发布求助
文献互助 智能选刊 最新文献

arXiv - CS - Operating Systems最新文献

筛选
英文 中文
Laccolith: Hypervisor-Based Adversary Emulation with Anti-Detection Laccolith:基于管理程序的对手仿真与反检测
arXiv - CS - Operating Systems Pub Date : 2023-11-14 DOI: arxiv-2311.08274
Vittorio Orbinato, Marco Carlo Feliciano, Domenico Cotroneo, Roberto Natella
{"title":"Laccolith: Hypervisor-Based Adversary Emulation with Anti-Detection","authors":"Vittorio Orbinato, Marco Carlo Feliciano, Domenico Cotroneo, Roberto Natella","doi":"arxiv-2311.08274","DOIUrl":"https://doi.org/arxiv-2311.08274","url":null,"abstract":"Advanced Persistent Threats (APTs) represent the most threatening form of\u0000attack nowadays since they can stay undetected for a long time. Adversary\u0000emulation is a proactive approach for preparing against these attacks. However,\u0000adversary emulation tools lack the anti-detection abilities of APTs. We\u0000introduce Laccolith, a hypervisor-based solution for adversary emulation with\u0000anti-detection to fill this gap. We also present an experimental study to\u0000compare Laccolith with MITRE CALDERA, a state-of-the-art solution for adversary\u0000emulation, against five popular anti-virus products. We found that CALDERA\u0000cannot evade detection, limiting the realism of emulated attacks, even when\u0000combined with a state-of-the-art anti-detection framework. Our experiments show\u0000that Laccolith can hide its activities from all the tested anti-virus products,\u0000thus making it suitable for realistic emulations.","PeriodicalId":501333,"journal":{"name":"arXiv - CS - Operating Systems","volume":"154 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2023-11-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138522993","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
CARTOS: A Charging-Aware Real-Time Operating System for Intermittent Batteryless Devices 用于间歇性无电池设备的充电感知实时操作系统
arXiv - CS - Operating Systems Pub Date : 2023-11-13 DOI: arxiv-2311.07227
Mohsen Karimi, Yidi Wang, Youngbin Kim, Yoojin Lim, Hyoseung Kim
{"title":"CARTOS: A Charging-Aware Real-Time Operating System for Intermittent Batteryless Devices","authors":"Mohsen Karimi, Yidi Wang, Youngbin Kim, Yoojin Lim, Hyoseung Kim","doi":"arxiv-2311.07227","DOIUrl":"https://doi.org/arxiv-2311.07227","url":null,"abstract":"This paper presents CARTOS, a charging-aware real-time operating system\u0000designed to enhance the functionality of intermittently-powered batteryless\u0000devices (IPDs) for various Internet of Things (IoT) applications. While IPDs\u0000offer significant advantages such as extended lifespan and operability in\u0000extreme environments, they pose unique challenges, including the need to ensure\u0000forward progress of program execution amidst variable energy availability and\u0000maintaining reliable real-time time behavior during power disruptions. To\u0000address these challenges, CARTOS introduces a mixed-preemption scheduling model\u0000that classifies tasks into computational and peripheral tasks, and ensures\u0000their efficient and timely execution by adopting just-in-time checkpointing for\u0000divisible computation tasks and uninterrupted execution for indivisible\u0000peripheral tasks. CARTOS also supports processing chains of tasks with\u0000precedence constraints and adapts its scheduling in response to environmental\u0000changes to offer continuous execution under diverse conditions. CARTOS is\u0000implemented with new APIs and components added to FreeRTOS but is designed for\u0000portability to other embedded RTOSs. Through real hardware experiments and\u0000simulations, CARTOS exhibits superior performance over state-of-the-art\u0000methods, demonstrating that it can serve as a practical platform for developing\u0000resilient, real-time sensing applications on IPDs.","PeriodicalId":501333,"journal":{"name":"arXiv - CS - Operating Systems","volume":"2 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2023-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138522999","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
OpenBSD formal driver verification with SeL4 使用SeL4的OpenBSD正式驱动程序验证
arXiv - CS - Operating Systems Pub Date : 2023-11-06 DOI: arxiv-2311.03585
Adriana Nicolae, Paul Irofti, Ioana Leustean
{"title":"OpenBSD formal driver verification with SeL4","authors":"Adriana Nicolae, Paul Irofti, Ioana Leustean","doi":"arxiv-2311.03585","DOIUrl":"https://doi.org/arxiv-2311.03585","url":null,"abstract":"The seL4 microkernel is currently the only kernel that has been fully\u0000formally verified. In general, the increased interest in ensuring the security\u0000of a kernel's code results from its important role in the entire operating\u0000system. One of the basic features of an operating system is that it abstracts\u0000the handling of devices. This abstraction is represented by device drivers -\u0000the software that manages the hardware. A proper verification of the software\u0000component could ensure that the device would work properly unless there is a\u0000hardware failure.In this paper, we choose to model the behavior of a device\u0000driver and build the proof that the code implementation matches the expected\u0000behavior. The proof was written in Isabelle/HOL, the code translation from C to\u0000Isabelle was done automatically by the use of the C-to-Isabelle Parser and\u0000AutoCorres tools. We choose Isabelle theorem prover because its efficiency was\u0000already shown through the verification of seL4 microkernel.","PeriodicalId":501333,"journal":{"name":"arXiv - CS - Operating Systems","volume":"64 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2023-11-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138522988","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Pinky: A Modern Malware-oriented Dynamic Information Retrieval Tool Pinky:一个现代的面向恶意软件的动态信息检索工具
arXiv - CS - Operating Systems Pub Date : 2023-11-06 DOI: arxiv-2311.03588
Paul Irofti
{"title":"Pinky: A Modern Malware-oriented Dynamic Information Retrieval Tool","authors":"Paul Irofti","doi":"arxiv-2311.03588","DOIUrl":"https://doi.org/arxiv-2311.03588","url":null,"abstract":"We present here a reverse engineering tool that can be used for information\u0000retrieval and anti-malware techniques. Our main contribution is the design and\u0000implementation of an instrumentation framework aimed at providing insight on\u0000the emulation process. Sample emulation is achieved via translation of the\u0000binary code to an intermediate representation followed by compilation and\u0000execution. The design makes this a versatile tool that can be used for multiple\u0000task such as information retrieval, reverse engineering, debugging, and\u0000integration with anti-malware products.","PeriodicalId":501333,"journal":{"name":"arXiv - CS - Operating Systems","volume":"19 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2023-11-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138522997","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
MOSEL: Inference Serving Using Dynamic Modality Selection MOSEL:使用动态模态选择的推理服务
arXiv - CS - Operating Systems Pub Date : 2023-10-27 DOI: arxiv-2310.18481
Bodun Hu, Le Xu, Jeongyoon Moon, Neeraja J. Yadwadkar, Aditya Akella
{"title":"MOSEL: Inference Serving Using Dynamic Modality Selection","authors":"Bodun Hu, Le Xu, Jeongyoon Moon, Neeraja J. Yadwadkar, Aditya Akella","doi":"arxiv-2310.18481","DOIUrl":"https://doi.org/arxiv-2310.18481","url":null,"abstract":"Rapid advancements over the years have helped machine learning models reach\u0000previously hard-to-achieve goals, sometimes even exceeding human capabilities.\u0000However, to attain the desired accuracy, the model sizes and in turn their\u0000computational requirements have increased drastically. Thus, serving\u0000predictions from these models to meet any target latency and cost requirements\u0000of applications remains a key challenge, despite recent work in building\u0000inference-serving systems as well as algorithmic approaches that dynamically\u0000adapt models based on inputs. In this paper, we introduce a form of dynamism,\u0000modality selection, where we adaptively choose modalities from inference inputs\u0000while maintaining the model quality. We introduce MOSEL, an automated inference\u0000serving system for multi-modal ML models that carefully picks input modalities\u0000per request based on user-defined performance and accuracy requirements. MOSEL\u0000exploits modality configurations extensively, improving system throughput by\u00003.6$times$ with an accuracy guarantee and shortening job completion times by\u000011$times$.","PeriodicalId":501333,"journal":{"name":"arXiv - CS - Operating Systems","volume":"2 3","pages":""},"PeriodicalIF":0.0,"publicationDate":"2023-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138522996","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Survey of the Security Challenges and Requirements for IoT Operating Systems 物联网操作系统的安全挑战和需求调查
arXiv - CS - Operating Systems Pub Date : 2023-10-27 DOI: arxiv-2310.19825
Alvi Jawad
{"title":"A Survey of the Security Challenges and Requirements for IoT Operating Systems","authors":"Alvi Jawad","doi":"arxiv-2310.19825","DOIUrl":"https://doi.org/arxiv-2310.19825","url":null,"abstract":"The Internet of Things (IoT) is becoming an integral part of our modern lives\u0000as we converge towards a world surrounded by ubiquitous connectivity. The\u0000inherent complexity presented by the vast IoT ecosystem ends up in an\u0000insufficient understanding of individual system components and their\u0000interactions, leading to numerous security challenges. In order to create a\u0000secure IoT platform from the ground up, there is a need for a unifying\u0000operating system (OS) that can act as a cornerstone regulating the development\u0000of stable and secure solutions. In this paper, we present a classification of\u0000the security challenges stemming from the manifold aspects of IoT development.\u0000We also specify security requirements to direct the secure development of an\u0000unifying IoT OS to resolve many of those ensuing challenges. Survey of several\u0000modern IoT OSs confirm that while the developers of the OSs have taken many\u0000alternative approaches to implement security, we are far from engineering an\u0000adequately secure and unified architecture. More broadly, the study presented\u0000in this paper can help address the growing need for a secure and unified\u0000platform to base IoT development on and assure the safe, secure, and reliable\u0000operation of IoT in critical domains.","PeriodicalId":501333,"journal":{"name":"arXiv - CS - Operating Systems","volume":"2 2","pages":""},"PeriodicalIF":0.0,"publicationDate":"2023-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138522998","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Proving the Absence of Microarchitectural Timing Channels 证明微架构时间通道的缺失
arXiv - CS - Operating Systems Pub Date : 2023-10-25 DOI: arxiv-2310.17046
Scott BuckleyUNSW Sydney, Robert SisonUNSW SydneyUniversity of Melbourne, Nils WistoffETH Zürich, Curtis MillarUNSW Sydney, Toby MurrayUniversity of Melbourne, Gerwin KleinProofcraftUNSW Sydney, Gernot HeiserUNSW Sydney
{"title":"Proving the Absence of Microarchitectural Timing Channels","authors":"Scott BuckleyUNSW Sydney, Robert SisonUNSW SydneyUniversity of Melbourne, Nils WistoffETH Zürich, Curtis MillarUNSW Sydney, Toby MurrayUniversity of Melbourne, Gerwin KleinProofcraftUNSW Sydney, Gernot HeiserUNSW Sydney","doi":"arxiv-2310.17046","DOIUrl":"https://doi.org/arxiv-2310.17046","url":null,"abstract":"Microarchitectural timing channels are a major threat to computer security. A\u0000set of OS mechanisms called time protection was recently proposed as a\u0000principled way of preventing information leakage through such channels and\u0000prototyped in the seL4 microkernel. We formalise time protection and the\u0000underlying hardware mechanisms in a way that allows linking them to the\u0000information-flow proofs that showed the absence of storage channels in seL4.","PeriodicalId":501333,"journal":{"name":"arXiv - CS - Operating Systems","volume":"51 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2023-10-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138523000","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Snapshot: Fast, Userspace Crash Consistency for CXL and PM Using msync 快照:快速,用户空间崩溃一致性的CXL和PM使用msync
arXiv - CS - Operating Systems Pub Date : 2023-10-25 DOI: arxiv-2310.16300
Suyash Mahar, Mingyao Shen, Terence Kelly, Steven Swanson
{"title":"Snapshot: Fast, Userspace Crash Consistency for CXL and PM Using msync","authors":"Suyash Mahar, Mingyao Shen, Terence Kelly, Steven Swanson","doi":"arxiv-2310.16300","DOIUrl":"https://doi.org/arxiv-2310.16300","url":null,"abstract":"Crash consistency using persistent memory programming libraries requires\u0000programmers to use complex transactions and manual annotations. In contrast,\u0000the failure-atomic msync() (FAMS) interface is much simpler as it transparently\u0000tracks updates and guarantees that modified data is atomically durable on a\u0000call to the failure-atomic variant of msync(). However, FAMS suffers from\u0000several drawbacks, like the overhead of msync() and the write amplification\u0000from page-level dirty data tracking. To address these drawbacks while preserving the advantages of FAMS, we\u0000propose Snapshot, an efficient userspace implementation of FAMS. Snapshot uses compiler-based annotation to transparently track updates in\u0000userspace and syncs them with the backing byte-addressable storage copy on a\u0000call to msync(). By keeping a copy of application data in DRAM, Snapshot\u0000improves access latency. Moreover, with automatic tracking and syncing changes\u0000only on a call to msync(), Snapshot provides crash-consistency guarantees,\u0000unlike the POSIX msync() system call. For a KV-Store backed by Intel Optane running the YCSB benchmark, Snapshot\u0000achieves at least 1.2$times$ speedup over PMDK while significantly\u0000outperforming conventional (non-crash-consistent) msync(). On an emulated CXL\u0000memory semantic SSD, Snapshot outperforms PMDK by up to 10.9$times$ on all but\u0000one YCSB workload, where PMDK is 1.2$times$ faster than Snapshot. Further,\u0000Kyoto Cabinet commits perform up to 8.0$times$ faster with Snapshot than its\u0000built-in, msync()-based crash-consistency mechanism.","PeriodicalId":501333,"journal":{"name":"arXiv - CS - Operating Systems","volume":"322 ","pages":""},"PeriodicalIF":0.0,"publicationDate":"2023-10-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138523001","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Adaptive CPU Resource Allocation for Emulator in Kernel-based Virtual Machine 基于内核的虚拟机仿真器的自适应CPU资源分配
arXiv - CS - Operating Systems Pub Date : 2023-10-23 DOI: arxiv-2310.14741
Yecheng Yang, Pu Pang, Jiawen Wang, Quan Chen, Minyi Guo
{"title":"Adaptive CPU Resource Allocation for Emulator in Kernel-based Virtual Machine","authors":"Yecheng Yang, Pu Pang, Jiawen Wang, Quan Chen, Minyi Guo","doi":"arxiv-2310.14741","DOIUrl":"https://doi.org/arxiv-2310.14741","url":null,"abstract":"The technologies of heterogeneous multi-core architectures, co-location, and\u0000virtualization can be used to reduce server power consumption and improve\u0000system utilization, which are three important technologies for data centers.\u0000This article explores the scheduling strategy of Emulator threads within\u0000virtual machine processes in a scenario of co-location of multiple virtual\u0000machines on heterogeneous multi-core architectures. In this co-location\u0000scenario, the scheduling strategy for Emulator threads significantly affects\u0000the performance of virtual machines. This article focuses on this thread for\u0000the first time in the relevant field. This article found that the scheduling\u0000latency metric can well indicate the running status of the vCPU threads and\u0000Emulator threads in the virtualization environment, and applied this metric to\u0000the design of the scheduling strategy. This article designed an Emulator thread\u0000scheduler based on heuristic rules, which, in coordination with the host\u0000operating system's scheduler, dynamically adjusts the scheduling scope of\u0000Emulator threads to improve the overall performance of virtual machines. The\u0000article found that in real application scenarios, the scheduler effectively\u0000improved the performance of applications within virtual machines, with a\u0000maximum performance improvement of 40.7%.","PeriodicalId":501333,"journal":{"name":"arXiv - CS - Operating Systems","volume":"14 2","pages":""},"PeriodicalIF":0.0,"publicationDate":"2023-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138523092","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
GMEM: Generalized Memory Management for Peripheral Devices 外围设备的通用内存管理
arXiv - CS - Operating Systems Pub Date : 2023-10-19 DOI: arxiv-2310.12554
Weixi Zhu, Alan L. Cox, Scott Rixner
{"title":"GMEM: Generalized Memory Management for Peripheral Devices","authors":"Weixi Zhu, Alan L. Cox, Scott Rixner","doi":"arxiv-2310.12554","DOIUrl":"https://doi.org/arxiv-2310.12554","url":null,"abstract":"This paper presents GMEM, generalized memory management, for peripheral\u0000devices. GMEM provides OS support for centralized memory management of both CPU\u0000and devices. GMEM provides a high-level interface that decouples MMU-specific\u0000functions. Device drivers can thus attach themselves to a process's address\u0000space and let the OS take charge of their memory management. This eliminates\u0000the need for device drivers to \"reinvent the wheel\" and allows them to benefit\u0000from general memory optimizations integrated by GMEM. Furthermore, GMEM\u0000internally coordinates all attached devices within each virtual address space.\u0000This drastically improves user-level programmability, since programmers can use\u0000a single address space within their program, even when operating across the CPU\u0000and multiple devices. A case study on device drivers demonstrates these\u0000benefits. A GMEM-based IOMMU driver eliminates around seven hundred lines of\u0000code and obtains 54% higher network receive throughput utilizing 32% less CPU\u0000compared to the state-of-the-art. In addition, the GMEM-based driver of a\u0000simulated GPU takes less than 70 lines of code, excluding its MMU functions.","PeriodicalId":501333,"journal":{"name":"arXiv - CS - Operating Systems","volume":"64 3","pages":""},"PeriodicalIF":0.0,"publicationDate":"2023-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138522986","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信