scholarly journals Protecting Security-Sensitive Data Using Program Transformation and Trusted Execution Environment

2021 ◽  
Author(s):  
Anter Abdu Alhag Ali Faree ◽  
Yongzhi Wang
Keyword(s):  
Program Transformation ◽  
Trusted Computing ◽  
Control Flow ◽  
Public Cloud ◽  
Sensitive Data ◽  
New Approach ◽  
The Public ◽  
Trusted Computing Base ◽  
Execution Environment ◽  
Trusted Execution Environment

Abstract Cloud computing allows clients to upload their sensitive data to the public cloud and perform sensitive computations in those untrusted areas, which drives to possible violations of the confidentiality of client sensitive data. Utilizing Trusted Execution Environments (TEEs) to protect data confidentiality from other software is an effective solution. TEE is supported by different platforms, such as Intel’s Software Guard Extension (SGX). SGX provides a TEE, called an enclave, which can be used to protect the integrity of the code and the confidentiality of data. Some efforts have proposed different solutions in order to isolate the execution of security-sensitive code from the rest of the application. Unlike our previous work, CFHider, a hardware-assisted method that aimed to protect only the confidentiality of control flow of applications, in this study, we develop a new approach for partitioning applications into security-sensitive code to be run in the trusted execution setting and cleartext code to be run in the public cloud setting. Our approach leverages program transformation and TEE to hide security-sensitive data of the code. We describe our proposed solution by combining the partitioning technique, program transformation, and TEEs to protect the execution of security-sensitive data of applications. Some former works have shown that most applications can run in their entirety inside trusted areas such as SGX enclaves, and that leads to a large Trusted Computing Base (TCB). Instead, we analyze three case studies, in which we partition real Java applications and employ the SGX enclave to protect the execution of sensitive statements, therefore reducing the TCB. We also showed the advantages of the proposed solution and demonstrated how the confidentiality of security-sensitive data is protected.

scholarly journals Bluethunder: A 2-level Directional Predictor Based Side-Channel Attack against SGX

2019 ◽  
pp. 321-347
Author(s):  
Tianlin Huo ◽  
Xiaoni Meng ◽  
Wenhao Wang ◽  
Chunliang Hao ◽  
Pei Zhao ◽  
...  
Keyword(s):  
Branch Prediction ◽  
Control Flow ◽  
Side Channel ◽  
Side Channel Attack ◽  
Fine Grained ◽  
Private Key ◽  
High Bandwidth ◽  
Execution Environment ◽  
The Cost ◽  
Trusted Execution Environment

Software Guard Extension (SGX) is a hardware-based trusted execution environment (TEE) implemented in recent Intel commodity processors. By isolating the memory of security-critical applications from untrusted software, this mechanism provides users with a strongly shielded environment called enclave for executing programs safely. However, recent studies have demonstrated that SGX enclaves are vulnerable to side-channel attacks. In order to deal with these attacks, several protection techniques have been studied and utilized.In this paper, we explore a new pattern history table (PHT) based side-channel attack against SGX named Bluethunder, which can bypass existing protection techniques and reveal the secret information inside an enclave. Comparing to existing PHT-based attacks (such as Branchscope [ERAG+18]), Bluethunder abuses the 2-level directional predictor in the branch prediction unit, on top of which we develop an exploitation methodology to disclose the input-dependent control flow in an enclave. Since the cost of training the 2-level predictor is pretty low, Bluethunder can achieve a high bandwidth during the attack. We evaluate our attacks on two case studies: extracting the format string information in the vfprintf function in the Intel SGX SDK and attacking the implementation of RSA decryption algorithm in mbed TLS. Both attacks show that Bluethunder can recover fine-grained information inside an enclave with low training overhead, which outperforms the latest PHT-based side channel attack (Branchscope) by 52×. Specifically, in the second attack, Bluethunder can recover the RSA private key with 96.76% accuracy in a single run.

scholarly journals SoftME: A Software-Based Memory Protection Approach for TEE System to Resist Physical Attacks

2019 ◽  
Vol 2019 ◽  
pp. 1-12 ◽  
Author(s):  
Meiyu Zhang ◽  
Qianying Zhang ◽  
Shijun Zhao ◽  
Zhiping Shi ◽  
Yong Guan
Keyword(s):  
Prototype System ◽  
Sensitive Data ◽  
Embedded Devices ◽  
Memory Space ◽  
Memory Protection ◽  
System Overhead ◽  
Execution Environment ◽  
On Chip ◽  
The Internet Of Things ◽  
Trusted Execution Environment

The development of the Internet of Things has made embedded devices widely used. Embedded devices are often used to process sensitive data, making them the target of attackers. ARM TrustZone technology is used to protect embedded device data from compromised operating systems and applications. But as the value of the data stored in embedded devices increases, more and more effective physical attacks have emerged. However, TrustZone cannot resist physical attacks. We propose SoftME, an approach that utilizes the on-chip memory space to provide a trusted execution environment for sensitive applications. We protect the confidentiality and integrity of the data stored on the off-chip memory. In addition, we design task scheduling in the encryption process. We implement a prototype system of our approach on the development board supporting TrustZone and evaluate the overhead of our approach. The experimental results show that our approach improves the security of the system, and there is no significant increase in system overhead.

scholarly journals StealthDB: a Scalable Encrypted Database with Full SQL Query Support

2019 ◽  
Vol 2019 (3) ◽  
pp. 370-388 ◽  
Author(s):  
Dhinakaran Vinayagamurthy ◽  
Alexey Gribov ◽  
Sergey Gorbunov
Keyword(s):  
High Performance ◽  
Trusted Computing ◽  
Database Systems ◽  
Sensitive Data ◽  
Garbled Circuits ◽  
Cryptographic Algorithms ◽  
Trusted Computing Base ◽  
Encrypted Database ◽  
Security Guarantees ◽  
Sql Query

Abstract Encrypted database systems provide a great method for protecting sensitive data in untrusted infrastructures. These systems are built using either special-purpose cryptographic algorithms that support operations over encrypted data, or by leveraging trusted computing co-processors. Strong cryptographic algorithms (e.g., public-key encryptions, garbled circuits) usually result in high performance overheads, while weaker algorithms (e.g., order-preserving encryption) result in large leakage profiles. On the other hand, some encrypted database systems (e.g., Cipherbase, TrustedDB) leverage non-standard trusted computing devices, and are designed to work around the architectural limitations of the specific devices used. In this work we build StealthDB – an encrypted database system from Intel SGX. Our system can run on any newer generation Intel CPU. StealthDB has a very small trusted computing base, scales to large transactional workloads, requires minor DBMS changes, and provides a relatively strong security guarantees at steady state and during query execution. Our prototype on top of Postgres supports the full TPC-C benchmark with a 30% decrease in the average throughput over an unmodified version of Postgres operating on a 2GB unencrypted dataset.

A Review on Load Balancing Model Using Best Partition Technique

2017 ◽  
Vol 7 (8) ◽  
pp. 284
Author(s):  
M. Chaitanya ◽  
K. Durga Charan
Keyword(s):  
Cloud Computing ◽  
Fault Tolerance ◽  
Load Balancing ◽  
Load Balance ◽  
Large Impact ◽  
Cloud Environment ◽  
Public Cloud ◽  
The Public ◽  
Partition Technique ◽  
Textual Content

Load balancing makes cloud computing greater knowledgeable and could increase client pleasure. At reward cloud computing is among the all most systems which offer garage of expertise in very lowers charge and available all the time over the net. However, it has extra vital hassle like security, load administration and fault tolerance. Load balancing inside the cloud computing surroundings has a large impact at the presentation. The set of regulations relates the sport idea to the load balancing manner to amplify the abilties in the public cloud environment. This textual content pronounces an extended load balance mannequin for the majority cloud concentrated on the cloud segregating proposal with a swap mechanism to select specific strategies for great occasions.

scholarly journals The Solved Conflict: Pope Francis and Liberation Theology

2021 ◽  
Author(s):  
Ole Jakob Løland
Keyword(s):  
Cold War ◽  
Liberation Theology ◽  
Latin American ◽  
Catholic Church ◽  
New Approach ◽  
Pope Francis ◽  
Post Cold War ◽  
The Public ◽  
Gustavo Gutierrez ◽  
Global Church

AbstractThe battle for meaning and influence between Latin American liberations theologians and the Vatican was one of the most significant conflicts in the global Catholic church of the twentieth century. With the election of the Argentinean Jorge Mario Bergoglio as head of the global church in 2013, the question about the legacy of liberation theology was actualized. The canonization of Archbishop Oscar Romero and the pope’s approximation to the public figure of Gustavo Gutiérrez signaled a new approach to the liberation theology movement in the Vatican. This article argues that Pope Francis shares some of the main theological concerns as pontiff with liberation theology. Although the pope remains an outsider to liberation theology, he has in a sense solved the conflict between the Vatican and the Latin American social movement. Through an analysis of ecclesial documents and theological literature, his can be discerned on three levels. First, Pope Francis’ use of certain theological ideas from liberation theology has been made possible and less controversial by post-cold war contexts. Second, Pope Francis has contributed to the solution of this conflict through significant symbolic gestures rather than through a shift of official positions. Third, as Pope Francis, the Argentinian Jorge Mario Bergoglio has appropriated certain elements that are specific to liberation theology without acknowledging his intellectual debt to it.

People's security — today's challenges of a new approach to policing: Working experience of the Community Security Initiative (CSI) project in Kyrgyzstan 2011

2012 ◽  
Vol 23 (1) ◽  
pp. 57-63 ◽  
Author(s):  
Markus Mueller ◽  
Axel Ostlund
Keyword(s):  
Neutral Position ◽  
Police Reform ◽  
Political Will ◽  
New Approach ◽  
Local Staff ◽  
The Public ◽  
Communication Interaction ◽  
Interethnic Conflict ◽  
Police Ethics ◽  
Special Project

AbstractFor several years the OSCE has attempted to lobby and forge the political will to develop police reform in Kyrgyzstan. In June 2010 its police did not have the capacity to anticipate and prevent destabilisation and to maintain a neutral position in the management of the interethnic conflict. The fact that ethnic minorities are significantly underrepresented in the police contributed to this. As a result, the population's trust further deteriorated from an already existing critically low level. The then incumbent Transitional Government understood the need to support the police in restoring trust and confidence and hence requested the OSCE's assistance. A special project called the Community Security Initiative was created and a team of 28 international police advisors, supported by 21 local staff, deployed in January 2011 in twelve sensitive police stations including Osh. Using a new approach to communication/interaction these advisors try to change the perception of both the police and the population when addressing and resolving daily security problems in the communities. This requires a new and inventive approach putting peoples' security in the forefront. The main objective of CSI is to support the Kyrgyz Government in three main areas: improving relations between the police and the public, supporting and advising the MOI in respecting police ethics standards including human rights, and providing support and advice in the area of multiethnic policing.

Sign in / Sign up

Export Citation Format

Share Document