Security, Performance and Energy Implications of Hardware-Assisted Memory Protection Mechanisms on Event-Based Streaming Systems

Göttel, Christian; Pires, Rafael; Rocha, Isabelly; Vaucher, Sébastien; Felber, Pascal; Pasin, Marcelo; Schiavoni, Valerio

doi:10.1109/srds.2018.00042

Cited by 2 publications

(3 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In system emulation mode QEMU emulates an entire machine, dynamically translating different hardware instruction sets when running a virtual machine with a different architecture. In order to provide full network capability, we replace the default SLiRP network 12 deployed with Op-Tee by a bridged network with a tap device.…”

Section: Discussionmentioning

confidence: 99%

“…Edge devices are typically low-energy units with limited processing and storage capacity. As such, it is unpractical to rely on sophisticated software-based protection mechanisms (e.g., homomorphic encryption [20]), currently due to their high processing requirements and low performance [12]. Alternatively, new hardware-based protection mechanisms can be easily leveraged by programmers to provide the mentioned protection guarantees.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

iperfTZ: Understanding Network Bottlenecks for TrustZone-Based Trusted Applications

Göttel¹,

Felber²,

Schiavoni³

2019

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

The growing availability of hardware-based trusted execution environments (TEEs) in commodity processors has recently advanced support (i.e., design, implementation and deployment frameworks) for network-based secure services. Examples of such TEEs include Arm TrustZone or Intel SGX, largely available in embedded, mobile and server-grade processors. TEEs shield services from compromised hosts, malicious users or powerful attackers. TEE-enabled devices are largely being deployed on the edge of the network, paving the way for large-scale deployments of trusted applications. These applications allow processing and disseminating sensitive data without having to trust cloud providers. However, uncovering network performance limitations of such trusted applications is difficult and currently lacking, despite the interest and reliance by developers and system deployers.iperfTZ is an open-source tool to uncover network performance bottlenecks rooted at the design and implementation of trusted applications for Arm TrustZone and underlying runtime systems. Our evaluation based on micro-benchmarks shows current trade-offs for trusted applications, both from a network as well as an energy perspective; an often overlooked yet relevant aspect for edge-based deployments.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

iperfTZ: Understanding Network Bottlenecks for TrustZone-Based Trusted Applications

Göttel¹,

Felber²,

Schiavoni³

2019

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…At present, building security based on hardware entities has become the hot issues in the security field. The common hardware security mechanisms on computing nodes include TPCM, 16 TCM, TPM, TXT, SGX, password card, 17 and TrustZone 18 . Each mechanism constructs an isolated resource environment for security protection through security dedicated hardware resources.…”

Section: Introductionmentioning

confidence: 99%

A noninterference trusted dual system security guarantee method based on secure memory

Hong

Li²,

Tan

2022

Concurrency and Computation

View full text Add to dashboard Cite

With the continuous maturity and development of single hardware security mechanism, it has been widely used in the field of information technology, but the single hardware mechanism has insufficient security guarantee in its own supporting drivers and other key programs. In response to this problem, this article proposes a trusted isolation model based on the noninterference theory and gives a formal proof. The realization is based on the trusted platform control module (TPCM) hardware mechanism by introducing a secure memory bar to provide a way to achieve a trusted dual-system isolation guarantee. The hardware interface of secure memory module is consistent with that of ordinary memory module, which is widely used. It can improve the security guarantee ability of trusted computing platform, and has a good reference value for the design and application of trusted computing platform equipment.

show abstract

Security, Performance and Energy Implications of Hardware-Assisted Memory Protection Mechanisms on Event-Based Streaming Systems

Cited by 2 publications

References 5 publications

iperfTZ: Understanding Network Bottlenecks for TrustZone-Based Trusted Applications

iperfTZ: Understanding Network Bottlenecks for TrustZone-Based Trusted Applications

A noninterference trusted dual system security guarantee method based on secure memory

Contact Info

Product

Resources

About