998 resultados para Component Isolation
Resumo:
The traditional means for isolating applications from each other is via the use of operating system provided “process” abstraction facilities. However, as applications now consist of multiple fine-grained components, the traditional process abstraction model is proving to be insufficient in ensuring this isolation. Statistics indicate that a high percentage of software failure occurs due to propagation of component failures. These observations are further bolstered by the attempts by modern Internet browser application developers, for example, to adopt multi-process architectures in order to increase robustness. Therefore, a fresh look at the available options for isolating program components is necessary and this paper provides an overview of previous and current research on the area.
Resumo:
Modern applications comprise multiple components, such as browser plug-ins, often of unknown provenance and quality. Statistics show that failure of such components accounts for a high percentage of software faults. Enabling isolation of such fine-grained components is therefore necessary to increase the robustness and resilience of security-critical and safety-critical computer systems. In this paper, we evaluate whether such fine-grained components can be sandboxed through the use of the hardware virtualization support available in modern Intel and AMD processors. We compare the performance and functionality of such an approach to two previous software based approaches. The results demonstrate that hardware isolation minimizes the difficulties encountered with software based approaches, while also reducing the size of the trusted computing base, thus increasing confidence in the solution's correctness. We also show that our relatively simple implementation has equivalent run-time performance, with overheads of less than 34%, does not require custom tool chains and provides enhanced functionality over software-only approaches, confirming that hardware virtualization technology is a viable mechanism for fine-grained component isolation.
Resumo:
Existing secure software development principles tend to focus on coding vulnerabilities, such as buffer or integer overflows, that apply to individual program statements, or issues associated with the run-time environment, such as component isolation. Here we instead consider software security from the perspective of potential information flow through a program’s object-oriented module structure. In particular, we define a set of quantifiable "security metrics" which allow programmers to quickly and easily assess the overall security of a given source code program or object-oriented design. Although measuring quality attributes of object-oriented programs for properties such as maintainability and performance has been well-covered in the literature, metrics which measure the quality of information security have received little attention. Moreover, existing securityrelevant metrics assess a system either at a very high level, i.e., the whole system, or at a fine level of granularity, i.e., with respect to individual statements. These approaches make it hard and expensive to recognise a secure system from an early stage of development. Instead, our security metrics are based on well-established compositional properties of object-oriented programs (i.e., data encapsulation, cohesion, coupling, composition, extensibility, inheritance and design size), combined with data flow analysis principles that trace potential information flow between high- and low-security system variables. We first define a set of metrics to assess the security quality of a given object-oriented system based on its design artifacts, allowing defects to be detected at an early stage of development. We then extend these metrics to produce a second set applicable to object-oriented program source code. The resulting metrics make it easy to compare the relative security of functionallyequivalent system designs or source code programs so that, for instance, the security of two different revisions of the same system can be compared directly. This capability is further used to study the impact of specific refactoring rules on system security more generally, at both the design and code levels. By measuring the relative security of various programs refactored using different rules, we thus provide guidelines for the safe application of refactoring steps to security-critical programs. Finally, to make it easy and efficient to measure a system design or program’s security, we have also developed a stand-alone software tool which automatically analyses and measures the security of UML designs and Java program code. The tool’s capabilities are demonstrated by applying it to a number of security-critical system designs and Java programs. Notably, the validity of the metrics is demonstrated empirically through measurements that confirm our expectation that program security typically improves as bugs are fixed, but worsens as new functionality is added.
Resumo:
Many software applications extend their functionality by dynamically loading executable components into their allocated address space. Such components, exemplified by browser plugins and other software add-ons, not only enable reusability, but also promote programming simplicity, as they reside in the same address space as their host application, supporting easy sharing of complex data structures and pointers. However, such components are also often of unknown provenance and quality and may be riddled with accidental bugs or, in some cases, deliberately malicious code. Statistics show that such component failures account for a high percentage of software crashes and vulnerabilities. Enabling isolation of such fine-grained components is therefore necessary to increase the stability, security and resilience of computer programs. This thesis addresses this issue by showing how host applications can create isolation domains for individual components, while preserving the benefits of a single address space, via a new architecture for software isolation called LibVM. Towards this end, we define a specification which outlines the functional requirements for LibVM, identify the conditions under which these functional requirements can be met, define an abstract Application Programming Interface (API) that encompasses the general problem of isolating shared libraries, thus separating policy from mechanism, and prove its practicality with two concrete implementations based on hardware virtualization and system call interpositioning, respectively. The results demonstrate that hardware isolation minimises the difficulties encountered with software based approaches, while also reducing the size of the trusted computing base, thus increasing confidence in the solution’s correctness. This thesis concludes that, not only is it feasible to create such isolation domains for individual components, but that it should also be a fundamental operating system supported abstraction, which would lead to more stable and secure applications.
Resumo:
Many software applications extend their functionality by dynamically loading libraries into their allocated address space. However, shared libraries are also often of unknown provenance and quality and may contain accidental bugs or, in some cases, deliberately malicious code. Most sandboxing techniques which address these issues require recompilation of the libraries using custom tool chains, require significant modifications to the libraries, do not retain the benefits of single address-space programming, do not completely isolate guest code, or incur substantial performance overheads. In this paper we present LibVM, a sandboxing architecture for isolating libraries within a host application without requiring any modifications to the shared libraries themselves, while still retaining the benefits of a single address space and also introducing a system call inter-positioning layer that allows complete arbitration over a shared library’s functionality. We show how to utilize contemporary hardware virtualization support towards this end with reasonable performance overheads and, in the absence of such hardware support, our model can also be implemented using a software-based mechanism. We ensure that our implementation conforms as closely as possible to existing shared library manipulation functions, minimizing the amount of effort needed to apply such isolation to existing programs. Our experimental results show that it is easy to gain immediate benefits in scenarios where the goal is to guard the host application against unintentional programming errors when using shared libraries, as well as in more complex scenarios, where a shared library is suspected of being actively hostile. In both cases, no changes are required to the shared libraries themselves.
Resumo:
The EfeM protein is a component of the putative EfeUOBM iron-transporter of Pseudomonas syringae pathovar syringae and is thought to act as a periplasmic, ferrous-iron binding protein. It contains a signal peptide of 34 amino acid residues and a C-terminal 'Peptidase_M75' domain of 251 residues. The C-terminal domain contains a highly conserved 'HXXE' motif thought to act as part of a divalent cation-binding site. In this work, the gene (efeM or 'Psyr_3370') encoding EfeM was cloned and over-expressed in Escherichia coli, and the mature protein was purified from the periplasm. Mass spectrometry confirmed the identity of the protein (M(W) 27,772Da). Circular dichroism spectroscopy of EfeM indicated a mainly alpha-helical structure, consistent with bioinformatic predictions. Purified EfeM was crystallised by hanging-drop vapor diffusion to give needle-shaped crystals that diffracted to a resolution of 1.6A. This is the first molecular study of a peptidase M75 domain with a presumed iron transport role.
Resumo:
The mechanisms of helicopter flight create a unique, high-vibration environment which can play havoc with the accurate operation of on-board sensors. Vibration isolation of electronic sensors from structural borne oscillations is paramount to their reliable and accurate use. Effective isolation is achieved by realising a trade-off between the properties of the suspended instrument package, and the isolation mechanism. This is made more difficult as the weight and size of the sensors and computing hardware decreases with advances in technology. This paper presents a history of the design, challenges, constraints and construction of an integrated isolated vision and sensor platform and landing gear for the CSIRO autonomous X-Cell helicopter. The results of isolation performance and in-flight tests of the platform in autonomous flight are presented.
Resumo:
A high-throughput method of isolating and cloning geminivirus genomes from dried plant material, by combining an Extract-n-Amp™-based DNA isolation technique with rolling circle amplification (RCA) of viral DNA, is presented. Using this method an attempt was made to isolate and clone full geminivirus genomes/genome components from 102 plant samples, including dried leaves stored at room temperature for between 6 months and 10 years, with an average hands-on-time to RCA-ready DNA of 15 min per 20 samples. While storage of dried leaves for up to 6 months did not appreciably decrease cloning success rates relative to those achieved with fresh samples, efficiency of the method decreased with increasing storage time. However, it was still possible to clone virus genomes from 47% of 10-year-old samples. To illustrate the utility of this simple method for high-throughput geminivirus diversity studies, six Maize streak virus genomes, an Abutilon mosaic virus DNA-B component and the DNA-A component of a previously unidentified New Word begomovirus species were fully sequenced. Genomic clones of the 69 other viruses were verified as such by end sequencing. This method should be extremely useful for the study of any circular DNA plant viruses with genome component lengths smaller than the maximum size amplifiable by RCA. © 2008 Elsevier B.V. All rights reserved.
Resumo:
The presence of a gonadotropin receptor binding inhibitor in pooled porcine follicular fluid has been demonstrated. Porcine follicular fluid fractionation on DE-32 at near neutral pH, followed by a cation exchange chromatography on SPC-50 and Cibacron blue affinity chromatography, yielded a partially purified gonadotropin receptor binding inhibitor (GI-4). The partially purified GI binding inhibitor inhibited the binding of both 125I labelled hFSH and hCG to rat ovarian receptor preparation. SDS electrophoresis of radioiodinated partially purified GI followed by autoradiography made it possible to identify the binding component as a protein of molecular weight of 80000. Subjecting 125I labelled GI-4 to chromatography on Sephadex G-100 helped obtain a homogeneous material, Gl-5. The 125I labelled GI-5 exhibited in its binding to ovarian membrane preparations characteristics typical of a ligand-receptor interaction such as saturability, sensitivity to reaction conditions as time, ligand and receptor concentrations and finally displaceability by unlabelled inhibitor as well as FSH and hCG in a dose dependent manner. This material could bind ovarian receptors for both FSH and LH, its binding being inhibited by added FSH or hCG in a dose dependent manner.
Resumo:
As-prepared graphene oxide (GO) contains oxidative debris which can be washed using basic solutions. We present the isolation and characterization of these debris. Dynamic light scattering (DLS) is used to monitor the separation of the debris in various solvents in the presence of different protic and aprotic alkylamino bases. The study reveals that the debris are rich in carbonyl functional groups and water is an essential component for separation and removal of the debris from GO under oxidative reaction conditions.
Resumo:
A biodegradable flocculant was produced during growth of Bacillus megaterium. The major component of the bioflocculant was found to be a polysaccharide composed of some proteins. Fourier transform infrared (FTIR) spectra analysis revealed the presence of carboxyl and hydroxyl groups in the bioflocculant, and thermal characterization by differential scanning calorimetly (DSC) showed the transition and crystalline melting point at 90-105 degrees C. The effects of bioflocculant dosage and pH on the flocculation of mineral suspensions were evaluated. The bioflocculant exhibited good flocculating capability on mineral suspensions and achieved flocculating efficiencies of 90 percent for k-aolinite and 85 percent for hematite suspensions at a dosage of only 5 mL/L. The maximum arsenite removal was found to be 90 percent at a bioflocculant dosage of 2 g/L, which is better than traditional chemicalflocculants. This study demonstrates that microbial bioflocculants have potential for application in environmental cleanup, such as in the flocculation of mineral fines and in the remediation of solutions that contain toxic heavy metals.
Resumo:
Optimal design of a power electronics module isolation substrate is assessed using a combination of finite element structural mechanics analysis and response surface optimisation technique. Primary failure modes in power electronics modules include the loss of structural integrity in the ceramic substrate materials due to stresses induced through thermal cycling. Analysis of the influence of ceramic substrate design parameters is undertaken using a design of experiments approach. Finite element analysis is used to determine the stress distribution for each design, and the results are used to construct a quadratic response surface function. A particle swarm optimisation algorithm is then used to determine the optimal substrate design. Analysis of response surface function gradients is used to perform sensitivity analysis and develop isolation substrate design rules. The influence of design uncertainties introduced through manufacturing tolerances is assessed using a Monte-Carlo algorithm, resulting in a stress distribution histogram. The probability of failure caused by the violation of design constraints has been analyzed. Six geometric design parameters are considered in this work and the most important design parameters have been identified. Overall analysis results can be used to enhance the design and reliability of the component.
Resumo:
This paper presents two new approaches for use in complete process monitoring. The firstconcerns the identification of nonlinear principal component models. This involves the application of linear
principal component analysis (PCA), prior to the identification of a modified autoassociative neural network (AAN) as the required nonlinear PCA (NLPCA) model. The benefits are that (i) the number of the reduced set of linear principal components (PCs) is smaller than the number of recorded process variables, and (ii) the set of PCs is better conditioned as redundant information is removed. The result is a new set of input data for a modified neural representation, referred to as a T2T network. The T2T NLPCA model is then used for complete process monitoring, involving fault detection, identification and isolation. The second approach introduces a new variable reconstruction algorithm, developed from the T2T NLPCA model. Variable reconstruction can enhance the findings of the contribution charts still widely used in industry by reconstructing the outputs from faulty sensors to produce more accurate fault isolation. These ideas are illustrated using recorded industrial data relating to developing cracks in an industrial glass melter process. A comparison of linear and nonlinear models, together with the combined use of contribution charts and variable reconstruction, is presented.
Resumo:
This paper shows that current multivariate statistical monitoring technology may not detect incipient changes in the variable covariance structure nor changes in the geometry of the underlying variable decomposition. To overcome these deficiencies, the local approach is incorporated into the multivariate statistical monitoring framework to define two new univariate statistics for fault detection. Fault isolation is achieved by constructing a fault diagnosis chart which reveals changes in the covariance structure resulting from the presence of a fault. A theoretical analysis is presented and the proposed monitoring approach is exemplified using application studies involving recorded data from two complex industrial processes. © 2007 Elsevier Ltd. All rights reserved.
Resumo:
The sugar beet cyst nematode, Heterodera schachtii, is a major agricultural pest. The disruption of the mating behaviour of this plant parasite in the field may provide a means of biological control, and a subsequent increase in crop yield. The H. schachtii female sex pheromone, which attracts homospecific males, was collected in an aqueous medium and isolated using high performance liquid chromatography. Characterization of the male-attractive material revealed that it was heat stable and water soluble. The aqueous medium conditioned by female H. schachtii was found to be biologically active and stimulated male behaviour in a concentration dependent manner. The activity of the crude pheromone was specific to males of H. schachtii and did not attract second stage juveniles. Results indicated that vanillic acid, a putative nematode pheromone, is not an active component of the H. schachtii sex pheromone. Male H. schachtii exhibited stylet thrusting, a poorly understood behaviour of the male, upon exposure to the female sex pheromone. This behaviour appeared to be associated with mate-finding and was used as a novel indicator of biological activity in bioassays. Serotonin, thought to be involved in the neural control of copulatory behaviour in nematodes, stimulated stylet thrusting. However, the relationship between stylet thrusting induced by the sex pheromone and stylet thrusting induced by serotonin is not clear. Extracellular electrical activity was recorded fi-om the anterior region of H. schachtii males during stylet thrusting, and appeared to be associated with this behaviour. The isolation of the female sex pheromone of H. schachtii may, ultimately, lead to the structural identification and synthesis of the active substance for use in a novel biological control strategy.
