Your search keyword '"Felber, Pascal"' showing total 885 results

1. BlindexTEE: A Blind Index Approach towards TEE-supported End-to-end Encrypted DBMS

Author

Vialar, Louis, Ménétrey, Jämes, Schiavoni, Valerio, and Felber, Pascal

Subjects

Computer Science - Cryptography and Security

Abstract

Using cloud-based applications comes with privacy implications, as the end-user looses control over their data. While encrypting all data on the client is possible, it largely reduces the usefulness of database management systems (DBMS) that are typically built to efficiently query large quantities of data. We present BlindexTEE, a new component that sits between the application business-logic and the database. BlindexTEE is shielded from malicious users or compromised environments by executing inside an SEV-SNP confidential VM, AMD's trusted execution environment (TEE). BlindexTEE is in charge of end-to-end encryption of user data while preserving the ability of the DBMS to efficiently filter data. By decrypting and re-encrypting data, it builds blind indices, used later on to efficiently query the DBMS. We demonstrate the practicality of BlindexTEE with MySQL in several micro- and macro-benchmarks, achieving overheads between 36.1% and 462% over direct database access depending on the usage scenario.

Published

2024

2. CryptoAnalytics: Cryptocoins Price Forecasting with Machine Learning Techniques

Author

De Rosa, Pasquale, Felber, Pascal, and Schiavoni, Valerio

Subjects

Computer Science - Computational Engineering, Finance, and Science

Abstract

This paper introduces CryptoAnalytics, a software toolkit for cryptocoins price forecasting with machine learning (ML) techniques. Cryptocoins are tradable digital assets exchanged for specific trading prices. While history has shown the extreme volatility of such trading prices, the ability to efficiently model and forecast the time series resulting from the exchange price volatility remains an open research challenge. Good results can been achieved with state-of-the-art ML techniques, including Gradient-Boosting Machines (GBMs) and Recurrent Neural Networks (RNNs). CryptoAnalytics is a software toolkit to easily train these models and make inference on up-to-date cryptocoin trading price data, with facilities to fetch datasets from one of the main leading aggregator websites, i.e., CoinMarketCap, train models and infer the future trends. This software is implemented in Python. It relies on PyTorch for the implementation of RNNs (LSTM and GRU), while for GBMs, it leverages on XgBoost, LightGBM and CatBoost.

Published

2024

3. Practical Forecasting of Cryptocoins Timeseries using Correlation Patterns

Author

De Rosa, Pasquale, Felber, Pascal, and Schiavoni, Valerio

Subjects

Computer Science - Computational Engineering, Finance, and Science, Computer Science - Machine Learning

Abstract

Cryptocoins (i.e., Bitcoin, Ether, Litecoin) are tradable digital assets. Ownerships of cryptocoins are registered on distributed ledgers (i.e., blockchains). Secure encryption techniques guarantee the security of the transactions (transfers of coins among owners), registered into the ledger. Cryptocoins are exchanged for specific trading prices. The extreme volatility of such trading prices across all different sets of crypto-assets remains undisputed. However, the relations between the trading prices across different cryptocoins remains largely unexplored. Major coin exchanges indicate trend correlation to advise for sells or buys. However, price correlations remain largely unexplored. We shed some light on the trend correlations across a large variety of cryptocoins, by investigating their coin/price correlation trends over the past two years. We study the causality between the trends, and exploit the derived correlations to understand the accuracy of state-of-the-art forecasting techniques for time series modeling (e.g., GBMs, LSTM and GRU) of correlated cryptocoins. Our evaluation shows (i) strong correlation patterns between the most traded coins (e.g., Bitcoin and Ether) and other types of cryptocurrencies, and (ii) state-of-the-art time series forecasting algorithms can be used to forecast cryptocoins price trends. We released datasets and code to reproduce our analysis to the research community.

Published

2024

4. A Comprehensive Trusted Runtime for WebAssembly with Intel SGX

Author

Ménétrey, Jämes, Pasin, Marcelo, Felber, Pascal, Schiavoni, Valerio, Mazzeo, Giovanni, Hollum, Arne, and Vaydia, Darshan

Subjects

Computer Science - Cryptography and Security, Computer Science - Performance, Computer Science - Programming Languages

Abstract

In real-world scenarios, trusted execution environments (TEEs) frequently host applications that lack the trust of the infrastructure provider, as well as data owners who have specifically outsourced their data for remote processing. We present Twine, a trusted runtime for running WebAssembly-compiled applications within TEEs, establishing a two-way sandbox. Twine leverages memory safety guarantees of WebAssembly (Wasm) and abstracts the complexity of TEEs, empowering the execution of legacy and language-agnostic applications. It extends the standard WebAssembly system interface (WASI), providing controlled OS services, focusing on I/O. Additionally, through built-in TEE mechanisms, Twine delivers attestation capabilities to ensure the integrity of the runtime and the OS services supplied to the application. We evaluate its performance using general-purpose benchmarks and real-world applications, showing it compares on par with state-of-the-art solutions. A case study involving fintech company Credora reveals that Twine can be deployed in production with reasonable performance trade-offs, ranging from a 0.7x slowdown to a 1.17x speedup compared to native run time. Finally, we identify performance improvement through library optimisation, showcasing one such adjustment that leads up to 4.1x speedup. Twine is open-source and has been upstreamed into the original Wasm runtime, WAMR., Comment: This publication incorporates results from the VEDLIoT project, which received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement No 957197. arXiv admin note: text overlap with arXiv:2103.15860

Published

2023

5. Fortress: Securing IoT Peripherals with Trusted Execution Environments

Author

Yuhala, Peterson, Ménétrey, Jämes, Felber, Pascal, Pasin, Marcelo, and Schiavoni, Valerio

Subjects

Computer Science - Cryptography and Security

Abstract

With the increasing popularity of Internet of Things (IoT) devices, securing sensitive user data has emerged as a major challenge. These devices often collect confidential information, such as audio and visual data, through peripheral inputs like microphones and cameras. Such sensitive information is then exposed to potential threats, either from malicious software with high-level access rights or transmitted (sometimes inadvertently) to untrusted cloud services. In this paper, we propose a generic design to enhance the privacy in IoT-based systems by isolating peripheral I/O memory regions in a secure kernel space of a trusted execution environment (TEE). Only a minimal set of peripheral driver code, resident within the secure kernel, can access this protected memory area. This design effectively restricts any unauthorised access by system software, including the operating system and hypervisor. The sensitive peripheral data is then securely transferred to a user-space TEE, where obfuscation mechanisms can be applied before it is relayed to third parties, e.g., the cloud. To validate our architectural approach, we provide a proof-of-concept implementation of our design by securing an audio peripheral based on inter-IC sound (I2S), a serial bus to interconnect audio devices. The experimental results show that our design offers a robust security solution with an acceptable computational overhead., Comment: 8 pages

Published

2023

6. A Holistic Approach for Trustworthy Distributed Systems with WebAssembly and TEEs

Author

Ménétrey, Jämes, Grüter, Aeneas, Yuhala, Peterson, Oeftiger, Julius, Felber, Pascal, Pasin, Marcelo, and Schiavoni, Valerio

Subjects

Computer Science - Cryptography and Security, Computer Science - Distributed, Parallel, and Cluster Computing

Abstract

Publish/subscribe systems play a key role in enabling communication between numerous devices in distributed and large-scale architectures. While widely adopted, securing such systems often trades portability for additional integrity and attestation guarantees. Trusted Execution Environments (TEEs) offer a potential solution with enclaves to enhance security and trust. However, application development for TEEs is complex, and many existing solutions are tied to specific TEE architectures, limiting adaptability. Current communication protocols also inadequately manage attestation proofs or expose essential attestation information. This paper introduces a novel approach using WebAssembly to address these issues, a key enabling technology nowadays capturing academia and industry attention. We present the design of a portable and fully attested publish/subscribe middleware system as a holistic approach for trustworthy and distributed communication between various systems. Based on this proposal, we have implemented and evaluated in-depth a fully-fledged publish/subscribe broker running within Intel SGX, compiled in WebAssembly, and built on top of industry-battled frameworks and standards, i.e., MQTT and TLS protocols. Our extended TLS protocol preserves the privacy of attestation information, among other benefits. Our experimental results showcase most overheads, revealing a 1.55x decrease in message throughput when using a trusted broker. We open-source the contributions of this work to the research community to facilitate experimental reproducibility., Comment: This publication incorporates results from the VEDLIoT project, which received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement No 957197

Published

2023

7. BlindexTEE: A Blind Index Approach Towards TEE-Supported End-to-End Encrypted DBMS

Author

Vialar, Louis, Ménétrey, Jämes, Schiavoni, Valerio, Felber, Pascal, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Masuzawa, Toshimitsu, editor, Katayama, Yoshiaki, editor, Kakugawa, Hirotsugu, editor, Nakamura, Junya, editor, and Kim, Yonghwan, editor

Published

2025

8. SecV: Secure Code Partitioning via Multi-Language Secure Values

Author

Yuhala, Peterson, Felber, Pascal, Guiroux, Hugo, Lozi, Jean-Pierre, Tchana, Alain, Schiavoni, Valerio, and Thomas, Gaël

Subjects

Computer Science - Cryptography and Security, Computer Science - Programming Languages

Abstract

Trusted execution environments like Intel SGX provide \emph{enclaves}, which offer strong security guarantees for applications. Running entire applications inside enclaves is possible, but this approach leads to a large trusted computing base (TCB). As such, various tools have been developed to partition programs written in languages such as C or Java into \emph{trusted} and \emph{untrusted} parts, which are run in and out of enclaves respectively. However, those tools depend on language-specific taint-analysis and partitioning techniques. They cannot be reused for other languages and there is thus a need for tools that transcend this language barrier. We address this challenge by proposing a multi-language technique to specify sensitive code or data, as well as a multi-language tool to analyse and partition the resulting programs for trusted execution environments like Intel SGX. We leverage GraalVM's Truffle framework, which provides a language-agnostic abstract syntax tree (AST) representation for programs, to provide special AST nodes called \emph{secure nodes} that encapsulate sensitive program information. Secure nodes can easily be embedded into the ASTs of a wide range of languages via Truffle's \emph{polyglot API}. Our technique includes a multi-language dynamic taint tracking tool to analyse and partition applications based on our generic secure nodes. Our extensive evaluation with micro- and macro-benchmarks shows that we can use our technique for two languages (Javascript and \python), and that partitioned programs can obtain up to $14.5\%$ performance improvement as compared to unpartitioned versions., Comment: 12 pages

Published

2023

9. Mitigating Adversarial Attacks in Federated Learning with Trusted Execution Environments

Author

Queyrut, Simon, Schiavoni, Valerio, and Felber, Pascal

Subjects

Computer Science - Machine Learning, Computer Science - Cryptography and Security

Abstract

The main premise of federated learning (FL) is that machine learning model updates are computed locally to preserve user data privacy. This approach avoids by design user data to ever leave the perimeter of their device. Once the updates aggregated, the model is broadcast to all nodes in the federation. However, without proper defenses, compromised nodes can probe the model inside their local memory in search for adversarial examples, which can lead to dangerous real-world scenarios. For instance, in image-based applications, adversarial examples consist of images slightly perturbed to the human eye getting misclassified by the local model. These adversarial images are then later presented to a victim node's counterpart model to replay the attack. Typical examples harness dissemination strategies such as altered traffic signs (patch attacks) no longer recognized by autonomous vehicles or seemingly unaltered samples that poison the local dataset of the FL scheme to undermine its robustness. Pelta is a novel shielding mechanism leveraging Trusted Execution Environments (TEEs) that reduce the ability of attackers to craft adversarial samples. Pelta masks inside the TEE the first part of the back-propagation chain rule, typically exploited by attackers to craft the malicious samples. We evaluate Pelta on state-of-the-art accurate models using three well-established datasets: CIFAR-10, CIFAR-100 and ImageNet. We show the effectiveness of Pelta in mitigating six white-box state-of-the-art adversarial attacks, such as Projected Gradient Descent, Momentum Iterative Method, Auto Projected Gradient Descent, the Carlini & Wagner attack. In particular, Pelta constitutes the first attempt at defending an ensemble model against the Self-Attention Gradient attack to the best of our knowledge. Our code is available to the research community at https://github.com/queyrusi/Pelta., Comment: 12 pages, 4 figures, to be published in Proceedings 23rd International Conference on Distributed Computing Systems. arXiv admin note: substantial text overlap with arXiv:2308.04373

Published

2023

10. Preventing EFail Attacks with Client-Side WebAssembly: The Case of Swiss Post's IncaMail

Author

Gerig, Pascal, Ménétrey, Jämes, Lanoix, Baptiste, Stoller, Florian, Felber, Pascal, Pasin, Marcelo, and Schiavoni, Valerio

Subjects

Computer Science - Cryptography and Security

Abstract

Traditional email encryption schemes are vulnerable to EFail attacks, which exploit the lack of message authentication by manipulating ciphertexts and exfiltrating plaintext via HTML backchannels. Swiss Post's IncaMail, a secure email service for transmitting legally binding, encrypted, and verifiable emails, counters EFail attacks using an authenticated-encryption with associated data (AEAD) encryption scheme to ensure message privacy and authentication between servers. IncaMail relies on a trusted infrastructure backend and encrypts messages per user policy. This paper presents a revised IncaMail architecture that offloads the majority of cryptographic operations to clients, offering benefits such as reduced computational load and energy footprint, relaxed trust assumptions, and per-message encryption key policies. Our proof-of-concept prototype and benchmarks demonstrate the robustness of the proposed scheme, with client-side WebAssembly-based cryptographic operations yielding significant performance improvements (up to ~14x) over conventional JavaScript implementations., Comment: This publication incorporates results from the VEDLIoT project, which received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement No 957197

Published

2023

11. VEDLIoT -- Next generation accelerated AIoT systems and applications

Author

Mika, Kevin, Griessl, René, Kucza, Nils, Porrmann, Florian, Kaiser, Martin, Tigges, Lennart, Hagemeyer, Jens, Trancoso, Pedro, Azhar, Muhammad Waqar, Qararyah, Fareed, Zouzoula, Stavroula, Ménétrey, Jämes, Pasin, Marcelo, Felber, Pascal, Marcus, Carina, Brunnegard, Oliver, Eriksson, Olof, Salomonsson, Hans, Ödman, Daniel, Ask, Andreas, Casimiro, Antonio, Bessani, Alysson, Carvalho, Tiago, Gugala, Karol, Zierhoffer, Piotr, Latosinski, Grzegorz, Tassemeier, Marco, Porrmann, Mario, Heyn, Hans-Martin, Knauss, Eric, Mao, Yufei, and Meierhöfer, Franz

Subjects

Computer Science - Hardware Architecture, Computer Science - Artificial Intelligence, Computer Science - Cryptography and Security

Abstract

The VEDLIoT project aims to develop energy-efficient Deep Learning methodologies for distributed Artificial Intelligence of Things (AIoT) applications. During our project, we propose a holistic approach that focuses on optimizing algorithms while addressing safety and security challenges inherent to AIoT systems. The foundation of this approach lies in a modular and scalable cognitive IoT hardware platform, which leverages microserver technology to enable users to configure the hardware to meet the requirements of a diverse array of applications. Heterogeneous computing is used to boost performance and energy efficiency. In addition, the full spectrum of hardware accelerators is integrated, providing specialized ASICs as well as FPGAs for reconfigurable computing. The project's contributions span across trusted computing, remote attestation, and secure execution environments, with the ultimate goal of facilitating the design and deployment of robust and efficient AIoT systems. The overall architecture is validated on use-cases ranging from Smart Home to Automotive and Industrial IoT appliances. Ten additional use cases are integrated via an open call, broadening the range of application areas., Comment: This publication incorporates results from the VEDLIoT project, which received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement No 957197. CF'23: 20th ACM International Conference on Computing Frontiers, May 2023, Bologna, Italy

Published

2023

12. NVMM cache design: Logging vs. Paging

Author

Dulong, Rémi, Acher, Quentin, Lepers, Baptiste, Schiavoni, Valerio, Felber, Pascal, and Thomas, Gaël

Subjects

Computer Science - Operating Systems, Computer Science - Hardware Architecture, 68M15

Abstract

Modern NVMM is closing the gap between DRAM and persistent storage, both in terms of performance and features. Having both byte addressability and persistence on the same device gives NVMM an unprecedented set of features, leading to the following question: How should we design an NVMM-based caching system to fully exploit its potential? We build two caching mechanisms, NVPages and NVLog, based on two radically different design approaches. NVPages stores memory pages in NVMM, similar to the Linux page cache (LPC). NVLog uses NVMM to store a log of pending write operations to be submitted to the LPC, while it ensures reads with a small DRAM cache. Our study shows and quantifies advantages and flaws for both designs., Comment: 3 pages, 4 figures, presented for NVMW'23: 14th Annual Non-Volatile Memories Workshop

Published

2023

13. Montsalvat: Intel SGX Shielding for GraalVM Native Images

Author

Yuhala, Peterson, Ménétrey, Jämes, Felber, Pascal, Schiavoni, Valerio, Tchana, Alain, Thomas, Gaël, Guiroux, Hugo, and Lozi, Jean-Pierre

Subjects

Computer Science - Cryptography and Security

Abstract

The popularity of the Java programming language has led to its wide adoption in cloud computing infrastructures. However, Java applications running in untrusted clouds are vulnerable to various forms of privileged attacks. The emergence of trusted execution environments (TEEs) such as Intel SGX mitigates this problem. TEEs protect code and data in secure enclaves inaccessible to untrusted software, including the kernel and hypervisors. To efficiently use TEEs, developers must manually partition their applications into trusted and untrusted parts, in order to reduce the size of the trusted computing base (TCB) and minimise the risks of security vulnerabilities. However, partitioning applications poses two important challenges: (i) ensuring efficient object communication between the partitioned components, and (ii) ensuring the consistency of garbage collection between the parts, especially with memory-managed languages such as Java. We present Montsalvat, a tool which provides a practical and intuitive annotation-based partitioning approach for Java applications destined for secure enclaves. Montsalvat provides an RMI-like mechanism to ensure inter-object communication, as well as consistent garbage collection across the partitioned components. We implement Montsalvat with GraalVM native-image, a tool for compiling Java applications ahead-of-time into standalone native executables that do not require a JVM at runtime. Our extensive evaluation with micro- and macro-benchmarks shows our partitioning approach to boost performance in real-world applications, Comment: 13 pages, Proceedings of the 22nd International Middleware Conference

Published

2023

14. SGX Switchless Calls Made Configless

Author

Yuhala, Peterson, Paper, Michael, Zerbib, Timothée, Felber, Pascal, Schiavoni, Valerio, and Tchana, Alain

Subjects

Computer Science - Cryptography and Security

Abstract

Intel's software guard extensions (SGX) provide hardware enclaves to guarantee confidentiality and integrity for sensitive code and data. However, systems leveraging such security mechanisms must often pay high performance overheads. A major source of this overhead is SGX enclave transitions which induce expensive cross-enclave context switches. The Intel SGX SDK mitigates this with a switchless call mechanism for transitionless cross-enclave calls using worker threads. Intel's SGX switchless call implementation improves performance but provides limited flexibility: developers need to statically fix the system configuration at build time, which is error-prone and misconfigurations lead to performance degradations and waste of CPU resources. ZC-SWITCHLESS is a configless and efficient technique to drive the execution of SGX switchless calls. Its dynamic approach optimises the total switchless worker threads at runtime to minimise CPU waste. The experimental evaluation shows that ZC-SWITCHLESS obviates the performance penalty of misconfigured switchless systems while minimising CPU waste., Comment: 10 pages, 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)

Published

2023

15. VEDLIoT: Very Efficient Deep Learning in IoT

Author

Kaiser, Martin, Griessl, Rene, Kucza, Nils, Haumann, Carola, Tigges, Lennart, Mika, Kevin, Hagemeyer, Jens, Porrmann, Florian, Rückert, Ulrich, dem Berge, Micha vor, Krupop, Stefan., Porrmann, Mario, Tassemeier, Marco, Trancoso, Pedro, Quararyah, Fareed, Zouzoula, Stavroula, Casimiro, Antonio, Bessani, Alysson, Cecilio, Jose, Andersson, Stefan, Brunnegard, Oliver, Eriksson, Olof, Weiss, Roland, Meierhöfer, Franz, Salomonsson, Hans, Malekzadeh, Elaheh, Ödman, Daniel, Khurshid, Anum, Felber, Pascal, Pasin, Marcelo, Schiavoni, Valerio, Ménétrey, Jämes, Gugula, Karol, Zierhoffer, Piotr, Knauss, Eric, and Heyn, Hans-Martin

Subjects

Computer Science - Hardware Architecture, Computer Science - Cryptography and Security, Computer Science - Distributed, Parallel, and Cluster Computing, Computer Science - Performance

Abstract

The VEDLIoT project targets the development of energy-efficient Deep Learning for distributed AIoT applications. A holistic approach is used to optimize algorithms while also dealing with safety and security challenges. The approach is based on a modular and scalable cognitive IoT hardware platform. Using modular microserver technology enables the user to configure the hardware to satisfy a wide range of applications. VEDLIoT offers a complete design flow for Next-Generation IoT devices required for collaboratively solving complex Deep Learning applications across distributed systems. The methods are tested on various use-cases ranging from Smart Home to Automotive and Industrial IoT appliances. VEDLIoT is an H2020 EU project which started in November 2020. It is currently in an intermediate stage with the first results available., Comment: This publication incorporates results from the VEDLIoT project, which received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement No 957197

Published

2022

16. WebAssembly as a Common Layer for the Cloud-edge Continuum

Author

Ménétrey, Jämes, Pasin, Marcelo, Felber, Pascal, and Schiavoni, Valerio

Subjects

Computer Science - Distributed, Parallel, and Cluster Computing, Computer Science - Cryptography and Security

Abstract

Over the last decade, the cloud computing landscape has transformed from a centralised architecture made of large data centres to a distributed and heterogeneous architecture embracing edge and IoT units. This shift has created the so-called cloud-edge continuum, which closes the gap between large data centres and end-user devices. Existing solutions for programming the continuum are, however, dominated by proprietary silos and incompatible technologies, built around dedicated devices and run-time stacks. In this position paper, we motivate the need for an interoperable environment that would run seamlessly across hardware devices and software stacks, while achieving good performance and a high level of security -- a critical requirement when processing data off-premises. We argue that the technology provided by WebAssembly running on modern virtual machines and shielded within trusted execution environments, combined with a core set of services and support libraries, allows us to meet both goals. We also present preliminary results from a prototype deployed on the cloud-edge continuum., Comment: This publication incorporates results from the VEDLIoT project, which received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement No 957197

Published

2022

17. WaTZ: A Trusted WebAssembly Runtime Environment with Remote Attestation for TrustZone

Author

Ménétrey, Jämes, Pasin, Marcelo, Felber, Pascal, and Schiavoni, Valerio

Subjects

Computer Science - Cryptography and Security, Computer Science - Distributed, Parallel, and Cluster Computing, Computer Science - Performance

Abstract

WebAssembly (Wasm) is a novel low-level bytecode format that swiftly gained popularity for its efficiency, versatility and security, with near-native performance. Besides, trusted execution environments (TEEs) shield critical software assets against compromised infrastructures. However, TEEs do not guarantee the code to be trustworthy or that it was not tampered with. Instead, one relies on remote attestation to assess the code before execution. This paper describes WaTZ, which is (i) an efficient and secure runtime for trusted execution of Wasm code for Arm's TrustZone TEE, and (ii) a lightweight remote attestation system optimised for Wasm applications running in TrustZone, as it lacks built-in mechanisms for attestation. The remote attestation protocol is formally verified using a state-of-the-art analyser and model checker. Our extensive evaluation of Arm-based hardware uses synthetic and real-world benchmarks, illustrating typical tasks IoT devices achieve. WaTZ's execution speed is on par with Wasm runtimes in the normal world and reaches roughly half the speed of native execution, which is compensated by the additional security guarantees and the interoperability offered by Wasm. WaTZ is open-source and available on GitHub along with instructions to reproduce our experiments., Comment: This publication incorporates results from the VEDLIoT project, which received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement No 957197

Published

2022

18. PCRAFT: Capacity Planning for Dependable Stateless Services

Author

Faqeh, Rasha, Martin, Andrè, Schiavoni, Valerio, Bhatotia, Pramod, Felber, Pascal, and Fetzer, Christof

Subjects

Computer Science - Distributed, Parallel, and Cluster Computing, C.0, C.4

Abstract

Fault-tolerance techniques depend on replication to enhance availability, albeit at the cost of increased infrastructure costs. This results in a fundamental trade-off: Fault-tolerant services must satisfy given availability and performance constraints while minimising the number of replicated resources. These constraints pose capacity planning challenges for the service operators to minimise replication costs without negatively impacting availability. To this end, we present PCRAFT, a system to enable capacity planning of dependable services. PCRAFT's capacity planning is based on a hybrid approach that combines empirical performance measurements with probabilistic modelling of availability based on fault injection. In particular, we integrate traditional service-level availability mechanisms (active route anywhere and passive failover) and deployment schemes (cloud and on-premises) to quantify the number of nodes needed to satisfy the given availability and performance constraints. Our evaluation based on real-world applications shows that cloud deployment requires fewer nodes than on-premises deployments. Additionally, when considering on-premises deployments, we show how passive failover requires fewer nodes than active route anywhere. Furthermore, our evaluation quantify the quality enhancement given by additional integrity mechanisms and how this affects the number of nodes needed., Comment: 11 pages

Published

2022

19. Attestation Mechanisms for Trusted Execution Environments Demystified

Author

Ménétrey, Jämes, Göttel, Christian, Khurshid, Anum, Pasin, Marcelo, Felber, Pascal, Schiavoni, Valerio, and Raza, Shahid

Subjects

Computer Science - Cryptography and Security, Computer Science - Distributed, Parallel, and Cluster Computing

Abstract

Attestation is a fundamental building block to establish trust over software systems. When used in conjunction with trusted execution environments, it guarantees the genuineness of the code executed against powerful attackers and threats, paving the way for adoption in several sensitive application domains. This paper reviews remote attestation principles and explains how the modern and industrially well-established trusted execution environments Intel SGX, Arm TrustZone and AMD SEV, as well as emerging RISC-V solutions, leverage these mechanisms., Comment: This publication incorporates results from the VEDLIoT project, which received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement No 957197. arXiv admin note: substantial text overlap with arXiv:2204.06790

Published

2022

20. An Exploratory Study of Attestation Mechanisms for Trusted Execution Environments

Author

Ménétrey, Jämes, Göttel, Christian, Pasin, Marcelo, Felber, Pascal, and Schiavoni, Valerio

Subjects

Computer Science - Cryptography and Security, Computer Science - Distributed, Parallel, and Cluster Computing

Abstract

Attestation is a fundamental building block to establish trust over software systems. When used in conjunction with trusted execution environments, it guarantees that genuine code is executed even when facing strong attackers, paving the way for adoption in several sensitive application domains. This paper reviews existing remote attestation principles and compares the functionalities of current trusted execution environments as Intel SGX, Arm TrustZone and AMD SEV, as well as emerging RISC-V solutions., Comment: This publication incorporates results from the VEDLIoT project, which received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement No 957197

Published

2022

21. Methods for Requirements Engineering, Verification, Security, Safety, and Robustness in AIoT Systems

Author

Pasin, Marcelo, primary, Ménétrey, Jämes, additional, Felber, Pascal, additional, Schiavoni, Valerio, additional, Heyn, Hans-Martin, additional, Knauss, Eric, additional, Khurshid, Anum, additional, and Raza, Shahid, additional

Published

2023

22. Scrooge Attack: Undervolting ARM Processors for Profit

Author

Göttel, Christian, Parasyris, Konstantinos, Unsal, Osman, Felber, Pascal, Pasin, Marcelo, and Schiavoni, Valerio

Subjects

Computer Science - Distributed, Parallel, and Cluster Computing

Abstract

Latest ARM processors are approaching the computational power of x86 architectures while consuming much less energy. Consequently, supply follows demand with Amazon EC2, Equinix Metal and Microsoft Azure offering ARM-based instances, while Oracle Cloud Infrastructure is about to add such support. We expect this trend to continue, with an increasing number of cloud providers offering ARM-based cloud instances. ARM processors are more energy-efficient leading to substantial electricity savings for cloud providers. However, a malicious cloud provider could intentionally reduce the CPU voltage to further lower its costs. Running applications malfunction when the undervolting goes below critical thresholds. By avoiding critical voltage regions, a cloud provider can run undervolted instances in a stealthy manner. This practical experience report describes a novel attack scenario: an attack launched by the cloud provider against its users to aggressively reduce the processor voltage for saving energy to the last penny. We call it the Scrooge Attack and show how it could be executed using ARM-based computing instances. We mimic ARM-based cloud instances by deploying our own ARM-based devices using different generations of Raspberry Pi. Using realistic and synthetic workloads, we demonstrate to which degree of aggressiveness the attack is relevant. The attack is unnoticeable by our detection method up to an offset of -50mV. We show that the attack may even remain completely stealthy for certain workloads. Finally, we propose a set of client-based detection methods that can identify undervolted instances. We support experimental reproducibility and provide instructions to reproduce our results., Comment: European Commission Project: LEGaTO - Low Energy Toolset for Heterogeneous Computing (EC-H2020-780681)

Published

2021

23. NVCache: A Plug-and-Play NVMM-based I/O Booster for Legacy Systems

Author

Dulong, Rémi, Pires, Rafael, Correia, Andreia, Schiavoni, Valerio, Ramalhete, Pedro, Felber, Pascal, and Thomas, Gaël

Subjects

Computer Science - Distributed, Parallel, and Cluster Computing, Computer Science - Hardware Architecture, Computer Science - Operating Systems, 68M20, D.4.2, D.4.3, D.4.8

Abstract

This paper introduces NVCache, an approach that uses a non-volatile main memory (NVMM) as a write cache to improve the write performance of legacy applications. We compare NVCache against file systems tailored for NVMM (Ext4-DAX and NOVA) and with I/O-heavy applications (SQLite, RocksDB). Our evaluation shows that NVCache reaches the performance level of the existing state-of-the-art systems for NVMM, but without their limitations: NVCache does not limit the size of the stored data to the size of the NVMM, and works transparently with unmodified legacy applications, providing additional persistence guarantees even when their source code is not available., Comment: 13 pages, 7 figures, to be published in the 51th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 21)

Published

2021

24. Security, Performance and Energy Implications of Hardware-assisted Memory Protection Mechanisms on Event-based Streaming Systems

Author

Göttel, Christian, Pires, Rafael, Rocha, Isabelly, Vaucher, Sébastien, Felber, Pascal, Pasin, Marcelo, and Schiavoni, Valerio

Subjects

Computer Science - Distributed, Parallel, and Cluster Computing

Abstract

Major cloud providers such as Amazon, Google and Microsoft provide nowadays some form of infrastructure as a service (IaaS) which allows deploying services in the form of virtual machines, containers or bare-metal instances. Although software-based solutions like homomorphic encryption exit, privacy concerns greatly hinder the deployment of such services over public clouds. It is particularly difficult for homomorphic encryption to match performance requirements of modern workloads. Evaluating simple operations on basic data types with HElib, a homomorphic encryption library, against their unencrypted counter part reveals that homomorphic encryption is still impractical under realistic workloads., Comment: European Commission Project: LEGaTO - Low Energy Toolset for Heterogeneous Computing (EC-H2020-780681)

Published

2021

25. Plinius: Secure and Persistent Machine Learning Model Training

Author

Yuhala, Peterson, Felber, Pascal, Schiavoni, Valerio, and Tchana, Alain

Subjects

Computer Science - Cryptography and Security, Computer Science - Machine Learning

Abstract

With the increasing popularity of cloud based machine learning (ML) techniques there comes a need for privacy and integrity guarantees for ML data. In addition, the significant scalability challenges faced by DRAM coupled with the high access-times of secondary storage represent a huge performance bottleneck for ML systems. While solutions exist to tackle the security aspect, performance remains an issue. Persistent memory (PM) is resilient to power loss (unlike DRAM), provides fast and fine-granular access to memory (unlike disk storage) and has latency and bandwidth close to DRAM (in the order of ns and GB/s, respectively). We present PLINIUS, a ML framework using Intel SGX enclaves for secure training of ML models and PM for fault tolerance guarantees. P LINIUS uses a novel mirroring mechanism to create and maintain (i) encrypted mirror copies of ML models on PM, and (ii) encrypted training data in byte-addressable PM, for near-instantaneous data recovery after a system failure. Compared to disk-based checkpointing systems,PLINIUS is 3.2x and 3.7x faster respectively for saving and restoring models on real PM hardware, achieving robust and secure ML model training in SGX enclaves.

Published

2021

26. Twine: An Embedded Trusted Runtime for WebAssembly

Author

Ménétrey, Jämes, Pasin, Marcelo, Felber, Pascal, and Schiavoni, Valerio

Subjects

Computer Science - Cryptography and Security, Computer Science - Distributed, Parallel, and Cluster Computing, Computer Science - Performance

Abstract

WebAssembly is an increasingly popular lightweight binary instruction format, which can be efficiently embedded and sandboxed. Languages like C, C++, Rust, Go, and many others can be compiled into WebAssembly. This paper describes Twine, a WebAssembly trusted runtime designed to execute unmodified, language-independent applications. We leverage Intel SGX to build the runtime environment without dealing with language-specific, complex APIs. While SGX hardware provides secure execution within the processor, Twine provides a secure, sandboxed software runtime nested within an SGX enclave, featuring a WebAssembly system interface (WASI) for compatibility with unmodified WebAssembly applications. We evaluate Twine with a large set of general-purpose benchmarks and real-world applications. In particular, we used Twine to implement a secure, trusted version of SQLite, a well-known full-fledged embeddable database. We believe that such a trusted database would be a reasonable component to build many larger application services. Our evaluation shows that SQLite can be fully executed inside an SGX enclave via WebAssembly and existing system interface, with similar average performance overheads. We estimate that the performance penalties measured are largely compensated by the additional security guarantees and its full compatibility with standard WebAssembly. An in-depth analysis of our results indicates that performance can be greatly improved by modifying some of the underlying libraries. We describe and implement one such modification in the paper, showing up to $4.1\times$ speedup. Twine is open-source, available at GitHub along with instructions to reproduce our experiments., Comment: This publication incorporates results from the VEDLIoT project, which received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement No 957197

Published

2021

27. ZipLine: In-Network Compression at Line Speed

Author

Vaucher, Sébastien, Yazdani, Niloofar, Felber, Pascal, Lucani, Daniel E., and Schiavoni, Valerio

Subjects

Computer Science - Networking and Internet Architecture, Computer Science - Performance

Abstract

Network appliances continue to offer novel opportunities to offload processing from computing nodes directly into the data plane. One popular concern of network operators and their customers is to move data increasingly faster. A common technique to increase data throughput is to compress it before its transmission. However, this requires compression of the data -- a time and energy demanding pre-processing phase -- and decompression upon reception -- a similarly resource consuming operation. Moreover, if multiple nodes transfer similar data chunks across the network hop (e.g., a given pair of switches), each node effectively wastes resources by executing similar steps. This paper proposes ZipLine, an approach to design and implement (de)compression at line speed leveraging the Tofino hardware platform which is programmable using the P4_16 language. We report on lessons learned while building the system and show throughput, latency and compression measurements on synthetic and real-world traces, showcasing the benefits and trade-offs of our design.

Published

2021

28. TEEMon: A continuous performance monitoring framework for TEEs

Author

Krahn, Robert, Dragoti, Donald, Gregor, Franz, Quoc, Do Le, Schiavoni, Valerio, Felber, Pascal, Souza, Clenimar, Brito, Andrey, and Fetzer, Christof

Subjects

Computer Science - Cryptography and Security, Computer Science - Distributed, Parallel, and Cluster Computing, Computer Science - Performance, C.4

Abstract

Trusted Execution Environments (TEEs), such as Intel Software Guard eXtensions (SGX), are considered as a promising approach to resolve security challenges in clouds. TEEs protect the confidentiality and integrity of application code and data even against privileged attackers with root and physical access by providing an isolated secure memory area, i.e., enclaves. The security guarantees are provided by the CPU, thus even if system software is compromised, the attacker can never access the enclave's content. While this approach ensures strong security guarantees for applications, it also introduces a considerable runtime overhead in part by the limited availability of protected memory (enclave page cache). Currently, only a limited number of performance measurement tools for TEE-based applications exist and none offer performance monitoring and analysis during runtime. This paper presents TEEMon, the first continuous performance monitoring and analysis tool for TEE-based applications. TEEMon provides not only fine-grained performance metrics during runtime, but also assists the analysis of identifying causes of performance bottlenecks, e.g., excessive system calls. Our approach smoothly integrates with existing open-source tools (e.g., Prometheus or Grafana) towards a holistic monitoring solution, particularly optimized for systems deployed through Docker containers or Kubernetes and offers several dedicated metrics and visualizations. Our evaluation shows that TEEMon's overhead ranges from 5% to 17%.

Published

2020

29. Promoting Computational Thinking Skills in Non-Computer-Science Students: Gamifying Computational Notebooks to Increase Student Engagement

Author

De Santo, Alessio, Farah, Juan Carlos, Martinez, Marc Lafuente, Moro, Arielle, Bergram, Kristoffer, Purohit, Aditya Kumar, Felber, Pascal, Gillet, Denis, and Holzer, Adrian

Abstract

Computational thinking (CT) skills are becoming increasingly relevant for future professionals across all domains, beyond computer science (CS). As such, an increasing number of bachelor's and master's programs outside of the CS discipline integrate CT courses within their study program. At the same time, tools such as notebooks and interactive apps designed to support the teaching of programming concepts are becoming ever more popular. However, in non-CS majors, CT might not be perceived as essential, and students might lack the motivation to engage with such tools in order to acquire solid CT skills. This article presents a field study conducted with 115 students during a full semester on a novel computational notebook environment. It evaluates computational notebooks and CT skills in an introductory course on information technology for first-year undergraduates in business and economics. A multidimensional evaluation approach makes use of pre- and post-test surveys, lectures, and self-directed laboratory sessions tracking analytics. Our findings suggest that, in the process of learning CT for non-CS students, engagement in active learning activities can be a stronger determinant of learning outcomes than initial knowledge. Furthermore, gamifying computational notebooks can serve as a strong driver of active learning engagement, even more so than initial motivational factors.

Published

2022

30. PipeTune: Pipeline Parallelism of Hyper and System Parameters Tuning for Deep Learning Clusters

Author

Rocha, Isabelly, Morris, Nathaniel, Chen, Lydia Y., Felber, Pascal, Birke, Robert, and Schiavoni, Valerio

Subjects

Computer Science - Distributed, Parallel, and Cluster Computing

Abstract

DNN learning jobs are common in today's clusters due to the advances in AI driven services such as machine translation and image recognition. The most critical phase of these jobs for model performance and learning cost is the tuning of hyperparameters. Existing approaches make use of techniques such as early stopping criteria to reduce the tuning impact on learning cost. However, these strategies do not consider the impact that certain hyperparameters and systems parameters have on training time. This paper presents PipeTune, a framework for DNN learning jobs that addresses the trade-offs between these two types of parameters. PipeTune takes advantage of the high parallelism and recurring characteristics of such jobs to minimize the learning cost via a pipelined simultaneous tuning of both hyper and system parameters. Our experimental evaluation using three different types of workloads indicates that PipeTune achieves up to 22.6% reduction and 1.7x speed up on tuning and training time, respectively. PipeTune not only improves performance but also lowers energy consumption up to 29%., Comment: European Commission Project: LEGaTO - Low Energy Toolset for Heterogeneous Computing (EC-H2020-780681)

Published

2020

31. TZ4Fabric: Executing Smart Contracts with ARM TrustZone

Author

Müller, Christina, Brandenburger, Marcus, Cachin, Christian, Felber, Pascal, Göttel, Christian, and Schiavoni, Valerio

Subjects

Computer Science - Distributed, Parallel, and Cluster Computing

Abstract

Blockchain technology promises to revolutionize manufacturing industries. For example, several supply-chain use-cases may benefit from transparent asset tracking and automated processes using smart contracts. Several real-world deployments exist where the transparency aspect of a blockchain is both an advantage and a disadvantage at the same time. The exposure of assets and business interaction represent critical risks. However, there are typically no confidentiality guarantees to protect the smart contract logic as well as the processed data. Trusted execution environments (TEE) are an emerging technology available in both edge or mobile-grade processors (e.g., Arm TrustZone) and server-grade processors (e.g., Intel SGX). TEEs shield both code and data from malicious attackers. This practical experience report presents TZ4Fabric, an extension of Hyperledger Fabric to leverage Arm TrustZone for the secure execution of smart contracts. Our design minimizes the trusted computing base executed by avoiding the execution of a whole Hyperledger Fabric node inside the TEE, which continues to run in untrusted environment. Instead, we restrict it to the execution of only the smart contract. The TZ4Fabric prototype exploits the open-source OP-TEE framework, as it supports deployments on cheap low-end devices (e.g., Raspberry Pis). Our experimental results highlight the performance trade-off due to the additional security guarantees provided by Arm TrustZone. TZ4Fabric will be released as open-source., Comment: European Commission Projet: LEGaTO - Low Energy Toolset for Heterogeneous Computing (EC-H2020-780681)

Published

2020

32. FaaSdom: A Benchmark Suite for Serverless Computing

Author

Maissen, Pascal, Felber, Pascal, Kropf, Peter, and Schiavoni, Valerio

Subjects

Computer Science - Distributed, Parallel, and Cluster Computing, C.4

Abstract

Serverless computing has become a major trend among cloud providers. With serverless computing, developers fully delegate the task of managing the servers, dynamically allocating the required resources, as well as handling availability and fault-tolerance matters to the cloud provider. In doing so, developers can solely focus on the application logic of their software, which is then deployed and completely managed in the cloud. Despite its increasing popularity, not much is known regarding the actual system performance achievable on the currently available serverless platforms. Specifically, it is cumbersome to benchmark such systems in a language- or runtime-independent manner. Instead, one must resort to a full application deployment, to later take informed decisions on the most convenient solution along several dimensions, including performance and economic costs. FaaSdom is a modular architecture and proof-of-concept implementation of a benchmark suite for serverless computing platforms. It currently supports the current mainstream serverless cloud providers (i.e., AWS, Azure, Google, IBM), a large set of benchmark tests and a variety of implementation languages. The suite fully automatizes the deployment, execution and clean-up of such tests, providing insights (including historical) on the performance observed by serverless applications. FaaSdom also integrates a model to estimate budget costs for deployments across the supported providers. FaaSdom is open-source and available at https://github.com/bschitter/benchmark-suite-serverless-computing., Comment: ACM DEBS'20

Published

2020

33. Hermes: Enabling Energy-efficient IoT Networks with Generalized Deduplication

Author

Göttel, Christian, Nielsen, Lars, Yazdani, Niloofar, Felber, Pascal, Lucani, Daniel E., and Schiavoni, Valerio

Subjects

Computer Science - Distributed, Parallel, and Cluster Computing

Abstract

With the advent of the Internet of Things (IoT), the ever growing number of connected devices observed in recent years and foreseen for the next decade suggests that more and more data will have to be transmitted over a network, before being processed and stored in data centers. Generalized deduplication (GD) is a novel technique to effectively reduce the data storage cost by identifying similar data chunks, and able to gradually reduce the pressure from the network infrastructure by limiting the data that needs to be transmitted. This paper presents Hermes, an application-level protocol for the data-plane that can operate over generalized deduplication, as well as over classic deduplication. Hermes significantly reduces the data transmission traffic while effectively decreasing the energy footprint, a relevant matter to consider in the context of IoT deployments. We fully implemented Hermes and evaluated its performance using consumer-grade IoT devices (e.g., Raspberry Pi 4B models). Our results highlight several trade-offs that must be taken into account when considering real-world workloads., Comment: This work was partially financed by the SCALE-IoT Project (Grant No. 7026-00042B) granted by the Independent Research Fund Denmark, by the Aarhus Universitets Forskningsfond (AUFF) Starting Grant Project AUFF- 2017-FLS-7-1, and Aarhus University's DIGIT Centre. European Commission Project: LEGaTO - Low Energy Toolset for Heterogeneous Computing (EC-H2020-780681)

Published

2020

34. Trust Management as a Service: Enabling Trusted Execution in the Face of Byzantine Stakeholders

Author

Gregor, Franz, Ozga, Wojciech, Vaucher, Sébastien, Pires, Rafael, Quoc, Do Le, Arnautov, Sergei, Martin, André, Schiavoni, Valerio, Felber, Pascal, and Fetzer, Christof

Subjects

Computer Science - Cryptography and Security, Computer Science - Distributed, Parallel, and Cluster Computing

Abstract

Trust is arguably the most important challenge for critical services both deployed as well as accessed remotely over the network. These systems are exposed to a wide diversity of threats, ranging from bugs to exploits, active attacks, rogue operators, or simply careless administrators. To protect such applications, one needs to guarantee that they are properly configured and securely provisioned with the "secrets" (e.g., encryption keys) necessary to preserve not only the confidentiality, integrity and freshness of their data but also their code. Furthermore, these secrets should not be kept under the control of a single stakeholder - which might be compromised and would represent a single point of failure - and they must be protected across software versions in the sense that attackers cannot get access to them via malicious updates. Traditional approaches for solving these challenges often use ad hoc techniques and ultimately rely on a hardware security module (HSM) as root of trust. We propose a more powerful and generic approach to trust management that instead relies on trusted execution environments (TEEs) and a set of stakeholders as root of trust. Our system, PALAEMON, can operate as a managed service deployed in an untrusted environment, i.e., one can delegate its operations to an untrusted cloud provider with the guarantee that data will remain confidential despite not trusting any individual human (even with root access) nor system software. PALAEMON addresses in a secure, efficient and cost-effective way five main challenges faced when developing trusted networked applications and services. Our evaluation on a range of benchmarks and real applications shows that PALAEMON performs efficiently and can protect secrets of services without any change to their source code., Comment: European Commission Project: LEGaTO - Low Energy Toolset for Heterogeneous Computing (EC-H2020-780681)

Published

2020

35. Capacity planning for dependable services

Author

Faqeh, Rasha, Martin, André, Schiavoni, Valerio, Bhatotia, Pramod, Felber, Pascal, and Fetzer, Christof

Published

2023

36. A Wait-Free Universal Construct for Large Objects

Author

Correia, Andreia, Ramalhete, Pedro, and Felber, Pascal

Subjects

Computer Science - Distributed, Parallel, and Cluster Computing

Abstract

Concurrency has been a subject of study for more than 50 years. Still, many developers struggle to adapt their sequential code to be accessed concurrently. This need has pushed for generic solutions and specific concurrent data structures. Wait-free universal constructs are attractive as they can turn a sequential implementation of any object into an equivalent, yet concurrent and wait-free, implementation. While highly relevant from a research perspective, these techniques are of limited practical use when the underlying object or data structure is sizable. The copy operation can consume much of the CPU's resources and significantly degrade performance. To overcome this limitation, we have designed CX, a multi-instance-based wait-free universal construct that substantially reduces the amount of copy operations. The construct maintains a bounded number of instances of the object that can potentially be brought up to date. We applied CX to several sequential implementations of data structures, including STL implementations, and compared them with existing wait-free constructs. Our evaluation shows that CX performs significantly better in most experiments, and can even rival with hand-written lock-free and wait-free data structures, simultaneously providing wait-free progress, safe memory reclamation and high reader scalability., Comment: Source code available on github https://github.com/pramalhe/CX

Published

2019

37. ABEONA: an Architecture for Energy-Aware Task Migrations from the Edge to the Cloud

Author

Rocha, Isabelly, Vinha, Gabriel, Brito, Andrey, Felber, Pascal, Pasin, Marcelo, and Schiavoni, Valerio

Subjects

Computer Science - Distributed, Parallel, and Cluster Computing

Abstract

This paper presents our preliminary results with ABEONA, an edge-to-cloud architecture that allows migrating tasks from low-energy, resource-constrained devices on the edge up to the cloud. Our preliminary results on artificial and real world datasets show that it is possible to execute workloads in a more efficient manner energy-wise by scaling horizontally at the edge, without negatively affecting the execution runtime., Comment: European Commission Project: LEGaTO - Low Energy Toolset for Heterogeneous Computing (EC-H2020-780681)

Published

2019

38. Network-Aware Container Scheduling in Multi-Tenant Data Center

Author

Rodrigues, Leonardo R., Pasin, Marcelo, Alves Jr., Omir C., Miers, Charles C., Pillon, Mauricio A., Felber, Pascal, and Koslovski, Guilherme P.

Subjects

Computer Science - Distributed, Parallel, and Cluster Computing

Abstract

Network management on multi-tenant container-based data centers has critical impact on performance. Tenants encapsulate applications in containers abstracting away details on hosting infrastructures, and entrust data centers management framework with the provisioning of network QoS requirements. In this paper, we propose a network-aware multi-criteria container scheduler to jointly process containers and network requirements. We introduce a new Mixed Integer Linear Programming formulation for network-aware scheduling encompassing both tenants and providers metrics. We describe two GPU-accelerated modules to address the complexity barrier of the problem and efficiently process scheduling requests. Our experiments show that our scheduling approach accounting for both network and containers outperforms traditional algorithms used by containers orchestrators., Comment: European Commission Project: LEGaTO - Low Energy Toolset for Heterogeneous Computing (EC-H2020-780681). Preprint of paper to appear at 2019 IEEE GLOBECOM, Global Communications Conference. 9-13 December 2019, Waikaloa (HI), USA

Published

2019

39. iperfTZ: Understanding Network Bottlenecks for TrustZone-based Trusted Applications

Author

Göttel, Christian, Felber, Pascal, and Schiavoni, Valerio

Subjects

Computer Science - Distributed, Parallel, and Cluster Computing

Abstract

The growing availability of hardware-based trusted execution environments (TEEs) in commodity processors has recently advanced support (i.e., design, implementation and deployment frameworks) for network-based secure services. Examples of such TEEs include ARM TrustZone or Intel SGX, largely available in embedded, mobile and server-grade processors. TEEs shield services from compromised hosts, malicious users or powerful attackers. TEE-enabled devices are largely being deployed on the edge of the network, paving the way for large-scale deployments of trusted applications. These applications allow processing and disseminating sensitive data without having to trust cloud providers. However, uncovering network performance limitations of such trusted applications is difficult and currently lacking, despite the interest and reliance by developers and system deployers. iperfTZ is an open-source tool to uncover network performance bottlenecks rooted at the design and implementation of trusted applications for ARM TrustZone and underlying runtime systems. Our evaluation based on micro-benchmarks shows current trade-offs for trusted applications, both from a network as well as an energy perspective; an often overlooked yet relevant aspect for edge-based deployments., Comment: European Commission Project: LEGaTO - Low Energy Toolset for Heterogeneous Computing (EC-H2020-780681)

Published

2019

40. Differential Approximation and Sprinting for Multi-Priority Big Data Engines

Author

Birke, Robert, Rocha, Isabelly, Perez, Juan, Schiavoni, Valerio, Felber, Pascal, and Chen, Lydia Y.

Subjects

Computer Science - Distributed, Parallel, and Cluster Computing

Abstract

Today's big data clusters based on the MapReduce paradigm are capable of executing analysis jobs with multiple priorities, providing differential latency guarantees. Traces from production systems show that the latency advantage of high-priority jobs comes at the cost of severe latency degradation of low-priority jobs as well as daunting resource waste caused by repetitive eviction and re-execution of low-priority jobs. We advocate a new resource management design that exploits the idea of differential approximation and sprinting. The unique combination of approximation and sprinting avoids the eviction of low-priority jobs and its consequent latency degradation and resource waste. To this end, we designed, implemented and evaluated DiAS, an extension of the Spark processing engine to support deflate jobs by dropping tasks and to sprint jobs. Our experiments on scenarios with two and three priority classes indicate that DiAS achieves up to 90% and 60% latency reduction for low- and high-priority jobs, respectively. DiAS not only eliminates resource waste but also (surprisingly) lowers energy consumption up to 30% at only a marginal accuracy loss for low-priority jobs., Comment: European Commission Project: LEGaTO - Low Energy Toolset for Heterogeneous Computing (EC-H2020-780681)

Published

2019

41. Anonymous and confidential file sharing over untrusted clouds

Author

Contiu, Stefan, Vaucher, Sébastien, Pires, Rafael, Pasin, Marcelo, Felber, Pascal, and Réveillère, Laurent

Subjects

Computer Science - Cryptography and Security, Computer Science - Distributed, Parallel, and Cluster Computing

Abstract

Using public cloud services for storing and sharing confidential data requires end users to cryptographically protect both the data and the access to the data. In some cases, the identity of end users needs to remain confidential against the cloud provider and fellow users accessing the data. As such, the underlying cryptographic access control mechanism needs to ensure the anonymity of both data producers and consumers. We introduce A-SKY, a cryptographic access control extension capable of providing confidentiality and anonymity guarantees, all while efficiently scaling to large organizations. A-SKY leverages trusted execution environments (TEEs) to address the impracticality of anonymous broadcast encryption (ANOBE) schemes, achieving faster execution times and shorter ciphertexts. The innovative design of A-SKY limits the usage of the TEE to the narrow set of data producing operations, and thus optimizes the dominant data consumption actions by not requiring a TEE. Furthermore, we propose a scalable implementation for A-SKY leveraging micro-services that preserves strong security guarantees while being able to efficiently manage realistic large user bases. Results highlight that the A-SKY cryptographic scheme is 3 orders of magnitude better than state of the art ANOBE, and an end-to-end system encapsulating A-SKY can elastically scale to support groups of 10 000 users while maintaining processing costs below 1 second.

Published

2019

42. Malware in the SGX supply chain: Be careful when signing enclaves!

Author

Crăciun, Vlad, Felber, Pascal, Mogage, Andrei, Onica, Emanuel, and Pires, Rafael

Subjects

Computer Science - Cryptography and Security

Abstract

Malware attacks are a significant part of the new software security threats detected each year. Intel Software Guard Extensions (SGX) are a set of hardware instructions introduced by Intel in their recent lines of processors that are intended to provide a secure execution environment for user-developed applications. To our knowledge, there was no serious attempt yet to overcome the SGX protection by exploiting the weaknesses in the software supply chain infrastructure, namely at the level of the development, build or signing servers. While SGX protection does not specifically take into consideration such threats, we show in the current paper that a simple malware attack exploiting a separation between the build and signing processes can have a serious damaging impact, practically nullifying SGX integrity protection measures. We also explore two possible mitigations against the attack, one centralized leveraging SGX itself, and one distributed that relies on a smart contract deployed on a blockchain infrastructure. Our evaluation shows that both methods are feasible in practice and their added costs are acceptable for the offered protection., Comment: European Union's Horizon 2020 research and innovation programme (H2020-692178)

Published

2019

43. HEATS: Heterogeneity- and Energy-Aware Task-based Scheduling

Author

Rocha, Isabelly, Göttel, Christian, Felber, Pascal, Pasin, Marcelo, Rouvoy, Romain, and Schiavoni, Valerio

Subjects

Computer Science - Distributed, Parallel, and Cluster Computing

Abstract

Cloud providers usually offer diverse types of hardware for their users. Customers exploit this option to deploy cloud instances featuring GPUs, FPGAs, architectures other than x86 (e.g., ARM, IBM Power8), or featuring certain specific extensions (e.g, Intel SGX). We consider in this work the instances used by customers to deploy containers, nowadays the de facto standard for micro-services, or to execute computing tasks. In doing so, the underlying container orchestrator (e.g., Kubernetes) should be designed so as to take into account and exploit this hardware diversity. In addition, besides the feature range provided by different machines, there is an often overlooked diversity in the energy requirements introduced by hardware heterogeneity, which is simply ignored by default container orchestrator's placement strategies. We introduce HEATS, a new task-oriented and energy-aware orchestrator for containerized applications targeting heterogeneous clusters. HEATS allows customers to trade performance vs. energy requirements. Our system first learns the performance and energy features of the physical hosts. Then, it monitors the execution of tasks on the hosts and opportunistically migrates them onto different cluster nodes to match the customer-required deployment trade-offs. Our HEATS prototype is implemented within Google's Kubernetes. The evaluation with synthetic traces in our cluster indicate that our approach can yield considerable energy savings (up to 8.5%) and only marginally affect the overall runtime of deployed tasks (by at most 7%). HEATS is released as open-source., Comment: European Commission Project: LEGaTO - Low Energy Toolset for Heterogeneous Computing (EC-H2020-780681)

Published

2019

44. Stress-SGX: Load and Stress your Enclaves for Fun and Profit

Author

Vaucher, Sébastien, Schiavoni, Valerio, and Felber, Pascal

Subjects

Computer Science - Performance, Computer Science - Distributed, Parallel, and Cluster Computing

Abstract

The latest generation of Intel processors supports Software Guard Extensions (SGX), a set of instructions that implements a Trusted Execution Environment (TEE) right inside the CPU, by means of so-called enclaves. This paper presents Stress-SGX, an easy-to-use stress-test tool to evaluate the performance of SGX-enabled nodes. We build on top of the popular Stress-NG tool, while only keeping the workload injectors (stressors) that are meaningful in the SGX context. We report on several insights and lessons learned about porting legacy code to run inside an SGX enclave, as well as the limitations introduced by this process. Finally, we use Stress-SGX to conduct a study comparing the performance of different SGX-enabled machines., Comment: European Commission Project: LEGaTO - Low Energy Toolset for Heterogeneous Computing (EC-H2020-780681)

Published

2019

45. Developing Secure Services for IoT with OP-TEE: A First Look at Performance and Usability

Author

Göttel, Christian, Felber, Pascal, and Schiavoni, Valerio

Subjects

Computer Science - Distributed, Parallel, and Cluster Computing

Abstract

The implementation, deployment and testing of secure services for Internet of Things devices is nowadays still at an early stage. Several frameworks have recently emerged to help developers realize such services, abstracting the complexity of the many types of underlying hardware platforms and software libraries. Assessing the performance and usability of a given framework remains challenging, as they are largely influenced by the application and workload considered, as well as the target hardware. Since 15 years, ARM processors are providing support for TrustZone, a set of security instructions that realize a trusted execution environment inside the processor. OP-TEE is a free-software framework to implement trusted applications and services for TrustZone. In this short paper we show how one can leverage OP-TEE for implementing a secure service (i.e., a key-value store). We deploy and evaluate the performance of this trusted service on common Raspberry Pi hardware platforms. We report our experimental results with the data store and also compare it against OP-TEE's built-in secure storage., Comment: European Commission Project: LEGaTO - Low Energy Toolset for Heterogeneous Computing (EC-H2020-780681)

Published

2019

46. Security, Performance and Energy Trade-offs of Hardware-assisted Memory Protection Mechanisms

Author

Göttel, Christian, Pires, Rafael, Rocha, Isabelly, Vaucher, Sébastien, Felber, Pascal, Pasin, Marcelo, and Schiavoni, Valerio

Subjects

Computer Science - Distributed, Parallel, and Cluster Computing

Abstract

The deployment of large-scale distributed systems, e.g., publish-subscribe platforms, that operate over sensitive data using the infrastructure of public cloud providers, is nowadays heavily hindered by the surging lack of trust toward the cloud operators. Although purely software-based solutions exist to protect the confidentiality of data and the processing itself, such as homomorphic encryption schemes, their performance is far from being practical under real-world workloads. The performance trade-offs of two novel hardware-assisted memory protection mechanisms, namely AMD SEV and Intel SGX - currently available on the market to tackle this problem, are described in this practical experience. Specifically, we implement and evaluate a publish/subscribe use-case and evaluate the impact of the memory protection mechanisms and the resulting performance. This paper reports on the experience gained while building this system, in particular when having to cope with the technical limitations imposed by SEV and SGX. Several trade-offs that provide valuable insights in terms of latency, throughput, processing time and energy requirements are exhibited by means of micro- and macro-benchmarks., Comment: European Commission Project: LEGaTO - Low Energy Toolset for Heterogeneous Computing (EC-H2020-780681)

Published

2019

47. PubSub-SGX: Exploiting Trusted Execution Environments for Privacy-Preserving Publish/Subscribe Systems

Author

Arnautov, Sergei, Brito, Andrey, Felber, Pascal, Fetzer, Christof, Gregor, Franz, Krahn, Robert, Ozga, Wojciech, Martin, André, Schiavoni, Valerio, Silva, Fábio, Tenorio, Marcus, and Thümmel, Nikolaus

Subjects

Computer Science - Distributed, Parallel, and Cluster Computing

Abstract

This paper presents PUBSUB-SGX, a content-based publish-subscribe system that exploits trusted execution environments (TEEs), such as Intel SGX, to guarantee confidentiality and integrity of data as well as anonymity and privacy of publishers and subscribers. We describe the technical details of our Python implementation, as well as the required system support introduced to deploy our system in a container-based runtime. Our evaluation results show that our approach is sound, while at the same time highlighting the performance and scalability trade-offs. In particular, by supporting just-in-time compilation inside of TEEs, Python programs inside of TEEs are in general faster than when executed natively using standard CPython.

Published

2019

48. Capacity Planning for Dependable Services

Author

Faqeh, Rasha, Martin, André, Schiavoni, Valerio, Bhatotia, Pramod, Felber, Pascal, Fetzer, Christof, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Devismes, Stéphane, editor, Petit, Franck, editor, Altisen, Karine, editor, Di Luna, Giuseppe Antonio, editor, and Fernandez Anta, Antonio, editor

Published

2022

49. Alpha Entanglement Codes: Practical Erasure Codes to Archive Data in Unreliable Environments

Author

Estrada-Galiñanes, Vero, Miller, Ethan, Felber, Pascal, and Pâris, Jehan-François

Subjects

Computer Science - Distributed, Parallel, and Cluster Computing, Computer Science - Cryptography and Security, Computer Science - Information Theory

Abstract

Data centres that use consumer-grade disks drives and distributed peer-to-peer systems are unreliable environments to archive data without enough redundancy. Most redundancy schemes are not completely effective for providing high availability, durability and integrity in the long-term. We propose alpha entanglement codes, a mechanism that creates a virtual layer of highly interconnected storage devices to propagate redundant information across a large scale storage system. Our motivation is to design flexible and practical erasure codes with high fault-tolerance to improve data durability and availability even in catastrophic scenarios. By flexible and practical, we mean code settings that can be adapted to future requirements and practical implementations with reasonable trade-offs between security, resource usage and performance. The codes have three parameters. Alpha increases storage overhead linearly but increases the possible paths to recover data exponentially. Two other parameters increase fault-tolerance even further without the need of additional storage. As a result, an entangled storage system can provide high availability, durability and offer additional integrity: it is more difficult to modify data undetectably. We evaluate how several redundancy schemes perform in unreliable environments and show that alpha entanglement codes are flexible and practical codes. Remarkably, they excel at code locality, hence, they reduce repair costs and become less dependent on storage locations with poor availability. Our solution outperforms Reed-Solomon codes in many disaster recovery scenarios., Comment: The publication has 12 pages and 13 figures. This work was partially supported by Swiss National Science Foundation SNSF Doc.Mobility 162014, 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)

Published

2018

50. SGX-Aware Container Orchestration for Heterogeneous Clusters

Author

Vaucher, Sébastien, Pires, Rafael, Felber, Pascal, Pasin, Marcelo, Schiavoni, Valerio, and Fetzer, Christof

Subjects

Computer Science - Distributed, Parallel, and Cluster Computing

Abstract

Containers are becoming the de facto standard to package and deploy applications and micro-services in the cloud. Several cloud providers (e.g., Amazon, Google, Microsoft) begin to offer native support on their infrastructure by integrating container orchestration tools within their cloud offering. At the same time, the security guarantees that containers offer to applications remain questionable. Customers still need to trust their cloud provider with respect to data and code integrity. The recent introduction by Intel of Software Guard Extensions (SGX) into the mass market offers an alternative to developers, who can now execute their code in a hardware-secured environment without trusting the cloud provider. This paper provides insights regarding the support of SGX inside Kubernetes, an industry-standard container orchestrator. We present our contributions across the whole stack supporting execution of SGX-enabled containers. We provide details regarding the architecture of the scheduler and its monitoring framework, the underlying operating system support and the required kernel driver extensions. We evaluate our complete implementation on a private cluster using the real-world Google Borg traces. Our experiments highlight the performance trade-offs that will be encountered when deploying SGX-enabled micro-services in the cloud., Comment: Presented in the 38th IEEE International Conference on Distributed Computing Systems (ICDCS 2018)

Published

2018