Abstract. Intel's Software Guard Extensions (SGX) provide a new hardware-based trusted execution environment on Intel CPUs using secure enclaves that are resilient to accesses by privileged code and physical attackers. Originally designed for securing small services, SGX bears promise to protect complex, possibly cloud-hosted, legacy applications. In this paper, we show that previously considered harmless synchronisation bugs can turn into severe security vulnerabilities when using SGX. By exploiting use-after-free and time-of-check-to-time-of-use (TOCTTOU) bugs in enclave code, an attacker can hijack its control flow or bypass access control. We present AsyncShock, a tool for exploiting synchronisation bugs of multithreaded code running under SGX. AsyncShock achieves this by only manipulating the scheduling of threads that are used to execute enclave code. It allows an attacker to interrupt threads by forcing segmentation faults on enclave pages. Our evaluation using two types of Intel Skylake CPUs shows that AsyncShock can reliably exploit use-after-free and TOCTTOU bugs.
Highlights d Captive grooming and food sharing in vampire bats predict associations in the wild d New proximity sensors captured high-resolution social networks in a single tree d Many social bonds persisted across different physical and social environments d Both extrinsic constraints and intrinsic partner fidelity cause social structure
Recent advances in animal tracking technology have ushered in a new era in biologging. However, the considerable size of many sophisticated biologging devices restricts their application to larger animals, whereas older techniques often still represent the state-of-theart for studying small vertebrates. In industrial applications, low-power wireless sensor networks (WSNs) fulfill requirements similar to those needed to monitor animal behavior at high resolution and at low tag mass. We developed a wireless biologging network (WBN), which enables simultaneous direct proximity sensing, high-resolution tracking, and long-range remote data download at tag masses of 1 to 2 g. Deployments to study wild bats created social networks and flight trajectories of unprecedented quality. Our developments highlight the vast capabilities of WBNs and their potential to close an important gap in biologging: fully automated tracking and proximity sensing of small animals, even in closed habitats, at high spatial and temporal resolution.
Abstract-The fact that energy is a scarce resource in many embedded real-time systems creates the need for energy-aware task schedulers, which not only guarantee timing constraints but also consider energy consumption. Unfortunately, existing approaches to analyze the worst-case execution time (WCET) of a task usually cannot be directly applied to determine its worstcase energy consumption (WCEC) due to execution time and energy consumption not being closely correlated on many stateof-the-art processors. Instead, a WCEC analyzer must take into account the particular energy characteristics of a target platform.In this paper, we present 0g, a comprehensive approach to WCEC analysis that combines different techniques to speed up the analysis and to improve results. If detailed knowledge about the energy costs of instructions on the target platform is available, our tool is able to compute upper bounds for the WCEC by statically analyzing the program code. Otherwise, a novel approach allows 0g to determine the WCEC by measurement after having identified a set of suitable program inputs based on an auxiliary energy model, which specifies the energy consumption of instructions in relation to each other. Our experiments for three target platforms show that 0g provides precise WCEC estimates.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.