Platform For Safe Execution Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Days have come when there is greater need for enhancing the Application-level security for providing the safe execution of code within the environment. From the past we have learnt about the hazardous situation that have aroused from the software failure inside the environment causing the loss of important data and environmental damage to a very large extent, sometimes even an operating environment may also crash. Largely known factors of this type are virus, worms, backdoors etc. in the operating systems. Similar examples include the software damage causing the buffer overflow code injections, null pointer access, memory leaks, arithmetic or other exceptions like algorithmic invariants among which some of the assignments causing severe damage to the operating environment like O.S.

The proposed work aims at providing a secure platform like a trusted computing base for the application execution so that it does no damage to the environment.

Keywords: TCB (Trusted Computing Base), Code Injection, Trusted Application, Decision Support System


Although the topic coverage includes mainly the hard core concepts within the operating system, the keyword mentioned, merely specifies raw knowledge about them. As we all know that an Operating system is a kind of system software that provides an interface between the user and the hardware. And there exist several companies in the market with their own developed operating system. Based upon the functionalities being provided, various kind of operating system are available in the market today. As the operating system provides the core computing base for the general purpose tasks, furthermore numbers of applications are developed and installed to increase the operating system efficiency and thus provide a better performance and security to the system. Generally, an operating system consists of specific levels from which the kernel forms the core computing base of all. The kernel is responsible for all of the functionality and platform specification issues like handling of the hardware, system calls interfacing etc.

Applications mostly need to access the system resources and sometime make specific system calls within the operating system to perform the operation. For a system, the safe and secure execution of the applications bring upon is the main goal. It aims at providing various measures with which help it can execute the application safely without impacting system resources as well. Besides all the method and measures followed, with the increased complicated functioning of today's system and the upcoming threats, it has become too difficult to let the applications to be installed securely within the system without having any adverse effects.

A description...

Fig. 1 Implementation of C program through Valgrind

In today's scenario, apart from having secure connectivity between the systems going to interact and transfer data, it is the need of the time to support the Application-level security as creating a secure connection between the computers doesn't guarantee that the applications installed are actually executing in a secure manner without exploiting the internal data structure and resources of the system. The number and strength of the attacks like memory corruption attacks, code injection attacks, SQL injections etc. has increased to such a level that some of the proposed techniques and methodologies are unable to detect even their presence and thus these attacks are infecting the overall performance and security of the system.

It is known that certain applications are very critical as make use of specific system calls provided by the kernel and thus any compromise with their execution can prone to overall system failure too. Thus, our main concern is to focus on developing a secure execution platform that is resilient to the hindrances caused during the application execution in the system leading to the secure running of the application preserving the main goal considered i.e. security and performance. [1][2]

A following implementation mechanism illustrates the implementation mechanism showed in th diagram below a memcheck kind of c application which checks for the currently process on the system the heaps allocated and the kind of vulnerability or in other terms leak of the software.

Earlier work done mainly aimed at adhering to securing the connections made between the one exchanging the data. Mainly, the safe retrieval of the application from the network was considered. Little bit focus was given to the application brought upon to be installed on the execution environment. Although this approach of securing the connection leads to secure application retrieval but no promise was made regarding the originality of the application i.e. is the applications going to be completely secure before and after its installation and execution within the system. Thus, adoption of new methods and techniques is required in order to build such kind of platform that keeps an eye on the applications brought along which have to follow a certain boundary set such that their execution does not violate any of the operating environment policies developed.

We here describe a platform which aimed at removing the vulnerability inside the system basically in the operating system approach. The approach formulated here is little bit that of generality of Operating System used.[3][4][5]

Proposed Approach

Generally the procedural approach explained while designing the operating systems, presents a combination of the following two approaches : Functional and Non-functional; better defined in terms of software engineering.

Functional requirements refer here to the provided intra-operability issues for e.g. Authentication, providing the functionality for which it is the tool or the software is designed. Functional requirements may be calculations, technical details; data manipulation and processing and other specific functionality that define what a system is supposed to accomplish. The general requirements of a software module can be Configuration, Wake Up, Initialization, Normal Operation, Shutdown Operation Fault Operation and Error Detection etc.

Non-functional refers to the requirements that specifies criteria which can be used to judge the operation of a system, rather than specific behaviors. Non-functional requirements define how a system is supposed to be. Non-functional requirements are often called qualities of a system. The general requirements of a software module can be Software Architecture Requirements, Software Integration Requirements, and Software Documentation Requirements etc.

Our proposed approach in general form refers to more generalization of providing the security through virtualization techniques providing decision support system based on the fuzzy approximation method providing a linguistic means to the system.

The operating system provides the schedule table for the process execution within the space specified and then the application makes the use of the specific system calls for the platform needed for the application to execute. The executing application must have to follow the criteria being set in order to be executed safely. The application is divided into two types: Trusted applications and Non-Trusted applications. The application that satisfies the boundary being set comes under the category of the trusted applications and can execute within the system else it is rejected by that of the system failing to fulfill the criteria.

A general overview of our approach is been described in the figure given below.

Process 1 stars


Job Pool


Linguistic values for boundary descriptor


Process ends

Fig 1. Sequence Chart

The sequence chart illustrates the execution of processes based on the Linguistic boundary checker that check processes for certain kind of boundary limits. This chart depicts how the application processes needs to access the system resources in order not to violate the measures being taken in general.

Although systems used in today's era are somewhat compatible to bear the harm caused by outsiders; still there is always a need to increase the security aspect so that the system is not halted or even its performance is also not degraded under any circumstances. Within a system, the operating system is the main component which is responsible for the management of the whole system resources; it needs to manage everything, from as simple as that of calling a system call to that of tracking another system. Apart from that, the operating system solely is responsible for allotting the resources to the application in such a way that its execution doesn't lead to any unpredictable or unusual behavior of the system.

Mostly whenever an application is ready for execution it is not that easy to check whether the application is faulty or not. Thus, measures are needed to be taken so that the malicious behavior of the application can be detected as soon as possible to prevent its execution within the system. Hence it is must to develop such methodologies and security policies that can be embedded within the system and besides performing its basic functionalities are able to mark the application as either trustworthy or not, so keeping the system free of any faults that can be caused by the faulty application if executed .

So, to enhance the operating system security and removing vulnerability from the system, the platform developed focus on binding applications to a certain boundary which if violated leads to the application rejection while providing the application-level security. Every application which is installed in the system accesses the system memory for its working, thus, memory is consumed. As we are concerned about developing a safe execution platform for the application to be run; certain criteria need to be satisfied by the system as well as the application installed.[6][7][8]

For the Operating system security, applications to be installed are required to follow a prescribed model i.e. an application model. The application model is based on the UML. This model depicts the flow as per which the application from the moment they are bought in the system to the level that they need to pass in order to be labeled as either Trusted or Non-Trusted application and hence further leading to their execution in the system and accessing the system resources. It is given as:






Operating System


Decision Support System





For a control variable "S"

For S

Reject Application



Shutdown Hook


Error Hook



Fig. 2 UML-Based Application Model

The UML- based application model above illustrates the acceptance of the application if it passes the Decision Support System positively. The main component here is the Decision Support System whose decision matters the most, it is upon this system only to decide whether an application is trustworthy or not. On the basis of its decision only, the particular application is able to access the Operating system resources.[9][10[11]

Decision Support System.

A decision support system plays the vital role in our proposal. The following constitutes the major components of the decision support system.

An Operating system when shipped should contain a specific virtual environment for e.g. In Windows 7 or vista whenever we click on an executable file a user account control dialog appears saying ,"Do you allow the program to make changes to the computer with a short description of the program?". We call it as a computing platform.

We are creating a default virtual application for the Operating System. It will be default for the applications whenever we try to install them. It will be executed in the computing platform first.

A Boundary Extractor Function consisting of the limits of Operating System. Its maximum capability of handling the applications is likely to change during an Operating System working life cycle.

A fuzzy system constituting of the linguistic variables creates a fuzzy sets on which the decision has to be made which is based on approximation technique.

The proposed mechanism extracts the concept of the virtualization of the system state.

A more algorithmic approach is shown below:

Step 1.The application which is to be installed, its setup/installation software is selected first.

Step 2.A specific set of system calls with the generalized Operating System routines is loaded in the computing platform environment.

A generalized function calculated as:

Θ =

Explanation to the equation:

The equation hereby defines the set of variables in the form of "r" whose value consist of the values taken from the application installation software for the particular Operating system. "n" is the maximum number of parameters in the application.

α =

Explanation to the equation:

The equation here assembles the operating system current scenario of application, memory, buffer etc. The overall set is to be integrated as a whole reserved for determining the linguistic descriptor. "m" is the descriptor that most operating system uses.

Define "k" as linguistic descriptor for the values of set {b1,b2,b3,b4……………….bz}

For each values of the b1 b2… a linguistic variable has to be determined in the form of k1, k2 , k3…….

Perform "α" over "Θ" in the computing environment. Define values of "v" in the each step.

Compare the values of "v" and "k" if (k>v), go to step 6 else step 7.

Step 3.Define the application as secure. And start installation.

Step 4.Define the application not secure notify the user.

Step 5. Stop.

As per the algorithm we can easily determine the consequences of the algorithm the first equation hereby denotes the extraction applied to the application level program may be initially be shipped by the vendor side itself. The second equation represents to the extraction refined by the operating system side may be a kind of application installed in the operating system. Which is default for application for all of the application side for example as illustrated earlier for windows environment?


The above proposed strategy aims at providing a cheaper and cost effective solution to the vulnerable applications that may be present within the system. Also it reduces the cost of the maintenance and work behind creating the safety patches of the operating system. Moreover, the proposed strategy aims at providing the solution based on the customers hardware configurations.

Future Work

Encapsulating such type of strategy inside the operating system will reduce the vulnerability assessment and as it is dynamic, if any hardware changes are there inside the client operating system; the Operating System will dynamically be able to suit those requirements. Further, it also involves the patches or the loopholes of the operating system that can be detected easily without have the patches directly being installed in the operating system itself.