37,531 research outputs found
Practical Fine-grained Privilege Separation in Multithreaded Applications
An inherent security limitation with the classic multithreaded programming
model is that all the threads share the same address space and, therefore, are
implicitly assumed to be mutually trusted. This assumption, however, does not
take into consideration of many modern multithreaded applications that involve
multiple principals which do not fully trust each other. It remains challenging
to retrofit the classic multithreaded programming model so that the security
and privilege separation in multi-principal applications can be resolved.
This paper proposes ARBITER, a run-time system and a set of security
primitives, aimed at fine-grained and data-centric privilege separation in
multithreaded applications. While enforcing effective isolation among
principals, ARBITER still allows flexible sharing and communication between
threads so that the multithreaded programming paradigm can be preserved. To
realize controlled sharing in a fine-grained manner, we created a novel
abstraction named ARBITER Secure Memory Segment (ASMS) and corresponding OS
support. Programmers express security policies by labeling data and principals
via ARBITER's API following a unified model. We ported a widely-used, in-memory
database application (memcached) to ARBITER system, changing only around 100
LOC. Experiments indicate that only an average runtime overhead of 5.6% is
induced to this security enhanced version of application
Globular Clusters in the Outer Halo of M31
In this paper, we present photometry of 53 globular clusters (GCs) in the M31
outer halo, including the {\sl GALEX} FUV and NUV, SDSS , 15
intermediate-band filters of BATC, and 2MASS bands. By comparing
the multicolour photometry with stellar population synthesis models, we
determine the metallicities, ages, and masses for these GCs, aiming to probe
the merging/accretion history of M31. We find no clear trend of metallicity and
mass with the de-projected radius. The halo GCs with age younger than
8 Gyr are mostly located at the de-projected radii around 100 kpc, but this may
be due to a selection effect. We also find that the halo GCs have consistent
metallicities with their spatially-associated substructures, which provides
further evidence of the physical association between them. Both the disk and
halo GCs in M31 show a bimodal luminosity distribution. However, we should
emphasize that there are more faint halo GCs which are not being seen in the
disk. The bimodal luminosity function of the halo GCs may reflect different
origin or evolution environment in their original hosts. The M31 halo GCs
includes one intermediate metallicity group ( [Fe/H] ) and one
metal-poor group ([Fe/H] ), while the disk GCs have one metal-rich group
more. There are considerable differences between the halo GCs in M31 and the
Milky Way (MW). The total number of M31 GCs is approximately three times more
numerous than that of the MW, however, M31 has about six times the number of
halo GCs in the MW. Compared to M31 halo GCs, the Galactic halo ones are mostly
metal-poor. Both the numerous halo GCs and the higher-metallicity component are
suggestive of an active merger history of M31.Comment: 14 pages, 16 figures, 6 tables. Accepted for publication in A&
- β¦