454 research outputs found
Scheduling policies and system software architectures for mixed-criticality computing
Mixed-criticality model of computation is being increasingly
adopted in timing-sensitive systems. The model not only
ensures that the most critical tasks in a system never fails,
but also aims for better systems resource utilization in normal condition. In this report, we describe the widely used
mixed-criticality task model and fixed-priority scheduling
algorithms for the model in uniprocessors. Because of the
necessity by the mixed-criticality task model and scheduling
policies, isolation, both temporal and spatial, among tasks is
one of the main requirements from the system design point
of view. Different virtualization techniques have been used
to design system software architecture with the goal of isolation. We discuss such a few system software architectures
which are being and can be used for mixed-criticality model
of computation
Security consideration for virtualization
Virtualization is not a new technology, but has recently experienced a resurgence
of interest among industry and research. New products and technologies are emerging
quickly, and are being deployed with little considerations to security concerns.
It is vital to understand that virtualization does not improve security by default.
Hence, any aspect of virtualization needs to undergo constant security analysis
and audit. Virtualization is a changeable and very dynamic field with an uncertain
outcome. In this paper we outline the security model of hypervisors and illustrate
the significance of ongoing security analysis by describing different state of the
art threat models. Finally, we provide recommendations and design considerations
for a more secure virtual infrastructure
Towards a Trustworthy Thin Terminal for Securing Enterprise Networks
Organizations have many employees that lack the technical knowledge to securely operate their machines. These users may open malicious email attachments/links or install unverified software such as P2P programs. These actions introduce significant risk to an organization\u27s network since they allow attackers to exploit the trust and access given to a client machine. However, system administrators currently lack the control of client machines needed to prevent these security risks. A possible solution to address this issue lies in attestation. With respect to computer science, attestation is the ability of a machine to prove its current state. This capability can be used by client machines to remotely attest to their state, which can be used by other machines in the network when making trust decisions. Previous research in this area has focused on the use of a static root of trust (RoT), requiring the use of a chain of trust over the entire software stack. We would argue this approach is limited in feasibility, because it requires an understanding and evaluation of the all the previous states of a machine. With the use of late launch, a dynamic root of trust introduced in the Trusted Platform Module (TPM) v1.2 specification, the required chain of trust is drastically shortened, minimizing the previous states of a machine that must be evaluated. This reduced chain of trust may allow a dynamic RoT to address the limitations of a static RoT. We are implementing a client terminal service that utilizes late launch to attest to its execution. Further, the minimal functional requirements of the service facilitate strong software verification. The goal in designing this service is not to increase the security of the network, but rather to push the functionality, and therefore the security risks and responsibilities, of client machines to the network€™s servers. In doing so, we create a platform that can more easily be administered by those individuals best equipped to do so with the expectation that this will lead to better security practices. Through the use of late launch and remote attestation in our terminal service, the system administrators have a strong guarantee the clients connecting to their system are secure and can therefore focus their efforts on securing the server architecture. This effectively addresses our motivating problem as it forces user actions to occur under the control of system administrators
Remote attestation of SEV-SNP confidential VMs using e-vTPMs
Departing from "your data is safe with us" model where the cloud
infrastructure is trusted, cloud tenants are shifting towards a model in which
the cloud provider is not part of the trust domain. Both silicon and cloud
vendors are trying to address this shift by introducing confidential computing
- an umbrella term that provides mechanisms for protecting the data in-use
through encryption below the hardware boundary of the CPU, e.g., Intel Software
Guard Extensions (SGX), AMD secure encrypted virtualization (SEV), Intel trust
domain extensions (TDX), etc.
In this work, we design and implement a virtual trusted platform module
(vTPM) that virtualizes the hardware root-of-trust without requiring to trust
the cloud provider. To ensure the security of a vTPM in a provider-controlled
environment, we leverage unique isolation properties of the SEV-SNP hardware
and a novel approach to ephemeral TPM state management. Specifically, we
develop a stateless ephemeral vTPM that supports remote attestation without
persistent state. This allows us to pair each confidential VM with a private
instance of a vTPM that is completely isolated from the provider-controlled
environment and other VMs. We built our prototype entirely on open-source
components - Qemu, Linux, and Keylime. Though our work is AMD-specific, a
similar approach could be used to build remote attestation protocol on other
trusted execution environments (TEE).Comment: 12 pages, 4 figure
Blockchain-Based Services Implemented in a Microservices Architecture Using a Trusted Platform Module Applied to Electric Vehicle Charging Stations
Microservice architectures exploit container-based virtualized services, which rarely use
hardware-based cryptography. A trusted platform module (TPM) offers a hardware root for trust
in services that makes use of cryptographic operations. The virtualization of this hardware module
offers high usability for other types of service that require TPM functionalities. This paper proposes
the design of TPM virtualization in a container. To ensure integrity, different mechanisms, such as
attestation and sealing, have been developed for the binaries and libraries stored in the container
volumes. Through a REST API, the container offers the functionalities of a TPM, such as key
generation and signing. To prevent unauthorized access to the container, this article proposes an
authentication mechanism based on tokens issued by the Cognito Amazon Web Service. As a proof
of concept and applicability in industry, a use case for electric vehicle charging stations using a
microservice-based architecture is proposed. Using the EOS.IO blockchain to maintain a copy of
the data, the virtualized TPM microservice provides the cryptographic operations necessary for
blockchain transactions. Through a two-factor authentication mechanism, users can access the data.
This scenario shows the potential of using blockchain technologies in microservice-based architectures,
where microservices such as the virtualized TPM fill a security gap in these architectures.Infineon TechnologiesProgram “Digitalisierung der EnergiewendeBundesministeriums für
Wirtschaft und EnergieTrusted Blockchains fur das offene, intelligente
Energienetz der Zukunft (tbiEnergy)FKZ 03EI6029DEuropean Health and Digital Executive Agency (HaDEA) program under Grant
Agreement No 101092950 (EDGELESS project)FEDER/Junta de
Andalucia-Consejeria de Transformacion Economica, Industria, Conocimiento y Universidades under
Project B-TIC-588-UGR20
- …