We continue discussing the paper "Shielding applications from an untrusted cloud with Haven,” written by Andrew Baumann, Marcus Peinado, and Galen Hunt. We were discussing the initialization step for the shield module.After initialising itself, the shield generates a public/private key pair, and then uses its parameters to establish a network connection with the user. The connection is made to a machine physically under the control of a user or another enclave in the cloud. In either case, the shield uses the SGX attestation mechanism to create a hash and sends it to the user along with its public key. This proves that the shield has correctly loaded and executes in an SGX enclave. If the enclave's measurement is as expected which means the shield was correctly loaded with the desired parameters, the user encrypts the VHD key using the public key sent and sends it back. Therefore any tampering with the shield binary is detected and thwarted. The shield now decrypts the VHD key using its private key and uses it to access the contents of the VHD. With this the LibOS and application can be loaded and any communication with the outside world and access to secrets in the VHD is controlled by the application. The network connection is over SSH and the keys may be stored in the VHD itself to begin with. The connection can therefore be made over the untrusted network but this could be extended to using virtual private network.
After initialization and loading, the application performs most of its execution in the enclave, calling out to the untrusted host only for system services. This is opposite of the SGX usage model of untrusted code calling into an enclave The upcalls are performed with EENTER and the downcalls are peformed with EEXIT, the latter with proper cleanup.
#codingexercise.
Usually one can reach a number starting from 1 by incrementing 1 repeatedly.
But assume the following operations are permitted:
1) a number can be reversed to speed it up. For example after 12, comes 13 and 13 can be reversed as 31 and the next number can be 32
2) a number can reversed to decrement as well. For example 10 can be reversed to 01 and the leading zeros removed to get 1.
Find the minimum number of operations to be performed (or the different numbers generated) to arrive at a given number N.
Solution: Note that the speedup is what we want for minimal number of numbers. The speedup happens only when the reverse of the number is less than the destination. For example to reach 33, we have to count uptil 13 and then invert to get 31 followed by unit increments to 33. The speedup happens best when the reverse that gets you the largest jump.
For example, we can to get 100, we can go 1 to 19, then invert it to get 91 and increment to 100 resulting in 29 interim numbers
or we could go from 1 to 18 81 through 89 and 98 to 100 = 30 numbers
1 through 15 51 through 59 95 through 100 = 29 numbers
1 12, 21 through 29, 92 through 100 = 29 numbers
1 12, 21 through 25, 52 through 59, 95 to 100 = 30 numbers
Note that the solution is incremental as well and the sequence generated will be the same for each increasing N.
what sequence was generated for 97 will also be generated for 98 and will work for 99 because either the reverse is chosen or the next increment is chosen at each step resulting in a strictly increasing sequence. So we can generate each numbers predecessor and this will always be the same.
index 0 1 2 3 ... 9 10 11 12 13 .. 21
current 0 1 2 3 ... 9 10 11 12 13 ...13
we start with an array of sequential numbers to N starting from 0.
int GetNext(int[] A, int index)
{
int next = A[index-1] + 1; // next increment by default
int r = ReverseInt(index);
if (index % 10 != 0 and r < index )
next = min(A[index], A[r]+1);
A [index] = next;
return next;
}
When iterated from 1 to N, the GetNext fills the array A and the desired answer can be directly read from the array at the index corresponding to the number.
After initialization and loading, the application performs most of its execution in the enclave, calling out to the untrusted host only for system services. This is opposite of the SGX usage model of untrusted code calling into an enclave The upcalls are performed with EENTER and the downcalls are peformed with EEXIT, the latter with proper cleanup.
#codingexercise.
Usually one can reach a number starting from 1 by incrementing 1 repeatedly.
But assume the following operations are permitted:
1) a number can be reversed to speed it up. For example after 12, comes 13 and 13 can be reversed as 31 and the next number can be 32
2) a number can reversed to decrement as well. For example 10 can be reversed to 01 and the leading zeros removed to get 1.
Find the minimum number of operations to be performed (or the different numbers generated) to arrive at a given number N.
Solution: Note that the speedup is what we want for minimal number of numbers. The speedup happens only when the reverse of the number is less than the destination. For example to reach 33, we have to count uptil 13 and then invert to get 31 followed by unit increments to 33. The speedup happens best when the reverse that gets you the largest jump.
For example, we can to get 100, we can go 1 to 19, then invert it to get 91 and increment to 100 resulting in 29 interim numbers
or we could go from 1 to 18 81 through 89 and 98 to 100 = 30 numbers
1 through 15 51 through 59 95 through 100 = 29 numbers
1 12, 21 through 29, 92 through 100 = 29 numbers
1 12, 21 through 25, 52 through 59, 95 to 100 = 30 numbers
Note that the solution is incremental as well and the sequence generated will be the same for each increasing N.
what sequence was generated for 97 will also be generated for 98 and will work for 99 because either the reverse is chosen or the next increment is chosen at each step resulting in a strictly increasing sequence. So we can generate each numbers predecessor and this will always be the same.
index 0 1 2 3 ... 9 10 11 12 13 .. 21
current 0 1 2 3 ... 9 10 11 12 13 ...13
we start with an array of sequential numbers to N starting from 0.
int GetNext(int[] A, int index)
{
int next = A[index-1] + 1; // next increment by default
int r = ReverseInt(index);
if (index % 10 != 0 and r < index )
next = min(A[index], A[r]+1);
A [index] = next;
return next;
}
When iterated from 1 to N, the GetNext fills the array A and the desired answer can be directly read from the array at the index corresponding to the number.
No comments:
Post a Comment