38,063 research outputs found
Glimmers: Resolving the Privacy/Trust Quagmire
Many successful services rely on trustworthy contributions from users. To
establish that trust, such services often require access to privacy-sensitive
information from users, thus creating a conflict between privacy and trust.
Although it is likely impractical to expect both absolute privacy and
trustworthiness at the same time, we argue that the current state of things,
where individual privacy is usually sacrificed at the altar of trustworthy
services, can be improved with a pragmatic , which allows
services to validate user contributions in a trustworthy way without forfeiting
user privacy. We describe how trustworthy hardware such as Intel's SGX can be
used client-side -- in contrast to much recent work exploring SGX in cloud
services -- to realize the Glimmer architecture, and demonstrate how this
realization is able to resolve the tension between privacy and trust in a
variety of cases
FPGA based remote code integrity verification of programs in distributed embedded systems
The explosive growth of networked embedded systems has made ubiquitous and pervasive computing a reality. However, there are still a number of new challenges to its widespread adoption that include scalability, availability, and, especially, security of software. Among the different challenges in software security, the problem of remote-code integrity verification is still waiting for efficient solutions. This paper proposes the use of reconfigurable computing to build a consistent architecture for generation of attestations (proofs) of code integrity for an executing program as well as to deliver them to the designated verification entity. Remote dynamic update of reconfigurable devices is also exploited to increase the complexity of mounting attacks in a real-word environment. The proposed solution perfectly fits embedded devices that are nowadays commonly equipped with reconfigurable hardware components that are exploited to solve different computational problems
CONFLLVM: A Compiler for Enforcing Data Confidentiality in Low-Level Code
We present an instrumenting compiler for enforcing data confidentiality in
low-level applications (e.g. those written in C) in the presence of an active
adversary. In our approach, the programmer marks secret data by writing
lightweight annotations on top-level definitions in the source code. The
compiler then uses a static flow analysis coupled with efficient runtime
instrumentation, a custom memory layout, and custom control-flow integrity
checks to prevent data leaks even in the presence of low-level attacks. We have
implemented our scheme as part of the LLVM compiler. We evaluate it on the SPEC
micro-benchmarks for performance, and on larger, real-world applications
(including OpenLDAP, which is around 300KLoC) for programmer overhead required
to restructure the application when protecting the sensitive data such as
passwords. We find that performance overheads introduced by our instrumentation
are moderate (average 12% on SPEC), and the programmer effort to port OpenLDAP
is only about 160 LoC.Comment: Technical report for CONFLLVM: A Compiler for Enforcing Data
Confidentiality in Low-Level Code, appearing at EuroSys 201
- …