architectural requirements for intransitive trust and
play

Architectural Requirements for Intransitive Trust and - PowerPoint PPT Presentation

Jul 29, 2023 •129 likes •266 views

Architectural Requirements for Intransitive Trust and Fault-and-Intrusion Tolerance Marcus Vlp University of Luxembourg Interdisciplinary Centre for Security, Reliability and Trust CritiX Critical and Extreme Security and Dependability

  1. Architectural Requirements for Intransitive Trust and Fault-and-Intrusion Tolerance Marcus Völp University of Luxembourg Interdisciplinary Centre for Security, Reliability and Trust CritiX – Critical and Extreme Security and Dependability Research Group PEARL Grant FNR/P14/8149128 – Paulo Esteves-Veríssimo We are hiring marcus.voelp@uni.lu PhDs/Postdocs! http://wwwen.uni.lu/snt/people/marcus_voelp

  2. The world is becoming infrastructure-centric ISP Re-identifying de-identified data ISP Identifying persons from 1000-Genomes database (2013) • Y chromosome is transmitted from father to son, as are familY surnames, • this strong correlation allowed to reveal the identitY behind 131 genomes! 2

  3. Attack sophistication vs. attacker expertise High At t a t t ackers TARGETED Bot Net s ATTACKS a.k.a. “ st ealt alt h” / adv advan anced d scanni nning ng t echni hnique ues ADVANCED Em be bedde dded d packet spoof pac poofin ing m al alic iciou ous de denial of ial of PERSISTENT code ode service DDO DDOS sniffers THREATS at at t ac acks w w w w w w sw eeper ers Required at at t ac acks au aut om om at at ed d pr probe obes/ scan ans attacker GUI expertise bac back door doors net w or ork m gm gm t . diagn diagnos ost ic ics disabli dis abling au g audit dit s hij ac acking g Available bu burglar glarie ies se sessi ssions attack exploit ploit ing k g know ow n vuln lnerabili abilit ies sophistication passw or pas ord d crac ackin ing self-repli plicat at ing c g code ode pas passw or ord d gu guessin ing At t a t t acks Low 1 9 8 5 1 9 9 0 1 9 9 5 2 0 0 0 2 0 xx… 1 9 8 0 (Source: Adapted from Lipson, H. F., Tracking and Tracing Cyber-Attacks: Technical Challenges and Global Policy Issues, Special Report CMS/SEI-2002-SR-009, November 2002. (CERT) 3

  4. The functionality/code size dilemma • Application scenarios require systems to provide a certain set of functionalities … e - e - low latency Control Control Control Control ESP / ABS ESP / ABS V2V / V2I V2V / V2I driving … lane keeping distance image processing trajectory situation recognition / planning platoon joining / leaving navigation complexity / computation demand adapted from: Urmson et al. “Autonomous driving in urban environments: Boss and the urban challenge,” Journal of Field Robotics ‘08 Dagstuhl Seminar 17061 - Wildly Heterogeneous Post-CMOS Technologies Meet Software - Marcus Völp (marcus.voelp@uni.lu) 4

  5. The functionality/code size dilemma • Application scenarios require systems to provide a certain set of functionalities … • … but to implement these functionalities we need a certain amount of code – even if development time and costs don’t matter; and – even if you only use high-class developers 5-13 PY • RTOS ca. 5 KLOC formal • Microkernel 10 – 15 KLOC verification • Legacy OS 15 – 50 MLOC • Chou et al. (SOSP’01): one bug every 1000 lines of code Dagstuhl Seminar 17061 - Wildly Heterogeneous Post-CMOS Technologies Meet Software - Marcus Völp (marcus.voelp@uni.lu) 5

  6. The functionality/code size dilemma Microkernel-/Microhypervisor Enclaves Based Systems Monolithic Operating Systems Apps. Apps. Apps. Enclave Enclave Apps. Apps. Apps. Apps. Apps. Apps. Management Operating System Legacy Operating System (Linux) Legacy Apps. Enclave Enclave Operating Filesystem Network Network Filesystem Drivers Drivers System Microkernel / Microhypervisor Memory Memory (Linux) Scheduling Threads Scheduling Threads Enclave Provider Mechanisms Policies Hardware (Multi- / Manycore ) Hardware (Multi- / Manycore ) Hardware (Enclave Provider) ~15-50 million LOC ~15 kLOC ? Dagstuhl Seminar 17061 - Wildly Heterogeneous Post-CMOS Technologies Meet Software - Marcus Völp (marcus.voelp@uni.lu) 6

  7. From transitive trust … secure secure App App legacy Player App App Legacy OS Resource Mgmt Net FS Driver Dagstuhl Seminar 17061 - Wildly Heterogeneous Post-CMOS Technologies Meet Software - Marcus Völp (marcus.voelp@uni.lu) 7

  8. … to intransitive trust secure secure App App legacy Player App App Legacy OS Codec Resource Mgmt Stub VPFS FS En-/Decryption Driver Framebuffer Mgr. • Weinhold et al., “ jVPFS: Adding Robustness to a Secure Stacked File System with Untrusted Local Storage Components”, USENIX ATC, 2011 • Singaravelu et al., “ Reducing TCB Complexity for Security-Sensitive Applications: Three Case Studies” , Eurosys, 2006 … • Dagstuhl Seminar 17061 - Wildly Heterogeneous Post-CMOS Technologies Meet Software - Marcus Völp (marcus.voelp@uni.lu) 8

  9. … to intransitive trust legacy Player App App Legacy OS secure secure Codec App App Resource Mgmt Stub VPFS FS En-/Decryption Driver Framebuffer Mgr. • Weinhold et al., “ jVPFS: Adding Robustness to a Secure Stacked File Inktag System with Untrusted Local Storage Components”, USENIX ATC, 2011 M3 Intel SGX Hoffmann et al. ‘13 • Singaravelu et al., “ Reducing TCB Complexity for Security-Sensitive Manycore + DTUs microhypervisor Applications: Three Case Studies” , Eurosys, 2006 … • Asmussen, Völp, … ARM Trustzone / … ASPLOS ‘16 Dagstuhl Seminar 17061 - Wildly Heterogeneous Post-CMOS Technologies Meet Software - Marcus Völp (marcus.voelp@uni.lu) 9

  10. … to intransitive trust legacy secure Player App What we know: App App • isolation fault A ≠> fault B Legacy OS VPFS VPFS VPFS VPFS VPFS VPFS • diversity Resource Mgmt • rejuvenation Stub Vote FS En-/Decryption Driver Inktag M3 Intel SGX Hoffmann et al. ‘13 Manycore + DTUs microhypervisor Asmussen, Völp, … ARM Trustzone / … ASPLOS ‘16 Dagstuhl Seminar 17061 - Wildly Heterogeneous Post-CMOS Technologies Meet Software - Marcus Völp (marcus.voelp@uni.lu) 10

  11. Architectural implications What we know: • i solation (fault A ≠> fault B) • diversity secure • rejuvenation App VPFS VPFS VPFS microhypervisor Core Core Core … Memory / IO Dagstuhl Seminar 17061 - Wildly Heterogeneous Post-CMOS Technologies Meet Software - Marcus Völp (marcus.voelp@uni.lu) 11

  12. Architectural implications What we know: What we don’t know: • isolation (fault A ≠> fault B) • is the digital system abstraction enough? • diversity • how can we prove absence of side-channels? • rejuvenation • how can we insert strong isolation into … (we like to keep plug+play HW design; existing structures (FPGA, GPU, …)? • IP cores in NoC) • novel materials structures (transistor-granular reconf. circuits, …)? need strong core-to-core isolation secure µ HV VPFS VPFS VPFS App Core Core Core GPU SiNW Neuro Core FPGA Core … Memory / IO need to be isolated from local core Dagstuhl Seminar 17061 - Wildly Heterogeneous Post-CMOS Technologies Meet Software - Marcus Völp (marcus.voelp@uni.lu) 12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Catalan intransitive verbs and argument realization Alex Alsina & Fengrong Yang

Catalan intransitive verbs and argument realization Alex Alsina & Fengrong Yang

Catalan intransitive verbs and argument realization Alex Alsina & Fengrong Yang Universitat Pompeu Fabra Goal To describe and analyze the behavior of the single core argument of intransitive verbs in Catalan: The mapping between

978 views • 50 slides
NES Architectural Ltd http://www.nes-solutions.co.uk/architectural Who Are we? NES Architectural

NES Architectural Ltd http://www.nes-solutions.co.uk/architectural Who Are we? NES Architectural

NES Architectural Ltd http://www.nes-solutions.co.uk/architectural Who Are we? NES Architectural is a family owned business, based in Colchester. The manufacturing facility is 70,000 sq. ft with a staff of over 50. What do we do? NES

274 views • 16 slides
An Architectural Pattern for Non- functional Dependability Requirements Lihua Xu Hadar Ziv

An Architectural Pattern for Non- functional Dependability Requirements Lihua Xu Hadar Ziv

An Architectural Pattern for Non- functional Dependability Requirements Lihua Xu Hadar Ziv Debra Richardson Thomas Alspaugh Donald Bren School of Information and Computer Sciences, University of California, Irvine Outline Research

326 views • 11 slides
Integration of Requirements Management and Architectural Modeling Kathy Culver Applications

Integration of Requirements Management and Architectural Modeling Kathy Culver Applications

Integration of Requirements Management and Architectural Modeling Kathy Culver Applications Engineer Telelogic, North America kathy.culver@telelogic.com INCOSE Region II Fall Mini-Conference Not a presentation focusing on requirements or

674 views • 30 slides
PACE: An Architectural Style for Decentralized Trust Management Girish Suryanrayana, Justin R.

PACE: An Architectural Style for Decentralized Trust Management Girish Suryanrayana, Justin R.

PACE: An Architectural Style for Decentralized Trust Management Girish Suryanrayana, Justin R. Erenkrantz , Scott Hendrickson, Richard N. Taylor Institute for Software Research Donald Bren School of Information and Computer Sciences University

649 views • 30 slides
From ranking to intransitive preference learning: rock-paper-scissors and beyond Tapio Pahikkala 1

From ranking to intransitive preference learning: rock-paper-scissors and beyond Tapio Pahikkala 1

From ranking to intransitive preference learning: rock-paper-scissors and beyond Tapio Pahikkala 1 Willem Waegeman 2 Evgeni Tsivtsivadze 3 Tapio Salakoski 1 Bernard De Baets 2 1 TUCS, University of Turku, Finland 2 KERMIT, Ghent University, Belgium

689 views • 42 slides
Developing a Requirements Framework for Cybercraft Trust Evaluation J. Todd McDonald Shannon

Developing a Requirements Framework for Cybercraft Trust Evaluation J. Todd McDonald Shannon

Air Force Institute of Technology Develop America's Airmen Today ... for Tomorrow Developing a Requirements Framework for Cybercraft Trust Evaluation J. Todd McDonald Shannon Hunt Center for Cyberspace Research Department of Electrical and

556 views • 22 slides
Mergers and Acquisitions Navigating SEC and Stock Exchange Requirements, Warrants, Trust Accounts,

Mergers and Acquisitions Navigating SEC and Stock Exchange Requirements, Warrants, Trust Accounts,

Presenting a live 90-minute webinar with interactive Q&A Special Purpose Acquisition Companies: Structuring IPOs and Facilitating Future Mergers and Acquisitions Navigating SEC and Stock Exchange Requirements, Warrants, Trust Accounts, and

484 views • 29 slides
Adopted May 26, 2015 REQUIREMENTS The MFT Requirements for Farmland Protection Projects, set

Adopted May 26, 2015 REQUIREMENTS The MFT Requirements for Farmland Protection Projects, set

MAINE FARMLAND TRUST Requirements and Additional Considerations for Farmland Protection Projects Adopted May 26, 2015 REQUIREMENTS The MFT Requirements for Farmland Protection Projects, set forth below, assist the MFT Lands Committee, Board,

177 views • 3 slides
Definition and Evaluation of Geographic Information System Architecture using ADD and ATAM

Definition and Evaluation of Geographic Information System Architecture using ADD and ATAM

Definition and Evaluation of Geographic Information System Architecture using ADD and ATAM Ibrahim Habli 1 Outline Motivation Architectural Solution GIS Introduction Analysis of GIS Architectural Requirements Design of

801 views • 35 slides
A Perspective on Security and Trust Requirements for the Future Dr. Kenneth Plaks International

A Perspective on Security and Trust Requirements for the Future Dr. Kenneth Plaks International

A Perspective on Security and Trust Requirements for the Future Dr. Kenneth Plaks International Symposium on Physical Design April 14-17, 2019 Distribution Statement A: Approved for Public Release, Distribution Unlimited Hardware Security in

429 views • 22 slides
IAB IAB Architectural Consideration for Architectural Consideration for OPES OPES Abbie

IAB IAB Architectural Consideration for Architectural Consideration for OPES OPES Abbie

IAB IAB Architectural Consideration for Architectural Consideration for OPES OPES Abbie Barbir abbieb@nortelnetworks.com Design Team IAB consideration (RFC 3238) Brief Review of Some Issue IP-layer communications (2.2) For an OPES

216 views • 8 slides
Architectural Patterns Architectural Patterns The fundamental problem to be solved with a large

Architectural Patterns Architectural Patterns The fundamental problem to be solved with a large

Architectural Patterns Architectural Patterns The fundamental problem to be solved with a large system is how to break it into chunks manageable for human programmers to understand, implement, and maintain. Dr. James A. Bednar Large-scale

893 views • 12 slides
Requirements for Housing Trust Fund Environmental Provisions CPD Notice 16-14 Welcome and

Requirements for Housing Trust Fund Environmental Provisions CPD Notice 16-14 Welcome and

Requirements for Housing Trust Fund Environmental Provisions CPD Notice 16-14 Welcome and Speakers Speakers: Welcome - Virginia Sardone, Office of Affordable Housing Programs Presentation Lauren McNamara, Office of Environment and

1.67k views • 140 slides
Going Reactive An architectural journey Going Reactive An architectural journey Matthias

Going Reactive An architectural journey Going Reactive An architectural journey Matthias

Going Reactive An architectural journey Going Reactive An architectural journey Matthias Kppler October 2015 commit 24c61b35754ff5ca153ce37c5886279153f0d16f Author: Matthias Kaeppler <mk@soundcloud.com> Date: Wed Mar 13

700 views • 41 slides
Character/Values Conservation/Awareness Habitat Requirements Trust Respect Predator/Prey Cycle

Character/Values Conservation/Awareness Habitat Requirements Trust Respect Predator/Prey Cycle

Character/Values Conservation/Awareness Habitat Requirements Trust Respect Predator/Prey Cycle Accountability Life History Faith Food, Water, Space Patience Harassment Compassion Hazing (Aversive Hope Conditioning) Discipline

290 views • 4 slides
How R Robust is is t the Wis Wisdom o of t the Cr Crowd? Noga Alon, Michal Feldman, Omer

How R Robust is is t the Wis Wisdom o of t the Cr Crowd? Noga Alon, Michal Feldman, Omer

How R Robust is is t the Wis Wisdom o of t the Cr Crowd? Noga Alon, Michal Feldman, Omer Lev & Moshe Tennenholtz IJCAI 2015 Buenos Aires Is t this is n new m movie ie a any g good? the w world Is t this is n new m

597 views • 37 slides
Thierry E. Klein, PhD Vice Chair, 5GAA Board Head of BR Lab, Nokia Bell Labs 1 5GAA brings

Thierry E. Klein, PhD Vice Chair, 5GAA Board Head of BR Lab, Nokia Bell Labs 1 5GAA brings

Thierry E. Klein, PhD Vice Chair, 5GAA Board Head of BR Lab, Nokia Bell Labs 1 5GAA brings together automotive, technology and telecommunications companies to work closely together to develop end-to-end solutions for future mobility and

673 views • 8 slides
Introduction I Can use a directed graph as a flow network to model: Computer Science &

Introduction I Can use a directed graph as a flow network to model: Computer Science &

Introduction I Can use a directed graph as a flow network to model: Computer Science & Engineering 423/823 I Data through communication networks, water/oil/gas through pipes, Design and Analysis of Algorithms assembly lines, etc. Lecture 11

304 views • 6 slides
Moving your Virtual Machines to oVirt with ease Arik Hadas Senior Software Engineer Red Hat

Moving your Virtual Machines to oVirt with ease Arik Hadas Senior Software Engineer Red Hat

Moving your Virtual Machines to oVirt with ease Arik Hadas Senior Software Engineer Red Hat FOSDEM, 31/1/15 FOSDEM, Jan 2015 How do you run Virtual Machines? T h e r e a r e m a n y w a y s t o r u n a V M D i

440 views • 30 slides
Integrating Vehicle Control with Traffic Management Murat Arcak UC Berkeley Cross-Layer

Integrating Vehicle Control with Traffic Management Murat Arcak UC Berkeley Cross-Layer

CNTS Workshop, July 8, 2019 Integrating Vehicle Control with Traffic Management Murat Arcak UC Berkeley Cross-Layer Traffic Control Goal: Making full use of existing infrastructure by coordinating network-level, road link-level and

889 views • 13 slides
People Tracking and Pose Es5ma5on by Graph Decomposi5on Siyu Tang Holis&c Vision Group Max

People Tracking and Pose Es5ma5on by Graph Decomposi5on Siyu Tang Holis&c Vision Group Max

People Tracking and Pose Es5ma5on by Graph Decomposi5on Siyu Tang Holis&c Vision Group Max Planck Ins&tute for Intelligent Systems 04 July 2018 Overview Graph Decomposition and Multicut Multi-person Tracking Minimum cost

493 views • 37 slides
Discontinuous Galerkin Methods: An Overview and Some Applications Daya Reddy U NIVERSITY OF C APE

Discontinuous Galerkin Methods: An Overview and Some Applications Daya Reddy U NIVERSITY OF C APE

Discontinuous Galerkin Methods: An Overview and Some Applications Daya Reddy U NIVERSITY OF C APE T OWN Joint work with Beverley Grieshaber and Andrew McBride SANUM, Stellenbosch, 22 24 March 2016 Structure of talk A model elliptic

987 views • 54 slides
National Disaster Preparedness Plan (NDPP) Philippines (DRAFT) for approval of the NDRRMC

National Disaster Preparedness Plan (NDPP) Philippines (DRAFT) for approval of the NDRRMC

National Disaster Preparedness Plan (NDPP) Philippines (DRAFT) for approval of the NDRRMC

294 views • 4 slides

More recommend