Secure Applications Deployment in trusted Many-core ...

Recommend Documents

Trusted Computing using Enhanced Manycore ...

reasons, Cipher1 cannot be used in CBC-MAC mode for authentication of the session key because its output would need to be connected to the external data ...

Secure & Trusted Communication in Emergency ...

T. Levin et al. in [1] proposed a system for secure dis- tribution and ..... [1] Timothy E. Levin, Cynthia E. Irvine, Terry V. Benzel, Thuy D. Nguyen,. Paul C. Clark and ...

Secure Deployment of Components

These banks wanted customers that carried their credit cards to re- ceive assistance ..... Once a component is allowed inside a fortress it gains access to all other.

The Trusted Function in Secure Decentralized Processing

nal given. Model. The mode16 is made ..... Kent [16] has discussed at some length the choice of a cipher ..... Trust channel (argune”tchanne l). user: password. +.

Secure Deployment of Components

generic components for free thereby reducing the cost and time required for ... infrastructure in the deployment chain, we apply S-CODEP to eliminate these links. .... tion process with I by sending a message encrypted with the shared key KAI ...

Secure VPN Deployment in GPRS Mobile

are no official guidelines, especially, for mobile networks. ... In Fig.1, the enhanced GPRS network architecture ... Figure 1: GPRS system architecture.

Secure VPN Deployment in GPRS Mobile

describes the IPsec protocol suite and the VPN technol- ogy. In section ... rity solutions for IP networks exist. ..... Another solution to the TCP incompatibility prob-.

Secure Deployment of SmartGrid Equipment

is not known a signature on the init server's information cannot be verified. ... digital signature [7] used by key K. To prove the TPM's .... US Patent App. 11/094,840.

Auto-Tuning Support for Manycore Applications ... - CiteSeerX

software hierarchy, including operating systems, compilers, and applications. In particular, performance optimization becomes more dif- ficult because of the ...

J2EE Applications DEployment - CiteSeerX

655 avenue de l'Europe , Montbonnot Saint Martin ... such application management by providing automatic scripting-based deployment and configuration tools. ... ponents (providing them with non-functional properties) which mainly interact ...

Avoiding Dark Cloud: Secure Storage and Trusted

Searchable encryption is one of the technique believed to be suitable ...... the server but the server provides the interface for uploading/downloading files. The server also ... Virtual Machine Communication with Hosts or other VMs: Virtu-.

The Deployment of Trusted Digital Volunteers in the 2011 Shadow ...

Anticipating the Unexpected: Is the Bureaucracy Able to Come to the Dance? Working Paper. Sydney ... (How) Will the Revolution be Retweeted?: Information ...

Lenovo-Building Trusted, Secure Data Center Products

Study showed the average cost of a data breach to a ... "2015 Cost of Data Breach Study: Global. Analysis .... digital s

Secure and trusted white-box verification

May 12, 2016 - mechanic would figure out anyways given some time, such as which part is ..... Eval(1K,Certificate) = 1 if and only if both of the following hold:.

Secure and Trusted in-network Data Processing in Wireless Sensor ...

tributed processing could have several advantages for wireless sensor networks. First of all, in WSN computation is typically much less energy consuming than ...

Trusted Computing and Secure Virtualization in Cloud ... - SODA

7 Aug 2012 ... In order the verify the implementability of the proposed protocol, ... virtualization environments project, a joint research project between SICS ...

Trusted Computing: The Cornerstone in the Secure ...

James Gosling, Bill Joy, and Guy Steele. The Java Language Specification. ... Gunter Carl A., Homeier Peter, Nettles Scott. Infrastructure for Proof-Referencing.

Secure Routing Through Trusted Nodes in Wireless Sensor ... - IJARCET

International Journal of Advanced Research in Computer Engineering ... security challenges and do routing in a secure and ...... Telecommunication System,.

Aspects of Trusted and Secure Business-Oriented VO Management in ...

that are actually defined in contracts and SLA's may ..... contract and the business processes. ..... http://www.developer.com/services/article.php/2171031.

Secure web applications?

are many flaws in web security [7] which result in malicious activities in business, education and other areas. Because of this, web applications security becomes one of the main topics. Because of constant increase of companies that are developing w

Cisco Secure Access Control Server Deployment Guide

OWASP Secure Medical Device Deployment Standard Christopher ...

Mar 20, 2017 - One of the best ways to preserve the security of any healthcare ... devices may need to connect to update

Regression Test Selection for Trusted Database Applications

S4. If (n

Secure Virtual Enclaves: Supporting Coalition ... - DNSSEC Deployment

RMI, or Microsoft's DCOM. The SVE ... organizations may join or leave over the lifetime of the ... access to a particular resource may also change over time.

Secure Applications Deployment in trusted Many-core ...

Download PDF

3 downloads 0 Views 895KB Size Report

Comment

[2] Guanciale, et al., âCache Storage Channels: Alias-Driven Attacks and Verified Countermeasures,â in IEEE Symposium on Security and Privacy, 2016.

Physical Isolation against cache-based Side-Channel Attacks on NoC-based architectures Maria Méndez Real, Vincent Migliore, Vianney Lapotre, Guy Gogniat Univ. Bretagne Sud, Lab-STICC, [email protected]

Motivation • •

Cache-based Side-Channel Attacks (SCA) Access-driven attacks • Shared data • Analyzing its own performance • Determining the cache lines or sets accessed by the victim • Deducing sensitive information

Hardware platform is trusted Trusted and untrusted processes executing in parallel Possible attacks - Confidentiality - Integrity - Denial of services

SoA Cache-based SCA countermeasures • SW : - Modifying the implementation of sensitive applications [1] • HW : - Disabling cacheability - Flushing the cache before each context switching [2] - Redesigning caches -> partitioned cache [3] - Two separate virtual worlds on the same processor [4]

Sharing resources –> Vulnerabilities

Physical Isolation for sensitive applications

Implementation through virtual prototyping: OVP-based MPSoCSim • • •

• Physically isolated execution in a secure zone (SZ) -> No resources sharing within the secure zone ! The NoC is considered secure • A set of services for the controller responsible for the dynamic deployment and handling of secure zones: - Monitoring - Resource allocation - SZ management

4*4 NoC -> 60 PE + 1 controller Matrix multiplications Implementation of two different strategies: 1. static optimum secure zone size 2. static limited size 3. dynamic size secure zones

Different compared scenarios: a. Baseline scenario b. One isolated application arriving at the beginning of the execution

c. One isolated application arriving at the middle of the execution d. Several isolated applications (3/5)

Experimental results

Negligible when no load

The dynamic strategy entails the highest overhead on the controller services

The dynamic strategy leverages the performance of non isolated applications

The dynamic strategy achieves the highest resource utilization rate [1] ] J. Blomer and V. Krummel, “Analysis of Countermeasures Against Access Driven Cache Attacks on AES,” Selected Areas in Cryptography, vol. 4876, pp. 96–109, 2007. [2] Guanciale, et al., “Cache Storage Channels: Alias-Driven Attacks and Verified Countermeasures,” in IEEE Symposium on Security and Privacy, 2016. [3] Wang and R. B. Lee, “New Cache Designs for Thwarting Software Cache-based Side Channel Attacks,” in IEEE Symposium on Computer Architecture (ISCA), 2007, pp. 494–505. [4] www.arm.com/products/processors/technologies/trustzone/