We continue discussing the paper "Shielding applications from an untrusted cloud with Haven,” written by Andrew Baumann, Marcus Peinado, and Galen Hunt. We were reviewing Hardware security modules (HSM) and Trusted Hardware or Trusted Platform Modules(TPM) that isolate applications from an untrusted OS. We also reviewed related work in shielding application from an untrusted OS. However, systems based solely on protecting application memory from an untrusted OS are vulnerable to lago attacks through the system call interface. Systems like InkTag attempt to defeat lago attacks by intercepting system calls but OS systems have a tremendous surface area and this may not handle all that arbitrary applications use. For example, Linux has over 300 system calls and windows has over 1000 system calls. It also avoids the need for a trusted hypervisor through SGX assistance. Haven mitigates this with a substantially smaller mutually distrusting host interface It also avoids the need for a trusted hypervisor through SGX assistance.
We now look at related work in Cloud Security where systems tackle the problem of removing trust from the cloud One way to do this is to work with encrypted data at rest and in transit. Some database queries and map-reduce programs can take advantage of this and it does not require trusted hardware but new applications have to be written.
There have been some hybrid systems as well. MiniBox combines the isolation of TrustVisor, with the sandbox of NativeClient. Like Haven, MiniBox achieves mutual distrust between application code and the host OS. Unlike Haven, MiniBox relies on a trusted hypervisor, and its isolated execution environment supports only small pieces of application logic, rather than complete unmodified applications. PrivateCore is a virtual machine monitor that implements full memory encryption for commodity hardware. It achieves this by executing guest VMs entirely in-cache and encrypting their data before it is evicted to main memory. Although it relies on a trusted hypervisor, like SGX it builds a resistance to memory probes and similar physical attacks.
#codejam exercise
Brattleship is played the same as Battleship on a R x C board with a single ship of length W placed horizontally except that the other player can cheat by calling a hit a miss and moving the ship elsewhere but cannot be inconsistent with earlier declarations. How many turns minimum are needed to play ?
int GetMinimumMoves(int R, int C, int W)
{
return R*(C/W) + W - (C%W==0);
}
We now look at related work in Cloud Security where systems tackle the problem of removing trust from the cloud One way to do this is to work with encrypted data at rest and in transit. Some database queries and map-reduce programs can take advantage of this and it does not require trusted hardware but new applications have to be written.
There have been some hybrid systems as well. MiniBox combines the isolation of TrustVisor, with the sandbox of NativeClient. Like Haven, MiniBox achieves mutual distrust between application code and the host OS. Unlike Haven, MiniBox relies on a trusted hypervisor, and its isolated execution environment supports only small pieces of application logic, rather than complete unmodified applications. PrivateCore is a virtual machine monitor that implements full memory encryption for commodity hardware. It achieves this by executing guest VMs entirely in-cache and encrypting their data before it is evicted to main memory. Although it relies on a trusted hypervisor, like SGX it builds a resistance to memory probes and similar physical attacks.
#codejam exercise
Brattleship is played the same as Battleship on a R x C board with a single ship of length W placed horizontally except that the other player can cheat by calling a hit a miss and moving the ship elsewhere but cannot be inconsistent with earlier declarations. How many turns minimum are needed to play ?
int GetMinimumMoves(int R, int C, int W)
{
return R*(C/W) + W - (C%W==0);
}
No comments:
Post a Comment