Practical Fine-grained Privilege Separation in Multithreaded Applications

An inherent security limitation with the classic multithreaded programming model is that all the threads share the same address space and, therefore, are implicitly assumed to be mutually trusted. This assumption, however, does not take into consideration of many modern multithreaded applications that involve multiple principals which do not fully trust each other. It remains challenging to retrofit the classic multithreaded programming model so that the security and privilege separation in multi-principal applications can be resolved. This paper proposes ARBITER, a run-time system and a set of security primitives, aimed at fine-grained and data-centric privilege separation in multithreaded applications. While enforcing effective isolation among principals, ARBITER still allows flexible sharing and communication between threads so that the multithreaded programming paradigm can be preserved. To realize controlled sharing in a fine-grained manner, we created a novel abstraction named ARBITER Secure Memory Segment (ASMS) and corresponding OS support. Programmers express security policies by labeling data and principals via ARBITER's API following a unified model. We ported a widely-used, in-memory database application (memcached) to ARBITER system, changing only around 100 LOC. Experiments indicate that only an average runtime overhead of 5.6% is induced to this security enhanced version of application

Small Explorer project: Submillimeter Wave Astronomy Satellite (SWAS). Mission operations and data analysis plan

The Mission Operations and Data Analysis Plan is presented for the Submillimeter Wave Astronomy Satellite (SWAS) Project. It defines organizational responsibilities, discusses target selection and navigation, specifies instrument command and data requirements, defines data reduction and analysis hardware and software requirements, and discusses mission operations center staffing requirements

Second CLIPS Conference Proceedings, volume 1

Topics covered at the 2nd CLIPS Conference held at the Johnson Space Center, September 23-25, 1991 are given. Topics include rule groupings, fault detection using expert systems, decision making using expert systems, knowledge representation, computer aided design and debugging expert systems

Migration from Windows to Linux for a small engineering firm A&G Associates

The primary objectives of this paper are to complete a Masters Degree in Information Technology as required by Rochester Institute of Technology, Rochester, New York, and to assist a small engineering firm in evaluating the possibilities of migrating from Microsoft Windows to a Linux Operating System. A recent announcement that Microsoft will limit support on some of their existing commonly used operating systems, along with their monopoly in the marketplace, will continue to allow them to sell licenses at high prices. These factors could force many companies to consider transiting to other operating systems which offer more support services and less expensive products. Although there are several such providers, the low cost of Linux, its non-rigorous licensing agreements, high level of security, stability, and usability makes it the best non-Microsoft operating system option. A 2004 survey of 85 North American firms conducted by Forrester Research, Inc., confirms that the transition has begun. The survey showed that low acquisition cost was the primary reason why firms moved to Linux, followed by low total cost of ownership, and then by low hardware cost. As of today the number of users or potential users of Linux are summarized below Pie Chart: No Plans, 39% Using Today, 46% Plan to Use, 14% Many firms are concerned about transitioning to Linux due to the fact that Linux is an open-source technology that has greater risks than Windows which the owner has to mitigate somehow. In reality there are many emerging companies which are providing 24/7 support to Linux just like Microsoft. The figure below presents the main concerns of firms planning to move to Linux. Bar Graph: We don’t have skills, 55% lack of support, 53% lack of applications, 42% Product immaturity, 35% Fear the OS community will disappear, 25% Security, 20% Unexpected license cost, 20% Other risk, 20% Don’t know, 9% Fear of getting sued over copyrights, 7% None, 2% The practical case used for evaluating transitioning from Windows to Linux is A&G Associates. The firm specializes in the design and construction management of water and wastewater treatment facilities. The firm\u27s current local area network configuration consists of 4 servers and 50 workstations. Since being established in early 2000, the firm has used a Windows 98 environment for workstations and Windows NT for servers. Today the firm is facing the challenge whether to upgrade their system in the Windows environment which entails choosing Windows XP for workstations and Windows Advance Server 2000 for servers or transitioning to a different operating system such as Linux. The most important reason for A&G Associates to move to Linux will come from a cost savings opportunity between the Windows and Linux operating systems. Since Linux can be downloaded for free or a licensed CD can be bought for less than $200 dollars, it can be used on multiple computers, and it offers many free applications, the most cost-effective solution seems to be to purchase Linux. The cost savings opportunities were based on three alternatives: 1. Full Transition from the existing Windows environment into the newest version of Windows for workstations and servers; or 2. Transition from an existing Windows environment to a Linux environment for workstations and servers. 3. Partial Transitioning (Option 5) from existing Windows environment to a new Linux environment for servers and majority of the workstations (35) and to upgraded Windows for 15 workstations Partial Transition Option 5 takes care of the issue of running engineering applications on some Windows workstations and changing the majority of the workstations and all servers to Linux in order to obtain the maximum cost savings benefit. In this option, 15 workstations are upgraded to the new Windows XP Platform and all four servers and the remaining 35 workstations are migrated to a Linux Platform. The total cost for partial transitioning under option 5 is$131,807. The total cost for transitioning the firm from Windows to Linux for A&G or a small firm with 50 to 250 employees and the associated total cost for full-transitioning to a new Windows version, a Linux platform, or to a hybrid environment such as Option 5 . The results is presented below Graph: 50 Users: Cost to Transition: Full Transition to Windows: $189,323 Full Transition to Linux:$116,462 Hybrid Environment: $131,807 100 Users: Cost to Transition: Full Transition to Windows:$331,700 Full Transition to Linux: $219,415 Hybrid Environment:$250,105 250 Users: Cost to Transition: Full Transition to Windows: $758,831 Full Transition to Linux:$528,274 Hybrid Environment: $604,999 Based on the results of the study, the following conclusions were drawn that would help the firm make informed decisions: - Making a full transition to Linux would limit the availability of engineering software compatible with Linux. - The total cost of transitioning under the partial transition, Option 5, would be approximately$132,000, with approximately $12,000 in software costs and$98,000 for hardware; the remaining cost is associated with operating the system. - Total cost savings of transitioning to Linux under the partial transition, Option 5, compared to a full Windows transition is approximately 58,000. The following are the recommendations for A&G: - The firm should consider transitioning to Linux but upgrade some workstations to the Windows XP environment in order to maintain the ability to run engineering applications, in accordance with partial transition, Option 5. - Implementation of partial transition, Option 5, would provide cost savings of approximately 58,000 during the transition to the new operating system. As Linux continues to provide its operating system at a more reasonable price, as more applications become available, and services such as 24/7 assistance and security become more reliable, the possibility that firms will move away from Windows toward Linux is inevitable. However, in the meantime, a partial transition can provide firms with greater flexibility and costs savings when compared to making a full transition to either the Windows or Linux environment

Sheaf Theory as a Foundation for Heterogeneous Data Fusion

A major impediment to scientific progress in many fields is the inability to make sense of the huge amounts of data that have been collected via experiment or computer simulation. This dissertation provides tools to visualize, represent, and analyze the collection of sensors and data all at once in a single combinatorial geometric object. Encoding and translating heterogeneous data into common language are modeled by supporting objects. In this methodology, the behavior of the system based on the detection of noise in the system, possible failure in data exchange and recognition of the redundant or complimentary sensors are studied via some related geometric objects. Applications of the constructed methodology are described by two case studies: one from wildfire threat monitoring and the other from air traffic monitoring. Both cases are distributed (spatial and temporal) information systems. The systems deal with temporal and spatial fusion of heterogeneous data obtained from multiple sources, where the schema, availability and quality vary. The behavior of both systems is explained thoroughly in terms of the detection of the failure in the systems and the recognition of the redundant and complimentary sensors. A comparison between the methodology in this dissertation and the alternative methods is described to further verify the validity of the sheaf theory method. It is seen that the method has less computational complexity in both space and time

HoneyDOC: An Efficient Honeypot Architecture Enabling All-Round Design

Honeypots are designed to trap the attacker with the purpose of investigating its malicious behavior. Owing to the increasing variety and sophistication of cyber attacks, how to capture high-quality attack data has become a challenge in the context of honeypot area. All-round honeypots, which mean significant improvement in sensibility, countermeasure and stealth, are necessary to tackle the problem. In this paper, we propose a novel honeypot architecture termed HoneyDOC to support all-round honeypot design and implementation. Our HoneyDOC architecture clearly identifies three essential independent and collaborative modules, Decoy, Captor and Orchestrator. Based on the efficient architecture, a Software-Defined Networking (SDN) enabled honeypot system is designed, which supplies high programmability for technically sustaining the features for capturing high-quality data. A proof-of-concept system is implemented to validate its feasibility and effectiveness. The experimental results show the benefits by using the proposed architecture comparing to the previous honeypot solutions.Comment: Non