S-FaaS: Trustworthy and Accountable Function-as-a-Service using Intel SGX

Function-as-a-Service (FaaS) is a recent and already very popular paradigm in cloud computing. The function provider need only specify the function to be run, usually in a high-level language like JavaScript, and the service provider orchestrates all the necessary infrastructure and software stacks. The function provider is only billed for the actual computational resources used by the function invocation. Compared to previous cloud paradigms, FaaS requires significantly more fine-grained resource measurement mechanisms, e.g. to measure compute time and memory usage of a single function invocation with sub-second accuracy. Thanks to the short duration and stateless nature of functions, and the availability of multiple open-source frameworks, FaaS enables non-traditional service providers e.g. individuals or data centers with spare capacity. However, this exacerbates the challenge of ensuring that resource consumption is measured accurately and reported reliably. It also raises the issues of ensuring computation is done correctly and minimizing the amount of information leaked to service providers. To address these challenges, we introduce S-FaaS, the first architecture and implementation of FaaS to provide strong security and accountability guarantees backed by Intel SGX. To match the dynamic event-driven nature of FaaS, our design introduces a new key distribution enclave and a novel transitive attestation protocol. A core contribution of S-FaaS is our set of resource measurement mechanisms that securely measure compute time inside an enclave, and actual memory allocations. We have integrated S-FaaS into the popular OpenWhisk FaaS framework. We evaluate the security of our architecture, the accuracy of our resource measurement mechanisms, and the performance of our implementation, showing that our resource measurement mechanisms add less than 6.3% latency on standardized benchmarks

On ‘Organized Crime’ in the illicit antiquities trade: moving beyond the definitional debate

The extent to which ‘organized crime’ is involved in illicit antiquities trafficking is unknown and frequently debated. This paper explores the significance and scale of the illicit antiquities trade as a unique transnational criminal phenomenon that is often said to be perpetrated by and exhibit traits of so-called ‘organized crime.’ The definitional debate behind the term ‘organized crime’ is considered as a potential problem impeding our understanding of its existence or extent in illicit antiquities trafficking, and a basic progression-based model is then suggested as a new tool to move beyond the definitional debate for future research that may help to elucidate the actors, processes and criminal dynamics taking place within the illicit antiquities trade from source to market. The paper concludes that researchers should focus not on the question of whether organized criminals- particularly in a traditionally conceived, mafia-type stereotypical sense- are involved in the illicit antiquities trade, but instead on the structure and progression of antiquities trafficking itself that embody both organized and criminal dynamics

Migrating SGX Enclaves with Persistent State

Hardware-supported security mechanisms like Intel Software Guard Extensions (SGX) provide strong security guarantees, which are particularly relevant in cloud settings. However, their reliance on physical hardware conflicts with cloud practices, like migration of VMs between physical platforms. For instance, the SGX trusted execution environment (enclave) is bound to a single physical CPU. Although prior work has proposed an effective mechanism to migrate an enclave's data memory, it overlooks the migration of persistent state, including sealed data and monotonic counters; the former risks data loss whilst the latter undermines the SGX security guarantees. We show how this can be exploited to mount attacks, and then propose an improved enclave migration approach guaranteeing the consistency of persistent state. Our software-only approach enables migratable sealed data and monotonic counters, maintains all SGX security guarantees, minimizes developer effort, and incurs negligible performance overhead

Phase transition in inelastic disks

This letter investigates the molecular dynamics of inelastic disks without external forcing. By introducing a new observation frame with a rescaled time, we observe the virtual steady states converted from asymptotic energy dissipation processes. System behavior in the thermodynamic limit is carefully investigated. It is found that a phase transition with symmetry breaking occurs when the magnitude of dissipation is greater than a critical value.Comment: 9 pages, 6 figure

Stacking Entropy of Hard Sphere Crystals

Classical hard spheres crystallize at equilibrium at high enough density. Crystals made up of stackings of 2-dimensional hexagonal close-packed layers (e.g. fcc, hcp, etc.) differ in entropy by only about $10^{-3}k_B$ per sphere (all configurations are degenerate in energy). To readily resolve and study these small entropy differences, we have implemented two different multicanonical Monte Carlo algorithms that allow direct equilibration between crystals with different stacking sequences. Recent work had demonstrated that the fcc stacking has higher entropy than the hcp stacking. We have studied other stackings to demonstrate that the fcc stacking does indeed have the highest entropy of ALL possible stackings. The entropic interactions we could detect involve three, four and (although with less statistical certainty) five consecutive layers of spheres. These interlayer entropic interactions fall off in strength with increasing distance, as expected; this fall-off appears to be much slower near the melting density than at the maximum (close-packing) density. At maximum density the entropy difference between fcc and hcp stackings is $0.00115 +/- 0.00004 k_B$ per sphere, which is roughly 30% higher than the same quantity measured near the melting transition.Comment: 15 page

Free energies of crystalline solids: a lattice-switch Monte Carlo method

We present a method for the direct evaluation of the difference between the free energies of two crystalline structures, of different symmetry. The method rests on a Monte Carlo procedure which allows one to sample along a path, through atomic-displacement-space, leading from one structure to the other by way of an intervening transformation that switches one set of lattice vectors for another. The configurations of both structures can thus be sampled within a single Monte Carlo process, and the difference between their free energies evaluated directly from the ratio of the measured probabilities of each. The method is used to determine the difference between the free energies of the fcc and hcp crystalline phases of a system of hard spheres.Comment: 5 pages Revtex, 3 figure

Theory of Second and Higher Order Stochastic Processes

This paper presents a general approach to linear stochastic processes driven by various random noises. Mathematically, such processes are described by linear stochastic differential equations of arbitrary order (the simplest non-trivial example is $\ddot x = R(t)$, where $R(t)$ is not a Gaussian white noise). The stochastic process is discretized into $n$ time-steps, all possible realizations are summed up and the continuum limit is taken. This procedure often yields closed form formulas for the joint probability distributions. Completely worked out examples include all Gaussian random forces and a large class of Markovian (non-Gaussian) forces. This approach is also useful for deriving Fokker-Planck equations for the probability distribution functions. This is worked out for Gaussian noises and for the Markovian dichotomous noise.Comment: 35 pages, PlainTex, accepted for publication in Phys Rev. E

Frustrated spin model as a hard-sphere liquid

We show that one-dimensional topological objects (kinks) are natural degrees of freedom for an antiferromagnetic Ising model on a triangular lattice. Its ground states and the coexistence of spin ordering with an extensive zero-temperature entropy can be easily understood in terms of kinks forming a hard-sphere liquid. Using this picture we explain effects of quantum spin dynamics on that frustrated model, which we also study numerically.Comment: 5 pages, 3 figure

Safety and immunogenicity of a new tuberculosis vaccine, MVA85A, in mycobacterium tuberculosis–infected individuals

Copyright © 2009 by the American Thoracic Society.Rationale: An effective new tuberculosis (TB) vaccine regimen must be safe in individuals with latent TB infection (LTBI) and is a priority for global health care. Objectives: To evaluate the safety and immunogenicity of a leading new TB vaccine, recombinant Modified Vaccinia Ankara expressing Antigen 85A (MVA85A) in individuals with LTBI. Methods: An open-label, phase I trial of MVA85A was performed in 12 subjects with LTBI recruited from TB contact clinics in Oxford and London or by poster advertisements in Oxford hospitals. Patients were assessed clinically and had blood samples drawn for immunological analysis over a 52-week period after vaccination with MVA85A. Thoracic computed tomography scans were performed at baseline and at 10 weeks after vaccination. Safety of MVA85A was assessed by clinical, radiological, and inflammatory markers. The immunogenicity of MVA85A was assessed by IFNγ and IL-2 ELISpot assays and FACS. Measurements and Main Results: MVA85A was safe in subjects with LTBI, with comparable adverse events to previous trials of MVA85A. There were no clinically significant changes in inflammatory markers or thoracic computed tomography scans after vaccination. MVA85A induced a strong antigen-specific IFN-γ and IL-2 response that was durable for 52 weeks. The magnitude of IFN-γ response was comparable to previous trials of MVA85A in bacillus Calmette-Guérin–vaccinated individuals. Antigen 85A–specific polyfunctional CD4+ T cells were detectable prior to vaccination with statistically significant increases in cell numbers after vaccination. Conclusions: MVA85A is safe and highly immunogenic in individuals with LTBI. These results will facilitate further trials in TB-endemic areas.Oxford Biomedical Research Centre, Wellcome Trust, and AFTBVAC