Biblio

While we cannot question the high performance capabilities of the kernel bypass approach in the network functions world, we recognize that the Linux kernel provides a rich ecosystem with an efficient resource management and an effective resource sharing ability that cannot be ignored. In this work we argue that by mixing kernel-bypass and in kernel processing can benefit applications and network function middleboxes. We leverage a high-performance user space TCP stack and recent additions to the Linux kernel to propose a hybrid approach (kernel-user space) to accelerate SDN/NFV deployments leveraging services of the reliable transport layer (i.e., stateful middleboxes, Layer 7 network functions and applications). Our results show that this approach enables highperformance, high CPU efficiency, and enhanced integration with the kernel ecosystem. We build our solution by extending mTCP which is the basis of some state-of-the-art L4-L7 NFV frameworks. By having more efficient CPU usage, NFV applications can have more CPU cycles available to run the network functions and applications logic. We show that for a CPU intense workload, mTCP/AF\_XDP can have up to 64% more throughput than the previous implementation. We also show that by receiving cooperation from the kernel, mTCP/AF\_XDP enables the creation of protection mechanisms for mTCP. We create a simulated DDoS attack and show that mTCP/AF\_XDP can maintain up to 287% more throughput than the unprotected system during the attack.

In this article, authors present the results of testing the modified HTB traffic control algorithm in an experimental setup. The algorithm is implemented as a Linux kernel module. An analysis of the experimental results revealed the effect of uneven packet loss in priority classes. In the second part of the article, the authors propose a solution to this problem by applying a distribution scheme for the excess of tokens, according to which excess class tokens are given to the leaf with the highest priority. The new modification of the algorithm was simulated in the AnyLogic environment. The results of an experimental study demonstrated that dividing the excess tokens of the parent class between daughter classes is less effective in terms of network performance than allocating the excess tokens to a high-priority class during the competition for tokens between classes. In general, a modification of the HTB algorithm that implements the proposed token surplus distribution scheme yields more consistent delay times for the high-priority class.

Much research is concentrated on improving models for host-based intrusion detection systems (HIDS). Typically, such research aims at improving a model's results (e.g., reducing the false positive rate) in the familiar static training/testing environment using the standard data sources. Matching advancements in the machine learning community, researchers in the syscall HIDS domain have developed many complex and powerful syscall-based models to serve as anomaly detectors. These models typically show an impressive level of accuracy while emphasizing on minimizing the false positive rate. However, with each proposed model iteration, we get further from the setting in which these models are intended to operate. As kernels become more ornate and hardened, the implementation space for anomaly detection models is narrowing. Furthermore, the rapid advancement of operating systems and the underlying complexity introduced dictate that the sometimes decades-old datasets have long been obsolete. In this paper, we attempt to bridge the gap between theoretical models and their intended application environments by examining the recent Linux kernel 5.7.0-rc1. In this setting, we examine the feasibility of syscall-based HIDS in modern operating systems and the constraints imposed on the HIDS developer. We discuss how recent advancements to the kernel have eliminated the previous syscall trace collect method of writing syscall table wrappers, and propose a new approach to generate data and place our detection model. Furthermore, we present the specific execution time and memory constraints that models must meet in order to be operable within their intended settings. Finally, we conclude with preliminary results from our model, which primarily show that in-kernel machine learning models are feasible, depending on their complexity.

Industrial Control Systems (ICS) have evolved in the last decade, shifting from proprietary software/hardware to contemporary embedded architectures paired with open-source operating systems. In contrast to the IT world, where continuous updates and patches are expected, decommissioning always-on ICS for security assessment can incur prohibitive costs to their owner. Thus, a solution for routinely assessing the cybersecurity posture of diverse ICS without affecting their operation is essential. Therefore, in this paper we introduce IFFSET, a platform that leverages full system emulation of Linux-based ICS firmware and utilizes fuzzing for security evaluation. Our platform extracts the file system and kernel information from a live ICS device, building an image which is emulated on a desktop system through QEMU. We employ fuzzing as a security assessment tool to analyze ICS specific libraries and find potential security threatening conditions. We test our platform with commercial PLCs, showcasing potential threats with no interruption to the control process.

Information security is everyone's concern. Computer systems are used to store sensitive data. Any weakness in their reliability and security makes them vulnerable. The Common Vulnerability Scoring System (CVSS) is a commonly used scoring system, which helps in knowing the severity of a software vulnerability. In this research, we show the effectiveness of common machine learning algorithms in predicting the computer operating systems security using the published vulnerability data in Common Vulnerabilities and Exposures and National Vulnerability Database repositories. The Random Forest algorithm has the best performance, compared to other algorithms, in predicting the computer operating system vulnerability severity levels based on precision, recall, and F-measure evaluation metrics. In addition, a predictive model was developed to predict whether a newly discovered computer operating system vulnerability would allow attackers to cause denial of service to the subject system.

As a problematic, this article discusses the construction of a trusted computing environment (TCE) based on the introduction of digital watermarks (DW) into the modules of the software product of a Unix-like operating / Linux system (Linux OS). One of the threats faced by an information security operator is the illegal use of a program or its components by unscrupulous competitors as part of "foreign" programs. Thus, we are talking about the joint use of the license key and the DW, which can act as a comprehensive solution for protecting the Linux OS. The above confirms the relevance of creating a methodology for building a trusted environment in Unix-like based on the implementation of a digital watermark. In this paper, the parameters of using the digital watermark, the admissible memory of Unix-like systems are considered.

In the last couple of years ARM-based servers have been gradually adopted by cloud service providers and utilized in the data centers. Such tendency may provide great business opportunities for various companies in the industry. Hence, the ability to timely track the development trend of the ARM-based server ecosystem (ASE) from technical perspective is of great importance. In this paper the level of development of the ASE is quantitatively assessed based on open-source data analysis. In particular, statistical data is extracted from 42 Linux kernels to analyze the development process of the ASE. Furthermore, an estimate of the development trend of the ASE in the next 10 years is made based on the statistical data. The estimated results provide insight on when the ASE may become as mature as today's x86-based server ecosystem.

Today, Linux is one of the main operating systems (OS) used both on desktop computers and various mobile devices. This OS is also widely applied in state and municipal structures, including law enforcement agencies and automated control systems used in the Armed Forces of the Russian Federation. It's worth noting that the process of replacing the Linux OS with domestic protected OSs that use the Linux kernel has now begun. In this regard, the analysis of threats to information security of the Linux OS is highly relevant. In this article, the authors discuss the security problems of Linux OS associated with unauthorized user privileges increase, as a result of which an attacker can gain full control over the OS. The approaches to differentiating user privileges in Linux are analyzed and their advantages and disadvantages are considered. As an example, the causes of the vulnerability CVE-2018-14665 were identified and measures to eliminate it were proposed.

The article is dedicated to covert channels of data communication in the protected operating system based on the Linux kernel with mandatory access control. The channel which is not intended by developers violates security policy and can lead to disclosure of confidential information. In this paper the covert storage channels are considered. Authors show opportunities to violate the secrecy policy in the protected operating system based on the Linux kernel experimentally. The first scenario uses time stamps of the last access to the files (“atime” stamp), the second scenario uses unreliable mechanism of the automatic login to the user session with another level of secrecy. Then, there are some recommendations to prevent these violations. The goal of this work is to analyze the methods of using covert channels, both previously known and new. The result of the article is recommendations allowing to eliminate security threats which can be embodied through covert channels.

This paper presents an analysis of Rabin-P encryption scheme on microprocessor platform in term of runtime and energy consumption. A microprocessor is one of the devices utilized in the Internet of Things (IoT) structure. Therefore, in this work, the microprocessor selected is the Raspberry Pi that is powered with a smaller version of the Linux operating system for embedded devices, the Raspbian OS. A comparative analysis is then conducted for Rabin-p and RSA-OAEP cryptosystem in the Raspberry Pi setup. A conclusion can be made that Rabin-p performs faster in comparison to the RSA-OAEP cryptosystem in the microprocessor platform. Rabin-p can improve decryption efficiency by using only one modular exponentiation while produces a unique message after the decryption process.

The goal of this work was to identify and try to solve some of the vulnerabilities present in the AR Drone 2.0 by Parrot. The approach was to identify how the system worked, find and analyze vulnerabilities and flaws in the system as a whole and in the software, and find solutions to those problems. Analyzing the results of some tests showed that the system has an open WiFi network and the communication between the controller and the drone are unencrypted. Analyzing the Linux operating system that the drone uses, we see that "Pairing Mode" is the only way the system protects itself from unauthorized control. This is a feature that can be easily bypassed. Port scans reveal that the system has all the ports for its services open and exposed. This makes it susceptible to attacks like DoS and takeover. This research also focuses on some of the software vulnerabilities, such as Busybox that the drone runs. Lastly, this paper discuses some of the possible methods that can be used to secure the drone. These methods include securing the messages via SSH Tunnel, closing unused ports, and re-implementing the software used by the drone and the controller.

Live Linux distribution devices can hold Linux operating system for portability. Using such devices and distributions, one can access system or critical files, which otherwise cannot be accessed by guest or any unauthorized user. Events like file leakage before the official announcement. These announcements can vary from mobile companies to software industries. Damages caused by such vulnerabilities can be data theft, data tampering, or permanent deletion of certain records. This study uncovers the security flaws of operating system against live device attacks. For this study, we used live devices with different Linux distributions. Target operating systems are exposed to live device attacks and their behavior is recorded against different Linux distribution. This study also compares the robustness level of different operating system against such attacks.