AccTEE: A WebAssembly-based Two-way Sandbox for Trusted Resource Accounting

Remote computation has numerous use cases such as cloud computing, client-side web applications or volunteer computing. Typically, these computations are executed inside a sandboxed environment for two reasons: first, to isolate the execution in order to protect the host environment from unauthorised access, and second to control and restrict resource usage. Often, there is mutual distrust between entities providing the code and the ones executing it, owing to concerns over three potential problems: (i) loss of control over code and data by the providing entity, (ii) uncertainty of the integrity of the execution environment for customers, and (iii) a missing mutually trusted accounting of resource usage. In this paper we present AccTEE, a two-way sandbox that offers remote computation with resource accounting trusted by consumers and providers. AccTEE leverages two recent technologies: hardware-protected trusted execution environments, and Web-Assembly, a novel platform independent byte-code format. We show how AccTEE uses automated code instrumentation for fine-grained resource accounting while maintaining confidentiality and integrity of code and data. Our evaluation of AccTEE in three scenarios – volunteer computing, serverless computing, and pay-by-computation for the web – shows a maximum accounting overhead of 10%

ENDBOX: Scalable Middlebox Functions Using Client-Side Trusted Execution

Many organisations enhance the performance, security, and functionality of their managed networks by deploying middleboxes centrally as part of their core network. While this simplifies maintenance, it also increases cost because middlebox hardware must scale with the number of clients. A promising alternative is to outsource middlebox functions to the clients themselves, thus leveraging their CPU resources. Such an approach, however, raises security challenges for critical middlebox functions such as firewalls and intrusion detection systems. We describe EndBox, a system that securely executes middlebox functions on client machines at the network edge. Its design combines a virtual private network (VPN) with middlebox functions that are hardware-protected by a trusted execution environment (TEE), as offered by Intel's Software Guard Extensions (SGX). By maintaining VPN connection endpoints inside SGX enclaves, EndBox ensures that all client traffic, including encrypted communication, is processed by the middlebox. Despite its decentralised model, EndBox's middlebox functions remain maintainable: they are centrally controlled and can be updated efficiently. We demonstrate EndBox with two scenarios involving (i) a large company; and (ii) an Internet service provider that both need to protect their network and connected clients. We evaluate EndBox by comparing it to centralised deployments of common middlebox functions, such as load balancing, intrusion detection, firewalling, and DDoS prevention. We show that EndBox achieves up to 3.8x higher throughput and scales linearly with the number of clients

Virtual Reality Applications in Chronic Pain Management: Systematic Review and Meta-analysis

BackgroundVirtual reality (VR) is a computer technology that immerses a user in a completely different reality. The application of VR in acute pain settings is well established. However, in chronic pain, the applications and outcome parameters influenced by VR are less clear. ObjectiveThis review aimed to systematically identify all outcome parameters that are reported in relation to VR in patients with chronic pain. MethodsA total of 4 electronic databases (PubMed, Scopus, Web of Science, and Embase) were searched for relevant studies. Multilevel random-effect meta-analyses were performed, whereby the standardized mean difference was chosen as the effect size to denote the difference between measurements before and after a VR intervention. ResultsThe initial database search identified 1430 studies, of which 41 (2.87%) were eventually included in the systematic review. Evidence has been found for the effects of VR on pain, functioning, mobility, functional capacity, psychological outcomes, quality of life, neuropsychological outcomes, and physical sensations. The overall effect size (a total of 194 effect sizes from 25 studies) based on a three level meta-analysis was estimated at 1.22 (95% CI 0.55-1.89; z=3.56; P<.001), in favor of improvements after a VR intervention. When categorizing effect sizes, the overall effect sizes were reported as follows: 1.60 (95% CI 0.83-2.36; z=4.09; P<.001) for the effect of VR on pain (n=31), 1.40 (95% CI 0.13-2.67; z=2.17; P=.03) for functioning (n=60), 0.49 (95% CI −0.71 to 1.68; z=0.80; P=.42) for mobility (n=24), and 0.34 (95% CI −1.52 to 2.20; z=0.36; P=.72) for functional capacity (n=21). ConclusionsThis systematic review revealed a broad range of outcome variables influenced by an intervention of VR technology, with statistically significant pain relief and improvements in functioning. These findings indicate that VR not only has applications in acute pain management but also in chronic pain settings, whereby VR might be able to become a promising first-line intervention as complementary therapy for patients with chronic pain. Trial RegistrationPROSPERO International Prospective Register of Systematic Reviews CRD42021227016; https://www.crd.york.ac.uk/prospero/display_record.php?RecordID=22701