7 research outputs found
Administration of ICT Environments Using Autonomous Solutions
Tato diplomová práce ukazuje příklad reaktivní automatizace v ICT prostředích. Je v ní popsáno řešení konkrétního problému operačního systému AIX, které je implementované v automatizačním nástroji IPC. Analýza současné situace zahrnuje rozbor vlastností operačního systému AIX, zkoumaného problému a rovněž nástroje IPC, který je použit pro implementaci řešení. Po popisu implementovaného řešení je provedeno rovněž ekonomické zhodnocení celé práce.This master's thesis shows an example of reactive server automation in ICT environments. There is a description of solution for specific problem in the AIX operating system which is implemented in an automation suite IPC. Analysis of current situation contains description of properties of the operating system AIX, the examined problem as well as of the IPC tool which is used for implementing this solution. After the description of the implemented solution there is also an economic evaluation of the entire thesis.
Towards a formally designed and verified embedded operating system: case study using the B method
The dramatic growth in practical applications for iris biometrics has been accompanied
by relevant developments in the underlying algorithms and techniques. Along
with the research focused on near-infrared images captured with subject cooperation,
e orts are being made to minimize the trade-o between the quality of the captured
data and the recognition accuracy on less constrained environments, where images are
obtained at the visible wavelength, at increased distances, over simpli ed acquisition
protocols and adverse lightning conditions. At a rst stage, interpolation e ects on
normalization process are addressed, pointing the outcomes in the overall recognition
error rates. Secondly, a couple of post-processing steps to the Daugman's approach
are performed, attempting to increase its performance in the particular unconstrained
environments this thesis assumes. Analysis on both frequency and spatial domains
and nally pattern recognition methods are applied in such e orts. This thesis embodies
the study on how subject recognition can be achieved, without his cooperation,
making use of iris data captured at-a-distance, on-the-move and at visible wavelength
conditions. Widely used methods designed for constrained scenarios are analyzed
Formal verification of a real-time operating system
Errors caused by the interaction of computer systems with the physical world are hard to mitigate but errors related to the underlying software can be prevented by a more rigorous development of software code. In the context of critical systems, a failure caused by software errors could lead to consequences that are determined to be unacceptable. At the heart of a critical system, a real-time operating system is commonly found. Since the reliability of the entire system depends upon having a reliable operating system, verifying that the operating systems functions as desired is of prime interest. One solution to verify the correctness of significant properties of an existing real-time operating system microkernel (FreeRTOS) applies assisted proof checking to its formalized specification description. The experiment consists of describing real-time operating system characteristics, such as memory safety and scheduler determinism, in Separation Logic — a formal language that allows reasoning about the behaviour of the system in terms of preconditions and postconditions. Once the desired properties are defined in a formal language, a theorem can be constructed to describe the validity of such formula for the given FreeRTOS implementation. Then, by using the Coq proof assistant, a machine-checked proof that such properties hold for FreeRTOS can be carried out. By expressing safety and deterministic properties of an existing real-time operating systems and proving them correct we demonstrate that the current state-of-the-art in theorem-based formal verification, including appropriate logics and proof assistants, make it possible to provide a machine-checked proof of the specification of significant properties for FreeRTOS
Dynamic reliability and security monitoring: a virtual machine approach
While one always works to prevent attacks and failures, they are inevitable and situational awareness is key to taking appropriate action. Monitoring plays an integral role in ensuring reliability and security of computing systems. Infrastructure as a Service (IaaS) clouds significantly lower the barrier for obtaining scalable computing resources and allow users to focus on what is important to them. Can a similar service be offered to provide on-demand reliability and security monitoring?
Cloud computing systems are typically built using virtual machines (VMs). VM monitoring takes advantage of this and uses the hypervisor that runs VMs for robust reliability and security monitoring. The hypervisor provides an environment that is isolated from failures and attacks inside customers’ VMs. Furthermore, as a low-level manager of computing resources, the hypervisor has full access to the infrastructure running above it. Hypervisor-based VM monitoring leverages that information to observe the VMs for failures and attacks. However, existing VM monitoring techniques fall short of “as-a-service” expectations because they require a priori VM modifications and require human interaction to obtain necessary information about the underlying guest system. The research presented in this dissertation closes those gaps by providing a flexible VM monitoring framework and automated analysis to support that framework.
We have developed and tested a dynamic VM monitoring framework called Hypervisor Probes (hprobes). The hprobe framework allows us to monitor the execution of both the guest OS and applications from the hypervisor. To supplement this monitoring framework, we use dynamic analysis techniques to investigate the relationship between hardware events visible to the hyper-visor and OS constructs common across OS versions. We use the results of this analysis to parametrize the hprobe-based monitors without requiring any user input. Combining the dynamic VM monitoring framework and analysis frameworks allows us to provide on-demand hypervisor based monitors for cloud VMs
Formally modelling and verifying the FreeRTOS real-time operating system
Formal methods is an alternative way to develop software, which applies math- ematical techniques to software design and verification. It ensures logical consistency between the requirements and the behaviour of the software, because each step in the development process, i.e., abstracting the requirements, design, refinement and implementation, is verified by mathematical techniques. However, in ordinary software development, the correctness of the software is tested at the end of the development process, which means it is limited and incomplete. Thus formal methods provides higher quality software than ordinary software devel- opment. At the same time, real-time operating systems are playing increasingly more important roles in embedded applications. Formal verification of this kind of software is therefore of strong interest.
FreeRTOS has a wide community of users: it is regarded by many as the de facto standard for micro-controllers in embedded applications. This project formally specifies the behaviour of FreeRTOS in Z, and its consistency is ver- ified using the Z/Eves theorem prover. This includes a precise statement of the preconditions for all API commands. Based on this model, (a) code-level annotations for verifying task related API are produced with Microsoft’s Verifying C Complier (VCC); and (b) an abstract model for extension of FreeRTOS to multi-core architectures is specified with the Z notation.
This work forms the basis of future work that is refinement of the models to code to produce a verified implementation for both single and multi-core platforms
Small TCBs of policy-controlled operating systems
IT Systeme mit qualitativ hohen Sicherheitsanforderungen verwenden zur
Beschreibung, Analyse und Implementierung ihrer Sicherheitseigenschaften
zunehmend problemspezifische Sicherheitspolitiken, welche ein
wesentlicher Bestandteil der Trusted Computing Base (TCB) eines IT
Systems sind. Aus diesem Grund sind die Korrektheit und Unumgehbarkeit
der Implementierung einer TCB entscheidend, um die geforderten
Sicherheitseigenschaften eines Systems herzustellen, zu wahren und zu
garantieren.
Viele der heutigen Betriebssysteme zeigen, welche Herausforderung die
Realisierung von Sicherheitspolitiken darstellt; seit mehr als 40 Jahren
unterstützen sie wahlfreie identitätsbasierte Zugriffssteuerungspolitiken
nur rudimentär. Dies führt dazu, dass große Teile der
Sicherheitspolitiken von Anwendersoftware durch die Anwendungen selbst
implementiert werden. Infolge dessen sind die TCBs heutiger
Betriebssysteme groß, heterogen und verteilt, so dass die exakte
Bestimmung ihres Funktionsumfangs sehr aufwendig ist. Im Ergebnis sind
die wesentlichen Eigenschaften von TCBs - Korrektheit, Robustheit und
Unumgehbarkeit - nur schwer erreichbar.
Dies hat zur Entwicklung von Politik gesteuerten Betriebssystemen
geführt, die alle Sicherheitspolitiken eines Betriebssystems und seiner
Anwendungen zentral zusammenfassen, indem sie Kernabstraktionen für
Sicherheitspolitiken und Politiklaufzeitumgebungen anbieten. Aktuelle
Politik gesteuerte Betriebssysteme basieren auf monolithischen
Architekturen, was dazu führt, dass ihre Komponenten zur Durchsetzung
ihrer Politiken im Betriebssystemkern verteilt sind. Weiterhin verfolgen
sie das Ziel, ein möglichst breites Spektrum an Sicherheitspolitiken zu
unterstützen. Dies hat zur Folge, dass ihre Laufzeitkomponenten für
Politikentscheidung und -durchsetzung universal sind. Im Ergebnis sind
ihre TCB-Implementierungen groß und komplex, so dass der TCB-
Funktionsumfang nur schwer identifiziert werden kann und wesentliche
Eigenschaften von TCBs nur mit erhöhtem Aufwand erreichbar sind.
Diese Dissertation verfolgt einen Ansatz, der die TCBs Politik
gesteuerter Betriebssysteme systematisch entwickelt. Die Idee ist, das
Laufzeitsystem für Sicherheitspolitiken so maßzuschneidern, dass nur die
Politiken unterstützt werden, die tatsächlich in einer TCB vorhanden
sind. Dabei wird der Funktionsumfang einer TCB durch kausale
Abhängigkeiten zwischen Sicherheitspolitiken und TCB-Funktionen bestimmt.
Das Ergebnis sind kausale TCBs, die nur diejenigen Funktionen enthalten,
die zum Durchsetzen und zum Schutz der vorhandenen Sicherheitspolitiken
notwendig sind. Die präzise Identifikation von TCB-Funktionen erlaubt,
die Implementierung der TCB-Funktionen von nicht-vertrauenswürdigen
Systemkomponenten zu isolieren. Dadurch legen kausale TCBs die Grundlage
für TCB-Implementierungen, deren Größe und Komplexität eine Analyse und
Verifikation bezüglich ihrer Korrektheit und Unumgehbarkeit ermöglichen.
Kausale TCBs haben ein breites Anwendungsspektrum - von eingebetteten
Systemen über Politik gesteuerte Betriebssysteme bis hin zu
Datenbankmanagementsystemen in großen Informationssystemen.Policy-controlled operating systems provide a policy decision and enforcement environment to protect and enforce their security policies. The trusted computing base (TCB) of these systems are large and complex, and their functional perimeter can hardly be precisely identified. As a result, a TCB's correctness and tamper-proofness are hard to ensure in its implementation.
This dissertation develops a TCB engineering method for policy-controlled operating systems that tailors the policy decision and enforcement environment to support only those policies that are actually present in a TCB. A TCB's functional perimeter is identified by exploiting causal dependencies between policies and TCB functions, which results in causal TCBs that contain exactly those functions that are necessary to establish, enforce, and protect their policies. The precise identification of a TCB's functional perimeter allows for implementing a TCB in a safe environment that indeed can be isolated from untrusted system components. Thereby, causal TCB engineering sets the course for implementations whose size and complexity pave the way for analyzing and verifying a TCB's correctness and tamper-proofness.Auch im Buchhandel erhältlich:
Small TCBs of policy-controlled operating systems / Anja Pölck
Ilmenau : Univ.-Verl. Ilmenau, 2014. - xiii, 249 S.
ISBN 978-3-86360-090-7
Preis: 24,40