORGAN NOVEMBER | DECEMBER 2010 Volume 52 | Number 6 Macy’s Grand Court organ FEATURES DEPARTMENTS My First Convention: 4 Vox Humana Trevor Dodd 12 4 Ciphers Amateur Theatre 13 Organist Winner 5 President’s Message ATOS Summer 6 Directors’ Corner Youth Camp 14 7 Vox Pops London’s Musical 8 News & Notes Museum On the Cover: The former Lowell 20 Ayars Wurlitzer, now in Greek Hall, 10 Professional Perspectives Macy’s Center City, Philadelphia.
    [Show full text]
  • Research Purpose Operating Systems – a Wide Survey
    GESJ: Computer Science and Telecommunications 2010|No.3(26) ISSN 1512-1232 RESEARCH PURPOSE OPERATING SYSTEMS – A WIDE SURVEY Pinaki Chakraborty School of Computer and Systems Sciences, Jawaharlal Nehru University, New Delhi – 110067, India. E-mail: [email protected] Abstract Operating systems constitute a class of vital software. A plethora of operating systems, of different types and developed by different manufacturers over the years, are available now. This paper concentrates on research purpose operating systems because many of them have high technological significance and they have been vividly documented in the research literature. Thirty-four academic and research purpose operating systems have been briefly reviewed in this paper. It was observed that the microkernel based architecture is being used widely to design research purpose operating systems. It was also noticed that object oriented operating systems are emerging as a promising option. Hence, the paper concludes by suggesting a study of the scope of microkernel based object oriented operating systems. Keywords: Operating system, research purpose operating system, object oriented operating system, microkernel 1. Introduction An operating system is a software that manages all the resources of a computer, both hardware and software, and provides an environment in which a user can execute programs in a convenient and efficient manner [1]. However, the principles and concepts used in the operating systems were not standardized in a day. In fact, operating systems have been evolving through the years [2]. There were no operating systems in the early computers. In those systems, every program required full hardware specification to execute correctly and perform each trivial task, and its own drivers for peripheral devices like card readers and line printers.
    [Show full text]
  • The Synthesis Kernel
    ... " The Synthesis Kernel Calton Pu, Henry Massalin and 21 ~; John loannidis Columbia University ABSTRACT: The Synthesis distributed operating system combines etticient kernel calls with a high­ level, orthogonal interface. The key concept is the use of a code synthesizer in the kernel to generate specialized (thus short and fast) kernel routines for specific situations. We have three methods of synthesizing code: Factoring Invariants to bypass redundant computations; Collapsing Layers to eliminate unnecessary procedure calls and context switches; and Executable Data Structures to shorten data structure traversal time. Applying these methods, the kernel call synthesized to read Idevlmem takes about 15 microseconds on a 68020 machine. A simple model of computation called a synthetic machine supports parallel and distributed processing. The interface to synthetic machine consists of six operations on four kinds of ohjects. This combination of a high-level interface with the code synthesizer avoids the traditional trade-off in operating systems between powerful interfaces and efficient implementations . ., Complliing .\'yslt'nIS, Vol. 1 • No.1' Winter IIJI!I! I I I. Introduction and data, and synthetic 1/0 units to move data in to and out of the synthetic machine. The synthetic machine interface and kernel code synthesizer A trade-off between powerful features and efficient arc independent ideas that have a synergistic eliect. Without the implementation exists in many operating systems. Systems with code synthesizer. even a sophisticated implementation of synthetic high-level interfaces and powerful features, like Argus lO and Eden/ machines would be very inetlicient. Each high-level kernel call require a lot of code for their implementation, and this added would require a large amount of code with a long execution time.
    [Show full text]
  • The Dark Side of the Attack on Colonial Pipeline
    “Public GitHub is 54 often a blind spot in the security team’s perimeter” Jérémy Thomas Co-founder and CEO GitGuardian Volume 5 | Issue 06 | June 2021 Traceable enables security to manage their application and API risks given the continuous pace of change and modern threats to applications. Know your application DNA Download the practical guide to API Security Learn how to secure your API's. This practical guide shares best practices and insights into API security. Scan or visit Traceable.ai/CISOMag EDITOR’S NOTE DIGITAL FORENSICS EDUCATION MUST KEEP UP WITH EMERGING TECHNOLOGIES “There is nothing like first-hand evidence.” Brian Pereira - Sherlock Holmes Volume 5 | Issue 06 Editor-in-Chief June 2021 f the brilliant detective Sherlock Holmes and his dependable and trustworthy assistant Dr. Watson were alive and practicing today, they would have to contend with crime in the digital world. They would be up against cybercriminals President & CEO Iworking across borders who use sophisticated obfuscation and stealth techniques. That would make their endeavor to Jay Bavisi collect artefacts and first-hand evidence so much more difficult! As personal computers became popular in the 1980s, criminals started using PCs for crime. Records of their nefarious Editorial Management activities were stored on hard disks and floppy disks. Tech-savvy criminals used computers to perform forgery, money Editor-in-Chief Senior Vice President laundering, or data theft. Computer Forensics Science emerged as a practice to investigate and extract evidence from Brian Pereira* Karan Henrik personal computers and associated media like floppy disk, hard disk, and CD-ROM. This digital evidence could be used [email protected] [email protected] in court to support cases.
    [Show full text]
  • A Complete Bibliography of Publications in Software—Practice and Experience
    A Complete Bibliography of Publications in Software|Practice and Experience Nelson H. F. Beebe University of Utah Department of Mathematics, 110 LCB 155 S 1400 E RM 233 Salt Lake City, UT 84112-0090 USA Tel: +1 801 581 5254 FAX: +1 801 581 4148 E-mail: [email protected], [email protected], [email protected] (Internet) WWW URL: http://www.math.utah.edu/~beebe/ 23 July 2021 Version 3.26 Title word cross-reference [Bar82a, Bar82c, Bar84b]. < [SMGMOFM07a, SMGMOFM07b]. > [SMGMOFM07a, SMGMOFM07b]. 2 [MST13, MDB19]. 3 [DS09]. 4 [MSR+07]. \ 0 [GW96]. 1 [GW96]. $1.50 [Bar78d]. $11 [PK04]. TM [MZB00, Win02]. 8 [DB21b]. k [Bar84a]. $12.00 [Rob72]. $13 [Bar84a]. [AW93, Mer93]. κ [MG94]. µ $13.00 [Rob72]. $18.50 [Jon74]. $185 [BS90c, BDS+92, SMNB21]. N [Bar79b]. $19.30 [Lan74a]. $19.50 [Dav78]. [MS98, Coh98, KST94, YAVHC21]. P 3 $25.00 [Pet77, And78]. 3 [BE02, FMA02]. [DC03]. PM [CLD+17]. q [GSR17]. τ $31-25 [Pet77]. $31.35 [Bri82]. 32 [VED06]. 2:5 [TSZ14, UDS+07]. $35.00 [Inc86]. $39.50 [Sim83]. 5 [CPMAH+20]. $58.50 [Wal81a]. $6.95 -ary [MS98]. -bit [AM10, SF85, VED06]. [Tho74]. 64 [AM10, VED06]. 68 -gram [Coh98, KST94, YAVHC21]. -grams [Ear76, Hol77]. $68.25 [Pit82]. $7.00 [GSR17]. -level [FM77]. -queens [Plu74]. [Bar72a]. $7.50 [Bar78d]. $7.95 -R [Ear76, Hol77]. -shortest-paths [MG94]. [Bar76a, Lav77]. $78.50 [Sim83]. 8 -System [BS90c]. [Plu74, SF85]. $8.95 [Bar82a, Bar82c, Bar84b]. $9.75 . [Bis81b]. .NET [Coo04, Han04]. [Bar77e, Mul76]. $9.80 [Atk79a]. $9.95 1 2 0 [Bar81, Edw98a, Edw98b, Gru83, Llo82, 2 [Bar74a, Bar74b, Bar80b, Bud85, Cor88b, Val77a, Val78, Wal83b].
    [Show full text]
  • Empirical Comparison of Scons and GNU Make
    Großer Beleg Empirical Comparison of SCons and GNU Make Ludwig Hähne August 21, 2008 Technical University Dresden Department of Computer Science Institute for System Architecture Chair for Operating Systems Professor: Prof. Dr. rer. nat. Hermann Härtig Tutor: Dipl.-Inf. Norman Feske Dipl.-Inf. Christian Helmuth Erklärung Hiermit erkläre ich, dass ich diese Arbeit selbstständig erstellt und keine anderen als die angegebenen Hilfsmittel benutzt habe. Dresden, den 26. Juni 2008 Ludwig Hähne Abstract Build systems are an integral part of every software developer’s tool kit. Next to the well-known Make build system, numerous alternative solutions emerged during the last decade. Even though the new systems introduced superior concepts like content signa- tures and promise to provide better build accuracy, Make is still the de facto standard. This paper examines GNU Make and SCons as representatives of two conceptually distinct approaches to conduct software builds. General build-system concepts and their respective realizations are discussed. The performance and scalability are empirically evaluated by confronting the two competitors with comparable real and synthetic build tasks. V Contents 1 Introduction 1 2 Background 3 2.1 Design Goals . .3 2.1.1 Convenience . .3 2.1.2 Correctness . .3 2.1.3 Performance . .3 2.1.4 Scalability . .4 2.2 Software Rebuilding . .4 2.2.1 Dependency analysis . .4 2.2.1.1 File signatures . .4 2.2.1.2 Fine grained dependencies . .5 2.2.1.3 Dependency declaration . .5 2.2.1.4 Dependency types . .5 2.2.2 Build infrastructure . .6 2.2.3 Command scheduling . .6 2.3 Build System Features .
    [Show full text]
  • Operating System Security – a Short Note
    Operating System Security – A Short Note 1,2Mr. Kunal Abhishek, 2Dr. E. George Dharma Prakash Raj 1Society for Electronic Transactions and Security (SETS), Chennai 2Bharathidasan University, Trichy [email protected], [email protected] 1. Introduction An Operating System (OS) is viewed as a Reference Monitor (RM) or a Reference Validation Mechanism (RVM) that provides basic level security. In [1], Anderson reported three design requirements for a Reference Monitor or Operating System. He suggested that an OS or RM should be tamper proof that means OS programs are not alterable, OS should always be invoked and OS must be small enough for analysis and testing purposes so that completeness of which can be assured. These OS design requirements became the deriving principle of OS development. A wide range of operating systems follow Anderson’s design principles in modern time. It was also observed in [2] that most of the attacks are imposed either on OS itself or on the programs running on the OS. The attacks on OS can be mitigated through formal verification to a great extent which prove the properties of OS code on various criteria like safeness, reliability, validity and completeness etc. Also, formal verification of OS is an intricate task which is feasible only when RVM or RM is small enough for analysis and testing within a reasonable time frame. Other way of attacking an OS is to attack the programs like device drivers running on top of it and subsequently inject malware through these programs interfacing with the OS. Thus, a malware can be injected in to the sensitive kernel code to make OS malfunction.
    [Show full text]