Thursday, January 14, 2016

#coding exercise
You are given a store credit of N dollars and a list of prices of different items the store sells. Find the positions of two items on that list that add up to N assuming that there will be a solution in that list.
void printSelections(List<int> prices)
{
for (int i = 0; i < prices.Count(); i++)
{
for (int j =0; j < prices.Count(); j++)
{
   if (i != j && prices [i] + prices[j] == N){
          Console.WriteLine("Items at {0} and {1} total N in price", prices[i], prices[j]);
       return;
   }
}
}
}

We continue discussing the paper "Shielding applications from an untrusted cloud with Haven,” written by Andrew Baumann, Marcus Peinado, and Galen Hunt.
We discuss Intel SGX now. SGX protects the confidentiality and integrity of pages in an enclave which is a region of user mode address space. when it is cache-resident,  enclave data is protected by CPU access controls - the TLB but when it is written to memory, it is encrypted and if the data is modified, it will fail to load signaling a fault.
When the enclave is setup, the page mappings are done by SGX and a shadow state for each page is maintained. Enclaves are created by an ECREATE instruction which initializes a control structure in protected memory. Once an enclave is create, pages of memory are added with an EADD instruction. The pages continue to be allocated by the OS but they must occupy a specific region of physical memory - the enclave page cache.  For each EPC page, the hardware tracks its type, the enclave to which it is mapped, the virtual address within the enclave, and permissions (read, write and execute). On each enclave page access, after walking the page table, SGX ensures that the processor is in enclave mode, the page belongs to EPC and is correctly typed, the current enclave maps the page at the accessed virtual address space and the access agrees with the page permissions.

No comments:

Post a Comment