first year review wp2 overview
play

First year review WP2 overview Trento - September 24th, 2007 1 - PowerPoint PPT Presentation

Aug 28, 2022 •262 likes •781 views

First year review WP2 overview Trento - September 24th, 2007 1 Goal To investigate software-only methodologies to implement the remote entrusting principle 2 Partners POLITO (WP leader) Team: Team: Team: - - - Mario

  1. First year review WP2 overview Trento - September 24th, 2007 1

  2. Goal • To investigate software-only methodologies to implement the remote entrusting principle 2

  3. Partners • POLITO (WP leader) • Team: • • Team: Team: - - - Mario BALDI Mario BALDI Mario BALDI - - - Stefano DI CARLO Stefano DI CARLO Stefano DI CARLO - - - Paolo FALCARIN Paolo FALCARIN Paolo FALCARIN - - - Antonio DURANTE Antonio DURANTE Antonio DURANTE - - - Alberto SCIONTI Alberto SCIONTI Alberto SCIONTI - - - Davide D’ Davide D ’APRILE APRILE Davide D’APRILE 3

  4. Partners • POLITO (WP leader) • UNITN • Team: • • Team: Team: • • • Paolo TONELLA Paolo TONELLA Paolo TONELLA • • • Mariano CECCATO Mariano CECCATO Mariano CECCATO • • • Jasvir NAGRA Jasvir NAGRA Jasvir NAGRA • • • Milla DALLA PREDA Milla DALLA PREDA Milla DALLA PREDA • • • Amitabh SAXENA Amitabh SAXENA Amitabh SAXENA 4

  5. Partners • POLITO (WP leader) • UNITN • KUL - Team: - - Team: Team: - - - Bart PRENEEL Bart PRENEEL Bart PRENEEL - - - Brecht WYSEUR Brecht WYSEUR Brecht WYSEUR - - - Jan CAPPAERT Jan CAPPAERT Jan CAPPAERT - - - Thomas HERLEA Thomas HERLEA Thomas HERLEA 5

  6. Partners • POLITO (WP leader) • UNITN • KUL • SPIIRAS • Team: • • Team: Team: • • • Igor KOTENKO Igor KOTENKO Igor KOTENKO • • • Vasily DESNITSKY Vasily DESNITSKY Vasily DESNITSKY • • • Victor VORONTSOV Victor VORONTSOV Victor VORONTSOV • • • Vitaly BOGDANOV Vitaly BOGDANOV Vitaly BOGDANOV 6

  7. Partners • POLITO (WP leader) • UNITN • KUL • SPIIRAS • Team: • GEM • • Team: Team: • • • Pierre GIRARDSté Pierre GIRARDSt éphane SOCIE phane SOCIE Pierre GIRARDStéphane SOCIE 7

  8. Tasks D2.1 D2.2 M0 M3 M6 M9 M12 M15 M18 M21 M24 M27 M30 M33 M36 T2.1 T2.1 T2.2 T2.2 T2.3 T2.3 T2.4 T2.4 T2.5 T2.5 T2.6 T2.6 8

  9. Tasks T2.1 T2.1 M10 M11 M12 M13 M14 M15 M16 ... M10 M11 M12 M13 M14 M15 M16 ... M1 M1 M2 M2 M3 M3 M4 M4 M5 M5 M6 M6 M7 M7 M8 M8 M9 M9 T2.1 T2.1 T2.2 T2.2 T2.3 T2.3 T2.4 T2.4 T2.5 T2.5 9

  10. T2.1 T2.1 Trust model • Definition of the trust model for software only remote entrusting • The output of this task is the deliverable D2.1: - Trust model and assumption for software based TR methods 10

  11. T2.1 T2.1 Trust model Untrusted platform (U) Trusted platform (T) HW HW OS OS TAG P TAG P TAG seq. TAG seq. TAG seq. TAG seq. Validation Validation M M Monitor replacement M M Monitor replacement o o n n i i t t o o r r r r e e p p l l a a c c e Monitor Monitor e m m e e n n t t factory factory 11

  12. Tasks T2.2 T2.2 M10 M11 M12 M13 M14 M15 M16 ... M10 M11 M12 M13 M14 M15 M16 ... M1 M1 M2 M2 M3 M3 M4 M4 M5 M5 M6 M6 M7 M7 M8 M8 M9 M9 T2.1 T2.1 T2.2 T2.2 T2.3 T2.3 T2.4 T2.4 T2.5 T2.5 12

  13. T2.2 T2.2 Secure interlocking and authenticity checking • Definition of software techniques to: - Securely combine the program P and the monitor M - Protect the authenticity of code and data of P 13

  14. T2.2 T2.2 T2.2 Secure interlocking and authenticity checking Invariants Monitoring (POLITO) • A program invariant is a property that is true at a particular program execution point • Invariant monitoring aims at detecting attacks to the state of a program P by continuously checking dynamically inferred invariants 14

  15. T2.2 T2.2 T2.2 Secure interlocking and authenticity checking Invariants Monitoring (POLITO) • Invariants monitoring workflow � - Invariants definition (available tools: DAIKON by Michael D. Ernst) - Selection of the set I’ of relevant invariants to protect a subset S’ of the state of P How to select S’ and I’ still an open challenge? 15

  16. T2.2 T2.2 � T2.2 Secure interlocking and authenticity checking Invariants Monitoring (POLITO) � - Definition of a monitor M able to periodically send information about S’ to T T verifies if the selected list of invariants I’ is always respected Any violation is detected as an attack • Invariants monitoring is not 100% secure • A prototype C++ application performing strings elaboration is available 16

  17. T2.2 T2.2 T2.2 Secure interlocking and authenticity checking Barrier slicing (UNITN) • Aims at protecting the state of P by moving part of its code from U to T • It presents an alternative architecture w.r.t. the presented trust model • Trade-off between security and performance 17

  18. T2.2 T2.2 T2.2 Secure interlocking and authenticity checking Barrier slicing (UNITN) 1 time2 = System.currentTimeMillis(); 1 time2 = System.currentTimeMillis(); double delta = speed * (time2 – time); 2 2 double delta = speed * (time2 – time); • A set S of variables to x = x + delta * cos(direction); 3 3 x = x + delta * cos(direction); 4 y = y + delta * sin(direction); y = y + delta * sin(direction); 4 5 Server.sendPosition(x,y); 5 Server.sendPosition(x,y); protect is removed U 6 if (track.isInBox(x, y)){ 6 if (track.isInBox(x, y)){ gas = maxGas; 7 7 gas = maxGas; 8 lastFuel = time2; lastFuel = time2; 8 • Program slicing: the 9 } } 9 10 else { 10 else { gas = maxGas - ( int ) (time2-lastFuel); (executable) slice of P 11 11 gas = maxGas - ( int ) (time2-lastFuel); 12 if (gas < 0) { if (gas < 0) { 12 responsible of the 13 gas = 0; 13 gas = 0; 14 if (speed > maxSpeed /10) 14 if (speed > maxSpeed /10) variables in S is moved speed = maxSpeed /10; 15 15 speed = maxSpeed /10; 16 else if (speed < minSpeed/10) else if (speed < minSpeed/10) 16 to T 17 speed = minSpeed/10; speed = minSpeed/10; 17 } } 18 } } 18 time = time2; 18 time = time2;

  19. T2.2 T2.2 T2.2 Secure interlocking and authenticity checking Barrier slicing (UNITN) • Untrusted platform (U) - Use of variables in S replaced by queries and synchronization statements to T • Trusted platform (T) - A barrier slicing running for each untrusted platform - Query and synchronization statements managed for each untrusted platform 19

  20. T2.2 T2.2 T2.2 Secure interlocking and authenticity checking Barrier slicing (UNITN) • Example: barrier slice implemented on a simple car race game written in JAVA • A complete description of the approach published - Mariano Ceccato, Mila Dalla Preda, Jasvir Nagra, Christian Collberg, Paolo Tonella, Barrier Slicing for Remote Software Trusting, 7th IEEE International Working Conference on Source Code Analysis and Manipulation - Jasvir Nagra, Mariano Ceccato and Paolo Tonella, “Distributing Trust Verification to Increase Application Performance”, in PDP2008, February 13-15, 2008, Toulose, France 20

  21. T2.2 T2.2 T2.2 Secure interlocking and authenticity checking White-Box Remote Procedure Call - WBRPC (UNITN, KUL) • The name RPC implies the ability of a trusted platform T to execute an arbitrary program P on an untrusted platform U - In collaboration with Prof. Amir HERZBERG • The key idea is the use of an O bfuscated V irtual M achine (OVM) 21

  22. T2.2 T2.2 T2.2 Secure interlocking and authenticity checking White-Box Remote Procedure Call - WBRPC (UNITN, KUL) • WBRPC workflow - P is encrypted by T to get E(P) - E(P) and the inputs a are sent to U for execution under OVM 22

  23. T2.2 T2.2 � T2.2 Secure interlocking and authenticity checking White-Box Remote Procedure � � Call - WBRPC (UNITN, KUL) � - OVM performs the following tasks: Computes P = D ( E(P) ) Computes y = P(a) Computes z = E(y) Sends z to T - T has the decryption key and computes y = P(a) = D(z) 23

  24. T2.2 T2.2 T2.2 Secure interlocking and authenticity checking White-Box Remote Procedure Call - WBRPC (UNITN, KUL) • Under reasonable definition of obfuscator, we can show that OVM provides confidentiality of programs and integrity of execution of program 24

  25. Tasks T2.3 T2.3 M10 M11 M12 M13 M14 M15 M16 ... M10 M11 M12 M13 M14 M15 M16 ... M1 M1 M2 M2 M3 M3 M4 M4 M5 M5 M6 M6 M7 M7 M8 M8 M9 M9 T2.1 T2.1 T2.2 T2.2 T2.3 T2.3 T2.4 T2.4 T2.5 T2.5 25

  26. T2.3 T2.3 Dynamic replacement for increased tamper resistance • Investigation of innovative methods exploiting the “time dimension” to increase overall tamper resistance of M • The research activities of this task contribute to the deliverable D2.2: - Methods to dynamically replace the secure software module and to securely interlock applications with secure software modules 26

  27. T2.3 T2.3 Dynamic replacement for increased tamper resistance • Current (software-based) techniques co- bundle monitoring code with application code: - Position and behavior are hidden • Threat (well-financed skilled attacker) - The user has full access on U and can exploit any type of reverse engineering facilities to break the monitoring code 27

  28. T2.3 T2.3 Dynamic replacement for increased tamper resistance • Continuos replacement of M - Selected software component and parameters of M are continuously replaced to make reverse engineering costs too high • Dynamic replacement requires: - A mobility infrastructure - A binding support 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

5-Year Review OCP Monitoring Program 5 Year Review Annual Review Five Year Review

5-Year Review OCP Monitoring Program 5 Year Review Annual Review Five Year Review

OFFICIAL COMMUNITY PLAN 5-Year Review OCP Monitoring Program 5 Year Review Annual Review Five Year Review Snapshot of progress Trends and forecasts 17 annual indicators Identification of policy implications for

925 views • 40 slides
Year-end results For the year ended 31 December 2016 Overview Financial review Portfolio review

Year-end results For the year ended 31 December 2016 Overview Financial review Portfolio review

Year-end results For the year ended 31 December 2016 Overview Financial review Portfolio review Summary Appendix KWE proven business model Unlocking value of under-resourced real estate Real estate operators 1. 2. Bottom up Active

875 views • 56 slides
2019 USPS-R Fiscal Year-End Review 2019 Fiscal Year-End Review Please remember to follow the

2019 USPS-R Fiscal Year-End Review 2019 Fiscal Year-End Review Please remember to follow the

2019 USPS-R Fiscal Year-End Review 2019 Fiscal Year-End Review Please remember to follow the USPS-R Fiscal Year End Checklist when completing your fiscal year end process. 2 Pre-Closing-Overview Life Insurance Premium-NC1 Payments

807 views • 59 slides
Presentation FOR THE YEAR ENDED 30 JUNE 2017 1 1 Contents Group Review Portfolio Overview

Presentation FOR THE YEAR ENDED 30 JUNE 2017 1 1 Contents Group Review Portfolio Overview

Annual Results Presentation FOR THE YEAR ENDED 30 JUNE 2017 1 1 Contents Group Review Portfolio Overview FY17 Financial Review Case Studies Market Overview Looking Ahead Q&amp;A 2 Grit Team Presenters Bronwyn Corbett Chief

691 views • 52 slides
UOIT Third Year Review Part 1: The Process Part 2: Documentation 1 3 rd Year Review

UOIT Third Year Review Part 1: The Process Part 2: Documentation 1 3 rd Year Review

UOITFA Third Year Review Workshop 2019-05-21 UOIT Third Year Review Part 1: The Process Part 2: Documentation 1 3 rd Year Review Article 19 of the Collective Agreement Give feedback and advice to tenure- stream Faculty Members at

492 views • 11 slides
Year-End Closing Procedures Overview Calendar Year-End Closing Review New field in VENSCN

Year-End Closing Procedures Overview Calendar Year-End Closing Review New field in VENSCN

2015 Calendar Year-End Closing Procedures Overview Calendar Year-End Closing Review New field in VENSCN &amp; VENLOAD New extract program for 1099s Different Reference Materials TIN Error document IRS 2108A document TIN

351 views • 21 slides
UOIT Third Year Review 1 3 rd Year Review ! Article 19 of the Collective Agreement Give

UOIT Third Year Review 1 3 rd Year Review ! Article 19 of the Collective Agreement Give

UOIT%Faculty%Associa1on%3%Third%Year%Review% 16305311% Workshop%2016% UOIT Third Year Review 1 3 rd Year Review ! Article 19 of the Collective Agreement Give feedback and advice to tenure- stream Faculty Members at the rank of Assistant

439 views • 11 slides
4 Year Review Workshop Agenda 8:00 a.m. - Introductions 8:15 a.m. - What is 4 Year Review?

4 Year Review Workshop Agenda 8:00 a.m. - Introductions 8:15 a.m. - What is 4 Year Review?

Common Academic Program: 4 Year Review Workshop Agenda 8:00 a.m. - Introductions 8:15 a.m. - What is 4 Year Review? 8:20 a.m. - What is the Process? 8:30 a.m. - Experience with Assessment 9:30 a.m. - Planning &amp; Next Steps What is 4

657 views • 26 slides
31 December 2016 CONTENTS CONTENTS OVERVIEW MARKET REVIEW OPERATIONAL REVIEW FINANCIAL REVIEW

31 December 2016 CONTENTS CONTENTS OVERVIEW MARKET REVIEW OPERATIONAL REVIEW FINANCIAL REVIEW

Audited Annual Results for the year ended 31 December 2016 CONTENTS CONTENTS OVERVIEW MARKET REVIEW OPERATIONAL REVIEW FINANCIAL REVIEW OUTLOOK Disclaimer The information presented in this presentation is of a general nature and the

491 views • 34 slides
YEAR END WRAP- YEAR END WRAP -UP UP A Review of Legislative, Labour and Employment Law

YEAR END WRAP- YEAR END WRAP -UP UP A Review of Legislative, Labour and Employment Law

YEAR END WRAP- YEAR END WRAP -UP UP A Review of Legislative, Labour and Employment Law Developments in 2008 Colleen Dunlop Adrian Schofield November 28, 2008 1 www.emondharnden.com Session Overview Case Law Update Keays

693 views • 31 slides
The Year in Review The Year in Review Dr. Jeremy Haefner Provost and Senior Vice President for

The Year in Review The Year in Review Dr. Jeremy Haefner Provost and Senior Vice President for

The Year in Review The Year in Review Dr. Jeremy Haefner Provost and Senior Vice President for Academic Affairs May 2009 Year in Re ie Year in Review Roadmap Roadmap The Big Picture The 8 Priorities The Initiatives

807 views • 37 slides
MULTILINGUALWEB Year 2 review Contents I. Project Overview II. Limerick workshop III.

MULTILINGUALWEB Year 2 review Contents I. Project Overview II. Limerick workshop III.

MULTILINGUALWEB Year 2 review Contents I. Project Overview II. Limerick workshop III. Luxembourg workshop IV. Practical items V. Communication &amp; mobilisation VI. Admin &amp; finance Project Overview Overall objectives for 2 nd period

440 views • 22 slides
State of XT Software: The Year in Review The Year in Review David Wallace Director, Technical

State of XT Software: The Year in Review The Year in Review David Wallace Director, Technical

State of XT Software: The Year in Review The Year in Review David Wallace Director, Technical Project Lead dbw@cray.com XT Year in Review Accomplishments over the last 12 months Brief Glimpse of Future May 8, 2008 Cray Inc. Proprietary

682 views • 19 slides
DISPROPORTIONATE SHARE HOSPITAL (DSH) PAYMENT EXAMINATION UPDATE DSH YEAR 2017 OVERVIEW DSH

DISPROPORTIONATE SHARE HOSPITAL (DSH) PAYMENT EXAMINATION UPDATE DSH YEAR 2017 OVERVIEW DSH

DISPROPORTIONATE SHARE HOSPITAL (DSH) PAYMENT EXAMINATION UPDATE DSH YEAR 2017 OVERVIEW DSH Examination Policy DSH Year 2017 Examination Timeline DSH Year 2017 Examination Impact Paid Claims Data Review Review of DSH Year

1.43k views • 96 slides
Full Year Results for the year ended 31 May 2019 25 July 2019 Agenda Adam Palser Overview CEO

Full Year Results for the year ended 31 May 2019 25 July 2019 Agenda Adam Palser Overview CEO

Full Year Results for the year ended 31 May 2019 25 July 2019 Agenda Adam Palser Overview CEO Tim Kowalski Financial review CFO Adam Palser Business review CEO Q&amp;A Appendix 2 Overview Profits : H2 EBIT up 11% to 18.9m (H2

1.01k views • 37 slides
Year-end results For the year ended 31 December 2015 26 February 2016 Agenda Overview Mary

Year-end results For the year ended 31 December 2015 26 February 2016 Agenda Overview Mary

Year-end results For the year ended 31 December 2015 26 February 2016 Agenda Overview Mary Ricks, CEO Financial review Fraser Kennedy, Head of Finance Portfolio review Peter Collins, COO Summary Mary Ricks, CEO Q&amp;A 1 Kennedy Wilson

912 views • 73 slides
First Half of the Fiscal Year Ending February 2020 (1H FY2/20) Results Briefing From March 1 to

First Half of the Fiscal Year Ending February 2020 (1H FY2/20) Results Briefing From March 1 to

First Half of the Fiscal Year Ending February 2020 (1H FY2/20) Results Briefing From March 1 to August 31, 2019 WARABEYA NICHIYO HOLDINGS CO., LTD. (2918) October 8, 2019 (2918) 2016 4 15 Overview of Financial Results for 1H

447 views • 19 slides
Neutral Networks of Real-World Programs and their Application to Automated Software Evolution

Neutral Networks of Real-World Programs and their Application to Automated Software Evolution

Neutral Networks of Real-World Programs and their Application to Automated Software Evolution Eric Schulte Department of Computer Science University of New Mexico Albuquerque, NM July 2014 Neutral Networks and Automated Software Evolution

1.51k views • 147 slides
Scaling Regression Testing to Large Software Systems Alessandro Orso Co-authors: Nanjuan Shi,

Scaling Regression Testing to Large Software Systems Alessandro Orso Co-authors: Nanjuan Shi,

Scaling Regression Testing to Large Software Systems Alessandro Orso Co-authors: Nanjuan Shi, Mary Jean Harrold College of Computing Georgia Institute of Technology Supported in part by National Science Foundation (awards CCR-0306372,

721 views • 32 slides
Verification of Industry Code : Challenges R Venkatesh r.venky@tcs.com 1 Overview Focus of

Verification of Industry Code : Challenges R Venkatesh r.venky@tcs.com 1 Overview Focus of

Verification of Industry Code : Challenges R Venkatesh r.venky@tcs.com 1 Overview Focus of talk Scalability problems in industry code Ideas we are exploring Formal verification @ TRDDC Apply academic ideas to address

174 views • 13 slides
Verifying Array Manipulating Programs by Tiling Authors: Supratik Chakraborty, Ashutosh Gupta,

Verifying Array Manipulating Programs by Tiling Authors: Supratik Chakraborty, Ashutosh Gupta,

Verifying Array Manipulating Programs by Tiling Authors: Supratik Chakraborty, Ashutosh Gupta, Divyesh Unadkat R Venkatesh TCS Research December 11-16, 2017 Winter School in Software Engineering Pune, India Authors: Supratik Chakraborty,

1.04k views • 76 slides
Presentation GSPP More pictures Disinfection of hands Disinfection of hands Disinfection of

Presentation GSPP More pictures Disinfection of hands Disinfection of hands Disinfection of

Presentation GSPP More pictures Disinfection of hands Disinfection of hands Disinfection of hands Disinfection of hands Disinfection of hands and shoes shoes Disinfection of hands and feet Disinfection of hands and feet Disinfection matt

561 views • 15 slides
Presentation Q1 2010 1 Disclaimer This presentation has been prepared by Duni AB (the

Presentation Q1 2010 1 Disclaimer This presentation has been prepared by Duni AB (the

Presentation Q1 2010 1 Disclaimer This presentation has been prepared by Duni AB (the Company) solely for use at this investor presentation and is furnished to you solely for your information and may not be reproduced or redistributed,

432 views • 16 slides
A Fast Database for Large Observational or Simulation Datasets Adrian M. Partl Leibniz-Institut

A Fast Database for Large Observational or Simulation Datasets Adrian M. Partl Leibniz-Institut

A Fast Database for Large Observational or Simulation Datasets Adrian M. Partl Leibniz-Institut fr Astrophysik Potsdam (AIP) Monday, October 22, 12 Big Data in Astronomy and Astrophysics a tsunami of data... Raw data usually with

164 views • 14 slides

More recommend