As IoT devices are being widely used, malicious code is increasingly appearing in Linux environments. Sophisticated Linux malware employs various evasive techniques to deter analysis. The embedded ...trace microcell (ETM) supported by modern Arm CPUs is a suitable hardware tracer for analyzing evasive malware because it is almost artifact-free and has negligible overhead. In this paper, we present an efficient method to automatically find debugger-detection routines using the ETM hardware tracer. The proposed scheme reconstructs the execution flow of the compiled binary code from ETM trace data. In addition, it automatically identifies and patches the debugger-detection routine by comparing two traces (with and without the debugger). The proposed method was implemented using the Ghidra plug-in program, which is one of the most widely used disassemblers. To verify its effectiveness, 15 debugger-detection techniques were investigated in the Arm-Linux environment to determine whether they could be detected. We also confirmed that our implementation works successfully for the popular malicious Mirai malware in Linux. Experiments were further conducted on 423 malware samples collected from the Internet, demonstrating that our implementation works well for real malware samples.
Creating new materials, discovering new drugs, and simulating systems are essential processes for research and innovation and require substantial computational power. While many applications can be ...split into many smaller independent tasks, some cannot and may take hours or weeks to run to completion. To better manage those longer-running jobs, it would be desirable to stop them at any arbitrary point in time and later continue their computation on another compute resource; this is usually referred to as checkpointing. While some applications can manage checkpointing programmatically, it would be preferable if the batch scheduling system could do that independently. This paper evaluates the feasibility of using CRIU (Checkpoint Restore in Userspace), an open-source tool for the GNU/Linux environments, emphasizing the OSG’s OSPool HTCondor setup. CRIU allows checkpointing the process state into a disk image and can deal with both open files and established network connections seamlessly. Furthermore, it can checkpoint traditional Linux processes and containerized workloads. The functionality seems adequate for many scenarios supported in the OSPool. However, some limitations prevent it from being usable in all circumstances.
Upstream bug management in Linux distributions Lin, Jiahuei; Zhang, Haoxiang; Adams, Bram ...
Empirical software engineering : an international journal,
12/2022, Letnik:
27, Številka:
6
Journal Article
Recenzirano
A Linux distribution consists of thousands of packages that are either developed by in-house developers (in-house packages) or by external projects (upstream packages). Leveraging upstream packages ...speeds up development and improves productivity, yet bugs might slip through into the packaged code and end up propagating into downstream Linux distributions. Maintainers, who integrate upstream projects into their distribution, typically lack the expertise of the upstream projects. Hence, they could try either to propagate the bug report upstream and wait for a fix, or fix the bug locally and maintain the fix until it is incorporated upstream. Both of these outcomes come at a cost, yet, to the best of our knowledge, no prior work has conducted an in-depth analysis of upstream bug management in the Linux ecosystem. Hence, this paper empirically studies how high-severity bugs are fixed in upstream packages for two Linux distributions, i.e., Debian and Fedora. Our results show that 13.9% of the upstream package bugs are explicitly reported being fixed by upstream, and 13.3% being fixed by the distribution, while the vast majority of bugs do not have explicit information about this in Debian. When focusing on the 27.2% with explicit information, our results also indicate that upstream fixed bugs make users wait for a longer time to get fixes and require more additional information compared to fixing upstream bugs locally by the distribution. Finally, we observe that the number of bug comment links to reference information (e.g., design docs, bug reports) of the distribution itself and the similarity score between upstream and distribution bug reports are important factors for the likelihood of a bug being fixed upstream. Our findings strengthen the need for traceability tools on bug fixes of upstream packages between upstream and distributions in order to find upstream fixes easier and lower the cost of upstream bug management locally.
PIVO (programerjevo interaktivno vadbeno okolje) je sistem za interaktivni studij algoritmičnega razmišljanja in programiranja, razvit na Fakulteti za elektrotehniko Univerze v Ljubljani. Uporabljamo ...ga za spodbujanje samostojnega studija pri predmetih, kjer se poučuje programiranje, primeren paje tudi za izvajanje izpitov in tekmovanj. Studentje v sistemu prevzamejo nalogo, rešitev zanjo razvijejo v svojem okolju, na streznik pa oddajo zaključeno izvorno kodo. Uporabnikova koda se na centralnem strezniku prevede, zazene in preizkusi. Oddana izvorna koda je pogosto nepopolna in potencialno škodljiva za neprekinjeno delovanje streznika. V članku podrobno opisujemo načine za varen zagon nepreverjene kode, ki temeljijo na varnostnih mehanizmih jedra operačijskega sistema Linux. Z uporabo teh mehanizmov lahko streznik varno in hitro souporablja več uporabnikov. Sistem PIVO so študentje dobro sprejeli, pozitivni učinki pri studiju pa so bili merljivi ze po prvih semestrih uporabe.
CERN has been providing central Windows remote desktops via the Windows Terminal Infrastructure service for several years and aims to provide a similar experience for Linux graphical environments. ...Different communities and experiments offer a series of tools to their users with this goal in mind, but the solutions are far from ideal and generate a support overhead for their respective providers. The Linux Applications Gateway project (LAG) was born to provide this functionality centrally from the IT department. After an extensive market research, the tool FastX was identified as an enabler, and to set up a closed, internal pilot for evaluation. These efforts led to the creation of the Remote Operations Gateway (ROG) service with a high approval rate. We aim to further extend the usage of FastX at CERN, reaching out to other communities and experiments, and to provide a better support coverage for them all.
The approach for fast application relaunching on the current Android system is to cache background applications in memory. This mechanism is limited by the available memory size. In addition, the ...application state may not be easily recovered. We propose a prototype system, MARS, to enable page swapping and cache more applications. MARS can speed up the application relaunching and restore the application state. As a new page swapping design for optimizing application relaunching, MARS isolates Android runtime Garbage Collection (GC) from page swapping for compatibility and employs several flash-aware techniques for swap-in speedup. Two main components of MARS are page slot allocation and read/write control. Page slot allocation reorganizes page slots in swap area to produce sequential reads and improve the performance of swap-in. Read/Write control addresses the read/write interference issue by reducing concurrent and extra internal writes. Compared to the conventional Linux page swapping, these two components can scale up the read bandwidth up to about 3.8 times. Application tests on a Google Nexus 4 phone show that MARS reduces the launching time of applications by 50 Formula Omitted 80 percent. The modified page swapping mechanism can outperform the conventional Linux page swapping up to four times.
Cloud-based Radio Access Network (Cloud-RAN) leverages virtualization to enable the coexistence of multiple virtual Base Band Units (vBBUs) with collocated workloads on a single edge computer, aiming ...for economic and operational efficiency. However, this coexistence can cause performance degradation in vBBUs due to resource contention. In this paper, we conduct an empirical analysis of vBBU performance on a Linux RT-Kernel, highlighting the impact of resource sharing with user-space tasks and Kernel threads. Furthermore, we evaluate CPU management strategies such as CPU affinity and CPU isolation as potential solutions to these performance challenges. Our results highlight that the implementation of CPU affinity can significantly reduce throughput variability by up to 40%, decrease vBBU's NACK ratios, and reduce vBBU scheduling latency within the Linux RT-Kernel. Collectively, these findings underscore the potential of CPU management strategies to enhance vBBU performance in Cloud-RAN environments, enabling more efficient and stable network operations. The paper concludes with a discussion on the efficient realization of Cloud-RAN, elucidating the benefits of implementing proposed CPU affinity allocations. The demonstrated enhancements, including reduced scheduling latency and improved end-to-end throughput, affirm the practicality and efficacy of the proposed strategies for optimizing Cloud-RAN deployments.
There's a lot to be said for going back to basics. Not only does this Bible give you a quick refresher on the structure of open-source Linux software, it also shows you how to bypass the hefty ...graphical user interface on Linux systems and start interacting the fast and efficient way?with command lines and automated scripts. You'll learn how to manage files on the filesystem, start and stop programs, use databases, even do Web programming?without a GUI?with this one-stop resource.