Practical Fine-grained Privilege Separation in Multithreaded Applications

An inherent security limitation with the classic multithreaded programming model is that all the threads share the same address space and, therefore, are implicitly assumed to be mutually trusted. This assumption, however, does not take into consideration of many modern multithreaded applications that involve multiple principals which do not fully trust each other. It remains challenging to retrofit the classic multithreaded programming model so that the security and privilege separation in multi-principal applications can be resolved. This paper proposes ARBITER, a run-time system and a set of security primitives, aimed at fine-grained and data-centric privilege separation in multithreaded applications. While enforcing effective isolation among principals, ARBITER still allows flexible sharing and communication between threads so that the multithreaded programming paradigm can be preserved. To realize controlled sharing in a fine-grained manner, we created a novel abstraction named ARBITER Secure Memory Segment (ASMS) and corresponding OS support. Programmers express security policies by labeling data and principals via ARBITER's API following a unified model. We ported a widely-used, in-memory database application (memcached) to ARBITER system, changing only around 100 LOC. Experiments indicate that only an average runtime overhead of 5.6% is induced to this security enhanced version of application

Chlorine and Bromine Isotope Fractionation of Halogenated Organic Pollutants on Gas Chromatography Columns

Compound-specific chlorine/bromine isotope analysis (CSIA-Cl/Br) has become a useful approach for degradation pathway investigation and source appointment of halogenated organic pollutants (HOPs). CSIA-Cl/Br is usually conducted by gas chromatography-mass spectrometry (GC-MS), which could be negatively impacted by chlorine and bromine isotope fractionation of HOPs on GC columns. In this study, 31 organochlorines and 4 organobromines were systematically investigated in terms of Cl/Br isotope fractionation on GC columns using GC-double focus magnetic-sector high resolution MS (GC-DFS-HRMS). On-column chlorine/bromine isotope fractionation behaviors of the HOPs were explored, presenting various isotope fractionation modes and extents. Twenty-nine HOPs exhibited inverse isotope fractionation, and only polychlorinated biphenyl-138 (PCB-138) and PCB-153 presented normal isotope fractionation. And no observable isotope fractionation was found for the rest four HOPs, i.e., PCB-101, 1,2,3,7,8-pentachlorodibenzofuran, PCB-180 and 2,3,7,8-tetrachlorodibenzofuran. The isotope fractionation extents of different HOPs varied from below the observable threshold (0.50%) to 7.31% (PCB-18). The mechanisms of the on-column chlorine/bromine isotope fractionation were tentatively interpreted with the Craig-Gordon model and a modified two-film model. Inverse isotope effects and normal isotope effects might contribute to the total isotope effects together and thus determine the isotope fractionation directions and extents. Proposals derived from the main results of this study for CSIA-Cl/Br research were provided for improving the precision and accuracy of CSIA-Cl/Br results. The findings of this study will shed light on the development of CSIA-Cl/Br methods using GC-MS techniques, and help to implement the research using CSIA-Cl/Br to investigate the environmental behaviors and pollution sources of HOPs.Comment: 30 pages, 5 figure