Browsing by Author "Rudys, Algis"
Now showing 1 - 5 of 5
Results Per Page
Sort Options
Item Garbage Collector Memory Accounting in Language-Based Systems(2003-11-11) Price, David W.; Rudys, Algis; Wallach, Dan S.Language run-time systems are often called upon to safely execute mutually distrustful tasks within the same runtime, protecting them from other tasks' bugs or otherwise hostile behavior. well-studied access controls exist in systems such as Java to prevent unauthorized reading or writing of data, but techniques to measure and control resource usage are less prevalent. In particular, most language run-time systems include no facility for accounting for heap memory usage on a per-task basis. In addition, because tasks may very well share references to the same objects, traditional approaches that charge memory to its allocator fail to properly account for this sharing. We present a method for modifying the garbage collector, already present in most modern language run-time systems, to measure the amount of live memory reachable from each task as it performs its regular duties. Our system naturally distinguishes memory shared across tasks from memory reachable from only a single task without requiring incompatible changes to the semantics of the programming language. Our prototype implementation imposes negligible performance overheads on a variety of benchmarks, yet provides enough information for the expression of rich policies to express the limits on a task's memory usage.Item Hack-a-Vote: Demonstrating Security Issues with Electronic Voting Systems(2003-11-21) Bannet, Jonathan; Price, David W.; Rudys, Algis; Singer, Justin; Wallach, Dan S.A representative democracy depends on a universally trusted voting system for the election of representatives; voters need to believe that their votes count, and all parties need to be convinced that the winner and loser of the election were declared legitimately. Direct recording electronic (DRE)voting systems are increasingly being deployed to fill this role. Unfortunately, doubts have been raised as to the trustworthiness of these systems. This article presents a research voting system and associated class project which was used to demonstrate several classes of bugs that might occur in such a voting system unbeknownst to voters, with the difficulty of detecting these bugs through auditing. The intent of this project is to justify the mistrust sometimes placed in DRE voting systems that lack a voter-verifiable audit trail.Item Operating system-style protections for language-based systems(2007) Rudys, Algis; Wallach, Dan S.Process-based separation has long been the prevalent model for providing security and isolation to protection domains in computer systems. However, the recent rise of component-based systems, which execute multiple plug-ins in the same process, has exposed a weakness of processes. At the same time, the recent spate of vulnerabilities in software has revealed the usefulness of language-based schemes to supplement the protections offered by processes. I propose a language-based protection model to replace processes as the basis for providing security and isolation. In this thesis, I present three different language-based mechanisms which add particular operating system-style protection semantics to the language. Soft termination provides a mechanism for guaranteed, safe termination of a task without interfering with other modules. Garbage collector memory accounting provides an accurate accounting of the memory used by each individual task running in the language-based system. Soft boundaries is a set of static analyses to verify that a specified task separation policy is followed by a particular codebase. These mechanisms provide the security and isolation that process-based separation provides, while tackling the problems of component-based architectures and malicious code head-on.Item Robotics-Based Location Sensing based on Wireless Ethernet(2002-04-25) Bekris, Kostas E.; Kavraki, Lydia E.; Ladd, Andrew M.; Marceau, Guillaume; Rudys, Algis; Wallach, Dan S.A key subproblem in the construction of location-aware systems is the determination of the position of a mobile device. This paper describes the design, implementation and analysis of a system for determining position from measured RF signal strengths in the IEEE 802.11b wireless Ethernet network. Previous approaches in the location-aware field with RF signals have been severely hampered by non-linearity, noise and complex correlations due to multi-path effects, interference and absorption. The design of our system begins with the observation that determining position from complex, noisy and non-linear signals is a well-studied problem in the field of robotics. Using only off-the-shelf hardware, we achieve robust position estimation to within a meter in our experimental context and after adequate training of our system. Also, we can coarsely determine our orientation and can track our position as we move. By applying recent advances in probabilistic inference of position and sensor fusion from noisy signals, we show that the RF emissions from base stations as measured by off-the-shelf wireless Ethernet cards are sufficiently rich in information to permit a mobile device to reliable track its location.Item Termination in Language-Based Systems(2000-08-08) Clements, John; Rudys, Algis; Wallach, Dan S.Language runtime systems are increasingly being embedded in systems to support runtime extensibility via mobile code. Such systems raise a number of concerns when the code running in such systems is potentially buggy or untrusted. While sophisticated access controls have been designed for mobile code and are shipping as part of commercial systems such as Java, there is no support for terminating mobile code short of terminating the entire language runtime. This paper presents a concept called "soft termination'' which can be applied to virtually any mobile code system. Soft termination allows mobile code threads to be safely terminated while preserving the stability of the language runtime. In addition, function bodies can be permanently disabled, thwarting attacks predicated on system threads eventually calling untrusted functions. We present a formal design for soft termination and an implementation of it for Java, built using Java bytecode rewriting, and demonstrating reasonable performance (5-40% slowdowns on benchmarks).