DOCSLIB.ORG

December 2010 VOLUME 35 NUMBER 6

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

December 2010 VOLUME 35 NUMBER 6 OPINION Musings 2 RikR FaR ow SECURITY Introducing Capsicum: Practical Capabilities for UNIX 7 Robe Rt N.M. watsoN, JoNathaN THE USENIX MAGAZINE aNdeRsoN, beN LauRie, aNd kRis keNNaway The Nocebo Effect on the Web: An Analysis of Fake Anti-Virus Distribution 18 Moheeb abu Ra Jab, Lucas baLLaRd, PaNayiotis MavRoMMatis, NieLs PRovos, aNd XiN Zhao Vulnerable Compliance 26 d aN GeeR Overcoming an Untrusted Computing Base: Detecting and Removing Malicious Hardware Automatically 31 Matthew hicks, MuRPh FiNNicuM, saMueL t. kiNG, MiLo M.k. MaRtiN, aNd JoNathaN M. sMith C OLUMNS Practical Perl Tools: Family Man 42 d avid N. bLaNk-edeLMaN Pete’s All Things Sun: Comparing Solaris to RedHat Enterprise and AIX 48 Petee R ba R GaLviN iVoyeur: Ganglia on the Brain 54 d ave JosePhseN /dev/random 58 Robe Rt G. Fe RReLL BOEO K reVI WS Book Reviews 60 El iZabeth Zwicky et a L. useni X NOTES Thankso t Our Volunteers 64 Ell u ie yo ng CN O FERENCES 19th USENIX Security Symposium Reports 67 Report on the 5th USENIX Workshop on Hot Topics in Security 97 Report on the 1st USENIX Workshop on Health Security and Privacy 103 Report on the 4th USENIX Workshop on Offensive Technologies 112 Report on the New Security Paradigms Workshop 117 The Advanced Computing Systems Association dec10covers.indd 1 11.17.10 1:28 PM Upcoming Events 9th USENIX CoNfErence oN fIlE aNd StoragE 2011 USENIX fEdEratEd CoNfErences Week techNologies (FASt ’11) j une 12–17, 2011, portland, OR, uSa Sponsored by USENIX in cooperation with ACM SIGOPS EventS inclUdE: February 15–18, 2011, San joSe, Ca, uSa http://www.usenix.org/fast11 3rd WorkShop oN hot topics in StoragE aNd fIlE SyStems (hotStoragE ’11) WorkShop oN hot topics in MaNagement of june 14, 2011 INtErnet, CloUd, aNd ENtErprise NEtWorkS aNd http://www.usenix.org/hotstorage11 SErvices (hot-ICE ’11) Submissions due: March 9, 2011 Co-located with NSDI ’11 3rd USENIX WorkShop oN hot topics in Mar Ch 29, 2011, boSton, Ma, uSa CloUd CoMpUting (hotCloUd ’11) http://www.usenix.org/hotice11 june 14–15, 2011 http://www.usenix.org/hotcloud11 4th USENIX WorkShop oN largE-SCalE EXploItS aNd Emergent thrEatS (lEEt ’11) 2011 USENIX annual technical CoNfErence Co-located with NSDI ’11 (USENIXt a C ’11) Mar Ch 29, 2011, boSton, Ma, uSa june 15–17, 2011 http://www.usenix.org/leet11 http://www.usenix.org/atc11 Submissions due: January 12, 2011 8th USENIX SyMposium oN NEtWorkEd SyStems 2Nd USENIX CoNfErence oN WEb applicatIoN desigN aNd IMplementatIoN (NSdI ’11) dEvElopment (WEbappS ’11) Sponsored by USENIX in cooperation with ACM SIGCOMM and june 15–16, 2011 ACM SIGOPS http://www.usenix.org/webapps11 Mar Ch 30–april 1, 2011, boSton, Ma, uSa Submissions due: January 21, 2011 http://www.usenix.org/nsdi11 20th USENIX SecurIty SyMposium EUropEaN CoNfErence oN CoMpUtEr SyStems (USENIX SecurIty ’11) (EUroSyS 2011) Sponsored by ACM SIGOPS in cooperation with USENIX a uguSt 10–12, 2011, San FranCiSCo, Ca, uSa http://www.usenix.org/sec11 a pril 10–13, 2011, Salzburg, auStria Submissions due: February 10, 2011 http://eurosys2011.cs.uni-salzburg.at WorkShopS Co-loCatEd with 13th WorkShop oN hot topics in opErating USENIX SecurIty ’11 (aS of 11/10): SyStems (hotoS XIII) Sponsored by USENIX in cooperation with the IEEE Technical 2011 Electronic voting techNology Committee on Operating Systems (TCOS) WorkShop/WorkShop oN trustWorthy May 8–10, 2011, napa, Ca, uSa ElectIons (EVT/WOTE ’11) http://www.usenix.org/hotos11 a uguSt 8–9, 2011 Submissions due: January 15, 2011 http://www.usenix.org/evtwote11 Submissions due: April 20, 2011 3rd USENIX WorkShop oN hot topics in parallElism (hotpar ’11) 23rd aCM SyMposium oN opErating SyStems May 26–27, 2011, berkeley, Ca, uSa principles (SoSp 2011) http://www.usenix.org/hotpar11 Sponsored by ACM SIGOPS in cooperation with USENIX Submissions due: January 16, 2011 oC tober 23–26, 2011, CaSCaiS, portugal http://sosp2011.gsd.inesc-id.pt Submissions due: March 11, 2011 For a complete list of all USENIX & USENIX co-sponsored events, see http://www.usenix.org/events. dec10covers.indd 2 11.17.10 1:28 PM OPINION Musings 2 Ri r k FAr Ow SECURITY Introducing Capsicum: Practical Capabilities for UNIX 7 Ro berT N. m. wATsON, JONAThAN ANDersON, beN LAurIe, AND krIs keNNAwAy The Nocebo Effect on the Web: An Analysis of Fake Anti-Virus Distribution 18 Mo heeb Abu rAJAb, LucAs bALLArD, contents PANAyIOTIs mAvrOmmATIs, NIeLs PrOvOs, AND XIN ZhAO Vulnerable Compliance 26 DN A Geer Overcoming an Untrusted Computing Base: Detecting and Removing Malicious Hardware Automatically 31 Matt hew hIcks, murPh FINNIcum, sAmueL T. kING, mILO m.k. mArTIN, AND JONAThAN m. smITh C OLUMNS Practical Perl Tools: Family Man 42 D AvI N. bLANk-eDeLmAN Pete’s All Things Sun: Comparing Solaris to RedHat Enterprise and AIX 48 VOL. 35, #6, December 2010 Pe A Ter b er Galvin ;login: is the official Editor iVoyeur: Ganglia on the Brain 54 Rik Farrow magazine of the [email protected] USENIX Association. D Ave JOsePhseN Managing Editor ;login: (ISSN 1044-6397) is /dev/random 58 Jane-Ellen Long published bi-monthly by the Ro berT G. FerreLL [email protected] USENIX Association, 2560 Ninth Street, Suite 215, Copy Editor Berkeley, CA 94710. Steve Gilmartin BOEO K reVI WS Book Reviews 60 [email protected] $90 of each member’s annual ElizabeTh ZwIcky eT AL. dues is for an annual sub- produCtion scription to ;login:. Subscrip- Casey Henderson tions for nonmembers are useni X NOTES Thanks to Our Volunteers 64 Jane-Ellen Long $125 per year. ElliO e y ung Jennifer Peterson Periodicals postage paid at typEsEttEr Berkeley, CA, and additional CN O FERENCES Star Type offices. 19th USENIX Security Symposium Reports 67 [email protected] POSTMASTER: Send address Report on the 5th USENIX Workshop on usEniX assoCiation changes to ;login:, Hot Topics in Security 97 2560 Ninth Street, USENIX Association, Suite 215, Berkeley, 2560 Ninth Street, Report on the 1st USENIX Workshop on California 94710 Suite 215, Berkeley, Health Security and Privacy 103 Phone: (510) 528-8649 CA 94710. FAX: (510) 548-5738 Report on the 4th USENIX Workshop on ©2010 USENIX Association Offensive Technologies 112 http://www.usenix.org http://www.sage.org USENIX is a registered trade- Report on the New Security Paradigms mark of the USENIX Associa- tion. Many of the designations Workshop 117 used by manufacturers and sellers to distinguish their products are claimed as trade- marks. USENIX acknowledges all trademarks herein. Where those designations appear in this publication and USENIX is aware of a trademark claim, the designations have been printed in caps or initial caps. ;LOGIN: December 2010 ArTIcLe TITLe 1 DECEMBERarticles.indd 1 11.17.10 12:56 PM I’ve been accused, r Ightly, of be Ing pessimistic about computer security, and Rik Fa RRow recent events have only increased that pessimism. But rather than tire you with my grumblings, I thought I would take a dispassionate look at computer security as it exists today and make positive suggestions about what you might do, musings whether in your professional or personal Rik is the Editor of ;login:. lives. [email protected] I’ll start out with something you might find surprising, considering the source: if you, or people you know or work with, use Windows XP, convince them to upgrade. The same goes for people using anything earlier than Server 2008. Microsoft began its Trustworthy Computing Initiative in 2002 and has paid much more attention to security in recent years. Some of the fruits include more reactive security measures, such as DEP ( data execution prevention) and ASLR (address space layout randomization), although these are not used in all applications. Internet Explorer 7 prior to SP1 is one of those applications that is not protected with either DEP or ASLR for application compatibility, but later versions are, as is IE8. Both IE7 and IE8 also rely on Integrity Levels [1], an ACL mechanism where less trusted processes, such as Web browsers, get run with a low integrity level. Processes with low integrity levels have limited or no access to files, processes, or other objects (e.g., registry keys and named pipes) at higher integrity levels—which means, most of the system. These are good things. I kept hearing from my friends in security that Windows had gotten a lot more secure—but they wouldn’t or couldn’t provide strong evidence that these mechanisms actually help. Then I learned from Niels Provos, whose Google team searches the Web for malicious sites, that it was much more difficult for most exploits to work with IE7 or IE8. While his team’s goal is to find pages that lead to exploits on any version of Windows, I found this interesting news, as they actually test hundreds of millions of pages in their Windows equipped sandboxes (see “The Nocebo Effect,” p. 18). Crispin Cowan, the inventor of stack canaries, also known for Immunix and AppArmor, began working for Microsoft in 2008. Cowan spoke at the 2010 USENIX Security Symposium, allegedly 2 ;LOGIN: vOL. 35, NO. 6 DECEMBERarticles.indd 2 11.17.10 12:56 PM about the security features of Windows 7 but actually about how Microsoft had sometimes been the first vendor to include new security features. I have it on good authority [2] that such talk is security theater, but you can watch the video of his presentation and decide for yourself [3]. You can also read the summaries of his talk and that of Roger Johnston, the person who describes Cowan’s talk as security theater, in this issue.
Recommended publications
  • Katalog Elektronskih Knjiga

    Katalog Elektronskih Knjiga

    KATALOG ELEKTRONSKIH KNJIGA Br Autor Naziv Godina ISBN Str. Porijeklo izdavanja 1 Peter Kent Pay Per Click Search 2006 0-471-74594-3 130 Kupovina Engine Marketing for Dummies 2 Terry Large Access 1 2007 Internet Freeware 3 Kevin Smith Excel Lassons & Tutorials 2004 Internet Freeware 4 Terry Michael Photografy Tutorials 2006 Internet Freeware Janine Peterson Phil Pivnick 5 Jake Ludington Converting Vinyl LPs 2003 Internet Freeware to CD 6 Allen Wyatt Cleaning Windows XP 2004 0-7645-7311-X Poklon for Dummies 7 Peter Kent Sarch Engine Optimization 2006 0-4717-5441-2 Kupovina for Dummies 8 Terry Large Access 2 2007 Internet Freeware 9 Dirk Dupon How to write, create, 2005 Internet Freeware promote and sell E-books on the Internet 10 Chayden Bates eBook Marketing 2000 Internet Freeware Explained 11 Kevin Sinclair How To Choose A 1999 Internet Freeware Homebased Bussines 12 Bob McElwain 101 Newbie-Frendly Tips 2001 Internet Freeware 13 Windows Basics 2004 Poklon 14 Michael Abrash Zen of Graphic 2005 Poklon Programming, 2. izdanje 15 13 Hot Internet 2000 Internet Freeware Moneymaking Methods 16 K. Williams The Complete HTML 1998 Poklon Teacher 17 C. Darwin On the Origin of Species Internet Freeware 2/175 Br Autor Naziv Godina ISBN Str. Porijeklo izdavanja 18 C. Darwin The Variation of Animals Internet Freeware 19 Bruce Eckel Thinking in C++, Vol 1 2000 Internet Freeware 20 Bruce Eckel Thinking in C++, Vol 2 2000 Internet Freeware 21 James Parton Captains of Industry 1890 399 Internet Freeware 22 Bruno R. Preiss Data Structures and 1998 Internet
  • Mac OS X Server Administrator's Guide

    Mac OS X Server Administrator's Guide

    034-9285.S4AdminPDF 6/27/02 2:07 PM Page 1 Mac OS X Server Administrator’s Guide K Apple Computer, Inc. © 2002 Apple Computer, Inc. All rights reserved. Under the copyright laws, this publication may not be copied, in whole or in part, without the written consent of Apple. The Apple logo is a trademark of Apple Computer, Inc., registered in the U.S. and other countries. Use of the “keyboard” Apple logo (Option-Shift-K) for commercial purposes without the prior written consent of Apple may constitute trademark infringement and unfair competition in violation of federal and state laws. Apple, the Apple logo, AppleScript, AppleShare, AppleTalk, ColorSync, FireWire, Keychain, Mac, Macintosh, Power Macintosh, QuickTime, Sherlock, and WebObjects are trademarks of Apple Computer, Inc., registered in the U.S. and other countries. AirPort, Extensions Manager, Finder, iMac, and Power Mac are trademarks of Apple Computer, Inc. Adobe and PostScript are trademarks of Adobe Systems Incorporated. Java and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. Netscape Navigator is a trademark of Netscape Communications Corporation. RealAudio is a trademark of Progressive Networks, Inc. © 1995–2001 The Apache Group. All rights reserved. UNIX is a registered trademark in the United States and other countries, licensed exclusively through X/Open Company, Ltd. 062-9285/7-26-02 LL9285.Book Page 3 Tuesday, June 25, 2002 3:59 PM Contents Preface How to Use This Guide 39 What’s Included
  • Bibliography of Erik Wilde

    Bibliography of Erik Wilde

    dretbiblio dretbiblio Erik Wilde's Bibliography References [1] AFIPS Fall Joint Computer Conference, San Francisco, California, December 1968. [2] Seventeenth IEEE Conference on Computer Communication Networks, Washington, D.C., 1978. [3] ACM SIGACT-SIGMOD Symposium on Principles of Database Systems, Los Angeles, Cal- ifornia, March 1982. ACM Press. [4] First Conference on Computer-Supported Cooperative Work, 1986. [5] 1987 ACM Conference on Hypertext, Chapel Hill, North Carolina, November 1987. ACM Press. [6] 18th IEEE International Symposium on Fault-Tolerant Computing, Tokyo, Japan, 1988. IEEE Computer Society Press. [7] Conference on Computer-Supported Cooperative Work, Portland, Oregon, 1988. ACM Press. [8] Conference on Office Information Systems, Palo Alto, California, March 1988. [9] 1989 ACM Conference on Hypertext, Pittsburgh, Pennsylvania, November 1989. ACM Press. [10] UNIX | The Legend Evolves. Summer 1990 UKUUG Conference, Buntingford, UK, 1990. UKUUG. [11] Fourth ACM Symposium on User Interface Software and Technology, Hilton Head, South Carolina, November 1991. [12] GLOBECOM'91 Conference, Phoenix, Arizona, 1991. IEEE Computer Society Press. [13] IEEE INFOCOM '91 Conference on Computer Communications, Bal Harbour, Florida, 1991. IEEE Computer Society Press. [14] IEEE International Conference on Communications, Denver, Colorado, June 1991. [15] International Workshop on CSCW, Berlin, Germany, April 1991. [16] Third ACM Conference on Hypertext, San Antonio, Texas, December 1991. ACM Press. [17] 11th Symposium on Reliable Distributed Systems, Houston, Texas, 1992. IEEE Computer Society Press. [18] 3rd Joint European Networking Conference, Innsbruck, Austria, May 1992. [19] Fourth ACM Conference on Hypertext, Milano, Italy, November 1992. ACM Press. [20] GLOBECOM'92 Conference, Orlando, Florida, December 1992. IEEE Computer Society Press. http://github.com/dret/biblio (August 29, 2018) 1 dretbiblio [21] IEEE INFOCOM '92 Conference on Computer Communications, Florence, Italy, 1992.
  • Capsicum: Practical Capabilities for UNIX

    Capsicum: Practical Capabilities for UNIX

    Capsicum: practical capabilities for UNIX Robert N. M. Watson Jonathan Anderson Ben Laurie University of Cambridge University of Cambridge Google UK Ltd. Kris Kennaway Google UK Ltd. Abstract significant technical limitations: current OS facilities are simply not designed for this purpose. Capsicum is a lightweight operating system capabil- The access control systems in conventional (non- ity and sandbox framework planned for inclusion in capability-oriented) operating systems are Discretionary FreeBSD 9. Capsicum extends, rather than replaces, Access Control (DAC) and Mandatory Access Control UNIX APIs, providing new kernel primitives (sandboxed (MAC). DAC was designed to protect users from each capability mode and capabilities) and a userspace sand- other: the owner of an object (such as a file) can specify box API. These tools support compartmentalisation of permissions for it, which are checked by the OS when monolithic UNIX applications into logical applications, the object is accessed. MAC was designed to enforce an increasingly common goal supported poorly by dis- system policies: system administrators specify policies cretionary and mandatory access control. We demon- (e.g. “users cleared to Secret may not read Top Secret strate our approach by adapting core FreeBSD utilities documents”), which are checked via run-time hooks in- and Google’s Chromium web browser to use Capsicum serted into many places in the operating system’s kernel. primitives, and compare the complexity and robustness Neither of these systems was designed to address the of Capsicum with other sandboxing techniques. case of a single application processing many types of in- formation on behalf of one user. For instance, a mod- 1 Introduction ern web browser must parse HTML, scripting languages, images and video from many untrusted sources, but be- Capsicum is an API that brings capabilities to UNIX.
  • Sandboxing with Capsicum

    Sandboxing with Capsicum

    SECURITY Sandboxing with Capsicum PAWEL JAKUB DAWIDEK AND MARIUSZ ZABORSKI Pawel Jakub Dawidek is a ery few programmers have managed to successfully use the principle co-founder and CTO at Wheel of least privilege, as found in OpenSSH, Postfix, and djbdns. Capsi- Systems and a FreeBSD cum, introduced in 2010, adds a capability model designed to make it committer who lives and works V easier for programmers to reason about how to split a program into privileged in Warsaw, Poland. He is the and unprivileged portions. In this article, we describe the changes made in author of various GEOM classes, including the disk-encryption class GELI; he implemented Capsicum since 2010, compare Capsicum to earlier sandboxing techniques, the Highly Available Storage (HAST) daemon and look at the new Casperd, which makes it simpler to split programs. for distributing audit trail files (auditdistd), and Long ago, people started to recognize that security models proposed by the mainstream nowadays is mostly working on the Capsicum operating systems, including Windows, Mac OS X, and all kinds of UNIX-like systems, are framework and the Casper daemon. simply naive: All you need to do is to write programs that have no bugs. That’s indeed naive. [email protected] Let’s also state an obvious rule: The more code we write, the more bugs we introduce, some of which may jeopardize the security of our system. Once we accept this fact, where do we go? Mariusz Zaborski is currently We could only develop very small programs, which are easy to audit, but this again would be working as a software a bit naive.
  • Modified Fast Inverse Square Root and Square Root Approximation

    Modified Fast Inverse Square Root and Square Root Approximation

    computation Article Modified Fast Inverse Square Root and Square Root Approximation Algorithms: The Method of Switching Magic Constants Leonid V. Moroz 1, Volodymyr V. Samotyy 2,3,* and Oleh Y. Horyachyy 1 1 Information Technologies Security Department, Lviv Polytechnic National University, 79013 Lviv, Ukraine; [email protected] (L.V.M.); [email protected] (O.Y.H.) 2 Automation and Information Technologies Department, Cracow University of Technology, 31155 Cracow, Poland 3 Information Security Management Department, Lviv State University of Life Safety, 79007 Lviv, Ukraine * Correspondence: [email protected] Abstract: Many low-cost platforms that support floating-point arithmetic, such as microcontrollers and field-programmable gate arrays, do not include fast hardware or software methods for calculating the square root and/or reciprocal square root. Typically, such functions are implemented using direct lookup tables or polynomial approximations, with a subsequent application of the Newton– Raphson method. Other, more complex solutions include high-radix digit-recurrence and bipartite or multipartite table-based methods. In contrast, this article proposes a simple modification of the fast inverse square root method that has high accuracy and relatively low latency. Algorithms are given in C/C++ for single- and double-precision numbers in the IEEE 754 format for both square root and reciprocal square root functions. These are based on the switching of magic constants in the Citation: Moroz, L.V.; Samotyy, V.V.; initial approximation, depending on the input interval of the normalized floating-point numbers, in Horyachyy, O.Y. Modified Fast order to minimize the maximum relative error on each subinterval after the first iteration—giving Inverse Square Root and Square Root 13 correct bits of the result.
  • Site Map - Apache HTTP Server 2.0

    Site Map - Apache HTTP Server 2.0

    Site Map - Apache HTTP Server 2.0 Apache HTTP Server Version 2.0 Site Map ● Apache HTTP Server Version 2.0 Documentation ❍ Release Notes ■ Upgrading to 2.0 from 1.3 ■ New features with Apache 2.0 ❍ Using the Apache HTTP Server ■ Compiling and Installing Apache ■ Starting Apache ■ Stopping and Restarting the Server ■ Configuration Files ■ How Directory, Location and Files sections work ■ Server-Wide Configuration ■ Log Files ■ Mapping URLs to Filesystem Locations ■ Security Tips ■ Dynamic Shared Object (DSO) support ■ Content Negotiation ■ Custom error responses ■ Setting which addresses and ports Apache uses ■ Multi-Processing Modules (MPMs) ■ Environment Variables in Apache ■ Apache's Handler Use ■ Filters ■ suEXEC Support ■ Performance Hintes ■ URL Rewriting Guide ❍ Apache Virtual Host documentation ■ Name-based Virtual Hosts ■ IP-based Virtual Host Support ■ Dynamically configured mass virtual hosting ■ VirtualHost Examples ■ An In-Depth Discussion of Virtual Host Matching ■ File descriptor limitations ■ Issues Regarding DNS and Apache ❍ Apache Server Frequently Asked Questions http://httpd.apache.org/docs-2.0/sitemap.html (1 of 4) [5/03/2002 9:53:06 PM] Site Map - Apache HTTP Server 2.0 ■ Support ❍ Apache SSL/TLS Encryption ■ SSL/TLS Encryption: An Introduction ■ SSL/TLS Encryption: Compatibility ■ SSL/TLS Encryption: How-To ■ SSL/TLS Encryption: FAQ ■ SSL/TLS Encryption: Glossary ❍ Guides, Tutorials, and HowTos ■ Authentication ■ Apache Tutorial: Dynamic Content with CGI ■ Apache Tutorial: Introduction to Server Side Includes ■ Apache
  • Agents for Games and Simulations

    Agents for Games and Simulations

    First International Workshop on Agents for Games and Simulations Budapest May 11, 2009 i Table of Contents Preface iii Avi Rosenfeld and Sarit Kraus. Modeling Agents through Bounded Rationality Theories 1 Jean-Pierre Briot, Alessandro Sordoni, Eurico Vasconcelos, Gustavo Melo, Marta de Azevedo Irving and Isabelle Alvarez. Design of a Decision Maker Agent for a Distributed Role Playing Game - Experience of the SimParc Project 16 Michael Köster, Peter Novák, David Mainzer and Bernd Fuhrmann. Two Case Studies for Jazzyk BSM 31 Joost Westra, Hado van Hasselt, Frank Dignum and Virginia Dignum. Adaptive serious games using agent organizations 46 D.W.F. van Krevelen. Intelligent Agent Modeling as Serious Game 61 Gustavo Aranda, Vicent Botti and Carlos Carrascosa. The MMOG Layer: MMOG based on MAS 75 Ivan M. Monteiro and Luis O. Alvares. A Teamwork Infrastructure for Computer Games with Real-Time Requirements 90 Barry Silverman, Deepthi Chandrasekaran, Nathan Weyer, David Pietrocola, Robert Might and Ransom Weaver. NonKin Village: A Training Game for Learning Cultural Terrain and Sustainable Counter-Insurgent Operations 106 Mei Yii Lim, Joao Dias, Ruth Aylett and Ana Paiva. Intelligent NPCs for Education Role Play Game 117 Derek J. Sollenberger and Munindar P. Singh. Architecture for Affective Social Games 129 Jakub Gemrot, Rudolf Kadlec, Michal Bída, Ondřej Burkert, Radek Píbil, Jan Havlíček, Juraj Šimlovič, Radim Vansa, Michal Štolba, Lukáš Zemčák and Cyril Brom. Pogamut 3 Can Assist Developers in Building AI for Their Videogame Agents 144 Daniel Castro Silva, Ricardo Silva, Luís Paulo Reis and Eugénio Oliveira. Agent-Based Aircraft Control Strategies in a Simulated Environment 149 ii Preface Multi Agent System research offers a promising technology to implement cognitive intelligent Non Playing Characters.
  • ABSTRACT LOHMEYER, EDWIN LLOYD. Unstable Aesthetics

    ABSTRACT LOHMEYER, EDWIN LLOYD. Unstable Aesthetics

    ABSTRACT LOHMEYER, EDWIN LLOYD. Unstable Aesthetics: The Game Engine and Art Modifications (Under the direction of Dr. Andrew Johnston). This dissertation examines episodes in the history of video game modding between 1995 and 2010, situated around the introduction of the game engine as a software framework for developing three-dimensional gamespaces. These modifications made to existing software and hardware were an aesthetic practice used by programmers and artists to explore the relationship between abstraction, the materiality of game systems, and our phenomenal engagement with digital media. The contemporary artists that I highlight—JODI, Cory Arcangel, Orhan Kipcak, Julian Oliver, and Tom Betts—gravitated toward modding because it allowed them to unveil the technical processes of the engine underneath layers of the game’s familiar interface, in turn, recalibrating conventional play into sensual experiences of difference, uncertainty, and the new. From an engagement with abstract forms, they employed modding techniques to articulate new modes of aesthetic participation through an affective encounter with altered game systems. Furthermore, they used abstraction, the very strangeness of the mod’s formal elements, to reveal our habitual interactions with video games by destabilizing conventional gamespaces through sensory modalities of apperception and proprioception. In considering the imbrication of technics and aesthetics in game engines, this work aims to resituate modding practices within a dynamic and more inclusive understanding
  • A Bibliography of O'reilly & Associates and O

    A Bibliography of O'reilly & Associates and O

    A Bibliography of O'Reilly & Associates and O'Reilly Media. Inc. Publishers Nelson H. F. Beebe University of Utah Department of Mathematics, 110 LCB 155 S 1400 E RM 233 Salt Lake City, UT 84112-0090 USA Tel: +1 801 581 5254 FAX: +1 801 581 4148 E-mail: [email protected], [email protected], [email protected] (Internet) WWW URL: http://www.math.utah.edu/~beebe/ 08 February 2021 Version 3.67 Title word cross-reference #70 [1263, 1264]. #70-059 [1263]. #70-068 [1264]. 2 [949]. 2 + 2 = 5986 [1456]. 3 [1149, 1570]. *# [1221]. .Mac [1940]. .NET [1860, 22, 186, 342, 441, 503, 591, 714, 716, 721, 730, 753, 786, 998, 1034, 1037, 1038, 1043, 1049, 1089, 1090, 1091, 1119, 1256, 1468, 1858, 1859, 1863, 1899, 1900, 1901, 1917, 1997, 2029]. '05 [461, 1532]. 08 [1541]. 1 [1414]. 1.0 [1009]. 1.1 [59]. 1.2 [1582]. 1000 [1511]. 1000D [1073]. 10g [711, 710]. 10th [2109]. 11 [1385]. 1 2 2 [53, 209, 269, 581, 2134, 919, 940, 1515, 1521, 1530, 2023, 2045]. 2.0 [2, 55, 203, 394, 666, 941, 1000, 1044, 1239, 1276, 1504, 1744, 1801, 2073]. 2.1 [501]. 2.2 [201]. 2000 [38, 202, 604, 610, 669, 927, 986, 1087, 1266, 1358, 1359, 1656, 1751, 1781, 1874, 1959, 2069]. 2001 [96]. 2003 [70, 71, 72, 73, 74, 279, 353, 364, 365, 789, 790, 856, 987, 1146, 1960, 2026]. 2003-2013 [1746]. 2004 [1195]. 2005 [84, 151, 755, 756, 1001, 1041, 1042, 1119, 1122, 1467, 2120, 2018, 2056]. 2006 [152, 153]. 2007 [618, 726, 727, 728, 1123, 1125, 1126, 1127, 2122, 1973, 1974, 2030].
  • Protecting Commodity Operating Systems Through Strong Kernel Isolation

    Protecting Commodity Operating Systems Through Strong Kernel Isolation

    Protecting Commodity Operating Systems through Strong Kernel Isolation Vasileios P. Kemerlis Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in the Graduate School of Arts and Sciences COLUMBIA UNIVERSITY 2015 c 2015 Vasileios P. Kemerlis All Rights Reserved ABSTRACT Protecting Commodity Operating Systems through Strong Kernel Isolation Vasileios P. Kemerlis Today’s operating systems are large, complex, and plagued with vulnerabilities that allow perpetrators to exploit them for profit. The constant rise in the number of software weak- nesses, coupled with the sophistication of modern adversaries, make the need for effective and adaptive defenses more critical than ever. In this dissertation, we develop a set of novel protection mechanisms, and introduce new concepts and techniques to secure commodity operating systems against attacks that exploit vulnerabilities in kernel code. Modern OSes opt for a shared process/kernel model to minimize the overhead of opera- tions that cross protection domains. However, this design choice provides a unique vantage point to local attackers, as it allows them to control—both in terms of permissions and contents—part of the memory that is accessible by the kernel, easily circumventing protec- tions like kernel-space ASLR and WˆX. Attacks that leverage the weak separation between user and kernel space, characterized as return-to-user (ret2usr) attacks, have been the de facto kernel exploitation technique in virtually every major OS, while they are not limited to the x86 platform, but have also targeted ARM and others. Given the multi-OS and cross-architecture nature of ret2usr threats, we propose kGuard: a kernel protection mechanism, realized as a cross-platform compiler extension, which can safeguard any 32- or 64-bit OS kernel from ret2usr attacks.
  • Survey of the Fast Computation of the Reciprocal Square Root Through Integer Operations on Floating-Point Values

    Survey of the Fast Computation of the Reciprocal Square Root Through Integer Operations on Floating-Point Values

    Survey of the Fast Computation of the Reciprocal Square Root through Integer Operations on Floating-Point Values Thomas Nelson University of Massachusetts Lowell Published July 27, 2017 Abstract Finding a value's reciprocal square root has many uses in vector-based calculations, but arithmetic calculations of finding a square root and performing division are too computationally expensive for typical large-scale real-time performance constraints. This survey examines the \Fast Inverse Square Root" algorithm and explores the techniques of its implementation through examination of the Newton-Raphson Method of Approximation and the magic-number 0x5f3759df which allow for the reciprocal square root to be calculated with only multiplication and subtraction operations. 1 Overview p1 The reciprocal of the square root of a value, x , also called the \inverse square root" is necessary for vector calculations which are instrumental in common 3D-rendering applications. Due to the time-sensitive nature of these applications, there has been a great deal of development over the past 20 years in providing fast approximations of this reciprocal value. While hardware manufacturers began including instruction-set level methods of performing this calculation in 1999, it has taken some time for these to become widespread in end-user machines [5]. An algorithm to quickly find this reciprocal, known as the \Fast Inverse Square Root" algorithm, was popularized and publicized in the late 90s as a general-use solution. 1 Fast Computation of the Reciprocal Square Root THE ALGORITHM This survey explores this \Fast Inverse Square Root" algorithm in detail, providing a full examination of the mathematical formula it employs as well as a derivation of the notorious magic number 0x5f3759df found therein.