SoK: A Systematic Review of TEE Usage for Developing Trusted Applications

Trusted Execution Environments (TEEs) are a feature of modern central processing units (CPUs) that aim to provide a high assurance, isolated environment in which to run workloads that demand both confidentiality and integrity. Hardware and software components in the CPU isolate workloads, commonly referred to as Trusted Applications (TAs), from the main operating system (OS). This article aims to analyse the TEE ecosystem, determine its usability, and suggest improvements where necessary to make adoption easier. To better understand TEE usage, we gathered academic and practical examples from a total of 223 references. We summarise the literature and provide a publication timeline, along with insights into the evolution of TEE research and deployment. We categorise TAs into major groups and analyse the tools available to developers. Lastly, we evaluate trusted container projects, test performance, and identify the requirements for migrating applications inside them.Comment: In The 18th International Conference on Availability, Reliability and Security (ARES 2023), August 29 -- September 01, 2023, Benevento, Italy. 15 page

End-to-end security in active networks

Active network solutions have been proposed to many of the problems caused by the increasing heterogeneity of the Internet. These ystems allow nodes within the network to process data passing through in several ways. Allowing code from various sources to run on routers introduces numerous security concerns that have been addressed by research into safe languages, restricted execution environments, and other related areas. But little attention has been paid to an even more critical question: the effect on end-to-end security of active flow manipulation. This thesis first examines the threat model implicit in active networks. It develops a framework of security protocols in use at various layers of the networking stack, and their utility to multimedia transport and flow processing, and asks if it is reasonable to give active routers access to the plaintext of these flows. After considering the various security problem introduced, such as vulnerability to attacks on intermediaries or coercion, it concludes not. We then ask if active network systems can be built that maintain end-to-end security without seriously degrading the functionality they provide. We describe the design and analysis of three such protocols: a distributed packet filtering system that can be used to adjust multimedia bandwidth requirements and defend against denial-of-service attacks; an efficient composition of link and transport-layer reliability mechanisms that increases the performance of TCP over lossy wireless links; and a distributed watermarking servicethat can efficiently deliver media flows marked with the identity of their recipients. In all three cases, similar functionality is provided to designs that do not maintain end-to-end security. Finally, we reconsider traditional end-to-end arguments in both networking and security, and show that they have continuing importance for Internet design. Our watermarking work adds the concept of splitting trust throughout a network to that model; we suggest further applications of this idea

Spring Meeting of Council, May 4-7, 1997, Washington, D. C.

https://egrove.olemiss.edu/aicpa_assoc/2008/thumbnail.jp

REALISTIC CADAVER MECHANICAL TESTING & QUANTITATIVE MAGNETIC RESONANCE IMAGING FOR EVALUATING KNEES THROUGHOUT WALKING

Introduction: Knees are subjected to daily physical activities, injuries and diseases, such as osteoarthritis (OA). Such complications represent significant costs (billions and thousands of USD/year for countries and individuals, respectively). Moreover, there is no OA cure and its risk factors (obesity, malalignment and injury) affect joints’ mechanical loading. Thus, knees must be studied under realistic loading conditions. Unfortunately, due to joints’ complexity (geometry, mechanical properties and loading), current experimental methods seldom achieve this. Quantitative magnetic resonance imaging (qMRI) potentially offers a non-invasive evaluation of tissue structure, biochemistry and mechanics, thereby facilitating injury or disease tracking if links between these properties and imaging outcomes were well established. However, the connections between tissue health and mechanical properties remain unclear, as is the relation between tissue- and joint-level biomechanics. Objective: Determine if tissue structure and joint function are related in whole cadaver knees under physiologically realistic loading conditions applied via a novel MRI-safe loading device. Methods: A novel MRI-safe knee loading device was designed, built and its repeatability assessed. Physiologic loading conditions (simulating walking) suitable for mechanical tests were determined via musculoskeletal (MSK) modelling, verified and validated against published data, and applied to a cadaver knee. To measure tibio- and patello-femoral (T-F and P-F) contact responses, a pressure sensing system was used in conjunction with the instrumented loading device. Then, to search for T2 relaxation-deformation associations, tibial and patellar cartilage deformations and T2 relaxation responses of other six ex-vivo knees subjected to axial compression (simulating standing) were measured and correlation analyses performed. Results & Discussion: The MRI-safe loading system developed was able to simulate healthy or pathologic gait with adequate repeatability (e.g., 1.23 to 2.91 CV% for compression, comparable to existing simulators), leading to generally consistent contact responses in agreement with published experimental and finite element studies. Cartilage thickness and T2 relaxation time magnitudes measured fell within expected values, while their loading-induced changes agreed with previous studies but exhibited larger variability. Moreover, a moderate negative correlation (r = -0.402, p = 0.019) was found between unloaded tibial cartilage thickness and T2 relaxation time, which may be linked to cartilage composition (relating collagen fibers and water content)

Online learning on the programmable dataplane

This thesis makes the case for managing computer networks with datadriven methods automated statistical inference and control based on measurement data and runtime observations—and argues for their tight integration with programmable dataplane hardware to make management decisions faster and from more precise data. Optimisation, defence, and measurement of networked infrastructure are each challenging tasks in their own right, which are currently dominated by the use of hand-crafted heuristic methods. These become harder to reason about and deploy as networks scale in rates and number of forwarding elements, but their design requires expert knowledge and care around unexpected protocol interactions. This makes tailored, per-deployment or -workload solutions infeasible to develop. Recent advances in machine learning offer capable function approximation and closed-loop control which suit many of these tasks. New, programmable dataplane hardware enables more agility in the network— runtime reprogrammability, precise traffic measurement, and low latency on-path processing. The synthesis of these two developments allows complex decisions to be made on previously unusable state, and made quicker by offloading inference to the network. To justify this argument, I advance the state of the art in data-driven defence of networks, novel dataplane-friendly online reinforcement learning algorithms, and in-network data reduction to allow classification of switchscale data. Each requires co-design aware of the network, and of the failure modes of systems and carried traffic. To make online learning possible in the dataplane, I use fixed-point arithmetic and modify classical (non-neural) approaches to take advantage of the SmartNIC compute model and make use of rich device local state. I show that data-driven solutions still require great care to correctly design, but with the right domain expertise they can improve on pathological cases in DDoS defence, such as protecting legitimate UDP traffic. In-network aggregation to histograms is shown to enable accurate classification from fine temporal effects, and allows hosts to scale such classification to far larger flow counts and traffic volume. Moving reinforcement learning to the dataplane is shown to offer substantial benefits to stateaction latency and online learning throughput versus host machines; allowing policies to react faster to fine-grained network events. The dataplane environment is key in making reactive online learning feasible—to port further algorithms and learnt functions, I collate and analyse the strengths of current and future hardware designs, as well as individual algorithms

Reengineering of the national organization of the General Association of General Baptists

https://place.asburyseminary.edu/ecommonsatsdissertations/1106/thumbnail.jp

Comparison of the vocabularies of the Gregg shorthand dictionary and Horn-Peterson's basic vocabulary of business letters

This study is a comparative analysis of the vocabularies of Horn and Peterson's The Basic Vocabulary of Business Letters1 and the Gregg Shorthand Dictionary.2 Both books purport to present a list of words most frequently encountered by stenographers and students of shorthand. The, Basic Vocabulary of Business Letters, published "in answer to repeated requests for data on the words appearing most frequently in business letters,"3 is a frequency list specific to business writing. Although the book carries the copyright date of 1943, the vocabulary was compiled much earlier. The listings constitute a part of the data used in the preparation of the 10,000 words making up the ranked frequency list compiled by Ernest Horn and staff and published in 1926 under the title of A Basic Writing Vocabulary: 10,000 Words Lost Commonly Used in Writing. The introduction to that publication gives credit to Miss Cora Crowder for the contribution of her Master's study at the University of Minnesota concerning words found in business writing. With additional data from supplementary sources, the complete listing represents twenty-six classes of business, as follows 1. Miscellaneous 2. Florists 3. Automobile manufacturers and sales companie