CacheZoom: How SGX Amplifies The Power of Cache Attacks

In modern computing environments, hardware resources are commonly shared, and parallel computation is widely used. Parallel tasks can cause privacy and security problems if proper isolation is not enforced. Intel proposed SGX to create a trusted execution environment within the processor. SGX relies on the hardware, and claims runtime protection even if the OS and other software components are malicious. However, SGX disregards side-channel attacks. We introduce a powerful cache side-channel attack that provides system adversaries a high resolution channel. Our attack tool named CacheZoom is able to virtually track all memory accesses of SGX enclaves with high spatial and temporal precision. As proof of concept, we demonstrate AES key recovery attacks on commonly used implementations including those that were believed to be resistant in previous scenarios. Our results show that SGX cannot protect critical data sensitive computations, and efficient AES key recovery is possible in a practical environment. In contrast to previous works which require hundreds of measurements, this is the first cache side-channel attack on a real system that can recover AES keys with a minimal number of measurements. We can successfully recover AES keys from T-Table based implementations with as few as ten measurements.Comment: Accepted at Conference on Cryptographic Hardware and Embedded Systems (CHES '17

68/02/01 Brief for the United States as Amicus Curiae

In sum, we believe that it is consistent with the Fourth Amendment to recognize a power in law enforcement officers to detain and question under circumstances amounting to less than probable cause for a formal arrest, and that, in exercising such power, the officer may legitimately protect himself by a frisk for dangerous weapons -- from page 18

Photo- and Electroproduction of Eta Mesons

Eta photo- and electroproduction off the nucleon is investigated in an effective lagrangian approach that contains Born terms and both vector meson and nucleon resonance contributions. In particular, we review and develop the formalism for coincidence experiments with polarization degrees of freedom. The different response functions appearing in single and double polarization experiments have been studied. We will present calculations for structure functions and kinematical conditions that are most sensitive to details of the lagrangian, in particular with regard to contributions of nucleon resonances beyond the dominant $S_{11}$(1535) resonance.Comment: 24 pages RevTeX/LaTeX2.09, NFSS1, 13 figures (in separate file (tar,gzip and uue)), accepted for publication in Z. Phys.

Dynamics of Cryogenic Jets: Non-Rayleigh Breakup and Onset of Nonaxisymmetric Motions

We report development of generators for periodic, satellite-free fluxes of mono-disperse drops with diameters down to 10 mikrometers from cryogenic liquids like H_2, N_2, Ar and Xe (and, as reference fluid, water). While the breakup of water jets can well be described by Rayleigh's linear theory, we find jet regimes for H_2 and N_2 which reveal deviations from this behavior. Thus, Rayleigh's theory is inappropriate for thin jets that exchange energy and/or mass with the surrounding medium. Moreover, at high evaporation rates, axial symmetry of the dynamics is lost. When the drops pass into vacuum, frozen pellets form due to surface evaporation. The narrow width of the pellet flux paves the way towards various industrial and scientific applications.Comment: 4 pages, 4 figures, 1 table; final version to appear in Phys.Rev.Lett (minor changes with respect to v1

Developing a Simplified Consent Form for Biobanking

BACKGROUND: Consent forms have lengthened over time and become harder for participants to understand. We sought to demonstrate the feasibility of creating a simplified consent form for biobanking that comprises the minimum information necessary to meet ethical and regulatory requirements. We then gathered preliminary data concerning its content from hypothetical biobank participants. METHODOLOGY/PRINCIPAL FINDINGS: We followed basic principles of plain-language writing and incorporated into a 2-page form (not including the signature page) those elements of information required by federal regulations and recommended by best practice guidelines for biobanking. We then recruited diabetes patients from community-based practices and randomized half (n = 56) to read the 2-page form, first on paper and then a second time on a tablet computer. Participants were encouraged to use "More information" buttons on the electronic version whenever they had questions or desired further information. These buttons led to a series of "Frequently Asked Questions" (FAQs) that contained additional detailed information. Participants were asked to identify specific sentences in the FAQs they thought would be important if they were considering taking part in a biorepository. On average, participants identified 7 FAQ sentences as important (mean 6.6, SD 14.7, range: 0-71). No one sentence was highlighted by a majority of participants; further, 34 (60.7%) participants did not highlight any FAQ sentences. CONCLUSIONS: Our preliminary findings suggest that our 2-page form contains the information that most prospective participants identify as important. Combining simplified forms with supplemental material for those participants who desire more information could help minimize consent form length and complexity, allowing the most substantively material information to be better highlighted and enabling potential participants to read the form and ask questions more effectively