We continue discussing the paper "Shielding applications from an untrusted cloud with Haven,” written by Andrew Baumann, Marcus Peinado, and Galen Hunt. We were reviewing Hardware security modules (HSM) and Trusted Hardware  or Trusted Platform Modules(TPM) that isolate applications from an untrusted OS. We also reviewed related work in shielding application from an untrusted OS. We also looked at hybrid applications that also used encryption. When compared to these systems, Haven seems the first to implement shielded execution of unmodified server applications in an untrusted cloud host. This is roughly equivalent to a user operating their own hardware in a locked cage at a collocation facility.  The host only provides raw resources such as  processor cycles, storage and networking. It can deny service but cannot but cannot observe or modify user data except those in transit and this is called shielded execution. A shielded execution fundamentally guarantees confidentiality and integrity. The former implies that the execution of the shielded program appears as a "black box" to the rest of the system. The latter implies that the system cannot affect the behaviour of the program.  Haven leverages Intel SGX which allows a process to instantiate a secure region of address space known as an enclave. Then execution of code within this enclave is then protected. While the code assumes the OS would behave correctly, the host OS may be malicious. Therefore Haven implements a protected runtime using an in-enclave Library OS (LibOS) using a mutually distrusting interface with the host OS. Combined with a remote attestation mechanism, Haven gives the user end to end guarantee of application security without distrusting the cloud provider, it software or hardware beyond the processor itself. The studies in this paper furthered improvements to SGX to enable efficient shielded execution. SGX performs memory protection by mediating page mappings at enclave setup and maintains shadow state for each page. These pages are allocated by the OS but must occupy a specific region of the physical memory. SGX supports CPU based attestation enabling a remote system to verify cryptographically that specific software has been loaded within an enclave, and establish shared secrets allowing it to bootstrap an end to end encrypted channel within the enclave. SGX also mediates transitions into and out of the enclave and protects the enclave's register file from the OS exception handlers. Revised SGX includes new instructions that allow the enclave and the host OS to co-operatively add/remove pages and modify their permissions. In addion to leveraging SGX, Haven builds on Drawbridge that supports low overhead sandboxing of Windows applications. Thus Haven's design is based on a shield module, an untrusted interface and an untrusted runtime.
#codejam problem
A country has D denominations of its currency.  A new rule mandates that only C number of any denomination may be used. How many minimum new dominations must the mint owner issue to enable all sums from 1 to  a given value V?
int GetMinNewValues(List<int>N, int D, int C, int V)
{
Assert  (N.count == D);
int r = 0;
int m = 1;
while (m <= V)
{
   if  (N.Count > 0 and N[0] <= m)
   {
         m += N[0] * C;
         N.RemoveAt(0);
    }
    else
    {
            r  += 1;
            m += m * C;
     }
}
return r;
}
http://1drv.ms/1RcXlib