Saturday, February 6, 2016

We continue discussing the paper "Shielding applications from an untrusted cloud with Haven,” written by Andrew Baumann, Marcus Peinado, and Galen Hunt. We were reviewing Hardware security modules (HSM) and Trusted Hardware  or Trusted Platform Modules(TPM) that isolate applications from an untrusted OS. We were discussing multiplexing TPM systems. There are two approaches here. The first is to multiplex the entire PC between secure kernels and an untrusted OS. However this is slow because it uses a separate chip. The second approach attests a trusted hypervisor or OS. The isolated execution is implemented in software. However, the hypervisor remains under the cloudprovider's control. The cloud provider has to maintain the hypervisor by updating it with patches. The cloud user could compare the TPM attestation with a known hash of the hypervisor binary but the hash has to be meaningful. This can be achieved incrementally even with patches because we take a hash from a good state and as we add patches incrementally, we safeguard the process and the addition, verifying it and regenerating the hash. Essentially the trust between the user and the provider is in the hash. If it is done correctly, it can mitigate tampering. But if it is comprised it lays waste to the efforts. This can be done but the process and mechanism may need to be represented in the hash's meaning.
In other words, with the reasoning above, the authors argue that software alone cannot be sufficient at this time to provide the trusted computing base. Hardware modules are required. Although there are examples such as ARM processors, they too suffer from the same drawback. ARM processors have what is called a 'TrustZone' that enables a secure world execution environment that is isolated from the OS.Hence its very much like the TPM in that it relies on software.
Let us now look into related work in shielding apps from an untrusted OS. Here a number of systems seek to defend applications from a malicious OS. XOMOS used custom hardware or more recently trusted hypervisors. Proxos runs isolated applications on a separate VM, but allows them to interact with  a commodity hardware. Overshadow and SP3 introduced transparent encryption of user memory when visible to the OS and this protects the application data from direct tampering.CloudVisor  extended this technique to full VMs using nested virtualization. On the other hand, SecureME accelerated it in hardware. More recently InkTag optimizes the guest OS and protects persistent storage. Virtual Ghost implements a similar mechanism within the OS kernel.
#codejam and solution
A deer runs around a circle at constant speed. Men are walking along the circle all the time. When a deer catches up with the walker at any time, its called an encounter. The positions and speed of the walkers are given (from 0 to 360 with 0 and 360 treated different and speed in minutes). The deer can change the speed at any time but usually maintains the same rate. What is the minimum number of encounters a deer can have ?
We know that the deer is aware of the starting position D, the number of hikers at that position H and their time to complete the circle as M for all the hikers.
Therefore we can create a list of all positions that can be occupied by repeatedly enumerating the previously added entries in the list with the time increments. If we can find a position in between, then that is sufficient to complete the rest of the hike for the deer. We can evaluate a metric for both dimensions of distance and time using the first two datapoints. If we find the greatest common factors of the remaining distance for the first and the original time taken together with time for each of the 360 starting positions, then this should be greater than the corresponding first component if the second datapoint to avoid an encounter. When we compare the factors, we are essentially converting the circular distance covered to a linear scale and comparing to see that there is some headroom between the two to see that a solution exists without an encounter otherwise there will be at least one encounter. The answer is therefore either 1 or 0.
Courtesy:alexamici 

No comments:

Post a Comment