We continue discussing the paper "Shielding applications from an untrusted cloud with Haven,” written by Andrew Baumann, Marcus Peinado, and Galen Hunt. We were discussing user mode scheduling by shield module.In order to generate entropy for the shield, a RDRAND instruction is used which is a secure source of randomness. It uses this together with dynamic loading/relocation of application binaries. Our loader space does not yet implement address space layout randomization. Process creation is not supported. Very few applications fork process on Windows. and those that do often run it as a subprocess. It is often sufficient to run the subprocess in a different portion of the parents address space.within the enclave.
Haven applications are deployed using Cloud VMs, with an extra attestation step we now describe. A user constructs a disk image containing application and LibOS binaries and data, and then encrypts it without sharing its key. The encrypted VHD and shield binary are sent to the cloud provider. The shield is not encrypted but its integrity will be verified. The cloud provider establishes a picoprocess and loads the untrusted runtime. When the enclave is created, it loads the shield module. While the shield is loaded, the hardware attestation mechanims compute the hash for the initial state. The shield receives two startup parameters, a structure of untrusted parameters chosen by host and a structure of trusted parameters chosen by the user. The host chooses addresses of down call functions and the user chooses configuration options such as the environment variables. This makes up the initialization step.
#codingexercise
A grid of R rows and C columns contains one of the four directions or nothing. Assume that a pegman dropped on the grid will start using the direction in the cell and continues to move in that direction across empty adjacent cells. If the pegman is dropped on an empty cell, he stands still forever. If the pegman encounters another direction, he will change direction as per the new one. Given that there are only a few directions present on the grid and we can only change existing pattern, find the minimum number of directions, if any, that can be changed to prevent the pegman from falling off the board.
Solution: The best way to prevent the pegman from falling off the board is when there is another direction between its current and the boundary. Because that direction can be changed as opposite to the current and the pegman can be bounded forever. The four directions can be arranged in two by two grid as going around the perimeter clockwise to give an example of retaining it within a board.
int getCount(int[,]grid, int r, int c, int deltar, int deltac, Dictionary<char, Tuple<int,int>> directions)
{
int count = 0;
for (int i = 0; i < R ; i ++)
for (int c = 0; c < C; c++)
{
if (grid[r,c] == '.') continue;
Tuple<int, int> delta = directions[grid[r,c]]; // generates +/- 1, +/- 1
if (nextDirExists(grid, r, c, delta.Item1, delta.Item2)) continue;
bool solution = false;
foreach (var kvp in directions){
delta = kvp.value
if (nextDirExists(grid, r, c, delta.Item1, delta.Item2))
{
solution = True;
}
}
if (solution){
count += 1;
}
}
return count;
}
#problemsolving there are many puzzles that can be made with a grid layout and repeating patterns such as in a chessboard. Often the military uses such signs for their colors on their uniforms. Signals here are formed formed repeating sequences and colors that designate the team and are a way for the identification of that team.
Haven applications are deployed using Cloud VMs, with an extra attestation step we now describe. A user constructs a disk image containing application and LibOS binaries and data, and then encrypts it without sharing its key. The encrypted VHD and shield binary are sent to the cloud provider. The shield is not encrypted but its integrity will be verified. The cloud provider establishes a picoprocess and loads the untrusted runtime. When the enclave is created, it loads the shield module. While the shield is loaded, the hardware attestation mechanims compute the hash for the initial state. The shield receives two startup parameters, a structure of untrusted parameters chosen by host and a structure of trusted parameters chosen by the user. The host chooses addresses of down call functions and the user chooses configuration options such as the environment variables. This makes up the initialization step.
#codingexercise
A grid of R rows and C columns contains one of the four directions or nothing. Assume that a pegman dropped on the grid will start using the direction in the cell and continues to move in that direction across empty adjacent cells. If the pegman is dropped on an empty cell, he stands still forever. If the pegman encounters another direction, he will change direction as per the new one. Given that there are only a few directions present on the grid and we can only change existing pattern, find the minimum number of directions, if any, that can be changed to prevent the pegman from falling off the board.
Solution: The best way to prevent the pegman from falling off the board is when there is another direction between its current and the boundary. Because that direction can be changed as opposite to the current and the pegman can be bounded forever. The four directions can be arranged in two by two grid as going around the perimeter clockwise to give an example of retaining it within a board.
int getCount(int[,]grid, int r, int c, int deltar, int deltac, Dictionary<char, Tuple<int,int>> directions)
{
int count = 0;
for (int i = 0; i < R ; i ++)
for (int c = 0; c < C; c++)
{
if (grid[r,c] == '.') continue;
Tuple<int, int> delta = directions[grid[r,c]]; // generates +/- 1, +/- 1
if (nextDirExists(grid, r, c, delta.Item1, delta.Item2)) continue;
bool solution = false;
foreach (var kvp in directions){
delta = kvp.value
if (nextDirExists(grid, r, c, delta.Item1, delta.Item2))
{
solution = True;
}
}
if (solution){
count += 1;
}
}
return count;
}
#problemsolving there are many puzzles that can be made with a grid layout and repeating patterns such as in a chessboard. Often the military uses such signs for their colors on their uniforms. Signals here are formed formed repeating sequences and colors that designate the team and are a way for the identification of that team.
No comments:
Post a Comment