66,452 research outputs found
CyberGuarder: a virtualization security assurance architecture for green cloud computing
Cloud Computing, Green Computing, Virtualization, Virtual Security Appliance, Security Isolation
Recommended from our members
Integrity static analysis of COTS/SOUP
This paper describes the integrity static analysis approach developed to support the justification of commercial off-the-shelf software (COTS) used in a safety-related system. The static analysis was part of an overall software qualification programme, which also included the work reported in our paper presented at Safecomp 2002. Integrity static analysis focuses on unsafe language constructs and “covert” flows, where one thread can affect the data or control flow of another thread. The analysis addressed two main aspects: the internal integrity of the code (especially for the more critical functions), and the intra-component integrity, checking for covert channels. The analysis process was supported by an aggregation of tools, combined and engineered to support the checks done and to scale as necessary. Integrity static analysis is feasible for industrial scale software, did not require unreasonable resources and we provide data that illustrates its contribution to the software qualification programme
S-FaaS: Trustworthy and Accountable Function-as-a-Service using Intel SGX
Function-as-a-Service (FaaS) is a recent and already very popular paradigm in
cloud computing. The function provider need only specify the function to be
run, usually in a high-level language like JavaScript, and the service provider
orchestrates all the necessary infrastructure and software stacks. The function
provider is only billed for the actual computational resources used by the
function invocation. Compared to previous cloud paradigms, FaaS requires
significantly more fine-grained resource measurement mechanisms, e.g. to
measure compute time and memory usage of a single function invocation with
sub-second accuracy. Thanks to the short duration and stateless nature of
functions, and the availability of multiple open-source frameworks, FaaS
enables non-traditional service providers e.g. individuals or data centers with
spare capacity. However, this exacerbates the challenge of ensuring that
resource consumption is measured accurately and reported reliably. It also
raises the issues of ensuring computation is done correctly and minimizing the
amount of information leaked to service providers.
To address these challenges, we introduce S-FaaS, the first architecture and
implementation of FaaS to provide strong security and accountability guarantees
backed by Intel SGX. To match the dynamic event-driven nature of FaaS, our
design introduces a new key distribution enclave and a novel transitive
attestation protocol. A core contribution of S-FaaS is our set of resource
measurement mechanisms that securely measure compute time inside an enclave,
and actual memory allocations. We have integrated S-FaaS into the popular
OpenWhisk FaaS framework. We evaluate the security of our architecture, the
accuracy of our resource measurement mechanisms, and the performance of our
implementation, showing that our resource measurement mechanisms add less than
6.3% latency on standardized benchmarks
International Product Differentiation through a Country Brand: An Economic Analysis of National Branding as a Marketing Strategy for Agricultural Products
Trade policy initiatives of developed country governments are in flux. Governments’ need for new trade policy measures has arisen partly because of constraints imposed on the use of export subsidies by the Agreement on Agriculture reached as part of the Uruguay Round of General Agreement on Tariffs and Trade in 1994. Further disciplines on export subsidies and other policy measures may be agreed on in the Doha Round of World Trade Organization (WTO) negotiations, accentuating the need for new policy measures. While the Doha Round may not successfully reach an agreement, the current modalities show provisional agreement on the elimination of multiple forms of export subsidies. There is provisional agreement on more stringent restrictions on the use of export credit programs. Controls on exporting state trading agencies’ ability to subsidize exports are tentatively agreed (Furtan, 2005). Food aid, which can also be used to circumvent disciplines on export subsidies, is also likely to be subject to WTO disciplines.International Relations/Trade,
Tree-formed Verification Data for Trusted Platforms
The establishment of trust relationships to a computing platform relies on
validation processes. Validation allows an external entity to build trust in
the expected behaviour of the platform based on provided evidence of the
platform's configuration. In a process like remote attestation, the 'trusted'
platform submits verification data created during a start up process. These
data consist of hardware-protected values of platform configuration registers,
containing nested measurement values, e.g., hash values, of loaded or started
components. Commonly, the register values are created in linear order by a
hardware-secured operation. Fine-grained diagnosis of components, based on the
linear order of verification data and associated measurement logs, is not
optimal. We propose a method to use tree-formed verification data to validate a
platform. Component measurement values represent leaves, and protected
registers represent roots of a hash tree. We describe the basic mechanism of
validating a platform using tree-formed measurement logs and root registers and
show an logarithmic speed-up for the search of faults. Secure creation of a
tree is possible using a limited number of hardware-protected registers and a
single protected operation. In this way, the security of tree-formed
verification data is maintained.Comment: 15 pages, 11 figures, v3: Reference added, v4: Revised, accepted for
publication in Computers and Securit
The AGI Containment Problem
There is considerable uncertainty about what properties, capabilities and
motivations future AGIs will have. In some plausible scenarios, AGIs may pose
security risks arising from accidents and defects. In order to mitigate these
risks, prudent early AGI research teams will perform significant testing on
their creations before use. Unfortunately, if an AGI has human-level or greater
intelligence, testing itself may not be safe; some natural AGI goal systems
create emergent incentives for AGIs to tamper with their test environments,
make copies of themselves on the internet, or convince developers and operators
to do dangerous things. In this paper, we survey the AGI containment problem -
the question of how to build a container in which tests can be conducted safely
and reliably, even on AGIs with unknown motivations and capabilities that could
be dangerous. We identify requirements for AGI containers, available
mechanisms, and weaknesses that need to be addressed
- …