3,193 research outputs found
Context caches in the clouds
In context-aware systems, the contextual information about human and computing situations has a strong temporal aspect i.e. it remains valid for a period of time. This temporal property can be exploited in caching mechanisms that aim to exploit such locality of reference. However, different types of contextual information have varying temporal validity durations and a varied spectrum of access frequencies as well. Such variation affects the suitability of a single caching strategy and an ideal caching mechanism should utilize dynamic strategies based on the type of context data, quality of service heuristics and access patterns and frequencies of context consuming applications. This paper presents an investigation into the utility of various context-caching strategies and proposes a novel bipartite caching mechanism in a Cloud-based context provisioning system. The results demonstrate the relative benefits of different caching strategies under varying context usage scenarios. The utility of the bipartite context caching mechanism is established both through simulation and deployment in a Cloud platform
Time Protection: the Missing OS Abstraction
Timing channels enable data leakage that threatens the security of computer
systems, from cloud platforms to smartphones and browsers executing untrusted
third-party code. Preventing unauthorised information flow is a core duty of
the operating system, however, present OSes are unable to prevent timing
channels. We argue that OSes must provide time protection in addition to the
established memory protection. We examine the requirements of time protection,
present a design and its implementation in the seL4 microkernel, and evaluate
its efficacy as well as performance overhead on Arm and x86 processors
Federated and autonomic management of multimedia services
Over the years, the Internet has significantly evolved in size and complexity. Additionally, the modern multimedia services it offers have considerably more stringent Quality of Service (QoS) requirements than traditional static services. These factors contribute to the ever-increasing complexity and cost to manage the Internet and its services. In the dissertation, a novel network management architecture is proposed to overcome these problems. It supports QoS-guarantees of multimedia services across the Internet, by setting up end-to-end network federations. A network federation is defined as a persistent cross-organizational agreement that enables the cooperating networks to share capabilities. Additionally, the architecture incorporates aspects from autonomic network management to tackle the ever-growing management complexity of modern communications networks. Specifically, a hierarchical approach is presented, which guarantees scalable collaboration of huge amounts of self-governing autonomic management components
CacheZoom: How SGX Amplifies The Power of Cache Attacks
In modern computing environments, hardware resources are commonly shared, and
parallel computation is widely used. Parallel tasks can cause privacy and
security problems if proper isolation is not enforced. Intel proposed SGX to
create a trusted execution environment within the processor. SGX relies on the
hardware, and claims runtime protection even if the OS and other software
components are malicious. However, SGX disregards side-channel attacks. We
introduce a powerful cache side-channel attack that provides system adversaries
a high resolution channel. Our attack tool named CacheZoom is able to virtually
track all memory accesses of SGX enclaves with high spatial and temporal
precision. As proof of concept, we demonstrate AES key recovery attacks on
commonly used implementations including those that were believed to be
resistant in previous scenarios. Our results show that SGX cannot protect
critical data sensitive computations, and efficient AES key recovery is
possible in a practical environment. In contrast to previous works which
require hundreds of measurements, this is the first cache side-channel attack
on a real system that can recover AES keys with a minimal number of
measurements. We can successfully recover AES keys from T-Table based
implementations with as few as ten measurements.Comment: Accepted at Conference on Cryptographic Hardware and Embedded Systems
(CHES '17
- …