We continue discussing the paper "Shielding applications from an untrusted cloud with Haven,” written by Andrew Baumann, Marcus Peinado, and Galen Hunt. We were discussing the Drawbridge ABI and the untrusted runtime. Let us look at the services provided by the shield module. The virtual address region occupied by a Haven enclave starts at zero. This allows the enclave to reliably detect and handle NULL pointer dereferences. A malicious host could map pages there and redirect NULL access to choice data. Hence a check is performed at startup that the address starts at zero, The enclave's virtual size must be large enough for all possible allocations by application and small enough to leave some for the untrusted runtime and host OS. The shield manages virtual memory within the enclave. It includes a region allocator, tracking the sub-regions of the enclave. Regions, pages and allocations are hierarchical and the shield which are committed and usable by the application and their permissions (read, write, execute). For each allocation, the shield chooses an address, calls out to the host to make appropriate changes, then uses the dynamic memory allocation instructions to ensure that the expected changes are made. By going in the middle, the shield never allows the host to choose virtual address space and prevents exploits of the latent bugs in the application. If the application requests non-enclave memory, it suitably blocks and fails the request.
Data is protected by encryption when its in memory and when it is in secure persistent storage. The encryption alone doesn't work in storage because the file metadata may leak guest state. That is why shield implements a private file system. The prototype that the authors built uses a FAT32 file system on an encrypted VHD image. Each disk block is encrypted independently.
#codingexercise
Given a 2D array of R rows and C columns filled with N elements such that inner walls within the array have fewer elements on either side, find the number of such walls that that have elements on both sides
we mentioned the solution earlier, today we implement traversing the alternate concentric border starting at (i,j) the top left and with length row and height col but we pick out the corners before calling this method.
bool traverseAlongBordersAndPlace(int[,] used, int i, int j, int row, int col)
{
for (int y = j; y < j + col; y++)
if (used[i,y] == 0) { used[i,y] = 1; // occupied
return True;}
for (int x = i; x < i + row; x++)
if (used[x,j+col-1] == 0) { used[x,j+col-1] = 1; // occupied
return True;}
for (int y = j+col-1; y >=j ; y--)
if (used[i+row-1, y] == 0) { used[i+row-1,y] = 1; // occupied
return True;}
for (int x = i+row-1; x >=0 ; x--)
if (used[x,j] == 0) { used[x,j] = 1; // occupied
return True;}
return False;
}
Data is protected by encryption when its in memory and when it is in secure persistent storage. The encryption alone doesn't work in storage because the file metadata may leak guest state. That is why shield implements a private file system. The prototype that the authors built uses a FAT32 file system on an encrypted VHD image. Each disk block is encrypted independently.
#codingexercise
Given a 2D array of R rows and C columns filled with N elements such that inner walls within the array have fewer elements on either side, find the number of such walls that that have elements on both sides
we mentioned the solution earlier, today we implement traversing the alternate concentric border starting at (i,j) the top left and with length row and height col but we pick out the corners before calling this method.
bool traverseAlongBordersAndPlace(int[,] used, int i, int j, int row, int col)
{
for (int y = j; y < j + col; y++)
if (used[i,y] == 0) { used[i,y] = 1; // occupied
return True;}
for (int x = i; x < i + row; x++)
if (used[x,j+col-1] == 0) { used[x,j+col-1] = 1; // occupied
return True;}
for (int y = j+col-1; y >=j ; y--)
if (used[i+row-1, y] == 0) { used[i+row-1,y] = 1; // occupied
return True;}
for (int x = i+row-1; x >=0 ; x--)
if (used[x,j] == 0) { used[x,j] = 1; // occupied
return True;}
return False;
}
No comments:
Post a Comment