Logo des Repositoriums

Auflistung nach Schlagwort "Linux"

1 - 3 von 3
  • Konferenzbeitrag
    Building a runtime state tracing kernel
    (IMF 2008 – IT Incident Management & IT Forensics, 2008) Chakravarthy, Ananth; Vaidya, Vinay G.
    A process is run by executing a sequence of instuctions by the processor However it is probable that not all of the instructions are executed as there are hundreds of paths that can be taken by the executable to complete ist execution. The path chosen is dependent on a host of factors like the environment, user input, the platform etc. As such, at any given instant of time, the process might be in any of the possible states Sn after traversing states S1, S2, S3 .. where S1, S2, S3 .....Sn, Sn+1, Sn+2,..SM depict the total M states that can be taken by the executable. There is no mechanism currently inside the LINUX kernel to peek into the state of the process to find out which if these states is it currently in and what are the states it has "traversed" to reach the current state while is is executing. If such an effective tracing can be achieved, it would lead to better operating system security. Other advantages are better logs or even building a verifiable software system. This paper looks at the infrastructure that has been developed to realize such a functionality in the Linux kernel and thereby increase the security of the running process. Of particular mention is the framework that has been developed to peek into the state of a running process as it executes and the various mechanisms that could be used to ascertain the state of the running process.
  • Konferenzbeitrag
    Case Study: Securing MMU-less Linux Using CHERI
    (SE 2024 - Companion, 2024) Almatary, Hesham; Mazzinghi, Alfredo; Watson, Robert N. M.
    MMU-less Linux variant lacks security because it does not have protection or isolation mechanisms. It also does not use MPUs as they do not fit with its software model because of the design drawbacks of MPUs (i. e. coarse-grained protection with fixed number of protected regions). We secure the existing MMU-less Linux version of the RISC-V port using CHERI. CHERI is a hardware-software capability-based system that extends the ISA, toolchain, programming languages, operating systems, and applications in order to provide complete pointer and memory safety. We believe that CHERI could provide significant security guarantees for high-end dynamic MMU-less embedded systems at lower costs, compared to MMUs and MPUs, by: 1) building the entire software stack in pure-capability CHERI C mode which provides complete spatial memory safety at the kernel and user-level, 2) isolating user programs as separate ELFs, each with its own CHERI-based capability table; this provides spatial memory safety similar to what the MMU offers (i. e. user programs cannot access each other’s memory), 3) isolating user programs from the kernel as the kernel has its own capability table from the users and vice versa, and 4) compartmentalising kernel modules using CompartOS’ linkage-based compartmentalisation. This offers a new security front that is not possible using the current MMU-based Linux, where vulnerable/malicious kernel modules (e. g. device drivers) executing in the kernel space would not compromise or take down the entire system. These are the four main contributions of this paper, presenting novel CHERI-based mechanisms to secure MMU-less embedded Linux.
  • Konferenzbeitrag
    Teleradiology on a personal digital assistant
    (Mobile Computing in Medicine, Second Conference on Mobile Computing in Medicine, Workshop of the Project Group MoCoMed, GMDS-Fachbereich Medizinische Informatik & GI-Fachausschuss 4.7, 2002) Schweitzer, T.; Engelmann, U.; Schröter, A.; Boraelv, E.; Meinzer, H.-P.
    This paper describes the porting of a teleradiology system to a Personal Digital Assistant (PDA). The basis for this formed the CHILI teleradiology and PACS system developed by the Steinbeis Transferzentrum Medizinische Informatik, Heidelberg (STZ) in cooperation with the German Cancer Research Center. The work was done as part of a EU IST project called Multimedia Terminal Mobile (MTM). The authors collected user requirements in a first step. Appropriate hardware has been selected based on these requirements. Dedicated software versions of CHILI have been realized on selected PDA hardware. The prototypes have been constantly evaluated in cooperation with medical end-users. Technologies from project partners like speech communication and speech recognition have been integrated.