authentic execution of distributed event driven
play

Authentic Execution of Distributed Event-Driven Applications with a - PowerPoint PPT Presentation

Jul 24, 2023 •268 likes •568 views

Authentic Execution of Distributed Event-Driven Applications with a Small TCB Job Noorman, Jan Tobias Mhlberg and Frank Piessens jantobias.muehlberg@cs.kuleuven.be imec-DistriNet, KU Leuven, Celestijnenlaan 200A, B-3001 Belgium STM17, Oslo,

  1. Authentic Execution of Distributed Event-Driven Applications with a Small TCB Job Noorman, Jan Tobias Mühlberg and Frank Piessens jantobias.muehlberg@cs.kuleuven.be imec-DistriNet, KU Leuven, Celestijnenlaan 200A, B-3001 Belgium STM’17, Oslo, September 2017

  2. empty Authentic Execution of Distributed Event-Driven Applications 2 /21 Jan Tobias Mühlberg Authentic Execution

  3. empty Authentic Execution of Distributed Event-Driven Applications Authentic Execution • We can explain every observed output event based on a trace of actual input events and the (source) code of the application, in the presence of network and software attackers 3 /21 Jan Tobias Mühlberg Authentic Execution

  4. empty Authentic Execution of Distributed Event-Driven Applications Authentic Execution • We can explain every observed output event based on a trace of actual input events and the (source) code of the application, in the presence of network and software attackers . . . modulo availability and confidentiality, but . . . 3 /21 Jan Tobias Mühlberg Authentic Execution

  5. empty Authentic Execution of Distributed Event-Driven Applications Authentic Execution • We can explain every observed output event based on a trace of actual input events and the (source) code of the application, in the presence of network and software attackers . . . modulo availability and confidentiality, but . . . Distributed Event-Driven Applications • Application modules execute on heterogeneous distributed infrastructure • Each module provides input and output channels that transparently connect to other modules’ channels • Physical events enter or leave the application through I/O channels • Multiple distrusting applications share the infrastructure 3 /21 Jan Tobias Mühlberg Authentic Execution

  6. empty Authentic Execution of Distributed Event-Driven Applications Authentic Execution • We can explain every observed output event based on a trace of actual input events and the (source) code of the application, in the presence of network and software attackers . . . modulo availability and confidentiality, but . . . Distributed Event-Driven Applications • Application modules execute on heterogeneous distributed infrastructure • Each module provides input and output channels that transparently connect to other modules’ channels • Physical events enter or leave the application through I/O channels • Multiple distrusting applications share the infrastructure With a small (run-time) Trusted Computing Base • Code that is not part of an application cannot interfere with that application 3 /21 Jan Tobias Mühlberg Authentic Execution

  7. empty Authentic Execution of Distributed Event-Driven Applications A (complicated & unrealistic) Example Scenario A car park with 2 parking positions and 2 monitoring applications: Violation monitor A Vio and position availability monitor A Avl Violation D P1 D P2 Button D T1 D T2 D D1 Sensor driver Sensor driver Button Display Violations: Clock driver Clock driver driver None M VioP1 M VioP2 Tick Tick M VioD Display M AvlP1 M AvlP2 Violation Untrusted OS CarMoved Untrusted OS Untrusted OS N D 1 N P 1 N P 2 D D2 Display Available: M Agg driver 2 Untrusted OS M AvlD AvlChanged Untrusted OS N Agg N D 2 4 /21 Jan Tobias Mühlberg Authentic Execution

  8. empty The Shared Infrastructure Requirements: some form of Trusted Computing • Authenticated communication • Software & device attestation • Secure I/O 5 /21 Jan Tobias Mühlberg Authentic Execution

  9. empty The Shared Infrastructure Requirements: some form of Trusted Computing • Authenticated communication • Software & device attestation • Secure I/O Implementation options • Intel SGX (no I/O) • ARM TrustZone (only one trusted world) • Sancus (lightweight & embedded, no complex computations) • . . . Embracing heterogeneity • Application modules can exploit specific features of an architecture, as long as authenticated communication and attestation are available & compatible • Prototype for Sancus 5 /21 Jan Tobias Mühlberg Authentic Execution

  10. empty Sancus: A Security Architecture for IoT [NAD + 13, NVBM + 17] • Extends TI’s MSP430 with strong security primitives • Software Component Isolation • Cryptography & Attestation • Secure I/O through isolation of MMIO ranges • Efficient • Authentication in µ s • 6% increased power consumption • Cryptographic key hierarchy for software attestation • Isolated components are typically very small ( < 1kLOC) • Sancus is Open Source: https://distrinet.cs.kuleuven.be/software/sancus/ 6 /21 Jan Tobias Mühlberg Authentic Execution

  11. empty Sancus: A Security Architecture for IoT [NAD + 13, NVBM + 17] • Extends TI’s MSP430 with N = Node; SP = Software Provider / Deployer strong security primitives SM = protected Software Module • Software Component Isolation • Cryptography & Attestation SM protected data section SM text section • Secure I/O through isolation Entry point Memory of MMIO ranges Unprotected Code & constants Unprotected Unprotected Protected data • Efficient • Authentication in µ s • 6% increased power K N , SP , SM SM metadata Protected consumption storage area K N • Cryptographic key hierarchy Layout Keys for software attestation • Isolated components are typically very small ( < 1kLOC) • Sancus is Open Source: https://distrinet.cs.kuleuven.be/software/sancus/ 7 /21 Jan Tobias Mühlberg Authentic Execution

  12. empty Attestation and Communication Ability to use K N , SP , SM proves the integrity and isolation of SM deployed by SP on N • Only N and SP can calculate K N , SP , SM N knows K N and SP knows K SP • K N , SP , SM on N is calculated after enabling isolation No isolation, no key; no integrity, wrong key • Only SM on N is allowed to use K N , SP , SM Through special instructions 8 /21 Jan Tobias Mühlberg Authentic Execution

  13. empty Attestation and Communication Ability to use K N , SP , SM proves the integrity and isolation of SM deployed by SP on N • Only N and SP can calculate K N , SP , SM N knows K N and SP knows K SP • K N , SP , SM on N is calculated after enabling isolation No isolation, no key; no integrity, wrong key • Only SM on N is allowed to use K N , SP , SM Through special instructions Remote attestation and secure communication by Authenticated Encryption with Associated Data • Confidentiality, integrity and authenticity • Encrypt and decrypt instructions use K N , SP , SM of the calling SM • Associated Data can be used for nonces to get freshness 8 /21 Jan Tobias Mühlberg Authentic Execution

  14. empty Authentic Execution of Distributed Event-Driven Applications A (complicated & unrealistic) Example Scenario A car park with 2 parking positions and 2 monitoring applications: Violation monitor A Vio and position availability monitor A Avl Violation D P1 D P2 Button D T1 D T2 D D1 Sensor driver Sensor driver Button Display Violations: Clock driver Clock driver driver None M VioP1 M VioP2 Tick Tick M VioD Display M AvlP1 M AvlP2 Violation Untrusted OS CarMoved Untrusted OS Untrusted OS N D 1 N P 1 N P 2 D D2 Display Available: M Agg driver 2 Untrusted OS M AvlD AvlChanged Untrusted OS N Agg N D 2 9 /21 Jan Tobias Mühlberg Authentic Execution

  15. empty Authentic Execution of Distributed Event-Driven Applications 1 module AvlP1 · · · 2 on Button(pressed): Standard entry stub CarMoved(entered) 3 SetKey 4 module AvlP2 Entry points Generated 5 # Similar to AvlP1 HandleInput 6 HandleOutput 7 module Agg Non-entry CarMoved1 functions 8 on CarMoved1(entered): Event handlers CarMoved2 p1 = entered 9 CbTable Generated num_avl = NUM_PARKINGS 10 Constants NUM_PARKINGS Constants if (p1): num_avl = num_avl - 1 11 12 if (p2): num_avl = num_avl - 1 · · · AvlChanged(num_avl) Standard runtime 13 14 on CarMoved2(entered): data (stack,.. . ) Generated # Similar to CarMoved1 15 KeyTable 16 NonceTable 17 module AvlD Variables p1 18 on AvlChanged(num_avl) Globals p2 Display(num_avl) 19 · · · 10 /21 Jan Tobias Mühlberg Authentic Execution

  16. empty Authentic Execution of Distributed Event-Driven Applications Developer / Software Provider provides: • Source code of all application modules · · · Standard entry stub • Deployment descriptor SetKey • Mapping modules to nodes Entry points Generated HandleInput • Configuration of communication channels HandleOutput and I/O channels Non-entry CarMoved1 functions Event handlers CarMoved2 CbTable Generated Constants NUM_PARKINGS Constants · · · Standard runtime data (stack,.. . ) Generated KeyTable NonceTable Variables p1 Globals p2 · · · 11 /21 Jan Tobias Mühlberg Authentic Execution

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Events Event-driven programming Event loop Event dispatch Event handling Event Driven

Events Event-driven programming Event loop Event dispatch Event handling Event Driven

Events Event-driven programming Event loop Event dispatch Event handling Event Driven Programming Interactive System User perceive present milliseconds or seconds faster translate express Event-driven programming is a programming

1.13k views • 49 slides
Events Event-driven programming Event loop Event dispatch Event handling Event Driven

Events Event-driven programming Event loop Event dispatch Event handling Event Driven

Events Event-driven programming Event loop Event dispatch Event handling Event Driven Programming Interactive System User perceive present milliseconds seconds or faster translat express e Event-driven programming is a programming

578 views • 47 slides
Authentic Leadership What does it mean to be authentic? Do you feel that your boss is authentic?

Authentic Leadership What does it mean to be authentic? Do you feel that your boss is authentic?

LIVE MIGHTY PRESENTS: Authentic Leadership What does it mean to be authentic? Do you feel that your boss is authentic? What are the characteristics of someone who behaves authentically and someone who does not? Authentic Leadership

542 views • 33 slides
Event Driven Simulation and Test-benches Event Driven Simulation Continuous time and value

Event Driven Simulation and Test-benches Event Driven Simulation Continuous time and value

Event Driven Simulation and Test-benches Event Driven Simulation Continuous time and value simulation used for analog circuits Differential equations should be solved Very slow, too much accuracy for digital circuits Event Driven

207 views • 9 slides
Example%Circuit%and%Terms 1 1 0 0 1 0 Test%Vector% Input%Stimulus%(1,1,0,0,1,0)

Example%Circuit%and%Terms 1 1 0 0 1 0 Test%Vector% Input%Stimulus%(1,1,0,0,1,0)

EVENT%DRIVEN%SIMULATION Verilog%simulation%uses%Event%Driven%model%of% computation Basic%knowledge%of%Event%Driven%simulation%can%help% in%writing%and%Debugging%Verilog%descriptions

243 views • 20 slides
Authentic assessment is based on a planning Authentic assessment focuses on measurement

Authentic assessment is based on a planning Authentic assessment focuses on measurement

R EF . 1.5 : A UTHENTIC A SSESSMENT P RESENTATION ON FLEX D AY F ALL 2010 Presentation on Authentic Assessment: Fall 2010 Traditional Assessment, Authentic Assessment, and Student Learning Outcomes Examples of Authentic Assessment

213 views • 5 slides
Lean is not an event Concerns Weve become event driven How many workshops,

Lean is not an event Concerns Weve become event driven How many workshops,

Lean is not an event Concerns Weve become event driven How many workshops, projects, Kaizen event, etc. have you had? Is it a quality project, worthy of our time? Do we understand the underlying principles and

393 views • 25 slides
CS 360 Programming Languages Event-Driven Programming Events and Timers and Listeners, Oh My!

CS 360 Programming Languages Event-Driven Programming Events and Timers and Listeners, Oh My!

CS 360 Programming Languages Event-Driven Programming Events and Timers and Listeners, Oh My! Control flow &quot;Traditional&quot; program: one statement at a time, line by line. Threaded program: CPU determines execution order.

401 views • 19 slides
Event-driven Architecture for Health Event Detection from Multiple Sources Dr. Kerstin Denecke

Event-driven Architecture for Health Event Detection from Multiple Sources Dr. Kerstin Denecke

Event-driven Architecture for Health Event Detection from Multiple Sources Dr. Kerstin Denecke Oslo, 31.08.2011 1 Agenda Motivation Event-driven Architectures Architecture for Health Event Detection Conclusions and Future Work

366 views • 11 slides
Events vs. Exceptions in Java (Both are objects!) Events objects contain: 1. Type of event

Events vs. Exceptions in Java (Both are objects!) Events objects contain: 1. Type of event

Event-Driven Programming Event-Driven Programming Parts of programs wait for messages from an event loop representing system events that have occurred at run-time . Handler (or Listener ) algorithms are registered for specific events and then

81 views • 7 slides
Unikernels and Event-driven Serverless Platforms Madhuri Yechuri Agenda Bio Application

Unikernels and Event-driven Serverless Platforms Madhuri Yechuri Agenda Bio Application

Unikernels and Event-driven Serverless Platforms Madhuri Yechuri Agenda Bio Application Deployment Paradigms - Past, Present, Future Why Serverless? Advantages of Event-driven Serverless Model Event-driven application: shrink

183 views • 17 slides
Transitioning from Staff Driven Special Event Fundraising to Volunteer Driven Event Fundraising

Transitioning from Staff Driven Special Event Fundraising to Volunteer Driven Event Fundraising

Transitioning from Staff Driven Special Event Fundraising to Volunteer Driven Event Fundraising November 7, 2014 How many of your camps have events? What types of events do you have? How much revenue do your events bring in each

784 views • 25 slides
Observer Design Pattern Event-Driven Design EECS3311 A &amp; E: Software Design Fall 2020 C HEN

Observer Design Pattern Event-Driven Design EECS3311 A &amp; E: Software Design Fall 2020 C HEN

Observer Design Pattern Event-Driven Design EECS3311 A &amp; E: Software Design Fall 2020 C HEN -W EI W ANG Learning Objectives 1. Motivating Problem: Distributed Clients and Servers 2. First Design Attempt: Remote Procedure Calls 3. Second

797 views • 37 slides
Sanntidsdeling av data i en API- lst verden What is event driven? Wait Signal += (event)

Sanntidsdeling av data i en API- lst verden What is event driven? Wait Signal += (event)

Sanntidsdeling av data i en API- lst verden What is event driven? Wait Signal += (event) =&gt; you say; Business TimeSeries / Discreet Truth of the system DataPoints Named intentionally Measurements Represents the domain

668 views • 29 slides
ECE 3574: Applied Software Design: Memory Management, Event-driven Code Today we are going to

ECE 3574: Applied Software Design: Memory Management, Event-driven Code Today we are going to

ECE 3574: Applied Software Design: Memory Management, Event-driven Code Today we are going to look at two simple approaches to replacing the C/C++ library heap allocator and then introduce event driven programming in the context of embedded

271 views • 25 slides
Data Driven Manufacturing Event An event for people wanting to improve productivity at their

Data Driven Manufacturing Event An event for people wanting to improve productivity at their

Data Driven Manufacturing Event An event for people wanting to improve productivity at their factories July 31 st 9am 4pm at Johnson County Community College Regnier Center - Capitol Federal Conference Center (RC101) Provided by Rensenhouse

265 views • 4 slides
The Clocks Are Ticking: No More Delays! Reduction Semantics for Type Theory with Guarded

The Clocks Are Ticking: No More Delays! Reduction Semantics for Type Theory with Guarded

The Clocks Are Ticking: No More Delays! Reduction Semantics for Type Theory with Guarded Recursion Patrick Bahr 1 Hans Bugge Grathwohl 2 Rasmus Mgelberg 1 1 IT University of Copenhagen 2 Aarhus University What is guarded recursion?

710 views • 48 slides
CS 5630/6630 Scientific Visualization Elementary Plotting Techniques I Motivation Everyone

CS 5630/6630 Scientific Visualization Elementary Plotting Techniques I Motivation Everyone

CS 5630/6630 Scientific Visualization Elementary Plotting Techniques I Motivation Everyone uses plotting It is easy to lie or to deceive people with bad plots Default plotting tools are terrible Most people ignore or are

601 views • 48 slides
STEPPING TOWARDS A NOISELESS LINUX ENVIRONMENT Hakan Akkan*, Michael Lang , Lorie Liebrock*

STEPPING TOWARDS A NOISELESS LINUX ENVIRONMENT Hakan Akkan*, Michael Lang , Lorie Liebrock*

ROSS 2012 | June 29 2012 | Venice, Italy STEPPING TOWARDS A NOISELESS LINUX ENVIRONMENT Hakan Akkan*, Michael Lang , Lorie Liebrock* Presented by: Abhishek Kulkarni * New Mexico Tech Ultrascale Systems Research Center New

667 views • 31 slides
RDF stream processing models Daniele DellAglio , daniele.dellaglio@polimi.it Jean-Paul

RDF stream processing models Daniele DellAglio , daniele.dellaglio@polimi.it Jean-Paul

Stream Reasoning For Linked Data M. Balduini, J-P Calbimonte, O. Corcho, D. Dell'Aglio, E. Della Valle, and J.Z. Pan http://streamreasoning.org/sr4ld2013 RDF stream processing models Daniele DellAglio , daniele.dellaglio@polimi.it Jean-Paul

713 views • 36 slides
Do Retail Trades Move Markets? Brad Barber Terrance Odean Ning Zhu Do Noise Traders Move

Do Retail Trades Move Markets? Brad Barber Terrance Odean Ning Zhu Do Noise Traders Move

Do Retail Trades Move Markets? Brad Barber Terrance Odean Ning Zhu Do Noise Traders Move Markets? 1. Small trades are proxy for individual investors trades. 2. Individual investors trading is correlated: Across stocks Across months 3.

621 views • 31 slides
Computer Systems Lecture 13 Pipeline Stages CS 230 - Spring 2020 3-1 System Layers

Computer Systems Lecture 13 Pipeline Stages CS 230 - Spring 2020 3-1 System Layers

CS 230 Introduction to Computers and Computer Systems Lecture 13 Pipeline Stages CS 230 - Spring 2020 3-1 System Layers Python/C/Racket Code Multiprocessing and Operating Systems Build and Runtime Environments Memory and Caching

370 views • 35 slides
A NALYSIS OF A LGORITHMS Acknowledgement: The course slides are adapted from the slides

A NALYSIS OF A LGORITHMS Acknowledgement: The course slides are adapted from the slides

BBM 202 - ALGORITHMS D EPT . OF C OMPUTER E NGINEERING A NALYSIS OF A LGORITHMS Acknowledgement: The course slides are adapted from the slides prepared by R. Sedgewick and K. Wayne of Princeton University. T ODAY Analysis of

1.24k views • 75 slides
Skin and Soft Tissue Infections: MRSA and Beyond Catherine Liu, M.D. Assistant Clinical Professor

Skin and Soft Tissue Infections: MRSA and Beyond Catherine Liu, M.D. Assistant Clinical Professor

5/28/2013 Skin and Soft Tissue Infections: MRSA and Beyond Catherine Liu, M.D. Assistant Clinical Professor Division of Infectious Diseases University of California, San Francisco Overview Abscesses Cellulitis Recurrent SSTI Animal

597 views • 26 slides

More recommend