DOCSLIB.ORG

ALICE Security Research Site at University of Frankfurt

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
ALICE Security Research Site at University of Frankfurt ALICE security research site at University of Frankfurt 9th ALICE Tier-1/Tier-2 Workshop Andres Gomez Ramirez, Udo Kebschull IRI - Goethe University Frankfurt ALICE UF Grid site [email protected] UF Grid Site ➢ Security research, not production data processing. ➢ PhD thesis: “Deep Learning and Isolation Based Security for Intrusion Detection and Prevention in Grid Computing”. ➢ 5 Ubuntu 16.04 nodes. ➢ Centos 6 containers. ➢ CernVM-FS installed in the hosts and shared as a volume inside Docker containers. Andrés Gómez – 9th ALICE Tier-1/Tier-2 Workshop Slide 2 Motivation: Grid Security Challenges ➢ Users can execute any application: arbitrary code execution by design. ➢ Payloads are frequently executed directly on host Operating System. ➢ Network sections are shared. ➢ Hundreds of thousands of jobs running simultaneously. ➢ Expensive to have many security experts monitoring the Grid. ➢ Similar to Cloud computing. Andrés Gómez – 9th ALICE Tier-1/Tier-2 Workshop Slide 3 Proposed Solutions ➢ Linux Containers to execute payloads. ➢ Network isolation with virtual networks. ➢ Isolation to extract better payload behavior data from the host and from the network. ➢ Automated Intrusion Detection and Prevention. ➢ Deep Learning to enable this automation. Andrés Gómez – 9th ALICE Tier-1/Tier-2 Workshop Slide 4 Security by Isolation: Linux Containers / Container / Container / Container / /boot /boot /boot /boot /dev Squid /dev rrdTool /dev Nagios /dev /etc /etc /etc /etc /kernfs /kernfs /kernfs /kernfs /home /home PHP /home Perl Python /home /media /media /media /media /opt /opt /opt /mnt /proc /proc /proc /opt /run Apache /run Cherokee /run Lighttpd GStreamer core /proc /srv /srv /srv /root /sys /sys /sys /run /usr MySQL /usr MariaDB /usr Drizzle /srv /var /var /var /sys /usr systemd-nspawn /var d systemd user D-Bus n PulseAudio systemd logind journald networkd IPC u PID1 session daemon o daemon s e v i s u l System Call Interface (SCI) c x e Render Process Memory Virtual File Network cgroups Nodes & KMS scheduler manager System interface DRM Linux kernel System Graphics Display Hardware CPU Storage Network GPU RAM RAM controller Andrés Gómez – 9th ALICE Tier-1/Tier-2 Workshop Slide 5 Grid Job Execution and Network Isolation Worker node Worker node Pilot job Bob©s grid Alice©s grid Bob©s grid job job Virtual network job Container Pilot Pilot Container Eve©s grid job job Alice©s grid job Eve©s grid job job Container Pilot job Andrés Gómez – 9th ALICE Tier-1/Tier-2 Workshop Slide 6 Behavior Monitoring for the Grid Working Node Bob©s grid Alice©s grid Job Job Virtual network Container Pilot Pilot Container Classification: Job Job · Normal Eve©s grid Job · Malicious Container Pilot Job Hidden Input Output Grid jobs word2vec monitoring embedding data vectors Andrés Gómez – 9th ALICE Tier-1/Tier-2 Workshop Slide 7 ALICE Grid Security Monitoring ➢ Linux Containers ➢ Deep Learning ➢ Convolutional Neural Networks ➢ Recurrent Neural Networks ➢ Generative method for improving training ➢ Grid Jobs – normal vs malware Andrés Gómez – 9th ALICE Tier-1/Tier-2 Workshop Slide 8 Grid job classification with Convolutional Neural Network Trace log Word2vec Output class Input Dense connected layer with dropout and softmax single output word embedding Convolutional layer vectors multiple filters Andrés Gómez – 9th ALICE Tier-1/Tier-2 Workshop Slide 9 Training data generation with Recurrent Neural Networks Input layer x 1 x 2 ... x N IO W W HH Hidden layer h 1 h 2 ... h M W HO Output layer o 1 o 2 ... o L Andrés Gómez – 9th ALICE Tier-1/Tier-2 Workshop Slide 10 Arhuaco: proof-of-concept implementation Administrator Worker node workstation Grid job Grid job Virtual network Container Pilot Pilot Container job job Grid job Container Pilot job Source Source interface 1 interface 2 VoBOX Worker node (Sysdig) (Bro) Monitoring Execution Grid job Grid job engine interface Virtual network Virtual network Container Container Pilot Pilot Container Feature Distributed job job container Eve©s grid extraction job engine Classification Generation Pilot job Response engine Worker node Arhuaco Grid job Grid job Virtual network Container Pilot Pilot Container job job Grid job Container Pilot job Andrés Gómez – 9th ALICE Tier-1/Tier-2 Workshop Slide 11 Arhuaco: proof-of-concept Implementation ➢ Linux Containers: Docker, Docker Swarm ➢ Deep Learning: Keras, Theano, TensorFlow, Python 3. ➢ Data collection: System Calls - Sysdig, Network connection - The zeek Network analysis tool. ➢ Grid Middelware - ALICE AliEn. Andrés Gómez – 9th ALICE Tier-1/Tier-2 Workshop Slide 12 Evaluation: Grid Jobs vs Malware Andrés Gómez – 9th ALICE Tier-1/Tier-2 Workshop Slide 13 Evaluation: Grid Jobs vs Malware Andrés Gómez – 9th ALICE Tier-1/Tier-2 Workshop Slide 14 Results: Impact of Isolation over performance 1600 Grid Jobs in total Andrés Gómez – 9th ALICE Tier-1/Tier-2 Workshop Slide 15 Results: Grid job classification – normal vs malware ➢ CNN: Convolutional Neural Network ➢ SVM: Support Vector Machine ➢ FPR: False Positive rate ➢ ACC: Accuracy Andrés Gómez – 9th ALICE Tier-1/Tier-2 Workshop Slide 16 Results: training data generation results ➢ TPR: Sensitivity or True Positive Rate ➢ SPC: Specificity ➢ FPR: False Positive rate ➢ ACC: Accuracy Andrés Gómez – 9th ALICE Tier-1/Tier-2 Workshop Slide 17 Conclusions ➢ Docker containers can be used to isolate and extract behavior information from Grid jobs without big performance impact. ➢ Deep learning is highly effective to identify “malicious” Grid jobs. ➢ CNNs with Word2Vec preprocessing provides improved accuracy than traditional SVM. ➢ Synthetic generated data can improve the training process. Andrés Gómez – 9th ALICE Tier-1/Tier-2 Workshop Slide 18 Future work ➢ Thesis submitted. ➢ Exploring options: Arhuaco as open source and/or commercial tool. ➢ UF Grid site probably will not continue operations. ➢ Future research topics of interest: differential privacy, adversarial machine learning training, privacy preserving intrusion detection. Andrés Gómez – 9th ALICE Tier-1/Tier-2 Workshop Slide 19 Thank you! Questions? Appendix: CNN results System Calls Network connections Andrés Gómez – 9th ALICE Tier-1/Tier-2 Workshop Slide 21 Appendix: System call results CNN CNN vs SVM Andrés Gómez – 9th ALICE Tier-1/Tier-2 Workshop Slide 22 Appendix: Network traces results CNN CNN vs SVM Andrés Gómez – 9th ALICE Tier-1/Tier-2 Workshop Slide 23 CERN Security Operations Center Andrés Gómez – Frankfurt University Slide 24.
Load more

Recommended publications
  • Rtkaller: State-Aware Task Generation for RTOS Fuzzing
    17 Rtkaller: State-aware Task Generation for RTOS Fuzzing YUHENG SHEN, HAO SUN, YU JIANG, HEYUAN SHI ∗, and YIXIAO YANG ∗, KLISS, BNRist, School of Software, Tsinghua University, China WANLI CHANG, Hunan University, China A real-time operating system (RTOS) is an operating system designed to meet certain real-time requirements. It is widely used in embedded applications, and its correctness is safety-critical. However, the validation of RTOS is challenging due to its complex real-time features and large code base. In this paper, we propose Rtkaller, a state-aware kernel fuzzer for the vulnerability detection in RTOS. First, Rtkaller implements an automatic task initialization to transform the syscall sequences into initial tasks with more real-time information. Then, a coverage-guided task mutation is designed to generate those tasks that explore more in-depth real-time related code for parallel execution. Moreover, Rtkaller realizes a task modification to correct those tasks that may hang during fuzzing. We evaluated it on recent versions of rt-Linux, which is one of the most widely used RTOS. Compared to the state-of-the-art kernel fuzzers Syzkaller and Moonshine, Rtkaller achieves the same code coverage at the speed of 1.7X and 1.6X , gains an increase of 26.1% and 22.0% branch coverage within 24 hours respectively. More importantly, Rtkaller has confirmed 28 previously unknown vulnerabilities that are missed by other fuzzers. CCS Concepts: • Security and privacy ! Virtualization and security; Domain-specific security and privacy architectures; Vulnerability scanners; • Computer systems organization ! Real-time operat- ing systems. Additional Key Words and Phrases: Fuzz Testing, RTOS, Vulnerability Detection, Task Generation ACM Reference Format: Yuheng Shen, Hao Sun, Yu Jiang, Heyuan Shi, Yixiao Yang, and Wanli Chang.
    [Show full text]
  • Review Der Linux Kernel Sourcen Von 4.9 Auf 4.10
    Review der Linux Kernel Sourcen von 4.9 auf 4.10 Reviewed by: Tested by: stecan stecan Period of Review: Period of Test: From: Thursday, 11 January 2018 07:26:18 o'clock +01: From: Thursday, 11 January 2018 07:26:18 o'clock +01: To: Thursday, 11 January 2018 07:44:27 o'clock +01: To: Thursday, 11 January 2018 07:44:27 o'clock +01: Report automatically generated with: LxrDifferenceTable, V0.9.2.548 Provided by: Certified by: Approved by: Account: stecan Name / Department: Date: Friday, 4 May 2018 13:43:07 o'clock CEST Signature: Review_4.10_0_to_1000.pdf Page 1 of 793 May 04, 2018 Review der Linux Kernel Sourcen von 4.9 auf 4.10 Line Link NR. Descriptions 1 .mailmap#0140 Repo: 9ebf73b275f0 Stephen Tue Jan 10 16:57:57 2017 -0800 Description: mailmap: add codeaurora.org names for nameless email commits ----------- Some codeaurora.org emails have crept in but the names don't exist for them. Add the names for the emails so git can match everyone up. Link: http://lkml.kernel.org/r/[email protected] 2 .mailmap#0154 3 .mailmap#0160 4 CREDITS#2481 Repo: 0c59d28121b9 Arnaldo Mon Feb 13 14:15:44 2017 -0300 Description: MAINTAINERS: Remove old e-mail address ----------- The ghostprotocols.net domain is not working, remove it from CREDITS and MAINTAINERS, and change the status to "Odd fixes", and since I haven't been maintaining those, remove my address from there. CREDITS: Remove outdated address information ----------- This address hasn't been accurate for several years now.
    [Show full text]
  • The Virtual Filesystem Interface in 4.4BSDI
    The Virtual Filesystem Interface in 4.4BSDI Marshall Kirk McKusick Consultant and Author Berkeley, California ABSTRACT: This paper describes the virtual filesys- tem interface found in 4.4BSD. This interface is de- signed around an object oriented virtual file node or "vnode" data structure. The vnode structure is de- scribed along with its method for dynamically expand- ing its set of operations. These operations have been divided into two groups: those to manage the hierarchi- cal filesystem name space and those to manage the flat filestore. The translation of pathnames is described, as it requires a tight coupling between the virtual filesys- tem layer and the underþing filesystems through which the path traverses. This paper describes the filesystem services that are exported from the vnode interface to its clients, both local and remote. It also describes the set of services provided by the vnode layer to its client filesystems. The vnode interface has been generalized to allow multiple filesystems to be stacked together. After describing the stacking functionality, several examples of stacking filesystems are shown. t To appear in The Design and Implementation of the 4.4BSD Operating System, by Marshall Kirk McKusick, publisher. et al., @1995 by Addison-Wesley Publishing Companf Inc. Reprinted with the permission of the o 1995 The USENIX Association, Computing Systems, Vol. 8 ' No. 1 ' Winter 1995 I. The Virtual Filesystem Interface In early UNIX systems, the file entries directly referenced the local filesystem inode, see Figure I [Leffler et al. 1989]. This approach worked fine when there was a single filesystem implementation. However, with the advent of multþle filesystem types, the architecture had to be generalized.
    [Show full text]
  • Systemd from Wikipedia, the Free Encyclopedia for Other Uses, See System D (Disambiguation)
    systemd From Wikipedia, the free encyclopedia For other uses, see System D (disambiguation). systemd Startup messages on Fedora 17, which uses systemd Original author(s) Lennart Poettering, Kay Sievers, Harald Hoyer, Daniel Mack, Tom Gundersen and David Herrmann Developer(s) Lennart Poettering, Kay Sievers, Harald Hoyer, Daniel Mack, Tom Gundersen, David Herrmann, and others[1] Initial release 30 March 2010 Stable release 219 (February 16, 2015) [±] (https://en.wikipedia.org/w/index.php? title=Template:Latest_stable_software_release/systemd&action=edit)[2] Written in C[3] Operating system Linux Type System software License GNU LGPL 2.1+[4] Website freedesktop.org/.../systemd/ (http://freedesktop.org/wiki/Software/systemd/) systemd is a suite of system management daemons, libraries, and utilities designed as a central management and configuration platform for the Linux computer operating system. Described by its authors as a "basic building block" for an operating system,[5] systemd can be used as a Linux init system (the process called by the Linux kernel to initialize the user space during the Linux startup process and manage all processes afterwards) replacing the UNIX System V and Berkeley Software Distribution (BSD) style daemon. The name systemd adheres to the Unix convention of making daemons easier to distinguish by having the letter d as the last letter of the filename.[6] systemd is designed for Linux and programmed exclusively for the Linux API. It is published as free and open-source software under the terms of the GNU Lesser General Public License (LGPL) version 2.1 or later.[4] One of systemd's main goals is to unify basic Linux configurations and service behaviors across all distributions.[7] The design of systemd has generated significant controversy within the free software community.
    [Show full text]
  • Downloaded for Free From
    The Design of the NetBSD I/O Subsystems SungWon Chung Pusan National University 2 This book is dedicated to the open-source code developers in the NetBSD community. The original copy of this publication is available in an electronic form and it can be downloaded for free from http://arXiv.org. Copyright (c) 2002 by SungWon Chung. For non-commercial and personal use, this publication may be reproduced, stored in a retrieval system, or transmitted in any form by any means, electronic, mechanical, photocopying, recording or otherwise. For commercial use, no part of this publication can be reproduced by any means without the prior written permission of the author. NetBSD is the registered trademark of The NetBSD Foundation, Inc. Contents Preface 14 I Basics to Learn Filesystem 15 1 Welcome to the World of Kernel ! 17 1.1 How Does a System Call Dive into Kernel from User Program ? . 17 1.1.1 Example: write system call . 17 1.1.2 Ultra SPARC 0x7c CPU Trap . 18 1.1.3 Jump to the File Descriptor Layer . 24 1.1.4 Arriving at Virtual Filesystem Operations . 28 1.2 General Data Structures in Kernel such as List, Hash, Queue, ... 30 1.2.1 Linked-Lists . 30 1.2.2 Tail Queues . 34 1.2.3 Hash . 38 1.3 Waiting and Sleeping in Kernel . 39 1.4 Kernel Lock Manager . 39 1.4.1 simplelock and lock . 39 1.4.2 Simplelock Interfaces . 40 1.4.3 Lock Interfaces . 40 1.5 Kernel Memory Allocation . 43 1.6 Resource Pool Manager .
    [Show full text]
  • The Title Title: Subtitle March 2007
    sub title The Title Title: Subtitle March 2007 Copyright c 2006-2007 BSD Certification Group, Inc. Permission to use, copy, modify, and distribute this documentation for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. THE DOCUMENTATION IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS DOCUMENTATION INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CON- SEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEG- LIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS DOCUMENTATION. NetBSD and pkgsrc are registered trademarks of the NetBSD Foundation, Inc. FreeBSD is a registered trademark of the FreeBSD Foundation. Contents Introduction v 1 Chapter Installing and Upgrading the OS and Software 1 1.1 Recognize the installation program used by each operating system . 2 1.2 Recognize which commands are available for upgrading the operating system 6 1.3 Understand the difference between a pre-compiled binary and compiling from source . 8 1.4 Understand when it is preferable to install a pre-compiled binary and how to doso ...................................... 9 1.5 Recognize the available methods for compiling a customized binary . 10 1.6 Determine what software is installed on a system . 10 1.7 Determine which software requires upgrading . 11 1.8 Upgrade installed software . 11 1.9 Determine which software have outstanding security advisories .
    [Show full text]
  • CS615 - System Administration Slide 1
    CS615 - System Administration Slide 1 CS615 - System Administration Filesystem and OS Boot Process Concepts Department of Computer Science Stevens Institute of Technology Jan Schaumann [email protected] https://stevens.netmeister.org/615/ Lecture 03: Software Installation Concepts February 10, 2020 CS615 - System Administration Slide 2 Basic Filesystem Concepts The UNIX Filesystem Lecture 03: Software Installation Concepts February 10, 2020 CS615 - System Administration Slide 3 Basic Filesystem Concepts: The UNIX Filesystem The filesystem is responsible for storing the data on the disk. So to read/write data, it needs to know in which physical blocks the actual data is located; ie how to map files to the disk blocks. Lecture 03: Software Installation Concepts February 10, 2020 CS615 - System Administration Slide 4 Let’s pretend we’re a filesystem... aws ec2 create-volume --size 1 --availability-zone us-east-1d aws ec2 attach-volume --volume-id XXX --instance-id XXX --device /dev/sda3 dmesg for i in $(seq $((1024 * 128))); do printf ’\0\0\0\0\0\0\0\0’ done | dd of=/dev/xbd2d Lecture 03: Software Installation Concepts February 10, 2020 CS615 - System Administration Slide 5 Basic Filesystem Concepts: The UNIX Filesystem Lecture 03: Software Installation Concepts February 10, 2020 CS615 - System Administration Slide 6 Basic Filesystem Concepts: The UNIX Filesystem Lecture 03: Software Installation Concepts February 10, 2020 CS615 - System Administration Slide 7 Basic Filesystem Concepts: The UNIX Filesystem Lecture 03: Software Installation Concepts February 10, 2020 CS615 - System Administration Slide 8 Basic Filesystem Concepts: The UNIX Filesystem Lecture 03: Software Installation Concepts February 10, 2020 CS615 - System Administration Slide 9 Let’s pretend we’re a filesystem..
    [Show full text]
  • Man-Pages: Discovery, Feedback Loops, and the Perfect Kernel Commit Message
    Kernel Recipes 2016 Man-pages: discovery, feedback loops, and the perfect kernel commit message Michael Kerrisk man7.org Training and Consulting http://man7.org/training/ 29 September 2016, Paris Outline 1 Introduction 2 man-pages: history and current state 3 man-pages: challenges 4 The challenges of API design 5 Mitigations 6 Mitigations: unit tests 7 Mitigations: specifications 8 Mitigations: write a real application 9 Mitigations: documentation 10 The problem of discovery 11 The feedback loop 12 The perfect kernel commit message 13 Concluding thoughts 14 Addendum: cgroup mountinfo mails Outline 1 Introduction 2 man-pages: history and current state 3 man-pages: challenges 4 The challenges of API design 5 Mitigations 6 Mitigations: unit tests 7 Mitigations: specifications 8 Mitigations: write a real application 9 Mitigations: documentation 10 The problem of discovery 11 The feedback loop 12 The perfect kernel commit message 13 Concluding thoughts 14 Addendum: cgroup mountinfo mails Who am I? Contributor to Linux man-pages project since 2000 Maintainer since 2004 Lots of testing, lots of bug reports Much kernel reading; a very small number of kernel patches Author of a book on the Linux programming interface IOW: looking at Linux APIs a lot and for a long time I.e., kernel-user-space APIs and libc APIs http://man7.org/ Man-pages: discovery, feedback, and commit messages c 2016 Kerrisk | Introduction 4 / 89 Who am I? Contributor to Linux man-pages project since 2000 Maintainer since 2004 Lots of testing, lots of bug reports Much kernel reading;
    [Show full text]
  • Rethinking File Mapping for Persistent Memory
    Rethinking File Mapping for Persistent Memory Ian Neal, Gefei Zuo, Eric Shiple, and Tanvir Ahmed Khan, University of Michigan; Youngjin Kwon, School of Computing, KAIST; Simon Peter, University of Texas at Austin; Baris Kasikci, University of Michigan https://www.usenix.org/conference/fast21/presentation/neal This paper is included in the Proceedings of the 19th USENIX Conference on File and Storage Technologies. February 23–25, 2021 978-1-939133-20-5 Open access to the Proceedings of the 19th USENIX Conference on File and Storage Technologies is sponsored by USENIX. Rethinking File Mapping for Persistent Memory Ian Neal Gefei Zuo Eric Shiple Tanvir Ahmed Khan University of Michigan University of Michigan University of Michigan University of Michigan Youngjin Kwon Simon Peter Baris Kasikci School of Computing, KAIST University of Texas at Austin University of Michigan Abstract on the underlying device—comprises up to 70% of the IO path of real workloads in a PM-optimized file system (as we Persistent main memory (PM) dramatically improves IO show in §4.8). Even for memory-mapped files, file mapping is performance. We find that this results in file systems on PM still involved in file appends. Yet, existing PM-optimized file spending as much as 70% of the IO path performing file map- systems either simply reuse mapping approaches [11,14,24] ping (mapping file offsets to physical locations on storage originally designed for slower block devices [29], or devise media) on real workloads. However, even PM-optimized file new approaches without rigorous analysis [15, 57]. systems perform file mapping based on decades-old assump- PM presents a number of challenges to consider for file tions.
    [Show full text]
  • Flexible Operating System Internals: the Design and Implementation of the Anykernel and Rump Kernels Aalto University
    Department of Computer Science and Engineering Aalto- Antti Kantee DD Flexible Operating System 171 / 2012 2012 Internals: FlexibleSystemOperating Internals: TheDesign andImplementation theofandAnykernelRump Kernels The Design and Implementation of the Anykernel and Rump Kernels Antti Kantee 9HSTFMG*aejbgi+ ISBN 978-952-60-4916-8 BUSINESS + ISBN 978-952-60-4917-5 (pdf) ECONOMY ISSN-L 1799-4934 ISSN 1799-4934 ART + ISSN 1799-4942 (pdf) DESIGN + ARCHITECTURE UniversityAalto Aalto University School of Science SCIENCE + Department of Computer Science and Engineering TECHNOLOGY www.aalto.fi CROSSOVER DOCTORAL DOCTORAL DISSERTATIONS DISSERTATIONS "BMUP6OJWFSTJUZQVCMJDBUJPOTFSJFT %0$503"-%*44&35"5*0/4 &2#&ŗ*,.#(!ŗ3-.'ŗ (.,(&-Ćŗ "ŗ-#!(ŗ(ŗ '*&'(..#)(ŗ) ŗ."ŗ (3%,(&ŗ(ŗ/'*ŗ ,(&-ŗ "OUUJ,BOUFF "EPDUPSBMEJTTFSUBUJPODPNQMFUFEGPSUIFEFHSFFPG%PDUPSPG 4DJFODFJO5FDIOPMPHZUPCFEFGFOEFE XJUIUIFQFSNJTTJPOPGUIF "BMUP6OJWFSTJUZ4DIPPMPG4DJFODF BUBQVCMJDFYBNJOBUJPOIFMEBU UIFMFDUVSFIBMM5PGUIFTDIPPMPO%FDFNCFSBUOPPO "BMUP6OJWFSTJUZ 4DIPPMPG4DJFODF %FQBSUNFOUPG$PNQVUFS4DJFODFBOE&OHJOFFSJOH 4VQFSWJTJOHQSPGFTTPS 1SPGFTTPS)FJLLJ4BJLLPOFO 1SFMJNJOBSZFYBNJOFST %S.BSTIBMM,JSL.D,VTJDL 64" 1SPGFTTPS3FO[P%BWPMJ 6OJWFSTJUZPG#PMPHOB *UBMZ 0QQPOFOU %S1FUFS5SÍHFS )BTTP1MBUUOFS*OTUJUVUF (FSNBOZ "BMUP6OJWFSTJUZQVCMJDBUJPOTFSJFT %0$503"-%*44&35"5*0/4 "OUUJ,BOUFFQPPLB!JLJGJ 1FSNJTTJPOUPVTF DPQZ BOEPSEJTUSJCVUFUIJTEPDVNFOUXJUIPS XJUIPVUGFFJTIFSFCZHSBOUFE QSPWJEFEUIBUUIFBCPWFDPQZSJHIU OPUJDFBOEUIJTQFSNJTTJPOOPUJDFBQQFBSJOBMMDPQJFT%JTUSJCVUJOH NPEJGJFEDPQJFTJTQSPIJCJUFE *4#/ QSJOUFE *4#/
    [Show full text]
  • Kernel/User-Level Collaborative Persistent Memory File System with Efficiency and Protection
    Kernel/User-level Collaborative Persistent Memory File System with Efficiency and Protection Youmin Chen Youyou Lu Bohong Zhu Jiwu Shu Tsinghua University Abstract File systems have long been part of an operating system, Emerging high performance non-volatile memories recall the and are placed in the kernel level to provide data protection importance of efficient file system design. To avoid the virtual from arbitrary user writes. System calls (syscalls) are used file system (VFS) and syscall overhead as in these kernel- for the communication between the kernel and userspace. In based file systems, recent works deploy file systems directly the kernel, the virtual file system (VFS) is an abstraction in user level. Unfortunately, a user level file system can easily layer that hides concrete file system designs to provide be corrupted by a buggy program with misused pointers, and uniform accesses. However, both syscall and VFS incur non- is hard to scale on multi-core platforms which incorporates a negligible overhead in file systems for NVMs. Our evaluation centralized coordination service. on NOVA [33] shows that, even the highly scalable and In this paper, we propose KucoFS, a Kernel and user- efficient NVM-aware file system still suffers great overhead in level collaborative file system. It consists of two parts: a the VFS layer and fails to scale on some file operations (e.g., creat/unlink syscall user-level library with direct-access interfaces, and a kernel ). For , the context switch overhead thread, which performs metadata updates and enforces write occupies up to 34% of the file system accessing time, even protection by toggling the permission bits in the page table.
    [Show full text]
  • Forensic Memory Analysis for Apple OS X Andrew F
    Air Force Institute of Technology AFIT Scholar Theses and Dissertations Student Graduate Works 6-14-2012 Forensic Memory Analysis for Apple OS X Andrew F. Hay Follow this and additional works at: https://scholar.afit.edu/etd Part of the Computer Sciences Commons Recommended Citation Hay, Andrew F., "Forensic Memory Analysis for Apple OS X" (2012). Theses and Dissertations. 1118. https://scholar.afit.edu/etd/1118 This Thesis is brought to you for free and open access by the Student Graduate Works at AFIT Scholar. It has been accepted for inclusion in Theses and Dissertations by an authorized administrator of AFIT Scholar. For more information, please contact [email protected]. FORENSIC MEMORY ANALYSIS FOR APPLE OS X THESIS Andrew F. Hay AFIT/GCO/ENG/12-17 DEPARTMENT OF THE AIR FORCE AIR UNIVERSITY AIR FORCE INSTITUTE OF TECHNOLOGY Wright-Patterson Air Force Base, Ohio APPROVED FOR PUBLIC RELEASE; DISTRIBUTION UNLIMITED The views expressed in this thesis are those of the author and do not reflect the official policy or position of the United States Air Force, Department of Defense, or the United States Government. This material is declared a work of the United States Government and is not subject to copyright protection in the United States. AFIT/GCO/ENG/12-17 FORENSIC MEMORY ANALYSIS FOR APPLE OS X THESIS Presented to the Faculty Department of Electrical and Computer Engineering Graduate School of Engineering and Management Air Force Institute of Technology Air University Air Education and Training Command In Partial Fulfillment of the Requirements for the Degree of Master of Science Andrew F.
    [Show full text]