UNIC: Secure Deduplication of General Computations. Yang Tang and Junfeng Yang Columbia University
|
|
- Emily Marybeth Ellis
- 5 years ago
- Views:
Transcription
1 UNIC: Secure Deduplication of General Computations Yang Tang and Junfeng Yang Columbia University
2 The world s data is fast exploding A significant portion of the data is redundant. Data deduplication can hugely save storage and simplify management.
3 Not only is the data redundant The computations on top of the data are also redundant. Can we deduplicate computations as well?
4 Challenges How can we deduplicate computations done by mutually distrusting users? Users can t put wrong results in the cache. Users can t query the cache if they shouldn t. Don t authenticate users. Authenticate computations! The UNIC way: leverage code attestation. 4
5 More challenges How can we deduplicate general computations? s: virus scanning, compiling source code, compression, big-data analysis, CommonCrawl Impossible to understand every computation. With developer s support, much more can be done. The UNIC way: provide a simple yet expressive. 5
6 UNIC overview UNIC: secure deduplication of general computations. Application UNIC Code attestation for integrity and secrecy UNIC UNIC cache 6
7 Outline Introduction design UNIC 7
8 Threats Cache poisoning A malicious user may try to put wrong results. Query forging A malicious user may try to query entries in the result cache that she cannot access. UNIC leverages code attestation to enforce both integrity and secrecy of the result cache. 8
9 Code attestation A computation is code input mov %edi,%ebp sub $0x3a8,%rsp mov (%rsi),%rdi mov %fs:0x28,%rax mov %rax,0x398(%rsp) xor %eax,%eax result Signature Code attestation cryptographically binds the result with the code and input that produced the result. 9
10 UNIC design code UNIC computes (1) result = code(input) input mov %edi,%ebp sub $0x3a8,%rsp mov (%rsi),%rdi mov %fs:0x28,%rax mov %rax,0x398(%rsp) xor %eax,%eax result Signature Run code on input to compute result. (2) sig = HMAC(hash(code) hash(input) result, K) Bind result with code and input. K is distributed among the trusted OSes. 10
11 UNIC protocol When an application wants to compute code(input) Application UNIC cache hash(code) hash(input) 11
12 UNIC protocol If cache hits Application UNIC cache hash(code) hash(input) result 12
13 UNIC protocol If cache misses Application UNIC cache hash(code) hash(input) cache does not exist compute result = code(input) and sig = HMAC(hash(code) hash(input) result, K) hash(code) hash(input), result, sig validate sig and update cache 13
14 void simple_virus_scanner(file, options) { buffer = read(file); result = scan_signature(buffer, options); print(result); } A simple virus scanning application 14
15 void simple_virus_scanner(file, options) { buffer = read(file); if (exists(scan_signature, buffer, options)) { result = get(scan_signature, buffer, options); } else { result = scan_signature(buffer, options); put(scan_signature, buffer, options, result); } print(result); } // red font: UNIC 15
16 void simple_virus_scanner(file, options) { buffer = read(file); if (exists(scan_signature, buffer, options)) { result = get(scan_signature, buffer, options); } else { result = scan_signature(buffer, options); put(scan_signature, buffer, options, result); } print(result); } // red font: UNIC 16
17 void simple_virus_scanner(file, options) { hash = get_file_hash(file); if (exists(scan_signature, hash, options)) { result = get(scan_signature, hash, options); } else { buffer = read(file); result = scan_signature(buffer, options); put(scan_signature, hash, options, result); } print(result); } // red font: UNIC 17
18 UNIC init() get_file_hash(file) exists(computation, hash, id) get(computation, hash, id) put(computation, hash, id, result, ttl) 18
19 UNIC init() Leverages deduplication metadata from the underlying storage get_file_hash(file) exists(computation, hash, id) get(computation, hash, id) put(computation, hash, id, result, ttl) 19
20 UNIC init() get_file_hash(file) Application-defined string identifier exists(computation, hash, id) get(computation, hash, id) put(computation, hash, id, result) 20
21 Our experiments aim to answer: Is UNIC easy to use? Does UNIC reduce computation time? What is UNIC s storage overhead? 21
22 We evaluated UNIC on 4 popular open-source apps: clamav: anti-virus software. pbzip2: multi-threaded compression utility. grep: pattern searching tool. gcc: compiler (using ccache). 22
23 Application adaptation effort Application Total LoC Changes Percentage clamav 1,732, <0.01% pbzip2 4, % grep 9, % gcc (ccache) 29, % UNIC is easy to use. 23
24 Application performance Relative running time 400% 300% 200% 100% 0% 145 cache miss cache hit clamav-l clamav-d pbzip2-l grep-ls grep-lc grep-ts grep-tc gcc-l (L: Linux source code, T: ctags file, D: Dropbox folder, s: simple query, c: complex query) 30 Baseline: without UNIC Reusing cached result is much faster. Average speedup =
25 Working with changing data original with UNIC Running time (s) Average speedup = Linux source code version UNIC also works well with partially duplicate data. 25
26 Storage overhead Application Dataset size Cache size Percentage clamav-l 508.1MB 2.8MB 0.55% clamav-d 10.8GB 4.4MB 0.04% pbzip2-l 544.0MB 106.4MB 19.55% grep-ls 508.1MB 11.2MB 2.21% grep-lc 508.1MB 4.2MB 0.83% grep-ts 250.0MB 5.3MB 2.13% grep-tc 250.0MB 4.5MB 1.80% gcc-l 508.1MB 2.3MB 0.46% (L: Linux source code, T: ctags file, D: Dropbox folder, s: simple query, c: complex query) UNIC incurs little storage overhead. 26
27 Conclusion UNIC: secure deduplication of general computations. It uses code attestation for secrecy and integrity. It exports a simple yet expressive. It explores a cross-layer design to leverage storage deduplication. 27
A DEDUPLICATION-INSPIRED FAST DELTA COMPRESSION APPROACH W EN XIA, HONG JIANG, DA N FENG, LEI T I A N, M I N FU, YUKUN Z HOU
A DEDUPLICATION-INSPIRED FAST DELTA COMPRESSION APPROACH W EN XIA, HONG JIANG, DA N FENG, LEI T I A N, M I N FU, YUKUN Z HOU PRESENTED BY ROMAN SHOR Overview Technics of data reduction in storage systems:
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by behavior-based threat detection and intelligent automation.
More informationTRUSTSHADOW: SECURE EXECUTION OF UNMODIFIED APPLICATIONS WITH ARM TRUSTZONE Florian Olschewski
TRUSTSHADOW: SECURE EXECUTION OF UNMODIFIED APPLICATIONS WITH ARM TRUSTZONE 14.11.2018 Florian Olschewski 1 OUTLINE 1) Introduction 2) Trustzone 3) Threat Model 4) Overview 5) Runtime System 6) Implementation
More informationTERN: Stable Deterministic Multithreading through Schedule Memoization
TERN: Stable Deterministic Multithreading through Schedule Memoization Heming Cui, Jingyue Wu, Chia-che Tsai, Junfeng Yang Columbia University Appeared in OSDI 10 Nondeterministic Execution One input many
More informationSPIN Operating System
SPIN Operating System Motivation: general purpose, UNIX-based operating systems can perform poorly when the applications have resource usage patterns poorly handled by kernel code Why? Current crop of
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by machine learning and intelligent automation. By rethinking
More informationA Web Service for Scholarly Big Data Information Extraction
A Web Service for Scholarly Big Data Information Extraction Kyle Williams, Lichi Li, Madian Khabsa, Jian Wu, Patrick C. Shih and C. Lee Giles Information Sciences and Technology Computer Science and Engineering
More informationChunkStash: Speeding Up Storage Deduplication using Flash Memory
ChunkStash: Speeding Up Storage Deduplication using Flash Memory Biplob Debnath +, Sudipta Sengupta *, Jin Li * * Microsoft Research, Redmond (USA) + Univ. of Minnesota, Twin Cities (USA) Deduplication
More informationOperating Systems. Week 13 Recitation: Exam 3 Preview Review of Exam 3, Spring Paul Krzyzanowski. Rutgers University.
Operating Systems Week 13 Recitation: Exam 3 Preview Review of Exam 3, Spring 2014 Paul Krzyzanowski Rutgers University Spring 2015 April 22, 2015 2015 Paul Krzyzanowski 1 Question 1 A weakness of using
More informationCS 416: Operating Systems Design April 22, 2015
Question 1 A weakness of using NAND flash memory for use as a file system is: (a) Stored data wears out over time, requiring periodic refreshing. Operating Systems Week 13 Recitation: Exam 3 Preview Review
More informationAuthenticated Storage Using Small Trusted Hardware Hsin-Jung Yang, Victor Costan, Nickolai Zeldovich, and Srini Devadas
Authenticated Storage Using Small Trusted Hardware Hsin-Jung Yang, Victor Costan, Nickolai Zeldovich, and Srini Devadas Massachusetts Institute of Technology November 8th, CCSW 2013 Cloud Storage Model
More informationCS Malware Analysis - Wk05.1 Static Analyzers
CS7038 - Malware Analysis - Wk05.1 Static Analyzers Coleman Kane kaneca@mail.uc.edu February 7, 2017 Signature-based Anti-Virus Systems By far, the most popular weapon against cyber attacks is signature-based
More informationGraphene-SGX. A Practical Library OS for Unmodified Applications on SGX. Chia-Che Tsai Donald E. Porter Mona Vij
Graphene-SGX A Practical Library OS for Unmodified Applications on SGX Chia-Che Tsai Donald E. Porter Mona Vij Intel SGX: Trusted Execution on Untrusted Hosts Processing Sensitive Data (Ex: Medical Records)
More informationOracle Advanced Compression: Reduce Storage, Reduce Costs, Increase Performance Bill Hodak Principal Product Manager
Oracle Advanced : Reduce Storage, Reduce Costs, Increase Performance Bill Hodak Principal Product Manager The following is intended to outline our general product direction. It is intended for information
More informationSRM-Buffer: An OS Buffer Management SRM-Buffer: An OS Buffer Management Technique toprevent Last Level Cache from Thrashing in Multicores
SRM-Buffer: An OS Buffer Management SRM-Buffer: An OS Buffer Management Technique toprevent Last Level Cache from Thrashing in Multicores Xiaoning Ding The Ohio State University dingxn@cse.ohiostate.edu
More informationDNS Security DNSSEC. *http://compsec101.antibo zo.net/papers/dnssec/dnss ec.html. IT352 Network Security Najwa AlGhamdi
DNS Security DNSSEC *http://compsec101.antibo zo.net/papers/dnssec/dnss ec.html 1 IT352 Network Security Najwa AlGhamdi Introduction DNSSEC is a security extensions to the DNS protocol in response to the
More informationLearning to Play Well With Others
Virtual Memory 1 Learning to Play Well With Others (Physical) Memory 0x10000 (64KB) Stack Heap 0x00000 Learning to Play Well With Others malloc(0x20000) (Physical) Memory 0x10000 (64KB) Stack Heap 0x00000
More informationChapter 8: Memory- Management Strategies. Operating System Concepts 9 th Edition
Chapter 8: Memory- Management Strategies Operating System Concepts 9 th Edition Silberschatz, Galvin and Gagne 2013 Chapter 8: Memory Management Strategies Background Swapping Contiguous Memory Allocation
More informationINFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD
Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD OVERVIEW Fundamental
More informationUses of Cryptography
Uses of Cryptography What can we use cryptography for? Lots of things Secrecy Authentication Prevention of alteration Page 1 Cryptography and Secrecy Pretty obvious Only those knowing the proper keys can
More informationVirtual Memory. Kevin Webb Swarthmore College March 8, 2018
irtual Memory Kevin Webb Swarthmore College March 8, 2018 Today s Goals Describe the mechanisms behind address translation. Analyze the performance of address translation alternatives. Explore page replacement
More informationCSL373: Lecture 5 Deadlocks (no process runnable) + Scheduling (> 1 process runnable)
CSL373: Lecture 5 Deadlocks (no process runnable) + Scheduling (> 1 process runnable) Past & Present Have looked at two constraints: Mutual exclusion constraint between two events is a requirement that
More informationFilesystem. Disclaimer: some slides are adopted from book authors slides with permission 1
Filesystem Disclaimer: some slides are adopted from book authors slides with permission 1 Storage Subsystem in Linux OS Inode cache User Applications System call Interface Virtual File System (VFS) Filesystem
More informationSRM-Buffer: An OS Buffer Management Technique to Prevent Last Level Cache from Thrashing in Multicores
SRM-Buffer: An OS Buffer Management Technique to Prevent Last Level Cache from Thrashing in Multicores Xiaoning Ding et al. EuroSys 09 Presented by Kaige Yan 1 Introduction Background SRM buffer design
More informationFADE: A Secure Overlay Cloud Storage System with Access Control and Assured Deletion. Patrick P. C. Lee
FADE: A Secure Overlay Cloud Storage System with Access Control and Assured Deletion Patrick P. C. Lee 1 Cloud Storage is Emerging Cloud storage is now an emerging business model for data outsourcing Individual
More informationChapter 12. File Management
Operating System Chapter 12. File Management Lynn Choi School of Electrical Engineering Files In most applications, files are key elements For most systems except some real-time systems, files are used
More informationFile Systems. CS 4410 Operating Systems. [R. Agarwal, L. Alvisi, A. Bracy, M. George, E. Sirer, R. Van Renesse]
File Systems CS 4410 Operating Systems [R. Agarwal, L. Alvisi, A. Bracy, M. George, E. Sirer, R. Van Renesse] The abstraction stack I/O systems are accessed through a series of layered abstractions Application
More informationCloudSky: A Controllable Data Self-Destruction System for Untrusted Cloud Storage Networks
CloudSky: A Controllable Data Self-Destruction System for Untrusted Cloud Storage Networks The material in these slides mainly comes from the paper CloudSky: A Controllable Data Self-Destruction System
More informationChapter 8: Memory-Management Strategies
Chapter 8: Memory-Management Strategies Chapter 8: Memory Management Strategies Background Swapping Contiguous Memory Allocation Segmentation Paging Structure of the Page Table Example: The Intel 32 and
More informationBenchmarking results of SMIP project software components
Benchmarking results of SMIP project software components NAILabs September 15, 23 1 Introduction As packets are processed by high-speed security gateways and firewall devices, it is critical that system
More informationInformatica Data Explorer Performance Tuning
Informatica Data Explorer Performance Tuning 2011 Informatica Corporation. No part of this document may be reproduced or transmitted in any form, by any means (electronic, photocopying, recording or otherwise)
More informationThe TokuFS Streaming File System
The TokuFS Streaming File System John Esmet Tokutek & Rutgers Martin Farach-Colton Tokutek & Rutgers Michael A. Bender Tokutek & Stony Brook Bradley C. Kuszmaul Tokutek & MIT First, What are we going to
More informationDNS Cache Poisoning Looking at CERT VU#800113
DNS Cache Poisoning Looking at CERT VU#800113 Nadhem J. AlFardan Consulting Systems Engineer Cisco Systems ANOTHER BORING DNS ISSUE Agenda DNS Poisoning - Introduction Looking at DNS Insufficient Socket
More informationCHAPTER 8 - MEMORY MANAGEMENT STRATEGIES
CHAPTER 8 - MEMORY MANAGEMENT STRATEGIES OBJECTIVES Detailed description of various ways of organizing memory hardware Various memory-management techniques, including paging and segmentation To provide
More informationChapter 8: Main Memory. Operating System Concepts 9 th Edition
Chapter 8: Main Memory Silberschatz, Galvin and Gagne 2013 Chapter 8: Memory Management Background Swapping Contiguous Memory Allocation Segmentation Paging Structure of the Page Table Example: The Intel
More informationTPM v.s. Embedded Board. James Y
TPM v.s. Embedded Board James Y What Is A Trusted Platform Module? (TPM 1.2) TPM 1.2 on the Enano-8523 that: How Safe is your INFORMATION? Protects secrets from attackers Performs cryptographic functions
More informationAvanan for G Suite. Technical Overview. Copyright 2017 Avanan. All rights reserved.
Avanan for G Suite Technical Overview Contents Intro 1 How Avanan Works 2 Email Security for Gmail 3 Data Security for Google Drive 4 Policy Automation 5 Workflows and Notifications 6 Authentication 7
More informationToday: Segmentation. Last Class: Paging. Costs of Using The TLB. The Translation Look-aside Buffer (TLB)
Last Class: Paging Process generates virtual addresses from 0 to Max. OS divides the process onto pages; manages a page table for every process; and manages the pages in memory Hardware maps from virtual
More informationChapter 8: Main Memory
Chapter 8: Main Memory Silberschatz, Galvin and Gagne 2013 Chapter 8: Memory Management Background Swapping Contiguous Memory Allocation Segmentation Paging Structure of the Page Table Example: The Intel
More informationCaching and Buffering in HDF5
Caching and Buffering in HDF5 September 9, 2008 SPEEDUP Workshop - HDF5 Tutorial 1 Software stack Life cycle: What happens to data when it is transferred from application buffer to HDF5 file and from HDF5
More informationFinal Examination CS 111, Fall 2016 UCLA. Name:
Final Examination CS 111, Fall 2016 UCLA Name: This is an open book, open note test. You may use electronic devices to take the test, but may not access the network during the test. You have three hours
More informationTopics: Memory Management (SGG, Chapter 08) 8.1, 8.2, 8.3, 8.5, 8.6 CS 3733 Operating Systems
Topics: Memory Management (SGG, Chapter 08) 8.1, 8.2, 8.3, 8.5, 8.6 CS 3733 Operating Systems Instructor: Dr. Turgay Korkmaz Department Computer Science The University of Texas at San Antonio Office: NPB
More informationTopic 18: Virtual Memory
Topic 18: Virtual Memory COS / ELE 375 Computer Architecture and Organization Princeton University Fall 2015 Prof. David August 1 Virtual Memory Any time you see virtual, think using a level of indirection
More informationVIAF: Verification-based Integrity Assurance Framework for MapReduce. YongzhiWang, JinpengWei
VIAF: Verification-based Integrity Assurance Framework for MapReduce YongzhiWang, JinpengWei MapReduce in Brief Satisfying the demand for large scale data processing It is a parallel programming model
More informationSmartMD: A High Performance Deduplication Engine with Mixed Pages
SmartMD: A High Performance Deduplication Engine with Mixed Pages Fan Guo 1, Yongkun Li 1, Yinlong Xu 1, Song Jiang 2, John C. S. Lui 3 1 University of Science and Technology of China 2 University of Texas,
More informationGFS: The Google File System. Dr. Yingwu Zhu
GFS: The Google File System Dr. Yingwu Zhu Motivating Application: Google Crawl the whole web Store it all on one big disk Process users searches on one big CPU More storage, CPU required than one PC can
More informationCascade Mapping: Optimizing Memory Efficiency for Flash-based Key-value Caching
Cascade Mapping: Optimizing Memory Efficiency for Flash-based Key-value Caching Kefei Wang and Feng Chen Louisiana State University SoCC '18 Carlsbad, CA Key-value Systems in Internet Services Key-value
More informationChapter 8: Memory- Management Strategies. Operating System Concepts 9 th Edition
Chapter 8: Memory- Management Strategies Operating System Concepts 9 th Edition Silberschatz, Galvin and Gagne 2013 Chapter 8: Memory Management Strategies Background Swapping Contiguous Memory Allocation
More informationChapter 8: Memory- Management Strategies
Chapter 8: Memory Management Strategies Chapter 8: Memory- Management Strategies Background Swapping Contiguous Memory Allocation Segmentation Paging Structure of the Page Table Example: The Intel 32 and
More informationMemory management. Last modified: Adaptation of Silberschatz, Galvin, Gagne slides for the textbook Applied Operating Systems Concepts
Memory management Last modified: 26.04.2016 1 Contents Background Logical and physical address spaces; address binding Overlaying, swapping Contiguous Memory Allocation Segmentation Paging Structure of
More informationRyoan: A Distributed Sandbox for Untrusted Computation on Secret Data
Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data Tyler Hunt, Zhiting Zhu, Yuanzhong Xu, Simon Peter, and Emmett Witchel University of Texas at Austin OSDI 2016 Presented by John Alsop
More informationEncrypted Data Deduplication in Cloud Storage
Encrypted Data Deduplication in Cloud Storage Chun- I Fan, Shi- Yuan Huang, Wen- Che Hsu Department of Computer Science and Engineering Na>onal Sun Yat- sen University Kaohsiung, Taiwan AsiaJCIS 2015 Outline
More informationOS-caused Long JVM Pauses - Deep Dive and Solutions
OS-caused Long JVM Pauses - Deep Dive and Solutions Zhenyun Zhuang LinkedIn Corp., Mountain View, California, USA https://www.linkedin.com/in/zhenyun Zhenyun@gmail.com 2016-4-21 Outline q Introduction
More informationCisco Security. Advanced Malware Protection. Guillermo González Security Systems Engineer Octubre 2017
Cisco Security Advanced Malware Protection Guillermo González Security Systems Engineer Octubre 2017 The New Security Model Attack Continuum Before During After Before Discover During Detect After Scope
More informationCS 356 Operating System Security. Fall 2013
CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database
More informationFirmware Updates for Internet of Things Devices
Firmware Updates for Internet of Things Devices Brendan Moran, Milosch Meriac, Hannes Tschofenig Drafts: draft-moran-suit-architecture draft-moran-suit-manifest 1 WHY DO WE CARE? 2 IoT needs a firmware
More informationLeveraging Intel SGX to Create a Nondisclosure Cryptographic library
CS 2530 - Computer and Network Security Project presentation Leveraging Intel SGX to Create a Nondisclosure Cryptographic library Mohammad H Mofrad & Spencer L Gray University of Pittsburgh Thursday, December
More informationKey Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering. Key Threats Internet was just growing Mail was on the verge
Key Threats Internet was just growing Mail was on the verge Key Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering Key Threats Code Red and Nimda (2001), Blaster (2003), Slammer
More informationKnockoff: Cheap versions in the cloud. Xianzheng Dou, Peter M. Chen, Jason Flinn
Knockoff: Cheap versions in the cloud Xianzheng Dou, Peter M. Chen, Jason Flinn Cloud-based storage Google Drive Dropbox Pros: Ease-of-management Reliability Microsoft OneDrive Xianzheng Dou 1 Cloud-based
More informationLamassu: Storage-Efficient Host-Side Encryption
Lamassu: Storage-Efficient Host-Side Encryption Peter Shah, Won So Advanced Technology Group 9 July, 2015 1 2015 NetApp, Inc. All rights reserved. Agenda 1) Overview 2) Security 3) Solution Architecture
More informationEMC VNX2 Deduplication and Compression
White Paper VNX5200, VNX5400, VNX5600, VNX5800, VNX7600, & VNX8000 Maximizing effective capacity utilization Abstract This white paper discusses the capacity optimization technologies delivered in the
More informationIntel Software Guard Extensions (Intel SGX) Memory Encryption Engine (MEE) Shay Gueron
Real World Cryptography Conference 2016 6-8 January 2016, Stanford, CA, USA Intel Software Guard Extensions (Intel SGX) Memory Encryption Engine (MEE) Shay Gueron Intel Corp., Intel Development Center,
More informationOpportunistic Use of Content Addressable Storage for Distributed File Systems
Opportunistic Use of Content Addressable Storage for Distributed File Systems Niraj Tolia *, Michael Kozuch, M. Satyanarayanan *, Brad Karp, Thomas Bressoud, and Adrian Perrig * * Carnegie Mellon University,
More informationLecture Embedded System Security Introduction to Trusted Computing
1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Summer Term 2015 Roadmap: Trusted Computing Motivation Notion of trust
More informationCHAPTER 8: MEMORY MANAGEMENT. By I-Chen Lin Textbook: Operating System Concepts 9th Ed.
CHAPTER 8: MEMORY MANAGEMENT By I-Chen Lin Textbook: Operating System Concepts 9th Ed. Chapter 8: Memory Management Background Swapping Contiguous Memory Allocation Segmentation Paging Structure of the
More informationOS Security IV: Virtualization and Trusted Computing
1 OS Security IV: Virtualization and Trusted Computing Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab2 More questions? 3 Virtual machine monitor +-----------+----------------+-------------+
More informationAMP-Based Flow Collection. Greg Virgin - RedJack
AMP-Based Flow Collection Greg Virgin - RedJack AMP- Based Flow Collection AMP - Analytic Metadata Producer : Patented US Government flow / metadata producer AMP generates data including Flows Host metadata
More informationThe Design and Implementation of a Next Generation Name Service for the Internet (CoDoNS) Presented By: Kamalakar Kambhatla
The Design and Implementation of a Next Generation Name Service for the Internet (CoDoNS) Venugopalan Ramasubramanian Emin Gün Sirer Presented By: Kamalakar Kambhatla * Slides adapted from the paper -
More informationFGDEFRAG: A Fine-Grained Defragmentation Approach to Improve Restore Performance
FGDEFRAG: A Fine-Grained Defragmentation Approach to Improve Restore Performance Yujuan Tan, Jian Wen, Zhichao Yan, Hong Jiang, Witawas Srisa-an, Baiping Wang, Hao Luo Outline Background and Motivation
More informationRule based Forwarding (RBF): improving the Internet s flexibility and security. Lucian Popa, Ion Stoica, Sylvia Ratnasamy UC Berkeley Intel Labs
Rule based Forwarding (RBF): improving the Internet s flexibility and security Lucian Popa, Ion Stoica, Sylvia Ratnasamy UC Berkeley Intel Labs Motivation Improve network s flexibility Middlebox support,
More informationPROCESS VIRTUAL MEMORY. CS124 Operating Systems Winter , Lecture 18
PROCESS VIRTUAL MEMORY CS124 Operating Systems Winter 2015-2016, Lecture 18 2 Programs and Memory Programs perform many interactions with memory Accessing variables stored at specific memory locations
More informationPresentation by Brett Meyer
Presentation by Brett Meyer Traditional AV Software Problem 1: Signature generation Signature based detection model Sheer volume of new threats limits number of signatures created by one vendor Not good
More informationFlicker: An Execution Infrastructure for TCB Minimization
Flicker: An Execution Infrastructure for TCB Minimization Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Hiroshi Isozaki (EuroSys 08) Presented by: Tianyuan Liu Oct 31, 2017 Outline Motivation
More informationHarnessing Metadata Characteristics for Efficient Deduplication in Distributed Storage Systems. Matthew Goldstein
Harnessing Metadata Characteristics for Efficient Deduplication in Distributed Storage Systems by Matthew Goldstein Submitted to the Department of Electrical Engineering and Computer Science in partial
More informationGFS: The Google File System
GFS: The Google File System Brad Karp UCL Computer Science CS GZ03 / M030 24 th October 2014 Motivating Application: Google Crawl the whole web Store it all on one big disk Process users searches on one
More informationUnderstanding the Local KDC
Appendix C Understanding the Local KDC The local Key Distribution Center (LKDC) facilitates single sign-on for Apple Filing Protocol (AFP) file sharing and screen sharing, and although it is outside the
More informationBasic Memory Management. Basic Memory Management. Address Binding. Running a user program. Operating Systems 10/14/2018 CSC 256/456 1
Basic Memory Management Program must be brought into memory and placed within a process for it to be run Basic Memory Management CS 256/456 Dept. of Computer Science, University of Rochester Mono-programming
More informationCS 155 Final Exam. CS 155: Spring 2004 June 2004
CS 155: Spring 2004 June 2004 CS 155 Final Exam This exam is open books and open notes, but you may not use a laptop. You have 2 hours. Make sure you print your name legibly and sign the honor code below.
More informationMain Memory (Part II)
Main Memory (Part II) Amir H. Payberah amir@sics.se Amirkabir University of Technology (Tehran Polytechnic) Amir H. Payberah (Tehran Polytechnic) Main Memory 1393/8/17 1 / 50 Reminder Amir H. Payberah
More informationDay: Thursday, 03/19 Time: 16:00-16:50 Location: Room 212A Level: Intermediate Type: Talk Tags: Developer - Tools & Libraries; Game Development
1 Day: Thursday, 03/19 Time: 16:00-16:50 Location: Room 212A Level: Intermediate Type: Talk Tags: Developer - Tools & Libraries; Game Development 2 3 Talk about just some of the features of DX12 that are
More informationCS Paul Krzyzanowski
Question 1 Explain why hypervisor rootkits are more difficult to detect than user-mode or kernel-mode rootkits. Computer Security 2018 Exam 2 Review Paul Krzyzanowski Rutgers University Spring 2018 The
More informationComputer Security Exam 2 Review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 2018 Exam 2 Review Paul Krzyzanowski Rutgers University Spring 2018 April 16, 2018 CS 419 2018 Paul Krzyzanowski 1 Question 1 Explain why hypervisor rootkits are more difficult to detect
More informationTrojan-tolerant Hardware & Supply Chain Security in Practice
Trojan-tolerant Hardware & Supply Chain Security in Practice Who we are Vasilios Mavroudis Doctoral Researcher, UCL Dan Cvrcek CEO, Enigma Bridge George Danezis Professor, UCL Petr Svenda CTO, Enigma Bridge
More informationSteelGate Overview. Manage perimeter security and network traffic to ensure operational efficiency, and optimal Quality of Service (QoS)
Internet Communications Made Safe SteelGate Overview SteelGate Overview SteelGate is a high-performance VPN firewall appliance that Prevent Eliminate threats & attacks at the perimeter Stop unauthorized
More informationChapter 3: User Authentication
Chapter 3: User Authentication Comp Sci 3600 Security Outline 1 2 3 4 Outline 1 2 3 4 User Authentication NIST SP 800-63-3 (Digital Authentication Guideline, October 2016) defines user as: The process
More informationOutline NET 412 NETWORK SECURITY PROTOCOLS. Reference: Lecture 7: DNS Security 3/28/2016
Networks and Communication Department NET 412 NETWORK SECURITY PROTOCOLS Lecture 7: DNS Security 2 Outline Part I: DNS Overview of DNS DNS Components DNS Transactions Attack on DNS Part II: DNS Security
More informationChapter 7: Main Memory. Operating System Concepts Essentials 8 th Edition
Chapter 7: Main Memory Operating System Concepts Essentials 8 th Edition Silberschatz, Galvin and Gagne 2011 Chapter 7: Memory Management Background Swapping Contiguous Memory Allocation Paging Structure
More informationBitcoin, Security for Cloud & Big Data
Bitcoin, Security for Cloud & Big Data CS 161: Computer Security Prof. David Wagner April 18, 2013 Bitcoin Public, distributed, peer-to-peer, hash-chained audit log of all transactions ( block chain ).
More information<Insert Picture Here> MySQL Web Reference Architectures Building Massively Scalable Web Infrastructure
MySQL Web Reference Architectures Building Massively Scalable Web Infrastructure Mario Beck (mario.beck@oracle.com) Principal Sales Consultant MySQL Session Agenda Requirements for
More informationSpyglass: Fast, Scalable Metadata Search for Large-Scale Storage Systems
Spyglass: Fast, Scalable Metadata Search for Large-Scale Storage Systems Andrew W Leung Ethan L Miller University of California, Santa Cruz Minglong Shao Timothy Bisson Shankar Pasupathy NetApp 7th USENIX
More informationABSTRACT INTRODUCTION DROPBOX - THE GROWTH STORY
DBSHIELD: SECURING DROPBOX AGAINST MALWARE DIST RIBUTION ANAND BHATIA (ANANDR ) & TEJASWI SUDHA (T SUDHA) CONTENTS Abstract... 3 Introduction... 3 Dropbox - the growth story... 3 Dropbox INSECURE BY DESIGN?...
More information20: Exploits and Containment
20: Exploits and Containment Mark Handley Andrea Bittau What is an exploit? Programs contain bugs. These bugs could have security implications (vulnerabilities) An exploit is a tool which exploits a vulnerability
More informationPage 1. Last Time. Today. Embedded Compilers. Compiler Requirements. What We Get. What We Want
Last Time Today Low-level parts of the toolchain for embedded systems Linkers Programmers Booting an embedded CPU Debuggers JTAG Any weak link in the toolchain will hinder development Compilers: Expectations
More informationTriton file systems - an introduction. slide 1 of 28
Triton file systems - an introduction slide 1 of 28 File systems Motivation & basic concepts Storage locations Basic flow of IO Do's and Don'ts Exercises slide 2 of 28 File systems: Motivation Case #1:
More informationBuffer overflows. Specific topics:
Buffer overflows Buffer overflows are possible because C does not check array boundaries Buffer overflows are dangerous because buffers for user input are often stored on the stack Specific topics: Address
More informationKomodo: Using Verification to Disentangle Secure-Enclave Hardware from Software
Komodo: Using Verification to Disentangle Secure-Enclave Hardware from Software Andrew Ferraiuolo, Andrew Baumann, Chris Hawblitzel, Bryan Parno* Microsoft Research, Cornell University, Carnegie Mellon
More informationChapter 9 Memory Management
Contents 1. Introduction 2. Computer-System Structures 3. Operating-System Structures 4. Processes 5. Threads 6. CPU Scheduling 7. Process Synchronization 8. Deadlocks 9. Memory Management 10. Virtual
More informationRecall: Address Space Map. 13: Memory Management. Let s be reasonable. Processes Address Space. Send it to disk. Freeing up System Memory
Recall: Address Space Map 13: Memory Management Biggest Virtual Address Stack (Space for local variables etc. For each nested procedure call) Sometimes Reserved for OS Stack Pointer Last Modified: 6/21/2004
More informationSecurity Philosophy. Humans have difficulty understanding risk
Android Security Security Philosophy Humans have difficulty understanding risk Safer to assume that Most developers do not understand security Most users do not understand security Security philosophy
More informationReducing Hit Times. Critical Influence on cycle-time or CPI. small is always faster and can be put on chip
Reducing Hit Times Critical Influence on cycle-time or CPI Keep L1 small and simple small is always faster and can be put on chip interesting compromise is to keep the tags on chip and the block data off
More information