Commodity OS kernels have broad attack surfaces due to the large code base and the numerous features such as device drivers. For a real-world use case (e.g., an Apache Server), many kernel services are unused and only a small amount of kernel code is used. Within the used code, a certain part is invoked only at runtime while the rest are executed at startup and/or shutdown phases in the kernel's lifetime run. In this paper, we propose a reliable and practical system, named KASR, which transparently reduces attack surfaces of commodity OS kernels at runtime without requiring their source code. The KASR system, residing in a trusted hypervisor, achieves the attack surface reduction through a two-step approach: (1) reliably depriving unused code of executable permissions, and (2) transparently segmenting used code and selectively activating them. We implement a prototype of KASR on Xen-4.8.2 hypervisor and evaluate its security effectiveness on Linux kernel-4.4.0-87-generic. Our evaluation shows that KASR reduces the kernel attack surface by 64% and trims off 40% of CVE vulnerabilities. Besides, KASR successfully detects and blocks all 6 real-world kernel rootkits. We measure its performance overhead with three benchmark tools (i.e., SPECINT, httperf and bonnie++). The experimental results indicate that KASR imposes less than 1% performance overhead (compared to an unmodified Xen hypervisor) on all the benchmarks.
Summary
The present paper describes a new optimal design for an autonomous renewable energy‐based CHP system for a remote area in Zhidoi county, China. The configuration contains different parts of the electric heater (EH), photovoltaic‐thermal (PV/T), wind turbines (WTs), thermal energy storage (TES), and electrical energy storage (EES). The total annual cost (TAC) is utilized as a cost function of the system configuration and the idea is to minimize this function to access an optimal configuration. Due to the complicated nonlinear nature of this system, a metaheuristic‐based method, called Improved Marine Predators Algorithm (IMPA) has been introduced and designed. The reason for using this new algorithm is to cover the main drawbacks of most metaheuristics like better accuracy and higher convergence speed. To show the capability of the designed IMPA, it is validated by some different new metaheuristics from the literature. Afterward, the algorithm is used for system configuration optimization. Some sensitivity analysis is also investigated to shoe the method capability and the final results confirm the high ability of the proposed method for providing an optimal renewable energy‐based CHP system. The final results show a $56 307.74 value of TAC. The total efficiency of the system for the winter and the summers are 66% and 61%, respectively and the minimum total annual cost happens at AD = 0.8983. Finally, the minimum value of the total annual cost is achieved by the proposed method with 922.4 kWh.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.