148,131 research outputs found
50 years of isolation
The traditional means for isolating applications from each other is via the use of operating system provided āprocessā abstraction facilities. However, as applications now consist of multiple fine-grained components, the traditional process abstraction model is proving to be insufficient in ensuring this isolation. Statistics indicate that a high percentage of software failure occurs due to propagation of component failures. These observations are further bolstered by the attempts by modern Internet browser application developers, for example, to adopt multi-process architectures in order to increase robustness. Therefore, a fresh look at the available options for isolating program components is necessary and this paper provides an overview of previous and current research on the area
Piggybacking on an Autonomous Hauler: Business Models Enabling a System-of-Systems Approach to Mapping an Underground Mine
With ever-increasing productivity targets in mining operations, there is a
growing interest in mining automation. In future mines, remote-controlled and
autonomous haulers will operate underground guided by LiDAR sensors. We
envision reusing LiDAR measurements to maintain accurate mine maps that would
contribute to both safety and productivity. Extrapolating from a pilot project
on reliable wireless communication in Boliden's Kankberg mine, we propose
establishing a system-of-systems (SoS) with LIDAR-equipped haulers and existing
mapping solutions as constituent systems. SoS requirements engineering
inevitably adds a political layer, as independent actors are stakeholders both
on the system and SoS levels. We present four SoS scenarios representing
different business models, discussing how development and operations could be
distributed among Boliden and external stakeholders, e.g., the vehicle
suppliers, the hauling company, and the developers of the mapping software.
Based on eight key variation points, we compare the four scenarios from both
technical and business perspectives. Finally, we validate our findings in a
seminar with participants from the relevant stakeholders. We conclude that to
determine which scenario is the most promising for Boliden, trade-offs
regarding control, costs, risks, and innovation must be carefully evaluated.Comment: Preprint of industry track paper accepted for the 25th IEEE
International Conference on Requirements Engineering (RE'17
LightBox: Full-stack Protected Stateful Middlebox at Lightning Speed
Running off-site software middleboxes at third-party service providers has
been a popular practice. However, routing large volumes of raw traffic, which
may carry sensitive information, to a remote site for processing raises severe
security concerns. Prior solutions often abstract away important factors
pertinent to real-world deployment. In particular, they overlook the
significance of metadata protection and stateful processing. Unprotected
traffic metadata like low-level headers, size and count, can be exploited to
learn supposedly encrypted application contents. Meanwhile, tracking the states
of 100,000s of flows concurrently is often indispensable in production-level
middleboxes deployed at real networks.
We present LightBox, the first system that can drive off-site middleboxes at
near-native speed with stateful processing and the most comprehensive
protection to date. Built upon commodity trusted hardware, Intel SGX, LightBox
is the product of our systematic investigation of how to overcome the inherent
limitations of secure enclaves using domain knowledge and customization. First,
we introduce an elegant virtual network interface that allows convenient access
to fully protected packets at line rate without leaving the enclave, as if from
the trusted source network. Second, we provide complete flow state management
for efficient stateful processing, by tailoring a set of data structures and
algorithms optimized for the highly constrained enclave space. Extensive
evaluations demonstrate that LightBox, with all security benefits, can achieve
10Gbps packet I/O, and that with case studies on three stateful middleboxes, it
can operate at near-native speed.Comment: Accepted at ACM CCS 201
KASR: A Reliable and Practical Approach to Attack Surface Reduction of Commodity OS Kernels
Commodity OS kernels have broad attack surfaces due to the large code base
and the numerous features such as device drivers. For a real-world use case
(e.g., an Apache Server), many kernel services are unused and only a small
amount of kernel code is used. Within the used code, a certain part is invoked
only at runtime while the rest are executed at startup and/or shutdown phases
in the kernel's lifetime run. In this paper, we propose a reliable and
practical system, named KASR, which transparently reduces attack surfaces of
commodity OS kernels at runtime without requiring their source code. The KASR
system, residing in a trusted hypervisor, achieves the attack surface reduction
through a two-step approach: (1) reliably depriving unused code of executable
permissions, and (2) transparently segmenting used code and selectively
activating them. We implement a prototype of KASR on Xen-4.8.2 hypervisor and
evaluate its security effectiveness on Linux kernel-4.4.0-87-generic. Our
evaluation shows that KASR reduces the kernel attack surface by 64% and trims
off 40% of CVE vulnerabilities. Besides, KASR successfully detects and blocks
all 6 real-world kernel rootkits. We measure its performance overhead with
three benchmark tools (i.e., SPECINT, httperf and bonnie++). The experimental
results indicate that KASR imposes less than 1% performance overhead (compared
to an unmodified Xen hypervisor) on all the benchmarks.Comment: The work has been accepted at the 21st International Symposium on
Research in Attacks, Intrusions, and Defenses 201
Recommended from our members
Software safety : a definition and some preliminary thoughts
Software safety is the subject of a research project in its initial stages at the University of California Irvine. This research deals with critical real-time software where the cost of an error is high, e.g. human life. In this paper software techniques having a bearing on safety are described and evaluated. Initial definitions of software safety concepts are presented along with some preliminary thoughts and research questions
Products and prototypes: Whatās the difference?
Prototypes are intended to demonstrate or test an idea. Commercial Off-The-Shelf products are intended for ongoing profitable sales. Their quality requirements are different: the former should be as cheap as possible whilst meeting the need for an adequate Proof-of-Concept or Demonstrator; the latter should be fit-for-purpose, cost-effective and an attractive, reliable solution to real world needs.
Selling a prototype as a product risks customer dissatisfaction, com-plaints, legal challenges and reputation damage. Often the protoĀ¬type has to be re-written to meet product quality-level expectations.
This paper reviews the quality properties required of a product ready for delivery. This follows the ISO/IEC 25010 Quality Model, then adds important missing elements that lie ābehind the scenesā in customer support, product management, legal aspects and defensive programming. It draws on a lifetimeās experience working on software products, products containing software and Software as a Service, providing facilities to end users
NASA space station automation: AI-based technology review
Research and Development projects in automation for the Space Station are discussed. Artificial Intelligence (AI) based automation technologies are planned to enhance crew safety through reduced need for EVA, increase crew productivity through the reduction of routine operations, increase space station autonomy, and augment space station capability through the use of teleoperation and robotics. AI technology will also be developed for the servicing of satellites at the Space Station, system monitoring and diagnosis, space manufacturing, and the assembly of large space structures
- ā¦