Address Space Layout Randomization Comparative Analysis on Windows 10 and Ubuntu 18.04 LTS

Memory management is one of the main tasks of an Operating System, where the data of each process running in the system is kept. In this context, there exist several types of attacks that exploit memory-related vulnerabilities, forcing Operating Systems to feature memory protection techniques that make difficult to exploit them. One of these techniques is ASLR, whose function is to introduce randomness into the virtual address space of a process. The goal of this work was to measure, analyze and compare the behavior of ASLR on the 64-bit versions of Windows 10 and Ubuntu 18.04 LTS. The results have shown that the implementation of ASLR has improved significantly on these two Operating Systems compared to previous versions. However, there are aspects, such as partial correlations or a frequency distribution that is not always uniform, so it can still be improved.

Software Platform for Supercomputer Modeling of Aerothermodynamics Problems

Numerical solution of aerothermodynamics problems requires a lot of processor time, and for this reason, the numerical codes for such simulations must be efficiently parallelized. This paper presents a software platform based on a technological approach that greatly simplifies the parallelization of problems with unstructured grids. The paper formulates the principle of a unified mathematical address space of the problem for all used cluster nodes. The formalization of the presented technological approach and the implementation of its software basis in the form of data structures, exchange routines and work rules form a software platform on the basis of which parallel computational programs can be built. This approach is implemented and tested for the problem of modeling the characteristics of aircrafts, but it can be applied to other problems using unstructured grids with one-dimensional cell numbering. In this case, the physical and mathematical specifics of the problem are not important. Parallelization of the code with the new approach is carried out with minimal effort, without changing the main parts of the program. As a result, a single computational code can be created for all regimes — sequential, multi-threaded, and cluster. The performance results obtained with the new code confirm the good scalability of the parallelization method.

Scalable Balanced Pipelined IPv6 Lookup Algorithm

One of the most critical router’s functions is the IP lookup. For each incoming IP packet, IP lookup determines the output port to which the packet should be forwarded. IPv6 addresses are envisioned to replace IPv4 addresses because the IPv4 address space is exhausted. Therefore, modern IP routers need to support IPv6 lookup. Most of the existing IP lookup algorithms are adjusted for the IPv4 lookup, but not for the IPv6 lookup. Scalability represents the main problem in the existing IP lookup algorithms because the IPv6 address space is much larger than the IPv4 address space due to longer IPv6 addresses. In this paper, we propose a novel IPv6 lookup algorithm that supports very large IPv6 lookup tables and achieves high IP lookup throughput.

An Advanced Memory Introspection Technique to Detect Process Injection and Malwares of Varied Types in a Virtualized Environment

Today’s advanced malware can easily avoid detection by adopting several evasion strategies. Process injection is one such strategy to evade detection from security products since the execution is masked under a legitimate process. Malicious activities are often enforced by injecting malicious code into running processes, which is often undetectable by traditional antimalware techniques. Various process injection techniques are employed by malware to gain more stealth and to bypass security tools/products. Our main focus in this research work is to propose an entirely out-of-VM approach based on advanced memory introspection to detect process injection of varied types in a virtualized environment. We have implemented a plugin using the open-source Volatility tool and successfully tested it on live VMs and malware-infected memory images. Experimental results show that our model classifies injected memory regions with high accuracy and completeness and has more true positives and fewer false positives when compared to other existing systems/solutions. Our proposed detection approach assures precise and reliable results and exactly pinpoint injected memory regions. Our proposed system detects an actual malicious memory region in the virtual address space of an infected process. Our proposed system detects more malware families and dominates the other approaches in all evaluation metrics.

An Advanced Memory Introspection Technique to Detect Process Injection and Malwares of Varied Types in a Virtualized Environment

Today’s advanced malware can easily avoid detection by adopting several evasion strategies. Process injection is one such strategy to evade detection from security products since the execution is masked under a legitimate process. Malicious activities are often enforced by injecting malicious code into running processes, which is often undetectable by traditional antimalware techniques. Various process injection techniques are employed by malware to gain more stealth and to bypass security tools/products. Our main focus in this research work is to propose an entirely out-of-VM approach based on advanced memory introspection to detect process injection of varied types in a virtualized environment. We have implemented a plugin using the open-source Volatility tool and successfully tested it on live VMs and malware-infected memory images. Experimental results show that our model classifies injected memory regions with high accuracy and completeness and has more true positives and fewer false positives when compared to other existing systems/solutions. Our proposed detection approach assures precise and reliable results and exactly pinpoint injected memory regions. Our proposed system detects an actual malicious memory region in the virtual address space of an infected process. Our proposed system detects more malware families and dominates the other approaches in all evaluation metrics.

Processor performance metrics analysis and implementation for MIPS using an open source OS

<p><span>Processor efficiency is a important in embedded system. The efficiency of the processor depends on the L1 cache and translation lookaside buffer (TLB). It is required to understand the L1 cache and TLB performances during varied load for the execution on the processor and hence studies the performance of the varing load and its performance with caches with MIPS and operating system (OS) are studied in this paper. The proposed methods of implementation in the paper considers the counting of the instruction exxecution for respective cache and TLB management and the events are measured using a dedicated counters in software. The software counters are used as there are limitation to hardware counters in the MIPS32. Twenty-seven metrics are considered for analysis and proper identification and implemented for the performance measurement of L1 cache and TLB on the MIPS32 processor. The generated data helps in future research in compiler tuning, memory management design for OS, analysing architectural issues, system benchmarking, scalability, address space analysis, studies of bus communication among processor and its workload sharing characterisation and kernel profiling.</span></p>

SmartIO

The large variety of compute-heavy and data-driven applications accelerate the need for a distributed I/O solution that enables cost-effective scaling of resources between networked hosts. For example, in a cluster system, different machines may have various devices available at different times, but moving workloads to remote units over the network is often costly and introduces large overheads compared to accessing local resources. To facilitate I/O disaggregation and device sharing among hosts connected using Peripheral Component Interconnect Express (PCIe) non-transparent bridges, we present SmartIO. NVMes, GPUs, network adapters, or any other standard PCIe device may be borrowed and accessed directly, as if they were local to the remote machines. We provide capabilities beyond existing disaggregation solutions by combining traditional I/O with distributed shared-memory functionality, allowing devices to become part of the same global address space as cluster applications. Software is entirely removed from the data path, and simultaneous sharing of a device among application processes running on remote hosts is enabled. Our experimental results show that I/O devices can be shared with remote hosts, achieving native PCIe performance. Thus, compared to existing device distribution mechanisms, SmartIO provides more efficient, low-cost resource sharing, increasing the overall system performance.

DEVELOPMENT OF A MICROPROCESSOR CONTROLLER FOR MEASURING THE LINEAR MOVEMENT OF MOVING BODIES OF VIBRATION EXECUTIVE MECHANISMS

Control and measuring equipment is one of the first places in terms of breadth and efficiency of MP-tools. The microprocessor device (MPP) built into the measuring device expands its possibilities, adds new qualities for vibrating machines. Such a device is called programmable (PrVP); WFP can perform the following functions: - control (issuance of control information to all components of the device, reconfiguration of the structure of the device in case of failures of individual units, the formation of control signals to display information, switching different control algorithms); - control of efficiency, reliability of results, diagnostics and localization of malfunctions; - digital information processing (calibration of the device, calculation of errors, determination of minimum and maximum values of parameters, enumeration of parameters, calculation of instantaneous power and signal energy, linearization, information compression, approximation, scaling, normalization, correction, calculation of tolerances, average values, logs , exponentiation, root extraction, transformation of a form from a fixed comma into a floating form and back); - organization of communication with the human operator (exemption from routine operations, such as adjustment, calculation of deviations, etc.; presentation of information in a convenient and accessible for human view form; software support for a functional keyboard that replaces individual control knobs; ensuring the choice of conflict-free position of switches in devices with difficult control); - connection with the system and other devices (implementation of various interface functions, conversion of data formats, adaptation to various input signals). To perform these functions requires the development of an appropriate structure and software MPU. You can implement the following structures for vibrating machines: - universal micro-computer with standard or special programming system; the units of the measuring instrument are connected as external devices - using the address space allocated for external devices; - micro-computers with limited capabilities (for example, limited address space - part of the address bus is given to the addresses of the units of the measuring instrument, while the capacity of RAM is reduced); - special purpose - on the basis of programmable LSI or sectional MP-sets with special software or firmware. The structure of the first type is expedient at development of difficult multipurpose measuring means. The second has fewer features, but requires less hardware, it is useful when building measuring instruments with a small number of blocks and measuring functions. The structure of the third type is aimed at the optimal solution of the measurement problem, requires software development (command systems, microcommands).

Portable Node-Level Parallelism for the PGAS Model

The Partitioned Global Address Space (PGAS) programming model brings intuitive shared memory semantics to distributed memory systems. Even with an abstract and unifying virtual global address space it is, however, challenging to use the full potential of different systems. Without explicit support by the implementation node-local operations have to be optimized manually for each architecture. A goal of this work is to offer a user-friendly programming model that provides portable performance across systems. In this paper we present an approach to integrate node-level programming abstractions with the PGAS programming model. We describe the hierarchical data distribution with local patterns and our implementation, MEPHISTO, in C++ using two existing projects. The evaluation of MEPHISTO shows that our approach achieves portable performance while requiring only minimal changes to port it from a CPU-based system to a GPU-based one using a CUDA or HIP back-end.