Composite Enclaves: Towards Disaggregated Trusted Execution

The ever-rising computation demand is forcing the move from the CPU to heterogeneous specialized hardware, which is readily available across modern datacenters through disaggregated infrastructure. On the other hand, trusted execution environments (TEEs), one of the most promising recent developments in hardware security, can only protect code confined in the CPU, limiting TEEs' potential and applicability to a handful of applications. We observe that the TEEs' hardware trusted computing base (TCB) is fixed at design time, which in practice leads to using untrusted software to employ peripherals in TEEs. Based on this observation, we propose \emph{composite enclaves} with a configurable hardware and software TCB, allowing enclaves access to multiple computing and IO resources. Finally, we present two case studies of composite enclaves: i) an FPGA platform based on RISC-V Keystone connected to emulated peripherals and sensors, and ii) a large-scale accelerator. These case studies showcase a flexible but small TCB (2.5 KLoC for IO peripherals and drivers), with a low-performance overhead (only around 220 additional cycles for a context switch), thus demonstrating the feasibility of our approach and showing that it can work with a wide range of specialized hardware

TEEvil: Identity Lease via Trusted Execution Environments

We investigate identity lease, a new type of service in which users lease their identities to third parties by providing them with full or restricted access to their online accounts or credentials. We discuss how identity lease could be abused to subvert the digital society, facilitating the spread of fake news and subverting electronic voting by enabling the sale of votes. We show that the emergence of Trusted Execution Environments and anonymous cryptocurrencies, for the first time, allows the implementation of such a lease service while guaranteeing fairness, plausible deniability and anonymity, therefore shielding the users and account renters from prosecution. To show that such a service can be practically implemented, we build an example service that we call TEEvil leveraging Intel SGX and ZCash. Finally, we discuss defense mechanisms and challenges in the mitigation of identity lease services.Comment: 21 pages, 5 figure

It's TEEtime: A New Architecture Bringing Sovereignty to Smartphones

Modern smartphones are complex systems in which control over phone resources is exercised by phone manufacturers, OS vendors, and users. These stakeholders have diverse and often competing interests. Barring some exceptions, users entrust their security and privacy to OS vendors (Android and iOS) and need to accept their constraints. Manufacturers protect their firmware and peripherals from the OS by executing in the highest privilege and leveraging dedicated CPUs and TEEs. OS vendors need to trust the highest privileged code deployed by manufacturers. This division of control over the phone is not ideal for OS vendors and is even more disadvantageous for the users. Users are generally limited in what applications they can install on their devices, in the privacy model and trust assumptions of the existing applications, and in the functionalities that applications can have. We propose TEEtime, a new smartphone architecture based on trusted execution allowing to balance the control different stakeholders exert over phones. More leveled control over the phone means that no stakeholder is more privileged than the others. In particular, TEEtime makes users sovereign over their phones: It enables them to install sensitive applications in isolated domains with protected access to selected peripherals alongside an OS. TEEtime achieves this while maintaining compatibility with the existing smartphone ecosystem and without relying on virtualization; it only assumes trust in a phone's firmware. TEEtime is the first TEE architecture that allows isolated execution domains to gain protected and direct access to peripherals. TEEtime is based on Armv8-A and achieves peripheral isolation using a novel mechanism based on memory and interrupt controller protection. We demonstrate the feasibility of our design by implementing a prototype of TEEtime, and by running exemplary sensitive applications

Anisotropic flow of charged hadrons, pions and (anti-)protons measured at high transverse momentum in Pb-Pb collisions at sNN=2.76\sqrt{s_{\rm NN}}=2.76 TeV

The elliptic, $v_2$, triangular, $v_3$, and quadrangular, $v_4$, azimuthal anisotropic flow coefficients are measured for unidentified charged particles, pions and (anti-)protons in Pb-Pb collisions at $\sqrt{s_{\rm NN}} = 2.76$ TeV with the ALICE detector at the Large Hadron Collider. Results obtained with the event plane and four-particle cumulant methods are reported for the pseudo-rapidity range $|\eta|<0.8$ at different collision centralities and as a function of transverse momentum, $p_{\rm T}$, out to $p_{\rm T}=20$ GeV/$c$. The observed non-zero elliptic and triangular flow depends only weakly on transverse momentum for $p_{\rm T}>8$ GeV/$c$. The small $p_{\rm T}$ dependence of the difference between elliptic flow results obtained from the event plane and four-particle cumulant methods suggests a common origin of flow fluctuations up to $p_{\rm T}=8$ GeV/$c$. The magnitude of the (anti-)proton elliptic and triangular flow is larger than that of pions out to at least $p_{\rm T}=8$ GeV/$c$ indicating that the particle type dependence persists out to high $p_{\rm T}$.Comment: 16 pages, 5 captioned figures, authors from page 11, published version, figures at http://aliceinfo.cern.ch/ArtSubmission/node/186

Centrality dependence of charged particle production at large transverse momentum in Pb-Pb collisions at sNN=2.76\sqrt{s_{\rm{NN}}} = 2.76 TeV

The inclusive transverse momentum ($p_{\rm T}$) distributions of primary charged particles are measured in the pseudo-rapidity range $|\eta|<0.8$ as a function of event centrality in Pb-Pb collisions at $\sqrt{s_{\rm{NN}}}=2.76$ TeV with ALICE at the LHC. The data are presented in the $p_{\rm T}$ range $0.15<p_{\rm T}<50$ GeV/$c$ for nine centrality intervals from 70-80% to 0-5%. The Pb-Pb spectra are presented in terms of the nuclear modification factor $R_{\rm{AA}}$ using a pp reference spectrum measured at the same collision energy. We observe that the suppression of high-$p_{\rm T}$ particles strongly depends on event centrality. In central collisions (0-5%) the yield is most suppressed with $R_{\rm{AA}}\approx0.13$ at $p_{\rm T}=6$-7 GeV/$c$. Above $p_{\rm T}=7$ GeV/$c$, there is a significant rise in the nuclear modification factor, which reaches $R_{\rm{AA}} \approx0.4$ for $p_{\rm T}>30$ GeV/$c$. In peripheral collisions (70-80%), the suppression is weaker with $R_{\rm{AA}} \approx 0.7$ almost independently of $p_{\rm T}$. The measured nuclear modification factors are compared to other measurements and model calculations.Comment: 17 pages, 4 captioned figures, 2 tables, authors from page 12, published version, figures at http://aliceinfo.cern.ch/ArtSubmission/node/284

Effective Rheology of Bubbles Moving in a Capillary Tube

We calculate the average volumetric flux versus pressure drop of bubbles moving in a single capillary tube with varying diameter, finding a square-root relation from mapping the flow equations onto that of a driven overdamped pendulum. The calculation is based on a derivation of the equation of motion of a bubble train from considering the capillary forces and the entropy production associated with the viscous flow. We also calculate the configurational probability of the positions of the bubbles.Comment: 4 pages, 1 figur

Charge separation relative to the reaction plane in Pb-Pb collisions at sNN=2.76\sqrt{s_{\rm NN}}= 2.76 TeV

Measurements of charge dependent azimuthal correlations with the ALICE detector at the LHC are reported for Pb-Pb collisions at $\sqrt{s_{\rm NN}} = 2.76$ TeV. Two- and three-particle charge-dependent azimuthal correlations in the pseudo-rapidity range $|\eta| < 0.8$ are presented as a function of the collision centrality, particle separation in pseudo-rapidity, and transverse momentum. A clear signal compatible with a charge-dependent separation relative to the reaction plane is observed, which shows little or no collision energy dependence when compared to measurements at RHIC energies. This provides a new insight for understanding the nature of the charge dependent azimuthal correlations observed at RHIC and LHC energies.Comment: 12 pages, 3 captioned figures, authors from page 2 to 6, published version, figures at http://aliceinfo.cern.ch/ArtSubmission/node/286

A note on comonotonicity and positivity of the control components of decoupled quadratic FBSDE

In this small note we are concerned with the solution of Forward-Backward Stochastic Differential Equations (FBSDE) with drivers that grow quadratically in the control component (quadratic growth FBSDE or qgFBSDE). The main theorem is a comparison result that allows comparing componentwise the signs of the control processes of two different qgFBSDE. As a byproduct one obtains conditions that allow establishing the positivity of the control process.Comment: accepted for publicatio