Wind Symphony

Center for the Performing Arts April 28, 2018 Saturday Evening 8:00p.m

It's TEEtime: A New Architecture Bringing Sovereignty to Smartphones

Modern smartphones are complex systems in which control over phone resources is exercised by phone manufacturers, OS vendors, and users. These stakeholders have diverse and often competing interests. Barring some exceptions, users entrust their security and privacy to OS vendors (Android and iOS) and need to accept their constraints. Manufacturers protect their firmware and peripherals from the OS by executing in the highest privilege and leveraging dedicated CPUs and TEEs. OS vendors need to trust the highest privileged code deployed by manufacturers. This division of control over the phone is not ideal for OS vendors and is even more disadvantageous for the users. Users are generally limited in what applications they can install on their devices, in the privacy model and trust assumptions of the existing applications, and in the functionalities that applications can have. We propose TEEtime, a new smartphone architecture based on trusted execution allowing to balance the control different stakeholders exert over phones. More leveled control over the phone means that no stakeholder is more privileged than the others. In particular, TEEtime makes users sovereign over their phones: It enables them to install sensitive applications in isolated domains with protected access to selected peripherals alongside an OS. TEEtime achieves this while maintaining compatibility with the existing smartphone ecosystem and without relying on virtualization; it only assumes trust in a phone's firmware. TEEtime is the first TEE architecture that allows isolated execution domains to gain protected and direct access to peripherals. TEEtime is based on Armv8-A and achieves peripheral isolation using a novel mechanism based on memory and interrupt controller protection. We demonstrate the feasibility of our design by implementing a prototype of TEEtime, and by running exemplary sensitive applications

ACAI: Protecting Accelerator Execution with Arm Confidential Computing Architecture

Trusted execution environments in several existing and upcoming CPUs demonstrate the success of confidential computing, with the caveat that tenants cannot securely use accelerators such as GPUs and FPGAs. In this paper, we reconsider the Arm Confidential Computing Architecture (CCA) design, an upcoming TEE feature in Armv9-A, to address this gap. We observe that CCA offers the right abstraction and mechanisms to allow confidential VMs to use accelerators as a first-class abstraction. We build ACAI, a CCA-based solution, with a principled approach of extending CCA security invariants to device-side access to address several critical security gaps. Our experimental results on GPU and FPGA demonstrate the feasibility of ACAI while maintaining security guarantees.Comment: Extended version of the Usenix Security 2024 pape

Personal Protective Equipment and Risk for Avian Influenza (H7N3)

An outbreak of avian influenza (H7N3) among poultry resulted in laboratory-confirmed disease in 1 of 103 exposed persons. Incomplete use of personal protective equipment (PPE) was associated with conjunctivitis and influenza-like symptoms. Rigorous use of PPE by persons managing avian influenza outbreaks may reduce exposure to potentially hazardous infected poultry materials

Gifted children with ADHD: how are they different from non-gifted children with ADHD?

The present study focused on inattention and hyperactivity/impulsivity differences of gifted children with and without attention deficit-hyperactivity disorder (ADHD). Based on clinical assessment utilizing the Anxiety Disorders Interview Schedule for Children (ADISC-IV) and the Wechsler Intelligence Scale for Children—Fourth Edition, attendees of a public outpatient child service (boys = 359, girls = 148), with mean age 10.60 years (SD = 3.08 years), were allocated into four groups: ADHD (N = 350), gifted (N = 15), gifted/ADHD (N = 18), and clinical controls (N = 124). The Strengths and Weaknesses of ADHD-Symptoms and Normal Behavior Scale dimensionally assessed inattention and hyperactivity/impulsivity variations. Compared to the gifted/ADHD group, the ADHD group had higher scores for inattention and comparable scores for hyperactivity/impulsivity. For most symptoms, the ADHD groups (gifted or not) rated higher than the non-ADHD groups (control and gifted without ADHD). Findings appeared to indicate that (i) ADHD is a valid diagnosis among children who are gifted, (ii) gifted children might tend to be less inattentive than non-gifted ADHD children, and (iii) ADHD-gifted children appear to differ from the non-ADHD-gifted children with regard to specific hyperactive and impulsive behaviors. The practical implication of these findings is that clinicians may wish to focus on these symptoms when diagnosing ADHD among children with high intelligence

Writing-Intensive Courses: Possible Criteria, National Patterns, and Resources

The Grants for the Study of Writing in the Disciplines (WID Grants) program provides financial and consultative support for UMN faculty and instructors who want to learn more about how writing is conceptualized, taught, and learned (or unlearned) in the disciplines.Bridwell-Bowles, Lillian; Kuhne, Michael; Cullen, Elaine; Lynch, Kimberly; Olson, Mark. (1994). Writing-Intensive Courses: Possible Criteria, National Patterns, and Resources. Retrieved from the University Digital Conservancy, https://hdl.handle.net/11299/254620

It’s TEEtime: Bringing User Sovereignty to Smartphones

The majority of smartphones either run iOS or Android operating systems. This has created two distinct ecosystems largely controlled by Apple and Google - they dictate which applications can run, how they run, and what kind of phone resources they can access. Barring some exceptions in Android where different phone manufacturers may have influence, users, developers, and governments are left with little control. Specifically, users need to entrust their security and privacy to OS vendors and accept the functionality constraints they impose. Given the wide use of Android and iOS, immediately leaving these ecosystems is not practical, except in niche application areas. In this work, we propose a new smartphone architecture that securely transfers the control over the smartphone back to the users while maintaining compatibility with the existing smartphone ecosystems. Our architecture, named TEEtime, is based on ARMv8 and implements novel, TEE-based, resource and interrupt isolation mechanisms which allow the users to flexibly choose which resources (including peripherals) to dedicate to different isolated domains, namely, to legacy OSs and to user's proprietary software. We show the feasibility of our design by implementing a prototype of TEEtime on an ARM emulator