搜索结果：Boot

A computer is nothing but a device that processes the instructions supplied to it. However, as computers evolved, the instructions or codes started to be more complicated. As computers started to be used by non-technical people, it became imperative that the users be able to use the machine without having underlying knowledge of the code or the hardware. And operating system became the backbone for translating the inputs from the user to actual operation on the hardware. With the increasing complexity and the choices of operating system, it became clear that different groups of people, especially in an enterprise scenario, required different operating systems. Installing them all on a single machine, for shared computers became a difficult task, giving rise to network-based booting. But network-based booting was confined to only wired connectivity, keeping it restricted to very small geographical areas. The proposed system, /dev/SDB, is aimed at creating a standard where any user, anyone on the globe, can access the operating system authorized to them without having to be on the corporate network. It aims to offer the same over Wi-Fi as well as cellular connectivity, ensuring emplo

Hardware supply-chain attacks are raising significant security threats to the boot process of multiprocessor systems. This paper identifies a new, prevalent hardware supply-chain attack surface that can bypass multiprocessor secure boot due to the absence of processor-authentication mechanisms. To defend against such attacks, we present PA-Boot, the first formally verified processor-authentication protocol for secure boot in multiprocessor systems. PA-Boot is proved functionally correct and is guaranteed to detect multiple adversarial behaviors, e.g., processor replacements, man-in-the-middle attacks, and tampering with certificates. The fine-grained formalization of PA-Boot and its fully mechanized security proofs are carried out in the Isabelle/HOL theorem prover with 306 lemmas/theorems and ~7,100 LoC. Experiments on a proof-of-concept implementation indicate that PA-Boot can effectively identify boot-process attacks with a considerably minor overhead and thereby improve the security of multiprocessor systems.

Background: We present q2-boots, a QIIME 2 plugin that facilitates bootstrapped and rarefaction-based microbiome diversity analysis. This plugin provides eight new actions that allow users to apply any of thirty different alpha diversity metrics and twenty-two beta diversity metrics to bootstrapped or rarefied feature tables, using a single QIIME 2 Pipeline command, or more granular QIIME 2 Action commands. Results: Given a feature table, an even sampling depth, and the number of iterations to perform (n), the command qiime boots core-metrics will resample the feature table n times and compute alpha and beta diversity metrics on each resampled table. The results will be integrated in summary data artifacts that are identical in structure and type to results that would be generated by applying diversity metrics to a single table. This enables all of the same downstream analytic tools to be applied to these tables, and ensures that all collected data is considered when computing microbiome diversity metrics. Conclusions: A challenge of this work was deciding how to integrate distance matrices that were computed on n resampled feature tables, as a simple average of pairwise distances

The universities of Baden-Württemberg are using stateless system remote boot for services such as computer labs and data centers. It involves loading a host system over the network and allowing users to start various virtual machines. The filesystem is provided over a distributed network block device (dnbd3) mounted read-only. The process raises security concerns due to potentially untrusted networks. The aim of this work is to establish trust within this network, focusing on server-client identity, confidentiality and image authenticity. Using Secure Boot and iPXE signing, the integrity can be guaranteed for the complete boot process. The necessary effort to implement it is mainly one time at the set-up of the server, while the changes necessary once to the client could be done over the network. Afterwards, no significant delay was measured in the boot process for the main technologies, while the technique of integrating the kernel with other files resulted in a small delay measured. TPM can be used to ensure the client's identity and confidentiality. Provisioning TPM is a bigger challenge because as a trade-off has to be made between the inconvenience of using a secure medium and

U-Boot is a notorious bootloader and Open Source project. This work had as objective adding support for the SquashFS filesystem to U-Boot and the support developed was submitted as a contribution to the project. The bootloader is responsible, in this context, for loading the kernel and the device tree blob into RAM. It needs to be capable of reading a storage device's partition formatted with a specific filesystem type. Adding this support allows U-Boot to read from SquashFS partitions. The source code was submitted to U-Boot's mailing list through a series of patches to be reviewed by one of the project's maintainer. Once it gets merged, the support will be used and modified by U-Boot's international community.

We investigate a wide range of possible evolutionary histories for the recently discovered Bootes dwarf spheroidal galaxy, a Milky Way satellite. By means of N-body simulations we follow the evolution of possible progenitor galaxies of Bootes for a variety of orbits in the gravitational potential of the Milky Way. The progenitors considered cover the range from dark-matter-free star clusters to massive, dark-matter dominated outcomes of cosmological simulations. For each type of progenitor and orbit we compare the observable properties of the remnant after 10 Gyr with those of Bootes observed today. Our study suggests that the progenitor of Bootes must have been, and remains now, dark matter dominated. In general our models are unable to reproduce the observed high velocity dispersion in Bootes without dark matter. Our models do not support time-dependent tidal effects as a mechanism able to inflate significantly the internal velocity dispersion. As none of our initially spherical models is able to reproduce the elongation of Bootes, our results suggest that the progenitor of Bootes may have had some intrinsic flattening. Although the focus of the present paper is the Bootes dwarf

Recent increases in endpoint-based security events and threats compelled enterprise operations to switch to virtual desktop infrastructure and web-based applications. In addition to reducing potential hazards, this has guaranteed a consistent desktop environment for every user. On the other hand, the attack surface is greatly increased because all endpoints are connected to the company network, which could harbor malware and other advanced persistent threats. This results in a considerable loss of system resources on each individual endpoint. Hence our work proposes a standard called Colaboot that enables machines throughout a company to boot from a single operating system in order to address these problems and guarantee a consistent operating system environment that could be easily updated to the most recent security patches across all work stations.

Boot firmware, like UEFI-compliant firmware, has been the target of numerous attacks, giving the attacker control over the entire system while being undetected. The measured boot mechanism of a computer platform ensures its integrity by using cryptographic measurements to detect such attacks. This is typically performed by relying on a Trusted Platform Module (TPM). Recent work, however, shows that vendors do not respect the specifications that have been devised to ensure the integrity of the firmware's loading process. As a result, attackers may bypass such measurement mechanisms and successfully load a modified firmware image while remaining unnoticed. In this paper we introduce BootKeeper, a static analysis approach verifying a set of key security properties on boot firmware images before deployment, to ensure the integrity of the measured boot process. We evaluate BootKeeper against several attacks on common boot firmware implementations and demonstrate its applicability.

Unconventional computing platforms have spread widely and rapidly following smart phones and tablets: consumer electronics such as smart TVs and digital cameras. For such devices, fast booting is a critical requirement; waiting tens of seconds for a TV or a camera to boot up is not acceptable, unlike a PC or smart phone. Moreover, the software platforms of these devices have become as rich as conventional computing devices to provide comparable services. As a result, the booting procedure to start every required OS service, hardware component, and application, the quantity of which is ever increasing, may take unbearable time for most consumers. To accelerate booting, this paper introduces \textit{Booting Booster} (BB), which is used in all 2015 Samsung Smart TV models, and which runs the Linux-based Tizen OS. BB addresses the init scheme of Linux, which launches initial user-space OS services and applications and manages the life cycles of all user processes, by identifying and isolating booting-critical tasks, deferring non-critical tasks, and enabling execution of more tasks in parallel. BB has been successfully deployed in Samsung Smart TV 2015 models achieving a cold boot in 3

Neutral hydrogen observations towards the Bootes dwarf spheroidal galaxy, a very low luminosity metal-poor Galactic satellite, were obtained using the Parkes Radio Telescope. We do not detect any HI in or around Bootes to a 3sigma upper limit of 180 Msun within the optical half light radius and 8000 Msun within 1.6 kpc. Its HI mass-to-light ratio is less than 0.002 Msun/Lsun, making Bootes one of the most gas-poor galaxies known. Either reionisation severely inhibited gas infall onto the proto-Bootes, or large amounts of gas have been removed by ram pressure and/or tidal stripping. Since Bootes lies on the mass-metallicity fundamental line, this relation and the inefficiency of star formation at the faintest end of the galaxy luminosity function must be partly driven, or at least not disrupted, by extreme gas loss in such low luminosity galaxies. We also do not detect any HI associated with the leading tidal tail of the Sagittarius dSph galaxy, which fortuitously passes through the observed field, to a 3sigma column density limit of 2 x 10^17 cm^-2. This suggests that either the leading gaseous tail is ionised, or the gas in the trailing tail was removed before the current tidal di

We demonstrate attacks on the boot ROMs of the Nintendo 3DS in order to exfiltrate secret information from normally protected areas of memory and gain persistent early code execution on devices which have not previously been compromised. The attack utilizes flaws in the RSA signature verification implementation of one of the boot ROMs in order to overflow ASN.1 length fields and cause invalid firmware images to appear valid to the signature parser. This is then used to load a custom firmware image which overwrites the data-abort vector with a custom data abort handler, then induces a data-abort exception in order to reliably redirect boot ROM code flow at boot time. This executes a payload which, due to its reliable early execution by a privileged processor, is able to function as a persistent exploit of the system in order to exfiltrate secret information (such as encryption keys) from normally protected areas of memory.

Verified boot is an interesting feature of Chromium OS that supposedly can detect any modification in the root file system (rootfs) by a dedicated adversary. However, by exploiting a design flaw in verified boot, we show that an adversary can replace the original rootfs by a malicious rootfs containing exploits such as a spyware or keylogger and still pass the verified boot process. The exploit is based on the fact that a dedicated adversary can replace the rootfs and the corresponding verification information in the bootloader. We experimentally demonstrate an attack using both the base and developer version of Chromium OS in which the adversary installs a spyware in the target system to send cached user data to the attacker machine in plain text which are otherwise encrypted, and thus inaccessible. We also demonstrate techniques to mitigate this vulnerability.

In modern embedded systems, the trust in comprehensive security standards all along the product life cycle has become an increasingly important access-to-market requirement. However, these security standards rely on mandatory immunity assumptions such as the integrity and authenticity of an initial system configuration typically loaded from Non-Volatile Memory (NVM). This applies especially to FPGA-based Programmable System-on-Chip (PSoC) architectures, since object codes as well as configuration data easily exceed the capacity of a secure bootROM. In this context, an attacker could try to alter the content of the NVM device in order to manipulate the system. The PSoC therefore relies on the integrity of the NVM particularly at boot-time. In this paper, we propose a methodology for securely booting from an NVM in a potentially unsecure environment by exploiting the reconfigurable logic of the FPGA. Here, the FPGA serves as a secure anchor point by performing required integrity and authenticity verifications prior to the configuration and execution of any user application loaded from the NVM on the PSoC. The proposed secure boot process is based on the following assumptions and step

We present the results of a low-resolution spectral abundance study of 25 stars in the Bootes I dwarf spheroidal (dSph) galaxy. The data were obtained with the LRIS instrument at Keck Observatory, and allow us to measure [Fe/H], [C/Fe], and [alpha/Fe] for each star. We find both a large spread in metallicity (2.1 dex in [Fe/H]) as well as the low average metallicity in this system, <[Fe/H]>=-2.59, matching previous estimates. This sample includes a newly discovered extremely metal-poor star, with [Fe/H]=-3.8, that is one of the most metal-poor stars yet found in a dSph. We compare the metallicity distribution function of Bootes I to analytic chemical evolution models. While the metallicity distribution function of Bootes I is best fit by an Extra Gas chemical evolution model, leaky-box models also provide reasonable fits. We also find that the [alpha/Fe] distribution and the carbon-enhanced metal-poor fraction of our sample (12%) are reasonable matches to Galactic halo star samples in the same metallicity range, indicating that at these low metallicities, systems like the Bootes I ultra-faint dSph could have been contributors to the Galactic halo.

This paper presents a general strategy to recover a block cipher secret key in the cold boot attack setting. More precisely, we propose a key-recovery method that combines key enumeration algorithms and Grover's quantum algorithm to recover a block cipher secret key after an attacker has procured a noisy version of it via a cold boot attack. We also show how to implement the quantum component of our algorithm for several block ciphers such as AES, PRESENT and GIFT, and LowMC. Additionally, since evaluating the third-round post-quantum candidates of the National Institute of Standards and Technology (NIST) post-quantum standardization process against different attack vectors is of great importance for their overall assessment, we show the feasibility of performing our hybrid attack on Picnic, a post-quantum signature algorithm being an alternate candidate in the NIST post-quantum standardization competition. According to our results, our method may recover the Picnic private key for all Picnic parameter sets, tolerating up to $40\%$ of noise for some of the parameter sets. Furthermore, we provide a detailed analysis of our method by giving the cost of its resources, its running time

Recent technological advancements have proliferated the use of small embedded devices for collecting, processing, and transferring the security-critical information. The Internet of Things (IoT) has enabled remote access and control of these network-connected devices. Consequently, an attacker can exploit security vulnerabilities and compromise these devices. In this context, the secure boot becomes a useful security mechanism to verify the integrity and authenticity of the software state of the devices. However, the current secure boot schemes focus on detecting the presence of potential malware on the device but not on disinfecting and restoring the soft-ware to a benign state. This manuscript presents CARE- the first secure boot framework that provides detection, resilience, and onboard recovery mechanism for the com-promised devices. The framework uses a prototype hybrid CARE: Code Authentication and Resilience Engine to verify the software state and restore it to a benign state. It uses Physical Memory Protection (PMP) and other security enchaining techniques of RISC-V processor to pro-vide resilience from modern attacks. The state-of-the-art comparison and performance analysi

We present a catalog of 15 RR Lyrae variable stars in the recently discovered Bootes galaxy -- the most metal-poor simple stellar population with measured RR Lyrae stars. The pulsational properties of the RR Lyrae conform closely to period-abundance trends extrapolated from more metal-rich populations and we estimate the distance of Bootes to be (m-M)_0=18.96+-0.12. The average period (0.69 days), the ratio of type c to type ab pulsators (0.53) and the RRab period shift (-0.07) indicate an Oosterhoff II classification for Bootes, a marked contrast to the other dSph galaxies, which are Oosterhoff intermediate. This supports the contention that the Oosterhoff dichotomy is a continuum -- that RR Lyrae properties, to first order, vary smoothly with abundance. The dSph galaxies are not distinct from the Galactic globular clusters, but bridge the Oosterhoff gap. The absence of any anomalous Cepheids in Bootes could indicate the lack of an intermediate age population.

Ultrafast fiber lasers play important roles in many aspects of our life for their various applications in fields ranging from fundamental sciences to industrial purposes. Passive mode-locking technique is a key step to realize the ultrafast soliton fiber lasers. However, the booting dynamics of the soliton fiber lasers have not yet been well understood. Herein, we reveal the soliton buildup dynamics of ultrafast fiber lasers operating both in anomalous and net-normal dispersion regimes. Based on the advanced experimental methodologies of spatio-temporal reconstruction and dispersive Fourier transform (DFT), the soliton booting dynamics are analyzed in the time and spectral domains. It was found that the booting dynamics of conventional and dissipative solitons operating in the anomalous and net-normal dispersion regimes, respectively, are different from each other due to the different pulse shaping mechanisms. In particular, the spectral interference pattern with strong relaxation oscillation behavior was observed near the mode-locking transition for conventional soliton, while no relaxation oscillation of spectral pattern was obtained for dissipative soliton. We firstly revealed t

We discuss the results of a VLA HI survey of the Bootes void and compare the distribution and HI properties of the void galaxies to those of galaxies found in a survey of regions of mean cosmic density. The Bootes survey covers 1100 Mpc$^{3}$, or $\sim$ 1\% of the volume of the void and consists of 24 cubes of typically 2 Mpc * 2 Mpc * 1280 km/s, centered on optically known galaxies. Sixteen targets were detected in HI; 18 previously uncataloged objects were discovered directly in HI. The control sample consists of 12 cubes centered on IRAS selected galaxies with FIR luminosities similar to those of the Bootes targets and located in regions of 1 to 2 times the cosmic mean density. In addition to the 12 targets 29 companions were detected in HI. We find that the number of galaxies within 1 Mpc of the targets is the same to within a factor of two for void and control samples, and thus that the small scale clustering of galaxies is the same in regions that differ by a factor of $\sim$ 6 in density on larger scales. A dynamical analysis of the galaxies in the void suggests that on scales of a few Mpc the galaxies are gravitationally bound, forming interacting galaxy pairs, loose pairs