72 research outputs found
SGXIO: Generic Trusted I/O Path for Intel SGX
Application security traditionally strongly relies upon security of the
underlying operating system. However, operating systems often fall victim to
software attacks, compromising security of applications as well. To overcome
this dependency, Intel introduced SGX, which allows to protect application code
against a subverted or malicious OS by running it in a hardware-protected
enclave. However, SGX lacks support for generic trusted I/O paths to protect
user input and output between enclaves and I/O devices.
This work presents SGXIO, a generic trusted path architecture for SGX,
allowing user applications to run securely on top of an untrusted OS, while at
the same time supporting trusted paths to generic I/O devices. To achieve this,
SGXIO combines the benefits of SGX's easy programming model with traditional
hypervisor-based trusted path architectures. Moreover, SGXIO can tweak insecure
debug enclaves to behave like secure production enclaves. SGXIO surpasses
traditional use cases in cloud computing and makes SGX technology usable for
protecting user-centric, local applications against kernel-level keyloggers and
likewise. It is compatible to unmodified operating systems and works on a
modern commodity notebook out of the box. Hence, SGXIO is particularly
promising for the broad x86 community to which SGX is readily available.Comment: To appear in CODASPY'1
Systems development methods and usability in Norway: An industrial perspective
This is the post-print version of the Article. The official published version can be accessed from the link below - Copyright @ 2007 Springer Berlin HeidelbergThis paper investigates the relationship between traditional systems development methodologies and usability, through a survey of 78 Norwegian IT companies. Building on previous research we proposed two hypotheses; (1) that software companies will generally pay lip service to usability, but do not prioritize it in industrial projects, and (2) that systems development methods and usability are perceived as not being integrated. We find support for both hypotheses. Thus, the use of systems development methods is fairly stable, confirming earlier research. Most companies do not use a formal method, and of those who do, the majority use their own method. Generally, the use of methods is rather pragmatic: Companies that do not use formal methods report that they use elements from such methods. Further, companies that use their own method import elements from standardised methods into their own
The role of the user within the medical device design and development process: medical device manufacturers' perspectives
Copyright @ 2011 Money et al.Background: Academic literature and international standards bodies suggest that user involvement, via the incorporation of human factors engineering methods within the medical device design and development (MDDD) process, offer many benefits that enable the development of safer and more usable medical devices that are better suited to users' needs. However, little research has been carried out to explore medical device manufacturers' beliefs and attitudes towards user involvement within this process, or indeed what value they believe can be added by doing so.Methods: In-depth interviews with representatives from 11 medical device manufacturers are carried out. We ask them to specify who they believe the intended users of the device to be, who they consult to inform the MDDD process, what role they believe the user plays within this process, and what value (if any) they believe users add. Thematic analysis is used to analyse the fully transcribed interview data, to gain insight into medical device manufacturers' beliefs and attitudes towards user involvement within the MDDD process.Results: A number of high-level themes emerged, relating who the user is perceived to be, the methods used, the perceived value and barriers to user involvement, and the nature of user contributions. The findings reveal that despite standards agencies and academic literature offering strong support for the employment formal methods, manufacturers are still hesitant due to a range of factors including: perceived barriers to obtaining ethical approval; the speed at which such activity may be carried out; the belief that there is no need given the 'all-knowing' nature of senior health care staff and clinical champions; a belief that effective results are achievable by consulting a minimal number of champions. Furthermore, less senior health care practitioners and patients were rarely seen as being able to provide valuable input into the process.Conclusions: Medical device manufacturers often do not see the benefit of employing formal human factors engineering methods within the MDDD process. Research is required to better understand the day-to-day requirements of manufacturers within this sector. The development of new or adapted methods may be required if user involvement is to be fully realised.This study was in part funded by grant number Ref: GR/S29874/01 from the Engineering and Physical Sciences Research Council. This article is made available through the Brunel University Open Access Publishing Fund
The Continuing Retirement Savings Crisis
The study analyzes workplace retirement plan coverage, retirement account ownership, and household retirement savings as a percentage of income, and estimates the share of working families that meet financial industry recommended benchmarks for retirement savings
- …