We continue discussing the paper "Shielding applications from an untrusted cloud with Haven,” written by Andrew Baumann, Marcus Peinado, and Galen Hunt. We were describing the shield module uses a reserved area of protected memory and file system and does a sanity check of untrusted inputs. The host may deny service but it cannot alter the behavior of the application. The host maybe malicious for example it may support lago attack. A lago attack is one where the host fails system calls to gain access to the users stack. More on this to come later. To mitigate the lago attacks a shield module includes typical kernel functionality such as scheduling, VM, file system, and interacts with the untrusted interface with host. The shield module has a memory allocator for which the host commits or protects specific pages and performs no address allocation. A private file system is provided by the host. The shield module has a scheduler that does not trust host to schedule threads. It has an exception handler that emulates some instructions. It performs sanity check of untested inputs.
The other kinds of attacks are where the application itself cannot be trusted and the operating system cannot be trusted. That is why the enclave protects guest from the host while the picoprocess it is running in protects host from the guest. The enclave loads the unmodified binaries of the application, a module that forms a subset of windows to run in process and the shield module. The module that interacts with the application binaries uses the windows API and with the shield module using the Drawbridge ABI. The windows kernel loads the Drawbridge host and SGX driver. This enclave is Haven.
The original intel SGX had its limitations. It needed new instructions for dynamic memory allocation and protection. SGX doesn't report page faults or GPFs to the enclave and it permitted RDTSC and RDTSCP instructions for practicality and performance. The thread local storage can't reliably switch FS and GS. These were fixed in SGX v2.
#codingquestion
To the problem described in the previous post, if two players playing red and blue occupy the positions marked 1 alternative determine who will have four pieces in a row when you rotate the board.
Modify BoardHasFourInRow to take color as a parameter and add the check matrix[i,j] == color in as the first condition to proceed or exit in FourInRow function.
void PrintWinner(int[,] matrix, int N)
{
RotateAndDrop(matrix, N);
bool blue = BoardHasFourInRow(matrix, N, BLUE);
bool red = BoardHasFourInRow(matrix, N, RED);
if (blue && red) { Console.Write("both"); return;}
if (blue) { Console.Write("blue"); return;}
if (red) { Console.Write("red"); return;}
Console.Write("neither");
}
int GetMax(List<int> numbers)
{
return numbers.Max();
}
int GetMin(List<int> numbers)
{
return numbers.Min();
}
The original intel SGX had its limitations. It needed new instructions for dynamic memory allocation and protection. SGX doesn't report page faults or GPFs to the enclave and it permitted RDTSC and RDTSCP instructions for practicality and performance. The thread local storage can't reliably switch FS and GS. These were fixed in SGX v2.
#codingquestion
To the problem described in the previous post, if two players playing red and blue occupy the positions marked 1 alternative determine who will have four pieces in a row when you rotate the board.
Modify BoardHasFourInRow to take color as a parameter and add the check matrix[i,j] == color in as the first condition to proceed or exit in FourInRow function.
void PrintWinner(int[,] matrix, int N)
{
RotateAndDrop(matrix, N);
bool blue = BoardHasFourInRow(matrix, N, BLUE);
bool red = BoardHasFourInRow(matrix, N, RED);
if (blue && red) { Console.Write("both"); return;}
if (blue) { Console.Write("blue"); return;}
if (red) { Console.Write("red"); return;}
Console.Write("neither");
}
int GetMax(List<int> numbers)
{
return numbers.Max();
}
int GetMin(List<int> numbers)
{
return numbers.Min();
}
No comments:
Post a Comment