70,869 research outputs found
A software approach to defeating side channels in last-level caches
We present a software approach to mitigate access-driven side-channel attacks
that leverage last-level caches (LLCs) shared across cores to leak information
between security domains (e.g., tenants in a cloud). Our approach dynamically
manages physical memory pages shared between security domains to disable
sharing of LLC lines, thus preventing "Flush-Reload" side channels via LLCs. It
also manages cacheability of memory pages to thwart cross-tenant "Prime-Probe"
attacks in LLCs. We have implemented our approach as a memory management
subsystem called CacheBar within the Linux kernel to intervene on such side
channels across container boundaries, as containers are a common method for
enforcing tenant isolation in Platform-as-a-Service (PaaS) clouds. Through
formal verification, principled analysis, and empirical evaluation, we show
that CacheBar achieves strong security with small performance overheads for
PaaS workloads
Evaluation of the Doodle Families Literacy Programme Pilot
The Doodle Families Literacy Programme was a pilot programme that was delivered in three DEIS Band 1 primary schools in Limerick during the period of April to June 2015 for First Class children and their parents.Doodle Families was originally designed as an afterschool programme, but the pilot schools delivered it during the school day or bridging the school day and afterschool time. Doodle Families was delivered in two four week blocks, with families participating in one session per week.The pilot programme objectives were:* To pilot Doodle Families as a follow up to Doodle Den;* To train a panel of facilitators from three pilot schools and local services to deliver the programme.* To verify programme content, implementation issues and training needs to support the replication of Doodle Families.The aim of the evaluation of Doodle Families was to assess the implementation of the programme, how it was delivered and how those involved in the delivery felt about the programme, including school staff, parents, children, school principals and external organisations
Time Protection: the Missing OS Abstraction
Timing channels enable data leakage that threatens the security of computer
systems, from cloud platforms to smartphones and browsers executing untrusted
third-party code. Preventing unauthorised information flow is a core duty of
the operating system, however, present OSes are unable to prevent timing
channels. We argue that OSes must provide time protection in addition to the
established memory protection. We examine the requirements of time protection,
present a design and its implementation in the seL4 microkernel, and evaluate
its efficacy as well as performance overhead on Arm and x86 processors
- …