42,709 research outputs found
Protection in Flexible Operating System Architectures
International audienceThis paper presents our work concerning flexibility and protection in operating system kernels. In most existing operating systems, security is enforced at the price of flexibility by imposing protection models on the system programmer when building his system. We prove that flexibility can be preserved by separating the management of the protection policy from the tools used to enforce it. We present the secure software framework we have implemented in the Think architecture to manage protection policies and guarantee they are carried out as specified. We then detail the elementary protection tools provided to the programmer so he can protect his system against unauthorized accesses and denial of service attacks. These tools are implemented in a policy-neutral way so as to guarantee their flexibility. Finally we validate our results by evaluating the flexibility of the protection provided on selected examples of dynamic modification of the protection policy
CamFlow: Managed Data-sharing for Cloud Services
A model of cloud services is emerging whereby a few trusted providers manage
the underlying hardware and communications whereas many companies build on this
infrastructure to offer higher level, cloud-hosted PaaS services and/or SaaS
applications. From the start, strong isolation between cloud tenants was seen
to be of paramount importance, provided first by virtual machines (VM) and
later by containers, which share the operating system (OS) kernel. Increasingly
it is the case that applications also require facilities to effect isolation
and protection of data managed by those applications. They also require
flexible data sharing with other applications, often across the traditional
cloud-isolation boundaries; for example, when government provides many related
services for its citizens on a common platform. Similar considerations apply to
the end-users of applications. But in particular, the incorporation of cloud
services within `Internet of Things' architectures is driving the requirements
for both protection and cross-application data sharing.
These concerns relate to the management of data. Traditional access control
is application and principal/role specific, applied at policy enforcement
points, after which there is no subsequent control over where data flows; a
crucial issue once data has left its owner's control by cloud-hosted
applications and within cloud-services. Information Flow Control (IFC), in
addition, offers system-wide, end-to-end, flow control based on the properties
of the data. We discuss the potential of cloud-deployed IFC for enforcing
owners' dataflow policy with regard to protection and sharing, as well as
safeguarding against malicious or buggy software. In addition, the audit log
associated with IFC provides transparency, giving configurable system-wide
visibility over data flows. [...]Comment: 14 pages, 8 figure
50 years of isolation
The traditional means for isolating applications from each other is via the use of operating system provided “process” abstraction facilities. However, as applications now consist of multiple fine-grained components, the traditional process abstraction model is proving to be insufficient in ensuring this isolation. Statistics indicate that a high percentage of software failure occurs due to propagation of component failures. These observations are further bolstered by the attempts by modern Internet browser application developers, for example, to adopt multi-process architectures in order to increase robustness. Therefore, a fresh look at the available options for isolating program components is necessary and this paper provides an overview of previous and current research on the area
A Flexible and Secure Deployment Framework for Distributed Applications
This paper describes an implemented system which is designed to support the
deployment of applications offering distributed services, comprising a number
of distributed components. This is achieved by creating high level placement
and topology descriptions which drive tools that deploy applications consisting
of components running on multiple hosts. The system addresses issues of
heterogeneity by providing abstractions over host-specific attributes yielding
a homogeneous run-time environment into which components may be deployed. The
run-time environments provide secure binding mechanisms that permit deployed
components to bind to stored data and services on the hosts on which they are
running.Comment: 2nd International Working Conference on Component Deployment (CD
2004), Edinburgh, Scotlan
Flexible protection architectures using distributed optical sensors
In this paper we describe recent developments in flexible protection schemes that make use of passive fibre Bragg grating (FBG) based transducers for the distributed measurement of voltage and current. The technology underpinning the passive optical approach is described in detail, and both the present development and the future potential of the approach are discussed. In co-operation with Toshiba, the integration of the technique with an existing busbar protection relay is demonstrated, illustrating the flexibility offered by protection schemes that are based on the use of small, passive, multiplexable, dielectric transducers
The Virtual Block Interface: A Flexible Alternative to the Conventional Virtual Memory Framework
Computers continue to diversify with respect to system designs, emerging
memory technologies, and application memory demands. Unfortunately, continually
adapting the conventional virtual memory framework to each possible system
configuration is challenging, and often results in performance loss or requires
non-trivial workarounds. To address these challenges, we propose a new virtual
memory framework, the Virtual Block Interface (VBI). We design VBI based on the
key idea that delegating memory management duties to hardware can reduce the
overheads and software complexity associated with virtual memory. VBI
introduces a set of variable-sized virtual blocks (VBs) to applications. Each
VB is a contiguous region of the globally-visible VBI address space, and an
application can allocate each semantically meaningful unit of information
(e.g., a data structure) in a separate VB. VBI decouples access protection from
memory allocation and address translation. While the OS controls which programs
have access to which VBs, dedicated hardware in the memory controller manages
the physical memory allocation and address translation of the VBs. This
approach enables several architectural optimizations to (1) efficiently and
flexibly cater to different and increasingly diverse system configurations, and
(2) eliminate key inefficiencies of conventional virtual memory. We demonstrate
the benefits of VBI with two important use cases: (1) reducing the overheads of
address translation (for both native execution and virtual machine
environments), as VBI reduces the number of translation requests and associated
memory accesses; and (2) two heterogeneous main memory architectures, where VBI
increases the effectiveness of managing fast memory regions. For both cases,
VBI significanttly improves performance over conventional virtual memory
- …