Saturday, January 16, 2016

We continue discussing the paper "Shielding applications from an untrusted cloud with Haven,” written by Andrew Baumann, Marcus Peinado, and Galen Hunt. We discussed enclave entry and exit with Intel SGX. We continue with another instruction ERESUME. This comes in useful when there's an exception. Consider the usual working of the OS when an exception occurs. The state of the registers would be saved for later use. When the exception occurs, the context and exception records are created. In Haven, we cannot trust the OS with register state, so the SGX saves the full context and information about the cause of the exit in the thread control structure (TCS) and replaces it with a synthetic context. When the enclave is resumed on the TCS, this entry point must be different from the usual entry and hence the instruction ERESUME is used which restores the last saved context. Alternatively, the OS can re-enter the enclave and this is an opportunity for the OS to inspect and modify its own state. If it doesn't match, an exception can be reported and the enclave must handle it which in this case could be the panic response. SGX is an imperfect implementation of shielded execution. If the OS can see the internal state of the enclave such as the exception vector or in the case of a page fault, the type of access and the base address of the page. It allows the OS to retain control over the resource management i.e CPU time and memory. It can deny service to the enclave but cannot cause it to execute incorrectly. SGX does not allow enclave pages to be added after creation nor EPC permissions changed
We now review dynamic memory allocation. Initially SGX did not allow pages to be added or permissions to be modified. This was limiting for the unmodified applications. Consider the database server as an example that reserves several pages. In SGXv2, there is a co-operative mode between the OS and the enclave by which enclave pages can be added or removed and their permissions modified.
SGX includes additional instructions such as EMODT, EMODPR, EBLOCK, ETRACK and EACCEPT to enable this.
The shield module in Haven works with Drawbridge which is a system supporting low-overhead sandboxing of Windows applications. Drawbridge consists of two core mechanisms, both of which Haven leverages, the pico process and the library OS.  The picoprocess is a secure isolation container constructed from a hardware address space. It does not interact with the OS services or system call. Instead it uses an ABI of a few down calls(40) and even fewer up calls(3).
#codingexercise
An alien language consists of words where every word consists L lowercase letters  and there are exactly D words in the language. However, the letters comprising  the words may have signal loss so we can only represent them as (ab)d(dc) for the L tokens where ab means either a or b and dc means either d or c. and the pattern stands for add, adc, bdd, bdc
We are given L as 3 and D as the following: ["abc", "bca", "dac", "dbc", "cba"]
(ab)(bc)(ca)
int GetCountOfMatchingWords(string pattern, List<string> D, int L)
{
var parts = pattern.split(new char[] {"(", ")"});
var tokens = new List<string>(parts);
tokens = tokens.Where(s => !string.IsNullOrWhitespace(s)).ToList();
assert (token.Count == L);
var results = new List<string> ();
Stringbuilder b;
Combine(tokens, ref results, D, b, 0,0);
return results.Count();
}

Void Combine (List<string> tokens, ref List<string> results, List<string> D, StringBuilder b, int part, int level) 
{ 
   For (int i  = start; i < tokens.Counti++) 
{
    for (int j = 0; j < tokens[i].Count; j++)
   {  
       If (b.Length == tokens.Count) { if (D.Contains(b)) {results.Add(b);} }
       b[level] = tokens[i][j]; 
       If (I < tokens.Count) 
            Combine(tokens, ref results, D,b, start+1,level+1);
       B[level] = ‘/0’; 
   }
}
} 

No comments:

Post a Comment