With the commercialization of 5G mobile phones, Android drivers are increasing rapidly to utilize a large quantity of newly emerging feature-rich hardware. Most of these drivers are developed by third-party vendors and lack proper vulnerabilities review, posing a number of new potential risks to security and privacy. However, the complexity and diversity of Android drivers make the traditional analysis methods inefficient. For example, the driver-specific argument formats make traditional syscall fuzzers difficult to generate valid inputs, the pointer-heavy code makes static analysis results incomplete, and pointer casting hides the actual type. Triggering code deep in Android drivers remains challenging. We present CoLaFUZE, a coverage-guided and layout-aware fuzzing tool for automatically generating valid inputs and exploring the driver code. CoLaFUZE employs a kernel module to capture the data copy operation and redirect it to the fuzzing engine, ensuring that the correct size of the required data is transferred to the driver. CoLaFUZE leverages dynamic analysis and symbolic execution to recover the driver interfaces and generates valid inputs for the interfaces. Furthermore, the seed mutation module of CoLaFUZE leverages coverage information to achieve better seed quality and expose bugs deep in the driver. We evaluate CoLaFUZE on 5 modern Android mobile phones from the top vendors, including Google, Xiaomi, Samsung, Sony, and Huawei. The results show that CoLaFUZE can explore more code coverage compared with the state-of-the-art fuzzer, and CoLaFUZE successfully found 11 vulnerabilities in the testing devices.

抄録全体を表示

With the availability of virtualization extension in mobile processors, e.g. ARM Cortex A-15, multiple virtual execution domains are efficiently supported in a mobile platform. Each execution domain requires high-performance graphics services for full-featured user interfaces such as smooth scrolling, background image blurring, and 3D images. However, graphics service is hard to be virtualized because multiple service components (e.g. ION and Fence) are involved. Moreover, the complexity of Graphical Processing Unit (GPU) device driver also makes harder virtualizing graphics service. In this paper, we propose a technique to virtualize the graphics architecture of Android mobile platform in KVM/ARM environment. The Android graphics architecture relies on underlying Linux kernel services such as the frame buffer memory allocator ION, the buffer synchronization service Fence, GPU device driver, and the display synchronization service VSync. These kernel services are provided as device files in Linux kernel. Our approach is to para-virtualize these device files based on a split device driver model. A major challenge is to translate guest-view of information into host-view of information, e.g. memory address translation, file descriptor management, and GPU Memory Management Unit (MMU) manipulation. The experimental results show that the proposed graphics virtualization technique achieved almost 84%-100% performance of native applications.

抄録全体を表示

This paper presents an application by using RT-Components for a real-time control system of humanoid robot HOAP-2. The conventional control system of HOAP-2 is based on the RTLinux. However, RTLinux cannot be applied to the OSs developed recently. Therefore, the control system of HOAP-2 based on the Linux real-time preempt have been developed using RT-Middleware. And the experimental result for real-time capability of the control system is presented.

抄録全体を表示

Single IP Address cluster offers a transparent view of a cluster of machines as if they were a single computer on the network. In such an environment, process migration can play a significant role for providing services seamlessly and for increasing sustainability. In this paper we propose a live migration mechanism which is capable of moving processes that maintain a massive amount of network connections, supporting both TCP and UDP sockets. Incoming packet loss during socket migration is prevented by exploiting the broadcast property of the Single IP Address cluster, while process live migration minimizes the execution freeze time during the actual migration of the process context. Performance evaluation on machines equipped with a 2.4GHz CPU and Gigabit Ethernet interconnect shows that migrating a process of 1GB image size and over 1000 established network connections results in less than 200ms process freeze time, rendering the transition fully transparent and responsive from the clients' point of view. The implementation is comprised entirely of a kernel module for Linux 2.6, without any changes to the existing kernel code.

抄録全体を表示

Modern file systems, such as ext4, btrfs, and XFS, are evolving and enable the introduction of new features to meet ever-changing demands and improve reliability. File system developers are struggling to eliminate all software bugs, but the operating system community points out that file systems are a hotbed of critical software bugs. This paper analyzes the code coverage of xfstests, a widely used suite of file system tests, on three major file systems (ext4, btrfs, and XFS). The coverage is 72.34%, and the uncovered code runs into 23,232 lines of code. To understand why the code coverage is low, the uncovered code is manually examined line by line. We identified three major causes, peculiar to file systems, that hinder higher coverage. First, covering all the features is difficult because each file system provides a wide variety of file-system specific features, and some features can be tested only on special storage devices. Second, covering all the execution paths is difficult because they depend on file system configurations and internal on-disk states. Finally, the code for maintaining backward-compatibility is executed only when a file system encounters old formats. Our findings will help file system developers improve the coverage of test suites and provide insights into fostering the development of new methodologies for testing file systems.

抄録全体を表示

A journaling file system is a file system that records information about pending updates to the file system before committing the updates. This mechanism raises the reliability of the system because it enables any inconsistencies to be repaired with minimal loss of data. Since there is a tradeoff between the overhead and reliability, ext3, a journaling file system commonly used by the Linux kernel, offers three journaling modes: speed-prioritized mode, reliability-prioritized mode, and intermediate mode. Unfortunately, in ext3, the journaling mode has to be set individually for each file system. Thus, the granularity of the journaling mode setting is very coarse. In addition, the journaling mode must be determined at the time of mounting the file system and cannot be changed without unmounting it. To resolve this problem, this paper proposes a new journaling file system named dajFS (per-directory adaptive journaling file system) that is able to set an appropriate journaling mode for each directory and to switch the journaling mode of a directory to another on the fly without unmounting the file system. Essentially, the journaling mode that is specified for a directory applies to all files that reside directly under that directory. By using dajFS, the user can determine and set a journaling mode for each directory on the basis of the importance of files under that directory. As a result, the user can enjoy moderate granularity with the journaling mode setting.

抄録全体を表示

In statistical analysis and data mining, change-point detection that identifies the change-points which are times when the probability distribution of time series changes has been used for various purposes, such as anomaly detections on network traffic and transaction data. However, computation cost of a conventional AR (Auto-Regression) model based approach is too high and infeasible for online. In this paper, an AR model based online change-point detection algorithm, called ChangeFinder, is implemented on an FPGA (Field Programmable Gate Array) based NIC (Network Interface Card). The proposed system computes the change-point score from time series data received from 10GbE (10Gbit Ethernet). More specifically, it computes the change-point score at the 10GbE NIC in advance of host applications. It can find change-points on single or multiple streams using a context memory. This paper aims to reduce the host workload and improve change-point detection performance by offloading ChangeFinder algorithm from host to the NIC. As evaluations, change-point detection in the FPGA NIC is compared with a baseline software implementation and those enhanced by two network optimization techniques using DPDK and Netfilter in terms of throughput. The result demonstrates 16.8x improvement in change-point detection throughput compared to the baseline software implementation. It is corresponding to the 10GbE line rate. Performance and area overheads when supporting multiple streams are also evaluated.

抄録全体を表示

Heap buffer overflow has been extensively studied for many years, but it remains a severe threat to software security. Previous solutions suffer from limitations in that: 1) Some methods need to modify the target programs; 2) Most methods could impose considerable performance overhead. In this paper, we present iCruiser, an efficient heap buffer overflow monitoring system that uses the multi-core technology. Our system is compatible with existing programs, and it can detect the heap buffer overflows concurrently. Compared with the latest heap protection systems, our approach can achieves stronger security guarantees. Experiments show that iCruiser can detect heap buffer overflow attacks effectively with a little performance overhead.

抄録全体を表示

TARZANは，リンク層抽象化手法を利用したFast Handovers for Mobile IPv6(FMIPv6)のオープンソフトウェアである．移動ノードが接続しているネットワークを切り替える際に生じる遅延やパケットロスは，通信に悪影響を及ぼす．FMIPv6はこの問題の最も有名な解決手法であり，多くの研究技術開発の礎となっている．しかし，FMIPv6の一般に無料で利用可能な実装が存在しないため，FMIPv6やこれを基にした研究の有効性を実環境で確認できていない．そこで，我々はTARZANを開発し無料で公開している．FMIPv6の各処理はリンク層情報の変化に連動して実装することで高速化できるが，リンク層情報の提供方法は規定されていない．また，リンク層情報はデバイス毎に保持されているため，デバイス毎にリンク層インターフェースを用意する必要があり非常に煩雑であった．そこで，リンク層抽象化手法を利用することで，リンク層と連携し高速に動作するFMIPv6をデバイスに依存しない形で実現できた．

抄録全体を表示

An operating system is an essential piece of software that manages hardware and software resources. Thus, attacks on an operating system kernel using kernel rootkits pose a particularly serious threat. Detecting an attack is difficult when the operating system kernel is infected with a kernel rootkit. For this reason, handling an attack will be delayed causing an increase in the amount of damage done to a computer system. In this paper, we propose Kernel Rootkits Guard (KRGuard), which is a new method to detect kernel rootkits that monitors branch records in the kernel space. Since many kernel rootkits make branches that differ from the usual branches in the kernel space, KRGuard can detect these differences by using the hardware features of commodity processors. Our evaluation shows that KRGuard can detect kernel rootkits that involve new branches in the system call handler processing with small overhead.

抄録全体を表示

Software-defined networking (SDN), with its decoupled control and data planes, offers greater flexibility compared to traditional networks, making it ideal for modern, dynamic network environments. This paper proposes a consistent, protocol-independent, and flexible flow configuration system within a 100Gbps reconfigurable match tables (RMT) pipeline enhancing the capability of the open-source NIC framework Corundum for SDN on Field-Programmable Gate Array (FPGA). Our prototype supports concurrent Write, Read, and Delete operations for exact, wildcard, and stateful matching, with a single thread in our server handling up to 719.42K, 751.88K, and 1.45M flows per second for Write, Read, and Delete operations, respectively, which is sufficient for production networks. Additionally, managing a single flow table requires less than 0.1% area overhead on the Xilinx AU200 platform, and each entry is handled in a single clock cycle without blocking the processing pipeline ensuring timely and consistent flow configurations. In conclusion, our prototype is highly scalable, resource-efficient, and efficient.

抄録全体を表示

Understanding how application programming interfaces (APIs) are used in a program plays an important role in malware analysis. This, however, has resulted in an endless battle between malware authors and malware analysts around the development of API [de]obfuscation techniques over the last few decades. Our goal in this paper is to show the limit of existing API de-obfuscation techniques. To do that, we first analyzed existing API [de]obfuscation techniques and clarified that an attack vector commonly exists in these techniques; then, we present Stealth Loader, which is a program loader to bypass all existing API de-obfuscation techniques. The core idea of Stealth Loader is to load a dynamic link library (DLL) and resolve its dependency without leaving any traces on memory to be detected. We demonstrated the effectiveness of Stealth Loader by analyzing a set of Windows executables and malware protected with Stealth Loader using major dynamic and static analysis tools. The results indicate that among other obfuscation tools, only Stealth Loader is able to successfully bypass all analysis tools.

抄録全体を表示

Coscheduling has been gained a resurgence of interest as an effective technique to enhance the performance of parallel applications in multi-programmed clusters. However, existing coscheduling schemes do not adequately handle priority boost conflicts, leading to significantly degraded performance. To address this problem, in our previous study, we devised a novel algorithm that reorders the scheduling sequence of conflicting processes based on the rescheduling latency of their correspondents in remote nodes. In this paper, we exhaustively explore the design issues and implementation details of our contention-aware coscheduling scheme over Myrinet-based cluster system. We also practically analyze the impact of various system parameters and job characteristics on the performance of all considered schemes on a heterogeneous Linux cluster using a generic coscheduling framework. The results show that our approach outperforms existing schemes (by up to 36.6% in avg. job response time), reducing both boost conflict ratio and overall message delay.

抄録全体を表示

Graphics processing units (GPUs) have become an attractive platform for general-purpose computing (GPGPU) in various domains. Making GPUs a time-multiplexing resource is a key to consolidating GPGPU applications (apps) in multi-tenant cloud platforms. However, advanced GPGPU apps pose a new challenge for consolidation. Such highly functional GPGPU apps, referred to as GPU eaters, can easily monopolize a shared GPU and starve collocated GPGPU apps. This paper presents GLoop, which is a software runtime that enables us to consolidate GPGPU apps including GPU eaters. GLoop offers an event-driven programming model, which allows GLoop-based apps to inherit the GPU eaters' high functionality while proportionally scheduling them on a shared GPU in an isolated manner. We implemented a prototype of GLoop and ported eight GPU eaters on it. The experimental results demonstrate that our prototype successfully schedules the consolidated GPGPU apps on the basis of its scheduling policy and isolates resources among them.

抄録全体を表示

Performance analysis and troubleshooting of cloud applications are challenging. In particular, identifying the root causes of performance problems is quite difficult. This is because profiling tools based on processor performance counters do not yet work well for an entire virtualized environment, which is the underlying infrastructure in cloud computing. In this work, we explore an approach for unified performance profiling of an entire virtualized environment by sampling only at the virtual machine monitor (VMM) level and applying common-time-based analysis across the entire virtualized environment from a VMM to all guests on a host machine. Our approach involves three parts, each with novel techniques: centralized data sampling at the VMM-level, generation of symbol maps for programs running in both guests and a VMM, and unified analysis of the entire virtualized environment with common time by the host-time-axis. We also describe the design of unified profiling for an entire virtual machine (VM) environment, and we actually implement a unified VM profiler based on hardware performance counters. Finally, our results demonstrate accurate profiling. In addition, we achieved a lower overhead than in a previous study as a result of having no additional context switches by the virtual interrupt injections into the guests during measurement.

抄録全体を表示

Continuation based C は、継続を基本とするCの下位言語である。この言語を用いて、既存のプログラムをより小さい単位に分解し再構成する手法に付いて考察する。

抄録全体を表示

Moving target defense (MTD) is a feasible idea for reducing the ratio of successful attacks by altering or diversifying the attributes or parameters of a protected system. As a result of applying MTD techniques to a system, an attacker would have more difficulties in launching attacks. Although several MTD techniques have been proposed for different types of attack, estimating the effectiveness of combining these MTDs remains a challenge. With the aim of setting up a method for evaluating MTDs, we first propose a model composed of two MTD diversification techniques to compare an attack success ratio between theoretical and experimental probability. To validate the proposed model, we conducted an experiment involving an actual attack and then analyzed how our MTD model can adequately estimate a binary-code injection attack. Results show that the rate of attack success is 100% when MTD diversification is not implemented, while the rate is reduced depending on how many variants can be diversified in a target system. Our method is an important first step toward establishing a method for evaluating MTDs, as well as predicting an MTD’s defensive abilities.

抄録全体を表示

Secure operating systems (secure OSes) are widely used to limit the damage caused by unauthorized access to Internet servers. However, writing a security policy based on the principle of least privilege for a secure OS is a challenge for an administrator. Considering that remote attackers can never attack a server before they establish connections to it, we propose a novel scheme that exploits phases to simplify security policy descriptions for Internet servers. In our scheme, the entire system has two execution phases: an initialization phase and a protocol processing phase. The initialization phase is defined as the phase before the server establishes connections to its clients, and the protocol processing phase is defined as the phase after it establishes connections. The key observation is that access control should be enforced by the secure OS only in the protocol processing phase to defend against remote attacks. Since remote attacks cannot be launched in the initialization phase, a secure OS is not required to enforce access control in this phase. Thus, we can omit the access-control policy in the initialization phase, which effectively reduces the number of policy rules. To prove the effectiveness of our scheme, we wrote security policies for three kinds of Internet servers (HTTP, SMTP, and POP servers). Our experimental results demonstrate that our scheme effectively reduces the number of descriptions; it eliminates 47.2%, 27.5%, and 24.0% of policy rules for HTTP, SMTP, and POP servers, respectively, compared with an existing SELinux policy that includes the initialization of the server.

抄録全体を表示

In many cases, we use the PC (Personal Computer) to control mechatronics system. RT_Linux, ART_Linux, μITRON, ...etc., Real time OS (Operating System) is used for control in a general way. However, typicai OS is Windows98 or Linux. We tried to control DC motor by using common OS and found that has enough ability. In this paper, we introduce the program to control PC hardware, and provide some experimental results that indicate performance of common OS.

抄録全体を表示

The current trend for high-performance distributed file systems is object-based architecture that uses local object storage to store the file data. The IO performance of such systems depends on the local object storage that manages the underlying low-level storage, such as Fusion IO ioDrive, a flash device connected through PCI express. It provides OpenNVM flash primitives, such as atomic batch write and sparse addressing. We designed an object storage using OpenNVM whose goal is to maximize IOPS/bandwidth performance. Using the sparse address space, it is possible to design object storage as an array of fixed-size regions. Using atomic batch write, the object storage supports the ACID properties in each write. Our prototype implementation achieves 740, 000 IOPS for object creations using 16 threads, which is 12 times better than DirectFS. The write performance achieves 97.7% of the physical peak performance on average.

抄録全体を表示