Visible to the public Biblio

Found 142 results

Filters: Keyword is Linux  [Clear All Filters]
2022-09-30
Yu, Dongqing, Hou, Xiaowei, Li, Ce, Lv, Qiujian, Wang, Yan, Li, Ning.  2021.  Anomaly Detection in Unstructured Logs Using Attention-based Bi-LSTM Network. 2021 7th IEEE International Conference on Network Intelligence and Digital Content (IC-NIDC). :403–407.
System logs record valuable information about the runtime status of IT systems. Therefore, system logs are a naturally excellent source of information for anomaly detection. Most of the existing studies on log-based anomaly detection construct a detection model to identify anomalous logs. Generally, the model treats historical logs as natural language sequences and learns the normal patterns from normal log sequences, and detects deviations from normal patterns as anomalies. However, the majority of existing methods focus on sequential and quantitative information and ignore semantic information hidden in log sequence so that they are inefficient in anomaly detection. In this paper, we propose a novel framework for automatically detecting log anomalies by utilizing an attention-based Bi-LSTM model. To demonstrate the effectiveness of our proposed model, we evaluate the performance on a public production log dataset. Extensive experimental results show that the proposed approach outperforms all comparison methods for anomaly detection.
2022-09-29
Wei, Song, Zhang, Kun, Tu, Bibo.  2021.  Performance Impact of Host Kernel Page Table Isolation on Virtualized Servers. 2021 IEEE Asia-Pacific Conference on Image Processing, Electronics and Computers (IPEC). :912–919.
As Meltdown mitigation, Kernel Page Table I solation (KPTI) was merged into Linux kernel mainline, and the performance impact is significant on x86 processors. Most of the previous work focuses on how KPTI affects Linux kernel performance within the scope of virtual machines or physical machines on x86. However, whether host KPTI affects virtual machines has not been well studied. What's more, there is relatively little research on ARM CPUs. This paper presents an in-depth study of how KPTI on the host affects the virtualized server performance and compares ARMv8 and x86. We first run several application benchmarks to demonstrate the performance impact does exist. The reason is that with a para-virtual I/O scheme, guest offloads I/O requests to the host side, which may incur user/kernel transitions. For the network I/O, when using QEMU as the back-end device, we saw a 1.7% and 5.5% slowdown on ARMv8 and x86, respectively. vhost and vhost-user, originally proposed to optimize performance, inadvertently mitigate the performance impact introduced by host KPTI. For CPU and memory-intensive benchmarks, the performance impact is trivial. We also find that virtual machines on ARMv8 are less affected by KPTI. To diagnose the root cause, we port HyperBench to the ARM virtualization platform. The final results show that swapping the translation table pointer register on ARMv8 is about 3.5x faster than x86. Our findings have significant implications for tuning the x86 virtualization platform's performance and helping ARMv8 administrators enable KPTI with confidence.
Zhang, Zhengjun, Liu, Yanqiang, Chen, Jiangtao, Qi, Zhengwei, Zhang, Yifeng, Liu, Huai.  2021.  Performance Analysis of Open-Source Hypervisors for Automotive Systems. 2021 IEEE 27th International Conference on Parallel and Distributed Systems (ICPADS). :530–537.
Nowadays, automotive products are intelligence intensive and thus inevitably handle multiple functionalities under the current high-speed networking environment. The embedded virtualization has high potentials in the automotive industry, thanks to its advantages in function integration, resource utilization, and security. The invention of ARM virtualization extensions has made it possible to run open-source hypervisors, such as Xen and KVM, for embedded applications. Nevertheless, there is little work to investigate the performance of these hypervisors on automotive platforms. This paper presents a detailed analysis of different types of open-source hypervisors that can be applied in the ARM platform. We carry out the virtualization performance experiment from the perspectives of CPU, memory, file I/O, and some OS operation performance on Xen and Jailhouse. A series of microbenchmark programs have been designed, specifically to evaluate the real-time performance of various hypervisors and the relevant overhead. Compared with Xen, Jailhouse has better latency performance, stable latency, and little interference jitter. The performance experiment results help us summarize the advantages and disadvantages of these hypervisors in automotive applications.
2022-09-20
Rajput, Prashant Hari Narayan, Sarkar, Esha, Tychalas, Dimitrios, Maniatakos, Michail.  2021.  Remote Non-Intrusive Malware Detection for PLCs based on Chain of Trust Rooted in Hardware. 2021 IEEE European Symposium on Security and Privacy (EuroS&P). :369—384.
Digitization has been rapidly integrated with manufacturing industries and critical infrastructure to increase efficiency, productivity, and reduce wastefulness, a transition being labeled as Industry 4.0. However, this expansion, coupled with the poor cybersecurity posture of these Industrial Internet of Things (IIoT) devices, has made them prolific targets for exploitation. Moreover, modern Programmable Logic Controllers (PLC) used in the Operational Technology (OT) sector are adopting open-source operating systems such as Linux instead of proprietary software, making such devices susceptible to Linux-based malware. Traditional malware detection approaches cannot be applied directly or extended to such environments due to the unique restrictions of these PLC devices, such as limited computational power and real-time requirements. In this paper, we propose ORRIS, a novel lightweight and out-of-the-device framework that detects malware at both kernel and user-level by processing the information collected using the Joint Test Action Group (JTAG) interface. We evaluate ORRIS against in-the-wild Linux malware achieving maximum detection accuracy of ≈99.7% with very few false-positive occurrences, a result comparable to the state-of-the-art commercial products. Moreover, we also develop and demonstrate a real-time implementation of ORRIS for commercial PLCs.
2022-08-26
Zhang, Yuan, Li, Jian, Yang, Jiayu, Xing, Yitao, Zhuang, Rui, Xue, Kaiping.  2021.  Low Priority Congestion Control for Multipath TCP. 2021 IEEE Global Communications Conference (GLOBECOM). :1–6.

Many applications are bandwidth consuming but may tolerate longer flow completion times. Multipath protocols, such as multipath TCP (MPTCP), can offer bandwidth aggregation and resilience to link failures for such applications, and low priority congestion control (LPCC) mechanisms can make these applications yield to other time-sensitive ones. Properly combining the above two can improve the overall user experience. However, the existing LPCC mechanisms are not adequate for MPTCP. They do not take into account the characteristics of multiple network paths, and cannot ensure fairness among the same priority flows. Therefore, we propose a multipath LPCC mechanism, i.e., Dynamic Coupled Low Extra Delay Background Transport, named DC-LEDBAT. Our scheme is designed based on a standardized LPCC mechanism LEDBAT. To avoid unfairness among the same priority flows, DC-LEDBAT trades little throughput for precisely measuring the minimum delay. Moreover, to be friendly to single-path LEDBAT, our scheme leverages the correlation of the queuing delay to detect whether multiple paths go through a shared bottleneck. Then, DC-LEDBAT couples the congestion window at shared bottlenecks to control the sending rate. We implement DC-LEDBAT in a Linux kernel and experimental results show that DC-LEDBAT can not only utilize the excess bandwidth of MPTCP but also ensure fairness among the same priority flows.

Ganguli, Mrittika, Ranganath, Sunku, Ravisundar, Subhiksha, Layek, Abhirupa, Ilangovan, Dakshina, Verplanke, Edwin.  2021.  Challenges and Opportunities in Performance Benchmarking of Service Mesh for the Edge. 2021 IEEE International Conference on Edge Computing (EDGE). :78—85.
As Edge deployments move closer towards the end devices, low latency communication among Edge aware applications is one of the key tenants of Edge service offerings. In order to simplify application development, service mesh architectures have emerged as the evolutionary architectural paradigms for taking care of bulk of application communication logic such as health checks, circuit breaking, secure communication, resiliency (among others), thereby decoupling application logic with communication infrastructure. The latency to throughput ratio needs to be measurable for high performant deployments at the Edge. Providing benchmark data for various edge deployments with Bare Metal and virtual machine-based scenarios, this paper digs into architectural complexities of deploying service mesh at edge environment, performance impact across north-south and east-west communications in and out of a service mesh leveraging popular open-source service mesh Istio/Envoy using a simple on-prem Kubernetes cluster. The performance results shared indicate performance impact of Kubernetes network stack with Envoy data plane. Microarchitecture analyses indicate bottlenecks in Linux based stacks from a CPU micro-architecture perspective and quantify the high impact of Linux's Iptables rule matching at scale. We conclude with the challenges in multiple areas of profiling and benchmarking requirement and a call to action for deploying a service mesh, in latency sensitive environments at Edge.
2022-08-02
Jero, Samuel, Furgala, Juliana, Pan, Runyu, Gadepalli, Phani Kishore, Clifford, Alexandra, Ye, Bite, Khazan, Roger, Ward, Bryan C., Parmer, Gabriel, Skowyra, Richard.  2021.  Practical Principle of Least Privilege for Secure Embedded Systems. 2021 IEEE 27th Real-Time and Embedded Technology and Applications Symposium (RTAS). :1—13.

Many embedded systems have evolved from simple bare-metal control systems to highly complex network-connected systems. These systems increasingly demand rich and feature-full operating-systems (OS) functionalities. Furthermore, the network connectedness offers attack vectors that require stronger security designs. To that end, this paper defines a prototypical RTOS API called Patina that provides services common in featurerich OSes (e.g., Linux) but absent in more trustworthy μ -kernel based systems. Examples of such services include communication channels, timers, event management, and synchronization. Two Patina implementations are presented, one on Composite and the other on seL4, each of which is designed based on the Principle of Least Privilege (PoLP) to increase system security. This paper describes how each of these μ -kernels affect the PoLP based design, as well as discusses security and performance tradeoffs in the two implementations. Results of comprehensive evaluations demonstrate that the performance of the PoLP based implementation of Patina offers comparable or superior performance to Linux, while offering heightened isolation.

2022-07-29
Gallus, Petr, Frantis, Petr.  2021.  Security analysis of the Raspbian Linux operating system and its settings to increase resilience against attacks via network interface. 2021 International Conference on Military Technologies (ICMT). :1—5.

The Internet, originally an academic network for the rapid exchange of information, has moved over time into the commercial media, business and later industrial communications environment. Recently, it has been included as a part of cyberspace as a combat domain. Any device connected to the unprotected Internet is thus exposed to possible attacks by various groups and individuals pursuing various criminal, security and political objectives. Therefore, each such device must be set up to be as resistant as possible to these attacks. For the implementation of small home, academic or industrial systems, people very often use small computing system Raspberry PI, which is usually equipped with the operating system Raspbian Linux. Such a device is often connected to an unprotected Internet environment and if successfully attacked, can act as a gateway for an attacker to enter the internal network of an organization or home. This paper deals with security configuration of Raspbian Linux operating system for operation on public IP addresses in an unprotected Internet environment. The content of this paper is the conduction and analysis of an experiment in which five Raspbian Linux/Raspberry PI accounts were created with varying security levels; the easiest to attack is a simulation of the device of a user who has left the system without additional security. The accounts that follow gradually add further protection and security. These accounts are used to simulate a variety of experienced users, and in a practical experiment the effects of these security measures are evaluated; such as the number of successful / unsuccessful attacks; where the attacks are from; the type and intensity of the attacks; and the target of the attack. The results of this experiment lead to formulated conclusions containing an analysis of the attack and subsequent design recommendations and settings to secure such a device. The subsequent section of the paper discusses the implementation of a simple TCP server that is configured to listen to incoming traffic on preset ports; it simulates the behaviour of selected services on these ports. This server's task is to intercept unauthorized connection attempts to these ports and intercepting attempts to communicate or attack these services. These recorded attack attempts are analyzed in detail and formulated in the conclusion, including implications for the security settings of such a device. The overall result of this paper is the recommended set up of operating system Raspbian Linux to work on public IP addresses in an unfiltered Internet environment.

2022-07-14
Lee, Sun-Jin, Shim, Hye-Yeon, Lee, Yu-Rim, Park, Tae-Rim, Park, So-Hyun, Lee, Il-Gu.  2021.  Study on Systematic Ransomware Detection Techniques. 2021 23rd International Conference on Advanced Communication Technology (ICACT). :297–301.
Cyberattacks have been progressed in the fields of Internet of Things, and artificial intelligence technologies using the advanced persistent threat (APT) method recently. The damage caused by ransomware is rapidly spreading among APT attacks, and the range of the damages of individuals, corporations, public institutions, and even governments are increasing. The seriousness of the problem has increased because ransomware has been evolving into an intelligent ransomware attack that spreads over the network to infect multiple users simultaneously. This study used open source endpoint detection and response tools to build and test a framework environment that enables systematic ransomware detection at the network and system level. Experimental results demonstrate that the use of EDR tools can quickly extract ransomware attack features and respond to attacks.
2022-05-12
Li, Shih-Wei, Li, Xupeng, Gu, Ronghui, Nieh, Jason, Zhuang Hui, John.  2021.  A Secure and Formally Verified Linux KVM Hypervisor. 2021 IEEE Symposium on Security and Privacy (SP). :1782–1799.

Commodity hypervisors are widely deployed to support virtual machines (VMs) on multiprocessor hardware. Their growing complexity poses a security risk. To enable formal verification over such a large codebase, we introduce microverification, a new approach that decomposes a commodity hypervisor into a small core and a set of untrusted services so that we can prove security properties of the entire hypervisor by verifying the core alone. To verify the multiprocessor hypervisor core, we introduce security-preserving layers to modularize the proof without hiding information leakage so we can prove each layer of the implementation refines its specification, and the top layer specification is refined by all layers of the core implementation. To verify commodity hypervisor features that require dynamically changing information flow, we introduce data oracles to mask intentional information flow. We can then prove noninterference at the top layer specification and guarantee the resulting security properties hold for the entire hypervisor implementation. Using microverification, we retrofitted the Linux KVM hypervisor with only modest modifications to its codebase. Using Coq, we proved that the hypervisor protects the confidentiality and integrity of VM data, while retaining KVM’s functionality and performance. Our work is the first machine-checked security proof for a commodity multiprocessor hypervisor.

2022-05-10
Li, Hongrui, Zhou, Lili, Xing, Mingming, Taha, Hafsah binti.  2021.  Vulnerability Detection Algorithm of Lightweight Linux Internet of Things Application with Symbolic Execution Method. 2021 International Symposium on Computer Technology and Information Science (ISCTIS). :24–27.
The security of Internet of Things (IoT) devices has become a matter of great concern in recent years. The existence of security holes in the executable programs in the IoT devices has resulted in difficult to estimate security risks. For a long time, vulnerability detection is mainly completed by manual debugging and analysis, and the detection efficiency is low and the accuracy is difficult to guarantee. In this paper, the mainstream automated vulnerability analysis methods in recent years are studied, and a vulnerability detection algorithm based on symbol execution is presented. The detection algorithm is suitable for lightweight applications in small and medium-sized IoT devices. It realizes three functions: buffer overflow vulnerability detection, encryption reliability detection and protection state detection. The robustness of the detection algorithm was tested in the experiment, and the detection of overflow vulnerability program was completed within 2.75 seconds, and the detection of encryption reliability was completed within 1.79 seconds. Repeating the test with multiple sets of data showed a small difference of less than 6.4 milliseconds. The results show that the symbol execution detection algorithm presented in this paper has high detection efficiency and more robust accuracy and robustness.
2022-04-19
Klein, Amit.  2021.  Cross Layer Attacks and How to Use Them (for DNS Cache Poisoning, Device Tracking and More). 2021 IEEE Symposium on Security and Privacy (SP). :1179–1196.
We analyze the prandom pseudo random number generator (PRNG) in use in the Linux kernel (which is the kernel of the Linux operating system, as well as of Android) and demonstrate that this PRNG is weak. The prandom PRNG is in use by many "consumers" in the Linux kernel. We focused on three consumers at the network level – the UDP source port generation algorithm, the IPv6 flow label generation algorithm and the IPv4 ID generation algorithm. The flawed prandom PRNG is shared by all these consumers, which enables us to mount "cross layer attacks" against the Linux kernel. In these attacks, we infer the internal state of the prandom PRNG from one OSI layer, and use it to either predict the values of the PRNG employed by the other OSI layer, or to correlate it to an internal state of the PRNG inferred from the other protocol.Using this approach we can mount a very efficient DNS cache poisoning attack against Linux. We collect TCP/IPv6 flow label values, or UDP source ports, or TCP/IPv4 IP ID values, reconstruct the internal PRNG state, then predict an outbound DNS query UDP source port, which speeds up the attack by a factor of x3000 to x6000. This attack works remotely, but can also be mounted locally, across Linux users and across containers, and (depending on the stub resolver) can poison the cache with an arbitrary DNS record. Additionally, we can identify and track Linux and Android devices – we collect TCP/IPv6 flow label values and/or UDP source port values and/or TCP/IPv4 ID fields, reconstruct the PRNG internal state and correlate this new state to previously extracted PRNG states to identify the same device.
2022-04-01
Sedano, Wadlkur Kurniawan, Salman, Muhammad.  2021.  Auditing Linux Operating System with Center for Internet Security (CIS) Standard. 2021 International Conference on Information Technology (ICIT). :466—471.
Linux is one of the operating systems to support the increasingly rapid development of internet technology. Apart from the speed of the process, security also needs to be considered. Center for Internet Security (CIS) Benchmark is an example of a security standard. This study implements the CIS Benchmark using the Chef Inspec application. This research focuses on building a tool to perform security audits on the Ubuntu 20.04 operating system. 232 controls on CIS Benchmark were successfully implemented using Chef Inspec application. The results of this study were 87 controls succeeded, 118 controls failed, and 27 controls were skipped. This research is expected to be a reference for information system managers in managing system security.
2022-03-14
Romero Goyzueta, Christian Augusto, Cruz De La Cruz, Jose Emmanuel, Cahuana, Cristian Delgado.  2021.  VPNoT: End to End Encrypted Tunnel Based on OpenVPN and Raspberry Pi for IoT Security. 2021 International Conference on Electrical, Computer, Communications and Mechatronics Engineering (ICECCME). :1–5.
Internet of Things (IoT) devices use different types of media and protocols to communicate to Internet, but security is compromised since the devices are not using encryption, authentication and integrity. Virtual Private Network of Things (VPNoT) is a new technology designed to create end to end encrypted tunnels for IoT devices, in this case, the VPNoT device is based on OpenVPN that provides confidentiality and integrity, also based on Raspberry Pi as the hardware and Linux as the operating system, both provide connectivity using different types of media to access Internet and network management. IoT devices and sensors can be connected to the VPNoT device so an encrypted tunnel is created to an IoT Server. VPNoT device uses a profile generated by the server, then all devices form a virtual private network (VPN). VPNoT device can act like a router when necessary and this environment works for IPv6 and IPv4 with a great advantage that OpenVPN traverses NAT permitting private IoT servers be accessible to the VPN. The annual cost of the improvement is about \$455 USD per year for 10 VPNoT devices.
Baray, Elyas, Kumar Ojha, Nitish.  2021.  ‘WLAN Security Protocols and WPA3 Security Approach Measurement Through Aircrack-ng Technique’. 2021 5th International Conference on Computing Methodologies and Communication (ICCMC). :23–30.
From the beginning of technology and Wi-Fi based systems wireless networks had a prominent threat upon data security. Without security measures many organizations contribute on these flaws of security to make it better. There are many vulnerabilities of security models which are discussed in this article such as hacking through Wi-Fi security by Aircrack-ng, previous security model vulnerabilities and also the performance of Aircrack-ng attack on Wi-Fi modem or routers. In order to crack WPA/WPA2, kali Linux operating system will be needed along with Aircrack-ng packages installed on any compatible PC. Some of the new standard WPA3 such like downgrade problem on which the system will let the device to downgrade from WPA3 to WPA2 in order to connect with incompatible devise. Further, it makes a way for hackers to obtain Wi-Fi passwords even from new model defined such as WPA3 by using old techniques. The new model introduced Wi-Fi security protocol WPA3 is also no longer a secure model it can be penetrated. Researchers have discovered some new vulnerability enables hackers to get out the Wi-Fi passwords.
Staniloiu, Eduard, Nitu, Razvan, Becerescu, Cristian, Rughiniş, Razvan.  2021.  Automatic Integration of D Code With the Linux Kernel. 2021 20th RoEduNet Conference: Networking in Education and Research (RoEduNet). :1—6.
The Linux kernel is implemented in C, an unsafe programming language, which puts the burden of memory management, type and bounds checking, and error handling in the hands of the developer. Hundreds of buffer overflow bugs have compromised Linux systems over the years, leading to endless layers of mitigations applied on top of C. In contrast, the D programming language offers automated memory safety checks and modern features such as OOP, templates and functional style constructs. In addition, interoper-ability with C is supported out of the box. However, to integrate a D module with the Linux kernel it is required that the needed C header files are translated to D header files. This is a tedious, time consuming, manual task. Although a tool to automate this process exists, called DPP, it does not work with the complicated, sometimes convoluted, kernel code. In this paper, we improve DPP with the ability to translate any Linux kernel C header to D. Our work enables the development and integration of D code inside the Linux kernel, thus facilitating a method of making the kernel memory safe.
Mehra, Misha, Paranjape, Jay N., Ribeiro, Vinay J..  2021.  Improving ML Detection of IoT Botnets using Comprehensive Data and Feature Sets. 2021 International Conference on COMmunication Systems NETworkS (COMSNETS). :438—446.
In recent times, the world has seen a tremendous increase in the number of attacks on IoT devices. A majority of these attacks have been botnet attacks, where an army of compromised IoT devices is used to launch DDoS attacks on targeted systems. In this paper, we study how the choice of a dataset and the extracted features determine the performance of a Machine Learning model, given the task of classifying Linux Binaries (ELFs) as being benign or malicious. Our work focuses on Linux systems since embedded Linux is the more popular choice for building today’s IoT devices and systems. We propose using 4 different types of files as the dataset for any ML model. These include system files, IoT application files, IoT botnet files and general malware files. Further, we propose using static, dynamic as well as network features to do the classification task. We show that existing methods leave out one or the other features, or file types and hence, our model outperforms them in terms of accuracy in detecting these files. While enhancing the dataset adds to the robustness of a model, utilizing all 3 types of features decreases the false positive and false negative rates non-trivially. We employ an exhaustive scenario based method for evaluating a ML model and show the importance of including each of the proposed files in a dataset. We also analyze the features and try to explain their importance for a model, using observed trends in different benign and malicious files. We perform feature extraction using the open source Limon sandbox, which prior to this work has been tested only on Ubuntu 14. We installed and configured it for Ubuntu 18, the documentation of which has been shared on Github.
2022-02-03
Yankson, Benjamin, K, Javed Vali, Hung, Patrick C. K., Iqbal, Farkhund, Ali, Liaqat.  2021.  Security Assessment for Zenbo Robot Using Drozer and mobSF Frameworks. 2021 11th IFIP International Conference on New Technologies, Mobility and Security (NTMS). :1—7.
These days, almost everyone has been entirely relying on mobile devices and mobile related applications running on Android Operating Systems, the most used Mobile Operating System in the world with the largest market share. These Mobile devices and applications can become an information goldmine for hackers and are considered one of the significant concerns mobile users face who stand a chance of being victimized during data breach from hackers due to lapse in information security and controls. Such challenge can be put to bare through systematic digital forensic analysis through penetration testing for a humanoid robot like Zenbo, which run Android OS and related application, to help identify associated security vulnerabilities and develop controls required to improve security using popular penetration testing tools such as Drozer, Mobile Application Security framework (mobSF), and AndroBugs with the help of Santoku Linux distribution.
2022-01-31
Mabe, Abigail, Nelson, Michael L., Weigle, Michele C..  2021.  Extending Chromium: Memento-Aware Browser. 2021 ACM/IEEE Joint Conference on Digital Libraries (JCDL). :310—311.
Users rely on their web browser to provide information about the websites they are visiting, such as the security state of the web page their viewing. Current browsers do not differentiate between the live Web and the past Web. If a user loads an archived web page, known as a memento, they have to rely on user interface (UI) elements within the page itself to inform them that the page they are viewing is not the live Web. Memento-awareness extends beyond recognizing a page that has already been archived. The browser should give users the ability to easily archive live web pages as they are browsing. This report presents a proof-of-concept browser that is memento-aware and is created by extending Google's open-source web browser Chromium.
2022-01-25
Uddin Nadim, Taef, Foysal.  2021.  Towards Autonomic Entropy Based Approach for DDoS Attack Detection and Mitigation Using Software Defined Networking. 2021 International Conference on Automation, Control and Mechatronics for Industry 4.0 (ACMI). :1—5.
Software defined networking (SDN) architecture frame- work eases the work of the network administrators by separating the data plane from the control plane. This provides a programmable interface for applications development related to security and management. The centralized logical controller provides more control over the total network, which has complete network visibility. These SDN advantages expose the network to vulnerabilities and the impact of the attacks is much severe when compared to traditional networks, where the network devices have protection from the attacks and limits the occurrence of attacks. In this paper, we proposed an entropy based algorithm in SDN to detect as well as stopping distributed denial of service (DDoS) attacks on the servers or clouds or hosts. Firstly, there explored various attacks that can be launched on SDN at different layers. Basically DDoS is one kind of denial of service attack in which an attacker uses multiple distributed sources for attacking a particular server. Every network in a system has an entropy and an increase in the randomness of probability causes entropy to decrease. In comparison with previous entropy based approaches this approach has higher performance in distinguishing legal and illegal traffics and blocking illegal traffic paths. Linux OS and Mininet Simulator along with POX controller are used to validate the proposed approach. By conducting pervasive simulation along with theoretical analysis this method can definitely detect and stop DDoS attacks automatically.
Ozga, Wojciech, Le Quoc, Do, Fetzer, Christof.  2021.  TRIGLAV: Remote Attestation of the Virtual Machine's Runtime Integrity in Public Clouds. 2021 IEEE 14th International Conference on Cloud Computing (CLOUD). :1–12.
Trust is of paramount concern for tenants to deploy their security-sensitive services in the cloud. The integrity of virtual machines (VMs) in which these services are deployed needs to be ensured even in the presence of powerful adversaries with administrative access to the cloud. Traditional approaches for solving this challenge leverage trusted computing techniques, e.g., vTPM, or hardware CPU extensions, e.g., AMD SEV. But, they are vulnerable to powerful adversaries, or they provide only load time (not runtime) integrity measurements of VMs. We propose TRIGLAV, a protocol allowing tenants to establish and maintain trust in VM runtime integrity of software and its configuration. TRIGLAV is transparent to the VM configuration and setup. It performs an implicit attestation of VMs during a secure login and binds the VM integrity state with the secure connection. Our prototype's evaluation shows that TRIGLAV is practical and incurs low performance overhead (\textbackslashtextless 6%).
2021-11-08
Guojie, Liu, Jianbiao, Zhang.  2020.  A TPCM-Based Trusted PXE Boot Method For Servers. 2020 IEEE 5th International Conference on Signal and Image Processing (ICSIP). :996–1000.
Information level protection standard 2.0 requires trusted verification of system bootstrappers, system programs, etc. of server equipment based on trusted root. According to the requirements of information level protection standard, this paper puts forward a network trusted start-up scheme based on the trusted platform control module to guarantee the security and trust of the server's BIOS firmware, PXE boot file and Linux system file. When publishing BIOS firmware, PXE startup file, Linux system file, the state-secret algorithm SM3 is used to calculate the summary value as the benchmark value, and stored in the trusted platform control module, BIOS firmware, Linux boot file. When the server starts up with PXE, the BIOS firmware is measured by the Trusted Platform Control Module, the BIOS Start Environment Measures PXE Boot File, and the PXE Boot File measures the Linux system file. The trusted platform control module is the trust root level measurement level, the first level of trust level, the trust chain, the implementation of a trusted server operating environment. The method proposed in this paper is tested on the domestic autonomous controllable Sunway server, and the experimental results show that the method proposed in this paper is feasible.
2021-09-30
Mishra, Rohitshankar, Ahmad, Ishfaq, Sharma, Akshaya.  2020.  A Dynamic Multi-Threaded Queuing Mechanism for Reducing the Inter-Process Communication Latency on Multi-Core Chips. 2020 3rd International Conference on Data Intelligence and Security (ICDIS). :12–19.
Reducing latency in inter-process/inter-thread communication is one of the key challenges in parallel and distributed computing. This is because as the number of threads in an application increases, the communication overhead also increases. Moreover, the presence of background load further increases the latency. Reducing communication latency can have a significant impact on multi-threaded application performance in multi-core environments. In a wide-range of applications that utilize queueing mechanism, inter-process/ inter-thread communication typically involves enqueuing and dequeuing. This paper presents a queueing techniques called eLCRQ, which is a lock-free block-when-necessary multi-producer multi-consumer (MPMC) FIFO queue. It is designed for scenarios where the queue can randomly and frequently become empty during runtime. By combining lock-free performance with blocking resource efficiency, it delivers improved performance. Specifically, it results in a 1.7X reduction in latency and a 2.3X reduction in CPU usage when compared to existing message-passing mechanisms including PIPE and Sockets while running on multi-core Linux based systems. The proposed scheme also provides a 3.4X decrease in CPU usage while maintaining comparable latency when compared to other (MPMC) lock-free queues in low load scenarios. Our work is based on open-source Linux and support libraries.
2021-09-21
Vurdelja, Igor, Blažić, Ivan, Bojić, Dragan, Drašković, Dražen.  2020.  A framework for automated dynamic malware analysis for Linux. 2020 28th Telecommunications Forum (℡FOR). :1–4.
Development of malware protection tools requires a more advanced test environment comparing to safe software. This kind of development includes a safe execution of many malware samples in order to evaluate the protective power of the tool. The host machine needs to be protected from the harmful effects of malware samples and provide a realistic simulation of the execution environment. In this paper, a framework for automated malware analysis on Linux is presented. Different types of malware analysis methods are discussed, as well as the properties of a good framework for dynamic malware analysis.
2021-09-07
Zebari, Rizgar R., Zeebaree, Subhi R. M., Sallow, Amira Bibo, Shukur, Hanan M., Ahmad, Omar M., Jacksi, Karwan.  2020.  Distributed Denial of Service Attack Mitigation Using High Availability Proxy and Network Load Balancing. 2020 International Conference on Advanced Science and Engineering (ICOASE). :174–179.
Nowadays, cybersecurity threat is a big challenge to all organizations that present their services over the Internet. Distributed Denial of Service (DDoS) attack is the most effective and used attack and seriously affects the quality of service of each E-organization. Hence, mitigation this type of attack is considered a persistent need. In this paper, we used Network Load Balancing (NLB) and High Availability Proxy (HAProxy) as mitigation techniques. The NLB is used in the Windows platform and HAProxy in the Linux platform. Moreover, Internet Information Service (IIS) 10.0 is implemented on Windows server 2016 and Apache 2 on Linux Ubuntu 16.04 as web servers. We evaluated each load balancer efficiency in mitigating synchronize (SYN) DDoS attack on each platform separately. The evaluation process is accomplished in a real network and average response time and average CPU are utilized as metrics. The results illustrated that the NLB in the Windows platform achieved better performance in mitigation SYN DDOS compared to HAProxy in the Linux platform. Whereas, the average response time of the Window webservers is reduced with NLB. However, the impact of the SYN DDoS on the average CPU usage of the IIS 10.0 webservers was more than those of the Apache 2 webservers.