Adrian Coleșa

Universitatea Tehnica Cluj-Napoca | UT Cluj · Department of Computer Science

Malware growth was exponential in the last years, therefore it is a tedious work to manually analyze them in order to observe when a new strain appears. In this article we present a dynamic analysis system which clusters suspicious executable files in different malware families, based on the behavioral similarities their running processes exhibit t...

Forensic analysis of volatile memory is a crucial part in the Incident Response process. Traditionally, it requires acquiring and transferring a memory dump from the affected workstation over to the analyst’s system, where it is analyzed using established forensic tools such as Volatility or Rekall. Hardware-based virtualization support of modern x...

We propose a probabilistic symmetric encryption method that heavily relies on true-random numbers, both to XOR the plaintext with a random block of at least equal length (just like OTP) and to disperse resulting data at bit-level into even more randomness. Our method has several highly needed security properties. It has resistance against both CPA2...

Users need to run their security-sensitive applications in a trusted environment. The trustworthy characteristics of such environments are built by imposing restrictions on the user applications' interface and functionality. We propose a method to let the users benefit from both an improved usage experience and a trusted environment. Our method app...

We propose a method to provide the users a trusted secure environment to run their security-sensitive applications within. Our solution runs user applications in different virtual machines (VMs): securitysensitive applications in a trusted green VM, while the others in an untrusted red VM. We isolate the two VMs using hardware virtualization mechan...

Hypervisor based memory introspection can greatly enhance the security and trustworthiness of endpoints. The memory introspection logic requires numerous memory address space translations. Those in turn, inevitably, impose a considerable performance penalty. We identified that a significant part of the overall overhead induced by introspection is g...

We propose a method to protect user-processes against malicious software attacks running an introspection and protection tool (U-HIPE) inside a hypervisor. Our solution is based on hardware virtualization support, imposing “no-write” and/or “no-execution” restrictions on different guest virtual machine’s (VM) memory pages. Protected components incl...

We propose a method to rapidly launch new virtual machines (VM), starting from a prepared copy-on-write (COW) snapshot image. W e use RAM-disks instead of stored ones and apply the COW technique on them, also. A VM can extend its RAM-disk on non-volatile storage area when it grows over an established threshold, just to avoid overloading the RAM. Ou...

We have often seen how malware families evolve over time: the malware authors add new features, change the order of functions, modify some strings or add random useless code. They do all that to evade detection. In a similar way, computer science students that copy homework will change variable and function names, rephrase comments or even replace...

The number of malicious applications that appear everyday has reached beyond any manual analysis. In the attempt to spread beyond personal computers, malware authors use new platforms like Android, iOS and .NET. The later has the advantage of being present on both desktop computers running Windows Vista or later and also on Windows Phone devices. P...

One approach to provide high availability for services is to encapsulate the service in a virtual machine and replicate, in checkpoints, the entire machine. The replication protocol can overload the network link between the replicas, fact that will increase the latencies experienced by the clients of the service. We implemented a context-aware repl...

Since the amount of files stored in a personal computer is continuously growing, there is a need to efficiently organize them. This paper proposes a metric that evaluates the ability of a file system to assist the user in organizing his files. This metric does not apply to specific file systems, but rather to file system paradigms. A relational fil...

The need for efficient organization of files grows with the computer storage capabilities. However, a classical hierarchical file system offers little help in this matter, excepting maybe the case of links and shortcuts. OrcFS proposes a solution to this problem. By redefining several file system concepts, it allows the user to set custom metadata,...

This paper presents an adaptive algorithm for the replication process of a primary virtual machine (VM) hosting a service that must be provided high-availability. Running the service in a VM and replicating the entire VM is a general strategy, totally transparent for the service itself and its clients. The replication takes place in phases, which a...

Fault-tolerance of services has received great attention for years, yet it is not clear how this can be done efficiently for different types of services. Current research focuses on finding strategies to provide fault-tolerance using commodity hardware and as independent of the service and transparent to clients as possible. We propose a replicatio...

The need for efficient organization of files grows with the computer storage capabilities. However, a classical hierarchical file system offers little help in this matter, excepting maybe the case of links and shortcuts. OrcFS proposes a solution to this problem. By redefining several file system concepts, it allows the user to set custom metadata,...

Services' high-availability has received great attention for years, yet it is not clear how this can achieved efficiently for different types of services. Current research focuses on finding strategies to provide high-availability using commodity hardware and as independent of the service and transparent to the clients as possible. This paper inves...

The paper presents a new software strategy for generating true random numbers, by creating several threads and letting them compete unsynchronized for a shared variable, whose value is read-modified-updated by each thread repeatedly. The generated sequence of random numbers consists of the final values of the shared variable. Our strategy is based...

This paper presents a strategy to develop an infrastructure for reliable distribution of data in Grids. We used the data replication services of Globus Toolkit 4.0, but extended their functionality in order to improve the reliability of the overall data distribution in different failure scenarios. Our solution makes the data distribution process au...

The idea behind solving complex computational problems is devising the work in several subproblems which can be executed in parallel. This implies the existence of multiple resources and good techniques. Accessing multiple resources is no longer a problem nowadays - with the existence of performant computer networks. So the question remains how to...

Most operating system kernels support functionality extension at runtime, but when it comes to upgrade or update the functionality of a component or module, it must be removed from the kernel before loading the new version of that component. To unload a component, all applications and other kernel components that are using it must be stopped to avo...

Research has been done to enhance traditional file systems with database-like capabilities. Existing solutions store additional meta-data, describing files' contents and interrelationships, but provide access to the new file system's capabilities only through a specialized interface. Most of them don't support user-defined relationships among files...

High data availability is an important requirement for any data provider system. Replication is the main approach used to improve data availability, which is an inherent method for any distributed infrastructure including grids. The Globus toolkit provides specialized tools and services for data replication in grid, though it is not so simple to kn...