Security Vulnerabilities of SGX and Countermeasures

Trusted Execution Environments (TEEs) have been widely used in many security-critical applications. The popularity of TEEs derives from its high security and trustworthiness supported by secure hardware. Intel Software Guard Extensions (SGX) is one of the most representative TEEs that creates an isolated environment on an untrusted operating system, thus providing run-time protection for the execution of security-critical code and data. However, Intel SGX is far from the acme of perfection. It has become a target of various attacks due to its security vulnerabilities. Researchers and practitioners have paid attention to the security vulnerabilities of SGX and investigated optimization solutions in real applications. Unfortunately, existing literature lacks a thorough review of security vulnerabilities of SGX and their countermeasures. In this article, we fill this gap. Specifically, we propose two sets of criteria for estimating security risks of existing attacks and evaluating defense effects brought by attack countermeasures. Furthermore, we propose a taxonomy of SGX security vulnerabilities and shed light on corresponding attack vectors. After that, we review published attacks and existing countermeasures, as well as evaluate them by employing our proposed criteria. At last, on the strength of our survey, we propose some open challenges and future directions in the research of SGX security.

Download Full-text

Automatic Vulnerability Detection in Embedded Devices and Firmware

ACM Computing Surveys ◽

10.1145/3432893 ◽

2021 ◽

Vol 54 (2) ◽

pp. 1-42

Author(s):

Abdullah Qasem ◽

Paria Shirani ◽

Mourad Debbabi ◽

Lingyu Wang ◽

Bernard Lebel ◽

...

Keyword(s):

Embedded Systems ◽

Symbolic Execution ◽

Vital Role ◽

Security And Privacy ◽

Embedded Devices ◽

Security Vulnerabilities ◽

Future Directions ◽

Hybrid Approaches ◽

Wide Range ◽

The Internet Of Things

In the era of the internet of things (IoT), software-enabled inter-connected devices are of paramount importance. The embedded systems are very frequently used in both security and privacy-sensitive applications. However, the underlying software (a.k.a. firmware) very often suffers from a wide range of security vulnerabilities, mainly due to their outdated systems or reusing existing vulnerable libraries; which is evident by the surprising rise in the number of attacks against embedded systems. Therefore, to protect those embedded systems, detecting the presence of vulnerabilities in the large pool of embedded devices and their firmware plays a vital role. To this end, there exist several approaches to identify and trigger potential vulnerabilities within deployed embedded systems firmware. In this survey, we provide a comprehensive review of the state-of-the-art proposals, which detect vulnerabilities in embedded systems and firmware images by employing various analysis techniques, including static analysis, dynamic analysis, symbolic execution, and hybrid approaches. Furthermore, we perform both quantitative and qualitative comparisons among the surveyed approaches. Moreover, we devise taxonomies based on the applications of those approaches, the features used in the literature, and the type of the analysis. Finally, we identify the unresolved challenges and discuss possible future directions in this field of research.

Download Full-text

A Robot Operating System Framework for Secure UAV Communications

Sensors ◽

10.3390/s21041369 ◽

2021 ◽

Vol 21 (4) ◽

pp. 1369

Author(s):

Hyojun Lee ◽

Jiyoung Yoon ◽

Min-Seong Jang ◽

Kyung-Joon Park

Keyword(s):

Operating System ◽

Unmanned Aerial Vehicles ◽

Ground Control ◽

Unmanned Aerial System ◽

Security Framework ◽

Security Vulnerabilities ◽

Robot Operating System ◽

Security Issues ◽

Aerial Vehicles ◽

Ground Control Station

To perform advanced operations with unmanned aerial vehicles (UAVs), it is crucial that components other than the existing ones such as flight controller, network devices, and ground control station (GCS) are also used. The inevitable addition of hardware and software to accomplish UAV operations may lead to security vulnerabilities through various vectors. Hence, we propose a security framework in this study to improve the security of an unmanned aerial system (UAS). The proposed framework operates in the robot operating system (ROS) and is designed to focus on several perspectives, such as overhead arising from additional security elements and security issues essential for flight missions. The UAS is operated in a nonnative and native ROS environment. The performance of the proposed framework in both environments is verified through experiments.

Download Full-text

Evolution of Cancer Vaccines—Challenges, Achievements and Future Directions

Vaccines ◽

10.3390/vaccines9050535 ◽

2021 ◽

Vol 9 (5) ◽

pp. 535

Author(s):

Ban Qi Tay ◽

Quentin Wright ◽

Rahul Ladwa ◽

Christopher Perry ◽

Graham Leggatt ◽

...

Keyword(s):

Cancer Vaccines ◽

New Drugs ◽

Delivery Methods ◽

Future Directions ◽

The Past ◽

New Directions ◽

Tumour Antigens ◽

Target Characteristics ◽

Toxic Responses ◽

Shed Light

The development of cancer vaccines has been intensively pursued over the past 50 years with modest success. However, recent advancements in the fields of genetics, molecular biology, biochemistry, and immunology have renewed interest in these immunotherapies and allowed the development of promising cancer vaccine candidates. Numerous clinical trials testing the response evoked by tumour antigens, differing in origin and nature, have shed light on the desirable target characteristics capable of inducing strong tumour-specific non-toxic responses with increased potential to bring clinical benefit to patients. Novel delivery methods, ranging from a patient’s autologous dendritic cells to liposome nanoparticles, have exponentially increased the abundance and exposure of the antigenic payloads. Furthermore, growing knowledge of the mechanisms by which tumours evade the immune response has led to new approaches to reverse these roadblocks and to re-invigorate previously suppressed anti-tumour surveillance. The use of new drugs in combination with antigen-based therapies is highly targeted and may represent the future of cancer vaccines. In this review, we address the main antigens and delivery methods used to develop cancer vaccines, their clinical outcomes, and the new directions that the vaccine immunotherapy field is taking.

Download Full-text

Targeting the IGF-1R in prostate and colorectal cancer: reasons behind trial failure and future directions

Therapeutic Delivery ◽

10.4155/tde-2021-0060 ◽

2022 ◽

Author(s):

Muhammad Tufail ◽

Changxin Wu

Keyword(s):

Colorectal Cancer ◽

Monoclonal Antibodies ◽

Predictive Biomarkers ◽

Cancer Growth ◽

Pharmaceutical Companies ◽

Future Directions ◽

System Complexity ◽

Deadly Disease ◽

Trial Failure ◽

Shed Light

IGF-1Rs enact a significant part in cancer growth and its progress. IGF-1R inhibitors were encouraged in the early trials, but the patients did not benefit due to the unavailability of predictive biomarkers and IGF-1R system complexity. However, the linkage between IGF-1R and cancer was reported three decades ago. This review will shed light on the IGF-1R system, targeting IGF-1R through monoclonal antibodies, reasons behind IGF-1R trial failure and future directions. This study presented that targeting IGF-1R through monoclonal antibodies is still effective in cancer treatment, and there is a need to look for future directions. Cancer patients may benefit from using mAbs that target existing and new cancer targets, evidenced by promising results. It is also essential that the academician, trial experts and pharmaceutical companies play their role in finding a treatment for this deadly disease.

Download Full-text

CURRENT CHALLENGES AND FUTURE DIRECTIONS FOR SUSTAINABLE HEALTH DEVELOPMENT

RIMAK International Journal of Humanities and Social Sciences ◽

10.47832/2717-8293.4-3.34 ◽

2021 ◽

Vol 3 (4) ◽

pp. 354-363

Author(s):

Reham Ershaid Sami NUSAIR ◽

Omar Jamil Ahmad MUQEDI

Keyword(s):

Health Care Services ◽

Health Development ◽

Future Directions ◽

Healthy Development ◽

Care Services ◽

Social And Economic Development ◽

The Subject ◽

Descriptive Approach ◽

Sustainable Health ◽

Shed Light

Health has become one of the most important concerns in the field of development in various societies, as it is one of the most important factors contributing to achieving sustainable development, because healthy development represents an important element in the process of social and economic development, where real development cannot be achieved without improving health conditions. This study aims to identify the concept of sustainable health development, and the factors that contribute to achieving it, and its future directions, as well as an add value research related to health service facilities and the challenges that prevent achieving sustainability. The two researchers adopted the descriptive approach and deductive analysis of sustainability indicators, by reviewing many scientific sources related to the subject of the study in order to shed light on the sustainable design of health care services

Download Full-text

Persistent Homology, Regimes and Climate Data

10.5194/egusphere-egu21-12462 ◽

2021 ◽

Author(s):

Kristian Strommen ◽

Nina Otter ◽

Matthew Chantry ◽

Joshua Dorrington

Keyword(s):

Dynamical Systems ◽

State Of The Art ◽

Persistent Homology ◽

Topological Invariants ◽

Climate Data ◽

Future Directions ◽

Atlantic Sector ◽

Linear Dynamical Systems ◽

Markovian Dynamics ◽

Shed Light

<p>The concept of weather or climate 'regimes' have been studied since the 70s, to a large extent because of the possibility they offer of truncating complicated dynamics to vastly simpler, Markovian, dynamics. Despite their attraction, detecting them in data is often problematic, and a unified definition remains nebulous. We argue that the crucial common feature across different dynamical systems with regimes is the non-trivial topology of the underlying phase space. Such non-trivial topology can be detected in a robust and explicit manner using persistent homology, a powerful new tool to compute topological invariants in arbitrary datasets. We show some state of the art examples of the application of persistent homology to various non-linear dynamical systems, including real-world climate data, and show how these techniques can shed light on questions such as how many regimes there really are in e.g. the Euro-Atlantic sector. Future directions are also discussed.</p>

Download Full-text

The “Art” in Mentoring Women Faculty at Historically Black Colleges/Universities

Faculty Mentorship at Historically Black Colleges and Universities - Advances in Educational Marketing, Administration, and Leadership ◽

10.4018/978-1-5225-4071-7.ch005 ◽

2018 ◽

pp. 79-96

Author(s):

Susan Smith ◽

Cassandra Sligh Conway

Keyword(s):

Historically Black ◽

Fine Arts ◽

Black Colleges ◽

Women Faculty ◽

Historically Black Colleges ◽

Future Directions ◽

Mentoring Women ◽

Shed Light

The literature on mentoring women in certain fields like Fine Arts is scant. Therefore, in this chapter the authors shed light on personal mentoring opportunities at an HBCU environment. The purpose of this effort is to do the following: 1) review the mentoring literature; 2) provide the research available on mentoring women in Fine Arts; 3) provide solutions, recommendations, and future directions to administrators, faculty, stakeholders, that can impact mentoring opportunities and initiatives provided to women and minorities in the academy.

Download Full-text

Improving the Security of Storage Systems

Cyber Law, Privacy, and Security ◽

10.4018/978-1-5225-8897-9.ch038 ◽

2019 ◽

pp. 796-829

Author(s):

Wasan Awad ◽

Hanin Mohammed Abdullah

Keyword(s):

Cyber Security ◽

Storage Systems ◽

Assessment Model ◽

Security Threats ◽

Risk Matrix ◽

Security Risks ◽

Security Systems ◽

Security Vulnerabilities ◽

File Storage ◽

Local Storage

Developing security systems to protect the storage systems are needed. The main objective of this paper is to study the security of file storage server of an organization. Different kinds of security threats and a number of security techniques used to protect information will be examined. Thus, in this paper, an assessment plan for evaluating cyber security of local storage systems in organizations is proposed. The assessment model is based on the idea of cyber security domains and risk matrix. The proposed assessment model has been implemented on two prestigious and important organizations in the Kingdom of Bahrain. Storage systems of the assessed organizations found to have cyber security risks of different scales. This conclusion gives certainty to the fact that organizations are not capable of following the cyber security evolution and secure their storage systems from cyber security vulnerabilities and breaches. Organizations with local storage systems can improve the cyber security of their storage systems by applying certain techniques.

Download Full-text

Pharmacotherapy of anxiety and related disorders

Landmark Papers in Psychiatry ◽

10.1093/med/9780198836506.003.0009 ◽

2020 ◽

pp. 147-164

Author(s):

Dan J. Stein

Keyword(s):

Clinical Trials ◽

Anxiety Disorder ◽

Mental Disorders ◽

Randomized Clinical Trials ◽

Generalized Anxiety ◽

Obsessive Compulsive ◽

Future Directions ◽

Compulsive Disorder ◽

Translational Models ◽

Shed Light

Anxiety disorders are the most prevalent of the mental disorders, and good translational models of these conditions encourage pharmacotherapy studies. This chapter discusses six randomized clinical trials that have contributed significantly to the pharmacotherapy of anxiety and related disorders, including generalized anxiety disorder, panic disorder, obsessive-compulsive disorder, and social anxiety disorder. Although any such list is necessarily incomplete, these selections may shed light on early and ongoing challenges in the field and on key advances to date. After reviewing these foundational papers, the advances they represent, and the work that they have given impetus to, the chapter closes by considering future directions in work on the pharmacotherapy of anxiety and related disorders.

Download Full-text

Information Security Policies for Networkable Devices

Encyclopedia of Information Ethics and Security ◽

10.4018/978-1-59140-987-8.ch055 ◽

2011 ◽

pp. 370-376

Author(s):

Julia Kotlarsky ◽

Ilan Oshri ◽

Corey Hirsch

Keyword(s):

Operating System ◽

Information Security ◽

Smart Phones ◽

Security Threats ◽

Security Risks ◽

Software Applications ◽

Direct Damage ◽

Business Operations ◽

Home Entertainment ◽

New Challenges

Recent years have seen a surge in the introduction of networkable Windows-based operating system (NWOS) devices. Some examples are home entertainment systems (e.g., Xbox), smart phones (e.g., Motorola i930 and PlamOne’s Treo), and Pocket PC (e.g., Toshiba e850). While NWOS devices present an appealing proposition for both software vendors and buyers in terms of the flexibility to add supplementary software applications, such devices also introduce new challenges in terms of managing information security risks. NWOS devices are particularly vulnerable to information security threats because of the vendors’ and buyers’ lack of awareness of the security risks associated with such devices. In addition to the direct damage to business operations that an infected NWOS device might cause, other consequences may also include alienated customers and a tarnished reputation (Austin & Darby, 2003).

Download Full-text