Tuesday, January 19, 2016

We continue discussing the paper "Shielding applications from an untrusted cloud with Haven,” written by Andrew Baumann, Marcus Peinado, and Galen Hunt. Today we discuss Haven design that extends the Drawbridge. The shield module implements the Drawbridge ABI which the LibOS requires. The LibOS provides a limited subset of core OS functions.The shield module provides a user mode implementation of memory management, file system, thread synchronization . It emulates the operating system and acts as a trusted bootloader for the LibOS and the application. It mitigates lago attacks from outside the enclave. It does this by validating all parameters and results passed across a narrow interface with the untrusted runtime. For example it validates that the parameters of upcalls and the results of the downcall agree with their specification. Many OS call parameters take buffer and size and validations include the check such as the number of bytes read cannot be more than the requested size. Similarly error codes must be within an acceptable list for specific downcalls. Both hardware and software can be leveraged to perform additional validation.
#codingexercise
Given a 2D array of R rows and C columns filled with N elements such that inner walls within the array have fewer elements on either side, find the number of such walls that that have elements on both sides
Solution. The boundaries are the starting points and that too the corners followed by alternate penultimate boundary of elements until the center and then the rest .The walls of the boundary can be enumerated as vertical as to the right of the element or horizontal as below the element leaving those walls that are on the boundary the horizontal floors of the last row and the vertical floors of the last column. If a wall has elements on both sides, it is counted. The count of these walls is returned.

No comments:

Post a Comment