275 research outputs found

    Spons & shields: practical isolation for trusted execution

    Get PDF
    Trusted execution environments (TEEs) promise a cost-effective, “lift-and-shift” solution for deploying security-sensitive applications in untrusted clouds. For this, they must support rich, multi-component applications, but a large trusted computing base (TCB) inside the TEE risks that attackers can compromise application security. Fine-grained compartmentalisation can increase security through defense-in-depth, but current solutions either run all software components unprotected in the same TEE, lack efficient shared memory support, or isolate application processes using separate TEEs, impacting performance and compatibility. We describe the Spons & Shields framework (SSF) for Intel SGX TEEs, which offers intra-TEE compartmentalisation using two new abstraction, Spons and Shields. Spons and Shields generalise process, library and user/kernel isolation inside the TEE while allowing for efficient memory sharing. When users deploy unmodified multi-component applications in a TEE, SSF dynamically creates Spons (one per POSIX process or library) and Shields (to enforce a given security policy for memory accesses). Applications can be hardened with minor code changes, e.g., by using a separate Shield to isolate an SSL library. SSF uses compiler instrumentation to protect Shield boundaries, exploiting MPX instructions if available. We evaluate SSF using a complex application service (NGINX, PHP interpreter and PostgreSQL) and show that its overhead is comparable to process isolation

    CAP-VMs: Capability-based isolation and sharing in the cloud

    Get PDF
    Cloud stacks must isolate application components, while permitting efficient data sharing between components deployed on the same physical host. Traditionally, the MMU enforces isolation and permits sharing at page granularity. MMU approaches, however, lead to cloud stacks with large TCBs in kernel space, and page granularity requires inefficient OS interfaces for data sharing. Forthcoming CPUs with hardware support for memory capabilities offer new opportunities to implement isolation and sharing at a finer granularity. We describe cVMs, a new VM-like abstraction that uses memory capabilities to isolate application components while supporting efficient data sharing, all without mandating application code to be capability-aware. cVMs share a single virtual address space safely, each having only capabilities to access its own memory. A cVM may include a library OS, thus minimizing its dependency on the cloud environment. cVMs efficiently exchange data through two capability-based primitives assisted by a small trusted monitor: (i) an asynchronous read/write interface to buffers shared between cVMs; and (ii) a call interface to transfer control between cVMs. Using these two primitives, we build more expressive mechanisms for efficient cross-cVM communication. Our prototype implementation using CHERI RISC-V capabilities shows that cVMs isolate services (Redis and Python) with low overhead while improving data sharing

    ORC: Increasing cloud memory density via object reuse with capabilities

    Get PDF
    Cloud environments host many tenants, and typically there is substantial overlap between the application binaries and libraries executed by tenants. Thus, memory de-duplication can increase memory density by allocating memory for shared binaries only once. Existing de-duplication approaches, however, either rely on a shared OS to de-deduplicate binary objects, which provides unacceptably weak isolation; or exploit hypervisor-based de-duplication at the level of memory pages, which is blind to the semantics of the objects to be shared. We describe Object Reuse with Capabilities (ORC), which supports the fine-grained sharing of binary objects between tenants, while isolating tenants strongly through a small trusted computing base (TCB). ORC uses hardware sup- port for memory capabilities to isolate tenants, which permits shared objects to be accessible to multiple tenants safely. Since ORC shares binary objects within a single address space through capabilities, it uses a new relocation type to create per-tenant state when loading shared objects. ORC supports the loading of objects by an untrusted guest, outside of its TCB, only verifying the safety of the loaded data. Our experiments show that ORC achieves a higher memory density with a lower overhead than hypervisor-based de-deduplication

    Spindle checkpoint proteins Mad1 and Mad2 are required for cytostatic factor–mediated metaphase arrest

    Get PDF
    In cells containing disrupted spindles, the spindle assembly checkpoint arrests the cell cycle in metaphase. The budding uninhibited by benzimidazole (Bub) 1, mitotic arrest-deficient (Mad) 1, and Mad2 proteins promote this checkpoint through sustained inhibition of the anaphase-promoting complex/cyclosome. Vertebrate oocytes undergoing meiotic maturation arrest in metaphase of meiosis II due to a cytoplasmic activity termed cytostatic factor (CSF), which appears not to be regulated by spindle dynamics. Here, we show that microinjection of Mad1 or Mad2 protein into early Xenopus laevis embryos causes metaphase arrest like that caused by Mos. Microinjection of antibodies to either Mad1 or Mad2 into maturing oocytes blocks the establishment of CSF arrest in meiosis II, and immunodepletion of either protein blocked the establishment of CSF arrest by Mos in egg extracts. A Mad2 mutant unable to oligomerize (Mad2 R133A) did not cause cell cycle arrest in blastomeres or in egg extracts. Once CSF arrest has been established, maintenance of metaphase arrest requires Mad1, but not Mad2 or Bub1. These results suggest a model in which CSF arrest by Mos is mediated by the Mad1 and Mad2 proteins in a manner distinct from the spindle checkpoint

    Formation of carbohydrate-functionalised polystyrene and glass slides and their analysis by MALDI-TOF MS

    Get PDF
    Glycans functionalised with hydrophobic trityl groups were synthesised and adsorbed onto polystyrene and glass slides in an array format. The adsorbed glycans could be analysed directly on these minimally conducting surfaces by MALDI-TOF mass spectrometry analysis after aluminium tape was attached to the underside of the slides. Furthermore, the trityl group appeared to act as an internal matrix and no additional matrix was necessary for the MS analysis. Thus, trityl groups can be used as simple hydrophobic, noncovalently linked anchors for ligands on surfaces and at the same time facilitate the in situ mass spectrometric analysis of such ligands

    Benefits Analysis of Wind-Optimal Operations For Trans-Atlantic Flights

    Get PDF
    North Atlantic Tracks are trans-Atlantic routes across the busiest oceanic airspace in the world. This study analyzes and compares current flight-plan routes to wind-optimal routes for trans-Atlantic flights in terms of aircraft fuel burn, emissions and the associated climate impact. The historical flight track data recorded by EUROCONTROL's Central Flow Management Unit is merged with data from FAA's Enhanced Traffic Management System to provide an accurate flight movement database containing the highest available flight path resolution in both systems. The combined database is adopted for airspace simulation integrated with aircraft fuel burn and emissions models, contrail models, simplified climate response models, and a common climate metric to assess the climate impact of flight routes within the Organized Track System (OTS). The fuel burn and emissions for the tracks in the OTS are compared with the corresponding quantities for the wind-optimized routes to evaluate the potential environmental benefits of flying wind-optimal routes in North Atlantic Airspace. The potential fuel savings and reduction in emissions depend on existing inefficiencies in current flight plans, atmospheric conditions and location of the city-pairs. The potential benefits are scaled by comparing them with actual flight tests that have been conducted since 2010 between a few city-pairs in the transatlantic and trans-pacific region to improve fuel consumption and reduce the environmental impact of aviation

    TaLoS: secure and transparent TLS termination inside SGX enclaves

    Get PDF
    We introduce TaLoS1, a drop-in replacement for existing transport layer security (TLS) libraries that protects itself from a malicious environment by running inside an Intel SGX trusted execution environment. By minimising the amount of enclave transitions and reducing the overhead of the remaining enclave transitions, TaLoS imposes an overhead of no more than 31% in our evaluation with the Apache web server and the Squid proxy

    Informing additive manufacturing technology adoption: total cost and the impact of capacity utilisation

    Get PDF
    Informing Additive Manufacturing (AM) technology adoption decisions, this paper investigates the relationship between build volume capacity utilisation and efficient technology operation in an inter-process comparison of the costs of manufacturing a complex component used in the packaging industry. Confronting the reported costs of a conventional machining and welding pathway with an estimator of the costs incurred through an AM route utilising Direct Metal Laser Sintering (DMLS), we weave together four aspects: optimised capacity utilisation, ancillary process steps, the effect of build failure and design adaptation. Recognising that AM users can fill unused machine capacity with other, potentially unrelated, geometries, we posit a characteristic of ‘fungible’ build capacity. This aspect is integrated in the cost estimation framework through computational build volume packing, drawing on a basket of sample geometries. We show that the unit cost in mixed builds at full capacity is lower than in builds limited to a single type of geometry; in our study, this results in a mean unit cost overstatement of 157%. The estimated manufacturing cost savings from AM adoption range from 36 to 46%. Additionally, we indicate that operating cost savings resulting from design adaptation are likely to far outweigh the manufacturing cost advantage

    Automating Data Rights

    Get PDF
    This report documents the program and the outcomes of Dagstuhl Seminar 18181 “Towards Accountable Systems”, which took place from April 29th to May 4th, 2018, at Schloss Dagstuhl – Leibniz Center for Informatics. Researchers and practitioners from academia and industry were brought together covering broad fields from computer and information science, public policy and law. Many risks and opportunities were discussed that relate to the alignment of systems technologies with developing legal and regulatory requirements and evolving user expectations. This report summarises outcomes of the seminar by highlighting key future research directions and challenges that lie on the path to developing systems that better align with accountability concerns

    Direct and Absolute Quantification of over 1800 Yeast Proteins via Selected Reaction Monitoring

    Get PDF
    Defining intracellular protein concentration is critical in molecular systems biology. Although strategies for determining relative protein changes are available, defining robust absolute values in copies per cell has proven significantly more challenging. Here we present a reference data set quantifying over 1800 Saccharomyces cerevisiae proteins by direct means using protein-specific stable-isotope labeled internal standards and selected reaction monitoring (SRM) mass spectrometry, far exceeding any previous study. This was achieved by careful design of over 100 QconCAT recombinant proteins as standards, defining 1167 proteins in terms of copies per cell and upper limits on a further 668, with robust CVs routinely less than 20%. The selected reaction monitoring-derived proteome is compared with existing quantitative data sets, highlighting the disparities between methodologies. Coupled with a quantification of the transcriptome by RNA-seq taken from the same cells, these data support revised estimates of several fundamental molecular parameters: a total protein count of ∼100 million molecules-per-cell, a median of ∼1000 proteins-per-transcript, and a linear model of protein translation explaining 70% of the variance in translation rate. This work contributes a “gold-standard” reference yeast proteome (including 532 values based on high quality, dual peptide quantification) that can be widely used in systems models and for other comparative studies. Reliable and accurate quantification of the proteins present in a cell or tissue remains a major challenge for post-genome scientists. Proteins are the primary functional molecules in biological systems and knowledge of their abundance and dynamics is an important prerequisite to a complete understanding of natural physiological processes, or dysfunction in disease. Accordingly, much effort has been spent in the development of reliable, accurate and sensitive techniques to quantify the cellular proteome, the complement of proteins expressed at a given time under defined conditions (1). Moreover, the ability to model a biological system and thus characterize it in kinetic terms, requires that protein concentrations be defined in absolute numbers (2, 3). Given the high demand for accurate quantitative proteome data sets, there has been a continual drive to develop methodology to accomplish this, typically using mass spectrometry (MS) as the analytical platform. Many recent studies have highlighted the capabilities of MS to provide good coverage of the proteome at high sensitivity often using yeast as a demonstrator system (4⇓⇓⇓⇓⇓–10), suggesting that quantitative proteomics has now “come of age” (1). However, given that MS is not inherently quantitative, most of the approaches produce relative quantitation and do not typically measure the absolute concentrations of individual molecular species by direct means. For the yeast proteome, epitope tagging studies using green fluorescent protein or tandem affinity purification tags provides an alternative to MS. Here, collections of modified strains are generated that incorporate a detectable, and therefore quantifiable, tag that supports immunoblotting or fluorescence techniques (11, 12). However, such strategies for copies per cell (cpc) quantification rely on genetic manipulation of the host organism and hence do not quantify endogenous, unmodified protein. Similarly, the tagging can alter protein levels - in some instances hindering protein expression completely (11). Even so, epitope tagging methods have been of value to the community, yielding high coverage quantitative data sets for the majority of the yeast proteome (11, 12). MS-based methods do not rely on such nonendogenous labels, and can reach genome-wide levels of coverage. Accurate estimation of absolute concentrations i.e. protein copy number per cell, also usually necessitates the use of (one or more) external or internal standards from which to derive absolute abundance (4). Examples include a comprehensive quantification of the Leptospira interrogans proteome that used a 19 protein subset quantified using selected reaction monitoring (SRM)1 to calibrate their label-free data (8, 13). It is worth noting that epitope tagging methods, although also absolute, rely on a very limited set of standards for the quantitative western blots and necessitate incorporation of a suitable immunogenic tag (11). Other recent, innovative approaches exploiting total ion signal and internal scaling to estimate protein cellular abundance (10, 14), avoid the use of internal standards, though they do rely on targeted proteomic data to validate their approach. The use of targeted SRM strategies to derive proteomic calibration standards highlights its advantages in comparison to label-free in terms of accuracy, precision, dynamic range and limit of detection and has gained currency for its reliability and sensitivity (3, 15⇓–17). Indeed, SRM is often referred to as the “gold standard proteomic quantification method,” being particularly well-suited when the proteins to be quantified are known, when appropriate surrogate peptides for protein quantification can be selected a priori, and matched with stable isotope-labeled (SIL) standards (18⇓–20). In combination with SIL peptide standards that can be generated through a variety of means (3, 15), SRM can be used to quantify low copy number proteins, reaching down to ∼50 cpc in yeast (5). However, although SRM methodology has been used extensively for S. cerevisiae protein quantification by us and others (19, 21, 22), it has not been used for large protein cohorts because of the requirement to generate the large numbers of attendant SIL peptide standards; the largest published data set is only for a few tens of proteins. It remains a challenge therefore to robustly quantify an entire eukaryotic proteome in absolute terms by direct means using targeted MS and this is the focus of our present study, the Census Of the Proteome of Yeast (CoPY). We present here direct and absolute quantification of nearly 2000 endogenous proteins from S. cerevisiae grown in steady state in a chemostat culture, using the SRM-based QconCAT approach. Although arguably not quantification of the entire proteome, this represents an accurate and rigorous collection of direct yeast protein quantifications, providing a gold-standard data set of endogenous protein levels for future reference and comparative studies. The highly reproducible SIL-SRM MS data, with robust CVs typically less than 20%, is compared with other extant data sets that were obtained via alternative analytical strategies. We also report a matched high quality transcriptome from the same cells using RNA-seq, which supports additional calculations including a refined estimate of the total protein content in yeast cells, and a simple linear model of translation explaining 70% of the variance between RNA and protein levels in yeast chemostat cultures. These analyses confirm the validity of our data and approach, which we believe represents a state-of-the-art absolute quantification compendium of a significant proportion of a model eukaryotic proteome
    corecore