CacheZoom: How SGX Amplifies The Power of Cache Attacks

In modern computing environments, hardware resources are commonly shared, and parallel computation is widely used. Parallel tasks can cause privacy and security problems if proper isolation is not enforced. Intel proposed SGX to create a trusted execution environment within the processor. SGX relies on the hardware, and claims runtime protection even if the OS and other software components are malicious. However, SGX disregards side-channel attacks. We introduce a powerful cache side-channel attack that provides system adversaries a high resolution channel. Our attack tool named CacheZoom is able to virtually track all memory accesses of SGX enclaves with high spatial and temporal precision. As proof of concept, we demonstrate AES key recovery attacks on commonly used implementations including those that were believed to be resistant in previous scenarios. Our results show that SGX cannot protect critical data sensitive computations, and efficient AES key recovery is possible in a practical environment. In contrast to previous works which require hundreds of measurements, this is the first cache side-channel attack on a real system that can recover AES keys with a minimal number of measurements. We can successfully recover AES keys from T-Table based implementations with as few as ten measurements.Comment: Accepted at Conference on Cryptographic Hardware and Embedded Systems (CHES '17

The Impact of Entry and Competition by Open Source Software on Innovation

No abstractNo keywords;

The Impact of Entry and Competition by Open Source Software on Innovation Activity

This paper presents the stylized facts of open source software innovation and provides empirical evidence on the impact of increased competition by OSS on the innovative activity in the software industry. Furthermore, we introduce a simple formal model that captures the innovation impact of OSS entry by examining a change in market structure from monopoly to duopoly under the assumption that software producers compete in technology rather than price or quantities. The paper identifies a pro-innovative effect of OSS competition.open source software, innovation, strategic interaction

Open innovation using open source tools: a case study at Sony Mobile

Despite growing interest of Open Innovation (OI) in Software Engineering (SE), little is known about what triggers software organizations to adopt it and how this affects SE practices. OI can be realized in numerous of ways, including Open Source Software (OSS) involvement. Outcomes from OI are not restricted to product innovation but also include process innovation, e.g. improved SE practices and methods. This study explores the involvement of a software organization (Sony Mobile) in OSS communities from an OI perspective and what SE practices (requirements engineering and testing) have been adapted in relation to OI. It also highlights the innovative outcomes resulting from OI. An exploratory embedded case study investigates how Sony Mobile use and contribute to Jenkins and Gerrit; the two central OSS tools in their continuous integration tool chain. Quantitative analysis was performed on change log data from source code repositories in order to identify the top contributors and triangulated with the results from five semi-structured interviews to explore the nature of the commits. The findings of the case study include five major themes: i) The process of opening up towards the tool communities correlates in time with a general adoption of OSS in the organization. ii) Assets not seen as competitive advantage nor a source of revenue are made open to OSS communities, and gradually, the organization turns more open. iii) The requirements engineering process towards the community is informal and based on engagement. iv) The need for systematic and automated testing is still in its infancy, but the needs are identified. v) The innovation outcomes included free features and maintenance, and were believed to increase speed and quality in development. Adopting OI was a result of a paradigm shift of moving from Windows to Linux

The Scientist, Spring 2013

https://scholarworks.sjsu.edu/scientist/1007/thumbnail.jp

Open Source Software: From Open Science to New Marketing Models

-Open source Software; Intellectual Property; Licensing; Business Model.

Licensing and Business Models

License affects software companies’ business activities. While proprietary software vendors create custom licenses, open source companies have less flexibility. The Open Source Initiative (OSI) defines a list of 72 licenses as open source (“OSI approved”). For a project to follow open source licensing, it has to pick licenses from this set. Logically, we expect that an open source company defines its business model around the license that it selects. Thus, we can assume that business model decisions follow license choice. In our research we find that in some cases open source companies remove these license constraints for business reasons. We observed cases of open source companies moving from one OSI-approved license to another or companies innovating by adding additional terms. In all these cases, the decision of change is based on the license being a poor fit with their business goals. Not all open source companies are entitled to change the license because this option is available only to companies that own intellectual property. If they do not, they can try to reshape their business model, but that remains a suboptimal option. Whether cognizant of it or not, organizations are implicitly choosing a business model when they select a license. Therefore, it is very important to address licensing and business model decisions as one system instead of a disjointed two-step process. For this purpose we introduce (1) an evolutionary model where license selection and business model impact each other and (2) a taxonomy that addresses both licensing and business models. Our approach helps practitioners include revenue considerations in the licensing choice and researchers to more accurately study the antecedents and consequences of license choice.

How is Open Source Software Development Different in Popular IoT Projects?

n/