Friday, October 31, 2008
Exercise sheets
I have posted the fourth set of exercises for you, and selected solutions to exercises from this week's exercise sheet.
Seminar on Tuesday, 4 November
The first hour of the exercise session on Tuesday, 4 November, will be devoted to a seminar by Arnar Birgisson (School of Computer Science, Reykjavík University, Iceland). You are all strongly encouraged to attend the talk!
Title: Enforcing Authorization Policies using Transactional Memory Introspection
Abstract:
Correct enforcement of authorization policies is a difficult task, especially for multi-threaded software. Even in carefully-reviewed code, unauthorized access may be possible in subtle corner cases. We introduce Transactional Memory Introspection (TMI), a novel reference monitor architecture that builds on Software Transactional Memory—a new, attractive alternative for writing correct, multi-threaded software.
TMI facilitates correct security enforcement by simplifying how the reference monitor integrates with software functionality. TMI can ensure complete mediation of security-relevant operations, eliminate race conditions related to security checks, and simplify handling of authorization failures. We present the design and implementation of a TMI-based reference monitor and experiment with its use in enforcing authorization policies on four significant servers. Our experiments confirm the benefits of the TMI architecture and show that it imposes an acceptable runtime overhead.
The work has just been presented at the 15th ACM Computer and Communications Security Conference (CCS 2008), 28-31 October, Alexandria, VA, USA.
Title: Enforcing Authorization Policies using Transactional Memory Introspection
Abstract:
Correct enforcement of authorization policies is a difficult task, especially for multi-threaded software. Even in carefully-reviewed code, unauthorized access may be possible in subtle corner cases. We introduce Transactional Memory Introspection (TMI), a novel reference monitor architecture that builds on Software Transactional Memory—a new, attractive alternative for writing correct, multi-threaded software.
TMI facilitates correct security enforcement by simplifying how the reference monitor integrates with software functionality. TMI can ensure complete mediation of security-relevant operations, eliminate race conditions related to security checks, and simplify handling of authorization failures. We present the design and implementation of a TMI-based reference monitor and experiment with its use in enforcing authorization policies on four significant servers. Our experiments confirm the benefits of the TMI architecture and show that it imposes an acceptable runtime overhead.
The work has just been presented at the 15th ACM Computer and Communications Security Conference (CCS 2008), 28-31 October, Alexandria, VA, USA.
Wednesday, October 29, 2008
First Exercise Solution from Group 8
The proposed solution is here. The author and I look forward to your comments.
Miniproject for the Course
I have posted the miniproject. I strongly encourage you to start working on the project as soon as possible, even though the deadline for the delivery of your work is on Friday, 14 November.
Keep up the good work!
Keep up the good work!
Monday, October 27, 2008
Solution from Group 2
The solution from group 2 is now available here. Group 4 is expected to post their comments on this solution on the blog by Wednesday, 29 October, at 12:00 CET. Other groups are, of course, welcome to provide feedback and suggestions for improving the solution.
Sunday, October 26, 2008
Commenting on the Solutions
Based on the solutions I have received so far, I expect the following groups to comment on each other's exercise solutions:
Post your comments on the blog by Wednesday, 29 October, at 12:00 CET. Other groups are, of course, welcome to provide feedback and suggestions for improving the solutions.
Post your comments on the blog by Wednesday, 29 October, at 12:00 CET. Other groups are, of course, welcome to provide feedback and suggestions for improving the solutions.
Thursday, October 23, 2008
Posting of Exercise Solutions
The easiest way for you to post your solutions to the exercises is to send me the source and pdf files via email. I will then take care of making the solutions available from the web.
Keep up the good work!
Keep up the good work!
Subscribe to:
Posts (Atom)