Component isolation in the Think architecture.

We present in this paper the security features of Think, an ob ject-oriented architecture dedicated to build customized operating system kernels. The Think architecture is composed of an object- oriented software framework including a trader, and a library of system abstractions programmed as components. We show how to use this architecture to build secure and efficient kernels. Policy-neutral security is achieved by providing elementary tools that can be used by the system programmer to build a system resistant to security hazards, and a security manager that uses these tools to enforce a given security policy. An example of such a secure system is given by detailing how to ensure component isolation with a elementary software-based memory isolation tool

Population Genetics and Functional Connectivity of the Riparian Brush Rabbit (Sylvilagus bachmani riparius): Implications for the Conservation of an Endangered Lagomorph

Changes in landscape composition and connectivity can be powerful drivers of evolutionary change. While many natural changes occur at rates that allow organisms to adapt, anthropogenic changes to landscape often occur rapidly and over large spatial scales, challenging the adaptive potential of native organisms. Wide-spread anthropogenic changes not only decrease the presence and arrangement of habitat (structural connectivity), but also affect habitat quality and how organisms interact with the landscape (functional connectivity). California’s San Joaquin Valley provides an example of changes at both temporal scales. A product of millennia of hydrologic and geologic change, the San Joaquin Valley has experienced substantial changes in landscape composition over the last century, resulting in a highly altered system with isolated remnants of native habitat. The limited availability and connectivity of native habitat can impede gene flow between organismal populations while augmenting genetic drift within populations. Using a combination of molecular data and graph theory approaches, I assessed the genetic diversity, population genetic structure, and structural and functional connectivity of the riparian brush rabbit (Sylvilagus bachmani riparius). Endemic to the riparian forests of the San Joaquin Valley, the riparian brush rabbit has lost over 95 percent of its habitat since European settlement. I find that remnant populations of S. b. riparius share mitochondrial haplotypes, suggestive of historic connectivity throughout their range. However, analyses of contemporary genetic differentiation and structure suggest the presence of three genetic clusters within the subspecies, corresponding to the geographic locations of natural populations, indicating that gene flow is likely limited by habitat fragmentation. Landscape analyses further support these data, indicating strong support for isolation by effective habitat distance and limited connectivity between habitat patches throughout the riparian brush rabbit’s range. While these findings highlight the extensive fragmentation of S. b. riparius’ range, the augmented population at SJRNWR retains high levels of diversity and functional connectivity. As such, S. b. riparius would likely respond favorably to additional augmentation and restoration efforts

L2-induced changes in the L1 of Germans living in the Netherlands

This article reports on an investigation of changes in the grammatical competence of Germans living in the Netherlands. The participants (N = 52) were asked to give their judgments on the grammaticality of infinitive clauses in German. The judgments of this group were compared to those of a control group that lived in Germany and did not have contact with Dutch. The results revealed significant changes in the participants’ L1, which indicate transfer from the cognate L2, Dutch. Furthermore, it could be demonstrated that L2-induced changes can occur after a relatively short period of time, at least in the case of cognate languages

Building secure embedded kernels with the Think architecture.

We present in this paper the security features of Think, an object-oriented architecture dedicated to build customized operating system kernels. The Think architecture is composed of an object-oriented software framework including a trader, and a library of system abstractions programmed as components. We show how to use this architecture to build secure and efficient kernels for embedded systems. Policy- neutral security is achieved by providing elementary tools that can be used by the system programmer to build a system resistant to denial of service attacks and incorporating data access control. An example of such a secure system is given by detailing how to ensure component isolation with a elementary software-based memory isolation tool

Protection in the Think exokernel

In this paper, we present our preliminary ideas concerning the adaptation of security and protection techniques in the Think exokernel. Think is our proposition of a distributed adaptable kernel, designed according to the exokernel architecture. After summing up the main motivations for using the exokernel architecture, we describe the Think exokernel as it has been implemented on a PowerPC machine. We then present the major protection and security techniques that we plan to adapt to the Think environment, and give an example of how some of these techniques can be combined with the Think model to provide fair and protected resource management. Finally, we briefly present the iPAQ Pocket PC to which we plan to port the Think exokernel and explain our interest in this kind of mobile devices

Trusted Collaborative Real Time Scheduling in a Smart Card Exokernel

This paper presents the work we have conducted concerning real time scheduling in Camille, an exokernel dedicated to smart cards. We show that it is possible to embedded a flexible real-time operating system despite the important hardware limitations of the smart card platform. We present the major difficulties one has to face when integrating real time support in an exokernel embedded on a very resource-limited platform. We first present a naive solution consisting in allocating an equal time slice to every system extensions and letting each one share it as needed amongst its tasks. We show that this solution does not account for loading of new extensions in the system, and that it can fail if some extensions have much more work to carry out than the others. We then present a more complex solution based upon collaborative schedulers grouped as virtual extensions. We show that this solution supports dynamic loading of new extensions and works even for very unbalanced task repartitions. We finally address the issue of trust between the collaborating extensions and we propose a solution based on exhaustive testing and formal proving of the plan functions

On-The-Fly Metadata Stripping For Embedded Java Operating Systems

International audienceConsidering the typical amount of memory available on a smart card, it is essential to minimize the size of the runtime environment to leave as much memory as possible to applications. This paper shows that on-the-fly constant pool packing can result in a significant reduction of the memory footprint of an embedded Java runtime environment. We first present Jits, an architecture dedicated to building fully-customized Java runtime environments for smart cards. We then detail the op- timizations we have implemented in the class loading mechanism of Jits to reduce the size of the loaded class constant pool. By suppress- ing constant pool entries as they become unnecessary during the class loading process, we manage to compact constant pools of loaded classes to less than 8% of their initial size. We then present the results of our mechanism in term of constant pool and class size reductions, and conclude by suggesting some more aggressive optimizations