Abstract As IoT devices are being widely used, malicious code is increasingly appearing in Linux environments. Sophisticated Linux malware employs various evasive techniques to deter analysis. The ...embedded trace microcell (ETM) supported by modern Arm CPUs is a suitable hardware tracer for analyzing evasive malware because it is almost artifact-free and has negligible overhead. In this paper, we present an efficient method to automatically find debugger-detection routines using the ETM hardware tracer. The proposed scheme reconstructs the execution flow of the compiled binary code from ETM trace data. In addition, it automatically identifies and patches the debugger-detection routine by comparing two traces (with and without the debugger). The proposed method was implemented using the Ghidra plug-in program, which is one of the most widely used disassemblers. To verify its effectiveness, 15 debugger-detection techniques were investigated in the Arm-Linux environment to determine whether they could be detected. We also confirmed that our implementation works successfully for the popular malicious Mirai malware in Linux. Experiments were further conducted on 423 malware samples collected from the Internet, demonstrating that our implementation works well for real malware samples.
Creating new materials, discovering new drugs, and simulating systems are essential processes for research and innovation and require substantial computational power. While many applications can be ...split into many smaller independent tasks, some cannot and may take hours or weeks to run to completion. To better manage those longer-running jobs, it would be desirable to stop them at any arbitrary point in time and later continue their computation on another compute resource; this is usually referred to as checkpointing. While some applications can manage checkpointing programmatically, it would be preferable if the batch scheduling system could do that independently. This paper evaluates the feasibility of using CRIU (Checkpoint Restore in Userspace), an open-source tool for the GNU/Linux environments, emphasizing the OSG’s OSPool HTCondor setup. CRIU allows checkpointing the process state into a disk image and can deal with both open files and established network connections seamlessly. Furthermore, it can checkpoint traditional Linux processes and containerized workloads. The functionality seems adequate for many scenarios supported in the OSPool. However, some limitations prevent it from being usable in all circumstances.
Master the art of developing customized device drivers for your embedded Linux systemsKey Features• Stay up to date with the Linux PCI, ASoC, and V4L2 subsystems and write device drivers for them• ...Get to grips with the Linux kernel power management infrastructure• Adopt a practical approach to customizing your Linux environment using best practicesBook DescriptionLinux is one of the fastest-growing operating systems around the world, and in the last few years, the Linux kernel has evolved significantly to support a wide variety of embedded devices with its improved subsystems and a range of new features. With this book, you'll find out how you can enhance your skills to write custom device drivers for your Linux operating system.Mastering Linux Device Driver Development provides complete coverage of kernel topics, including video and audio frameworks, that usually go unaddressed. You'll work with some of the most complex and impactful Linux kernel frameworks, such as PCI, ALSA for SoC, and Video4Linux2, and discover expert tips and best practices along the way. In addition to this, you'll understand how to make the most of frameworks such as NVMEM and Watchdog. Once you've got to grips with Linux kernel helpers, you'll advance to working with special device types such as Multi-Function Devices (MFD) followed by video and audio device drivers.By the end of this book, you'll be able to write feature-rich device drivers and integrate them with some of the most complex Linux kernel frameworks, including V4L2 and ALSA for SoC.What you will learn• Explore and adopt Linux kernel helpers for locking, work deferral, and interrupt management• Understand the Regmap subsystem to manage memory accesses and work with the IRQ subsystem• Get to grips with the PCI subsystem and write reliable drivers for PCI devices• Write full multimedia device drivers using ALSA SoC and the V4L2 framework• Build power-aware device drivers using the kernel power management framework• Find out how to get the most out of miscellaneous kernel subsystems such as NVMEM and WatchdogWho this book is forThis book is for embedded developers, Linux system engineers, and system programmers who want to explore Linux kernel frameworks and subsystems. C programming skills and a basic understanding of driver development are necessary to get started with this book.
Upstream bug management in Linux distributions Lin, Jiahuei; Zhang, Haoxiang; Adams, Bram ...
Empirical software engineering : an international journal,
12/2022, Letnik:
27, Številka:
6
Journal Article
Recenzirano
A Linux distribution consists of thousands of packages that are either developed by in-house developers (in-house packages) or by external projects (upstream packages). Leveraging upstream packages ...speeds up development and improves productivity, yet bugs might slip through into the packaged code and end up propagating into downstream Linux distributions. Maintainers, who integrate upstream projects into their distribution, typically lack the expertise of the upstream projects. Hence, they could try either to propagate the bug report upstream and wait for a fix, or fix the bug locally and maintain the fix until it is incorporated upstream. Both of these outcomes come at a cost, yet, to the best of our knowledge, no prior work has conducted an in-depth analysis of upstream bug management in the Linux ecosystem. Hence, this paper empirically studies how high-severity bugs are fixed in upstream packages for two Linux distributions, i.e., Debian and Fedora. Our results show that 13.9% of the upstream package bugs are explicitly reported being fixed by upstream, and 13.3% being fixed by the distribution, while the vast majority of bugs do not have explicit information about this in Debian. When focusing on the 27.2% with explicit information, our results also indicate that upstream fixed bugs make users wait for a longer time to get fixes and require more additional information compared to fixing upstream bugs locally by the distribution. Finally, we observe that the number of bug comment links to reference information (e.g., design docs, bug reports) of the distribution itself and the similarity score between upstream and distribution bug reports are important factors for the likelihood of a bug being fixed upstream. Our findings strengthen the need for traceability tools on bug fixes of upstream packages between upstream and distributions in order to find upstream fixes easier and lower the cost of upstream bug management locally.
PIVO (programerjevo interaktivno vadbeno okolje) je sistem za interaktivni studij algoritmičnega razmišljanja in programiranja, razvit na Fakulteti za elektrotehniko Univerze v Ljubljani. Uporabljamo ...ga za spodbujanje samostojnega studija pri predmetih, kjer se poučuje programiranje, primeren paje tudi za izvajanje izpitov in tekmovanj. Studentje v sistemu prevzamejo nalogo, rešitev zanjo razvijejo v svojem okolju, na streznik pa oddajo zaključeno izvorno kodo. Uporabnikova koda se na centralnem strezniku prevede, zazene in preizkusi. Oddana izvorna koda je pogosto nepopolna in potencialno škodljiva za neprekinjeno delovanje streznika. V članku podrobno opisujemo načine za varen zagon nepreverjene kode, ki temeljijo na varnostnih mehanizmih jedra operačijskega sistema Linux. Z uporabo teh mehanizmov lahko streznik varno in hitro souporablja več uporabnikov. Sistem PIVO so študentje dobro sprejeli, pozitivni učinki pri studiju pa so bili merljivi ze po prvih semestrih uporabe.
The Linux kernel is regularly updated to enhance security, improve performance, and introduce new functionalities. Traditional updating methods typically require rebooting, leading to service ...disruptions and potential data loss. Live-patching technology dynamically updates the kernel modules without rebooting, ensuring continuous service availability. However, this technique has its drawbacks. Since live-patching alters the original structure of data types, it can no longer utilize base offsets to access the members, imposing considerable overheads.
This paper proposes LPAH (Live Patching with Alignment Holes), a live patching system that leverages the fragmented space generated by compile-time alignment for data types, to enable effective live patching updates for security vulnerability fixes, feature enhancements, and user-defined patching tasks. LPAH capitalizes on the relationship between these alignment holes and data objects. This approach ensures efficient access to extended data members while preserving the original data's integrity. This approach allows other functions to remain unaffected by updates and replacements through explicit type casts. Extensive experimental results show that LPAH offers valid and robust live patching for multiple real vulnerabilities in the Linux kernel, without degrading performance. Our method provides an efficient way to install security patches in the Linux kernel, and thus reenforces kernel security.
CERN has been providing central Windows remote desktops via the Windows Terminal Infrastructure service for several years and aims to provide a similar experience for Linux graphical environments. ...Different communities and experiments offer a series of tools to their users with this goal in mind, but the solutions are far from ideal and generate a support overhead for their respective providers. The Linux Applications Gateway project (LAG) was born to provide this functionality centrally from the IT department. After an extensive market research, the tool FastX was identified as an enabler, and to set up a closed, internal pilot for evaluation. These efforts led to the creation of the Remote Operations Gateway (ROG) service with a high approval rate. We aim to further extend the usage of FastX at CERN, reaching out to other communities and experiments, and to provide a better support coverage for them all.
Containers emerged as a lightweight alternative to virtual machines (VMs) that offer better microservice architecture support. The value of the container market is expected to reach 2.7 billion in ...2020 as compared to 762 million in 2016. Although they are considered the standardized method for microservices deployment, playing an important role in cloud computing emerging fields such as service meshes, market surveys show that container security is the main concern and adoption barrier for many companies. In this paper, we survey the literature on container security and solutions. We have derived four generalized use cases that should cover security requirements within the host-container threat landscape. The use cases include: (I) protecting a container from applications inside it, (II) inter-container protection, (III) protecting the host from containers, and (IV) protecting containers from a malicious or semi-honest host. We found that the first three use cases utilize a software-based solutions that mainly rely on Linux kernel features (e.g., namespaces, CGroups, capabilities, and seccomp) and Linux security modules (e.g., AppArmor). The last use case relies on hardware-based solutions such as trusted platform modules (TPMs) and trusted platform support (e.g., Intel SGX). We hope that our analysis will help researchers understand container security requirements and obtain a clearer picture of possible vulnerabilities and attacks. Finally, we highlight open research problems and future research directions that may spawn further research in this area.
The approach for fast application relaunching on the current Android system is to cache background applications in memory. This mechanism is limited by the available memory size. In addition, the ...application state may not be easily recovered. We propose a prototype system, MARS, to enable page swapping and cache more applications. MARS can speed up the application relaunching and restore the application state. As a new page swapping design for optimizing application relaunching, MARS isolates Android runtime Garbage Collection (GC) from page swapping for compatibility and employs several flash-aware techniques for swap-in speedup. Two main components of MARS are page slot allocation and read/write control. Page slot allocation reorganizes page slots in swap area to produce sequential reads and improve the performance of swap-in. Read/Write control addresses the read/write interference issue by reducing concurrent and extra internal writes. Compared to the conventional Linux page swapping, these two components can scale up the read bandwidth up to about 3.8 times. Application tests on a Google Nexus 4 phone show that MARS reduces the launching time of applications by 50 Formula Omitted 80 percent. The modified page swapping mechanism can outperform the conventional Linux page swapping up to four times.
PDF
