LightBox: Full-stack Protected Stateful Middlebox at Lightning Speed

Running off-site software middleboxes at third-party service providers has been a popular practice. However, routing large volumes of raw traffic, which may carry sensitive information, to a remote site for processing raises severe security concerns. Prior solutions often abstract away important factors pertinent to real-world deployment. In particular, they overlook the significance of metadata protection and stateful processing. Unprotected traffic metadata like low-level headers, size and count, can be exploited to learn supposedly encrypted application contents. Meanwhile, tracking the states of 100,000s of flows concurrently is often indispensable in production-level middleboxes deployed at real networks. We present LightBox, the first system that can drive off-site middleboxes at near-native speed with stateful processing and the most comprehensive protection to date. Built upon commodity trusted hardware, Intel SGX, LightBox is the product of our systematic investigation of how to overcome the inherent limitations of secure enclaves using domain knowledge and customization. First, we introduce an elegant virtual network interface that allows convenient access to fully protected packets at line rate without leaving the enclave, as if from the trusted source network. Second, we provide complete flow state management for efficient stateful processing, by tailoring a set of data structures and algorithms optimized for the highly constrained enclave space. Extensive evaluations demonstrate that LightBox, with all security benefits, can achieve 10Gbps packet I/O, and that with case studies on three stateful middleboxes, it can operate at near-native speed.Comment: Accepted at ACM CCS 201

Recommandations specifiques d'engrais: Calibration et validation du module phosphore du modele NuMaSS

Fertiliser recommendations in Mali as well as in many other countries of West Africa were made according to Chaminade's method. For socio-economic reasons, correcting deficiency rates of major nutrients were vulgarized. These blanket recommendation, when applied, lead to a continuous soil nutrient mining. The objective of this research was to calibrate and validate the P module of NuMass. Laboratory incubations were conducted to calibrate the P buffering coefficients used by the P module. Rates of N, P and lime predicted by NuMass model, considered as specific recommendations, were compared to the blanket recommendations in the field in order to validate them. The buffer coefficients were inversely proportional to the clay content. The buffering coefficient of sandy soils of Cinzana/Mali (0.73) and Kollo/Niger P3 (0.63) were higher compared to the clayey soils of Longorola-bf (0.22) and Kollo/Niger (0.21). Generally, buffering coefficients obtained by laboratory incubation (0.60) tended to be lower than the estimated coefficient by the P module NuMass (0.67). The range of the used soil texture (1.5-54.6 % clay) showed that the buffering coefficients estimated by the P module of NuMass were correct for flooded soils. Grain yield of different trials and tests do not indicate the expected higher performance of specific recommendations of fertilisers from NuMass model compared to the used blanket recommendation (1624 and 1582 kg ha-1 of maize; respectively

The integration of social concerns into electricity power planning : a combined delphi and AHP approach

The increasing acceptance of the principle of sustainable development has been a major driving force towards new approaches to energy planning. This is a complex process involving multiple and conflicting objectives, in which many agents were able to influence decisions. The integration of environmental, social and economic issues in decision making, although fundamental, is not an easy task, and tradeoffsmust be made. The increasing importance of social aspects adds additional complexity to the traditional models that must now deal with variables recognizably difficult to measure in a quantitative scale. This study explores the issue of the social impact, as a fundamental aspect of the electricity planning process, aiming to give a measurable interpretation of the expected social impact of future electricity scenarios. A structured methodology, based on a combination of the Analytic Hierarchy Process and Delphi process, is proposed. The methodology is applied for the social evaluation of future electricity scenarios in Portugal, resulting in the elicitation and assignment of average social impact values for these scenarios. The proposed tool offers guidance to decision makers and presents a clear path to explicitl

Information Asymmetry, Financialisation and Financial Access

This study investigates whether information sharing channels that are meant to reduce information asymmetry have led to an increase in financial access. The study employs a Generalised Method of Moments technique using data from 53 African countries during the period from 2004-2011 to examine this linkage. Information sharing channels are theoretically designed to promote the formal financial sector and discourage the informal financial sector. The study uses two information sharing channels: private credit bureaus and public credit registries. The study found that both information sharing channels have a positive and significant impact on financial access. The study also found that public credit registries complement the formal financial sector to promote financial access. The policy implications are discussed