Examinando por Autor "Soriano-Salvador, Enrique"

Mostrando 1 - 6 de 6

Detecting and bypassing frida dynamic function call tracing: exploitation and mitigation
(Springer, 2023) Soriano-Salvador, Enrique; Guardiola Múzquiz, Gorka
Optimistic Semaphores with Non-deterministic Choice Operation for Heterogeneous Manycore Systems
(Wiley, 2015) Soriano-Salvador, Enrique; Guardiola Múzquiz, Gorka; Ballesteros, Francisco J.
The Nix operating system permits different roles to be assigned to the cores. One of the roles is to be able to run user-space code with no interrupts from the operating system, which is particularly useful for high-performance computing. System calls are especially expensive to a core playing this role. This paper presents a new implementation of optimistic semaphores that avoid performing expensive system calls in an uncontended scenario. The implementation is straightforward and somewhat unorthodox: a semaphore is based on a data structure and a lock that are shared between user space and kernel space. This study aims at evaluating if such an approach is viable. In addition, the implementation includes a non-deterministic choice operation over a collection of semaphores, altsems. This novel operation facilitates the creation of higher-level communication mechanisms, such as sockets and channels. To support this claim, we implemented a new kind of buffered communication channels named tubes, tailored for communicating processes running on different (heterogeneous) cores. The paper describes the implementation of the semaphores and the tubes, a comparative analysis of optimistic and non-optimistic semaphores on Nix, and a comparative analysis of tubes and other kinds of communication channels that are available on the Nix operating system. Copyright © 2014 John Wiley & Sons, Ltd.
Quantitative analysis of security in distributed robotic frameworks
(Elsevier, 2018) Martı́n, Francisco; Soriano-Salvador, Enrique; Cañas, José M.
Robotic software frameworks simplify the development of robotic applications. The more powerful ones help to build such applications as a distributed collection of interoperating software nodes. The communications inside those robotic systems are amenable of being attacked and vulnerable to the security threats present on any networked system. With the robots increasingly entering in people’s daily lives, like autonomous cars, drones, etc. security on them is a central issue gaining attention. This paper studies several well known communication middleware inside robotic frameworks running on robots with regular computers, and their support for cybersecurity. It analyzes their performance when transmitting regular robotic data of different sizes, with or without security features, and on several network settings. The experiments show that security, when available, does not significantly decrease the quality of the robotic data communication in terms of latency and packet loss rate.
SealFS: Storage-Based Tamper-Evident Logging
(Elsevier, 2021) Soriano-Salvador, Enrique; Guardiola Múzquiz, Gorka
Log analysis is essential for a forensic investigation. Upon intrusion, log files are usually forged in order to hide or fake evidence. If the system is completely compromised, malicious code can be executed in kernel or hypervisor mode making even signed log files vulnerable. As a countermeasure, some systems archive the log files on another system through the network. This solution is not always suitable or desirable and it just shifts the problem elsewhere. The log files need to be preserved on another networked machine which may itself be attacked. In this paper, we present a simple scheme to authenticate local log files based on a forward integrity model. The scheme is based on a realistic assumption: nowadays, storage is very cheap. We can authenticate the logged data generated, starting from boot time to the instant that the malicious code elevates privileges. This tamper-evident scheme does not depend on special security hardware or securing a distributed system. We also present a prototype implementation of this scheme, SealFS. Our implementation, which showcases this approach, is a novel stackable file system for Linux. It enables tamper-evident logging to all existing applications, provides backwards compatibility and instant deployability. Last, we present a performance evaluation of this prototype that shows the viability of this approach.
SealFSv2: combining storage-based and ratcheting for tamper-evident logging
(Springer, 2022) Guardiola-Múzquiz, Gorka; Soriano-Salvador, Enrique
Tamper-evident logging is paramount for forensic audits and accountability subsystems. It is based on a forward integrity model: upon intrusion, the attacker is not able to counterfeit the logging data generated before controlling the system. There are local and distributed solutions to this problem. Distributed solutions are suitable for common scenarios, albeit not appropriate for autonomous and loosely connected systems. Moreover, they can be complex and introduce new security issues. Traditional local tamper-evident logging systems use cryptographic ratchets. In previous works, we presented SealFS (from now on, SealFSv1), a system that follows a radically different approach for local tamper-evident logging based on keystream storage. In this paper, we present a new version, SealFSv2, which combines ratcheting and storage-based log anti-tamper protection. This new approach is flexible and enables the user to decide between complete theoretical security (like in SealFSv1) and partial linear degradation (like in a classical ratchet scheme), exchanging storage for computation with user-defined parameters to balance security and resource usage. We also describe an implementation of this scheme. This implementation, which showcases our approach, is an optimized evolution of the original sealfs Linux kernel module. It implements a stackable file system that enables transparent tamper-evident logging to all user space applications and provides instant deployability. Last, we present a complete performance evaluation of our current implementation and a fair performance comparison of the two opposite approaches for local tamper-evident logging (i.e., storage-based vs. ratcheting). This comparison suggests that, on current systems and general-purpose hardware, the storage-based approach and hybrid schemes perform better than the traditional ratchet approach.
ZX: A network file system for high-latency networks
(Wiley, 2018) Ballesteros, Francisco J.; Guardiola Múzquiz, Gorka; Soriano-Salvador, Enrique
Using a central file server is good for interactive access to files, because of the coherency implied by a centralized design. In fact, within local area networks, this is a common case. However, distributed environments in use today may exhibit round-trip times on the order of 50 or 100 ms. This is a problem for interactive file access to a central file server because of the resulting access times. Although aggressive caching and loosely synchronized replicas may be used for distributed file access, there are cases where the better coherency provided by a central server is still desirable. In this paper, we present ZX, a distributed file system and protocol designed with latency in mind. It can use caching, but it does not require caching or batching to address latency issues. ZX relies on a novel channel-based file system interface. It includes find requests and leverages streaming requests to work well under high-latency conditions. Unlike other protocols designed for distributed access to a central server, ZX tolerates round-trip times on the order of 50 or 100 ms to access a central file server for interactive usage such as compiling shared sources, running binaries, editing documents, and other similar workloads. It can be used on UNIX using a FUSE adaptor while permitting native ZX speakers to run faster.