10,392 research outputs found
Towards a Formally Verified Security Monitor for VM-based Confidential Computing
Confidential computing is a key technology for isolating high-assurance
applications from the large amounts of untrusted code typical in modern
systems. Existing confidential computing systems cannot be certified for use in
critical applications, like systems controlling critical infrastructure,
hardware security modules, or aircraft, as they lack formal verification.
This paper presents an approach to formally modeling and proving a security
monitor. It introduces a canonical architecture for virtual machine (VM)-based
confidential computing systems. It abstracts processor-specific components and
identifies a minimal set of hardware primitives required by a trusted security
monitor to enforce security guarantees. We demonstrate our methodology and
proposed approach with an example from our Rust implementation of the security
monitor for RISC-V
Revisiting Actor Programming in C++
The actor model of computation has gained significant popularity over the
last decade. Its high level of abstraction makes it appealing for concurrent
applications in parallel and distributed systems. However, designing a
real-world actor framework that subsumes full scalability, strong reliability,
and high resource efficiency requires many conceptual and algorithmic additives
to the original model.
In this paper, we report on designing and building CAF, the "C++ Actor
Framework". CAF targets at providing a concurrent and distributed native
environment for scaling up to very large, high-performance applications, and
equally well down to small constrained systems. We present the key
specifications and design concepts---in particular a message-transparent
architecture, type-safe message interfaces, and pattern matching
facilities---that make native actors a viable approach for many robust,
elastic, and highly distributed developments. We demonstrate the feasibility of
CAF in three scenarios: first for elastic, upscaling environments, second for
including heterogeneous hardware like GPGPUs, and third for distributed runtime
systems. Extensive performance evaluations indicate ideal runtime behaviour for
up to 64 cores at very low memory footprint, or in the presence of GPUs. In
these tests, CAF continuously outperforms the competing actor environments
Erlang, Charm++, SalsaLite, Scala, ActorFoundry, and even the OpenMPI.Comment: 33 page
From FPGA to ASIC: A RISC-V processor experience
This work document a correct design flow using these tools in the Lagarto RISC- V Processor and the RTL design considerations that must be taken into account, to move from a design for FPGA to design for ASIC
TrustShadow: Secure Execution of Unmodified Applications with ARM TrustZone
The rapid evolution of Internet-of-Things (IoT) technologies has led to an
emerging need to make it smarter. A variety of applications now run
simultaneously on an ARM-based processor. For example, devices on the edge of
the Internet are provided with higher horsepower to be entrusted with storing,
processing and analyzing data collected from IoT devices. This significantly
improves efficiency and reduces the amount of data that needs to be transported
to the cloud for data processing, analysis and storage. However, commodity OSes
are prone to compromise. Once they are exploited, attackers can access the data
on these devices. Since the data stored and processed on the devices can be
sensitive, left untackled, this is particularly disconcerting.
In this paper, we propose a new system, TrustShadow that shields legacy
applications from untrusted OSes. TrustShadow takes advantage of ARM TrustZone
technology and partitions resources into the secure and normal worlds. In the
secure world, TrustShadow constructs a trusted execution environment for
security-critical applications. This trusted environment is maintained by a
lightweight runtime system that coordinates the communication between
applications and the ordinary OS running in the normal world. The runtime
system does not provide system services itself. Rather, it forwards requests
for system services to the ordinary OS, and verifies the correctness of the
responses. To demonstrate the efficiency of this design, we prototyped
TrustShadow on a real chip board with ARM TrustZone support, and evaluated its
performance using both microbenchmarks and real-world applications. We showed
TrustShadow introduces only negligible overhead to real-world applications.Comment: MobiSys 201
- …