The Experts below are selected from a list of 60264 Experts worldwide ranked by ideXlab platform
Jun Yang - One of the best experts on this subject based on the ideXlab platform.
-
HPCA - D-ORAM: Path-ORAM Delegation for Low Execution Interference on Cloud Servers with Untrusted Memory
2018 IEEE International Symposium on High Performance Computer Architecture (HPCA), 2018Co-Authors: Rujia Wang, Youtao Zhang, Jun YangAbstract:Cloud computing has evolved into a promising computing paradigm. However, it remains a challenging task to Protect Application privacy and, in particular, the memory access patterns, on cloud servers. The Path ORAM protocol achieves high-level privacy Protection but requires large memory bandwidth, which introduces severe execution interference. The recently proposed secure memory model greatly reduces the security enhancement overhead but demands the secure integration of cryptographic logic and memory devices, a memory architecture that is yet to prevail in mainstream cloud servers.,,,, In this paper, we propose D-ORAM, a novel Path ORAM scheme for achieving high-level privacy Protection and low execution interference on cloud servers with untrusted memory. D-ORAM leverages the buffer-on-board (BOB) memory architecture to offload the Path ORAM primitives to a secure engine in the BOB unit, which greatly alleviates the contention for the off-chip memory bus between secure and non-secure Applications. D-ORAM upgrades only one secure memory channel and employs Path ORAM tree split to extend the secure Application flexibly across multiple channels, in particular, the non-secure channels. D-ORAM optimizes the link utilization to further improve the system performance. Our evaluation shows that D-ORAM effectively Protects Application privacy on mainstream computing servers with untrusted memory, with an improvement of NS-App performance by 22.5% on average over the Path ORAM baseline.
Ryan Riley - One of the best experts on this subject based on the ideXlab platform.
-
ICCAD - Hardening extended memory access control schemes with self-verified address spaces
2017 IEEE ACM International Conference on Computer-Aided Design (ICCAD), 2017Co-Authors: Jesse Elwell, Dmitry Evtyushkin, Dmitry Ponomarev, Nael Abu-ghazaleh, Ryan RileyAbstract:In this paper we revisit the security properties of extended access control schemes that are used to Protect Application secrets from untrusted system software. We demonstrate the vulnerability of several recent proposals to a class of attacks we call mapping attacks. We argue that Protection from such attacks requires verification of the address space integrity and propose the concept of self-verified address spaces (SVAS), where the Applications themselves are made aware of the requested changes in the page mappings and are placed in charge of verifying them. SVAS equips an Application with a customized verification model with several attractive functional and performance properties. We implemented the attacks and a complete prototype of SVAS in Linux and the QEMU emulator. Our results demonstrate that SVAS can prevent mapping attacks on extended access control systems with minimal performance overhead, hardware modifications and software complexity.
D. V. Silakov - One of the best experts on this subject based on the ideXlab platform.
-
Using virtualization to Protect Application address space inside untrusted environment
Programming and Computer Software, 2012Co-Authors: D. V. SilakovAbstract:The paper describes a virtualization-based approach to Protecting context of trusted processes running inside potentially compromised environment. Suggested Protection system is based on a hypervisor that monitors all events inside operating system and prevents unauthorized access to process resources. The approach does not require modification of OS or Applications; the only requirement for hardware is support for virtualization.
-
Using Hardware-Assisted Virtualization to Protect Application Address Space Inside Untrusted Environment
2011Co-Authors: D. V. SilakovAbstract:In this paper we present a virtualization-based approach of Protecting execution of trusted Applications inside potentially compromised operating system. In out approach, we do not isolate Application from other processes in any way instead, we use hypervisor to control processes inside OS and to prevent undesired actions with Application resources. The only requirement for our technique to work is presence of hardware support for virtualization no modifications in Application or OS are required.
Eric Roman - One of the best experts on this subject based on the ideXlab platform.
-
End-to-End Resilience for HPC Applications
Lecture Notes in Computer Science, 2019Co-Authors: Arash Rezaei, Harsh Khetawat, Onkar Patil, Frank Mueller, Paul Hargrove, Eric RomanAbstract:A plethora of resilience techniques have been investigated to Protect Application kernels. If, however, such techniques are combined and they interact across kernels, new vulnerability windows are created. This work contributes the idea of end-to-end resilience by Protecting windows of vulnerability between kernels guarded by different resilience techniques. It introduces the live vulnerability factor (LVF), a new metric that quantifies any lack of end-to-end Protection for a given data structure. The work further promotes end-to-end Application Protection across kernels via a pragma-based specification for diverse resilience schemes with minimal programming effort. This lifts the data Protection burden from Application programmers allowing them to focus solely on algorithms and performance while resilience is specified and subsequently embedded into the code through the compiler/library and supported by the runtime system. In experiments with case studies and benchmarks, end-to-end resilience has an overhead over kernel-specific resilience of less than \(3\%\) on average and increases Protection against bit flips by a factor of three to four.
Dhabaleswar K. Panda - One of the best experts on this subject based on the ideXlab platform.
-
IPDPS - Asynchronous zero-copy communication for synchronous sockets in the sockets direct protocol (SDP) over InfiniBand
Proceedings 20th IEEE International Parallel & Distributed Processing Symposium, 2006Co-Authors: Pavan Balaji, S. Bhagvat, Dhabaleswar K. PandaAbstract:Sockets direct protocol (SDP) is an industry standard pseudo sockets-like implementation to allow existing sockets Applications to directly and transparently take advantage of the advanced features of current generation networks such as InfiniBand. The SDP standard supports two kinds of sockets semantics, viz., synchronous sockets (e.g., used by Linux, BSD, Windows) and asynchronous sockets (e.g., used by Windows, upcoming support in Linux). Due to the inherent benefits of asynchronous sockets, the SDP standard allows several intelligent approaches such as source-avail and sink-avail based zero-copy for these sockets. Unfortunately, most of these approaches are not beneficial for the synchronous sockets interface. Further, due to its portability, ease of use and support on a wider set of platforms, the synchronous sockets interface is the one used by most sockets Applications today. Thus, a mechanism by which the approaches proposed for asynchronous sockets can be used for synchronous sockets is highly desirable. In this paper, we propose one such mechanism, termed as AZ-SDP (asynchronous zero-copy SDP), where we memory-Protect Application buffers and carry out communication asynchronously while maintaining the synchronous sockets semantics. We present our detailed design in this paper and evaluate the stack with an extensive set of benchmarks. The experimental results demonstrate that our approach can provide an improvement of close to 35% for medium-message unidirectional throughput and up to a factor of 2 benefit for computation-communication overlap tests and multi-connection benchmarks.
