References of "Verissimo, Paulo 50003263"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailRT-ByzCast: Byzantine-Resilient Real-Time Reliable Broadcast
Kozhaya, David; Decouchant, Jérémie UL; Verissimo, Paulo UL

in IEEE Transactions on Computers (2019), 68(3),

Today’s cyber-physical systems face various impediments to achieving their intended goals, namely, communication uncertainties and faults, relative to the increased integration of networked and wireless ... [more ▼]

Today’s cyber-physical systems face various impediments to achieving their intended goals, namely, communication uncertainties and faults, relative to the increased integration of networked and wireless devices, hinder the synchronism needed to meet real-time deadlines. Moreover, being critical, these systems are also exposed to significant security threats. This threat combination increases the risk of physical damage. This paper addresses these problems by studying how to build the first real-time Byzantine reliable broadcast protocol (RTBRB) tolerating network uncertainties, faults, and attacks. Previous literature describes either real-time reliable broadcast protocols, or asynchronous (non real-time) Byzantine ones. We first prove that it is impossible to implement RTBRB using traditional distributed computing paradigms, e.g., where the error/failure detection mechanisms of processes are decoupled from the broadcast algorithm itself, even with the help of the most powerful failure detectors. We circumvent this impossibility by proposing RT-ByzCast, an algorithm based on aggregating digital signatures in a sliding time-window and on empowering processes with self-crashing capabilities to mask and bound losses. We show that RT-ByzCast (i) operates in real-time by proving that messages broadcast by correct processes are delivered within a known bounded delay, and (ii) is reliable by demonstrating that correct processes using our algorithm crash themselves with a negligible probability, even with message loss rates as high as 60%. [less ▲]

Detailed reference viewed: 77 (15 UL)
Full Text
Peer Reviewed
See detailRepuCoin: Your Reputation is Your Power
Yu, Jiangshan; Kozhaya, David; Decouchant, Jérémie UL et al

in IEEE Transactions on Computers (2019)

Existing proof-of-work cryptocurrencies cannot tolerate attackers controlling more than 50% of the network’s computing power at any time, but assume that such a condition happening is “unlikely”. However ... [more ▼]

Existing proof-of-work cryptocurrencies cannot tolerate attackers controlling more than 50% of the network’s computing power at any time, but assume that such a condition happening is “unlikely”. However, recent attack sophistication, e.g., where attackers can rent mining capacity to obtain a majority of computing power temporarily, render this assumption unrealistic. This paper proposes RepuCoin, the first system to provide guarantees even when more than 50% of the system’s computing power is temporarily dominated by an attacker. RepuCoin physically limits the rate of voting power growth of the entire system. In particular, RepuCoin defines a miner’s power by its ‘reputation’, as a function of its work integrated over the time of the entire blockchain, rather than through instantaneous computing power, which can be obtained relatively quickly and/or temporarily. As an example, after a single year of operation, RepuCoin can tolerate attacks compromising 51% of the network’s computing resources, even if such power stays maliciously seized for almost a whole year. Moreover, RepuCoin provides better resilience to known attacks, compared to existing proof-of-work systems, while achieving a high throughput of 10000 transactions per second (TPS). [less ▲]

Detailed reference viewed: 206 (31 UL)
Full Text
Peer Reviewed
See detailThe KISS principle in Software-Defined Networking: a framework for secure communications
Kreutz, Diego UL; Yu, Jiangshan UL; Verissimo, Paulo UL et al

in IEEE Security & Privacy Magazine (2018), 16(05), 60-70

Security is an increasingly fundamental requirement in Software-Defined Networking (SDN). However, the pace of adoption of secure mechanisms has been slow, which we estimate to be a consequence of the ... [more ▼]

Security is an increasingly fundamental requirement in Software-Defined Networking (SDN). However, the pace of adoption of secure mechanisms has been slow, which we estimate to be a consequence of the performance overhead of traditional solutions and of the complexity of their support infrastructure. To address these challenges we propose KISS, a secure SDN control plane communications architecture that includes innovative solutions in the context of key distribution and secure channel support. Core to our contribution is the integrated device verification value (iDVV), a deterministic but indistinguishable-from-random secret code generation protocol that allows local but synchronized generation/verification of keys at both ends of the control channel, even on a per-message basis. We show that our solution, while offering the same security properties, outperforms reference alternatives, with performance improvements up to 30% over OpenSSL, and improvement in robustness based on a code footprint one order of magnitude smaller. [less ▲]

Detailed reference viewed: 115 (20 UL)
Full Text
Peer Reviewed
See detailByzantine Resilient Protocol for the IoT
Fröhlich, Antônio Augusto; Scheffel, M.Roberto; Kozhaya, David et al

in IEEE Internet of Things Journal (2018)

Wireless sensor networks, often adhering to a single gateway architecture, constitute the communication backbone for many modern cyber-physical systems. Consequently, faulttolerance in CPS becomes a ... [more ▼]

Wireless sensor networks, often adhering to a single gateway architecture, constitute the communication backbone for many modern cyber-physical systems. Consequently, faulttolerance in CPS becomes a challenging task, especially when accounting for failures (potentially malicious) that incapacitate the gateway or disrupt the nodes-gateway communication, not to mention the energy, timeliness, and security constraints demanded by CPS domains. This paper aims at ameliorating the fault-tolerance of WSN based CPS to increase system and data availability. To this end, we propose a replicated gateway architecture augmented with energy-efficient real-time Byzantineresilient data communication protocols. At the sensors level, we introduce FT-TSTP, a geographic routing protocol capable of delivering messages in an energy-efficient and timely manner to multiple gateways, even in the presence of voids caused by faulty and malicious sensor nodes. At the gateway level, we propose a multi-gateway synchronization protocol, which we call ByzCast, that delivers timely correct data to CPS applications, despite the failure or maliciousness of a number of gateways. We show, through extensive simulations, that our protocols provide better system robustness yielding an increased system and data availability while meeting CPS energy, timeliness, and security demands. [less ▲]

Detailed reference viewed: 59 (8 UL)
Full Text
Peer Reviewed
See detailRevisiting Network-Level Attacks on Blockchain Network
Cao, Tong UL; Yu, Jiangshan UL; Decouchant, Jérémie UL et al

Scientific Conference (2018, June 25)

Many attacks presented on Bitcoin are facilitated by its real world implementation, which is rather centralized. In addition, communications between Bitcoin nodes are not encrypted, which can be explored ... [more ▼]

Many attacks presented on Bitcoin are facilitated by its real world implementation, which is rather centralized. In addition, communications between Bitcoin nodes are not encrypted, which can be explored by an attacker to launch attacks. In this paper, we give a brief overview of possible routing attacks on Bitcoin. As future work, we will identify possible central points in the Bitcoin network, evaluate potential attacks on it, and propose solutions to mitigate the identified issues. [less ▲]

Detailed reference viewed: 42 (5 UL)
Full Text
Peer Reviewed
See detailIntrusion-Tolerant Autonomous Driving
Volp, Marcus UL; Verissimo, Paulo UL

in Proceedings of 2018 IEEE 21st International Symposium on Real-Time Distributed Computing (ISORC) (2018, May 29)

Fully autonomous driving is one if not the killer application for the upcoming decade of real-time systems. However, in the presence of increasingly sophisticated attacks by highly skilled and well ... [more ▼]

Fully autonomous driving is one if not the killer application for the upcoming decade of real-time systems. However, in the presence of increasingly sophisticated attacks by highly skilled and well equipped adversarial teams, autonomous driving must not only guarantee timeliness and hence safety. It must also consider the dependability of the software concerning these properties while the system is facing attacks. For distributed systems, fault-and-intrusion tolerance toolboxes already offer a few solutions to tolerate partial compromise of the system behind a majority of healthy components operating in consensus. In this paper, we present a concept of an intrusion-tolerant architecture for autonomous driving. In such a scenario, predictability and recovery challenges arise from the inclusion of increasingly more complex software on increasingly less predictable hardware. We highlight how an intrusion tolerant design can help solve these issues by allowing timeliness to emerge from a majority of complex components being fast enough, often enough while preserving safety under attack through pre-computed fail safes. [less ▲]

Detailed reference viewed: 43 (9 UL)
Full Text
Peer Reviewed
See detailVelisarios: Byzantine Fault-Tolerant Protocols Powered by Coq
Rahli, Vincent UL; Vukotic, Ivana UL; Volp, Marcus UL et al

in ESOP 2018 (2018, April)

Our increasing dependence on complex and critical information infrastructures and the emerging threat of sophisticated attacks, ask for extended efforts to ensure the correctness and security of these ... [more ▼]

Our increasing dependence on complex and critical information infrastructures and the emerging threat of sophisticated attacks, ask for extended efforts to ensure the correctness and security of these systems. Byzantine fault-tolerant state-machine replication (BFT-SMR) provides a way to harden such systems. It ensures that they maintain correctness and availability in an application-agnostic way, provided that the replication protocol is correct and at least n-f out of n replicas survive arbitrary faults. This paper presents Velisarios a logic-of-events based framework implemented in Coq, which we developed to implement and reason about BFT-SMR protocols. As a case study, we present the first machine-checked proof of a crucial safety property of an implementation of the area's reference protocol: PBFT. [less ▲]

Detailed reference viewed: 359 (40 UL)
Full Text
Peer Reviewed
See detailProbabilistic Formal Methods Applied to Blockchain’s Consensus Protocol
Mirto, Cristian; Yu, Jiangshan; Rahli, Vincent UL et al

Scientific Conference (2018)

Detailed reference viewed: 66 (8 UL)
Full Text
Peer Reviewed
See detailAccurate filtering of privacy-sensitive information in raw genomic data
Decouchant, Jérémie UL; Fernandes, Maria UL; Volp, Marcus UL et al

in Journal of Biomedical Informatics (2018)

Sequencing thousands of human genomes has enabled breakthroughs in many areas, among them precision medicine, the study of rare diseases, and forensics. However, mass collection of such sensitive data ... [more ▼]

Sequencing thousands of human genomes has enabled breakthroughs in many areas, among them precision medicine, the study of rare diseases, and forensics. However, mass collection of such sensitive data entails enormous risks if not protected to the highest standards. In this article, we follow the position and argue that post-alignment privacy is not enough and that data should be automatically protected as early as possible in the genomics workflow, ideally immediately after the data is produced. We show that a previous approach for filtering short reads cannot extend to long reads and present a novel filtering approach that classifies raw genomic data (i.e., whose location and content is not yet determined) into privacy-sensitive (i.e., more affected by a successful privacy attack) and non-privacy-sensitive information. Such a classification allows the fine-grained and automated adjustment of protective measures to mitigate the possible consequences of exposure, in particular when relying on public clouds. We present the first filter that can be indistinctly applied to reads of any length, i.e., making it usable with any recent or future sequencing technologies. The filter is accurate, in the sense that it detects all known sensitive nucleotides except those located in highly variable regions (less than 10 nucleotides remain undetected per genome instead of 100,000 in previous works). It has far less false positives than previously known methods (10% instead of 60%) and can detect sensitive nucleotides despite sequencing errors (86% detected instead of 56% with 2% of mutations). Finally, practical experiments demonstrate high performance, both in terms of throughput and memory consumption. [less ▲]

Detailed reference viewed: 131 (33 UL)
Full Text
Peer Reviewed
See detailMaskAl: Privacy Preserving Masked Reads Alignment using Intel SGX
Lambert, Christoph UL; Fernandes, Maria UL; Decouchant, Jérémie UL et al

Scientific Conference (2018)

The recent introduction of new DNA sequencing techniques caused the amount of processed and stored biological data to skyrocket. In order to process these vast amounts of data, bio-centers have been ... [more ▼]

The recent introduction of new DNA sequencing techniques caused the amount of processed and stored biological data to skyrocket. In order to process these vast amounts of data, bio-centers have been tempted to use low-cost public clouds. However, genomes are privacy sensitive, since they store personal information about their donors, such as their identity, disease risks, heredity and ethnic origin. The first critical DNA processing step that can be executed in a cloud, i.e., read alignment, consists in finding the location of the DNA sequences produced by a sequencing machine in the human genome. While recent developments aim at increasing performance, only few approaches address the need for fast and privacy preserving read alignment methods. This paper introduces MaskAl, a novel approach for read alignment. MaskAl combines a fast preprocessing step on raw genomic data — filtering and masking — with established algorithms to align sanitized reads, from which sensitive parts have been masked out, and refines the alignment score using the masked out information with Intel’s software guard extensions (SGX). MaskAl is a highly competitive privacy-preserving read alignment software that can be massively parallelized with public clouds and emerging enclave clouds. Finally, MaskAl is nearly as accurate as plain-text approaches (more than 96% of aligned reads with MaskAl compared to 98% with BWA) and can process alignment workloads 87% faster than current privacy-preserving approaches while using less memory and network bandwidth. [less ▲]

Detailed reference viewed: 147 (24 UL)
Full Text
Peer Reviewed
See detailFacing the Safety-Security Gap in RTES: the Challenge of Timeliness
Volp, Marcus UL; Kozhaya, David UL; Verissimo, Paulo UL

Scientific Conference (2017, December)

Safety-critical real-time systems, including real-time cyber-physical and industrial control systems, need not be solely correct but also timely. Untimely (stale) results may have severe consequences that ... [more ▼]

Safety-critical real-time systems, including real-time cyber-physical and industrial control systems, need not be solely correct but also timely. Untimely (stale) results may have severe consequences that could render the control system’s behaviour hazardous to the physical world. To ensure predictability and timeliness, developers follow a rigorous process, which essentially ensures real-time properties a priori, in all but the most unlikely combinations of circumstances. However, we have seen the complexity of both real-time applications, and the environments they run on, increase. If this is matched with the also increasing sophistication of attacks mounted to RTES systems, the case for ensuring both safety and security through aprioristic predictability loses traction, and presents an opportunity, which we take in this paper, for discussing current practices of critical realtime system design. To this end, with a slant on low-level task scheduling, we first investigate the challenges and opportunities for anticipating successful attacks on real-time systems. Then, we propose ways for adapting traditional fault- and intrusiontolerant mechanisms to tolerate such hazards. We found that tasks which typically execute as analyzed under accidental faults, may exhibit fundamentally different behavior when compromised by malicious attacks, even with interference enforcement in place. [less ▲]

Detailed reference viewed: 118 (14 UL)
Full Text
Peer Reviewed
See detailA Perspective of Security for Mobile Service Robots
Cornelius, Gary Philippe UL; Hochgeschwender, Nico UL; Voos, Holger UL et al

in Iberian Robotics Conference, Seville, Spain, 2017 (2017, November 22)

Future homes will contain Mobile Service Robots (MSR) with diverse functionality. MSRs act in close proximity to humans and have the physical capabilities to cause serious harm to their environment ... [more ▼]

Future homes will contain Mobile Service Robots (MSR) with diverse functionality. MSRs act in close proximity to humans and have the physical capabilities to cause serious harm to their environment. Furthermore, they have sensors that gather large amounts of data, which might contain sensitive information. A mobile service robot’s physical capabilities are controlled by networked computers susceptible to faults and intrusions. The proximity to humans and the possibility to physically interact with them makes it critical to think about the security issues of MSRs. In this work, we investigate possible attacks on mobile service robots. We survey adversary motivations to attack MSRs, analyse threat vectors and list different available defence mechanisms against attacks on MSRs. [less ▲]

Detailed reference viewed: 233 (66 UL)
Full Text
Peer Reviewed
See detailEnclave-Based Privacy-Preserving Alignment of Raw Genomic Information
Volp, Marcus UL; Decouchant, Jérémie UL; Lambert, Christoph UL et al

Scientific Conference (2017, October)

Recent breakthroughs in genomic sequencing led to an enormous increase of DNA sampling rates, which in turn favored the use of clouds to e ciently process huge amounts of genomic data. However, while ... [more ▼]

Recent breakthroughs in genomic sequencing led to an enormous increase of DNA sampling rates, which in turn favored the use of clouds to e ciently process huge amounts of genomic data. However, while allowing possible achievements in personalized medicine and related areas, cloud-based processing of genomic information also entails signi cant privacy risks, asking for increased protection. In this paper, we focus on the rst, but also most data-intensive, processing step of the genomics information processing pipeline: the alignment of raw genomic data samples (called reads) to a synthetic human reference genome. Even though privacypreserving alignment solutions (e.g., based on homomorphic encryption) have been proposed, their slow performance encourages alternatives based on trusted execution environments, such as Intel SGX, to speed up secure alignment. Such alternatives have to deal with data structures whose size by far exceeds secure enclave memory, requiring the alignment code to reach out into untrusted memory. We highlight how sensitive genomic information can be leaked when those enclave-external alignment data structures are accessed, and suggest countermeasures to prevent privacy breaches. The overhead of these countermeasures indicate that the competitiveness of a privacy-preserving enclavebased alignment has yet to be precisely evaluated. [less ▲]

Detailed reference viewed: 147 (21 UL)
Full Text
Peer Reviewed
See detailCloud-Assisted Read Alignment and Privacy
Fernandes, Maria UL; Decouchant, Jérémie UL; Couto, Francisco M. et al

in 11th International Conference on Practical Applications of Computational Biology & Bioinformatics 2017 (2017)

Thanks to the rapid advances in sequencing technologies, genomic data is now being produced at an unprecedented rate. To adapt to this growth, several algorithms and paradigm shifts have been proposed to ... [more ▼]

Thanks to the rapid advances in sequencing technologies, genomic data is now being produced at an unprecedented rate. To adapt to this growth, several algorithms and paradigm shifts have been proposed to increase the throughput of the classical DNA workflow, e.g. by relying on the cloud to perform CPU intensive operations. However, the scientific community raised an alarm due to the possible privacy-related attacks that can be executed on genomic data. In this paper we review the state of the art in cloud-based alignment algorithms that have been developed for performance. We then present several privacy-preserving mechanisms that have been, or could be, used to align reads at an incremental performance cost. We finally argue for the use of risk analysis throughout the DNA workflow, to strike a balance between performance and protection of data. [less ▲]

Detailed reference viewed: 117 (28 UL)
Full Text
Peer Reviewed
See detailMeeting the Challenges of Critical and Extreme Dependability and Security
Verissimo, Paulo UL; Volp, Marcus UL; Decouchant, Jérémie UL et al

in Proceedings of the 22nd Pacific Rim International Symposium on Dependable Computing (2017)

The world is becoming an immense critical information infrastructure, with the fast and increasing entanglement of utilities, telecommunications, Internet, cloud, and the emerging IoT tissue. This may ... [more ▼]

The world is becoming an immense critical information infrastructure, with the fast and increasing entanglement of utilities, telecommunications, Internet, cloud, and the emerging IoT tissue. This may create enormous opportunities, but also brings about similarly extreme security and dependability risks. We predict an increase in very sophisticated targeted attacks, or advanced persistent threats (APT), and claim that this calls for expanding the frontier of security and dependability methods and techniques used in our current CII. Extreme threats require extreme defenses: we propose resilience as a unifying paradigm to endow systems with the capability of dynamically and automatically handling extreme adversary power, and sustaining perpetual and unattended operation. In this position paper, we present this vision and describe our methodology, as well as the assurance arguments we make for the ultra-resilient components and protocols they enable, illustrated with case studies in progress. [less ▲]

Detailed reference viewed: 39 (2 UL)
Full Text
Peer Reviewed
See detailHow can photo sharing inspire sharing genomes?
Cogo, Vinicius Vielmo; Bessani, Alysson; Couto, Francisco M. et al

in 11th International Conference on Practical Applications of Computational Biology & Bioinformatics 2017 (2017)

People usually are aware of the privacy risks of publish-ing photos online, but these risks are less evident when sharing humangenomes. Modern photos and sequenced genomes are both digital rep ... [more ▼]

People usually are aware of the privacy risks of publish-ing photos online, but these risks are less evident when sharing humangenomes. Modern photos and sequenced genomes are both digital rep-resentations of real lives. They contain private information that maycompromise people’s privacy, and still, their highest value is most oftimes achieved only when sharing them with others. In this work, wepresent an analogy between the privacy aspects of sharing photos andsharing genomes, which clarifies the privacy risks in the latter to thegeneral public. Additionally, we illustrate an alternative informed modelto share genomic data according to the privacy-sensitivity level of eachportion. This article is a call to arms for a collaborative work between ge-neticists and security experts to build more effective methods to system-atically protect privacy, whilst promoting the accessibility and sharingof genomes [less ▲]

Detailed reference viewed: 95 (33 UL)
Full Text
See detailANCHOR: logically-centralized security for Software-Defined Networks
Kreutz, Diego UL; Yu, Jiangshan UL; Ramos, Fernando M. V. et al

E-print/Working paper (2017)

Software-de ned networking (SDN) decouples the control and data planes of traditional networks, logically centralizing the functional properties of the network in the SDN controller. While this ... [more ▼]

Software-de ned networking (SDN) decouples the control and data planes of traditional networks, logically centralizing the functional properties of the network in the SDN controller. While this centralization brought advantages such as a faster pace of innovation, it also disrupted some of the natural defenses of traditional architectures against di erent threats. The literature on SDN has mostly been concerned with the functional side, despite some speci c works concerning non-functional properties like ‘security’ or ‘dependability’. Though addressing the latter in an ad-hoc, piecemeal way, may work, it will most likely lead to e ciency and e ectiveness problems. We claim that the enforcement of non-functional properties as a pillar of SDN robustness calls for a systemic approach. We further advocate, for its materialization, the re-iteration of the successful formula behind SDN – ‘logical centralization’. As a general concept, we propose anchor, a subsystem architecture that promotes the logical centralization of non-functional properties. To show the e ectiveness of the concept, we focus on ‘security’ in this paper: we identify the current security gaps in SDNs and we populate the architecture middleware with the appropriate security mechanisms, in a global and consistent manner. anchor sets to provide essential security mechanisms such as strong entropy, resilient pseudo-random generators, secure device registration and association, among other crucial services. We claim and justify in the paper that centralizing such mechanisms is key for their e ectiveness, by allowing us to: de ne and enforce global policies for those properties; reduce the complexity of controllers and forwarding devices; ensure higher levels of robustness for critical services; foster interoperability of the non-functional property enforcement mechanisms; and nally, better foster the resilience of the architecture itself. We discuss design and implementation aspects, and we prove and evaluate our algorithms and mechanisms. [less ▲]

Detailed reference viewed: 122 (35 UL)
Full Text
See detailThe KISS principle in Software-Defined Networking: An architecture for Keeping It Simple and Secure
Kreutz, Diego UL; Verissimo, Paulo UL; Magalhaes, Catia et al

Report (2017)

Security is an increasingly fundamental requirement in Software-Defined Networking (SDN). However, the pace of adoption of secure mechanisms has been slow, which we estimate to be a consequence of the ... [more ▼]

Security is an increasingly fundamental requirement in Software-Defined Networking (SDN). However, the pace of adoption of secure mechanisms has been slow, which we estimate to be a consequence of the performance overhead of traditional solutions and of the complexity of the support infrastructure required. As a first step to addressing these problems, we propose a modular secure SDN control plane communications architecture, KISS, with innovative solutions in the context of key distribution and secure channel support. A comparative analysis of the performance impact of essential security primitives guided our selection of basic primitives for KISS. We further propose iDVV, the integrated device verification value, a deterministic but indistinguishable-from-random secret code generation protocol, allowing the local but synchronized generation/verification of keys at both ends of the channel, even on a per-message basis. iDVV is expected to give an important contribution both to the robustness and simplification of the authentication and secure communication problems in SDN. We show that our solution, while offering the same security properties, outperforms reference alternatives, with performance improvements up to 30% over OpenSSL, and improvement in robustness based on a code footprint one order of magnitude smaller. Finally, we also prove and test randomness of the proposed algorithms. [less ▲]

Detailed reference viewed: 81 (5 UL)
Full Text
Peer Reviewed
See detailPermanent Reencryption: How to Survive Generations of Cryptanalysts to Come
Volp, Marcus UL; Rocha, Francisco; Decouchant, Jérémie UL et al

in Twenty-fifth International Workshop on Security Protocols (2017)

Detailed reference viewed: 177 (25 UL)
Full Text
Peer Reviewed
See detailAvoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control
Volp, Marcus UL; Lackorzynski, Adam; Decouchant, Jérémie UL et al

Scientific Conference (2016, December 12)

Intel SGX is the latest processor architecture promising secure code execution despite large, complex and hence potentially vulnerable legacy operating systems (OSs). However, two recent works identified ... [more ▼]

Intel SGX is the latest processor architecture promising secure code execution despite large, complex and hence potentially vulnerable legacy operating systems (OSs). However, two recent works identified vulnerabilities that allow an untrusted management OS to extract secret information from Intel SGX's enclaves, and to violate their integrity by exploiting concurrency bugs. In this work, we re-investigate delayed preemption (DP) in the context of Intel SGX. DP is a mechanism originally proposed for L4-family microkernels as disable-interrupt replacement. Recapitulating earlier results on language-based information-flow security, we illustrate the construction of leakage-free code for enclaves. However, as long as adversaries have fine-grained control over preemption timing, these solutions are impractical from a performance/complexity perspective. To overcome this, we resort to delayed preemption, and sketch a software implementation for hypervisors providing enclaves as well as a hardware extension for systems like SGX. Finally, we illustrate how static analyses for SGX may be extended to check confidentiality of preemption-delaying programs. [less ▲]

Detailed reference viewed: 258 (27 UL)