Superuser

Abstract: We describe a "cheat" attack, allowing an ordinary process to hijack any desirable percentage of the CPU cycles without requiring superuser/administrator privileges. Moreover, the nature of the attack is such that, at least in some systems, listing the active processes will erroneously show the cheating process as not using any CPU resources: the "missing" cycles would either be attributed to some other process or not be reported at all (if the machine is otherwise idle). Thus, certain malicious operations generally believed to have required overcoming the hardships of obtaining root access and installing a rootkit, can actually be launched by non-privileged users in a straightforward manner, there by making the job of a malicious adversary that much easier. We show that most major general-purpose operating systems are vulnerable to the cheat attack, due to a combination of how they account for CPU usage and how they use this information to prioritize competing processes. Furthermore, recent scheduler changes attempting to better support interactive workloads increase the vulnerability to the attack, and naive steps taken by certain systems to reduce the danger are easily circumvented. We show that the attack can nevertheless be defeated, and we demonstreate this by implementing a patch for Linux that eliminates the problem with negligible overhead.

Abstract: Fear of the powerful computer user, "the Superuser," dominates debates about online conflict. This mythic figure is difficult to find, immune to technological constraints, and aware of legal loopholes. Policymakers, fearful of his power, too often overreact, passing overbroad, ambiguous laws intended to ensnare the Superuser, but which are used instead against inculpable, ordinary users. This response is unwarranted because the Superuser is often a marginal figure whose power has been greatly exaggerated. The exaggerated attention to the Superuser reveals a pathological characteristic of the study of power, crime, and security online, which springs from a widely-held fear of the Internet. Building on the social science fear literature, this Article challenges the conventional wisdom and standard assumptions about the role of experts. Unlike dispassionate experts in other fields, computer experts are as susceptible as lay-people to exaggerate the power of the Superuser, in part because they have misapplied Larry Lessig's ideas about code. The experts in computer security and Internet law have failed to deliver us from fear, resulting in overbroad prohibitions, harms to civil liberties, wasted law enforcement resources, and misallocated economic investment. This Article urges policymakers and partisans to stop using tropes of fear; calls for better empirical work on the probability of online harm; and proposes an anti-Precautionary Principle, a presumption against new laws designed to stop the Superuser.

Abstract: Provided is an application program launching method and system for improving security of an embedded Linux kernel by distributing superuser privileges. The method includes: searching security set information on an application program selected by a user; changing a user account for a processor of the application program to a user ID associated with the application program in the security set information; setting a capability for the processor according to setting information for the capability in the security set information; changing a basic directory for the processor according to a basic directory in the security set information; and launching the application program.

Abstract: Inefficient use of network resources on the battlefield is a serious liability: if an asset communicates with the network command for data-a terrain map, for instance-it ties up the end-to-end network resources. When many such assets contend for data simultaneously, traffic is limited by the slowest link along the path from the network command to the asset. A better approach is for a local server, known as an infostation, to download data on an anticipated-need basis when the network load is low. The infostation can then dump data when needed to the assets over a high-speed wireless connection. The infostation serves the local assets over an OFDM-based wireless data link that has MIMO enhancements for high data rate and robustness. We aim for data rate in excess of 100 Mbps, spectral efficiency in excess of 5 bits/sec/Hz, and robustness to poor channel conditions and jammers. We propose an adaptive physical layer that determines power levels, modulation schemes, and the MIMO enhancements to use based on the channel state and the level of interference in the system. We also incorporate the idea of superuser: a user who is allowed preferential use of the high data rate link. We propose a MAC that allows for this priority-based bandwidth allocation scheme. The proposed infostation MAC is integrated tightly with the physical layer through a cross-layer design. We call the proposed infostation PHY, MAC, and network technology, collectively, as the Mobile Infostation Network Technology (MINT).