An IPsec Compatible Implementation of DBRA and IP-ABR

Satellites are some of the most difficult links to exploit in a Quality of Service (QoS) sensitive network, largely due to their high latency, variable-bandwidth and low-bandwidth nature. Central management of shared links has been shown to provide efficiency gains and enhanced QoS by effectively allocating resources according to reservations and dynamic resource availability. In a modern network, segregated by secure gateways and tunnels such as provided by IPsec, central management appears impossible to implement due to the barriers created between a global Dynamic Bandwidth Resource Allocation (DBRA) system and the mediators controlling the individual flows. This thesis explores and evaluates various through-IPsec communications techniques aimed at providing a satellite-to-network control channel, while maintaining data security for all communications involved

File integrity checking

This thesis looks at file execution as an attack vector that leads to the execution of unauthorized code. File integrity checking is examined as a means of removing this attack vector, and the design, implementation, and evaluation of a best-of-breed file integrity checker for the Linux operating system is undertaken. We conclude that the resultant file integrity checker does succeed in removing file execution as an attack vector, does so at a computational cost that is negligible, and displays innovative and useful features that are not currently found in any other Linux file integrity checker

Counter-Measures against Stack Buffer Overflows in GNU/Linux Operating Systems

AbstractWe address the particular cyber attack technique known as stack buffer overflow in GNU/Linux operating systems, which are widely used in HPC environments. The buffer overflow problem has been around for quite some time and continues to be an ever present issue. We develop a mechanism to successfully detect and react whenever a stack buffer overflow occurs. Our solution requires no compile-time support and so can be applied to any program, including legacy or closed source software for which the source code is not available. This makes it especially useful in HPC environments where given their complexity and scope of the computing system, incidents like overflows might be difficult to detect and react to accordingly

Linux Kernel Vulnerabilities: State-of-the-Art Defenses and Open Problems

Avoiding kernel vulnerabilities is critical to achieving security of many systems, because the kernel is often part of the trusted computing base. This paper evaluates the current state-of-the-art with respect to kernel protection techniques, by presenting two case studies of Linux kernel vulnerabilities. First, this paper presents data on 141 Linux kernel vulnerabilities discovered from January 2010 to March 2011, and second, this paper examines how well state-of-the-art techniques address these vulnerabilities. The main findings are that techniques often protect against certain exploits of a vulnerability but leave other exploits of the same vulnerability open, and that no effective techniques exist to handle semantic vulnerabilities---violations of high-level security invariants.United States. Defense Advanced Research Projects Agency. Clean-slate design of Resilient, Adaptive, Secure Hosts (Contract #N66001-10-2-4089

ELFbac: Using the Loader Format for Intent-Level Semantics and Fine-Grained Protection

Adversaries get software to do bad things by rewriting memory and changing control flow. Current approaches to protecting against these attacks leave many exposures; for example, OS-level filesystem protection and OS/architecture support of the userspace/kernelspace distinction fail to protect corrupted userspace code from changing userspace data. In this paper we present a new approach: using the ELF/ABI sections already produced by the standard binary toolchain to define, specify, and enforce fine-grained policy within an application\u27s address space. We experimentally show that enforcement of such policies would stop a large body of current attacks and discuss ways we could extend existing architecture to more efficiently provide such enforcement. Our approach is designed to work with existing ELF executables and the GNU build chain, but it can be extended into the compiler toolchains to support code annotations that take advantage of ELFbac enforcement-while maintaining full compatibility with the existing ELF ABI

Networking Subsystem Configuration Interface

Cílem diplomové práce je návrh síťové konfigurační knihovny s důrazem kladeným na přenositelnost mezi operačními systémy na bázi Linuxu a BSD a rozšiřitelnosti podpory knihovny. V druhé kapitole práce zkoumá dostupné konfigurační rozhraní obou operačních systémů. Detailně pak rozebírá vlastnosti rozhraní Netlink socketů, které je primárním konfiguračním rozhraním pro síťové prvky na Linuxu, a systémové volání ioctl, které má na Linuxu menší schopnosti, ale zato je primárně používané na BSD a jiných UNIX systémech. Jsou též zkoumané rozhraní pro konfiguraci rozdílných firewallů. V třetí kapitole je práce zameřená na konkrétní typy síťových zařízení, specifika jejich konfigurace a jejich návaznost na rozhraní jádra popsané v druhé kapitole. V čtvrté kapitole jsou formulovány požadavky na konfigurační knihovnu: jednoduchá rozšiřitelnost, přenositelnost na různé operační systémy, podpora sledování změn a událostí a rozšiřitelnost o různé typy uživatelských rozhraní. Na základě výzkumu z předcházejících dvou kapitol je přednesen návrh knihovny. Návrh definuje konfigurační rozhraní jako hierarchii abstraktních tříd, oddělených od implementace. To umožnuje mít současně několik implementací stejného konfiguračního rozhraní i v rámci jednoho operačního systému. Jako vstupní rozhraní knihovny je definovaná třída LibNCFG, která má na starosti tyto konfigurační objekty vytvořit namísto uživatele. Tímto je dosažená jednoduchá rozšiřitelnost knihovny o nové rozhraní operačních systémů i o podporu konfigurace nových síťových prvků. Podpora pro nové uživatelské rozhraní se dá implementovat jako nová služba, která zabaluje rozhraní knihovny a poskytuje jiná rozhraní. Pro podporu sledování změn poskytuje třída LibNCFG metody pro registraci zpětných volání pro definované události. Ve čtvrté kapitole práce detailně popisuje rozhraní třídy LibNCFG, modulu Common a tříd NetDevice, EthDevice a BondDevice, které definují konfigurační rozhraní příslušných typů síťových zařízení. Pro tyto třídy jsou implementované konkrétní třídy NetlinkNetDevice, NetlinkEthDevice a sysfsBondDevice a popsané jejich implementační detaily. V páté kapitole je popsaná ukázková aplikace, která byla implementovaná pro účely předvedení jednoduchosti použití konfigurační knihovny. Nakonec jsou v závěru shrnuté výsledky práce a je vedena diskuze o možných vylepšeních a o pokračování projektu.The goal of this thesis is to design a network configuration library with regards to operating system portability and extendability of supported features. To achieve this portable design the thesis explores and analyses the currently available network configuration options of Linux and BSD based operating systems and commonly used network devices. It provides and indepth description of Netlink sockets on Linux as the primary network configuration interface, and ioctl system calls that are used on BSD systems. The gathered information is used to create a portable and extendable library design that separates the configuration interface from its implementation into a hierarchy of abstract classes. Furthermore the class LibNCFG is defined as the entry point of the library which handles object creation and destruction instead of the user. This design provides a high level of extendability and ease of use at the same time. The thesis also describes the chosen parts of the library that were implemented so far. The thesis also describes a simple application that was created to showcase the ease of use of the created library. In the end the library summarizes achieved results and discusses possible improvements and continuation of the project.

Digital Signatures for PTP Using Transparent Clocks

Smart grids use synchronous real-time measurements from phasor measurement units (PMU) across portions of a grid to provide grid-wide integrity. Achieving synchronicity requires either accurate GPS clocks at each PMU or a high-resolution clock synchronization protocol, such as the Precision Time Protocol (PTP), specified in IEEE 1588 with the power profile in IEEE C37.238-2011. PTP does not natively include measures to provide authenticity or integrity for timestamps transmitted across an Ethernet network, though there has been recent work in providing end-to-end integrity of transmitted timestamps. However, PTP for use in the smart grid requires a version of the protocol in which network switches update the trusted timestamp in flight, meaning that an end-to-end approach is no longer sufficient. We propose two methods to provide for the integrity of the transmitted and updated timestamps as well as to ensure the authority of all network devices altering the time. In the first, we amend the PTP standard to include signatures as part of the time packet itself at the cost of increased jitter in the system. In the second, we transmit these signatures over a wireless network, reducing congestion on the original network. We test both methods on a simulated PTP switch intended for experimentation only and demonstrate that the use of a second network dedicated to verification-related information is better for current networks, as including signatures in the original packet causes more jitter than is acceptable for synchronizing PMUs in particular