authentic execution of distributed event driven
play

Authentic Execution of Distributed Event-Driven Applications with a - PowerPoint PPT Presentation

Jul 24, 2023 •268 likes •568 views

Authentic Execution of Distributed Event-Driven Applications with a Small TCB Job Noorman, Jan Tobias Mhlberg and Frank Piessens jantobias.muehlberg@cs.kuleuven.be imec-DistriNet, KU Leuven, Celestijnenlaan 200A, B-3001 Belgium STM17, Oslo,

  1. Authentic Execution of Distributed Event-Driven Applications with a Small TCB Job Noorman, Jan Tobias Mühlberg and Frank Piessens jantobias.muehlberg@cs.kuleuven.be imec-DistriNet, KU Leuven, Celestijnenlaan 200A, B-3001 Belgium STM’17, Oslo, September 2017

  2. empty Authentic Execution of Distributed Event-Driven Applications 2 /21 Jan Tobias Mühlberg Authentic Execution

  3. empty Authentic Execution of Distributed Event-Driven Applications Authentic Execution • We can explain every observed output event based on a trace of actual input events and the (source) code of the application, in the presence of network and software attackers 3 /21 Jan Tobias Mühlberg Authentic Execution

  4. empty Authentic Execution of Distributed Event-Driven Applications Authentic Execution • We can explain every observed output event based on a trace of actual input events and the (source) code of the application, in the presence of network and software attackers . . . modulo availability and confidentiality, but . . . 3 /21 Jan Tobias Mühlberg Authentic Execution

  5. empty Authentic Execution of Distributed Event-Driven Applications Authentic Execution • We can explain every observed output event based on a trace of actual input events and the (source) code of the application, in the presence of network and software attackers . . . modulo availability and confidentiality, but . . . Distributed Event-Driven Applications • Application modules execute on heterogeneous distributed infrastructure • Each module provides input and output channels that transparently connect to other modules’ channels • Physical events enter or leave the application through I/O channels • Multiple distrusting applications share the infrastructure 3 /21 Jan Tobias Mühlberg Authentic Execution

  6. empty Authentic Execution of Distributed Event-Driven Applications Authentic Execution • We can explain every observed output event based on a trace of actual input events and the (source) code of the application, in the presence of network and software attackers . . . modulo availability and confidentiality, but . . . Distributed Event-Driven Applications • Application modules execute on heterogeneous distributed infrastructure • Each module provides input and output channels that transparently connect to other modules’ channels • Physical events enter or leave the application through I/O channels • Multiple distrusting applications share the infrastructure With a small (run-time) Trusted Computing Base • Code that is not part of an application cannot interfere with that application 3 /21 Jan Tobias Mühlberg Authentic Execution

  7. empty Authentic Execution of Distributed Event-Driven Applications A (complicated & unrealistic) Example Scenario A car park with 2 parking positions and 2 monitoring applications: Violation monitor A Vio and position availability monitor A Avl Violation D P1 D P2 Button D T1 D T2 D D1 Sensor driver Sensor driver Button Display Violations: Clock driver Clock driver driver None M VioP1 M VioP2 Tick Tick M VioD Display M AvlP1 M AvlP2 Violation Untrusted OS CarMoved Untrusted OS Untrusted OS N D 1 N P 1 N P 2 D D2 Display Available: M Agg driver 2 Untrusted OS M AvlD AvlChanged Untrusted OS N Agg N D 2 4 /21 Jan Tobias Mühlberg Authentic Execution

  8. empty The Shared Infrastructure Requirements: some form of Trusted Computing • Authenticated communication • Software & device attestation • Secure I/O 5 /21 Jan Tobias Mühlberg Authentic Execution

  9. empty The Shared Infrastructure Requirements: some form of Trusted Computing • Authenticated communication • Software & device attestation • Secure I/O Implementation options • Intel SGX (no I/O) • ARM TrustZone (only one trusted world) • Sancus (lightweight & embedded, no complex computations) • . . . Embracing heterogeneity • Application modules can exploit specific features of an architecture, as long as authenticated communication and attestation are available & compatible • Prototype for Sancus 5 /21 Jan Tobias Mühlberg Authentic Execution

  10. empty Sancus: A Security Architecture for IoT [NAD + 13, NVBM + 17] • Extends TI’s MSP430 with strong security primitives • Software Component Isolation • Cryptography & Attestation • Secure I/O through isolation of MMIO ranges • Efficient • Authentication in µ s • 6% increased power consumption • Cryptographic key hierarchy for software attestation • Isolated components are typically very small ( < 1kLOC) • Sancus is Open Source: https://distrinet.cs.kuleuven.be/software/sancus/ 6 /21 Jan Tobias Mühlberg Authentic Execution

  11. empty Sancus: A Security Architecture for IoT [NAD + 13, NVBM + 17] • Extends TI’s MSP430 with N = Node; SP = Software Provider / Deployer strong security primitives SM = protected Software Module • Software Component Isolation • Cryptography & Attestation SM protected data section SM text section • Secure I/O through isolation Entry point Memory of MMIO ranges Unprotected Code & constants Unprotected Unprotected Protected data • Efficient • Authentication in µ s • 6% increased power K N , SP , SM SM metadata Protected consumption storage area K N • Cryptographic key hierarchy Layout Keys for software attestation • Isolated components are typically very small ( < 1kLOC) • Sancus is Open Source: https://distrinet.cs.kuleuven.be/software/sancus/ 7 /21 Jan Tobias Mühlberg Authentic Execution

  12. empty Attestation and Communication Ability to use K N , SP , SM proves the integrity and isolation of SM deployed by SP on N • Only N and SP can calculate K N , SP , SM N knows K N and SP knows K SP • K N , SP , SM on N is calculated after enabling isolation No isolation, no key; no integrity, wrong key • Only SM on N is allowed to use K N , SP , SM Through special instructions 8 /21 Jan Tobias Mühlberg Authentic Execution

  13. empty Attestation and Communication Ability to use K N , SP , SM proves the integrity and isolation of SM deployed by SP on N • Only N and SP can calculate K N , SP , SM N knows K N and SP knows K SP • K N , SP , SM on N is calculated after enabling isolation No isolation, no key; no integrity, wrong key • Only SM on N is allowed to use K N , SP , SM Through special instructions Remote attestation and secure communication by Authenticated Encryption with Associated Data • Confidentiality, integrity and authenticity • Encrypt and decrypt instructions use K N , SP , SM of the calling SM • Associated Data can be used for nonces to get freshness 8 /21 Jan Tobias Mühlberg Authentic Execution

  14. empty Authentic Execution of Distributed Event-Driven Applications A (complicated & unrealistic) Example Scenario A car park with 2 parking positions and 2 monitoring applications: Violation monitor A Vio and position availability monitor A Avl Violation D P1 D P2 Button D T1 D T2 D D1 Sensor driver Sensor driver Button Display Violations: Clock driver Clock driver driver None M VioP1 M VioP2 Tick Tick M VioD Display M AvlP1 M AvlP2 Violation Untrusted OS CarMoved Untrusted OS Untrusted OS N D 1 N P 1 N P 2 D D2 Display Available: M Agg driver 2 Untrusted OS M AvlD AvlChanged Untrusted OS N Agg N D 2 9 /21 Jan Tobias Mühlberg Authentic Execution

  15. empty Authentic Execution of Distributed Event-Driven Applications 1 module AvlP1 · · · 2 on Button(pressed): Standard entry stub CarMoved(entered) 3 SetKey 4 module AvlP2 Entry points Generated 5 # Similar to AvlP1 HandleInput 6 HandleOutput 7 module Agg Non-entry CarMoved1 functions 8 on CarMoved1(entered): Event handlers CarMoved2 p1 = entered 9 CbTable Generated num_avl = NUM_PARKINGS 10 Constants NUM_PARKINGS Constants if (p1): num_avl = num_avl - 1 11 12 if (p2): num_avl = num_avl - 1 · · · AvlChanged(num_avl) Standard runtime 13 14 on CarMoved2(entered): data (stack,.. . ) Generated # Similar to CarMoved1 15 KeyTable 16 NonceTable 17 module AvlD Variables p1 18 on AvlChanged(num_avl) Globals p2 Display(num_avl) 19 · · · 10 /21 Jan Tobias Mühlberg Authentic Execution

  16. empty Authentic Execution of Distributed Event-Driven Applications Developer / Software Provider provides: • Source code of all application modules · · · Standard entry stub • Deployment descriptor SetKey • Mapping modules to nodes Entry points Generated HandleInput • Configuration of communication channels HandleOutput and I/O channels Non-entry CarMoved1 functions Event handlers CarMoved2 CbTable Generated Constants NUM_PARKINGS Constants · · · Standard runtime data (stack,.. . ) Generated KeyTable NonceTable Variables p1 Globals p2 · · · 11 /21 Jan Tobias Mühlberg Authentic Execution

Recommend

Events Event-driven programming Event loop Event dispatch Event handling Event Driven

Events Event-driven programming Event loop Event dispatch Event handling Event Driven

Events Event-driven programming Event loop Event dispatch Event handling Event Driven Programming Interactive System User perceive present milliseconds or seconds faster translate express Event-driven programming is a programming

1.13k views • 49 slides
Events Event-driven programming Event loop Event dispatch Event handling Event Driven

Events Event-driven programming Event loop Event dispatch Event handling Event Driven

Events Event-driven programming Event loop Event dispatch Event handling Event Driven Programming Interactive System User perceive present milliseconds seconds or faster translat express e Event-driven programming is a programming

578 views • 47 slides
Authentic Leadership What does it mean to be authentic? Do you feel that your boss is authentic?

Authentic Leadership What does it mean to be authentic? Do you feel that your boss is authentic?

LIVE MIGHTY PRESENTS: Authentic Leadership What does it mean to be authentic? Do you feel that your boss is authentic? What are the characteristics of someone who behaves authentically and someone who does not? Authentic Leadership

542 views • 33 slides
Event Driven Simulation and Test-benches Event Driven Simulation Continuous time and value

Event Driven Simulation and Test-benches Event Driven Simulation Continuous time and value

Event Driven Simulation and Test-benches Event Driven Simulation Continuous time and value simulation used for analog circuits Differential equations should be solved Very slow, too much accuracy for digital circuits Event Driven

207 views • 9 slides
Example%Circuit%and%Terms 1 1 0 0 1 0 Test%Vector% Input%Stimulus%(1,1,0,0,1,0)

Example%Circuit%and%Terms 1 1 0 0 1 0 Test%Vector% Input%Stimulus%(1,1,0,0,1,0)

EVENT%DRIVEN%SIMULATION Verilog%simulation%uses%Event%Driven%model%of% computation Basic%knowledge%of%Event%Driven%simulation%can%help% in%writing%and%Debugging%Verilog%descriptions

243 views • 20 slides
Authentic assessment is based on a planning Authentic assessment focuses on measurement

Authentic assessment is based on a planning Authentic assessment focuses on measurement

R EF . 1.5 : A UTHENTIC A SSESSMENT P RESENTATION ON FLEX D AY F ALL 2010 Presentation on Authentic Assessment: Fall 2010 Traditional Assessment, Authentic Assessment, and Student Learning Outcomes Examples of Authentic Assessment

213 views • 5 slides
Lean is not an event Concerns Weve become event driven How many workshops,

Lean is not an event Concerns Weve become event driven How many workshops,

Lean is not an event Concerns Weve become event driven How many workshops, projects, Kaizen event, etc. have you had? Is it a quality project, worthy of our time? Do we understand the underlying principles and

393 views • 25 slides
CS 360 Programming Languages Event-Driven Programming Events and Timers and Listeners, Oh My!

CS 360 Programming Languages Event-Driven Programming Events and Timers and Listeners, Oh My!

CS 360 Programming Languages Event-Driven Programming Events and Timers and Listeners, Oh My! Control flow &quot;Traditional&quot; program: one statement at a time, line by line. Threaded program: CPU determines execution order.

401 views • 19 slides
Event-driven Architecture for Health Event Detection from Multiple Sources Dr. Kerstin Denecke

Event-driven Architecture for Health Event Detection from Multiple Sources Dr. Kerstin Denecke

Event-driven Architecture for Health Event Detection from Multiple Sources Dr. Kerstin Denecke Oslo, 31.08.2011 1 Agenda Motivation Event-driven Architectures Architecture for Health Event Detection Conclusions and Future Work

366 views • 11 slides
Events vs. Exceptions in Java (Both are objects!) Events objects contain: 1. Type of event

Events vs. Exceptions in Java (Both are objects!) Events objects contain: 1. Type of event

Event-Driven Programming Event-Driven Programming Parts of programs wait for messages from an event loop representing system events that have occurred at run-time . Handler (or Listener ) algorithms are registered for specific events and then

81 views • 7 slides
Unikernels and Event-driven Serverless Platforms Madhuri Yechuri Agenda Bio Application

Unikernels and Event-driven Serverless Platforms Madhuri Yechuri Agenda Bio Application

Unikernels and Event-driven Serverless Platforms Madhuri Yechuri Agenda Bio Application Deployment Paradigms - Past, Present, Future Why Serverless? Advantages of Event-driven Serverless Model Event-driven application: shrink

183 views • 17 slides
Transitioning from Staff Driven Special Event Fundraising to Volunteer Driven Event Fundraising

Transitioning from Staff Driven Special Event Fundraising to Volunteer Driven Event Fundraising

Transitioning from Staff Driven Special Event Fundraising to Volunteer Driven Event Fundraising November 7, 2014 How many of your camps have events? What types of events do you have? How much revenue do your events bring in each

784 views • 25 slides
Observer Design Pattern Event-Driven Design EECS3311 A &amp; E: Software Design Fall 2020 C HEN

Observer Design Pattern Event-Driven Design EECS3311 A &amp; E: Software Design Fall 2020 C HEN

Observer Design Pattern Event-Driven Design EECS3311 A &amp; E: Software Design Fall 2020 C HEN -W EI W ANG Learning Objectives 1. Motivating Problem: Distributed Clients and Servers 2. First Design Attempt: Remote Procedure Calls 3. Second

797 views • 37 slides
Sanntidsdeling av data i en API- lst verden What is event driven? Wait Signal += (event)

Sanntidsdeling av data i en API- lst verden What is event driven? Wait Signal += (event)

Sanntidsdeling av data i en API- lst verden What is event driven? Wait Signal += (event) =&gt; you say; Business TimeSeries / Discreet Truth of the system DataPoints Named intentionally Measurements Represents the domain

668 views • 29 slides
ECE 3574: Applied Software Design: Memory Management, Event-driven Code Today we are going to

ECE 3574: Applied Software Design: Memory Management, Event-driven Code Today we are going to

ECE 3574: Applied Software Design: Memory Management, Event-driven Code Today we are going to look at two simple approaches to replacing the C/C++ library heap allocator and then introduce event driven programming in the context of embedded

271 views • 25 slides
Data Driven Manufacturing Event An event for people wanting to improve productivity at their

Data Driven Manufacturing Event An event for people wanting to improve productivity at their

Data Driven Manufacturing Event An event for people wanting to improve productivity at their factories July 31 st 9am 4pm at Johnson County Community College Regnier Center - Capitol Federal Conference Center (RC101) Provided by Rensenhouse

265 views • 4 slides
A Web-Based Platform for Publication and Distributed Execution of Computing Applications Oleg

A Web-Based Platform for Publication and Distributed Execution of Computing Applications Oleg

14th International Symposium on Parallel and Distributed Computing A Web-Based Platform for Publication and Distributed Execution of Computing Applications Oleg Sukhoroslov, Sergey Volkov, Alexander Afanasiev Institute for Information

561 views • 30 slides
Presentation on Authentic Marketing By Alison Roberts Authentic Marketing: Industry buzzword, but

Presentation on Authentic Marketing By Alison Roberts Authentic Marketing: Industry buzzword, but

Presentation on Authentic Marketing By Alison Roberts Authentic Marketing: Industry buzzword, but what does it mean ? Forbes definition: What is authentic marketing? Authentic marketing begins not with tactics or strategy, but with the self.

261 views • 3 slides
Taft College Authentic Assessment Clapping Hills College Authentic Assessment in: Student

Taft College Authentic Assessment Clapping Hills College Authentic Assessment in: Student

Taft College Authentic Assessment Clapping Hills College Authentic Assessment in: Student Services Instructional Areas What is Authentic Assessment? Reflects Explicit Criteria Exhibits Reliability Represents Valid Content Assesses

537 views • 24 slides
WMSBF Event Business Solutions 1 Employer-Focused, Demand-Driven Demand Driven model was

WMSBF Event Business Solutions 1 Employer-Focused, Demand-Driven Demand Driven model was

WMSBF Event Business Solutions 1 Employer-Focused, Demand-Driven Demand Driven model was promoted by Workforce Investment Act of 1998 This approach is unique to Michigan and has been supported by the MEDC since 2006 Address

652 views • 14 slides
Nimbus: Running Fast, Distributed Computations with Execution Templates Omid Mashayekhi

Nimbus: Running Fast, Distributed Computations with Execution Templates Omid Mashayekhi

Nimbus: Running Fast, Distributed Computations with Execution Templates Omid Mashayekhi (omidm@stanford.edu) Hang Qu Chinmayee Shah Philip Levis February 2016 Nimbus: Running Fast, Distributed Computations with Execution Templates Omid

303 views • 8 slides
Scenarios@run.time Distributed Scenarios@run.time Distributed Execution of Specifications

Scenarios@run.time Distributed Scenarios@run.time Distributed Execution of Specifications

Scenarios@run.time Distributed Scenarios@run.time Distributed Execution of Specifications on Execution of Specifications on IoT-Connected Robots IoT-Connected Robots 10th International Workshop on Models@run.time at MODELS 2015,

865 views • 37 slides
MIDAS: An Execution-Driven Simulator for Active Storage Architectures Shahrukh R. Tarapore

MIDAS: An Execution-Driven Simulator for Active Storage Architectures Shahrukh R. Tarapore

MIDAS: An Execution-Driven Simulator for Active Storage Architectures Shahrukh R. Tarapore Lockheed Martin Advanced Technologies Lab Clinton W. Smullen, IV Sudhanva Gurumurthi Department of Computer Science, University of Virginia Outline

429 views • 42 slides
Distributed Coordination What makes a system distributed? Time in a distributed system

Distributed Coordination What makes a system distributed? Time in a distributed system

CPSC-410/611: Operating Systems Distr Coord Distributed Coordination What makes a system distributed? Time in a distributed system How do we determine the global state of a distributed system? Event ordering Mutual exclusion

405 views • 12 slides

More recommend