Vrije Universiteit

Displaying 1-24 of 24 results

  • White Papers // Mar 2014

    Framing Signals-A Return to Portable Shellcode

    Signal handling has been an integral part of UNIX systems since the earliest implementation in the 1970s. Now-a-days, the authors find signals in all common flavors of UNIX systems, including BSD, Linux, Solaris, Android, and Mac OS. While each flavor handles signals in slightly different ways, the implementations are very...

    Provided By Vrije Universiteit

  • White Papers // Oct 2013

    Who Allocated My Memory? Detecting Custom Memory Allocators in C Binaries

    Many reversing techniques for data structures rely on the knowledge of memory allocation routines. Typically, they interpose on the system's malloc and free functions, and track each chunk of memory thus allocated as a data structure. However, many performance-critical applications implement their own custom memory allocators. Examples include web servers,...

    Provided By Vrije Universiteit

  • White Papers // Jan 2013

    SweetBait: Zero-Hour Worm Detection and Containment Using Low- and High-Interaction Honeypots

    As next-generation computer worms may spread within minutes to millions of hosts, protection via human intervention is no longer an option. The authors discuss the implementation of SweetBait, an automated protection system that employs low- and high-interaction honeypots to recognize and capture suspicious traffic. After discarding white-listed patterns, it automatically...

    Provided By Vrije Universiteit

  • White Papers // Jan 2013

    FFPF: Fairly Fast Packet Filters

    FFPF is a network monitoring framework designed for three things: speed (handling high link rates), scalability (ability to handle multiple applications) and flexibility. Multiple applications that need to access overlapping sets of packets may share their packet buffers, thus avoiding a packet copy to each individual application that needs it....

    Provided By Vrije Universiteit

  • White Papers // Aug 2011

    On Botnets That Use DNS for Command and Control

    The authors discovered and reverse engineered Feederbot, a botnet that uses DNS as carrier for its command and control. Using k-Means clustering and a Euclidean Distance based classifier, they correctly classified more than 14m DNS transactions of 42,143 malware samples concerning DNS-C&C usage, revealing another bot family with DNS C&C....

    Provided By Vrije Universiteit

  • White Papers // Jun 2011

    KLIMAX: Pro Ling Memory Write Patterns to Detect Keystroke-Harvesting Malware

    Privacy-breaching malware is an ever-growing class of malicious applications that attempt to steal confidential data and leak them to third parties. One of the most prominent activities to acquire private user information is to eavesdrop and harvest user-issued keystrokes. Despite the serious threat involved, key-logging activities are challenging to detect...

    Provided By Vrije Universiteit

  • White Papers // Jan 2011

    Consistent Join Queries in Cloud Data Stores

    NoSQL Cloud data stores provide scalability and high availability properties for web applications, but do not support complex queries such as joins. Developers must therefore design their programs according to the peculiarities of NoSQL data stores rather than established software engineering practice. This results in complex and error-prone code, especially...

    Provided By Vrije Universiteit

  • White Papers // Jan 2011

    Process-Oriented Organisation Modelling and Analysis

    In this paper, the authors present a formal framework for process-oriented modeling and analysis of organizations. The high expressivity of the sorted predicate logic language used for specification allows representing a wide range of process-related concepts (e.g. tasks, processes, and resources), characteristics and relations, which are described in the paper....

    Provided By Vrije Universiteit

  • White Papers // Jan 2011

    SweetBait: Zero-Hour Worm Detection and Containment Using Honeypots

    As next-generation computer worms may spread within minutes to millions of hosts, protection via human intervention is no longer an option. The authors discuss the implementation of SweetBait, an automated protection system that employs low-interaction honeypots to capture suspicious traffic. After discarding whitelisted patterns, it automatically generates worm signatures. To...

    Provided By Vrije Universiteit

  • White Papers // Jan 2011

    Ibis: A Flexible and Efficient Java-Based Grid Programming Environment

    In computational grids, performance-hungry applications need to simultaneously tap the computational power of multiple, dynamically available sites. The crux of designing grid programming environments stems exactly from the dynamic availability of compute cycles: grid programming environments: need to be portable to run on as many sites as possible, they need...

    Provided By Vrije Universiteit

  • White Papers // Jan 2011

    Effective Prediction of Job Processing Times in a Large-Scale Grid Environment

    Grid applications that use a considerable number of processors for their computations need effective predictions of the expected computation times on the different nodes. Currently, there are no effective prediction methods available that satisfactorily cope with those ever-changing dynamics of computation times in a grid environment. Motivated by this, in...

    Provided By Vrije Universiteit

  • White Papers // Jan 2011

    Statistical Properties of Task Running Times in a Global-Scale Grid Environment

    Grid computing technology connects globally distributed processors to develop an immense source of computing power, which enables one to run applications in parallel that would take orders of magnitude more time on a single processor. Key characteristics of a global-scale grid are the strong burstiness in the amount of load...

    Provided By Vrije Universiteit

  • White Papers // Dec 2010

    Howard: A Dynamic Excavator for Reverse Engineering Data Structures

    Even the most advanced reverse engineering techniques and products are weak in recovering data structures in stripped binaries - binaries without symbol tables. Unfortunately, forensics and reverse engineering without data structures is exceedingly hard. The authors present a new solution, known as Howard, to extract data structures from C binaries...

    Provided By Vrije Universiteit

  • White Papers // Sep 2010

    Regulating Knowledge Monopolies: The Case Of The IPCC

    The Intergovernmental Panel on Climate Change has a monopoly on the provision of climate policy advice at the international level and a strong market position in national policy advice. This may have been the intention of the founders of the IPCC. The author argues that the IPCC has a natural...

    Provided By Vrije Universiteit

  • White Papers // Sep 2010

    Designing A Property Tax Without Property Values: Analysis In The Case Of Ireland

    The authors examine the implications of using hedonic regressions of house values as the basis for property tax assessment in the Republic of Ireland. Ad valorem property taxes are more equitable than flat rate taxes, but their equity benefits can be reduced if the relative values of dwellings are inaccurately...

    Provided By Vrije Universiteit

  • White Papers // Feb 2010

    Protecting Smart Phones by Means of Execution Replication

    Smartphones have come to resemble PCs in software complexity, with complexity usually leading to bugs and vulnerabilities. Moreover, as smartphones are increasingly used for financial transactions and other privacy sensitive tasks, they are becoming attractive targets for attackers. Unfortunately, smartphones are quite different from PCs in terms of resource constraints...

    Provided By Vrije Universiteit

  • White Papers // Aug 2009

    Price Inflation And Income Distribution

    The world economy is in the middle of a depression, and the Irish economy is among the worst hit. The public finances are in disarray. Taxes are up; wages and benefits are down. Prices are down too, as (world) demand has fallen, as companies vigorously compete for dwindling business, and...

    Provided By Vrije Universiteit

  • White Papers // May 2009

    Group Monitoring in Mobile Ad-Hoc Networks

    Maintaining bonds of cohesion between members of small groups in densely populated venues (e.g., a family in an amusement park, or some friends in a stadium) is increasingly gaining interest, both as a safety mea-sure against malicious activity and as a convenient tool to prevent group splitting. Note that the...

    Provided By Vrije Universiteit

  • White Papers // May 2009

    Scalable Transactions for Web Applications in the Cloud

    Cloud computing platforms provide scalability and high availability properties for web applications but they sacrifice data consistency at the same time. However, many applications cannot afford any data inconsistency. The paper presents a scalable transaction manager for cloud database services to execute ACID transactions of web applications, even in the...

    Provided By Vrije Universiteit

  • White Papers // Jun 2008

    Model-T: Rethinking the OS for Terabit Speeds

    This paper presents Model-T, an OS network stack designed to scale to terabit rates through pipelined execution of micro operations. Model-T parallelizes execution on multicore chips and enforces lockstep processing to maximize shared L2 data cache (d-cache) hitrate. Executing all operations without hitting main memory more than once (if at...

    Provided By Vrije Universiteit

  • White Papers // Jan 2008

    Beltway Buffers: Avoiding the OS Traffic Jam

    The authors introduce a novel system-wide buffer management system based on extensive use of ring buffers. The system provides all well-known primitives (sockets, file descriptors and pipes) to support legacy applications. Beltway buffers are operating system I/O paths optimized for high-throughput network applications. The key architectural feature of beltway buffers...

    Provided By Vrije Universiteit

  • White Papers // Mar 2007

    Failure Resilience for Device Drivers

    Studies have shown that device drivers and extensions contain 3 - 7 times more bugs than other code and thus are more likely to fail. Therefore, the authors present a failure-resilient operating system that can recover from dead device drivers and other critical components - primarily through monitoring and replacing...

    Provided By Vrije Universiteit

  • White Papers // Feb 2007

    The Token Based Switch: Per-Packet Access Authorisation to Optical Shortcuts

    The authors' Token Based Switch (TBS) implementation shows that a packet-based admission control system can be used to dynamically select a fast end-to-end connection over a hybrid network at gigabit speeds. TBS helps high-performance computing and grid applications that require high bandwidth links between grid nodes to bypass the regular...

    Provided By Vrije Universiteit

  • White Papers // Apr 2006

    Dynamically Extending the Corral with Native Code for High-Speed Packet Processing

    By combining the open kernel environment, a click-like software model known as corral and basic concepts of active networking, the authors allow third-party code to control the code organization of a network node at any level, including kernel and network card. They show how an active network environment was implemented...

    Provided By Vrije Universiteit

  • White Papers // May 2009

    Scalable Transactions for Web Applications in the Cloud

    Cloud computing platforms provide scalability and high availability properties for web applications but they sacrifice data consistency at the same time. However, many applications cannot afford any data inconsistency. The paper presents a scalable transaction manager for cloud database services to execute ACID transactions of web applications, even in the...

    Provided By Vrije Universiteit

  • White Papers // May 2009

    Group Monitoring in Mobile Ad-Hoc Networks

    Maintaining bonds of cohesion between members of small groups in densely populated venues (e.g., a family in an amusement park, or some friends in a stadium) is increasingly gaining interest, both as a safety mea-sure against malicious activity and as a convenient tool to prevent group splitting. Note that the...

    Provided By Vrije Universiteit

  • White Papers // Jan 2011

    SweetBait: Zero-Hour Worm Detection and Containment Using Honeypots

    As next-generation computer worms may spread within minutes to millions of hosts, protection via human intervention is no longer an option. The authors discuss the implementation of SweetBait, an automated protection system that employs low-interaction honeypots to capture suspicious traffic. After discarding whitelisted patterns, it automatically generates worm signatures. To...

    Provided By Vrije Universiteit

  • White Papers // Jan 2011

    Ibis: A Flexible and Efficient Java-Based Grid Programming Environment

    In computational grids, performance-hungry applications need to simultaneously tap the computational power of multiple, dynamically available sites. The crux of designing grid programming environments stems exactly from the dynamic availability of compute cycles: grid programming environments: need to be portable to run on as many sites as possible, they need...

    Provided By Vrije Universiteit

  • White Papers // Feb 2010

    Protecting Smart Phones by Means of Execution Replication

    Smartphones have come to resemble PCs in software complexity, with complexity usually leading to bugs and vulnerabilities. Moreover, as smartphones are increasingly used for financial transactions and other privacy sensitive tasks, they are becoming attractive targets for attackers. Unfortunately, smartphones are quite different from PCs in terms of resource constraints...

    Provided By Vrije Universiteit

  • White Papers // Sep 2010

    Regulating Knowledge Monopolies: The Case Of The IPCC

    The Intergovernmental Panel on Climate Change has a monopoly on the provision of climate policy advice at the international level and a strong market position in national policy advice. This may have been the intention of the founders of the IPCC. The author argues that the IPCC has a natural...

    Provided By Vrije Universiteit

  • White Papers // Sep 2010

    Designing A Property Tax Without Property Values: Analysis In The Case Of Ireland

    The authors examine the implications of using hedonic regressions of house values as the basis for property tax assessment in the Republic of Ireland. Ad valorem property taxes are more equitable than flat rate taxes, but their equity benefits can be reduced if the relative values of dwellings are inaccurately...

    Provided By Vrije Universiteit

  • White Papers // Aug 2009

    Price Inflation And Income Distribution

    The world economy is in the middle of a depression, and the Irish economy is among the worst hit. The public finances are in disarray. Taxes are up; wages and benefits are down. Prices are down too, as (world) demand has fallen, as companies vigorously compete for dwindling business, and...

    Provided By Vrije Universiteit

  • White Papers // Jan 2011

    Effective Prediction of Job Processing Times in a Large-Scale Grid Environment

    Grid applications that use a considerable number of processors for their computations need effective predictions of the expected computation times on the different nodes. Currently, there are no effective prediction methods available that satisfactorily cope with those ever-changing dynamics of computation times in a grid environment. Motivated by this, in...

    Provided By Vrije Universiteit

  • White Papers // Jan 2011

    Statistical Properties of Task Running Times in a Global-Scale Grid Environment

    Grid computing technology connects globally distributed processors to develop an immense source of computing power, which enables one to run applications in parallel that would take orders of magnitude more time on a single processor. Key characteristics of a global-scale grid are the strong burstiness in the amount of load...

    Provided By Vrije Universiteit

  • White Papers // Jan 2011

    Consistent Join Queries in Cloud Data Stores

    NoSQL Cloud data stores provide scalability and high availability properties for web applications, but do not support complex queries such as joins. Developers must therefore design their programs according to the peculiarities of NoSQL data stores rather than established software engineering practice. This results in complex and error-prone code, especially...

    Provided By Vrije Universiteit

  • White Papers // Jun 2011

    KLIMAX: Pro Ling Memory Write Patterns to Detect Keystroke-Harvesting Malware

    Privacy-breaching malware is an ever-growing class of malicious applications that attempt to steal confidential data and leak them to third parties. One of the most prominent activities to acquire private user information is to eavesdrop and harvest user-issued keystrokes. Despite the serious threat involved, key-logging activities are challenging to detect...

    Provided By Vrije Universiteit

  • White Papers // Dec 2010

    Howard: A Dynamic Excavator for Reverse Engineering Data Structures

    Even the most advanced reverse engineering techniques and products are weak in recovering data structures in stripped binaries - binaries without symbol tables. Unfortunately, forensics and reverse engineering without data structures is exceedingly hard. The authors present a new solution, known as Howard, to extract data structures from C binaries...

    Provided By Vrije Universiteit

  • White Papers // Aug 2011

    On Botnets That Use DNS for Command and Control

    The authors discovered and reverse engineered Feederbot, a botnet that uses DNS as carrier for its command and control. Using k-Means clustering and a Euclidean Distance based classifier, they correctly classified more than 14m DNS transactions of 42,143 malware samples concerning DNS-C&C usage, revealing another bot family with DNS C&C....

    Provided By Vrije Universiteit

  • White Papers // Jan 2013

    SweetBait: Zero-Hour Worm Detection and Containment Using Low- and High-Interaction Honeypots

    As next-generation computer worms may spread within minutes to millions of hosts, protection via human intervention is no longer an option. The authors discuss the implementation of SweetBait, an automated protection system that employs low- and high-interaction honeypots to recognize and capture suspicious traffic. After discarding white-listed patterns, it automatically...

    Provided By Vrije Universiteit

  • White Papers // Jan 2013

    FFPF: Fairly Fast Packet Filters

    FFPF is a network monitoring framework designed for three things: speed (handling high link rates), scalability (ability to handle multiple applications) and flexibility. Multiple applications that need to access overlapping sets of packets may share their packet buffers, thus avoiding a packet copy to each individual application that needs it....

    Provided By Vrije Universiteit

  • White Papers // Jan 2011

    Process-Oriented Organisation Modelling and Analysis

    In this paper, the authors present a formal framework for process-oriented modeling and analysis of organizations. The high expressivity of the sorted predicate logic language used for specification allows representing a wide range of process-related concepts (e.g. tasks, processes, and resources), characteristics and relations, which are described in the paper....

    Provided By Vrije Universiteit

  • White Papers // Oct 2013

    Who Allocated My Memory? Detecting Custom Memory Allocators in C Binaries

    Many reversing techniques for data structures rely on the knowledge of memory allocation routines. Typically, they interpose on the system's malloc and free functions, and track each chunk of memory thus allocated as a data structure. However, many performance-critical applications implement their own custom memory allocators. Examples include web servers,...

    Provided By Vrije Universiteit

  • White Papers // Mar 2014

    Framing Signals-A Return to Portable Shellcode

    Signal handling has been an integral part of UNIX systems since the earliest implementation in the 1970s. Now-a-days, the authors find signals in all common flavors of UNIX systems, including BSD, Linux, Solaris, Android, and Mac OS. While each flavor handles signals in slightly different ways, the implementations are very...

    Provided By Vrije Universiteit

  • White Papers // Apr 2006

    Dynamically Extending the Corral with Native Code for High-Speed Packet Processing

    By combining the open kernel environment, a click-like software model known as corral and basic concepts of active networking, the authors allow third-party code to control the code organization of a network node at any level, including kernel and network card. They show how an active network environment was implemented...

    Provided By Vrije Universiteit

  • White Papers // Feb 2007

    The Token Based Switch: Per-Packet Access Authorisation to Optical Shortcuts

    The authors' Token Based Switch (TBS) implementation shows that a packet-based admission control system can be used to dynamically select a fast end-to-end connection over a hybrid network at gigabit speeds. TBS helps high-performance computing and grid applications that require high bandwidth links between grid nodes to bypass the regular...

    Provided By Vrije Universiteit

  • White Papers // Mar 2007

    Failure Resilience for Device Drivers

    Studies have shown that device drivers and extensions contain 3 - 7 times more bugs than other code and thus are more likely to fail. Therefore, the authors present a failure-resilient operating system that can recover from dead device drivers and other critical components - primarily through monitoring and replacing...

    Provided By Vrije Universiteit

  • White Papers // Jan 2008

    Beltway Buffers: Avoiding the OS Traffic Jam

    The authors introduce a novel system-wide buffer management system based on extensive use of ring buffers. The system provides all well-known primitives (sockets, file descriptors and pipes) to support legacy applications. Beltway buffers are operating system I/O paths optimized for high-throughput network applications. The key architectural feature of beltway buffers...

    Provided By Vrije Universiteit

  • White Papers // Jun 2008

    Model-T: Rethinking the OS for Terabit Speeds

    This paper presents Model-T, an OS network stack designed to scale to terabit rates through pipelined execution of micro operations. Model-T parallelizes execution on multicore chips and enforces lockstep processing to maximize shared L2 data cache (d-cache) hitrate. Executing all operations without hitting main memory more than once (if at...

    Provided By Vrije Universiteit