Friday, January 15, 2016

We continue discussing the paper "Shielding applications from an untrusted cloud with Haven,” written by Andrew Baumann, Marcus Peinado, and Galen Hunt. We were discussing the Intel SGX. SGX protects the confidentiality and integrity of pages in an enclave.  The pages are allocated by the OS but must occupy a specific region of physical memory: the enclave page cache.  Just like the RAM backing it, EPC is a limited resource. Therefore SGX enables OS to virtualize EPC by paging its contents to other storage. While this might be considered risky, the contents of the evicted page are actually written to an encrypted buffer. The OS may relocate this but the hardware keeps a version number for that page and requires the OS to follow a hardware verified protocol to ensure that TLB shootdown has completed.
SGX supports  CPU based attestation by which a remote system can establish shared secrets that allows it to set up an end to end encrypted channel with the enclave. When the enclave is created,  a secure hash known as a 'measurement' is established of the enclave's initial state. The enclave may later retrieve a report signed by the processor that proves its identity to and communicates a unique value (such as a publickey) with another local enclave. Using a trusted quoting enclave, this mechanism can be leveraged to obtain an attestation known as a quote  which proves to the remote system that the report comes from an enclave running on a genuine SGX implementation.
SGX therefore protects the contents and integrity of the memory mappings. SGX also mediates transitions into and out of the enclave using a thread control structure When user code begins executing an enclave, it invokes EENTER on an idle TCS at which point the enclave code might access enclave pages according to the protection model above. This continues in the enclave mode until the user code explicitly leaves by invoking EEXIT or an exception or interrupt returns control to the OS  which is called an asynchronous exit EENTER and EEXIT mark explicit access and they make sure the inputs are validated and there's proper cleanup of registers.
#coding exercise
You are given a store credit of N dollars and a list of prices of different items the store sells. Find the positions of two items on that list that add up to N assuming that there will be a solution in that list.
void printSelections(List<int> prices)
{
var wantedpair = new Hashtable<int, int>();

for (int i = 0; i < prices.Count(); i++)
{
   if (wantedpair.ContainsKey(prices[I])){
          Console.WriteLine("Items at {0} and {1} total N in price", wantedpair[prices[i]], i);
          return;
   }else{
    wantedpair.Add(N-prices[I], I);
   }
}
}
 

No comments:

Post a Comment