Matchbox: secure data sharing

Homeland security requires that organizations share sensitive data, but both suppliers and users must typically restrict data access for security, legal, or business reasons. Matchbox database servers provide highly secure, fine-grained access control using digitally cosigned contracts to enforce sharing restrictions. To handle security operations, Matchbox uses the tamper-responding, programmable IBM 4758 cryptographic coprocessor. Matchbox servers can be distributed on a network for high availability, and parties can communicate with Matchbox over public networks - including hostile environments with untrusted hardware, software, and administrators.     

Remote Attestation on Legacy Operating Systems With Trusted Platform Modules

A lot of progress has been made to secure network communication, e.g., through the use of cryptographic algorithms. However, this offers only a partial solution as long as the communicating end points still suffer from security problems. A number of applications require remote verification of software executing on an untrusted platform. Trusted computing solutions propose to solve this problem through software and hardware changes, typically a secure operating system and the addition of a secure coprocessor respectively. On the other hand, timed execution of code checksum calculations aims for a solution on legacy platforms, but can not provide strong security assurance. We present a mixed solution by using the trusted computing hardware, namely the time stamping functionality of the trusted platform module, in combination with a timing based remote code integrity verification mechanism. In this way, we do not require a secure operating system, but at the same time the overall security of the timed execution scheme can be improved.     

Detecting functional and security-related issues in smart contracts: A systematic literature review

Blockchain is a platform of distributed elaboration, which allows users to provide software for a huge range of next-generation decentralized applications without involving reliable third parties. Smart contracts (SCs) are an important component in blockchain applications: they are programmatic agreements among two or more parties that cannot be rescinded. Furthermore, SCs have an important characteristic: they allow users to implement reliable transactions without involving third parties. However, the advantages of SCs have a price. Like any program, SCs can contain bugs, some of which may also constitute security threats. Writing correct and secure SCs can be extremely difficult because, once deployed, they cannot be modified. Although SCs have been recently introduced, a large number of approaches have been proposed to find bugs and vulnerabilities in SCs. In this article, we present a systematic literature review on the approaches for the automated detection of bugs and vulnerabilities in SCs. We survey 68 papers published between 2015 and 2020, and we annotate each paper according to our classification framework to provide quantitative results and find possible areas not explored yet. Finally, we identify the open problems in this research field to provide possible directions to future researchers.     

Secure management information exchange

This paper describes the design and implementation of a secure management protocol for the management of distributed applications. The protocol is a modified use of the ISO CMIP protocol, with additional mechanisms and behavior to provide the following security services:Mutual authentication of communicating parties. Both parties can prove to each other that they are who they claim to be by the exchange of signed credentials.Stream integrity for management information packets (protocol data units—PDUs). The management information exchanged between the parties is protected from replay, misordering, modification, insertion, and deletion of the PDUs.Confidentiality of the management PDUs. Only the communicating parties can read the information passed between them. The mechanism used also provides a level ofback traffic protection andperfect forward secrecy. In previous work we have implemented apublic-key based system. Here, we present an experiment based on the use of asecret-key mechanism, for a faster,lightweight approach. The authentication mechanism makes use of the MD5 algorithm and the DES encryption standard. The PDU integrity mechanisms make use of a pseudo random number sequence for PDU numbering and the MD5 algorithm for generating unforgeable signatures for the PDUs.University College London when work was completed, now at Harlow Butler Broking Services, Montague Close, London Bridge, London, United Kingdom.     

基于安全协处理器保护软件可信运行框架

软件可信运行是许多应用领域的基础,但恶意主机问题使得很难保证一个软件可信运行.在传统的基于硬件加密平台保护软件可信运行机制中,运行于安全硬件中的代码和运行于主机中的代码不在同一个执行上下文中,因此难以给用户提供完善的保护策略.为此,提出了一种新的基于安全协处理器保护软件可信运行的框架,在该框架下,软件设计者可以根据待保护软件特点和自身要求定制更加完善和灵活的保护.     

Evaluating the Benefits of Communication Coprocessors

Communication coprocessors (CCPs) have become commonplace in modern MPPs and networks of workstations. These coprocessors provide dedicated hardware support for fast communication. In this paper we study how to exploit the capabilities of CCPs for executing user-level message handlers. We show, in the context of Active Messages and Split-C, that we can move message-handling code to the coprocessor, thus freeing the main processor for computational work. We address the important issues that arise, such as synchronization, and the limited computational power and flexibility of CCPs. We have implemented coprocessor versions of both Active Messages and Split-C. These implementations, developed on the Meiko CS-2, provide us with an excellent experimental platform to evaluate the benefits of a communication coprocessor architecture. Our experimental results show that the coprocessor version of Split-C is more responsive than the version which executes all message handlers on the main processor. This is despite the fact that some communication primitives are slower since the coprocessor on the Meiko CS-2 computes much slower. Overall, the performance on large Split-C applications is better because the coprocessor reacts faster and offloads the main processor, which does not need to poll or process interrupts.     

一种安全群通信系统的设计与应用

为了提供能够构造开放式网络环境下各种分布式应用的安全通信平台,在可靠的群通信系统Spread基础上设计了一种安全群通信系统。该系统的访问控制框架的结构与具体实现方法无关,能够满足群应用的不同安全要求以及动态群对安全性要求的变化。为了说明该系统的可行性,实现了一个电子集市安全通信平台。     

Privacy preserving Back-propagation neural network learning over arbitrarily partitioned data

Neural networks have been an active research area for decades. However, privacy bothers many when the training dataset for the neural networks is distributed between two parties, which is quite common nowadays. Existing cryptographic approaches such as secure scalar product protocol provide a secure way for neural network learning when the training dataset is vertically partitioned. In this paper, we present a privacy preserving algorithm for the neural network learning when the dataset is arbitrarily partitioned between the two parties. We show that our algorithm is very secure and leaks no knowledge (except the final weights learned by both parties) about other party’s data. We demonstrate the efficiency of our algorithm by experiments on real world data.     

一种安全的基于Aglets的分布式数据库查询系统的设计与实现

为提高分布式信息查询的效率、实时性和安全性,有效减少网络带宽的消耗,本文在分析了Aglets的安全性的基础上提出了一种在Aglets平台上构建安全的分布式数据库查询系统的设计框架,并用Java语言进行了实现.实验分析显示该系统的安全性和完整性是可以得到保证的,利用该框架设计安全的分布式应用的设想是可行的.     

Building a high-performance,programmable secure coprocessor

Secure coprocessors enable secure distributed applications by providing safe havens where an application program can execute (and accumulate state), free of observation and interference by an adversary with direct physical access to the device. However, for these coprocessors to be effective, participants in such applications must be able to verify that they are interacting with an authentic program on an authentic, untampered device. Furthermore, secure coprocessors that support general-purpose computation and will be manufactured and distributed as commercial products must provide these core sanctuary and authentication properties while also meeting many additional challenges, including:

• •the applications, operating system, and underlying security management may all come from different, mutually suspicious authorities;
• •configuration and maintenance must occur in a hostile environment, while minimizing disruption of operations;
• •the device must be able to recover from the vulnerabilities that inevitably emerge in complex software;
• •physical security dictates that the device itself can never be opened and examined; and
• •ever-evolving cryptographic requirements dictate that hardware accelerators be supported by reloadable on-card software.

This paper summarizes the hardware, software, and cryptographic architecture we developed to address these problems. Furthermore, with our colleagues, we have implemented this solution, into a commercially available product.     

用于加解密流程控制的协处理器

本文设计与实现了一种专用于加解密流程控制的协处理器．协处理器根据特定的应用需求,自定义了一种精简的8位指令集,同时采用与SoC系统一致的32位数据位宽设计．协处理器采用三级流水线设计,数据旁路的设计解决了流水线中的数据冒险．通过与加解密算法IP联合测试仿真,验证了协处理器能够灵活地完成加解密流程控制工作．通过SMl加密实验,证明了协处理器能够提供较主处理器更好的性能,同时释放大量的主处理器资源,显著提高了SoC的性能．最后DC综合结果显示,该协处理器只占用了很小面积．     

Threshold distributed access control with public verification: a practical application of PVSS

To avoid too strong a trust on any single user in sensitive applications, access control can be managed in a distributed way. Namely, an access right is distributed among multiple users such that the access is available if and only if certain subsets of the users cooperate. The most common condition for qualified subsets is the threshold condition, which requires that the number of cooperating users must be over a threshold. Access control based on such a condition is called TDAC (threshold distributed access control). In publicly verifiable applications, TDAC must provide public verification such that it is publicly verifiable that the multiple users share the correct access right and any qualified subset of them can obtain the access. Although the existing PVSS (publicly verifiable secret sharing) techniques can be employed to implement PVTDAC (publicly verifiable TDAC), they are not efficient enough for practical applications. In this paper, new sharing and proof techniques are proposed to design an efficient PVTDAC protocol, which is formally illustrated to be secure and publicly verifiable.     

面向移动安全存储的密码SoC设计与实现

针对目前移动存储设备大量的失泄密事件,提出了一种适用于移动安全存储设备的密码SoC设计方案,并在FPGA开发板上进行了验证。该SoC集成自主设计的安全协处理器,能够支持多种密码算法。介绍了NAND Flash控制器的设计方案,并在此基础上提出了高速存取技术。基于FPGA的测试结果表明,该SoC能够有效完成多种密码操作,具有较高的数据吞吐率。基于SMIC 0.18μm工艺综合后的结果显示,工作频率能够达到100 MHz,面积约为250万门。     

大规模三角线性方程的高效求解

大规模三角线性方程求解是科学与工程应用中重要的计算核心,受限于处理器的缓存容量和结构设计,其在CPU和GPU等平台上的计算效率不高。大规模三角线性方程的分块求解中,矩阵乘是主要运算,其计算效率对提升三角线性方程求解的计算效率至关重要。以矩阵乘计算效率较高的矩阵乘协处理器为计算平台,针对其结构特点提出了矩阵乘协处理器上大规模三角线性方程分块求解的实现方法和性能分析模型。实验结果表明,矩阵乘协处理器上大规模三角线性方程求解的计算效率最高可达85.9%,其实际性能和资源利用率分别为同等工艺下GPU的2.42倍和10.72倍。     

Towards multilaterally secure computing platforms—with open source and trusted computing

We present a security architecture for a trustworthy open computing platform that aims at solving a variety of security problems of conventional platforms by an efficient migration of existing operating system components, a Security Software Layer (PERSEUS), and hardware functionalities offered by the Trusted Computing technology. The main goal is to provide multilateral security, e.g., protecting users' privacy while preventing violations of copyrights. Hence the proposed architecture includes a variety of security services such as secure booting, trusted GUI, secure installation/update, and trusted viewer. The design is flexible enough to support a wide range of hardware platforms, i.e., PC, PDA, and embedded systems. The proposed platform shall serve as a basis for implementing a variety of innovative business models and distributed applications with multilateral security.     

Stack and queue integrity on hostile platforms

When computationally intensive tasks have to be carried out on trusted, but limited platforms such as smart cards, it becomes necessary to compensate for the limited resources (memory, CPU speed) by off-loading implementations of data structures onto an available (but insecure, untrusted) fast coprocessor. However, data structures such as stacks, queues, RAMs, and hash tables can be corrupted (and made to behave incorrectly) by a potentially hostile implementation platform or by an adversary knowing or choosing data structure operations. The paper examines approaches that can detect violations of data structure invariants, while placing limited demands on the resources of the secure computing platform     

面向MIC协处理器的OLAP外键连接算法

众核架构协处理器Xeon Phi成为新兴的主流高性能计算平台.对于数据库应用而言,内存分析处理是一种计算密集型负载,其主要的性能取决于大事实表与维表之间的内存外键连接性能.本文关注于一种相对于缓存相关的分区哈希连接算法和缓存不相关的无分区哈希连接算法的缓存友好型外键连接算法,以适应Xeon Phi协处理器较小的LLC和高并发线程的特点.通过挖掘OLAP模式中的代理键特征,基于键值匹配的哈希探测操作可以进一步简化为事实表与维表之间基于主-外键参照完整性约束的代理键参照访问,因此复杂的哈希表和CPU代价较高的哈希探测操作可以简化为通过映射外键值为代理键向量内存偏移地址的方法对代理向量直接访问.基于代理向量参照访问的外键连接算法能够简单并高效地应用于Xeon Phi协处理器平台,通过更多的核心和高并发线程来掩盖内存访问延迟.实验中对传统的哈希连接算法（无分区哈希连接算法和基数分区哈希连接算法）和基于代理向量参照技术的外键连接算法在Xeon E5-2650 v3 10核处理器平台和Xeon Phi 5110P 60核协处理器平台进行性能测试和比较,实验结果给出了主流的内存外键连接算法在不同数据集和不同平台上全面的性能特征.     

Large scale interoperability and distributed transaction processing

This article integrates an interoperability architecture, the OSCA^TM architecture, and a distributed transaction processing protocol, the X/Open^® Distributed Transaction Processing model, into a unified model of large scale interoperability and distributed transaction processing. Applications supporting different business operations are often deployed in heterogeneous environments in which applications are stand alone islands and operations are fragmented. But in order to have integrated operations, a loosely coupled system of autonomous applications is required often bound together via a distributed transaction processing protocol. This article describes a model for this configuration. It will propose that the span of control of a transaction manager defines the transaction environment for a single application. Any two applications need not conform to the same supplier's transaction environment nor reside in the same environment. Interoperability must be provided among applications, since any one application cannot assume that any other application is under the control of the same transaction manager. Requirements are imposed upon the interactions of applications to support interoperability. The interface between transaction managers must be compatible with these requirements. Other distributed architecture standards must define the requirements for release independence, resource independence, accessibility transparency, location transparency, contract interfaces, and secure environment.     

The multi-dataflow composer tool: generation of on-the-fly reconfigurable platforms

Dataflow specifications are suitable to describe both signal processing applications and the relative specialized hardware architectures, fostering the hardware–software development gap closure. They can be exploited for the development of automatic tools aimed at the integration of multiple applications on the same coarse-grained computational substrate. In this paper, the multi-dataflow composer (MDC) tool, a novel automatic platform builder exploiting dataflow specifications for the creation of run-time reconfigurable multi-application systems, is presented and evaluated. In order to prove the effectiveness of the adopted approach, a coprocessor for still image and video processing acceleration has been assembled and implemented on both FPGA and 90 nm ASIC technology. 60 % of savings for both area occupancy and power consumption can be achieved with the MDC generated coprocessor compared to an equivalent non-reconfigurable design, without performance losses. Thanks to the generality of high-level dataflow specification approach, this tool can be successfully applied in different application domains.     

ShadowEth: Private Smart Contract on Public Blockchain

Blockchain is becoming popular as a distributed and reliable ledger which allows distrustful parties to transact safely without trusting third parties. Emerging blockchain systems like Ethereum support smart contracts where miners can run arbitrary user-defined programs. However, one of the biggest concerns about the blockchain and the smart contract is privacy, since all the transactions on the chain are exposed to the public. In this paper, we present ShadowEth, a system that leverages hardware enclave to ensure the confidentiality of smart contracts while keeping the integrity and availability based on existing public blockchains like Ethereum. ShadowEth establishes a confidential and secure platform protected by trusted execution environment (TEE) off the public blockchain for the execution and storage of private contracts. It only puts the process of verification on the blockchain. We provide a design of our system including a protocol of the cryptographic communication and verification and show the applicability and feasibility of ShadowEth by various case studies. We implement a prototype using the Intel SGX on the Ethereum network and analyze the security and availability of the system.