Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 4 of 4
Full-Text Articles in Systems Architecture
Fimce: A Fully Isolated Micro-Computing Environment For Multicore Systems, Siqi Zhao, Xuhua Ding
Fimce: A Fully Isolated Micro-Computing Environment For Multicore Systems, Siqi Zhao, Xuhua Ding
Research Collection School Of Computing and Information Systems
Virtualization-based memory isolation has been widely used as a security primitive in various security systems to counter kernel-level attacks. In this article, our in-depth analysis on this primitive shows that its security is significantly undermined in the multicore setting when other hardware resources for computing are not enclosed within the isolation boundary. We thus propose to construct a fully isolated micro-computing environment (FIMCE) as a new primitive. By virtue of its architectural niche, FIMCE not only offers stronger security assurance than its predecessor, but also features a flexible and composable environment with support for peripheral device isolation, thus greatly expanding …
A Feasible No-Root Approach On Android, Yao Cheng, Yingjiu Li, Robert H. Deng
A Feasible No-Root Approach On Android, Yao Cheng, Yingjiu Li, Robert H. Deng
Research Collection School Of Computing and Information Systems
Root is the administrative privilege on Android, which is however inaccessible on stock Android devices. Due to the desire for privileged functionalities and the reluctance of rooting their devices, Android users seek for no-root approaches, which provide users with part of root privileges without rooting their devices. In this paper, we newly discover a feasible no-root approach based on the ADB loopback. To ensure such no-root approach is not misused proactively, we examine its dark side, including privacy leakage via logs and user input inference. Finally, we discuss the solutions and suggestions from different perspectives.
Stopwatch: A Cloud Architecture For Timing Channel Mitigation, Peng Li, Debin Gao, Michael K Reiter
Stopwatch: A Cloud Architecture For Timing Channel Mitigation, Peng Li, Debin Gao, Michael K Reiter
Research Collection School Of Computing and Information Systems
This article presents StopWatch, a system that defends against timing-based side-channel attacks that arise from coresidency of victims and attackers in infrastructure-as-a-service clouds. StopWatch triplicates each cloud-resident guest virtual machine (VM) and places replicas so that the three replicas of a guest VM are coresident with nonoverlapping sets of (replicas of) other VMs. StopWatch uses the timing of I/O events at a VM’s replicas collectively to determine the timings observed by each one or by an external observer, so that observable timing behaviors are similarly likely in the absence of any other individual, coresident VMs. We detail the design and …
Three Architectures For Trusted Data Dissemination In Edge Computing, Shen-Tat Goh, Hwee Hwa Pang, Robert H. Deng, Feng Bao
Three Architectures For Trusted Data Dissemination In Edge Computing, Shen-Tat Goh, Hwee Hwa Pang, Robert H. Deng, Feng Bao
Research Collection School Of Computing and Information Systems
Edge computing pushes application logic and the underlying data to the edge of the network, with the aim of improving availability and scalability. As the edge servers are not necessarily secure, there must be provisions for users to validate the results—that values in the result tuples are not tampered with, that no qualifying data are left out, that no spurious tuples are introduced, and that a query result is not actually the output from a different query. This paper aims to address the challenges of ensuring data integrity in edge computing. We study three schemes that enable users to check …