2,002 research outputs found
Practical Fine-grained Privilege Separation in Multithreaded Applications
An inherent security limitation with the classic multithreaded programming
model is that all the threads share the same address space and, therefore, are
implicitly assumed to be mutually trusted. This assumption, however, does not
take into consideration of many modern multithreaded applications that involve
multiple principals which do not fully trust each other. It remains challenging
to retrofit the classic multithreaded programming model so that the security
and privilege separation in multi-principal applications can be resolved.
This paper proposes ARBITER, a run-time system and a set of security
primitives, aimed at fine-grained and data-centric privilege separation in
multithreaded applications. While enforcing effective isolation among
principals, ARBITER still allows flexible sharing and communication between
threads so that the multithreaded programming paradigm can be preserved. To
realize controlled sharing in a fine-grained manner, we created a novel
abstraction named ARBITER Secure Memory Segment (ASMS) and corresponding OS
support. Programmers express security policies by labeling data and principals
via ARBITER's API following a unified model. We ported a widely-used, in-memory
database application (memcached) to ARBITER system, changing only around 100
LOC. Experiments indicate that only an average runtime overhead of 5.6% is
induced to this security enhanced version of application
Small Explorer project: Submillimeter Wave Astronomy Satellite (SWAS). Mission operations and data analysis plan
The Mission Operations and Data Analysis Plan is presented for the Submillimeter Wave Astronomy Satellite (SWAS) Project. It defines organizational responsibilities, discusses target selection and navigation, specifies instrument command and data requirements, defines data reduction and analysis hardware and software requirements, and discusses mission operations center staffing requirements
Second CLIPS Conference Proceedings, volume 1
Topics covered at the 2nd CLIPS Conference held at the Johnson Space Center, September 23-25, 1991 are given. Topics include rule groupings, fault detection using expert systems, decision making using expert systems, knowledge representation, computer aided design and debugging expert systems
Migration from Windows to Linux for a small engineering firm A&G Associates
The primary objectives of this paper are to complete a Masters Degree in Information Technology as required by Rochester Institute of Technology, Rochester, New York, and to assist a small engineering firm in evaluating the possibilities of migrating from Microsoft Windows to a Linux Operating System. A recent announcement that Microsoft will limit support on some of their existing commonly used operating systems, along with their monopoly in the marketplace, will continue to allow them to sell licenses at high prices. These factors could force many companies to consider transiting to other operating systems which offer more support services and less expensive products. Although there are several such providers, the low cost of Linux, its non-rigorous licensing agreements, high level of security, stability, and usability makes it the best non-Microsoft operating system option. A 2004 survey of 85 North American firms conducted by Forrester Research, Inc., confirms that the transition has begun. The survey showed that low acquisition cost was the primary reason why firms moved to Linux, followed by low total cost of ownership, and then by low hardware cost. As of today the number of users or potential users of Linux are summarized below Pie Chart: No Plans, 39% Using Today, 46% Plan to Use, 14% Many firms are concerned about transitioning to Linux due to the fact that Linux is an open-source technology that has greater risks than Windows which the owner has to mitigate somehow. In reality there are many emerging companies which are providing 24/7 support to Linux just like Microsoft. The figure below presents the main concerns of firms planning to move to Linux. Bar Graph: We don’t have skills, 55% lack of support, 53% lack of applications, 42% Product immaturity, 35% Fear the OS community will disappear, 25% Security, 20% Unexpected license cost, 20% Other risk, 20% Don’t know, 9% Fear of getting sued over copyrights, 7% None, 2% The practical case used for evaluating transitioning from Windows to Linux is A&G Associates. The firm specializes in the design and construction management of water and wastewater treatment facilities. The firm\u27s current local area network configuration consists of 4 servers and 50 workstations. Since being established in early 2000, the firm has used a Windows 98 environment for workstations and Windows NT for servers. Today the firm is facing the challenge whether to upgrade their system in the Windows environment which entails choosing Windows XP for workstations and Windows Advance Server 2000 for servers or transitioning to a different operating system such as Linux. The most important reason for A&G Associates to move to Linux will come from a cost savings opportunity between the Windows and Linux operating systems. Since Linux can be downloaded for free or a licensed CD can be bought for less than 131,807. The total cost for transitioning the firm from Windows to Linux for A&G or a small firm with 50 to 250 employees and the associated total cost for full-transitioning to a new Windows version, a Linux platform, or to a hybrid environment such as Option 5 . The results is presented below Graph: 50 Users: Cost to Transition: Full Transition to Windows: 116,462 Hybrid Environment: 331,700 Full Transition to Linux: 250,105 250 Users: Cost to Transition: Full Transition to Windows: 528,274 Hybrid Environment: 132,000, with approximately 98,000 for hardware; the remaining cost is associated with operating the system. - Total cost savings of transitioning to Linux under the partial transition, Option 5, compared to a full Windows transition is approximately 58,000. The following are the recommendations for A&G: - The firm should consider transitioning to Linux but upgrade some workstations to the Windows XP environment in order to maintain the ability to run engineering applications, in accordance with partial transition, Option 5. - Implementation of partial transition, Option 5, would provide cost savings of approximately 58,000 during the transition to the new operating system. As Linux continues to provide its operating system at a more reasonable price, as more applications become available, and services such as 24/7 assistance and security become more reliable, the possibility that firms will move away from Windows toward Linux is inevitable. However, in the meantime, a partial transition can provide firms with greater flexibility and costs savings when compared to making a full transition to either the Windows or Linux environment
Sheaf Theory as a Foundation for Heterogeneous Data Fusion
A major impediment to scientific progress in many fields is the inability to make sense of the huge amounts of data that have been collected via experiment or computer simulation. This dissertation provides tools to visualize, represent, and analyze the collection of sensors and data all at once in a single combinatorial geometric object. Encoding and translating heterogeneous data into common language are modeled by supporting objects. In this methodology, the behavior of the system based on the detection of noise in the system, possible failure in data exchange and recognition of the redundant or complimentary sensors are studied via some related geometric objects. Applications of the constructed methodology are described by two case studies: one from wildfire threat monitoring and the other from air traffic monitoring. Both cases are distributed (spatial and temporal) information systems. The systems deal with temporal and spatial fusion of heterogeneous data obtained from multiple sources, where the schema, availability and quality vary. The behavior of both systems is explained thoroughly in terms of the detection of the failure in the systems and the recognition of the redundant and complimentary sensors. A comparison between the methodology in this dissertation and the alternative methods is described to further verify the validity of the sheaf theory method. It is seen that the method has less computational complexity in both space and time
HoneyDOC: An Efficient Honeypot Architecture Enabling All-Round Design
Honeypots are designed to trap the attacker with the purpose of investigating
its malicious behavior. Owing to the increasing variety and sophistication of
cyber attacks, how to capture high-quality attack data has become a challenge
in the context of honeypot area. All-round honeypots, which mean significant
improvement in sensibility, countermeasure and stealth, are necessary to tackle
the problem. In this paper, we propose a novel honeypot architecture termed
HoneyDOC to support all-round honeypot design and implementation. Our HoneyDOC
architecture clearly identifies three essential independent and collaborative
modules, Decoy, Captor and Orchestrator. Based on the efficient architecture, a
Software-Defined Networking (SDN) enabled honeypot system is designed, which
supplies high programmability for technically sustaining the features for
capturing high-quality data. A proof-of-concept system is implemented to
validate its feasibility and effectiveness. The experimental results show the
benefits by using the proposed architecture comparing to the previous honeypot
solutions.Comment: Non
- …