5,617 research outputs found
CacheZoom: How SGX Amplifies The Power of Cache Attacks
In modern computing environments, hardware resources are commonly shared, and
parallel computation is widely used. Parallel tasks can cause privacy and
security problems if proper isolation is not enforced. Intel proposed SGX to
create a trusted execution environment within the processor. SGX relies on the
hardware, and claims runtime protection even if the OS and other software
components are malicious. However, SGX disregards side-channel attacks. We
introduce a powerful cache side-channel attack that provides system adversaries
a high resolution channel. Our attack tool named CacheZoom is able to virtually
track all memory accesses of SGX enclaves with high spatial and temporal
precision. As proof of concept, we demonstrate AES key recovery attacks on
commonly used implementations including those that were believed to be
resistant in previous scenarios. Our results show that SGX cannot protect
critical data sensitive computations, and efficient AES key recovery is
possible in a practical environment. In contrast to previous works which
require hundreds of measurements, this is the first cache side-channel attack
on a real system that can recover AES keys with a minimal number of
measurements. We can successfully recover AES keys from T-Table based
implementations with as few as ten measurements.Comment: Accepted at Conference on Cryptographic Hardware and Embedded Systems
(CHES '17
The Impact of Entry and Competition by Open Source Software on Innovation
No abstractNo keywords;
The Impact of Entry and Competition by Open Source Software on Innovation Activity
This paper presents the stylized facts of open source software innovation and provides empirical evidence on the impact of increased competition by OSS on the innovative activity in the software industry. Furthermore, we introduce a simple formal model that captures the innovation impact of OSS entry by examining a change in market structure from monopoly to duopoly under the assumption that software producers compete in technology rather than price or quantities. The paper identifies a pro-innovative effect of OSS competition.open source software, innovation, strategic interaction
Open innovation using open source tools: a case study at Sony Mobile
Despite growing interest of Open Innovation (OI) in Software Engineering
(SE), little is known about what triggers software organizations to adopt it
and how this affects SE practices. OI can be realized in numerous of ways,
including Open Source Software (OSS) involvement. Outcomes from OI are not
restricted to product innovation but also include process innovation, e.g.
improved SE practices and methods. This study explores the involvement of a
software organization (Sony Mobile) in OSS communities from an OI perspective
and what SE practices (requirements engineering and testing) have been adapted
in relation to OI. It also highlights the innovative outcomes resulting from
OI. An exploratory embedded case study investigates how Sony Mobile use and
contribute to Jenkins and Gerrit; the two central OSS tools in their continuous
integration tool chain. Quantitative analysis was performed on change log data
from source code repositories in order to identify the top contributors and
triangulated with the results from five semi-structured interviews to explore
the nature of the commits. The findings of the case study include five major
themes: i) The process of opening up towards the tool communities correlates in
time with a general adoption of OSS in the organization. ii) Assets not seen as
competitive advantage nor a source of revenue are made open to OSS communities,
and gradually, the organization turns more open. iii) The requirements
engineering process towards the community is informal and based on engagement.
iv) The need for systematic and automated testing is still in its infancy, but
the needs are identified. v) The innovation outcomes included free features and
maintenance, and were believed to increase speed and quality in development.
Adopting OI was a result of a paradigm shift of moving from Windows to Linux
The Scientist, Spring 2013
https://scholarworks.sjsu.edu/scientist/1007/thumbnail.jp
Open Source Software: From Open Science to New Marketing Models
-Open source Software; Intellectual Property; Licensing; Business Model.
Licensing and Business Models
License affects software companiesâ business activities. While proprietary software vendors create custom licenses, open source companies have less flexibility. The Open Source Initiative (OSI) defines a list of 72 licenses as open source (âOSI approvedâ). For a project to follow open source licensing, it has to pick licenses from this set. Logically, we expect that an open source company defines its business model around the license that it selects. Thus, we can assume that business model decisions follow license choice. In our research we find that in some cases open source companies remove these license constraints for business reasons. We observed cases of open source companies moving from one OSI-approved license to another or companies innovating by adding additional terms. In all these cases, the decision of change is based on the license being a poor fit with their business goals. Not all open source companies are entitled to change the license because this option is available only to companies that own intellectual property. If they do not, they can try to reshape their business model, but that remains a suboptimal option. Whether cognizant of it or not, organizations are implicitly choosing a business model when they select a license. Therefore, it is very important to address licensing and business model decisions as one system instead of a disjointed two-step process. For this purpose we introduce (1) an evolutionary model where license selection and business model impact each other and (2) a taxonomy that addresses both licensing and business models. Our approach helps practitioners include revenue considerations in the licensing choice and researchers to more accurately study the antecedents and consequences of license choice.
- âŠ