A Survey on the Integration of NAND Flash Storage in the Design of File Systems and the Host Storage Software Stack

With the ever-increasing amount of data generate in the world, estimated to reach over 200 Zettabytes by 2025, pressure on efficient data storage systems is intensifying. The shift from HDD to flash-based SSD provides one of the most fundamental shifts in storage technology, increasing performance capabilities significantly. However, flash storage comes with different characteristics than prior HDD storage technology. Therefore, storage software was unsuitable for leveraging the capabilities of flash storage. As a result, a plethora of storage applications have been design to better integrate with flash storage and align with flash characteristics. In this literature study we evaluate the effect the introduction of flash storage has had on the design of file systems, which providing one of the most essential mechanisms for managing persistent storage. We analyze the mechanisms for effectively managing flash storage, managing overheads of introduced design requirements, and leverage the capabilities of flash storage. Numerous methods have been adopted in file systems, however prominently revolve around similar design decisions, adhering to the flash hardware constrains, and limiting software intervention. Future design of storage software remains prominent with the constant growth in flash-based storage devices and interfaces, providing an increasing possibility to enhance flash integration in the host storage software stack

A Survey on the Integration of NAND Flash Storage in the Design of File Systems and the Host Storage Software Stack

With the ever-increasing amount of data generate in the world, estimated to reach over 200 Zettabytes by 2025, pressure on efficient data storage systems is intensifying. The shift from HDD to flash-based SSD provides one of the most fundamental shifts in storage technology, increasing performance capabilities significantly. However, flash storage comes with different characteristics than prior HDD storage technology. Therefore, storage software was unsuitable for leveraging the capabilities of flash storage. As a result, a plethora of storage applications have been design to better integrate with flash storage and align with flash characteristics. In this literature study we evaluate the effect the introduction of flash storage has had on the design of file systems, which providing one of the most essential mechanisms for managing persistent storage. We analyze the mechanisms for effectively managing flash storage, managing overheads of introduced design requirements, and leverage the capabilities of flash storage. Numerous methods have been adopted in file systems, however prominently revolve around similar design decisions, adhering to the flash hardware constrains, and limiting software intervention. Future design of storage software remains prominent with the constant growth in flash-based storage devices and interfaces, providing an increasing possibility to enhance flash integration in the host storage software stack

AC/DC: Adaptive Cutoffs and Disputable Cutoffs for robust critical transactions in smart-contracts

To guarantee delivery of their intended functionalities in the presence of unresponsive parties, current smart-contracts cut users off from being able to commit their responses after a fixed period of time has elapsed. However, current blockchains have limited transaction processing capacities, so a fixed amount of time will not always be sufficient to receive every (C-TX). This paper presents a mechanism for adaptive cutoffs (ACs) which ensures that users retain the opportunity to commit despite blockchain congestion, and enables early cutoffs when the number of required is low. A non-interactive argument system for setting adaptive cutoffs under the current Ethereum Virtual Machine is described. Additionally, disputable cutoffs (DCs) are presented, which are a more efficient approach used in parallel to ACs based on a bisection-based dispute. Furthermore, it’s empirically demonstrated that an AC/DC-enabled smart-contract can receive a larger number of than its non-adaptive counterparts when user responsiveness is slowed due to denial of service or congestion

Systems Support for Trusted Execution Environments

Cloud computing has become a default choice for data processing by both large corporations and individuals due to its economy of scale and ease of system management. However, the question of trust and trustoworthy computing inside the Cloud environments has been long neglected in practice and further exacerbated by the proliferation of AI and its use for processing of sensitive user data. Attempts to implement the mechanisms for trustworthy computing in the cloud have previously remained theoretical due to lack of hardware primitives in the commodity CPUs, while a combination of Secure Boot, TPMs, and virtualization has seen only limited adoption. The situation has changed in 2016, when Intel introduced the Software Guard Extensions (SGX) and its enclaves to the x86 ISA CPUs: for the first time, it became possible to build trustworthy applications relying on a commonly available technology. However, Intel SGX posed challenges to the practitioners who discovered the limitations of this technology, from the limited support of legacy applications and integration of SGX enclaves into the existing system, to the performance bottlenecks on communication, startup, and memory utilization. In this thesis, our goal is enable trustworthy computing in the cloud by relying on the imperfect SGX promitives. To this end, we develop and evaluate solutions to issues stemming from limited systems support of Intel SGX: we investigate the mechanisms for runtime support of POSIX applications with SCONE, an efficient SGX runtime library developed with performance limitations of SGX in mind. We further develop this topic with FFQ, which is a concurrent queue for SCONE's asynchronous system call interface. ShieldBox is our study of interplay of kernel bypass and trusted execution technologies for NFV, which also tackles the problem of low-latency clocks inside enclave. The two last systems, Clemmys and T-Lease are built on a more recent SGXv2 ISA extension. In Clemmys, SGXv2 allows us to significantly reduce the startup time of SGX-enabled functions inside a Function-as-a-Service platform. Finally, in T-Lease we solve the problem of trusted time by introducing a trusted lease primitive for distributed systems. We perform evaluation of all of these systems and prove that they can be practically utilized in existing systems with minimal overhead, and can be combined with both legacy systems and other SGX-based solutions. In the course of the thesis, we enable trusted computing for individual applications, high-performance network functions, and distributed computing framework, making a <vision of trusted cloud computing a reality

Defense in Depth of Resource-Constrained Devices

The emergent next generation of computing, the so-called Internet of Things (IoT), presents significant challenges to security, privacy, and trust. The devices commonly used in IoT scenarios are often resource-constrained with reduced computational strength, limited power consumption, and stringent availability requirements. Additionally, at least in the consumer arena, time-to-market is often prioritized at the expense of quality assurance and security. An initial lack of standards has compounded the problems arising from this rapid development. However, the explosive growth in the number and types of IoT devices has now created a multitude of competing standards and technology silos resulting in a highly fragmented threat model. Tens of billions of these devices have been deployed in consumers\u27 homes and industrial settings. From smart toasters and personal health monitors to industrial controls in energy delivery networks, these devices wield significant influence on our daily lives. They are privy to highly sensitive, often personal data and responsible for real-world, security-critical, physical processes. As such, these internet-connected things are highly valuable and vulnerable targets for exploitation. Current security measures, such as reactionary policies and ad hoc patching, are not adequate at this scale. This thesis presents a multi-layered, defense in depth, approach to preventing and mitigating a myriad of vulnerabilities associated with the above challenges. To secure the pre-boot environment, we demonstrate a hardware-based secure boot process for devices lacking secure memory. We introduce a novel implementation of remote attestation backed by blockchain technologies to address hardware and software integrity concerns for the long-running, unsupervised, and rarely patched systems found in industrial IoT settings. Moving into the software layer, we present a unique method of intraprocess memory isolation as a barrier to several prevalent classes of software vulnerabilities. Finally, we exhibit work on network analysis and intrusion detection for the low-power, low-latency, and low-bandwidth wireless networks common to IoT applications. By targeting these areas of the hardware-software stack, we seek to establish a trustworthy system that extends from power-on through application runtime