DOCSLIB.ORG

Certicloud and Jshadobf Towards Integrity and Software Protection in Cloud Computing Platforms

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Certicloud and Jshadobf Towards Integrity and Software Protection in Cloud Computing Platforms PhD-FSTC-2013-36 The Faculty of Sciences, Technology and Communication Dissertation Defense held on 20/12/2013 in Luxembourg to obtain the degree of Docteur de l'Universite´ de Luxembourg En Informatique by Beno^ıt Bertholon Born on June 12th, 1986 in Clermont Ferrand (France) CertiCloud and JShadObf Towards Integrity and Software Protection in Cloud Computing Platforms Dissertation Defense Commitee Prof. Dr. Pascal Bouvry, Ph.D. supervisor Professor, University of Luxembourg Prof. Dr. Christian Collberg Professor, University of Arizona, US Prof. Dr. Yves Le Traon, Chairman Professor, University of Luxembourg Dr. Jean-Louis Roch, Vice Chairman Assistant Professor, INRIA, France Dr. S´ebastien Varrette, Ph.D co-advisor Research Associate, University of Luxembourg ii Abstract A simple concept that has emerged out of the notion of heterogeneous distributed computing is that of Cloud Computing (CC) where customers do not own any part of the infrastructure; they simply use the available services and pay for what they use. This approach is often viewed as the next ICT revolution, similar to the birth of the Web or the e-commerce. Indeed, since its advent in the middle of the 2000's, the CC paradigm arouse enthusiasm and interest from the industry and the private sector, probably because it formalizes a concept that reduces computing cost at a time where computing power is key to reach competitiveness. Despite the initiative of several major vendors to propose CC services (Amazon, Google, Microsoft etc.), several security research questions remain open to transform the current euphoria into a wide acceptance. Moreover, these questions are not always tackled from the user's point of view. In this context, the purpose of this thesis is to investigate and design novel mechanisms to cover the following domains: Integrity and confidentiality of Infrastructure-as-a-Service (IaaS) infrastructures, to • provide guarantees on programs and data running in a virtualised environment, either before, during or after a deployment on the CC platform. Software protection on Software-as-a-Service (SaaS) and Platform-as-a-Service (PaaS) • architectures, using code obfuscation techniques. This dissertation details thus two main contributions. The first one is the development and implementation of CertiCloud, a CC framework which relies on the concepts developed in the Trusted Computing Group (TCG) together with hardware elements, i.e., Trusted Platform Module (TPM) to offer a secured and reassuring environment within IaaS platforms. At the heart of CertiCloud reside two protocols: TCRR and VerifyMyVM. When the first one asserts the integrity of a remote resource and permits to exchange a private symmetric key, the second authorizes the user to detect trustfully and on demand any tampering attempt on its running VM. These protocols being key components in the proposed framework, their analysis against known cryptanalytic attacks has been deeply analysed and testified by their successful validation by AVISPA [1] and Scyther [66], two reference tools for the automatic verification of security protocols. The second major contribution proposed in this manuscript is an obfuscation framework named JShadObf, designed to improve the protection of Javascript-based software running typically on SaaS and PaaS platforms. This framework combines obfuscation transformations, code complexity measurements and Multi-Objective Evolutionary Algorithms (MOEAs) to protect Javascript code, the most ubiquitous programming language at the heart of most modern web services deployed over those CC infrastructures such as Google Office Apps, Dropbox or Doodle. iii iv To Kristine & Edouard-Gabriel v vi Acknowledgements I would like to thank my advisers, Professor Pascal Bouvry and Doctor S´ebastien Varrette for giving me the opportunity to do a PhD at the University of Luxembourg and for their help during these 4 years of studies. With their support I was able to investigate the issues I was interested in, while being well supervised and advised. I was very happy to work in the team of Professor Bouvry and I thank all the members (former and current) of the team: Agata, Ana-Maria, Apivadee, Bernabe, Cesar, Fr´ed´eric,Gr´egoire,Guillaume, Hyacinthe, Jakub, Johnatan, Juanlu, Julien, Marcint, Mateusz, Patricia, S´ebastien,Sune, Xavier, Yoann for their collaboration but more importantly for their friendship and all the good moments we spent together. Thanks to Ton Van Deursen for his help with protocol verification, especially with Scyther, to Bernabe Doronsoro and Gregoire Danoy for the Evolutionary Algorithm insight and recommendations, and also to Frederic Pinel for his help with statistical analysis and the discussions on programming languages. And finally, I would like to thank my thesis defence committee: Pascal Bouvry, Christian Collberg, Jean-Louis Roch, Yves Le Traon and S´ebastienVarrette for their presence and their reviews of this dissertation. I'm grateful to Kristine for being supportive in every moment, especially the difficult ones during the writing period and for the review of the manuscript, to Edouard-Gabriel for keeping me awake during nights ;), and to my parents for their support and love. Supported by the Fonds National de la Recherche, Luxembourg (PHD-09-142) vii viii Contents Abstract iii Acknowledgements vii 1 Introduction 1 1.1 Context . .1 1.2 Motivations . .2 1.3 Contributions . .2 1.4 Dissertation Outline . .5 I Background 7 2 Cloud Computing and Distributed Systems 9 2.1 Distributed Systems . .9 2.1.1 Deployment types of Distributed Systems . 10 2.1.2 Types of Distributed Systems . 10 2.2 The Cloud Computing Paradigm . 10 2.2.1 Software-as-a-Service (SaaS) . 11 2.2.2 Platform-as-a-Service (PaaS) . 12 2.2.3 Infrastructure-as-a-Service (IaaS) . 12 2.2.4 Deployment models . 14 2.3 Overview of the main Cloud Computing Middlewares . 15 2.3.1 Eucalyptus . 15 2.3.2 OpenNebula . 16 2.3.3 OpenStack . 17 2.3.4 Nimbus . 18 2.4 Promises and Open Issues in IaaS Cloud Computing . 18 2.4.1 Computing performances . 19 2.4.2 Reliability . 19 2.4.3 Interoperability . 19 2.4.4 Information security . 19 3 Cryptographic Primitives to Enhance Computer Systems 21 3.1 Introduction . 21 3.2 Encryption . 22 3.2.1 Symmetric Encryption . 24 3.2.2 Asymmetric Encryption . 25 3.3 Hash Functions . 26 3.3.1 Checksums . 26 3.3.2 Cryptographic Hash . 26 3.3.3 Hash Message Authentication Code (HMAC) . 27 3.4 Public-Key Infrastructure and Digital Signatures . 27 3.4.1 Digital Signature . 27 ix x CONTENTS 3.4.2 Key Distribution . 28 3.5 Open issues in Computer Security . 29 4 Hardware Security 31 4.1 Taxonomy of Hardware Attacks . 31 4.1.1 Class of Attackers . 31 4.1.2 Type of Attacks . 32 4.2 Trusted Platform Modules . 33 4.2.1 Trusted Computing (TC) and the Chain of Trust . 33 4.2.2 TPM Components . 34 4.2.3 Open-source Community and the TPM . 36 4.3 Open issues in Hardware Security . 38 4.3.1 No Unbreakable Hardware . 38 4.3.2 User's Privacy Concerns . 38 4.3.3 TPM protections for CC platforms . 38 5 Software Protections: from BIOS to Applications 41 5.1 Software Security: Operating System Level . 41 5.1.1 Anti-virus and Malware . 41 5.1.2 Firewall . 42 5.1.3 Intrusion Detection Systems . 42 5.2 Software Security: Application Level . 42 5.2.1 Anti-debugger . 42 5.2.2 Anti-disassembly . 43 5.2.3 Anti-modification Techniques . 43 5.2.4 Self-modification for Code Obfuscation . 43 5.3 Open Issues in Software Protection . 44 II Platform Protection in a Cloud Environment (CertiCloud) 47 6 Security of Protocols: Methods and Tools 49 6.1 Automatic Analysis of Security Protocol . 49 6.2 Verification of Models . 49 6.2.1 Proof-based vs Model-based . 50 6.2.2 Model checker for Protocol Verification . 51 6.3 Scyther . 51 6.4 AVISPA . 51 6.5 Conclusion . 52 7 The CertiCloud framework: a Novel TPM-based Approach to Ensure Cloud IaaS Security 53 7.1 Introduction . 53 7.2 Related Work . 54 7.3 Context and Assumptions . 55 7.4 Preparation of the Virtual Machine Image (VMI) and the Virtual Machine (VM) request 56 7.5 TPM-based Certification of a Remote Resource (TCRR) . 56 7.5.1 Node Integrity Check (msg 1-4) . 57 7.5.2 User Session-key Exchange (msg 5-8) . 59 7.5.3 TCRR Protocol Validation . 59 7.5.4 The Platform Configuration Registers (PCRs) comparison problem . 59 CONTENTS xi 7.6 CertiCloud Framework . 60 7.7 VerifyMyVM .......................................... 63 7.7.1 The VerifyMyVM Hypothesis . 64 7.7.2 The VerifyMyVM Protocol . 64 7.7.3 VerifyMyVM Protocol Validation . 65 7.8 Implementation . ..
Load more

Recommended publications
  • Trusted Platform Module (TPM) Quick Reference Guide
    Trusted Platform Module (TPM) Quick Reference Guide System builders/integrators should give this Guide to the system owners to assist them in enabling and activating the Trusted Platform Module. Warning of Potential Data Loss ..........................3 Trusted Platform Module (TPM) .........................5 System Requirements ........................................5 Security Precautions ..........................................5 Password Procedures ............................................. 6 Emergency Recovery File Back Up Procedures ........... 7 Hard Drive Image Backup Procedures....................... 7 Clear Text Backup (Optional) .................................. 7 Trusted Platform Module Ownership ..................8 Trusted Platform Module Software Installation..8 Enabling the Trusted Platform Module ...............8 Assuming Trusted Platform Module Ownership..9 Recovery Procedures ........................................10 How to Recover from a Hard Drive Failure ............... 10 How to Recover from a Desktop Board, coin battery or TPM Failure........................................... 10 Clearing Trusted Platform Module Ownership ...11 Support Links ....................................................12 INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL® PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER,
    [Show full text]
  • Trusted Platform Module (TPM) TCG 1.2 / 2.0
    Trusted Platform Module (TPM) TCG 1.2 / 2.0 USER GUIDE Revision 1.20 The information in this user's guide has been carefully reviewed and is believed to be accurate. The vendor assumes no responsibility for any inaccuracies that may be contained in this document, and makes no commitment to update or to keep current the information in this manual, or to notify any person or organization of the updates. Please Note: For the most up-to-date version of this manual, please see our website at www.supermicro.com. Super Micro Computer, Inc. ("Supermicro") reserves the right to make changes to the product described in this manual at any time and without notice. This product, including software and documentation, is the property of Supermicro and/ or its licensors, and is supplied only under a license. Any use or reproduction of this product is not allowed, except as expressly permitted by the terms of said license. IN NO EVENT WILL SUPER MICRO COMPUTER, INC. BE LIABLE FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, SPECULATIVE OR CONSEQUENTIAL DAMAGES ARISING FROM THE USE OR INABILITY TO USE THIS PRODUCT OR DOCUMENTATION, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN PARTICULAR, SUPER MICRO COMPUTER, INC. SHALL NOT HAVE LIABILITY FOR ANY HARDWARE, SOFTWARE, OR DATA STORED OR USED WITH THE PRODUCT, INCLUDING THE COSTS OF REPAIRING, REPLACING, INTEGRATING, INSTALLING OR RECOVERING SUCH HARDWARE, SOFTWARE, OR DATA. Any disputes arising between manufacturer and customer shall be governed by the laws of Santa Clara County in the State of California, USA. The State of California, County of Santa Clara shall be the exclusive venue for the resolution of any such disputes.
    [Show full text]
  • 16-Channel DAS with 16-Bit, Bipolar Input, Dual Simultaneous Sampling
    16-Channel DAS with 16-Bit, Bipolar Input, Dual Simultaneous Sampling ADC Data Sheet AD7616 FEATURES APPLICATIONS 16-channel, dual, simultaneously sampled inputs Power line monitoring Independently selectable channel input ranges Protective relays True bipolar: ±10 V, ±5 V, ±2.5 V Multiphase motor control Single 5 V analog supply and 2.3 V to 3.6 V VDRIVE supply Instrumentation and control systems Fully integrated data acquisition solution Data acquisition systems (DASs) Analog input clamp protection GENERAL DESCRIPTION Input buffer with 1 MΩ analog input impedance First-order antialiasing analog filter The AD7616 is a 16-bit, DAS that supports dual simultaneous On-chip accurate reference and reference buffer sampling of 16 channels. The AD7616 operates from a single 5 V Dual 16-bit successive approximation register (SAR) ADC supply and can accommodate ±10 V, ±5 V, and ±2.5 V true bipolar Throughput rate: 2 × 1 MSPS input signals while sampling at throughput rates up to 1 MSPS Oversampling capability with digital filter per channel pair with 90.5 dB SNR. Higher SNR performance can Flexible sequencer with burst mode be achieved with the on-chip oversampling mode (92 dB for an Flexible parallel/serial interface oversampling ratio (OSR) of 2). SPI/QSPI/MICROWIRE/DSP compatible The input clamp protection circuitry can tolerate voltages up to Optional cyclic redundancy check (CRC) error checking ±21 V. T h e AD7616 has 1 MΩ analog input impedance, regardless Hardware/software configuration of sampling frequency. The single-supply operation, on-chip Performance filtering, and high input impedance eliminate the need for 92 dB SNR at 500 kSPS (2× oversampling) driver op amps and external bipolar supplies.
    [Show full text]
  • Pitx-APL V2.0
    USER GUIDE pITX-APL V2.0 Doc. Rev. 1.4 Doc-ID: 1065-6365 pITX-APL V2.0 – Rev. 1.4 This page has been intentionally left blank pITX-APL V2.0 – Rev. 1.4 PITX-APL V2.0 – USER GUIDE Disclaimer Kontron would like to point out that the information contained in this manual may be subject to alteration, particularly as a result of the constant upgrading of Kontron products. This document does not entail any guarantee on the part of Kontron with respect to technical processes described in the manual or any product characteristics set out in the manual. Kontron assumes no responsibility or liability for the use of the described product(s), conveys no license or title under any patent, copyright or mask work rights to these products and makes no representations or warranties that these products are free from patent, copyright or mask work right infringement unless otherwise specified. Applications that are described in this manual are for illustration purposes only. Kontron makes no representation or warranty that such application will be suitable for the specified use without further testing or modification. Kontron expressly informs the user that this manual only contains a general description of processes and instructions which may not be applicable in every individual case. In cases of doubt, please contact Kontron. This manual is protected by copyright. All rights are reserved by Kontron. No part of this document may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language or computer language, in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), without the express written permission of Kontron.
    [Show full text]
  • The CLASP Application Security Process
    The CLASP Application Security Process Secure Software, Inc. Copyright (c) 2005, Secure Software, Inc. The CLASP Application Security Process The CLASP Application Security Process TABLE OF CONTENTS CHAPTER 1 Introduction 1 CLASP Status 4 An Activity-Centric Approach 4 The CLASP Implementation Guide 5 The Root-Cause Database 6 Supporting Material 7 CHAPTER 2 Implementation Guide 9 The CLASP Activities 11 Institute security awareness program 11 Monitor security metrics 12 Specify operational environment 13 Identify global security policy 14 Identify resources and trust boundaries 15 Identify user roles and resource capabilities 16 Document security-relevant requirements 17 Detail misuse cases 18 Identify attack surface 19 Apply security principles to design 20 Research and assess security posture of technology solutions 21 Annotate class designs with security properties 22 Specify database security configuration 23 Perform security analysis of system requirements and design (threat modeling) 24 Integrate security analysis into source management process 25 Implement interface contracts 26 Implement and elaborate resource policies and security technologies 27 Address reported security issues 28 Perform source-level security review 29 Identify, implement and perform security tests 30 The CLASP Application Security Process i Verify security attributes of resources 31 Perform code signing 32 Build operational security guide 33 Manage security issue disclosure process 34 Developing a Process Engineering Plan 35 Business objectives 35 Process
    [Show full text]
  • Software Tamperproofing
    Software Tamperproofing7 To tamperproof a program is to ensure that it “executes as intended,” even in the presence of an adversary who tries to disrupt, monitor, or change the execution. Note that this is different from obfuscation, where the intent is to make it difficult for the attacker to understand the program. In practice, the boundary between tam- perproofing and obfuscation is a blurry one: A program that is harder to understand because it’s been obfuscated ought also be more difficult to modify! For example, an attacker who can’t find the decrypt() function in a DRM media player because it’s been thoroughly obfuscated also won’t be able to modify it or even monitor it by setting a breakpoint on it. The dynamic obfuscation algorithms in Chapter 6 (Dynamic Obfuscation), in particular, have often been used to prevent tampering. In this book, we take the view that a pure tamperproofing algorithm not only makes tampering difficult but is also able to detect when tampering has occurred and to respond to the attack by in some way punishing the user. In practice, tamperproofing is always combined with obfuscation: 1. If you both obfuscate and tamperproof your code, an attacker who, in spite of the tamperproofing, is able to extract the code still has to de-obfuscate it in order to understand it; 2. Code that you insert to test for tampering or effect a response to tampering must be obfuscated in order to prevent the attacker from easily discovering it. 401 402 Software Tamperproofing Watermarking and tamperproofing are also related.
    [Show full text]
  • IS 13737 (1993): Isoinformation Technology
    इंटरनेट मानक Disclosure to Promote the Right To Information Whereas the Parliament of India has set out to provide a practical regime of right to information for citizens to secure access to information under the control of public authorities, in order to promote transparency and accountability in the working of every public authority, and whereas the attached publication of the Bureau of Indian Standards is of particular interest to the public, particularly disadvantaged communities and those engaged in the pursuit of education and knowledge, the attached public safety standard is made available to promote the timely dissemination of this information in an accurate manner to the public. “जान का अधकार, जी का अधकार” “परा को छोड न 5 तरफ” Mazdoor Kisan Shakti Sangathan Jawaharlal Nehru “The Right to Information, The Right to Live” “Step Out From the Old to the New” IS 13737 (1993): ISOInformation Technology - 130 mm Rewritable optical disk cartridges for information interchange [LITD 16: Computer Hardware, Peripherals and Identification Cards] “ान $ एक न भारत का नमण” Satyanarayan Gangaram Pitroda “Invent a New India Using Knowledge” “ान एक ऐसा खजाना > जो कभी चराया नह जा सकताह ै”ै Bhartṛhari—Nītiśatakam “Knowledge is such a treasure which cannot be stolen” IS 13737 : 1993 ISO/IEC 10089 : 1991 CONTENTS Page NationalForeword..........,..........................................‘.““““’ . (vii) 1 Scope 1 2 Conformance 1 3 Normative references 1 4 Conventions and notations 1 5 List of acronyms 2 6 Definitions 2 2 6. I case 2 6.2 Clamping Zone 6.3
    [Show full text]
  • Demystifying Anti-Repackaging on Android a ∗ a a a Alessio Merlo , , Antonio Ruggia , Luigi Sciolla and Luca Verderame
    You Shall not Repackage! Demystifying Anti-Repackaging on Android a < a a a Alessio Merlo , , Antonio Ruggia , Luigi Sciolla and Luca Verderame aDIBRIS - University of Genoa, Via Dodecaneso, 35, I-16146, Genoa, Italy. ARTICLEINFO ABSTRACT Keywords: App repackaging refers to the practice of customizing an existing mobile app and redistributing Android Security it in the wild. In this way, the attacker aims to force some mobile users to install the repackaged App Security (likely malicious) app instead of the original one. This phenomenon strongly affects Android, Anti-repackaging techniques where apps are available on public stores, and the only requirement for an app to execute properly Attacks to Anti-repackaging is to be digitally signed. Anti-tampering Anti-repackaging techniques try counteracting this attack by adding logical controls in the app at compile-time. Such controls activate in case of repackaging and lead the repackaged app to fail at runtime. On the other side, the attacker must detect and bypass the controls to repackage safely. The high-availability of working repackaged apps in the Android ecosystem suggests that the attacker’s side is winning. In this respect, this paper aims to bring out the main issues of the current anti-repackaging approaches. The contribution of the paper is three-fold: 1) analyze the weaknesses of the current state-of-the-art anti-repackaging schemes (i.e., Self-Protection through Dex Encryption, AppIS, SSN, SDC, BombDroid, and NRP), 2) summarize the main attack vectors to anti-repackaging techniques composing those schemes, and 3) show how such attack vectors allow circumventing the current proposals.
    [Show full text]
  • 1. Background This Paper Is About a Method for Recovering Data from Floppy Disks That Are Failing Due to “Weak Bits”
    A Method for Recovering Data From Failing Floppy Disks with a Practical Example Dr. Frederick B. Cohen, Ph.D. and Charles M. Preston Fred Cohen & Associates and California Sciences Institute Abstract: As floppy disks and other similar media age, they have a tendency to lose data because of the reduction in retention of electromagnetic fields over time associated with various environmental degradation factors. In attempting to read these disks, the coding techniques used to write them can be exploited along with the proposed fault mechanisms to demonstrate that repetitions of read attempts under proper conditions yield valid data subject to specific error modes. In many cases those errors can be partially or completely reversed by analysis of read results. A practical example involving a case of substantial legal value is used as an example of the application of these methods. Keywords: weak bits, floppy disks, digital forensics, coding, field density loss, the birthday problem, error inversion 1. Background This paper is about a method for recovering data from floppy disks that are failing due to “weak bits”. It describes a repetitive read technique that has successfully recovered data from failing floppy disks in forensic cases and describes analysis of the results of such repetitive reads in terms of yielding forensically sound data values. These techniques are not new or particularly unique; however, they are not widely published and analysis necessary to support their use in legal matters has not been found elsewhere. The particular matter used as an example in this analysis involved a floppy disk that was more than 15 years old and that contained the only copy of a binary assembled version of a software program that was subject to intellectual property claims of sufficient value to warrant recovery beyond the means normally used by commercial recovery firms.
    [Show full text]
  • Intel® Select Solutions for Microsoft SQL Server* on Windows Server
    SOLUTION BRIEF Intel® Select Solutions Enterprise Data Center Infrastructure April 2019 Intel® Select Solutions for Microsoft SQL Server* Business Operations Flexible, easy-to-deploy, scalable solutions optimized for performance enable organizations to achieve their needed results. The quantity, size, and complexity of data center workloads increases almost every day. It’s crucial that those workloads run on compute, network, and storage infrastructure that is ideally tuned—and tested—to deliver optimized performance. Intel® Select Solutions for Microsoft SQL Server* Business Operations are optimized for online transaction processing (OLTP) to provide that assurance. Intel Select Solutions are hardware and software stacks optimized for specific workloads. Intel and data center solution providers tune the configurations using Intel® Xeon® Scalable processors and Intel® technologies to help ensure enterprises receive their needed performance. Intel Select Solutions for SQL Server Business Operations SQL Server is one of the world’s most popular relational database management systems (RDBMSs). Intel Select Solutions for SQL Server Business Operations can help minimize the time, cost, and complexity required for an enterprise to evaluate hardware and software integrations. Intel Select Solutions are tested to deliver optimum performance, improved security, reliability, and agility. Intel Select Solutions for SQL Server Business Operations are not only optimized to meet current performance needs, they also include technologies ready to help reduce the complexity of meeting evolving data center needs. What Are Intel® Select Solutions? Intel Select Solutions are verified hardware and software stacks that are optimized for specific software workloads across compute, storage, and network. The solutions are developed from deep Intel experience with industry solution providers, in addition to extensive collaboration with the world’s leading data center and service providers.
    [Show full text]
  • Floppy Disc Controller Instruction Manual
    Part Number 2120-0067 OQ419 FLOPPY DISC CONTROLLER INSTRUCTION MANUAL March 1985 DISTRIBUTED LOGIC CORPORATION 1555 S. Sinclair Street P.O. Box 6270 ~R Anaheim, California 92806 I nmmI Telephone: (714) 937·5700 Telex: 6836051 Contents SECTION 1 - GENERAL INFORMATION 1.1 INTRODUCTION 1 1.2 GENERAL DESCRIPTION 2 1.3 COMPATIBILITY 2 1.4 LOGICAL TRACK FORMAT 3 1.4.1 Sector Header Field 3 1.4.2 Data Field 5 1.4.3 CRC - Cyclic Redundancy Check 5 1.5 RECORDING SCHEME 6 1.6 SPECIFICATIONS 6 SECTION 2 - INSTALLATION 2.1 CONTROLLER JUMPER CONFIGURATIONS 7 2.1.1 Device and Vector Address Selection 8 2.1.2 Device Interrupt Priority 9 2.1.3 Bootstrap 10 2.1.4 Wri te Precompensati on 10 2.1.5 Write Current Control 11 2.1.6 Drive Step Rate 11 2.2 DRIVE CONFIGURATIONS 11 2.3 CABLING 19 2.4 CONTROLLER INSTALLATION 21 2.5 INITIAL CHECKOUT 21 SECTION 3 - OPERATION 3.1 GENERAL INFORHATION 23 3.2 BOOTSTRAPPING 23 3.3 FORMATTING 24 3.4 FILL/WRITE OPERATION 25 3.5 READ/EMPTY OPERATION 27 3.6 OPERATION USING RT-ll 27 SECTION 4 - PROGRAMMING 4.1 GENERAL INFORMATION 29 4.2 COMMAND AND STATUS REGISTER - RXVCS (177170) 30 4.3 DATA BUFFER (177172) 31 4.3.1 Data Buffer Register (RXVDB) 32 4.3.2 Trace Address Register (RXVTA) 32 4.3.3 Sector Address Register (RXVSA) 32 4.3.4 Word Count Register (RXVWC) 32 4.3.5 Bus Address Register (RXVBA) 33 4.3.6 Error and Status Register (RXVES) 33 4.3.7 Bus Address Extension Register (RXVBAE) 35 i i ; 4.4 EXTENDED STATUS REGISTERS 35 4.5 COMMAND PROTOCOL 36 4.5.1 Fill Buffer (000) 36 4.5.2 Empty Buffer (001) 37 4.5.3 Write Buffer
    [Show full text]
  • Using Remote Attestation of Trust for Computer Forensics
    Using Remote Attestation of Trust for Computer Forensics Gabriela Claret Limonta Marquez School of Electrical Engineering Thesis submitted for examination for the degree of Master of Science in Technology. Espoo 20.11.2018 Supervisor Prof. Raimo Kantola Advisor Dr. Ian Oliver Copyright ⃝c 2018 Gabriela Claret Limonta Marquez Aalto University, P.O. BOX 11000, 00076 AALTO www.aalto.fi Abstract of the master’s thesis Author Gabriela Claret Limonta Marquez Title Using Remote Attestation of Trust for Computer Forensics Degree programme Computer, Communication and Information Sciences Major Communications Engineering Code of major ELEC3029 Supervisor Prof. Raimo Kantola Advisor Dr. Ian Oliver Date 20.11.2018 Number of pages 94+34 Language English Abstract Telecommunications systems are critical systems with high quality of service con- straints. In Network Function Virtualization (NFV), commonly known as the Telco Cloud, network functions are distributed as virtual machines that run on generic servers in a datacenter. These network functions control critical elements; therefore, they should be run on trusted hardware. Trusted computing concepts can be used to guarantee the trustworthiness of the underlying hardware platform running critical workload. These concepts include the Trusted Platform Module and Remote Attestation. This work identifies limitations in existing solutions and uses those as motivation for designing and implementing a finer-grained definition of trust. This thesis designs and develops a remote attestation solution, which includes a policy and rule based mechanism for determining platform trust in a trusted cloud. Additionally, it develops a fine-grained concept of trust in a cloud environment based on NFV. Finally, this thesis utilizes the remote attestation solution to develop a forensics system based on root cause analysis, which allows the investigation of attestation failures and their mitigation.
    [Show full text]