37,415 research outputs found
Encryption – use and control in E-commerce
The author describes how cryptography can be used to address modern business requirements such as identity protection, secure web access and digital signatures. Article by Robert Bond (Head of Innovation & Technology Group, Hobson Audley and Fellow of SALS). Published in Amicus Curiae - Journal of the Institute of Advanced Legal Studies and its Society for Advanced Legal Studies. The Journal is produced by the Society for Advanced Legal Studies at the Institute of Advanced Legal Studies, University of London
TrustShadow: Secure Execution of Unmodified Applications with ARM TrustZone
The rapid evolution of Internet-of-Things (IoT) technologies has led to an
emerging need to make it smarter. A variety of applications now run
simultaneously on an ARM-based processor. For example, devices on the edge of
the Internet are provided with higher horsepower to be entrusted with storing,
processing and analyzing data collected from IoT devices. This significantly
improves efficiency and reduces the amount of data that needs to be transported
to the cloud for data processing, analysis and storage. However, commodity OSes
are prone to compromise. Once they are exploited, attackers can access the data
on these devices. Since the data stored and processed on the devices can be
sensitive, left untackled, this is particularly disconcerting.
In this paper, we propose a new system, TrustShadow that shields legacy
applications from untrusted OSes. TrustShadow takes advantage of ARM TrustZone
technology and partitions resources into the secure and normal worlds. In the
secure world, TrustShadow constructs a trusted execution environment for
security-critical applications. This trusted environment is maintained by a
lightweight runtime system that coordinates the communication between
applications and the ordinary OS running in the normal world. The runtime
system does not provide system services itself. Rather, it forwards requests
for system services to the ordinary OS, and verifies the correctness of the
responses. To demonstrate the efficiency of this design, we prototyped
TrustShadow on a real chip board with ARM TrustZone support, and evaluated its
performance using both microbenchmarks and real-world applications. We showed
TrustShadow introduces only negligible overhead to real-world applications.Comment: MobiSys 201
Architecture of a network-in-the-Loop environment for characterizing AC power system behavior
This paper describes the method by which a large hardware-in-the-loop environment has been realized for three-phase ac power systems. The environment allows an entire laboratory power-network topology (generators, loads, controls, protection devices, and switches) to be placed in the loop of a large power-network simulation. The system is realized by using a realtime power-network simulator, which interacts with the hardware via the indirect control of a large synchronous generator and by measuring currents flowing from its terminals. These measured currents are injected into the simulation via current sources to close the loop. This paper describes the system architecture and, most importantly, the calibration methodologies which have been developed to overcome measurement and loop latencies. In particular, a new "phase advance" calibration removes the requirement to add unwanted components into the simulated network to compensate for loop delay. The results of early commissioning experiments are demonstrated. The present system performance limits under transient conditions (approximately 0.25 Hz/s and 30 V/s to contain peak phase-and voltage-tracking errors within 5. and 1%) are defined mainly by the controllability of the synchronous generator
SAFIUS - A secure and accountable filesystem over untrusted storage
We describe SAFIUS, a secure accountable file system that resides over an
untrusted storage. SAFIUS provides strong security guarantees like
confidentiality, integrity, prevention from rollback attacks, and
accountability. SAFIUS also enables read/write sharing of data and provides the
standard UNIX-like interface for applications. To achieve accountability with
good performance, it uses asynchronous signatures; to reduce the space required
for storing these signatures, a novel signature pruning mechanism is used.
SAFIUS has been implemented on a GNU/Linux based system modifying OpenGFS.
Preliminary performance studies show that SAFIUS has a tolerable overhead for
providing secure storage: while it has an overhead of about 50% of OpenGFS in
data intensive workloads (due to the overhead of performing
encryption/decryption in software), it is comparable (or better in some cases)
to OpenGFS in metadata intensive workloads.Comment: 11pt, 12 pages, 16 figure
An overview of the Amoeba distributed operating system
As hardware prices continue to drop rapidly, building large computer systems by interconnecting substantial numbers of microcomputers becomes increasingly attractive. Many techniques for interconnecting the hardware, such as Ethernet [Metcalfe and Boggs, 1976], ring nets [Farber and Larson, 1972], packet switching, and shared memory are well understood, but the corresponding software techniques are poorly understood. The design of general purpose distributed operating systems is one of the key research issues for the 1980s
- …