Context caches in the clouds

In context-aware systems, the contextual information about human and computing situations has a strong temporal aspect i.e. it remains valid for a period of time. This temporal property can be exploited in caching mechanisms that aim to exploit such locality of reference. However, different types of contextual information have varying temporal validity durations and a varied spectrum of access frequencies as well. Such variation affects the suitability of a single caching strategy and an ideal caching mechanism should utilize dynamic strategies based on the type of context data, quality of service heuristics and access patterns and frequencies of context consuming applications. This paper presents an investigation into the utility of various context-caching strategies and proposes a novel bipartite caching mechanism in a Cloud-based context provisioning system. The results demonstrate the relative benefits of different caching strategies under varying context usage scenarios. The utility of the bipartite context caching mechanism is established both through simulation and deployment in a Cloud platform

Time Protection: the Missing OS Abstraction

Timing channels enable data leakage that threatens the security of computer systems, from cloud platforms to smartphones and browsers executing untrusted third-party code. Preventing unauthorised information flow is a core duty of the operating system, however, present OSes are unable to prevent timing channels. We argue that OSes must provide time protection in addition to the established memory protection. We examine the requirements of time protection, present a design and its implementation in the seL4 microkernel, and evaluate its efficacy as well as performance overhead on Arm and x86 processors

Federated and autonomic management of multimedia services

Over the years, the Internet has significantly evolved in size and complexity. Additionally, the modern multimedia services it offers have considerably more stringent Quality of Service (QoS) requirements than traditional static services. These factors contribute to the ever-increasing complexity and cost to manage the Internet and its services. In the dissertation, a novel network management architecture is proposed to overcome these problems. It supports QoS-guarantees of multimedia services across the Internet, by setting up end-to-end network federations. A network federation is defined as a persistent cross-organizational agreement that enables the cooperating networks to share capabilities. Additionally, the architecture incorporates aspects from autonomic network management to tackle the ever-growing management complexity of modern communications networks. Specifically, a hierarchical approach is presented, which guarantees scalable collaboration of huge amounts of self-governing autonomic management components

CacheZoom: How SGX Amplifies The Power of Cache Attacks

In modern computing environments, hardware resources are commonly shared, and parallel computation is widely used. Parallel tasks can cause privacy and security problems if proper isolation is not enforced. Intel proposed SGX to create a trusted execution environment within the processor. SGX relies on the hardware, and claims runtime protection even if the OS and other software components are malicious. However, SGX disregards side-channel attacks. We introduce a powerful cache side-channel attack that provides system adversaries a high resolution channel. Our attack tool named CacheZoom is able to virtually track all memory accesses of SGX enclaves with high spatial and temporal precision. As proof of concept, we demonstrate AES key recovery attacks on commonly used implementations including those that were believed to be resistant in previous scenarios. Our results show that SGX cannot protect critical data sensitive computations, and efficient AES key recovery is possible in a practical environment. In contrast to previous works which require hundreds of measurements, this is the first cache side-channel attack on a real system that can recover AES keys with a minimal number of measurements. We can successfully recover AES keys from T-Table based implementations with as few as ten measurements.Comment: Accepted at Conference on Cryptographic Hardware and Embedded Systems (CHES '17