scholarly journals Isolation without taxation: near-zero-cost transitions for WebAssembly and SFI

2022 ◽  
Vol 6 (POPL) ◽  
pp. 1-30
Author(s):  
Matthew Kolosick ◽  
Shravan Narayan ◽  
Evan Johnson ◽  
Conrad Watt ◽  
Michael LeMay ◽  
...  
Keyword(s):  
Trusted Computing ◽  
Fault Isolation ◽  
Third Party ◽  
Logical Relation ◽  
Secure Systems ◽  
Context Switching ◽  
Function Calls ◽  
Trusted Computing Base ◽  
Significant Performance ◽  
Almost All

Software sandboxing or software-based fault isolation (SFI) is a lightweight approach to building secure systems out of untrusted components. Mozilla, for example, uses SFI to harden the Firefox browser by sandboxing third-party libraries, and companies like Fastly and Cloudflare use SFI to safely co-locate untrusted tenants on their edge clouds. While there have been significant efforts to optimize and verify SFI enforcement, context switching in SFI systems remains largely unexplored: almost all SFI systems use heavyweight transitions that are not only error-prone but incur significant performance overhead from saving, clearing, and restoring registers when context switching. We identify a set of zero-cost conditions that characterize when sandboxed code has sufficient structured to guarantee security via lightweight zero-cost transitions (simple function calls). We modify the Lucet Wasm compiler and its runtime to use zero-cost transitions, eliminating the undue performance tax on systems that rely on Lucet for sandboxing (e.g., we speed up image and font rendering in Firefox by up to 29.7% and 10% respectively). To remove the Lucet compiler and its correct implementation of the Wasm specification from the trusted computing base, we (1) develop a static binary verifier , VeriZero, which (in seconds) checks that binaries produced by Lucet satisfy our zero-cost conditions, and (2) prove the soundness of VeriZero by developing a logical relation that captures when a compiled Wasm function is semantically well-behaved with respect to our zero-cost conditions. Finally, we show that our model is useful beyond Wasm by describing a new, purpose-built SFI system, SegmentZero32, that uses x86 segmentation and LLVM with mostly off-the-shelf passes to enforce our zero-cost conditions; our prototype performs on-par with the state-of-the-art Native Client SFI system.

Utilizing Nanoprobing and Circuit Diagnostics to Identify Key Failure Mechanism of Otherwise Nonvisible Defects in 20 nm Logic Devices

2014 ◽  
Author(s):  
M.K. Dawood ◽  
C. Chen ◽  
P.K. Tan ◽  
S. James ◽  
P.S. Limin ◽  
...  
Keyword(s):  
Failure Analysis ◽  
Contact Layer ◽  
Fault Isolation ◽  
Tem Analysis ◽  
Logic Devices ◽  
Technology Advancement ◽  
Transmission Electron ◽  
Voltage Contrast ◽  
Almost All ◽  
20 Nm

Abstract In this work, we present two case studies on the utilization of advanced nanoprobing on 20nm logic devices at contact layer to identify the root cause of scan logic failures. In both cases, conventional failure analysis followed by inspection of passive voltage contrast (PVC) failed to identify any abnormality in the devices. Technology advancement makes identifying failure mechanisms increasingly more challenging using conventional methods of physical failure analysis (PFA). Almost all PFA cases for 20nm technology node devices and beyond require Transmission Electron Microscopy (TEM) analysis. Before TEM analysis can be performed, fault isolation is required to correctly determine the precise failing location. Isolated transistor probing was performed on the suspected logic NMOS and PMOS transistors to identify the failing transistors for TEM analysis. In this paper, nanoprobing was used to isolate the failing transistor of a logic cell. Nanoprobing revealed anomalies between the drain and bulk junction which was found to be due to contact gouging of different severities.

Enkev Beheer BV (of the Netherlands) v. Republic of Poland

ICSID Reports ◽  
2021 ◽  
Vol 19 ◽  
pp. 630-648
Keyword(s):  
Due Process ◽  
The State ◽  
Third Party ◽  
Waiting Period ◽  
Content Type ◽  
Fair And Equitable Treatment ◽  
Just Compensation ◽  
Default Rules ◽  
Equitable Treatment ◽  
Almost All

630Procedure — Addition of a party — Conditional application — UNCITRAL Rules, Article 22 — UNCITRAL Rules, Article 17 — Whether the UNCITRAL Rules or lex loci arbitri allowed for applications to be made conditional on a tribunal’s future decision — Whether the application was consistent with the State’s procedural rights — Whether the amendment to a claim under Article 22 of the UNCITRAL Rules allowed for the addition of a third party as claimantJurisdiction — Investment — Shares — Whether an investor’s shares and rights derived from those shares were protected investments under the BITJurisdiction — Investment — Assets of subsidiary — Whether profits, goodwill or know-how of a local subsidiary constituted investments of the investor protected by the BITJurisdiction — Consent — Cooling-off period — Premature claims — Whether the investor had communicated its own claims rather than those of its local subsidiary — Whether the investor’s failure to comply with a waiting period of six months under the BIT required a tribunal to deny jurisdiction or admissibility — Whether the negotiation of a local subsidiary’s dispute in good faith was relevant to jurisdiction over a foreign investor’s claimsInterpretation — Cooling-off period — VCLT, Article 31 — Object and purpose — Whether the object and purpose of the BIT required a tribunal not to adopt a strict or formalistic interpretation of the waiting period of six monthsRemedies — Declaratory award — Interpretation — Just compensation — Whether the tribunal had jurisdiction under the BIT to make a declaratory award on the interpretation and application of the term “just compensation”Jurisdiction — Dispute — Whether the tribunal had jurisdiction under the BIT to advise the parties of an imminent disputeExpropriation — Direct deprivation — Shares — Rights derived from shares — Whether the State directly deprived the investor of its rights as a shareholder in its local subsidiaryExpropriation — Indirect deprivation — Shares — Rights derived from shares — Whether the shares had lost all or almost all significant commercial value — Whether the measures were adopted in the public interest — Whether due process had been followed — Whether there were any undertakings by the StateExpropriation — Interpretation — “Just compensation” — Whether there was any difference between the terms of the BIT and general international law — Whether the meaning of just compensation could be determined in the abstract631Fair and equitable treatment — Whether the impending expropriation constituted a breach of the standard of fair and equitable treatment — Whether the claim concerned the investor’s rights derived from sharesFull protection and security — Whether the State failed to protect an investment from expropriation by local authorities — Whether the claim concerned the investor’s rights derived from sharesUmbrella clause — Whether there was any assurance directed at the investor that created any legal obligations — Whether the claim concerned the investor’s rights derived from sharesCosts — Arbitration costs — Variation by agreement — UNCITRAL Rules — Whether the terms of the BIT varied the default rules for the allocation of arbitration costs

scholarly journals Threats and Vulnerabilities to IoT End Devices Architecture and suggested remedies

2020 ◽  
Vol 8 (6) ◽  
pp. 5712-5718
Keyword(s):  
Decision Making ◽  
Internet Of Things ◽  
Data Processing ◽  
Trusted Computing ◽  
External World ◽  
Security Threats ◽  
Iot Applications ◽  
Trusted Computing Base ◽  
Chain Of Trust ◽  
New Challenges

Due to decentralization of Internet of Things(IoT) applications and anything, anytime, anywhere connectivity has increased burden of data processing and decision making at IoT end devices. This overhead initiated new bugs and vulnerabilities thus security threats are emerging and presenting new challenges on these end devices. IoT End Devices rely on Trusted Execution Environments (TEEs) by implementing Root of trust (RoT) as soon as power is on thus forming Chain of trust (CoT) to ensure authenticity, integrity and confidentiality of every bit and byte of Trusted Computing Base (TCB) but due to un-trusted external world connectivity and security flaws such as Spectre and meltdown vulnerabilities present in the TCB of TEE has made CoT unstable and whole TEE are being misutilized. This paper suggests remedial solutions for the threats arising due to bugs and vulnerabilities present in the different components of TCB so as to ensure the stable CoT resulting into robust TEE.

Examining the effectiveness of phishing filters against DNS based phishing attacks

2015 ◽  
Vol 23 (3) ◽  
pp. 333-346 ◽  
Author(s):  
Swapan Purkait
Keyword(s):  
Design Methodology ◽  
Third Party ◽  
Web Browsers ◽  
Web Browser ◽  
Content Type ◽  
Phishing Attacks ◽  
White List ◽  
Hypertext Transfer Protocol ◽  
Security Indicators ◽  
Almost All

Purpose – This paper aims to report on research that tests the effectiveness of anti-phishing tools in detecting phishing attacks by conducting some real-time experiments using freshly hosted phishing sites. Almost all modern-day Web browsers and antivirus programs provide security indicators to mitigate the widespread problem of phishing on the Internet. Design/methodology/approach – The current work examines and evaluates the effectiveness of five popular Web browsers, two third-party phishing toolbar add-ons and seven popular antivirus programs in terms of their capability to detect locally hosted spoofed websites. The same tools have also been tested against fresh phishing sites hosted on Internet. Findings – The experiments yielded alarming results. Although the success rate against live phishing sites was encouraging, only 3 of the 14 tools tested could successfully detect a single spoofed website hosted locally. Originality/value – This work proposes the inclusion of domain name system server authentication and verification of name servers for a visiting website for all future anti-phishing toolbars. It also proposes that a Web browser should maintain a white list of websites that engage in online monetary transactions so that when a user requires to access any of these, the default protocol should always be HTTPS (Hypertext Transfer Protocol Secure), without which a Web browser should prevent the page from loading.

Multi-Antenna Data Collector for Smart Metering Networks with Integrated Source Separation by Spatial Filtering

Frequenz ◽  
2016 ◽  
Vol 70 (3-4) ◽  
Author(s):  
Philipp Quednau ◽  
Ralph Trommer ◽  
Lorenz-Peter Schmidt
Keyword(s):  
Urban Areas ◽  
Spatial Filtering ◽  
Party Systems ◽  
Wireless Transmission ◽  
Third Party ◽  
Smart Metering ◽  
Rural And Urban Areas ◽  
Transmission Problems ◽  
Rural And Urban ◽  
Almost All

AbstractWireless transmission systems in smart metering networks share the advantage of lower installation costs due to the expandability of separate infrastructure but suffer from transmission problems. In this paper the issue of interference of wireless transmitted smart meter data with third party systems and data from other meters is investigated and an approach for solving the problem is presented. A multi-channel wireless m-bus receiver was developed to separate the desired data from unwanted interferers by spatial filtering. The according algorithms are presented and the influence of different antenna types on the spatial filtering is investigated. The performance of the spatial filtering is evaluated by extensive measurements in a realistic surrounding with several hundreds of active wireless m-bus transponders. These measurements correspond to the future environment for data-collectors as they took place in rural and urban areas with smart gas meters equipped with wireless m-bus transponders installed in almost all surrounding buildings.

scholarly journals Composite Enclaves: Towards Disaggregated Trusted Execution

2021 ◽  
pp. 630-656
Author(s):  
Moritz Schneider ◽  
Aritra Dhar ◽  
Ivan Puddu ◽  
Kari Kostiainen ◽  
Srdjan Čapkun
Keyword(s):  
Case Studies ◽  
Large Scale ◽  
Trusted Computing ◽  
Design Time ◽  
Wide Range ◽  
Trusted Computing Base ◽  
Recent Developments ◽  
Configurable Hardware ◽  
Low Performance ◽  
Specialized Hardware

The ever-rising computation demand is forcing the move from the CPU to heterogeneous specialized hardware, which is readily available across modern datacenters through disaggregated infrastructure. On the other hand, trusted execution environments (TEEs), one of the most promising recent developments in hardware security, can only protect code confined in the CPU, limiting TEEs’ potential and applicability to a handful of applications. We observe that the TEEs’ hardware trusted computing base (TCB) is fixed at design time, which in practice leads to using untrusted software to employ peripherals in TEEs. Based on this observation, we propose composite enclaves with a configurable hardware and software TCB, allowing enclaves access to multiple computing and IO resources. Finally, we present two case studies of composite enclaves: i) an FPGA platform based on RISC-V Keystone connected to emulated peripherals and sensors, and ii) a large-scale accelerator. These case studies showcase a flexible but small TCB (2.5 KLoC for IO peripherals and drivers), with a low-performance overhead (only around 220 additional cycles for a context switch), thus demonstrating the feasibility of our approach and showing that it can work with a wide range of specialized hardware.

scholarly journals Formal Verification of a Mandatory Integrity Control Model for the KasperskyOS Operating System

2020 ◽  
Vol 32 (6) ◽  
pp. 31-48
Author(s):  
Vladimir Sergeevich Burenkov
Keyword(s):  
Operating System ◽  
Formal Verification ◽  
Operating Systems ◽  
Trusted Computing ◽  
Control Model ◽  
Discrete Mathematics ◽  
Active Components ◽  
Access To Resources ◽  
Trusted Computing Base ◽  
Automated Proof

Models of mandatory integrity control in operating systems usually restrict accesses of active components of a system to passive ones and represent the accesses directly. This is suitable in case of monolithic operating systems whose components that provide access to resources are part of the trusted computing base. However, due to the sheer complexity of such components, it is extremely nontrivial to prove such a model to be adequate to the real system. KasperskyOS is a microkernel operating system that organizes access to resources via components that are not necessarily part of the trusted computing base. KasperskyOS implements a specifically developed mandatory integrity control model that takes such components into account. This paper formalizes the model and describes the process of automated proof of the model’s properties. For formalization, we use the Event-B language. We clarify parts specific to Event-B to make our presentation accessible to professionals familiar with discrete mathematics but not necessarily with Event-B. We reflect on the proof experience obtained in the Rodin platform.

Sign in / Sign up

Export Citation Format

Share Document