Cornell Systems Lunch

Distributed systems introduce a new set of security risks. When users compute on remote machines they become vulnerable to physical attacks. To protect against physical attacks, systems use secure memory, which provides confidentiality and integrity protection for data in memory. However, systems that run with secure memory, such as Intel SGX, suffer from significant delay, energy and space overheads. Our goal is to design an efficient approach to secure memory while maintaining the same security guarantees. To reduce delay overheads, we propose PoisonIvy, a safe speculation mechanism that hides the integrity verification latency while maintaining the security guarantees. To reduce energy overheads, we analyze the efficiency of a simple metadata cache and propose MCX, an improved cache design that increases the efficiency of the metadata cache by collaborating with the LLC. To improve the space overheads, we propose a dynamic allocation of secure memory metadata that makes the space overheads proportional to secure memory used. Our work effectively reduces all of these overheads making secure memory more accessible. Compared to a non-speculative secure memory design with a small metadata cache (i.e. Intel SGX), our work reduces delay overhead from 28% down to 8% and energy overhead from 55% down to 17% on average across three benchmark suites.

Tamara Silbergleit Lehman is a 6th year PhD candidate at Duke university advised by Andrew Hilton and Benjamin Lee. Her research interests lie on the intersection of computer architecture and security. She is also interested in memory systems, simulation methodologies and emerging technologies. Her thesis work focuses on reducing overheads of secure memory. Tamara has a Bachelor‘s degree from University of Florida in Industrial Engineering and a Masters degree in Computer Engineering from Duke University. Her latest publication on understanding metadata access patterns in secure memory at ISPASS 2018, MAPS, won the best paper award. Her earlier work on developing a safe speculation mechanism for secure memory, PoisonIvy, published in MICRO 2016 got an honorable mention in Micro Top Picks.

It has become clear that blockchains represent much more than a financial innovation. Several firms are now developing innovative public or private blockchain solutions for supply chains, IoT, and beyond. In our highly inter-connected world, it is inevitable that these blockchains will soon have to interact with each other. Similar to the Internet today, this will eventually result in formation of a network of blockchains where a transaction flows through a sequence of blockchains. In fact, some ad hoc industrial efforts have already begun in this direction; however, the scientific rigor is missing in these efforts, and privacy vulnerabilities and availability issues are pervasive. The first half of the talk, I will present our recent work on path-based transactions that forms the basis of some of privacy-enhanced inter-blockchain communication notions getting built in practice. In the second half, I will describe some key privacy and availability challenges that we will have to tackle in the next few years while building the Internet of blockchains.

An important concern for many Cloud customers is data confidentiality. Of particular concern are potential data leaks via side channels, which arise when mutually untrusted parties contend on resources such as CPUs, caches, and networks. In this talk, I will describe our ongoing work on mitigating network side channels. Our solution, Pacer, is a secure, efficient, and practical traffic shaping system. It consists of three components: (i) A traffic shaping strategy that shapes a tenant‘s outgoing traffic in a way that reveals only public (non-secret) aspects of the tenant‘s workload, while completely hiding the tenant‘s secrets. (ii) A gray-box profiling technique that determines traffic shapes for the tenant‘s workloads with minimal assistance from the tenant application. (iii) A tunnel abstraction that encapsulates and enforces the tenant‘s traffic shapes. The tunnel endpoints bracket network links shared with the attacker. I will describe the three components of Pacer, and particularly highlight the challenges involved in implementing the tunnel in a secure, efficient and practical manner. Finally, I will describe preliminary experimental results, which indicate that Pacer‘s overheads are modest.

Bio: Aastha Mehta is a PhD student at Max Planck Institute for Software Systems (MPI-SWS), where she is advised by Peter Druschel and Deepak Garg. Her current research focuses on operating systems, networking and security. Her broader research interests are in solving security problems from a systems perspective. She was invited to attend the 4th Heidelberg Laureate Forum in 2015. More recently, she was selected for the Rising Stars Workshop 2018.