Secure Virtualization and Multicore Platforms State-of-the-Art report

SVaM

Thin Hypervisor-Based Security Architectures for Embedded Platforms

Virtualization has grown increasingly popular, thanks to its benefits of isolation, management, and utilization, supported by hardware advances. It is also receiving attention for its potential to support security, through hypervisor-based services and advanced protections supplied to guests. Today, virtualization is even making inroads in the embedded space, and embedded systems, with their security needs, have already started to benefit from virtualization’s security potential. In this thesis, we investigate the possibilities for thin hypervisor-based security on embedded platforms. In addition to significant background study, we present implementation of a low-footprint, thin hypervisor capable of providing security protections to a single FreeRTOS guest kernel on ARM. Backed by performance test results, our hypervisor provides security to a formerly unsecured kernel with minimal performance overhead, and represents a first step in a greater research effort into the security advantages and possibilities of embedded thin hypervisors. Our results show that thin hypervisors are both possible and beneficial even on limited embedded systems, and sets the stage for more advanced investigations, implementations, and security applications in the future

De-ossifying the Internet Transport Layer : A Survey and Future Perspectives

ACKNOWLEDGMENT The authors would like to thank the anonymous reviewers for their useful suggestions and comments.Peer reviewedPublisher PD

Comparative Analysis of Malware Behavior in Hardware and Virtual Sandboxes

openMalicious software, or malware, continues to be a pervasive threat to computer systems and networks worldwide. As malware constantly evolves and becomes more sophisticated, it is crucial to develop effective methods for its detection and analysis. Sandboxing technology has emerged as a valuable tool in the field of cybersecurity, allowing researchers to safely execute and observe malware behavior in controlled environments. This thesis presents a comprehensive investigation into the behavior of malware samples when executed in both hardware and virtual sandboxes. The primary objective is to assess the effectiveness of hardware sandboxing in capturing and analyzing malware behaviors compared to traditional virtual sandboxes. The research methodology involves the execution of various malware samples in both hardware and virtual sandboxes, followed by the analysis of key parameters, including memory changes, file system logs, and network traffic. By comparing the results obtained from the two sandboxing approaches, this study aims to provide insights into the advantages and limitations of each method. Furthermore, the research delves into the potential evasion techniques employed by malware to bypass detection in either sandboxing environment. Identifying such evasion strategies is vital for enhancing the overall security posture and developing more robust defense mechanisms against evolving malware threats. The findings of this research contribute to the field of cybersecurity by shedding light on the strengths and weaknesses of hardware and virtual sandboxes for malware analysis. Ultimately, this work serves as a valuable resource for security practitioners and researchers seeking to improve malware detection and analysis techniques in the ever-evolving landscape of cybersecurity threats.Malicious software, or malware, continues to be a pervasive threat to computer systems and networks worldwide. As malware constantly evolves and becomes more sophisticated, it is crucial to develop effective methods for its detection and analysis. Sandboxing technology has emerged as a valuable tool in the field of cybersecurity, allowing researchers to safely execute and observe malware behavior in controlled environments. This thesis presents a comprehensive investigation into the behavior of malware samples when executed in both hardware and virtual sandboxes. The primary objective is to assess the effectiveness of hardware sandboxing in capturing and analyzing malware behaviors compared to traditional virtual sandboxes. The research methodology involves the execution of various malware samples in both hardware and virtual sandboxes, followed by the analysis of key parameters, including memory changes, file system logs, and network traffic. By comparing the results obtained from the two sandboxing approaches, this study aims to provide insights into the advantages and limitations of each method. Furthermore, the research delves into the potential evasion techniques employed by malware to bypass detection in either sandboxing environment. Identifying such evasion strategies is vital for enhancing the overall security posture and developing more robust defense mechanisms against evolving malware threats. The findings of this research contribute to the field of cybersecurity by shedding light on the strengths and weaknesses of hardware and virtual sandboxes for malware analysis. Ultimately, this work serves as a valuable resource for security practitioners and researchers seeking to improve malware detection and analysis techniques in the ever-evolving landscape of cybersecurity threats

Network Function Virtualization technologies applied to cellular systems

Future 5G networks will exploit the inherent flexibility associated to the introduction of Network Function Virtualization (NFV) technologies in both the core network and even the Radio Access Network (RAN) through the software implementation of network functions running on general purpose computing/storage resources. The advent of the NFV paradigm provides an inherent capability to add new functionalities, extend, upgrade or evolve existing functionalities and to customize the network on a per-tenant basis. In this context, this work intends to make an analysis of the cuFuture 5G networks open a new spectrum of possibilities, both at the level of services it can offer, and at the level of its deployment. This thesis aims to make a study of some of the technologies that make possible the arrival of 5G, such as virtualization and virtualization applied to networks, NFV. In order to better understand the defined standard for NFV, the analysis of market NFV-MANO available tools is included. In addition, the study and evaluation of the deployment process of a virtualized 5G network scenario has been performed with HPE NFV Director

Transdisciplinarity seen through Information, Communication, Computation, (Inter-)Action and Cognition

Similar to oil that acted as a basic raw material and key driving force of industrial society, information acts as a raw material and principal mover of knowledge society in the knowledge production, propagation and application. New developments in information processing and information communication technologies allow increasingly complex and accurate descriptions, representations and models, which are often multi-parameter, multi-perspective, multi-level and multidimensional. This leads to the necessity of collaborative work between different domains with corresponding specialist competences, sciences and research traditions. We present several major transdisciplinary unification projects for information and knowledge, which proceed on the descriptive, logical and the level of generative mechanisms. Parallel process of boundary crossing and transdisciplinary activity is going on in the applied domains. Technological artifacts are becoming increasingly complex and their design is strongly user-centered, which brings in not only the function and various technological qualities but also other aspects including esthetic, user experience, ethics and sustainability with social and environmental dimensions. When integrating knowledge from a variety of fields, with contributions from different groups of stakeholders, numerous challenges are met in establishing common view and common course of action. In this context, information is our environment, and informational ecology determines both epistemology and spaces for action. We present some insights into the current state of the art of transdisciplinary theory and practice of information studies and informatics. We depict different facets of transdisciplinarity as we see it from our different research fields that include information studies, computability, human-computer interaction, multi-operating-systems environments and philosophy.Comment: Chapter in a forthcoming book: Information Studies and the Quest for Transdisciplinarity - Forthcoming book in World Scientific. Mark Burgin and Wolfgang Hofkirchner, Editor

Transparent Orchestration of Task-based Parallel Applications in Containers Platforms

This paper presents a framework to easily build and execute parallel applications in container-based distributed computing platforms in a user-transparent way. The proposed framework is a combination of the COMP Superscalar (COMPSs) programming model and runtime, which provides a straightforward way to develop task-based parallel applications from sequential codes, and containers management platforms that ease the deployment of applications in computing environments (as Docker, Mesos or Singularity). This framework provides scientists and developers with an easy way to implement parallel distributed applications and deploy them in a one-click fashion. We have built a prototype which integrates COMPSs with different containers engines in different scenarios: i) a Docker cluster, ii) a Mesos cluster, and iii) Singularity in an HPC cluster. We have evaluated the overhead in the building phase, deployment and execution of two benchmark applications compared to a Cloud testbed based on KVM and OpenStack and to the usage of bare metal nodes. We have observed an important gain in comparison to cloud environments during the building and deployment phases. This enables better adaptation of resources with respect to the computational load. In contrast, we detected an extra overhead during the execution, which is mainly due to the multi-host Docker networking.This work is partly supported by the Spanish Government through Programa Severo Ochoa (SEV-2015-0493), by the Spanish Ministry of Science and Technology through TIN2015-65316 project, by the Generalitat de Catalunya under contracts 2014-SGR-1051 and 2014-SGR-1272, and by the European Union through the Horizon 2020 research and innovation program under grant 690116 (EUBra-BIGSEA Project). Results presented in this paper were obtained using the Chameleon testbed supported by the National Science Foundation.Peer ReviewedPostprint (author's final draft