4,521 research outputs found
A Hybrid Root-kit for Linux Operating System
Hacking has been around almost since the first computers were connected together. Every day many new vulnerabilities/exploits are released and many computers become compromised. This is good for an attacker because there is a constant stream of new vulnerabilities/exploits that can be leveraged to break into computers. However, with newly published exploits comes a newly released patch for those exploits (usually). This is the reason that attackers have developed „back-doors‟ commonly referred to as root-kits. A root-kit is a post-compromise tool that an attacker uses to maintain access and often collects information from users such as passwords, credit card information, social security numbers, and other sensitive information. The importance of a root-kit is that once the vulnerability which was used to exploit the system is patched, the attacker can still get back in through a „backdoor‟. The purpose of this paper was to explore the area of root-kits by taking the role of an attacker and actually developing a root-kit that targets the Linux 2.6 kernel. By doing this we were are able to gain a great amount of insight into the internal workings of the kernel as well as its shortcomings with regards to security by developing a Linux Kernel Module (LKM) key-logger. We also look into some common techniques used by root-kits for providing a backdoor to the attacker. Then we investigate some come and simple techniques that root-kits utilize for stealth (it is imperative that the users/administrators do not know the system is compromised). Finally, we look at a simple and elegant solution for infecting a compromised computer with the root-kit we developed
Improving I/O performance through an in-kernel disk simulator
This paper presents two mechanisms that can significantly improve the I/O performance of both hard and solid-state drives for read operations: KDSim and REDCAP. KDSim is an in-kernel disk simulator that provides a framework for simultaneously simulating the performance obtained by different I/O system mechanisms and algorithms, and for dynamically turning them on and off, or selecting between different options or policies, to improve the overall system performance. REDCAP is a RAM-based disk cache that effectively enlarges the built-in cache present in disk drives. By using KDSim, this cache is dynamically activated/deactivated according to the throughput achieved. Results show that, by using KDSim and REDCAP together, a system can improve its I/O performance up to 88% for workloads with some spatial locality on both hard and solid-state drives, while it achieves the same performance as a ‘regular system’ for workloads with random or sequential access patterns.Peer ReviewedPostprint (author's final draft
Faults in Linux 2.6
In August 2011, Linux entered its third decade. Ten years before, Chou et al.
published a study of faults found by applying a static analyzer to Linux
versions 1.0 through 2.4.1. A major result of their work was that the drivers
directory contained up to 7 times more of certain kinds of faults than other
directories. This result inspired numerous efforts on improving the reliability
of driver code. Today, Linux is used in a wider range of environments, provides
a wider range of services, and has adopted a new development and release model.
What has been the impact of these changes on code quality? To answer this
question, we have transported Chou et al.'s experiments to all versions of
Linux 2.6; released between 2003 and 2011. We find that Linux has more than
doubled in size during this period, but the number of faults per line of code
has been decreasing. Moreover, the fault rate of drivers is now below that of
other directories, such as arch. These results can guide further development
and research efforts for the decade to come. To allow updating these results as
Linux evolves, we define our experimental protocol and make our checkers
available
Embedding Multi-Task Address-Event- Representation Computation
Address-Event-Representation, AER, is a communication protocol that is
intended to transfer neuronal spikes between bioinspired chips. There are
several AER tools to help to develop and test AER based systems, which may
consist of a hierarchical structure with several chips that transmit spikes
among them in real-time, while performing some processing. Although these
tools reach very high bandwidth at the AER communication level, they require
the use of a personal computer to allow the higher level processing of the
event information. We propose the use of an embedded platform based on a
multi-task operating system to allow both, the AER communication and
processing without the requirement of either a laptop or a computer. In this
paper, we present and study the performance of an embedded multi-task AER
tool, connecting and programming it for processing Address-Event
information from a spiking generator.Ministerio de Ciencia e Innovación TEC2006-11730-C03-0
Micro-CernVM: Slashing the Cost of Building and Deploying Virtual Machines
The traditional virtual machine building and and deployment process is
centered around the virtual machine hard disk image. The packages comprising
the VM operating system are carefully selected, hard disk images are built for
a variety of different hypervisors, and images have to be distributed and
decompressed in order to instantiate a virtual machine. Within the HEP
community, the CernVM File System has been established in order to decouple the
distribution from the experiment software from the building and distribution of
the VM hard disk images.
We show how to get rid of such pre-built hard disk images altogether. Due to
the high requirements on POSIX compliance imposed by HEP application software,
CernVM-FS can also be used to host and boot a Linux operating system. This
allows the use of a tiny bootable CD image that comprises only a Linux kernel
while the rest of the operating system is provided on demand by CernVM-FS. This
approach speeds up the initial instantiation time and reduces virtual machine
image sizes by an order of magnitude. Furthermore, security updates can be
distributed instantaneously through CernVM-FS. By leveraging the fact that
CernVM-FS is a versioning file system, a historic analysis environment can be
easily re-spawned by selecting the corresponding CernVM-FS file system
snapshot.Comment: Conference paper at the 2013 Computing in High Energy Physics (CHEP)
Conference, Amsterda
A Survey on Handover Management in Mobility Architectures
This work presents a comprehensive and structured taxonomy of available
techniques for managing the handover process in mobility architectures.
Representative works from the existing literature have been divided into
appropriate categories, based on their ability to support horizontal handovers,
vertical handovers and multihoming. We describe approaches designed to work on
the current Internet (i.e. IPv4-based networks), as well as those that have
been devised for the "future" Internet (e.g. IPv6-based networks and
extensions). Quantitative measures and qualitative indicators are also
presented and used to evaluate and compare the examined approaches. This
critical review provides some valuable guidelines and suggestions for designing
and developing mobility architectures, including some practical expedients
(e.g. those required in the current Internet environment), aimed to cope with
the presence of NAT/firewalls and to provide support to legacy systems and
several communication protocols working at the application layer
- …