Update on Overleaf.

This commit is contained in:
jsh77 2022-05-27 09:42:43 +00:00 committed by node
parent 0ea5063cca
commit b792054325

View File

@ -40,7 +40,7 @@
% Select which version this is:
% For the (anonymous) submission (without your name or acknowledgements)
% uncomment the following line (or let the makefile do this for you)
%\submissiontrue
\submissiontrue
% For the final version (with your name) leave the above commented.
\begin{document}
@ -171,20 +171,13 @@ All trademarks used in this dissertation are hereby acknowledged.
\chapter*{Abstract}
% Begun in 1988, the human genome project intends to map the 23 chromosomes that provide the blueprint for the human species. The project has both scientific and ethical goals. The scientific goals underscore the advantages of the genome project, including identifying and curing diseases and enabling people to select the traits of their offspring, among other opportunities. Ethically, however, the project raises serious questions about the morality of genetic engineering. To handle both the medical opportunities and ethical dilemmas posed by the genome project, scientists need to develop a clear set of principles for genetic engineering and to continue educating the public about the genome project.
% 25% of their space on the purpose and importance of the research (Introduction)
% 25% of their space on what you did (Methods)
% 35% of their space on what you found (Results)
% 15% of their space on the implications of the research
Void processes intend to make it easier for all developers to produce effectively privilege separated applications. The project has two primary goals: show the merits of starting from zero privilege, and provide the utilities to make this feasible for the average developer.
Building void processes involves first reliably removing all privilege from a process then systematically adding back in what is required, and no more. This project utilises namespaces on Linux to revoke privilege from an application, showing how this can be done and why its easier in some domains than others. We then show how to inject sufficient privilege for applications to perform useful work, developing new APIs that are friendly for privilege separation. These elements compose a shim called the void orchestrator, a framework for restricting Linux processes.
Two example applications are presented to demonstrate the utility of a shim helping with privilege separation. The startup performance is negatively affected by the design of the kernel, and future work is proposed to aid this. After the delay in startup, applications developed within this framework are shown to be highly performant.
Computer Scientists need better tools handle the continuing prevalence of vulnerabilities in computer software. Starting from nothing is a new approach to privilege separation on Linux that has noticeable benefits. Linux should focus on reducing namespace creation latency however they can, and beginning from nothing is a good way to achieve that.
Computer Scientists need better tools to handle the continuing prevalence of vulnerabilities in computer software. Starting from nothing is a new approach to privilege separation on Linux that has noticeable benefits. Linux should focus on reducing namespace creation latency however they can, and beginning from nothing is a good way to achieve that.
\cleardoublepage % preserve page numbers after missing acknowledgements