A SYSTEM FOR PROGRAM EXECUTION IDENTIFICATION ON THE MICROSOFT WINDOWS PLATFORMS
|
|
- Kerrie Kelly
- 6 years ago
- Views:
Transcription
1 A SYSTEM FOR PROGRAM EXECUTION IDENTIFICATION ON THE MICROSOFT WINDOWS PLATFORMS Yujiang Xiong Zhiqing Liu Hu Li School of Software Engineering Beijing University of Post and Telecommunications Beijing China Abstract This paper describes a system for identification execution of programs using execution events of the programs. This system is based on a model of program execution for security purposes, and is implemented on the Microsoft Windows platforms using an operating system technique called DLL (Dynamic Linked Library) replacement. Compared to other related works, this paper has two key contributions: It describes a systematic way to retain all system DLLs made by application programs dynamically and in real-time on the Microsoft Windows platforms. It also presents a new model of program execution, in which frequencies of program execution events are considered in addition to their patterns. Our experiment data indicate improved results. Keywords Program execution model, DLL replacement, DLL interception, and API calls footprint 1. Introduction Networking and system security has become a major concern while the Microsoft Windows systems are widely used in our age. Many security problems have been discovered in the Microsoft Windows systems. For example, many computer viruses exist in the systems, which may lead to the leak of critical information or destroy important files. In addition, software running on the Windows platforms in unsecured environments, is often required to bear certain assurance for security purposes. The ability to be able to identify execution of a program based on its execution events would help in both of these cases. Prof. Liu has presented a model of program execution, which can function as a framework for program execution identification[1]. This paper presents a program execution identification system constructed for the Microsoft Windows platforms. By using an operating system technique called DLL (Dynamic Linked Library) replacement, this system is able to intercept and retain efficiently all system API (Application Programming Interface) calls made by application programs in real-time, along with normal execution of the application programs. Our system employs a new model of program execution, in which system call footprints are used, along with their frequency factors, to identify execution of programs. This use of frequency factors helps improve the accuracy of our program execution identification system. 2. Related Works Importance of program modeling is widely recognized. Modeling of program can be either done statically or dynamically, and former way is relatively easy. Trustworthy programs can be modeled using either program signatures or proof-carrying code (PCC)[2][3]. Untrustworthy programs, as static entities, are commonly modeled using program signatures as well. Unlike the case for trustworthy programs where MAC is generally used as the signatures, signatures of untrustworthy programs are often obtained by selecting unusual and short code sequences within the program. For example, this technique is widely used in anti-virus software, in which a large set of such signatures for
2 various computer viruses is collected, and updated periodically with signatures for newly-found viruses[4]. However it is significantly more difficult to identify execution of a program due to dynamic and non-deterministic natures of program execution, because a program must be executed in order to observe its dynamic behaviors, and because executing the program more than once may observe different behaviors of the program. De Pauw, et al. presented a model of object-oriented program execution, focusing on visualization of object-oriented program execution [5][6]. This model was constructed at the level of messages in object creation, deletion, method invocation, method return, and so on. Just like De Pauw s model, most program models and systems [7][8] were designed for traditional purposes such as visualization, debugging, optimization, and so on. Using program execution models for improvement of software reliability and assurance is a more recent effort, with which our work shares the same objective. Particularly, the executable specification project at the Microsoft Research tries to verify program execution conformance under a formal specification framework. However specifications under this framework are articulated statically while our system relies upon experimental results through software testing. 3. Program Execution Model 3.1 Program Execution Event Specification We shall use the term program execution events, or PEEs, to refer to all security-related behaviors that can be formally described in program execution. Examples of PEEs include file reading and network connection accessing. Liu s model is constructed upon PEEs and supports procedures for both program execution identification and program execution verification by matching PEEs against some known results. 3.2 Identification and Verification of Program Execution Program execution identification allows execution of a program to be identified based on its execution events, by comparing the events with some well-known patterns. Program execution verification allows execution of a program to be verified to conform to some of its well-known behaviors. Both of the two procedures are feasible only within the framework of a program execution model. 3.3 Program Execution Model Symbolically, system call sequences and system call strings are all strings on an alphabet formed by the set of system calls in a given platform. Each element in a system call footprint, when defined as a set of system call strings of a fixed length, can be viewed as a vector or a point in a space of n dimensions where n is the fixed length. Thus, a system call footprint is a set of points in the n-dimension space, and Liu s program execution model defines important properties for system call footprints. 4. A New Model of Program Execution 4.1 Previous Model The previous model consists of a representation of PEEs in a mathematical space and defines a number of properties in the representation. Mathematically, the set of system calls in a given platform forms an alphabet A, and system call sequences and system call strings are all strings on A. Because the system call strings are of a fixed length, which is denoted as n, each of the system call strings can be viewed as a vector or a point in a space of n dimensions. We can thus model a SCF as a set of points in the n-dimension space. This geometric representation of SCFs allows us to define a number of important operations and properties: Given a SCF S, we define the size of S, denoted as S, as the number of points in S. Obviously S depends on n: the size of a SCF is generally larger when it is represented in a higher dimension space. The relative sizes of programs SCFs generally represent the relative complexities of the programs execution. Given two SCFs S 1 and S 2, we say that S 1 conforms to S 2 if and only if S 1 is a subset of S 2, i.e. S 1 S2. Particularly, we say that S 1 equals to S 2, denoted as S 1 = S 2, if S 1 conforms to S 2 and S 2 conforms to S 1. Given two SCFs S 1 and S 2, we define the difference between S 1 and S 2, denoted as S 1 - S 2 and S 2 - S 1 equivalently, as the number of points that are in one system call footprint but not in the other, i.e. S 1 S 2 S 1 S 2. S 1 - S 2 depends on n: the distance is generally larger when represented in a higher dimension space. Given two SCFs S 1 and S 2, we define the distance of S 1 and S 2, denoted as S 1 S 2 and S 2 S 1 equivalently, as the difference of S 1 and S 2 in percentage of the total size of S 1 and S 2, i.e.,
3 S1- S2 S1 S2. This, in the range of [0,1], represents a relative distance measurement of SCFs, which is largely independent of n, and thus generally preferred over the difference measurement. Given two SCFs S 1 and S 2, we define the similarity of S 1 and S 2, denoted as S 1 S 2 and S 2 S 1 equivalently, as the number of points shared by both S 1 and S 2 in percentage of the total size of S 1 and S 2, i.e., S1 S1 S2 S2. This, also in the range of [0,1], represents a relative similarity measurement of SCFs, which is largely independent of n. Please note that the distance and the similarity of two SCFs are complement with each other, i.e., S 1 S 2 + S 1 S 2 = Our New Model In our current model, every element in SCF has its appearance frequency, which is not used. We believe that the frequency factor of SCF is important in helping improve accuracy of program execution identification. We thus define the similarity of two SCFs with their frequency factor as follows: Given two SCFs S 1 = { s 11, s 12, s 1i, } and S 2 = { s 21, s 22, s 2i, }, and their respective frequency factor denoted as F 1 = {f 11, f 12, f 1i, } and F 2 = { f 21, f 22, f 2i, }. We define the following properties: Frequency intersection: min(f1i, f2i ) F( S 1 S 2 ) = (S1 S 2) max(f1i, f2i) This means that its minimum frequency divides its maximum frequency of the same element in S 1 and S 2, and then we get their sum. Frequency union: F( S 1 S 2 ) =F( S 1 S 2 ) + S1 S 2 This means frequency intersection added the number of different element in S 1 and S 2. Similarity of S 1 and S 2 : S 1 S 2 = F( S1 F( S1 S2 ) S2 ) This means their frequency intersection divides their frequency union, and then we get its evolution. The action of evolution magnifies the comparative difference of the result, which makes the result more clear. We can see the effect from experimental results in section Program Identification on the Microsoft Windows Platforms We know that many functions are called when a program is executed. Some of these functions are defined by users, and the others are supplied by the operating system. For instance, kernel32.dll on the Microsoft Windows platform provides many system functions that are absolutely necessary for a program. When a program starts to run, all system DLLs and DLLs defined by users are first loaded. Figure 1 shows a logic view of program execution on the Windows platforms. Function A Function B System DLL Program Function X Function Y User DLL Figure 1 Logic view of program execution on the Windows platforms As application programmers, we do not touch system DLLs. However, we need to modify them when we want to make certain customized enhancements for the system. Another benefit of this is enforcement in the sense that user applications cannot bypass the customized enhancements. This technique is commonly known as DLL Replacement, which will be discussed briefly next [9]. If we intercept system API resided in system-supplied DLLs, we can surely insert our codes to add functionality such as logging system API calls for the purpose of program execution identification. API hook on program executable files is a feasible way to do so, but it is of less efficiency, because it must modify the import table of each program. Another way is called
4 Detours, which is a binary interception of win32 functions. This shares the same problem as the API hook approach. We prefer to use the DLL replacement technology to resolve the above issue, by replacing interesting system DLLs with those defined by ourselves. We instruct programs to load our DLLs first, which may invoke the original system DLLs if necessary. In DLL replacement, programs call our function first, and then jump to previous function for execution. Thus, we are able to insert code to log a system API call when a program called it. In other words, we can thus trace all API calls. Figure 3: SCFs of pinball 6. System Implementation Our program execution identification system first provides the ability to log system API calls. We implement system API logging procedures as the following: (1) Define our own versions of kernel32.dll and ws2_32.dll to intercept interesting system API calls. (2) Modify the OS regedit for proper DLL loading. (3) Rename the DLLs in the system32 directory to work with applications. Figure 4: SCFs of winmine 7 Experimental Results We have used the implemented system to produce SCFs and to conduct PEI upon a computer running the Microsoft Windows XP, and this section shows our results. We use the following three programs in our experiments: the media player, the 3D pinball program, and the winmine program, all of which are supplied by the Windows XP. We have executed each program for ten times, got their Individual SCFs (ISCFs), and then assembled them collectively as their Full SCFs (FSCFs), as discussed in [1]. We show their SCFs in a 2-dimension space. Figure 2: SCFs of media player Figure 2, 3 and 4 show the SCFs for the three programs. We can note from these figures that executing the same application produces typical similar SCFs. In addition, we also show API logs in the form of histograms. Figure 5 and 6 are two respective histograms of the media player. Figure 7 and 8 are those of the pinball. And Figure 9 and 10 the winmine. We can see that the different programs produce their traces distinct form each other, while the traces of the same program generally conform to each other. Figure 5: Histogram of media player-1
5 Figure 6: Histogram of media player-2 Figure 10: Histogram of winmine-2 Figure 7: Histogram of pinball-1 Figure 8: Histogram of pinball-2 Figure 9: Histogram of winmine-1 After SCFs are produced, we performed the PEI procedure on each of ISCFs against the three FSCFs. Table 1 shows similarity measurements based upon Liu s similarity algorithm. In comparison, Table 2 shows different similarity measurements based on our new algorithm with frequency factor. We can clearly see from the tables that our new algorithm helps distinguish executions of different programs more clearly and accurately. Table 1: Similarity (n = 2) based upon Liu s algorithm pinball winmine wmplayer Pinball Pinball Pinball Winmine Winmine Winmine wmplayer wmplayer wmplayer Table 2: Similarity (n = 2) based upon our new algorithm with frequency factor pinball winmine wmplayer Pinball Pinball Pinball winmine winmine winmine wmplayer wmplayer wmplayer
6 It can be seen form the tables that we can get the similarity of programs with previous algorithm, and that the similarity between SCFs is notable in the same program but less in different ones. Anyway, the difference said above is not that obvious. For instance, the minimum similarity of wmplayer between ISCF and FSCF is 0.76, while the maximum similarity is 0.34 between wmplayer and pinball, and that figure is 0.18 between wmplayer and winmine. As a result, there will be confusions in identifying execution programs in some circumstances. However, the distinction between the similarities is more clear once the new algorithm is adopted, since frequency factor is of great importance to the SCFs of programs. We can see that the similarity between SCFs is significant in the same program but less in different ones. For instance, the minimum similarity of wmplayer between ISCF and FSCF is 0.7, while the maximum similarity is 0.05 between wmplayer and pinball, and that figure is 0.02 between wmplayer and winmine. It is so clear that we can easily identify execution programs. Thus, we can get the rough identification measurement as follows: Pnball is 0.90, Winmine is 0.80, and Wmplayer is Discussions and Conclusions In this program execution identification system, we have successfully replaced more than 100 system DLL s functions. With the replacements installed, the system runs on the rails, with many programs running without much difference from an ordinary Windows system, except for some slowness in performance, which is barely noticeable without prior knowledge. As an example of the effectiveness of this system, it produces a full system API trace of a well-known computer virus when the system was accidentally affected in testing. In summary, this system is a success. However, certain issues still need to be resolved before making a produce, which is our ultimate goal. One of the key issues is that the Windows operating system checks the signature of each system DLL file every time the system boots. To deal with this issue without acquiring the signature of our own versions, we have to put the original DLLs back when shutting down the system, which will make things more complicated. Another critical issue is how to construct better SCFs. We currently use substrings of length 2 as definition of SCFs, and this definition seems reasonably accurate but not yet perfect. We want to further improve it by find a better approach to characterize program execution, and thus making PEI and PEV more accurate. In conclusion, SCF provides a compact and convenient approach to formally specify security-related execution behaviors of programs. Our work as has been described in this paper has two key contributions: On the one hand, we have successfully implemented PEI on the Microsoft Windows platforms using the technique of DLL replacement. On the other hand, we have developed an enhanced model of program execution, in which frequency factor is used in SCFs for formal specification of program execution events. References [1] Z. Liu, A Model of Program Execution for Security Purposes, in Proceedings of the 8 th IASTED International Conference on Software Engineering and Applications, Cambridge, MA, November, [2] G. C. Necula and P. Lee, Safe Kernel Extensions Without Run-Time Checking. OSDI'96 [3] G. C. Necula, Proof-Carrying Code. POPL'97. [4] J. O. Kephart and S. R. White, Measuringand Modeling Computer Virus Prevalence. Proceedings of the 1993 IEEE Computer Society Symposium on Research in Security and Privacy. Oakland, California, May 24-26, 1993, [5] W. De Pauw, R. Helm, D. Kimelman, and J. Vlissides, Visualizing the behavior of object-oriented systems. In Object-Oriented Programming Systems, Languages, and Applications Conference, pages , [6] W. De Pauw, D. Kimelman, and J. Vlissides, Modeling Object-Oriented Program Execution, ECOOP 94 Conference, [7] R. Snodgrass, A relational approach to monitoring complex systems. ACM Transactions on Computer Systems, 6(2): May 1988, [8] J. Domingue, Compressing and comparing metric execution spaces. In INTERACT 90, pages Elsevier Science Publishers B.V. (North Holland), [9] J. Richter, Windows Core Programming(Machine Building Press, Beijing China, May 2000).
Face Recognition Technology Based On Image Processing Chen Xin, Yajuan Li, Zhimin Tian
4th International Conference on Machinery, Materials and Computing Technology (ICMMCT 2016) Face Recognition Technology Based On Image Processing Chen Xin, Yajuan Li, Zhimin Tian Hebei Engineering and
More informationCondor Local File System Sandbox Requirements Document
Condor Local File System Sandbox Requirements Document Requirements Document 1 1 Table of Contents 1 Table of Contents 2 2 Introduction 3 3 Describing the problem space 3 4 Defining the project's scope
More informationVideo Inter-frame Forgery Identification Based on Optical Flow Consistency
Sensors & Transducers 24 by IFSA Publishing, S. L. http://www.sensorsportal.com Video Inter-frame Forgery Identification Based on Optical Flow Consistency Qi Wang, Zhaohong Li, Zhenzhen Zhang, Qinglong
More informationImplementing Software Connectors through First-Class Methods
Implementing Software Connectors through First-Class Methods Cheoljoo Jeong and Sangduck Lee Computer & Software Technology Laboratory Electronics and Telecommunications Research Institute Taejon, 305-350,
More informationIntegrated Software Environment. Part 2
Integrated Software Environment Part 2 Operating Systems An operating system is the most important software that runs on a computer. It manages the computer's memory, processes, and all of its software
More informationPopularity of Twitter Accounts: PageRank on a Social Network
Popularity of Twitter Accounts: PageRank on a Social Network A.D-A December 8, 2017 1 Problem Statement Twitter is a social networking service, where users can create and interact with 140 character messages,
More informationNON-CENTRALIZED DISTINCT L-DIVERSITY
NON-CENTRALIZED DISTINCT L-DIVERSITY Chi Hong Cheong 1, Dan Wu 2, and Man Hon Wong 3 1,3 Department of Computer Science and Engineering, The Chinese University of Hong Kong, Hong Kong {chcheong, mhwong}@cse.cuhk.edu.hk
More informationOperating-System Structures
Operating-System Structures Chapter 2 Operating System Services One set provides functions that are helpful to the user: User interface Program execution I/O operations File-system manipulation Communications
More informationYuki Ashino, Keisuke Fujita, Maiko Furusawa, Tetsutaro Uehara and Ryoichi Sasaki
Chapter 10 IMPLEMENTING BOOT CONTROL FOR WINDOWS VISTA Yuki Ashino, Keisuke Fujita, Maiko Furusawa, Tetsutaro Uehara and Ryoichi Sasaki Abstract A digital forensic logging system must prevent the booting
More informationOPERATING SYSTEMS. Prescribed Text Book Operating System Principles, Seventh Edition By Abraham Silberschatz, Peter Baer Galvin and Greg Gagne
OPERATING SYSTEMS Prescribed Text Book Operating System Principles, Seventh Edition By Abraham Silberschatz, Peter Baer Galvin and Greg Gagne OVERVIEW An operating system is a program that manages the
More informationComplexity Results on Graphs with Few Cliques
Discrete Mathematics and Theoretical Computer Science DMTCS vol. 9, 2007, 127 136 Complexity Results on Graphs with Few Cliques Bill Rosgen 1 and Lorna Stewart 2 1 Institute for Quantum Computing and School
More informationOptimum Alphabetic Binary Trees T. C. Hu and J. D. Morgenthaler Department of Computer Science and Engineering, School of Engineering, University of C
Optimum Alphabetic Binary Trees T. C. Hu and J. D. Morgenthaler Department of Computer Science and Engineering, School of Engineering, University of California, San Diego CA 92093{0114, USA Abstract. We
More informationARIZONA CTE CAREER PREPARATION STANDARDS & MEASUREMENT CRITERIA SOFTWARE DEVELOPMENT,
SOFTWARE DEVELOPMENT, 15.1200.4 STANDARD 1.0 APPLY PROBLEM-SOLVING AND CRITICAL THINKING SKILLS TO INFORMATION 1.1 Describe methods of establishing priorities 1.2 Prepare a plan of work and schedule information
More informationAutonomous Garbage Collection: Resolve Memory
Autonomous Garbage Collection: Resolve Memory Leaks In Long Running Server Applications Brian Willard willabr@mail.northgrum.com Ophir Frieder ophir@csam.iit.edu Electronics and Systems Integration Division
More informationAn Approach to Software Component Specification
Page 1 of 5 An Approach to Software Component Specification Jun Han Peninsula School of Computing and Information Technology Monash University, Melbourne, Australia Abstract. Current models for software
More informationAero-engine PID parameters Optimization based on Adaptive Genetic Algorithm. Yinling Wang, Huacong Li
International Conference on Applied Science and Engineering Innovation (ASEI 215) Aero-engine PID parameters Optimization based on Adaptive Genetic Algorithm Yinling Wang, Huacong Li School of Power and
More informationAn Approach to the Generation of High-Assurance Java Card Applets
An Approach to the Generation of High-Assurance Java Card Applets Alessandro Coglio Kestrel Institute 3260 Hillview Avenue, Palo Alto, CA 94304, USA Ph. +1-650-493-6871 Fax +1-650-424-1807 http://www.kestrel.edu/
More informationCOMP4128 Programming Challenges
COMP4128 Challenges School of Computer Science and Engineering UNSW Australia 2D Table of Contents 2 2D 1 2 3 4 5 6 2D 7 Divide 3 2D Wikipedia: an algorithm design paradigm based on multi-branched recursion
More informationRaunak Rathi 1, Prof. A.V.Deorankar 2 1,2 Department of Computer Science and Engineering, Government College of Engineering Amravati
Analytical Representation on Secure Mining in Horizontally Distributed Database Raunak Rathi 1, Prof. A.V.Deorankar 2 1,2 Department of Computer Science and Engineering, Government College of Engineering
More informationSoftware Quality. Chapter What is Quality?
Chapter 1 Software Quality 1.1 What is Quality? The purpose of software quality analysis, or software quality engineering, is to produce acceptable products at acceptable cost, where cost includes calendar
More informationFormal Model. Figure 1: The target concept T is a subset of the concept S = [0, 1]. The search agent needs to search S for a point in T.
Although this paper analyzes shaping with respect to its benefits on search problems, the reader should recognize that shaping is often intimately related to reinforcement learning. The objective in reinforcement
More informationWhat do Compilers Produce?
What do Compilers Produce? Pure Machine Code Compilers may generate code for a particular machine, not assuming any operating system or library routines. This is pure code because it includes nothing beyond
More informationA reversible data hiding based on adaptive prediction technique and histogram shifting
A reversible data hiding based on adaptive prediction technique and histogram shifting Rui Liu, Rongrong Ni, Yao Zhao Institute of Information Science Beijing Jiaotong University E-mail: rrni@bjtu.edu.cn
More informationK-Means Clustering Using Localized Histogram Analysis
K-Means Clustering Using Localized Histogram Analysis Michael Bryson University of South Carolina, Department of Computer Science Columbia, SC brysonm@cse.sc.edu Abstract. The first step required for many
More informationIntroduction to Software Testing
Introduction to Software Testing Software Testing This paper provides an introduction to software testing. It serves as a tutorial for developers who are new to formal testing of software, and as a reminder
More informationA Keypoint Descriptor Inspired by Retinal Computation
A Keypoint Descriptor Inspired by Retinal Computation Bongsoo Suh, Sungjoon Choi, Han Lee Stanford University {bssuh,sungjoonchoi,hanlee}@stanford.edu Abstract. The main goal of our project is to implement
More informationSecurity Digital Certificate Manager
System i Security Digital Certificate Manager Version 6 Release 1 System i Security Digital Certificate Manager Version 6 Release 1 Note Before using this information and the product it supports, be sure
More informationBlockchain Certification Protocol (BCP)
Blockchain Certification Protocol (BCP) Fu Yong Quah fuyong@fyquah.me www.fyquah.me Abstract. A semi-decentralized certification system built above the existing 1 Bitcoin network, an innovative peer-to-peer
More informationThe Comparative Study of Machine Learning Algorithms in Text Data Classification*
The Comparative Study of Machine Learning Algorithms in Text Data Classification* Wang Xin School of Science, Beijing Information Science and Technology University Beijing, China Abstract Classification
More informationWhen Java technology burst onto the Internet scene in 1995,
MOBILE CODE SECURITY SECURE JAVA CLASS LOADING The class loading mechanism, LI GONG Sun Microsystems central to Java, plays a key role in JDK 1.2 by enabling When Java technology burst onto the Internet
More informationOperating systems and security - Overview
Operating systems and security - Overview Protection in Operating systems Protected objects Protecting memory, files User authentication, especially passwords Trusted operating systems, security kernels,
More informationOperating systems and security - Overview
Operating systems and security - Overview Protection in Operating systems Protected objects Protecting memory, files User authentication, especially passwords Trusted operating systems, security kernels,
More informationDatabase Systems: Design, Implementation, and Management Tenth Edition. Chapter 9 Database Design
Database Systems: Design, Implementation, and Management Tenth Edition Chapter 9 Database Design Objectives In this chapter, you will learn: That successful database design must reflect the information
More informationDomain Specific Search Engine for Students
Domain Specific Search Engine for Students Domain Specific Search Engine for Students Wai Yuen Tang The Department of Computer Science City University of Hong Kong, Hong Kong wytang@cs.cityu.edu.hk Lam
More informationTri-County Communications Cooperative, Inc. Broadband Internet Access Services. Network Management Practices, Performance Characteristics, and
Tri-County Communications Cooperative, Inc. Broadband Internet Access Services Network Management Practices, Performance Characteristics, and Commercial Terms and Conditions for Fixed Services Tri-County
More informationHow To Remove A Virus Manually Windows 7 Laptop Using Antivirus Program
How To Remove A Virus Manually Windows 7 Laptop Using Antivirus Program How to find out if malware--a Trojan, virus, or worm got past your anti-virus and firewall, how to remove the malicious code manually.
More informationXI International PhD Workshop OWD 2009, October Fuzzy Sets as Metasets
XI International PhD Workshop OWD 2009, 17 20 October 2009 Fuzzy Sets as Metasets Bartłomiej Starosta, Polsko-Japońska WyŜsza Szkoła Technik Komputerowych (24.01.2008, prof. Witold Kosiński, Polsko-Japońska
More informationOperating-System Structures
Operating-System Structures System Components Operating System Services System Calls System Programs System Structure System Design and Implementation System Generation 1 Common System Components Process
More informationThe New C Standard (Excerpted material)
The New C Standard (Excerpted material) An Economic and Cultural Derek M. Jones derek@knosof.co.uk Copyright 2002-2008 Derek M. Jones. All rights reserved. 1788 goto statement Constraints The identifier
More informationA New Method Of VPN Based On LSP Technology
2nd Joint International Information Technology, Mechanical and Electronic Engineering Conference (JIMEC 2017) A New Method Of VPN Based On LSP Technology HaiJun Qing 1, 2 1, 2, ChaoXiang Liang, LiPing
More informationTHE ADHERENCE OF OPEN SOURCE JAVA PROGRAMMERS TO STANDARD CODING PRACTICES
THE ADHERENCE OF OPEN SOURCE JAVA PROGRAMMERS TO STANDARD CODING PRACTICES Mahmoud O. Elish Department of Computer Science George Mason University Fairfax VA 223-44 USA melish@gmu.edu ABSTRACT The use
More informationA+ Certification Guide. Chapter 15 Troubleshooting and Maintaining Windows
A+ Certification Guide Chapter 15 Troubleshooting and Maintaining Windows Chapter 15 Objectives STOP (Blue Screen of Death) Errors: Discover what a BSOD is, typical causes, how to diagnose Boot Failures:
More informationEFFICIENT ATTRIBUTE REDUCTION ALGORITHM
EFFICIENT ATTRIBUTE REDUCTION ALGORITHM Zhongzhi Shi, Shaohui Liu, Zheng Zheng Institute Of Computing Technology,Chinese Academy of Sciences, Beijing, China Abstract: Key words: Efficiency of algorithms
More informationTeiid Designer User Guide 7.5.0
Teiid Designer User Guide 1 7.5.0 1. Introduction... 1 1.1. What is Teiid Designer?... 1 1.2. Why Use Teiid Designer?... 2 1.3. Metadata Overview... 2 1.3.1. What is Metadata... 2 1.3.2. Editing Metadata
More informationCS 8803 AIAD Prof Ling Liu. Project Proposal for Automated Classification of Spam Based on Textual Features Gopal Pai
CS 8803 AIAD Prof Ling Liu Project Proposal for Automated Classification of Spam Based on Textual Features Gopal Pai Under the supervision of Steve Webb Motivations and Objectives Spam, which was until
More informationEDAA40 At home exercises 1
EDAA40 At home exercises 1 1. Given, with as always the natural numbers starting at 1, let us define the following sets (with iff ): Give the number of elements in these sets as follows: 1. 23 2. 6 3.
More informationModule 3: Operating-System Structures
Module 3: Operating-System Structures System Components Operating-System Services System Calls System Programs System Structure Virtual Machines System Design and Implementation System Generation Operating
More informationComputer Number Systems Supplement
Computer Number Systems Supplement Dr. Ken Hoganson, All Rights Reserved. SUPPLEMENT CONTENTS S.1 Decimal System: Powers-of-the-Base 2 S.2 Converting to Binary: Division/Remainder Algorithm. 3 S.3 Binary
More informationSAFE-BioPharma RAS Privacy Policy
SAFE-BioPharma RAS Privacy Policy This statement discloses the privacy practices for the SAFE-BioPharma Association ( SAFE- BioPharma ) Registration Authority System ( RAS ) web site and describes: what
More informationEfficient and optimal block matching for motion estimation
Efficient and optimal block matching for motion estimation Stefano Mattoccia Federico Tombari Luigi Di Stefano Marco Pignoloni Department of Electronics Computer Science and Systems (DEIS) Viale Risorgimento
More informationIntrusion Prevention Method on LKM (Loadable Kernel Module) Backdoor Attack. Ji-Ho CHO, Han LEE, Jeong-Min KIM and Geuk LEE *
2016 International Conference on Applied Mathematics and Mechanics (ICAMM 2016) ISBN: 978-1-60595-399-1 Intrusion Prevention Method on LKM (Loadable Kernel Module) Backdoor Attack Ji-Ho CHO, Han LEE, Jeong-Min
More informationBioTechnology. An Indian Journal FULL PAPER. Trade Science Inc. Study on secure data storage based on cloud computing ABSTRACT KEYWORDS
[Type text] [Type text] [Type text] ISSN : 0974-7435 Volume 10 Issue 22 BioTechnology 2014 An Indian Journal FULL PAPER BTAIJ, 10(22), 2014 [13778-13783] Study on secure data storage based on cloud computing
More information1. (10 points) Draw the state diagram of the DFA that recognizes the language over Σ = {0, 1}
CSE 5 Homework 2 Due: Monday October 6, 27 Instructions Upload a single file to Gradescope for each group. should be on each page of the submission. All group members names and PIDs Your assignments in
More informationA Formalization of Transition P Systems
Fundamenta Informaticae 49 (2002) 261 272 261 IOS Press A Formalization of Transition P Systems Mario J. Pérez-Jiménez and Fernando Sancho-Caparrini Dpto. Ciencias de la Computación e Inteligencia Artificial
More informationSlides for Faculty Oxford University Press All rights reserved.
Oxford University Press 2013 Slides for Faculty Assistance Preliminaries Author: Vivek Kulkarni vivek_kulkarni@yahoo.com Outline Following topics are covered in the slides: Basic concepts, namely, symbols,
More informationHow To Install Windows Update Vista Without Cd Dell Inspiron 1525
How To Install Windows Update Vista Without Cd Dell Inspiron 1525 One can easily downgrade the resident OS on Dell Inspiron from Vista to XP in a couple of easy steps. Following this step one needs to
More informationOperating-System Structures
Operating-System Structures System Components Operating System Services System Calls System Programs System Structure Virtual Machines System Design and Implementation System Generation 3.1 Sana a University,
More information- Table of Contents -
- Table of Contents - 1 INTRODUCTION... 1 1.1 OBJECTIVES OF THIS GUIDE... 1 1.2 ORGANIZATION OF THIS GUIDE... 2 1.3 COMMON CRITERIA STANDARDS DOCUMENTS... 3 1.4 TERMS AND DEFINITIONS... 5 2 BASIC KNOWLEDGE
More informationAn Adaptive Threshold LBP Algorithm for Face Recognition
An Adaptive Threshold LBP Algorithm for Face Recognition Xiaoping Jiang 1, Chuyu Guo 1,*, Hua Zhang 1, and Chenghua Li 1 1 College of Electronics and Information Engineering, Hubei Key Laboratory of Intelligent
More informationRPS Technology Standards Grades 9 through 12 Technology Standards and Expectations
RPS Technology Standards Grades 9 through 12 Technology Standards and Expectations Throughout high school, as students take courses to prepare themselves for college and the working world, they should
More informationThis version has been archived. Find the current version at on the Current Documents page. Archived Version. Capture of Live Systems
Scientific Working Group on Digital Evidence Capture of Live Systems Disclaimer: As a condition to the use of this document and the information contained therein, the SWGDE requests notification by e-mail
More informationIBM. Security Digital Certificate Manager. IBM i 7.1
IBM IBM i Security Digital Certificate Manager 7.1 IBM IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in
More informationRelational Database: The Relational Data Model; Operations on Database Relations
Relational Database: The Relational Data Model; Operations on Database Relations Greg Plaxton Theory in Programming Practice, Spring 2005 Department of Computer Science University of Texas at Austin Overview
More informationChapter 6 Storage Management File-System Interface 11.1
Chapter 6 Storage Management File-System Interface 11.1 Chapter 6: File-System Interface File Concept Access Methods Disk and Directory Structure File-System Mounting File Sharing Protection 11.2 Objectives
More informationData Structures and Algorithms Dr. Naveen Garg Department of Computer Science and Engineering Indian Institute of Technology, Delhi.
Data Structures and Algorithms Dr. Naveen Garg Department of Computer Science and Engineering Indian Institute of Technology, Delhi Lecture 18 Tries Today we are going to be talking about another data
More informationFull file at
Import Settings: Base Settings: Brownstone Default Highest Answer Letter: D Multiple Keywords in Same Paragraph: No Chapter: Chapter 2 Multiple Choice 1. A is an example of a systems program. A) command
More informationTrain schedule diagram drawing algorithm considering interrelationship between labels
Train schedule diagram drawing algorithm considering interrelationship between labels H. Izumi', N. Tomii',2 The University of Electro-Communications, Japan. 2Railway Technical Research Institute, Japan.
More informationTutorial 1 Answers. Question 1
Tutorial 1 Answers Question 1 Complexity Software in it what is has to do, is often essentially complex. We can think of software which is accidentally complex such as a large scale e-commerce system (simple
More informationChapter 3: Operating-System Structures
Chapter 3: Operating-System Structures System Components Operating System Services System Calls System Programs System Structure Virtual Machines System Design and Implementation System Generation 3.1
More informationTopology and Topological Spaces
Topology and Topological Spaces Mathematical spaces such as vector spaces, normed vector spaces (Banach spaces), and metric spaces are generalizations of ideas that are familiar in R or in R n. For example,
More informationAn Approach to Task Attribute Assignment for Uniprocessor Systems
An Approach to ttribute Assignment for Uniprocessor Systems I. Bate and A. Burns Real-Time Systems Research Group Department of Computer Science University of York York, United Kingdom e-mail: fijb,burnsg@cs.york.ac.uk
More informationUnit 2 : Computer and Operating System Structure
Unit 2 : Computer and Operating System Structure Lesson 1 : Interrupts and I/O Structure 1.1. Learning Objectives On completion of this lesson you will know : what interrupt is the causes of occurring
More informationTimestamps and authentication protocols
Timestamps and authentication protocols Chris J. Mitchell Technical Report RHUL MA 2005 3 25 February 2005 Royal Holloway University of London Department of Mathematics Royal Holloway, University of London
More informationMetric and Identification of Spatial Objects Based on Data Fields
Proceedings of the 8th International Symposium on Spatial Accuracy Assessment in Natural Resources and Environmental Sciences Shanghai, P. R. China, June 25-27, 2008, pp. 368-375 Metric and Identification
More informationA Typed Lambda Calculus for Input Sanitation
A Typed Lambda Calculus for Input Sanitation Nathan Fulton Carthage College nfulton@carthage.edu April 11, 2013 Abstract Programmers often wish to validate or sanitize user input. One common approach to
More informationProgramming in C++ Prof. Partha Pratim Das Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Programming in C++ Prof. Partha Pratim Das Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Lecture - 43 Dynamic Binding (Polymorphism): Part III Welcome to Module
More informationTrust Services for Electronic Transactions
Trust Services for Electronic Transactions ROUMEN TRIFONOV Faculty of Computer Systems and Control Technical University of Sofia 8 st. Kliment Ohridski bul., 1000 Sofia BULGARIA r_trifonov@tu-sofia.bg
More informationThe Encoding Complexity of Network Coding
The Encoding Complexity of Network Coding Michael Langberg Alexander Sprintson Jehoshua Bruck California Institute of Technology Email mikel,spalex,bruck @caltech.edu Abstract In the multicast network
More informationJoint Entity Resolution
Joint Entity Resolution Steven Euijong Whang, Hector Garcia-Molina Computer Science Department, Stanford University 353 Serra Mall, Stanford, CA 94305, USA {swhang, hector}@cs.stanford.edu No Institute
More informationCMPSCI 250: Introduction to Computation. Lecture 20: Deterministic and Nondeterministic Finite Automata David Mix Barrington 16 April 2013
CMPSCI 250: Introduction to Computation Lecture 20: Deterministic and Nondeterministic Finite Automata David Mix Barrington 16 April 2013 Deterministic and Nondeterministic Finite Automata Deterministic
More informationIBM i Version 7.2. Security Digital Certificate Manager IBM
IBM i Version 7.2 Security Digital Certificate Manager IBM IBM i Version 7.2 Security Digital Certificate Manager IBM Note Before using this information and the product it supports, read the information
More informationEnsuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard
Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard Introduction Manage Engine Desktop Central is part of ManageEngine family that represents entire IT infrastructure
More informationNorton 360 Manual Scanning Not Working Windows 8
Norton 360 Manual Scanning Not Working Windows 8 My Norton product isn't starting or working on my computer Go through the next sections in this page and follow the instructions for the scenario that best.
More informationOutline. Proof Carrying Code. Hardware Trojan Threat. Why Compromise HDL Code?
Outline Proof Carrying Code Mohammad Tehranipoor ECE6095: Hardware Security & Trust University of Connecticut ECE Department Hardware IP Verification Hardware PCC Background Software PCC Description Software
More informationStacks, Queues & Trees. The Stack Interface. The Stack Interface. Harald Gall, Prof. Dr.
Stacks, Queues & Trees Harald Gall, Prof. Dr. Institut für Informatik Universität Zürich http://seal.ifi.uzh.ch The Stack Interface Stack Data structure holding several items. New items added to the top
More informationModule 3: Operating-System Structures. Common System Components
Module 3: Operating-System Structures System Components Operating System Services System Calls System Programs System Structure Virtual Machines System Design and Implementation System Generation 3.1 Common
More informationGetting Started Guide. This document provides step-by-step instructions for installing Max Secure Anti-Virus and its prerequisite software.
Getting Started Guide This document provides step-by-step instructions for installing Max Secure Anti-Virus and its prerequisite software. Contents 2 Contents Introduction... 3 System Requirements... 4
More informationRapid Natural Scene Text Segmentation
Rapid Natural Scene Text Segmentation Ben Newhouse, Stanford University December 10, 2009 1 Abstract A new algorithm was developed to segment text from an image by classifying images according to the gradient
More informationTaibah University College of Computer Science & Engineering Course Title: Discrete Mathematics Code: CS 103. Chapter 2. Sets
Taibah University College of Computer Science & Engineering Course Title: Discrete Mathematics Code: CS 103 Chapter 2 Sets Slides are adopted from Discrete Mathematics and It's Applications Kenneth H.
More informationOakhurst, California. Cancels 2 nd Revised Check Sheet A LIST OF EFFECTIVE SHEETS
Oakhurst, California 3 rd Revised Check Sheet A Cancels 2 nd Revised Check Sheet A LIST OF EFFECTIVE SHEETS Sheets listed below are effective as of the date shown on each sheet. Revision Number Sheet 3
More informationLocation Privacy Protection for Preventing Replay Attack under Road-Network Constraints
Location Privacy Protection for Preventing Replay Attack under Road-Network Constraints Lan Sun, Ying-jie Wu, Zhao Luo, Yi-lei Wang College of Mathematics and Computer Science Fuzhou University Fuzhou,
More informationConcepts, Technology, and Applications of Mobile Commerce
Concepts, Technology, and Applications of Mobile Commerce Robert Nickerson Professor and Chair Department of Information Systems Director, Center for Electronic Business College of Business San Francisco
More informationDesign Report for ErdosFS
Design Report for ErdosFS March 21, 2014 Harrison Hunter hhunter@mit.edu Recitation Instructor: Katrina LaCurts 1 INTRODUCTION This proposal describes the design of a new folders system for UNIX named
More informationA Mechanism for Sequential Consistency in a Distributed Objects System
A Mechanism for Sequential Consistency in a Distributed Objects System Cristian Ţăpuş, Aleksey Nogin, Jason Hickey, and Jerome White California Institute of Technology Computer Science Department MC 256-80,
More informationSongklanakarin Journal of Science and Technology SJST R1 Ghareeb SPATIAL OBJECT MODELING IN SOFT TOPOLOGY
Songklanakarin Journal of Science and Technology SJST-0-00.R Ghareeb SPATIAL OBJECT MODELING IN SOFT TOPOLOGY Journal: Songklanakarin Journal of Science and Technology Manuscript ID: SJST-0-00.R Manuscript
More informationPedigree Management and Assessment Framework (PMAF) Demonstration
Pedigree Management and Assessment Framework (PMAF) Demonstration Kenneth A. McVearry ATC-NY, Cornell Business & Technology Park, 33 Thornwood Drive, Suite 500, Ithaca, NY 14850 kmcvearry@atcorp.com Abstract.
More informationA Novel Data Mining Platform Design with Dynamic Algorithm Base
A Novel Data Mining Platform Design with Dynamic Algorithm Base HebiaoYang, Yukun Chen & Rengang Hou School of Computer Science and Telecommunications Engineering, Jiangsu University Zhenjiang, 212013,
More informationThwarting Traceback Attack on Freenet
Thwarting Traceback Attack on Freenet Guanyu Tian, Zhenhai Duan Florida State University {tian, duan}@cs.fsu.edu Todd Baumeister, Yingfei Dong University of Hawaii {baumeist, yingfei}@hawaii.edu Abstract
More informationMA651 Topology. Lecture 4. Topological spaces 2
MA651 Topology. Lecture 4. Topological spaces 2 This text is based on the following books: Linear Algebra and Analysis by Marc Zamansky Topology by James Dugundgji Fundamental concepts of topology by Peter
More informationDesign of Deterministic Finite Automata using Pattern Matching Strategy
Design of Deterministic Finite Automata using Pattern Matching Strategy V. N. V Srinivasa Rao 1, Dr. M. S. S. Sai 2 Assistant Professor, 2 Professor, Department of Computer Science and Engineering KKR
More information