Side-Channel Attacks on Intel SGX: How SGX Amplifies The Power of Cache Attack

In modern computing environments, hardware resources are commonly shared, and parallel computation is more widely used. Users run their services in parallel on the same hardware and process information with different confidentiality levels every day. Running parallel tasks can cause privacy and security problems if proper isolation is not enforced. Computers need to rely on a trusted root to protect the data from malicious entities. Intel proposed the Software Guard eXtension (SGX) to create a trusted execution environment (TEE) within the processor. SGX allows developers to benefit from the hardware level isolation. SGX relies only on the hardware, and claims runtime protection even if the OS and other software components are malicious. However, SGX disregards any kind of side-channel attacks. Researchers have demonstrated that microarchitectural sidechannels are very effective in thwarting the hardware provided isolation. In scenarios that involve SGX as part of their defense mechanism, system adversaries become important threats, and they are capable of initiating these attacks. This work introduces a new and more powerful cache side-channel attack that provides system adversaries a high resolution channel. The developed attack is able to virtually track all memory accesses of SGX execution with temporal precision. As a proof of concept, we demonstrate our attack to recover cryptographic AES keys from the commonly used implementations including those that were believed to be resistant in previous attack scenarios. Our results show that SGX cannot protect critical data sensitive computations, and efficient AES key recovery is possible in a practical environment. In contrast to previous attacks which require hundreds of measurements, this is the first cache side-channel attack on a real system that can recover AES keys with a minimal number of measurements. We can successfully recover the AES key from T-Table based implementations in a known plaintext and ciphertext scenario with an average of 15 and 7 samples respectively

Legal foundations of lawful government, sovereignty, and state in the Islamic Republic of Iran

Abstract: This paper aims to introduce the theories on emergence of concepts like government, sovereignty, and state and analyze the foundations of constitution and the bases of other evolutionary laws. The state can find consistency and durability within the sovereignty and government of law. Foundation of the government, sovereignty, and state in the Islamic Republic of Iran complies with the theory of "God's dominion over the world and human" which is forms the basis of Islam. This also determines the responsibility, scope of duties, and civil tasks of the state. According to the Forty-Forth Article of Constitution of the Islamic Republic of Iran, Iran's economic and social systems can function in public, cooperative, and private sectors. So, lawful government, sovereignty, and state will have their own independent identity based on legal foundations

Ethical Considerations in Physical Education

The present article tries to examine those aspects of personal capability management in a valued system and ethical considerations as well as toady theories based on verses and documented narrations about physical exercise and skills in Islam. Since there are many evidences about a careful attitude regarding a well-trained body and calm mentality in valued system and there are many documented case studies in this field, while studying long background especially pre-history and before various religions especially Islam, approaches and comparative studies along with documented narrations and statements of contemporary connoisseurs are addressed of which one can point out mental and physical health, the personal capabilities management, ethical considerations and practical abilities such resistance, high morale, agility, stress-avoiding, situation cognition and rival cognition. Meanwhile, in defining the evidences of valued system, factual and historical cases in verses and narrations are provided

Epidemiological features of children mortality in the area covered by Shahid Beheshti university of medical sciences in 2012

Background and Aim: Under 5-years mortality year is one of the most important indicators of development and health in the countries. Therefore, generating accurate picture of child mortality in order to evaluate the death causes and identifying the avoidable factors for designing the interventions and preventing similar death is necessary. The present study aimed to investigate the causes of deaths in 1 to 59 months children in the area covered by Shahid Beheshti University of Medical Sciences in 2012. Methods: In this descriptive cross-sectional study that conducted from March 2012 to March 2013, all of 1 to 59 months children deaths in the area covered by Shahid Beheshti University of Medical Sciences were investigated. Required data was extracted from registration forms of the child health office of ministry of health and medical education. Results: The total number of deaths in 1 to 59 months children was 383. The highest frequency of death was observed in the children who aged between 1 to 12 months (57.8%). More than half of the children who died were boy (52.5%). Totally, the most common causes of death were congenital and chromosomal abnormalities (17.5%), injuries (15.4%) and cancers (11.2%). Conclusion: Based on the results, designing interventions such as genetic counseling in high risk couples, training of the parent and children for prevention of injuries and public awareness about the warning symptom of the cancers and respiratory system disease in order to reduce the children deaths is essential

Synthetic generation of multidimensional data to improve classification model validity

This article aims to compare Generative Adversarial Network (GAN) models and feature selection methods for generating synthetic data in order to improve the validity of a classification model. The synthetic data generation technique involves generating new data samples from existing data to increase the diversity of the data and help the model generalize better. The multidimensional aspect of the data refers to the fact that it can have multiple features or variables that describe it. The GAN models have proven to be effective in preserving the statistical properties of the original data. However, the order of data augmentation and feature selection is crucial to build robust and accurate predictive models. By comparing the different GAN models with feature selection methods on multidimensional datasets, this article aims to determine the best combination to support the validity of a classification model in multidimensional data.</p

Quantitative assessment of wound healing using high-frequency ultrasound image analysis

Purpose: We aimed to develop a method for quantitative assessment of wound healing in ulcerated diabetic feet. Methods: High‐frequency ultrasound (HFU) images of 30 wounds were acquired in a controlled environment on post‐debridement days 7, 14, 21, and 28. Meaningful features portraying changes in structure and intensity of echoes during healing were extracted from the images, their relevance and discriminatory power being verified by analysis of variance. Relative analysis of tissue healing was conducted by developing a features‐based healing function, optimised using the pattern‐search method. Its performance was investigated through leave‐one‐out cross‐validation technique and reconfirmed using principal component analysis. Results: The constructed healing function could depict tissue changes during healing with 87.8% accuracy. The first principal component derived from the extracted features demonstrated similar pattern to the constructed healing function, accounting for 86.3% of the data variance. Conclusion: The developed wound analysis technique could be a viable tool in quantitative assessment of diabetic foot ulcers during healing

MicroWalk: A Framework for Finding Side Channels in Binaries

Microarchitectural side channels expose unprotected software to information leakage attacks where a software adversary is able to track runtime behavior of a benign process and steal secrets such as cryptographic keys. As suggested by incremental software patches for the RSA algorithm against variants of side-channel attacks within different versions of cryptographic libraries, protecting security-critical algorithms against side channels is an intricate task. Software protections avoid leakages by operating in constant time with a uniform resource usage pattern independent of the processed secret. In this respect, automated testing and verification of software binaries for leakage-free behavior is of importance, particularly when the source code is not available. In this work, we propose a novel technique based on Dynamic Binary Instrumentation and Mutual Information Analysis to efficiently locate and quantify memory based and control-flow based microarchitectural leakages. We develop a software framework named \tool~for side-channel analysis of binaries which can be extended to support new classes of leakage. For the first time, by utilizing \tool, we perform rigorous leakage analysis of two widely-used closed-source cryptographic libraries: \emph{Intel IPP} and \emph{Microsoft CNG}. We analyze $15$ different cryptographic implementations consisting of $112$ million instructions in about $105$ minutes of CPU time. By locating previously unknown leakages in hardened implementations, our results suggest that \tool~can efficiently find microarchitectural leakages in software binaries