691 Hits in 1e+01 sec

A Wake-up Call: Managing Data in an Untrusted World

Divyakant Agrawal, Amr El Abbadi
2020 IEEE Data Engineering Bulletin  
management in general.  ...  Although the database community has always considered fault-tolerance as an integral building block of data management (remember "D" in ACID is for Durability), we still have trouble accepting the fact  ...  These efforts go in both directions, i.e., to extend support for untrusted infrastructures in diverse data management contexts, as well as exploiting data management techniques in diverse novel and non-traditional  ... 
dblp:journals/debu/AgrawalA20 fatcat:4svnawkuanayro64dla2l2p3ga

Java call control, coordination, and transactions

R. Jain, F.M. Anjum, P. Missier, S. Shastry
2000 IEEE Communications Magazine  
Note that in this context a call refers to a multimedia, multiparty, multiprotocol communications session.  ...  The JAIN community is defining an API for Java Call Control and Java Coordination and Transactions.  ...  An example is a hotel wake-up call service, where the application program rings the guest's phone and connects him or her to an operator or automatic playback device.  ... 
doi:10.1109/35.815460 fatcat:nn2nywhrxng25kqu4u5npp36d4

Secured Routines: Language-based Construction of Trusted Execution Environments

Adrien Ghosn, James R. Larus, Edouard Bugnion
2019 USENIX Annual Technical Conference  
We extend the Go language to allow a programmer to execute a goroutine within an enclave, to use low-overhead channels to communicate between the trusted and untrusted environments, and to rely on a compiler  ...  TEEs provide a new and valuable hardware functionality that has no obvious analogue in programming languages, which means that developers must manually partition their application into trusted and untrusted  ...  This work was funded in part by a VMware Research Grant.  ... 
dblp:conf/usenix/GhosnLB19 fatcat:6aw2jafurzecpon65b4qleabqe

Hardware-Assisted On-Demand Hypervisor Activation for Efficient Security Critical Code Execution on Mobile Devices

Yeongpil Cho, Jun-Bum Shin, Donghyun Kwon, MyungJoo Ham, Yuna Kim, Yunheung Paek
2016 USENIX Annual Technical Conference  
To alleviate these problems, in this paper, we propose a hybrid approach that utilizes both TrustZone and a hypervisor.  ...  Although a number of studies have implemented TEEs using TrustZone or hypervisors and have evinced the effectiveness in terms of security, they face major challenges when considering deployment in mobile  ...  In a multi-core environment, as each core has an independent execution environment, the OSP core wakes the other cores and initializes them as well.  ... 
dblp:conf/usenix/ChoSKHKP16 fatcat:3dwlyjno6reevacolur6blvp7e


Youngjin Kwon, Alan M. Dunn, Michael Z. Lee, Owen S. Hofmann, Yuanzhong Xu, Emmett Witchel
2016 ACM SIGOPS Operating Systems Review  
By associating trusted metadata with user data across all system devices, Sego verifies system services more efficiently than previous systems, especially services that depend on data contents.  ...  Sego is a hypervisor-based system that gives strong privacy and integrity guarantees to trusted applications, even when the guest operating system is compromised or hostile.  ...  Sego (and many similar systems) manage secure data in fixed-sized units we call secure pages (S-pages). S-page data and metadata can reside in a processor's cache, in RAM, or in persistent storage.  ... 
doi:10.1145/2954680.2872372 fatcat:7av4aw6rknb6toob2pkiijmcpu


Le Guan, Peng Liu, Xinyu Xing, Xinyang Ge, Shengzhi Zhang, Meng Yu, Trent Jaeger
2017 Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services - MobiSys '17  
In this paper, we propose a new system, TrustShadow that shields legacy applications from untrusted OSes.  ...  In the secure world, TrustShadow constructs a trusted execution environment for security-critical applications.  ...  (vii) We modified the code handling signals in order to set up a signal stack in the marshaling buffer and make it ready for an HAP.  ... 
doi:10.1145/3081333.3081349 dblp:conf/mobisys/GuanLXGZYJ17 fatcat:xadmj7sfrvhcvlz6llhlp2xyga

An enhanced approach for data sharing security in cloud computing

Ibtissam Ennajjar, Youness Tabii, Abdelhamid Benkaddour
2016 International Journal of Cloud Computing  
As more and more sensitive data and personal information placed in the cloud, security concerns grow up.  ...  Customers can outsource a huge number of data in cloud without having to worry about the capacity of memory or the size of data as cloud system manage the scalability of servers needed to contains your  ...  What was a wake-up call for researchers to extend it and produce other concepts based on it such as KP-ABE, CP-ABE, HABE, HASBE and MAABE.  ... 
doi:10.1504/ijcc.2016.080045 fatcat:wds2b5bo4nb2jpxjdvj6yxcbmq

Building a Trustworthy Execution Environment to Defeat Exploits from both Cyber Space and Physical Space for ARM

Le Guan, Chen Cao, Peng Liu, Xinyu Xing, Xinyang Ge, Shengzhi Zhang, Meng Yu, Trent Jaeger
2018 IEEE Transactions on Dependable and Secure Computing  
When an encrypted data page is accessed, it is transparently decrypted to a page in the internal RAM, which is immune to physical exploits.  ...  Rather, it forwards them to the untrusted normal-world OS, and verifies the returns.  ...  The runtime manages the page tables for applications locally in an isolated secure environment, and ensures their virtual memory cannot be accessed by an untrusted OS outside the environment.  ... 
doi:10.1109/tdsc.2018.2861756 fatcat:cge7n5y2fbfu5duj6zgqn5gre4


Nico Weichbrodt, Pierre-Louis Aublin, Rüdiger Kapitza
2018 Proceedings of the 19th International Middleware Conference on - Middleware '18  
This is achieved by offering trusted execution contexts, so called enclaves, that enable confidentiality and integrity protection of code and data even from privileged software and physical attacks.  ...  Third, it demonstrates how we used sgx-perf in four non-trivial SGX workloads to increase their performance by up to 2.16x.  ...  In addition, the logger overloads the four specific synchronisation ocalls of the SDK: (i) sleep, (ii) wake up one, (iii) wake up multiple and (iv) wake up one and sleep.  ... 
doi:10.1145/3274808.3274824 dblp:conf/middleware/WeichbrodtAK18 fatcat:aslxkx46g5bk5ju3nevuhjtgy4

Evaluation of network trust using provenance based on distributed local intelligence

Gulustan Dogan, Theodore Brown, Kannan Govindan, Hasan Khan Mohammad Maifi, Tarek Abdelzaher, Prasant Mohapatra, Jin-Hee Cho
2011 2011 - MILCOM 2011 Military Communications Conference  
As our system allows reconfigurations, initiatives taken by the intermediate nodes such as replacement of untrusted nodes will enhance the network trust in mission critical situations faster than a centralized  ...  Provenance can play a significant role in a military information system for supporting the calculation of information trust.  ...  The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official polices, either expressed or implied, of the Army Research Laboratory  ... 
doi:10.1109/milcom.2011.6127517 dblp:conf/milcom/DoganBGMAMC11 fatcat:lrwlqlbgvvaj7pnraampcrgiza

Virtual device passthrough for high speed VM networking

Stefano Garzarella, Giuseppe Lettieri, Luigi Rizzo
2015 2015 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS)  
Our work includes two key features not present in previous related works with comparable performance: we provide a high speed path also to untrusted VMs, and do not require dedicated polling cores/threads  ...  Supporting network I/O at high packet rates in virtual machines is fundamental for the deployment of Cloud data centers and Network Function Virtualization.  ...  Real world, data touching applications as data source and sink would be up to one order of magnitude slower than ptnetmap, and their use would transform the experiments in a benchmark of the source/sink  ... 
doi:10.1109/ancs.2015.7110124 dblp:conf/ancs/GarzarellaLR15 fatcat:45k6ax4m4rc2tmbehbwi4pswem

(Mostly) Exitless VM Protection from Untrusted Hypervisor through Disaggregated Nested Virtualization

Zeyu Mi, Dingji Li, Haibo Chen, Binyu Zang, Haibing Guan
2020 USENIX Security Symposium  
This paper presents CloudVisor-D, an efficient nested hypervisor design that embraces both strong protection and high performance.  ...  By leveraging recent hardware features, most privileged operations from a guest VM require no VM exits to the nested hypervisor, which are the major sources of performance slowdown in prior designs.  ...  Acknowledgments We sincerely thank our shepherd Vasileios Kemerlis and all the anonymous reviewers who have reviewed this paper in the past two years. We also would like to thank Xinran Wang  ... 
dblp:conf/uss/MiLCZG20 fatcat:vtwaxm6k4nduhdh2uoyiwn5uhm

RFID Guardian: A Battery-Powered Mobile Device for RFID Privacy Management [chapter]

Melanie R. Rieback, Bruno Crispo, Andrew S. Tanenbaum
2005 Lecture Notes in Computer Science  
However, a world in which practically everything is tagged and can be read at a modest distance by anyone who wants to buy an RFID reader introduces serious security and privacy issues.  ...  To protect people in this environment, we propose developing a compact, portable, electronic device called an RFID Guardian, which people can carry with them.  ...  In this paper, we suggest a new approach for personal security and privacy management called the RFID Guardian.  ... 
doi:10.1007/11506157_16 fatcat:mqsjfgltynebnmpemnlt4pomgu

Slick: Secure Middleboxes using Shielded Execution [article]

Bohdan Trach, Alfred Krohmer, Sergei Arnautov, Franz Gregor, Pramod Bhatotia, Christof Fetzer
2019 arXiv   pre-print
However, middleboxes that process confidential and private data cannot be securely deployed in the untrusted environment of the cloud.  ...  Slick leverages SCONE (a shielded execution framework based on Intel SGX) and DPDK to securely process confidential data at line rate.  ...  When there are no system calls for a long time, they back-o (i.e. yield the CPU). ey wake up from back-o periodically, and as result, they preempt in-enclave threads.  ... 
arXiv:1709.04226v2 fatcat:z5dfluok3bfy3ic3vzzfr7g4nu

Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX

Chia-che Tsai, Donald E. Porter, Mona Vij
2017 USENIX Annual Technical Conference  
code modification an implicit prerequisite to adopting SGX.  ...  The performance overheads of Graphene-SGX range from matching a Linux process to less than 2× in most single-process cases; these overheads are largely attributable to current SGX hardware or missed opportunities  ...  This work was supported in part by NSF grants CNS-1149229, CNS-1161541, CNS-1228839, CNS-1405641, VMware, and an SGX pre-release equipment loan from Intel.  ... 
dblp:conf/usenix/TsaiPV17 fatcat:j6lmif4edrc4zaiwxf64wdtrzu
« Previous Showing results 1 — 15 out of 691 results