Trusted execution environments leveraging reconfigurable FPGA technology

Compartmentalization techniques like Trusted Execution Environments (TEEs) are a well-established security strategy to provide increasing integrity and confidentiality for applications, from the edge to the cloud. TEEs are used to protect sensitive data and run security-critical applications on secure execution environments, isolated from the rest of the system. Notwithstanding, over the last few years, TEEs have been proven weak, as either TEEs built upon security-oriented hardware extensions (Arm TrustZone, Intel SGX) or resorting to dedicated secure elements were exploited multiple times. We present and discuss a novel TEE design that leverages reconfigurable FPGA technology. The main novelty relies on leveraging the programmable logic (PL) to create secure enclaves by instantiating a customized and dedicated security processor per application on a per-need basis. Unlike other TEE designs, our approach can provide high-bandwidth connections and physical on-chip isolation. We present a proof-of-concept (PoC) implementation targeting a Xilinx Zynq Ultrascale+ based platform and we detail how our design is interoperable with existing TEE stacks and compliant with the GlobalPlatform specification. To demonstrate the practicability of our approach in real-world applications, we run a legacy open-source bitcoin wallet.This work has been supported by FCT - Fundação para a Ciência e Tecnologia (FCT) within the R&D Units Project Scope UIDB/00319/2020 and grant SFRH/BD/145209/2019

Selected Topics in Numerical Methods for Cosmology

The large amount of cosmological data already available (and in the near future) makes necessary the development of efficient numerical codes. Many software products have been implemented to perform cosmological analyses considering one or few probes. The need of multi-task software is rapidly increasing, in order to combine numerous cosmological probes along with their specificity (e.g., astrophysical descriptions and systematic errors). In this work we mention some of these libraries, bringing out some challenges they will face in the few-percent error era (on the cosmological parameters). We review some concepts of the standard cosmological model, and examine some specific topics on their implementation, bringing, for example, the discussion on how some quantities are numerically defined in different codes. We also consider implementation differences between public codes, mentioning their advantages/disadvantages.Comment: 23 pages, 3 figures. Contribution to the 3rd Jos\'e Pl\'inio Baptista School on Cosmology held in 2016 in Pedra Azul, Esp\'irito Santo, Brazil. Submitted to Univers

APES: Approximate Posterior Ensemble Sampler

This paper proposes a novel approach to generate samples from target distributions that are difficult to sample from using Markov Chain Monte Carlo (MCMC) methods. Traditional MCMC algorithms often face slow convergence due to the difficulty in finding proposals that suit the problem at hand. To address this issue, the paper introduces the Approximate Posterior Ensemble Sampler (APES) algorithm, which employs kernel density estimation and radial basis interpolation to create an adaptive proposal, leading to fast convergence of the chains. The APES algorithm's scalability to higher dimensions makes it a practical solution for complex problems. The proposed method generates an approximate posterior probability that closely approximates the desired distribution and is easy to sample from, resulting in smaller autocorrelation times and a higher probability of acceptance by the chain. In this work, we compare the performance of the APES algorithm with the affine invariance ensemble sampler with the stretch move in various contexts, demonstrating the efficiency of the proposed method. For instance, on the Rosenbrock function, the APES presented an autocorrelation time 140 times smaller than the affine invariance ensemble sampler. The comparison showcases the effectiveness of the APES algorithm in generating samples from challenging distributions. This paper presents a practical solution to generating samples from complex distributions while addressing the challenge of finding suitable proposals. With new cosmological surveys set to deal with many new systematics, which will require many new nuisance parameters in the models, this method offers a practical solution for the upcoming era of cosmological analyses.Comment: 15 pages, 6 figures, 7 table

A first look at RISC-V virtualization from an embedded systems perspective

This article describes the first public implementation and evaluation of the latest version of the RISC-V hypervisor extension (H-extension v0.6.1) specification in a Rocket chip core. To perform a meaningful evaluation for modern multi-core embedded and mixedcriticality systems, we have ported Bao, an open-source static partitioning hypervisor, to RISC-V. We have also extended the RISC-V platformlevel interrupt controller (PLIC) to enable direct guest interrupt injection with low and deterministic latency and we have enhanced the timer infrastructure to avoid trap and emulation overheads. Experiments were carried out in FireSim, a cycle-accurate, FPGA-accelerated simulator, and the system was also successfully deployed and tested in a Zynq UltraScale+ MPSoC ZCU104. Our hardware implementation was opensourced and is currently in use by the RISC-V community towards the ratification of the H-extension specification.This work has been supported by FCT - undação para a Ciência e a Tecnologia within the R&D Units Project Scope: UIDB/00319/2020. This work has also been supported by FCT within the PhD Scholarship Project Scope: SFRH/BD/138660/2018