SGXIO: Generic Trusted I/O Path for Intel SGX

Application security traditionally strongly relies upon security of the underlying operating system. However, operating systems often fall victim to software attacks, compromising security of applications as well. To overcome this dependency, Intel introduced SGX, which allows to protect application code against a subverted or malicious OS by running it in a hardware-protected enclave. However, SGX lacks support for generic trusted I/O paths to protect user input and output between enclaves and I/O devices. This work presents SGXIO, a generic trusted path architecture for SGX, allowing user applications to run securely on top of an untrusted OS, while at the same time supporting trusted paths to generic I/O devices. To achieve this, SGXIO combines the benefits of SGX's easy programming model with traditional hypervisor-based trusted path architectures. Moreover, SGXIO can tweak insecure debug enclaves to behave like secure production enclaves. SGXIO surpasses traditional use cases in cloud computing and makes SGX technology usable for protecting user-centric, local applications against kernel-level keyloggers and likewise. It is compatible to unmodified operating systems and works on a modern commodity notebook out of the box. Hence, SGXIO is particularly promising for the broad x86 community to which SGX is readily available.Comment: To appear in CODASPY'1

Simulation des écoulements à surface libre dans les turbines Pelton par une méthode hybride SPH-ALE

International audienceAn Arbitrary Lagrange Euler (ALE) description of fluid flows is used together with the meshless numerical method Smoothed Particle Hydrodynamics (SPH) to simulate free surface flows. The ALE description leads to an hybrid method that can be closely connected to the finite volume approach. It is then possible to adapt some common techniques like upwind schemes and preconditioning to remedy some of the well known drawbacks of SPH like stability and accuracy. An efficient boundary treatment based on a proper upwinding of fluid information at the boundary surface is settled. The resulting SPH-ALE numerical method is applied to simulate free surface flows encountered in Pelton turbines.La méthode numérique sans maillage Smoothed Particle Hydrodynamics (SPH) est modifiée par l'adoption d'une description Arbitrary Lagrange Euler (ALE) des écoulements fluides, dans le but de simuler des écoulements à surface libre. Le formalisme ALE conduit à une méthode numérique hybride s'apparentant sur de nombreux points à une approche volumes finis. Il est alors possible d'adapter des techniques numériques courantes comme les schémas décentrés et le préconditionnement pour résoudre certains défauts majeurs de la méthode SPH, comme la stabilité numérique ou le manque de précision. Par ailleurs, le traitement des conditions limites est réalisé par un décentrement approprié des informations fluides sur les surfaces frontières. La méthode numérique SPH-ALE résultante est appliquée à la simulation d'écoulements à surface libre tels que ceux rencontrés dans les turbines Pelton

Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

Actigraphy in Human African Trypanosomiasis as a Tool for Objective Clinical Evaluation and Monitoring: A Pilot Study

The clinical picture of the parasitic disease human African trypanosomiasis (HAT, also called sleeping sickness) is dominated by sleep alterations. We here used actigraphy to evaluate patients affected by the Gambiense form of HAT. Actigraphy is based on the use of battery-run, wrist-worn devices similar to watches, widely used in middle-high income countries for ambulatory monitoring of sleep disturbances. This pilot study was motivated by the fact that the use of polysomnography, which is the gold standard technology for the evaluation of sleep disorders and has greatly contributed to the objective identification of signs of disease in HAT, faces tangible challenges in resource-limited countries where the disease is endemic. We here show that actigraphy provides objective data on the severity of sleep-wake disturbances that characterize HAT. This technique, which does not disturb the patient's routine activities and can be applied at home, could therefore represent an interesting, non-invasive tool for objective HAT clinical assessment and long-term monitoring under field conditions. The use of this method could provide an adjunct marker of HAT severity and for treatment follow-up, or be evaluated in combination with other disease biomarkers in body fluids that are currently under investigation in many laboratories

Simple Nudges for Better Password Creation

Recent security breaches have highlighted the consequences of reusing passwords across online accounts. Recent guidance on password policies by the UK government recommend an emphasis on password length over an extended character set for generating secure but memorable passwords without cognitive overload. This paper explores the role of three nudges in creating website-specific passwords: financial incentive (present vs absent), length instruction (long password vs no instruction) and stimulus (picture present vs not present). Mechanical Turk workers were asked to create a password in one of these conditions and the resulting passwords were evaluated based on character length, resistance to automated guessing attacks, and time taken to create the password. We found that users created longer passwords when asked to do so or when given a financial incentive and these longer passwords were harder to guess than passwords created with no instruction. Using a picture nudge to support password creation did not lead to passwords that were either longer or more resistant to attacks but did lead to account-specific passwords

A Blockchain-Assisted Hash-Based Signature Scheme

We present a server-supported, hash-based digital signature scheme. To achieve greater efficiency than current state of the art, we relax the security model somewhat. We postulate a set of design requirements, discuss some approaches and their practicality, and finally reach a forward-secure scheme with only modest trust assumptions, achieved by employing the concepts of authenticated data structures and blockchains. The concepts of blockchain authenticated data structures and the presented blockchain design could have independent value and are worth further research