Stacco: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves

Intel Software Guard Extension (SGX) offers software applications enclave to protect their confidentiality and integrity from malicious operating systems. The SSL/TLS protocol, which is the de facto standard for protecting transport-layer network communications, has been broadly deployed for a secure communication channel. However, in this paper, we show that the marriage between SGX and SSL may not be smooth sailing. Particularly, we consider a category of side-channel attacks against SSL/TLS implementations in secure enclaves, which we call the control-flow inference attacks. In these attacks, the malicious operating system kernel may perform a powerful man-in-the-kernel attack to collect execution traces of the enclave programs at page, cacheline, or branch level, while positioning itself in the middle of the two communicating parties. At the center of our work is a differential analysis framework, dubbed Stacco, to dynamically analyze the SSL/TLS implementations and detect vulnerabilities that can be exploited as decryption oracles. Surprisingly, we found exploitable vulnerabilities in the latest versions of all the SSL/TLS libraries we have examined. To validate the detected vulnerabilities, we developed a man-in-the-kernel adversary to demonstrate Bleichenbacher attacks against the latest OpenSSL library running in the SGX enclave (with the help of Graphene) and completely broke the PreMasterSecret encrypted by a 4096-bit RSA public key with only 57286 queries. We also conducted CBC padding oracle attacks against the latest GnuTLS running in Graphene-SGX and an open-source SGX-implementation of mbedTLS (i.e., mbedTLS-SGX) that runs directly inside the enclave, and showed that it only needs 48388 and 25717 queries, respectively, to break one block of AES ciphertext. Empirical evaluation suggests these man-in-the-kernel attacks can be completed within 1 or 2 hours.Comment: CCS 17, October 30-November 3, 2017, Dallas, TX, US

Monitoring the health of the greater Mekong’s rivers

The methods used for biomonitoring can be sophisticated, producing highly accurate results, but can also be simplified for communities to use. In countries where budgets for biomonitoring are low, using community-based biomonitoring systems can effectively and cheaply tell us about a river’s health

Robust estimation of bacterial cell count from optical density

Optical density (OD) is widely used to estimate the density of cells in liquid culture, but cannot be compared between instruments without a standardized calibration protocol and is challenging to relate to actual cell count. We address this with an interlaboratory study comparing three simple, low-cost, and highly accessible OD calibration protocols across 244 laboratories, applied to eight strains of constitutive GFP-expressing E. coli. Based on our results, we recommend calibrating OD to estimated cell count using serial dilution of silica microspheres, which produces highly precise calibration (95.5% of residuals <1.2-fold), is easily assessed for quality control, also assesses instrument effective linear range, and can be combined with fluorescence calibration to obtain units of Molecules of Equivalent Fluorescein (MEFL) per cell, allowing direct comparison and data fusion with flow cytometry measurements: in our study, fluorescence per cell measurements showed only a 1.07-fold mean difference between plate reader and flow cytometry data

水道事業体における消費エネルギーの低減と水道水質とのトレードオフモデルの開発

京都大学0048新制・課程博士博士(工学)甲第17141号工博第3631号新制||工||1551(附属図書館)29880京都大学大学院工学研究科都市社会工学専攻(主査）教授 伊藤 禎彦, 教授 米田 稔, 准教授 越後 信哉学位規則第4条第1項該当Doctor of Philosophy (Engineering)Kyoto UniversityDFA

Freshwater ostracods (Crustacea: Ostracoda) of the plateaus of the northern Western Ghats, India

A literature review and taxonomic comments on the freshwater Ostracoda from the northern Western Ghats with specific emphasis on the habitats of rocky outcrops are given

Manual on framework for river health assessment in Thailand

This manual has been developed by researchers from the Asian Institute of Technology (AIT) as part of project that sought to develop a river health assessment framework for Thailand. The project was supported by CGIAR’s Programme on Water, Land and Ecosystem (Greater Mekong) and Australian Aid. The authors of this Manual—Victor R. Shinde, Mukand S. Babel, and Prangpisut Suttharom—acknowledge the support provided by a number of organizations and individuals. These include the Pollution Control Department of Thailand, and Thai Water Partnership; and Oleg Shipin, Sangam Shrestha, Pinida Leelapanang Kamphaengthong, and Panpilai Sukhonthasindhu who were all part of the project. Special thanks also go to Kim Geheb and Mayvong Sayatham from the CGIAR WLE Programme for providing valuable insights during the course of the project. In early 2018, the project team presented this framework to an international group of scientists and practitioners from all over the world. Their feedback and input have helped fine-tune the content of this manual. The authors extend their sincere gratitude to these experts

Healthy urban rivers as a panacea to pandemic-related stress: How to manage urban rivers

During the lockdown imposed due to the first wave of the coronavirus disease (COVID-19) pandemic, there were several media reports of citizens flouting the lockdown rules in the United States. Upon closer investigation it was found that the rules were flouted mostly so that people could spend time outdoors in natural environments. This exemplifies the role of the natural environment as a panacea to the mental stress created by pandemics. River ecosystems are perhaps the greatest natural feature of any city. Efficient management of urban rivers, therefore, is strongly correlated to crisis management during pandemics like COVID-19. However, urban rivers, today, are facing multiple challenges, such as river pollution, drying up of river stretches, encroachment of rivers into floodplains, and biodiversity losses. These can be attributed to the various urban development activities, due to which cities have inadvertently short-changed the rivers. Managing an urban river, especially a degraded one, requires several transformational solutions that may have to be implemented over long and sustained periods in order to reap the optimal benefits. Many such solutions are often started with great enthusiasm but get derailed over time because of the lack of a long-term institutional mechanism required to support the overall outcome. A Master Plan is a good instrument to address this challenge. This paper describes a set of tools and avenues within Master Plans that can be used to address typical river-related challenges in Indian cities. It also showcases the example of the Urban River Management Plan for Kanpur city, where these tools and avenues have been used to inform the Master Plan of the city

Development of a Generic Domestic Water Security Index, and Its Application in Addis Ababa, Ethiopia

Water security is a global concern because of the growing impact of human activities and climate change on water resources. Studies had been performed at global, country, and city level to assess the water security issues. However, assessment of water security at a domestic scale is lacking. This paper develops a new domestic water security assessment framework accounting for water supply, sanitation, and hygiene through twelve indicators. Water supply, sanitation, and hygiene are central to key water-related sustainable development goals. The framework is subsequently applied to the city of Addis Ababa, Ethiopia. From the domestic water security assessment of Addis Ababa, the water supply dimension was found to be of good level, whereas the sanitation and hygiene dimensions were of poor and fair level, respectively, indicating both a challenge and an opportunity for development. Because the analysis is spatially explicit at the city-branch level (in Addis), variation in domestic water security performance across Addis Ababa can be assessed, allowing efficient targeting of scant resources (financial, technical, personnel). Analysis further shows that a lack of institutional capacity within the utility, existing infrastructure leading to ‘lock-in’ and hindering maintenance and upgrade initiatives, and an unreliable power supply are the main issues leading to poor domestic water security in the study city. These areas should be tackled to improve the current situation and mitigate future problems. The developed framework is generic enough to be applied to other urban and peri-urban areas, yet provides planners and policy makers with specific information on domestic water security considering water supply, sanitation and hygiene, and accounting for within-city variability. This work could therefore have practical applicability for water service providers

Modeling EMI Due to Display Signals in a TV

Modeling the electromagnetic emissions from a complex product such as a TV presents many challenges due to the complexity of electromagnetic interaction between multiple noise sources and interconnected resonant structures. A set of advanced methods such as the design and use of substitution boards for electromagnetic interference analysis, a practical simulation model for verifying the accuracy of the passive structures of the TV, an empirical scaling factor for incorporating the main processing board using the Huygens Equivalence theorem and modeling the radiation due to the flex cable based on active probe measurements is presented. The combined model comprised of the relevant noise sources and structures allowed the prediction of the most critical radiated emissions and the total radiated power caused due to the display signals