We present Garm, a new tool for tracing data provenance and enforcing data access policies with arbitrary binaries. Users can use Garm to attach access policies to data and Garm ensures that all accesses to the data (and derived data) across all applications and executions are consistent with the policy. Garm uses a staged analysis that combines a static analysis with a dynamic analysis to trac...

A reservoir operation model of Mun Bon and Lam Chae reservoirs was developed to simulate reservoir operation using a hedging policy. A variety of common hedging forms was specified, including one-point hedging, two-point hedging and zone-based hedging. The simulated results were compared with the standard operating policy and probability based rule curve. The percentage of failure frequency, av...

MAC (Mandatory Access Control) has the ability to improve security of Linux operating system dramatically. However, defining and managing proper policy is not easily achieved because program dependencies are usually invisible from system administrators. This paper presents the challenges in providing automatic policy generation based on process execution history.

Graduates from the various computer fields need to have a better education in the area of computer security problems and their solutions. In particular, there appears to be little exposure to the enforcement of non-discretionary or Mandatory Access Control (MAC) policies in automated systems. One cause of this deficiency is the expense, limited availability, and limited functionality of operati...

The global system nature of energy creates challenges in developing operating system policies to effectively manage energy consumption. Our proposed currentcy model creates the framework for the operating system to manage energy as a first-class resource. Furthermore, currentcy provides a powerful mechanism to formulate unified energy management policies across diverse competing applications an...

In a dynamically changing real-time environment, it is not possible to make scheduling decisions offline. A Real-Time Operating System (RTOS) with a single fixed scheduler cannot satisfy the demands of multiple complex multi-threaded applications. These applications are best scheduled using an application specific scheduler. Thus, for multiple such applications, multiple schedulers need to co-e...

The techniques of kernel-level system call interception are well known today for many different operating systems. This work starts with transferring these technique to the Windows CE type of operating systems. Afterwards, two current problems are solved. The first solution uses the technique for dynamic malware analysis with a sandbox approach, extending previous solutions in terms of effectiv...

A framework for the speciication of security policies is proposed. It can used to formally specify conndentiality and integrity policies, the latter can be given in terms of Clark-Wilson style access triples. The framework extends the Clark-Wilson model in that it can be used to specify dynamic segregation of duty. For application systems where security is critical, a mul-tilevel security based...