Zobrazeno 1 - 10
of 96
pro vyhledávání: '"Pasquier, Thomas"'
The eBPF framework enables execution of user-provided code in the Linux kernel. In the last few years, a large ecosystem of cloud services has leveraged eBPF to enhance container security, system observability, and network management. Meanwhile, ince
Externí odkaz:
http://arxiv.org/abs/2409.07508
Autor:
Lim, Soo Yee, Agrawal, Sidhartha, Han, Xueyuan, Eyers, David, O'Keeffe, Dan, Pasquier, Thomas
Monolithic operating systems, where all kernel functionality resides in a single, shared address space, are the foundation of most mainstream computer systems. However, a single flaw, even in a non-essential part of the kernel (e.g., device drivers),
Externí odkaz:
http://arxiv.org/abs/2404.08716
Autor:
Cheng, Zijun, Lv, Qiujian, Liang, Jinyuan, Wang, Yan, Sun, Degang, Pasquier, Thomas, Han, Xueyuan
Provenance graphs are structured audit logs that describe the history of a system's execution. Recent studies have explored a variety of techniques to analyze provenance graphs for automated host intrusion detection, focusing particularly on advanced
Externí odkaz:
http://arxiv.org/abs/2308.05034
For safety reasons, unprivileged users today have only limited ways to customize the kernel through the extended Berkeley Packet Filter (eBPF). This is unfortunate, especially since the eBPF framework itself has seen an increase in scope over the yea
Externí odkaz:
http://arxiv.org/abs/2308.01983
Autor:
Pope, James, Liang, Jinyuan, Kumar, Vijay, Raimondo, Francesco, Sun, Xinyi, McConville, Ryan, Pasquier, Thomas, Piechocki, Rob, Oikonomou, George, Luo, Bo, Howarth, Dan, Mavromatis, Ioannis, Mompo, Adrian Sanchez, Carnelli, Pietro, Spyridopoulos, Theodoros, Khan, Aftab
Security research has concentrated on converting operating system audit logs into suitable graphs, such as provenance graphs, for analysis. However, provenance graphs can grow very large requiring significant computational resources beyond what is ne
Externí odkaz:
http://arxiv.org/abs/2212.08525
Despite the wide usage of container-based cloud computing, container auditing for security analysis relies mostly on built-in host audit systems, which often lack the ability to capture high-fidelity container logs. State-of-the-art reference-monitor
Externí odkaz:
http://arxiv.org/abs/2111.02481
This article presents a study on the quality and execution of research code from publicly-available replication datasets at the Harvard Dataverse repository. Research code is typically created by a group of scientists and published together with acad
Externí odkaz:
http://arxiv.org/abs/2103.12793
Autor:
Han, Xueyuan, Yu, Xiao, Pasquier, Thomas, Li, Ding, Rhee, Junghwan, Mickens, James, Seltzer, Margo, Chen, Haifeng
Many users implicitly assume that software can only be exploited after it is installed. However, recent supply-chain attacks demonstrate that application integrity must be ensured during installation itself. We introduce SIGL, a new tool for detectin
Externí odkaz:
http://arxiv.org/abs/2008.11533
Host-based anomaly detectors generate alarms by inspecting audit logs for suspicious behavior. Unfortunately, evaluating these anomaly detectors is hard. There are few high-quality, publicly-available audit logs, and there are no pre-existing framewo
Externí odkaz:
http://arxiv.org/abs/2005.04717
Distributed analytics engines such as Spark are a common choice for processing extremely large datasets. However, finding good configurations for these systems remains challenging, with each workload potentially requiring a different setup to run opt
Externí odkaz:
http://arxiv.org/abs/2001.08002