Maru: Hardware-Assisted Secure Cloud Computing
|
|
- Cornelius Horn
- 5 years ago
- Views:
Transcription
1 Maru: Hardware-Assisted Secure Coud Computing Peter Pietzuch Large-Scae Distributed Systems Group Department of Computing, Imperia Coege London Peter R. Pietzuch ATI February 2017
2 Trust Issues: Provider Perspective Coud provider does not trust users Redis Use virtua machines to isoate users from each other and the host VMs ony provide one way protection OS VMM Firmware Coud patform Staff trusted 2
3 Trust Issues: User Perspective Users trust their appications Redis Users must impicity trust coud provider Existing appications impicity assume trusted operating system OS VMM Firmware Coud patform Staff untrusted 3
4 Trusted Execution with Inte SGX Encave Users create HW-enforced trusted environment OS Supports unprivieged user code Firmware Coud patform untrusted VMM Protects against strong attacker mode Staff Remote attestation Avaiabe on commodity CPUs 4
5 Inte SGX: Hardware-Assisted Security New encave processor mode 18 new instructions to manage encave ife cyce Encave memory ony accessibe from encave Certain instructions disaowed, e.g., sysca No system cas Performance overhead untrusted EENTER trusted Execute Return privieged access from OS, VMM forbidden 5
6 SGX: System Ca Overhead (pwrite) gibc (32 B) System cas (1000s/s) SGX SDK (32 B) gibc (64 KB) SGX SDK (64 KB) Threads System cas outside of encave are expensive
7 SGX: Memory Access Overhead Normaized run time Reads (random) Reads (sequentia) Writes (random) Writes (sequentia) L3 size Writes (sequentia) avaiabe EPC size Writes (random) 1 Reads (sequentia) Reads (random) Aocated memory size (MiB) Large amount of encave memory eads to poor performance
8 SGX Research Chaenges Untrusted component Attack surface Performance overhead Secure encave Sensitive code and data TCB size 8
9 Systems Support for SGX? Appication Appication Libraries Libraries C Library (ibc) C Library (ibc) Operating System Operating System Hardware Hardware I. Compete unmodified appications in encaves (Systems support?) 1. II. Priviege Separation (Minima TCB?) 9
10 1. SCONE: Secure CONtainer Environment Host operating system (Linux) Container trusted Encave Appication Code Appication-specific ibraries Network shied Fie system shied M:N Threading SGX-aware C ibrary Asynchronous system ca interface 1. Good performance/security trade-off Sma TCB ( of native size) Low overhead ( of native throughput) 2. Efficient system ca support M:N user-eve threading Asynchronous sysca execution System ca requests sca6 sca5 sca4 ock-free queues SCONE kerne modue resp1 resp2 resp3 System ca responses Inte SGX driver 3. Transparent interface shieding Encryption of fie descriptors TLS support for network sockets Encrypted data stored outside encave
11 2. Gamdring: Appication Partitioning 1. Static / Dynamic Anaysis 2. Graph partitioning 3. Automated source-tosource code transform Coect information to obtain vaid partitioning Find partitioning of appication Impement partitioning using Inte SGX SDK Origina source code Modified binary (initia tainting) Trace Coection Instrumented binary Graph Partitioning /path/to/fie1 function1 /path/to/fie2 function2 /path/to/fie3 function3 /path/to/fie4 function4 /path/to/fie5 function5 /path/to/fie5 function5 /path/to/fie6 function6 /path/to/fie7 function7 /path/to/fie8 function8 Code Generation Untrusted app code Sensitive app code 11
12 12 3. LibSEAL: Secure Auditing Library LibSEAL: Secure TLS Auditing Library Provide accountabiity to TLS-enabed appication Hep ink integrity vioations to origin Workfow: 1. Securey og communication between cient and service 2. Audit against appication-specific invariants SSLenabed Appication ibsea (terminates SSL) og Encave (trusted) Coud infrastructure (untrusted) Use cases: Cient Dropbox: Have fies been ost? Cient Cient Git: Is the the server hiding commits? Owncoud: Were there iegitimate modifications to content or ayout?
13 Maru: Security Threats in Data Science Externa attacker VM OS Other VM Maicious insider Data science job Maicious tenant Hypervisor Hardware 13
14 Maru Research Directions 1. Security mode for shieded data science jobs How to harden shieded jobs? How to dea with vunerabiities, bugs? What about externa dependencies/ibraries? 2. Integration of anguage runtimes with secure encaves How to integrate SGX support for the JVM? What is the right programming mode for SGX encaves? 3. Unikerne support for secure encaves How to support existing egacy binaries? How to buid type-safe minima secure encaves for data science jobs? 4. Prototype patform impementation and evauation Integration with Apache Fink or other datafow frameworks 5. Datafow attacks and mitigations strategies What attacks are possibe by observing encrypted datafows? Can we appy techniques for unobservabe communication? 14
SCONE: Secure Linux Container Environments with Intel SGX
SCONE: Secure Linux Container Environments with Intel SGX S. Arnautov, B. Trach, F. Gregor, Thomas Knauth, and A. Martin, Technische Universität Dresden; C. Priebe, J. Lind, D. Muthukumaran, D. O'Keeffe,
More informationCSE120 Principles of Operating Systems. Prof Yuanyuan (YY) Zhou Lecture 4: Threads
CSE120 Principes of Operating Systems Prof Yuanyuan (YY) Zhou Lecture 4: Threads Announcement Project 0 Due Project 1 out Homework 1 due on Thursday Submit it to Gradescope onine 2 Processes Reca that
More informationCylanceOPTICS. Frequently Asked Questions
CyanceOPTICS Frequenty Asked Questions Question What is CyanceOPTICS? CyanceOPTICS is an AI driven endpoint detection and response component providing consistent visibiity, root cause anaysis, scaabe threat
More informationVarys. Protecting SGX Enclaves From Practical Side-Channel Attacks. Oleksii Oleksenko, Bohdan Trach. Mark Silberstein
Varys Protecting SGX Enclaves From Practical Side-Channel Attacks Oleksii Oleksenko, Bohdan Trach Robert Krahn, Andre Martin, Christof Fetzer Mark Silberstein Key issue of the cloud: We cannot trust it
More informationAn Introduction to Design Patterns
An Introduction to Design Patterns 1 Definitions A pattern is a recurring soution to a standard probem, in a context. Christopher Aexander, a professor of architecture Why woud what a prof of architecture
More informationCSE120 Principles of Operating Systems. Prof Yuanyuan (YY) Zhou Advanced Memory Management
CSE120 Principes of Operating Systems Prof Yuanyuan (YY) Zhou Advanced Memory Management Advanced Functionaity Now we re going to ook at some advanced functionaity that the OS can provide appications using
More informationA Comparison Study of Intel SGX and AMD Memory Encryption Technology
A Comparison Study of Intel SGX and AMD Memory Encryption Technology Saeid Mofrad, Fengwei Zhang Shiyong Lu Wayne State University {saeid.mofrad, Fengwei, Shiyong}@wayne.edu Weidong Shi (Larry) University
More informationMCSE Training Guide: Windows Architecture and Memory
MCSE Training Guide: Windows 95 -- Ch 2 -- Architecture and Memory Page 1 of 13 MCSE Training Guide: Windows 95-2 - Architecture and Memory This chapter wi hep you prepare for the exam by covering the
More informationGraphene-SGX. A Practical Library OS for Unmodified Applications on SGX. Chia-Che Tsai Donald E. Porter Mona Vij
Graphene-SGX A Practical Library OS for Unmodified Applications on SGX Chia-Che Tsai Donald E. Porter Mona Vij Intel SGX: Trusted Execution on Untrusted Hosts Processing Sensitive Data (Ex: Medical Records)
More informationIntroduction to SGX (Software Guard Extensions) and SGX Virtualization. Kai Huang, Jun Nakajima (Speaker) July 12, 2017
Introduction to SGX (Software Guard Extensions) and SGX Virtualization Kai Huang, Jun Nakajima (Speaker) July 12, 2017 1 INTEL RESTRICTED SECRET Agenda SGX Introduction Xen SGX Virtualization Support Backup
More informationBridge Talk Release Notes for Meeting Exchange 5.0
Bridge Tak Reease Notes for Meeting Exchange 5.0 This document ists new product features, issues resoved since the previous reease, and current operationa issues. New Features This section provides a brief
More informationMicrosoft Visual Studio 2005 Professional Tools. Advanced development tools designed for professional developers
Microsoft Visua Studio 2005 Professiona Toos Advanced deveopment toos designed for professiona deveopers If you re a professiona deveoper, Microsoft has two new ways to fue your deveopment efforts: Microsoft
More informationDevelopment of a National Portal for Tuvalu. Business Case. SPREP Pacific iclim
Deveopment of a Nationa Porta for Tuvau Business Case SPREP Pacific iclim Apri 2018 Tabe of Contents 1. Introduction... 3 1.1 Report Purpose... 3 1.2 Background & Context... 3 1.3 Other IKM Activities
More informationSecure Sharing of an ICT Infrastructure Through Vinci
Secure Sharing of an ICT Infrastructure Through Vinci Fabrizio Baiardi 1 Daniele Sgandurra 2 1 Polo G. Marconi - La Spezia, University of Pisa, Italy 2 Department of Computer Science, University of Pisa,
More informationDominig ar Foll Senior Software Architect Intel Open Source
Dominig ar Fo Senior Software Architect Inte Open Source Fosdem 2017, Brusse, Be dominig.arfo@fridu.net 1/30 A harden Embedded Linux Appicabe to any Industria IoT Linux 2/30 3/30 4/30 Top 25 Git Committers
More informationEleos: Exit-Less OS Services for SGX Enclaves
Eleos: Exit-Less OS Services for SGX Enclaves Meni Orenbach Marina Minkin Pavel Lifshits Mark Silberstein Accelerated Computing Systems Lab Haifa, Israel What do we do? Improve performance: I/O intensive
More informationAgreeYa Solutions. Site Administrator for SharePoint User Guide
AgreeYa Soutions Site Administrator for SharePoint 5.2.4 User Guide 2017 2017 AgreeYa Soutions Inc. A rights reserved. This product is protected by U.S. and internationa copyright and inteectua property
More informationNetDrive2 SDK Reference
NetDrive2 SDK Reference Bdrive Inc, Copyright Bdrive inc, A Rights Reserved version date e-mai 0.1 2014-4-10 jyyoon@bdrive.com 0.2 2014-5-9 jyyoon@bdrive.com 0.3 2014-6-14 jyyoon@bdrive.com 2.6 2015-10-29
More informationAmazon Elastic Compute Cloud. Amazon Elastic Compute Cloud. Amazon Elastic Compute Cloud 7/12/17. Compute. Instance.
Amazon Eastic Compute Coud Compute - The amount of computationa power required to fufi your workoad Instance - Virtua machines - Charged per hour whie running - Virtua Hardware - AMI - Software (appications,
More informationRISCV with Sanctum Enclaves. Victor Costan, Ilia Lebedev, Srini Devadas
RISCV with Sanctum Enclaves Victor Costan, Ilia Lebedev, Srini Devadas Today, privilege implies trust (1/3) If computing remotely, what is the TCB? Priviledge CPU HW Hypervisor trusted computing base OS
More informationEndBox: Scalable Middlebox Functions Using Client-Side Trusted Execution
: Scalable Functions Using -Side Trusted Execution Image CC-BY-SA Victorgrigas David Goltzsche, 1 Signe Rüsch, 1 Manuel Nieke, 1 Sébastien Vaucher, 2 Nico Weichbrodt, 1 Valerio Schiavoni, 2 Pierre-Louis
More informationSample of a training manual for a software tool
Sampe of a training manua for a software too We use FogBugz for tracking bugs discovered in RAPPID. I wrote this manua as a training too for instructing the programmers and engineers in the use of FogBugz.
More informationA Top-to-Bottom View: Energy Analysis for Mobile Application Source Code
A Top-to-Bottom View: Energy Anaysis for Mobie Appication Source Code Xueiang Li John P. Gaagher Roskide University Emai: {xueiang, jpg}@ruc.dk arxiv:1510.04165v1 [cs.oh] 14 Oct 2015 Abstract Energy efficiency
More informationCSE120 Principles of Operating Systems. Prof Yuanyuan (YY) Zhou Scheduling
CSE120 Principes of Operating Systems Prof Yuanyuan (YY) Zhou Scheduing Announcement Homework 2 due on October 25th Project 1 due on October 26th 2 CSE 120 Scheduing and Deadock Scheduing Overview In discussing
More informationAmazon S3 Advanced Features. Amazon S3 Advanced Features. Amazon S3 Advanced Features 7/12/17. Prefixes and Delimiters.
Prefixes and Deimiters Organize and emuate hierarchica fie systems. e.g., ogs/2016/january/server42.og Used with IAM to set permissions, share, etc. Storage Casses S3 Standard high durabiity, high avaiabiity,
More informationPolicy-Sealed Data: A New Abstraction for Building Trusted Cloud Services
Max Planck Institute for Software Systems Policy-Sealed Data: A New Abstraction for Building Trusted Cloud Services 1, Rodrigo Rodrigues 2, Krishna P. Gummadi 1, Stefan Saroiu 3 MPI-SWS 1, CITI / Universidade
More informationFlicker: An Execution Infrastructure for TCB Minimization
Flicker: An Execution Infrastructure for TCB Minimization Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Hiroshi Isozaki (EuroSys 08) Presented by: Tianyuan Liu Oct 31, 2017 Outline Motivation
More informationInfinity Connect Web App Customization Guide
Infinity Connect Web App Customization Guide Contents Introduction 1 Hosting the customized Web App 2 Customizing the appication 3 More information 8 Introduction The Infinity Connect Web App is incuded
More informationVirtual Machine Security
Virtual Machine Security CSE443 - Spring 2012 Introduction to Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ 1 Operating System Quandary Q: What is the primary goal
More informationCSE120 Principles of Operating Systems. Prof Yuanyuan (YY) Zhou Midterm Review
CSE120 Principes of Operating Systems Prof Yuanyuan (YY) Zhou Midterm Review Overview The midterm Architectura support for OSes OS modues, interfaces, and structures Processes Threads Synchronization Scheduing
More informationLeveraging Intel SGX to Create a Nondisclosure Cryptographic library
CS 2530 - Computer and Network Security Project presentation Leveraging Intel SGX to Create a Nondisclosure Cryptographic library Mohammad H Mofrad & Spencer L Gray University of Pittsburgh Thursday, December
More informationIntel Architecture: Features & Futures
Inte Architecture: Features & Futures For Servers & Workstations Stephen L. Smith Corporate Vice President, Microprocessor Products Group Genera Manager, Santa Cara Processor Division Inte Corporation
More informationVirtual Machine Virtual Machine Types System Virtual Machine: virtualize a machine Container: virtualize an OS Program Virtual Machine: virtualize a process Language Virtual Machine: virtualize a language
More informationObliviate: A Data Oblivious File System for Intel SGX. Adil Ahmad Kyungtae Kim Muhammad Ihsanulhaq Sarfaraz Byoungyoung Lee
Obliviate: A Data Oblivious File System for Intel SGX Adil Ahmad Kyungtae Kim Muhammad Ihsanulhaq Sarfaraz Byoungyoung Lee 1 Clouds? The Ultimate Dream? User Clouds 2 Clouds? The Ultimate Dream? User Clouds
More informationSafeBricks: Shielding Network Functions in the Cloud
SafeBricks: Shielding Network Functions in the Cloud Rishabh Poddar, Chang Lan, Raluca Ada Popa, Sylvia Ratnasamy UC Berkeley Network Functions (NFs) in the cloud Clients 2 Enterprise Destination Network
More informationIsoStack Highly Efficient Network Processing on Dedicated Cores
IsoStack Highly Efficient Network Processing on Dedicated Cores Leah Shalev Eran Borovik, Julian Satran, Muli Ben-Yehuda Outline Motivation IsoStack architecture Prototype TCP/IP over 10GE on a single
More informationLecture Embedded System Security Introduction to Trusted Computing
1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Summer Term 2015 Roadmap: Trusted Computing Motivation Notion of trust
More informationVirtualization, Xen and Denali
Virtualization, Xen and Denali Susmit Shannigrahi November 9, 2011 Susmit Shannigrahi () Virtualization, Xen and Denali November 9, 2011 1 / 70 Introduction Virtualization is the technology to allow two
More informationCSC 5930/9010 Cloud S & P: Virtualization
CSC 5930/9010 Cloud S & P: Virtualization Professor Henry Carter Fall 2016 Recap Network traffic can be encrypted at different layers depending on application needs TLS: transport layer IPsec: network
More informationHoly crap I need to pentest SAP from
Hoy crap I need to pentest SAP from Citrix @_Sn0rkY Joffrey.czarny@airbus.com Whoami Joffrey CZARNY Security researcher at Airbus Group Innovations aka @_Sn0rkY Pentester since 2001 Ambassador of Happiness
More informationIntroducing a Target-Based Approach to Rapid Prototyping of ECUs
Introducing a Target-Based Approach to Rapid Prototyping of ECUs FEBRUARY, 1997 Abstract This paper presents a target-based approach to Rapid Prototyping of Eectronic Contro Units (ECUs). With this approach,
More informationTowards High Assurance Networks of Virtual Machines
Towards High Assurance Networks of Virtual Machines Fabrizio Baiardi 1 Daniele Sgandurra 2 1 Polo G. Marconi - La Spezia, University of Pisa, Italy 2 Department of Computer Science, University of Pisa,
More informationADMINISTRATION GUIDE
STORMSHIELD VISIBILITY CENTER ADMINISTRATION GUIDE Date Juy 2017 Version V 1.1.1 Reference: svc-en-svc_administration_guide-v1.1.1 Detais Update 1. Tabe of contents 1. Getting started 4 2. Depoying the
More informationfile://j:\macmillancomputerpublishing\chapters\in073.html 3/22/01
Page 1 of 15 Chapter 9 Chapter 9: Deveoping the Logica Data Mode The information requirements and business rues provide the information to produce the entities, attributes, and reationships in ogica mode.
More informationHow to see what is happening inside your OpenStack using Elastic Stack and Prometheus
How to see what is happening inside your OpenStack using Eastic Stack and Prometheus Introduction & Agenda About me - Csaba Patyi (csaba@componentsofteu) - Consutant and Instuctor at Component Soft Ltd
More informationThe Road to a Secure, Compliant Cloud
The Road to a Secure, Compliant Cloud The Road to a Secure, Compliant Cloud Build a trusted infrastructure with a solution stack from Intel, IBM Cloud SoftLayer,* VMware,* and HyTrust Technology innovation
More informationBuilding the Web of Things
Buiding the Web of Things Interoperabiity for Connected Devices Dave Raggett W3C Track 14 Apri 2016 Many Potentia IoT Appication Areas each evoving rich capabiities Smart Homes Wearabes Heathcare Power
More informationCSE120 Principles of Operating Systems. Architecture Support for OS
CSE120 Principes of Operating Systems Architecture Support for OS Why are you sti here? You shoud run away from my CSE120! 2 CSE 120 Architectura Support Announcement Have you visited the web page? http://cseweb.ucsd.edu/casses/fa18/cse120-a/
More informationAn Optimizing Compiler
An Optimizing Compier The big difference between interpreters and compiers is that compiers have the abiity to think about how to transate a source program into target code in the most effective way. Usuay
More informationCOS 318: Operating Systems. Virtual Memory Design Issues: Paging and Caching. Jaswinder Pal Singh Computer Science Department Princeton University
COS 318: Operating Systems Virtua Memory Design Issues: Paging and Caching Jaswinder Pa Singh Computer Science Department Princeton University (http://www.cs.princeton.edu/courses/cos318/) Virtua Memory:
More informationAchieving safe, certified, multicore avionics systems with Separation Kernel Hypervisors
Safety & Security for the Connected World Achieving safe, certified, multicore avionics systems with Separation Kernel Hypervisors 13 October 2015 Mark Pitchford, Technical Manager, EMEA Achieving safe,
More informationSmart Antennas and Hypervisor: Enabling Secure Convergence. July 5, 2017
Smart Antennas and : Enabling Secure Convergence July 5, 2017 About OpenSynergy OpenSynergy develops software solutions for embedded automotive systems. OpenSynergy s product portfolio includes key software
More informationCSE 120 Principles of Operating Systems
CSE 120 Principles of Operating Systems Spring 2018 Lecture 16: Virtual Machine Monitors Geoffrey M. Voelker Virtual Machine Monitors 2 Virtual Machine Monitors Virtual Machine Monitors (VMMs) are a hot
More informationNested Virtualization and Server Consolidation
Nested Virtualization and Server Consolidation Vara Varavithya Department of Electrical Engineering, KMUTNB varavithya@gmail.com 1 Outline Virtualization & Background Nested Virtualization Hybrid-Nested
More informationMulti-MANO interworking for the management of multi-domains networks and network slicing Functionality & Demos
Muti-MANO interworking for the management of muti-domains networks and network sicing Functionaity & Demos Acknowedgement & Open Source Soutions NECOS project: NFVi Sicing http://aurabaea.com/necos/ SONATA
More informationManaged. Code Rootkits. Hooking. into Runtime. Environments. Erez Metula ELSEVIER. Syngress is an imprint of Elsevier SYNGRESS
Managed Code Rootkits Hooking into Runtime Environments Erez Metula ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Syngress is an imprint
More informationControlled- Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems
Controlled- Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems Yuanzhong Xu, Weidong Cui, Marcus Peinado The University of Texas at Austin, Microsoft Research San Jose, CA May
More informationBuilding Trustworthy Intrusion Detection Through Virtual Machine Introspection
Building Trustworthy Intrusion Detection Through Fabrizio Baiardi 1 Daniele Sgandurra 2 1 Polo G. Marconi - La Spezia, University of Pisa 2 Department of Computer Science, University of Pisa IAS Conference,
More informationDecoupling Dynamic Information Flow Tracking with a Dedicated Coprocessor
1 Decoupling Dynamic Information Flow Tracking with a Dedicated Coprocessor Hari Kannan, Michael Dalton, Christos Kozyrakis Presenter: Yue Zheng Yulin Shi Outline Motivation & Background Hardware DIFT
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 Operating System Quandary Q: What is the primary goal of system
More informationAdvanced Systems Security: Cloud Computing Security
Advanced Systems Security: Cloud Computing Security Trent Jaeger Penn State University Systems and Internet Infrastructure Security Laboratory (SIIS) 1 Cloudy Foundations Can customers move their services
More informationLecture Embedded System Security Introduction to Trusted Computing
1 Lecture Embedded System Security Introduction to Trusted Computing Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Summer Term 2017 Roadmap: Trusted Computing Motivation
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 1 Operating System Quandary Q: What is the primary goal of
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 Operating System Quandary Q: What is the primary goal of system
More informationShreds: S H R E. Fine-grained Execution Units with Private Memory. Yaohui Chen, Sebassujeen Reymondjohnson, Zhichuang Sun, Long Lu D S
Shreds: S H R E D S Fine-grained Execution Units with Private Memory Yaohui Chen, Sebassujeen Reymondjohnson, Zhichuang Sun, Long Lu RiS3 Lab / Computer Science / Stony Brook University 1 Execution Units
More informationMassively Parallel Hardware Security Platform
Massively Parallel Hardware Security Platform Dan Cvrček, Enigma Bridge, UK dan@enigmabridge.com Petr Švenda, CRoCS, Masaryk University, CZ svenda@fi.muni.cz Overview 1. Cryptography as a Service 2. Usage
More informationNCH Software Express Delegate
NCH Software Express Deegate This user guide has been created for use with Express Deegate Version 4.xx NCH Software Technica Support If you have difficuties using Express Deegate pease read the appicabe
More informationTowards Application Security on Untrusted Operating Systems
Towards Application Security on Untrusted Operating Systems Dan R. K. Ports MIT CSAIL & VMware Tal Garfinkel VMware Motivation Many applications handle sensitive data financial, medical, insurance, military...
More informationMAXPRO IP Video Solutions LEARN ONE, KNOW THEM ALL. Open, Flexible and Scalable Video Surveillance Platform
MAXPRO IP Video Soutions LEARN ONE, KNOW THEM ALL Open, Fexibe and Scaabe Video Surveiance Patform 1 LEARN ONE, KNOW THEM ALL Are you ooking for... Systems that are interoperabe with a wide range of surveiance
More informationLecture Embedded System Security Introduction to Trusted Computing
1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Summer Term 2012 Roadmap: Trusted Computing Motivation Notion of trust
More informationRTS-LIKE Pisa Soft PLC Real Time solutions. An alternative to the Windows WEC7 offer
RTS-LIKE Pisa 2014 Soft PLC Rea Time soutions. An aternative to the Windows WEC7 offer Agenda LP30/LP31 Codesys Windows soution Cyce time and contro processes Codesys and Rea Time Linux - OSADL LP3x -
More informationInfluential OS Research Security. Michael Raitza
Influential OS Research Security Michael Raitza raitza@os.inf.tu-dresden.de 1 Security recap Various layers of security Application System Communication Aspects of security Access control / authorization
More informationINFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD
Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD OVERVIEW Fundamental
More informationArchive Software with value add services:
E-Mai Archive Software with vaue add services: Protect your emais from data oss through reasonabe and secure backup features. Increase the productivity of your team by using the integrated search engine
More informationBEA WebLogic Server. Release Notes for WebLogic Tuxedo Connector 1.0
BEA WebLogic Server Reease Notes for WebLogic Tuxedo Connector 1.0 BEA WebLogic Tuxedo Connector Reease 1.0 Document Date: June 29, 2001 Copyright Copyright 2001 BEA Systems, Inc. A Rights Reserved. Restricted
More informationngenius Instrumentation Overview
ngenius Instrumentation Overview NetScout Systems, Inc. 4 Technoogy Park Drive Westford, MA 01886 Teephone: 978-614-4000 Fax: 978-614-4004 Web: http://www.netscout.com NetScout is a registered trademark
More informationData Management Updates
Data Management Updates Jenny Darcy Data Management Aiance CRP Meeting, Thursday, November 1st, 2018 Presentation Objectives New staff Update on Ingres (JCCS) conversion project Fina IRB cosure at study
More informationTolerating Malicious Drivers in Linux. Silas Boyd-Wickizer and Nickolai Zeldovich
XXX Tolerating Malicious Drivers in Linux Silas Boyd-Wickizer and Nickolai Zeldovich How could a device driver be malicious? Today's device drivers are highly privileged Write kernel memory, allocate memory,...
More informationA Userspace Packet Switch for Virtual Machines
SHRINKING THE HYPERVISOR ONE SUBSYSTEM AT A TIME A Userspace Packet Switch for Virtual Machines Julian Stecklina OS Group, TU Dresden jsteckli@os.inf.tu-dresden.de VEE 2014, Salt Lake City 1 Motivation
More informationConcurrent programming: From theory to practice. Concurrent Algorithms 2016 Tudor David
oncurrent programming: From theory to practice oncurrent Agorithms 2016 Tudor David From theory to practice Theoretica (design) Practica (design) Practica (impementation) 2 From theory to practice Theoretica
More informationKomodo: Using Verification to Disentangle Secure-Enclave Hardware from Software
Komodo: Using Verification to Disentangle Secure-Enclave Hardware from Software Andrew Ferraiuolo, Andrew Baumann, Chris Hawblitzel, Bryan Parno* Microsoft Research, Cornell University, Carnegie Mellon
More informationIntel, OpenStack, & Trust in the Open Cloud. Intel Introduction
Intel, OpenStack, & Trust in the Open Cloud Intel Introduction 1 Intel enables OpenStack Cloud Deployments 2 Intel Contributions to OpenStack Telemetry (Ceilometer) Object Store (Swift) Erasure Code Metrics
More informationCIS 4360 Secure Computer Systems SGX
CIS 4360 Secure Computer Systems SGX Professor Qiang Zeng Spring 2017 Some slides are stolen from Intel docs Previous Class UEFI Secure Boot Windows s Trusted Boot Intel s Trusted Boot CIS 4360 Secure
More informationDesigning Cost-Effective Ethernet Automotive E/E Architecture Against Security Threats IEEE-SA Ethernet & Automotive Technology Day
Designing Cost-Effective Ethernet Automotive E/E Architecture Against Security Threats 2017 IEEE-SA Ethernet & IP @ Automotive Technoogy Day 2 Agenda Connected vehice attack surfaces High eve security
More informationM2M / IoT Security. Eurotech`s Everyware IoT Security Elements Overview. Robert Andres
M2M / IoT Security Eurotech`s Everyware IoT Security Elements Overview Robert Andres 23. September 2015 The Eurotech IoT Approach : E2E Overview Application Layer Analytics Mining Enterprise Applications
More informationHiPAS High Performance Adaptive Schema Migration with Minimum Downtime Option
HiPAS High Performance Adaptive Schema Migration with Minimum Downtime Option pasofora GmbH An der Leiten 37 D-91177 Thamässing Web: www.pasofora.com Andreas Prusch Steffan Age Andreas.Prusch@pasofora.com
More informationPerformance Measurements of HPC-Applications at LRZ Gilbert Brietzke
Performance Measurements of HPC-Appications at LRZ Gibert Brietzke HPC Systems at LRZ 10 8 m 1 1m m 22 m 2 SuperMUC Architecture Performance Evauation: Toos A variety of performance measurement toos exist,
More informationTerra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)
Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006) Trusted Computing Hardware What can you do if you have
More informationOperating system hardening
Operating system Comp Sci 3600 Security Outline 1 2 3 4 5 6 What is OS? Hardening process that includes planning, ation, uration, update, and maintenance of the operating system and the key applications
More informationThe Android security jungle: pitfalls, threats and survival tips. Scott
The Android security jungle: pitfalls, threats and survival tips Scott Alexander-Bown @scottyab The Jungle Ecosystem Google s protection Threats Risks Survival Network Data protection (encryption) App/device
More informationXen and the Art of Virtualization. Nikola Gvozdiev Georgian Mihaila
Xen and the Art of Virtualization Nikola Gvozdiev Georgian Mihaila Outline Xen and the Art of Virtualization Ian Pratt et al. I. The Art of Virtualization II. Xen, goals and design III. Xen evaluation
More informationIntel Software Guard Extensions
Intel Software Guard Extensions Dr. Matthias Hahn, Intel Deutschland GmbH July 12 th 2017 cryptovision Mindshare, Gelsenkirchen Intel SGX Making Headlines Premium Content requiring Intel SGX on PC Intel
More informationISOLATION DEFENSES GRAD SEC OCT
ISOLATION DEFENSES GRAD SEC OCT 03 2017 ISOLATION Running untrusted code in a trusted environment Setting Possibly with multiple tenants OS: users / processes Browser: webpages / browser extensions Cloud:
More informationCLASS AGENDA. 9:00 9:15 a.m. 9:15 10:00 a.m. 10:00 12:00 p.m. 12:00 1:00 p.m. 1:00 3:00 p.m. 3:00 5:00 p.m.
CLASS AGENDA INTEL SGX OVERVIEW... DEVELOPER TOOLKIT... DEVELOPING FOR INTEL SGX... BREAK FOR LUNCH... PROVISIONING SECRETS... DATA SEALING...... 9:00 9:15 a.m. 9:15 10:00 a.m. 10:00 12:00 p.m. 12:00 1:00
More informationCIS 21 Final Study Guide. Final covers ch. 1-20, except for 17. Need to know:
CIS 21 Final Study Guide Final covers ch. 1-20, except for 17. Need to know: I. Amdahl's Law II. Moore s Law III. Processes and Threading A. What is a process? B. What is a thread? C. Modes (kernel mode,
More informationOperating System Security
Operating System Security Operating Systems Defined Hardware: I/o...Memory.CPU Operating Systems: Windows or Android, etc Applications run on operating system Operating Systems Makes it easier to use resources.
More informationModule: Cloud Computing Security
Module: Computing Security Professor Trent Jaeger Penn State University Systems and Internet Infrastructure Security Laboratory (SIIS) 1 Computing Is Here Systems and Internet Infrastructure Security (SIIS)
More informationDETERMINING INTUITIONISTIC FUZZY DEGREE OF OVERLAPPING OF COMPUTATION AND COMMUNICATION IN PARALLEL APPLICATIONS USING GENERALIZED NETS
DETERMINING INTUITIONISTIC FUZZY DEGREE OF OVERLAPPING OF COMPUTATION AND COMMUNICATION IN PARALLEL APPLICATIONS USING GENERALIZED NETS Pave Tchesmedjiev, Peter Vassiev Centre for Biomedica Engineering,
More informationMiniBox: A Two-Way Sandbox for x86 Native Code
MiniBox: A Two-Way Sandbox for x86 Native Code Yanlin Li CyLab/CMU Jonathan McCune CyLab/CMU, Google Inc. James Newsome CyLab/CMU, Google Inc. Adrian Perrig CyLab/CMU Brandon Baker Google Inc. Will Drewry
More informationIntel Software Guard Extensions (Intel SGX) SGX2
Intel Software Guard Extensions (Intel SGX) SGX2 Frank McKeen, Ilya Alexandrovich, Ittai Anati, Dror Caspi, Simon Johnson, Rebekah Leslie- Hurd, Carlos Rozas, Mark Shanahan, Bin (Cedric) Xing June 18,
More information