DOCSLIB.ORG

A Software Approach to Defeating Side Channels in Last-Level Caches

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
A Software Approach to Defeating Side Channels in Last-Level Caches A Software Approach to Defeating Side Channels in Last-Level Caches Ziqiao Zhou Michael K. Reiter Yinqian Zhang University of North Carolina University of North Carolina Ohio State University Chapel Hill, NC, USA Chapel Hill, NC, USA Columbus, OH, USA ABSTRACT do not require preemption of the victim to extract fine- grained information from it (e.g., [35, 37, 12, 21]). We present a software approach to mitigate access-driven Two varieties of LLC-based side channels capable of side-channel attacks that leverage last-level caches extracting fine-grained information from a victim have (LLCs) shared across cores to leak information between been demonstrated. The first such attacks were of the security domains (e.g., tenants in a cloud). Our approach FLUSH-RELOAD variety [35, 37], which requires the at- dynamically manages physical memory pages shared be- tacker to share a physicalmemory pagewith the victim— tween security domains to disable sharing of LLC lines, a common situation in a modern OS, due to shared li- thus preventing “FLUSH-RELOAD” side channels via brary, copy-on-write memory management and memory LLCs. It also manages cacheability of memory pages deduplication mechanisms that aim for smaller mem- to thwart cross-tenant “PRIME-PROBE” attacks in LLCs. ory footprints. The attacker first FLUSHes a cache-line We have implemented our approach as a memory man- sized chunk of the shared page out of the cache using agement subsystem called CACHEBAR within the Linux processor-specific instructions (e.g., clflush in x86 kernel to intervene on such side channels across con- processors) and later measures the time to RELOAD (or tainer boundaries, as containers are a common method re-FLUSH [8]) it to infer whether this chunk was touched for enforcing tenant isolation in Platform-as-a-Service (and thus loaded to the shared cache already) by the (PaaS) clouds. Through formal verification, princi- victim. More recently, so-called PRIME-PROBE attacks pled analysis, and empirical evaluation, we show that have been demonstrated via LLCs [12, 21]; these do not CACHEBAR achieves strong security with small perfor- require page sharing between the attacker and victim. mance overheads for PaaS workloads. Rather, PRIME-PROBE attacks can be conducted when the two programsshare the same CPU cache sets. The at- 1 INTRODUCTION tacker PRIMEs the cache by loadingits own memory into An access-driven side channel is an attack by which certain cache sets. Later it PROBEs the cache by measur- an attacker computation learns secret information about ing the time to load the same memory into the cache sets a victim computation running on the same computer, and inferring how many cache lines in each cache set are not by violating the logical access control implemented absent due to conflicts with the victim’s execution. by the isolation software (typically an operating sys- In this paper we propose a software-only defense tem (OS) or virtual machine monitor (VMM)) but rather against these LLC-based side-channel attacks, based on by observing the effects of the victim’s execution on two seemingly straightforward principles. First, to defeat arXiv:1603.05615v1 [cs.CR] 17 Mar 2016 microarchitectural components it shares with the at- FLUSH-RELOAD attacks, we propose a copy-on-access tacker’s. Overwhelmingly, the components most often mechanism to manage physical pages shared across mu- used in these attacks are CPU caches. Early cache-based tually distrusting security domains (i.e., processes, con- side channels capable of leaking fine-grained informa- tainers2, or VMs). Specifically, temporally proximate ac- tion (e.g., cryptographickeys) across security boundaries cesses to the same physical page by multiple security do- used per-core caches (e.g., [30, 9, 36]), though the need mains results in the page being copied so that each do- for the attacker to frequently preempt the victim to ob- main has its own copy. In this way, a victim’s access to serve its effect on per-core caches renders these attacks its copy will be invisible to an attacker’s RELOAD in a relatively easy to mitigate in software (e.g., [39, 31]).1 FLUSH-RELOAD attack. When accesses are sufficiently Of more concern are side channels via last-level caches spaced in time, the copies can be deduplicated to return (LLCs) that are shared across cores and, in particular, the overall memory footprint to its original size. Sec- ond, to defeat PRIME-PROBE attacks, we design a mech- 1Hyper-threading can enable the attacker to observe the victim’s anism to manage the cacheability of memory pages so as effects on per-core caches without preempting it, if both are simultane- to limit the number of lines per cache set that an attacker ously scheduled on the same core. So, potentially adversarial tenants are generally not scheduled together (or hyper-threading is disabled) in cloud environments, for example. 2https://linuxcontainers.org/ may PROBE. In doing so, we limit the visibility of the at- (e.g., [3, 4]) to application-specific side-channel-free im- tacker into the victim’s demand for memory that maps to plementations (e.g., [16]). These techniques can intro- that cache set. Of course, the challenge in these defenses duce substantial runtime overheads, however, and these is in engineering them to be effective in both mitigating overheads tend to increase with the generality of the tool. LLC-based side-channels and supporting efficient execu- It is for this reason that we believe that systems-level tion of computations. (i.e., OS- or VMM-level) defenses are the most plausible, To demonstrate these defenses and the tradeoffs be- general defense for deployment in the foreseeable future. tween security and efficiency that they offer, we detail With attention to cache-based side-channels specifically, their design and implementation in a memory manage- several works provide to each security domain a limited ment subsystem called CACHEBAR (short for “Cache number of designated pages that are never evicted from Barrier”) for the Linux kernel. CACHEBAR sup- the LLC (e.g., [14, 19]), thereby rendering their con- ports these defenses for security domains represented tents immune to PRIME-PROBE and FLUSH-RELOAD as Linux containers. That is, copy-on-access to de- attacks. These approaches, however, require the appli- fend against FLUSH-RELOAD attacks makes copies of cation developer to determine what data/instructions to pages as needed to isolate temporally proximate ac- protect and then to modify the application to organize cesses to the same page from different containers. More- the sensitive content into the protected pages; in contrast, over, memory cacheability is managed so that the pro- CACHEBAR seeks to protect applications holistically and cesses in each container are collectively limited in the requires no application modifications. CACHEBAR also number of lines per cache set they can PROBE. This differs in several design choices that free it from limi- implementation would thus be well-suited for use in tations of prior approaches (e.g., the limitation of only Platform-as-a-Service (PaaS) clouds that isolate cloud one protected page per core [14] or dependence on rel- customers in distinct containers; indeed, cross-container atively recent, Intel-specific cache optimizations [19]). LLC-based side channels have been demonstrated in Other systems-level solutions manage memory so as to such clouds in the wild [37]. Our security evalua- partition the use of the LLC by different security do- tions show that CACHEBAR mitigates cache-based side- mains (e.g., [26, 27]), though these approaches preclude channel attacks, and our performance evaluation indi- memory-page and CPU-cache sharing entirely and hence cates that CACHEBAR imposes very modest overheads can underutilize these resources considerably. on PaaS workloads. LLC-based side channels are a particular instance of To summarize, we contribute: timing side channels, and so defenses that seek to elim- inate timing side channels are also relevant to our prob- • A novel copy-on-access mechanism to manage phys- lem. Examples include fuzzing real-time sources on the ical memory pages shared by distrusting tenants to computer (e.g., [32]), though this impinges on legitimate prevent FLUSH-RELOAD side-channel attacks, and uses of real time. Since real-time counters are not the its formal verification using model checking. only way to time memory fetches [34], other efforts have • A novel mechanism to dynamically maintain queues sought to eliminate side-channel risks more holistically of cacheable memory pages so as to limit the cache via altering the CPU scheduler (e.g., [28, 18]) and man- lines a malicious tenant may access in PRIME-PROBE aging how tenants co-locate (e.g., [17, 38, 10, 2, 18]). In attacks, and a principled derivation of its parameters contrast, here we focus specifically on LLC-based side to balance security and performance. channels (vs. a larger subset of timing side-channels)— • Implementation of both mechanisms in a mainstream which again are arguably the most potent known side- Linux operating system kernel and an extensive secu- channel vectors [35, 37, 12, 21]—and restrict our modi- rity and performance evaluation for PaaS workloads. fications to the memory management subsystem. 2 RELATED WORK 3 COPY-ON-ACCESS FOR FLUSH- Numerous proposals have sought to mitigate cache- RELOAD DEFENSE based side channels with low overhead through redesign The FLUSH-RELOAD attack is a highly effective LLC- of the cache hardware, e.g., [24, 15, 33, 13, 20]. Un- based side channel that was used, e.g., by Zhang et fortunately, there is little evidence that mainstream CPU al. [37] to mount fine-grained side-channel attacks in manufacturers will deploy such defenses in the foresee- commercial PaaS clouds. It leverages physical mem- able future, and even if they did, it would be years be- ory pages shared between an attacker and victim se- fore these defenses permeated the installed computing curity domains, as well as the ability to evict those base.
Load more

Recommended publications
  • Yet Another Web Server
    Yaws - Yet Another Web Server Claes Wikstrom [email protected] September 9, 2018 Contents 1 Introduction 4 1.1 Prerequisites . 5 1.2 A tiny example . 5 2 Compile, Install, Config and Run 7 2.0.1 Compile and Install . 7 2.0.2 Configure . 8 3 Static content 11 4 Dynamic content 12 4.1 Introduction . 12 4.2 EHTML . 12 4.3 POSTs . 17 4.3.1 Queries . 17 4.3.2 Forms . 17 4.4 POSTing files . 18 5 Mode of operation 22 5.1 On-the-fly compilation . 22 5.2 Evaluating the Yaws Code . 23 6 SSL 24 6.1 Server Name Indication . 25 7 Applications 26 7.1 Login scenarios . 26 7.1.1 The session server . 26 1 CONTENTS 2 7.1.2 Arg rewrite . 28 7.1.3 Authenticating . 29 7.1.4 Database driven applications . 31 7.2 Appmods . 31 7.3 The opaque data . 32 7.4 Customizations . 32 7.4.1 404 File not found . 33 7.4.2 Crash messages . 33 7.5 Stream content . 34 7.6 All out/1 Return Values . 35 8 Debugging and Development 39 8.1 Logs . 39 9 External scripts via CGI 40 10 FastCGI 41 10.1 The FastCGI Responder Role . 41 10.2 The FastCGI Authorizer Role . 42 10.3 The FastCGI Filter Role . 42 10.4 FastCGI Configuration . 42 11 Security 43 11.1 WWW-Authenticate . 43 12 Embedded mode 45 12.1 Creating Global and Server Configurations . 45 12.2 Starting Yaws in Embedded Mode . 46 13 The config file - yaws.conf 47 13.1 Global Part .
    [Show full text]
  • SDK De AWS Para Ruby Developer Guide
    SDK de AWS para Ruby Developer Guide SDK de AWS para Ruby: Developer Guide Copyright © Amazon Web Services, Inc. and/or its affiliates. All rights reserved. SDK de AWS para Ruby Developer Guide Las marcas comerciales y la imagen comercial de Amazon no se pueden utilizar en relación con ningún producto o servicio que no sea de Amazon de ninguna manera que pueda causar confusión entre los clientes y que menosprecie o desacredite a Amazon. Todas las demás marcas comerciales que no son propiedad de Amazon son propiedad de sus respectivos propietarios, que pueden o no estar afiliados, conectados o patrocinados por Amazon. SDK de AWS para Ruby Developer Guide Table of Contents AWSGuía para desarrolladores de SDK for Ruby ................................................................................... 1 Mediante laAWSSDK for Ruby conAWS Cloud9 .............................................................................. 1 Acerca de esta guía ................................................................................................................... 1 Documentación y recursos adicionales .......................................................................................... 2 Implementación enAWSCloud ............................................................................................... 2 Mantenimiento y soporte para las versiones principales del SDK ........................................................ 2 Introducción ......................................................................................................................................
    [Show full text]
  • 85324630.Pdf
    About NetTantra NetTantra is a creative technology and design company based out of India, US and UK. We provide web based solutions and mobile solutions to various industries like manufacturing, consulting, education. We have expertise in various sectors of the web including an array of server-side languages, OpenSource CMS/Blog frameworks, Linux/UNIX system administration, production server backup and recovery solutions, cloud infrastructure set-up and much more. Our expertise in providing WordPress based solutions has been acclaimed by many of our clients and the OpenSource community. We also provide cloud based solutions like migrating existing applications and building cloud applications for public or private cloud setups. We are known among our clients for on-time delivery and extraordinary quality of service. In mobile based solutions, we have expertise in developing native applications for iOS and Android platforms. We also develop cross-platform mobile applications using Sencha Touch and jQuery Mobile frameworks. 2 of 14 pages Why Hire Us ✔ Technology ◦ We have expertise in the most cutting edge tools and technologies used in the industry with special focus on OpenSource Technologies ◦ We pay special attention to web and network security for all projects ◦ Our team follows highly optimized project delivery life cycles and processes ✔ Cost ◦ We offer the best price to quality ratio ✔ Infrastructure ◦ Advanced workstations ◦ Cutting edge computing and network systems ◦ Power packed online servers ◦ Smart communications systems ◦ Conference halls, CBT and video learning facilities ◦ High-speed uninterrupted Internet connection ✔ Quality of Service ◦ Guaranteed client satisfaction ◦ Real-time customer support with the least turn-around in the industry ◦ Pre-sales technical and business related support to partners and agencies ✔ Ethics and Principles ◦ We ensure confidentiality in all our dealings.
    [Show full text]
  • Lightweight Django USING REST, WEBSOCKETS & BACKBONE
    Lightweight Django USING REST, WEBSOCKETS & BACKBONE Julia Elman & Mark Lavin Lightweight Django LightweightDjango How can you take advantage of the Django framework to integrate complex “A great resource for client-side interactions and real-time features into your web applications? going beyond traditional Through a series of rapid application development projects, this hands-on book shows experienced Django developers how to include REST APIs, apps and learning how WebSockets, and client-side MVC frameworks such as Backbone.js into Django can power the new or existing projects. backend of single-page Learn how to make the most of Django’s decoupled design by choosing web applications.” the components you need to build the lightweight applications you want. —Aymeric Augustin Once you finish this book, you’ll know how to build single-page applications Django core developer, CTO, oscaro.com that respond to interactions in real time. If you’re familiar with Python and JavaScript, you’re good to go. “Such a good idea—I think this will lower the barrier ■ Learn a lightweight approach for starting a new Django project of entry for developers ■ Break reusable applications into smaller services that even more… the more communicate with one another I read, the more excited ■ Create a static, rapid prototyping site as a scaffold for websites and applications I am!” —Barbara Shaurette ■ Build a REST API with django-rest-framework Python Developer, Cox Media Group ■ Learn how to use Django with the Backbone.js MVC framework ■ Create a single-page web application on top of your REST API Lightweight ■ Integrate real-time features with WebSockets and the Tornado networking library ■ Use the book’s code-driven examples in your own projects Julia Elman, a frontend developer and tech education advocate, started learning Django in 2008 while working at World Online.
    [Show full text]
  • Web Development and Perl 6 Talk
    Click to add Title 1 “Even though I am in the thralls of Perl 6, I still do all my web development in Perl 5 because the ecology of modules is so mature.” http://blogs.perl.org/users/ken_youens-clark/2016/10/web-development-with-perl-5.html Web development and Perl 6 Bailador BreakDancer Crust Web Web::App::Ballet Web::App::MVC Web::RF Bailador Nov 2016 BreakDancer Mar 2014 Crust Jan 2016 Web May 2016 Web::App::Ballet Jun 2015 Web::App::MVC Mar 2013 Web::RF Nov 2015 “Even though I am in the thralls of Perl 6, I still do all my web development in Perl 5 because the ecology of modules is so mature.” http://blogs.perl.org/users/ken_youens-clark/2016/10/web-development-with-perl-5.html Crust Web Bailador to the rescue Bailador config my %settings; multi sub setting(Str $name) { %settings{$name} } multi sub setting(Pair $pair) { %settings{$pair.key} = $pair.value } setting 'database' => $*TMPDIR.child('dancr.db'); # webscale authentication method setting 'username' => 'admin'; setting 'password' => 'password'; setting 'layout' => 'main'; Bailador DB sub connect_db() { my $dbh = DBIish.connect( 'SQLite', :database(setting('database').Str) ); return $dbh; } sub init_db() { my $db = connect_db; my $schema = slurp 'schema.sql'; $db.do($schema); } Bailador handler get '/' => { my $db = connect_db(); my $sth = $db.prepare( 'select id, title, text from entries order by id desc' ); $sth.execute; layout template 'show_entries.tt', { msg => get_flash(), add_entry_url => uri_for('/add'), entries => $sth.allrows(:array-of-hash) .map({$_<id> => $_}).hash,
    [Show full text]
  • Cherrypy Documentation Release 8.5.1.Dev0+Ng3a7e7f2.D20170208
    CherryPy Documentation Release 8.5.1.dev0+ng3a7e7f2.d20170208 CherryPy Team February 08, 2017 Contents 1 Foreword 1 1.1 Why CherryPy?.............................................1 1.2 Success Stories..............................................2 2 Installation 5 2.1 Requirements...............................................5 2.2 Supported python version........................................5 2.3 Installing.................................................5 2.4 Run it...................................................6 3 Tutorials 9 3.1 Tutorial 1: A basic web application...................................9 3.2 Tutorial 2: Different URLs lead to different functions.......................... 10 3.3 Tutorial 3: My URLs have parameters.................................. 11 3.4 Tutorial 4: Submit this form....................................... 12 3.5 Tutorial 5: Track my end-user’s activity................................. 12 3.6 Tutorial 6: What about my javascripts, CSS and images?........................ 13 3.7 Tutorial 7: Give us a REST....................................... 15 3.8 Tutorial 8: Make it smoother with Ajax................................. 17 3.9 Tutorial 9: Data is all my life...................................... 19 3.10 Tutorial 10: Make it a modern single-page application with React.js.................. 22 3.11 Tutorial 11: Organize my code...................................... 25 4 Basics 27 4.1 The one-minute application example.................................. 28 4.2 Hosting one or more applications...................................
    [Show full text]
  • Algorithmic Reflections on Choreography
    ISSN: 1795-6889 www.humantechnology.jyu.fi Volume 12(2), November 2016, 252–288 ALGORITHMIC REFLECTIONS ON CHOREOGRAPHY Pablo Ventura Daniel Bisig Ventura Dance Company Zurich University of the Arts Switzerland Switzerland Abstract: In 1996, Pablo Ventura turned his attention to the choreography software Life Forms to find out whether the then-revolutionary new tool could lead to new possibilities of expression in contemporary dance. During the next 2 decades, he devised choreographic techniques and custom software to create dance works that highlight the operational logic of computers, accompanied by computer-generated dance and media elements. This article provides a firsthand account of how Ventura’s engagement with algorithmic concepts guided and transformed his choreographic practice. The text describes the methods that were developed to create computer-aided dance choreographies. Furthermore, the text illustrates how choreography techniques can be applied to correlate formal and aesthetic aspects of movement, music, and video. Finally, the text emphasizes how Ventura’s interest in the wider conceptual context has led him to explore with choreographic means fundamental issues concerning the characteristics of humans and machines and their increasingly profound interdependencies. Keywords: computer-aided choreography, breaking of aesthetic and bodily habits, human– machine relationships, computer-generated and interactive media. © 2016 Pablo Ventura & Daniel Bisig, and the Agora Center, University of Jyväskylä DOI: http://dx.doi.org/10.17011/ht/urn.201611174656 This work is licensed under a Creative Commons Attribution-Noncommercial 4.0 International License. 252 Algorithmic Reflections on Choreography INTRODUCTION The purpose of this article is to provide a first-hand account of how a thorough artistic engagement with functional and conceptual aspects of software can guide and transform choreographic practice.
    [Show full text]
  • Next Generation Web Scanning Presentation
    Next generation web scanning New Zealand: A case study First presented at KIWICON III 2009 By Andrew Horton aka urbanadventurer NZ Web Recon Goal: To scan all of New Zealand's web-space to see what's there. Requirements: – Targets – Scanning – Analysis Sounds easy, right? urbanadventurer (Andrew Horton) www.morningstarsecurity.com Targets urbanadventurer (Andrew Horton) www.morningstarsecurity.com Targets What does 'NZ web-space' mean? It could mean: •Geographically within NZ regardless of the TLD •The .nz TLD hosted anywhere •All of the above For this scan it means, IPs geographically within NZ urbanadventurer (Andrew Horton) www.morningstarsecurity.com Finding Targets We need creative methods to find targets urbanadventurer (Andrew Horton) www.morningstarsecurity.com DNS Zone Transfer urbanadventurer (Andrew Horton) www.morningstarsecurity.com Find IP addresses on IRC and by resolving lots of NZ websites 58.*.*.* 60.*.*.* 65.*.*.* 91.*.*.* 110.*.*.* 111.*.*.* 113.*.*.* 114.*.*.* 115.*.*.* 116.*.*.* 117.*.*.* 118.*.*.* 119.*.*.* 120.*.*.* 121.*.*.* 122.*.*.* 123.*.*.* 124.*.*.* 125.*.*.* 130.*.*.* 131.*.*.* 132.*.*.* 138.*.*.* 139.*.*.* 143.*.*.* 144.*.*.* 146.*.*.* 150.*.*.* 153.*.*.* 156.*.*.* 161.*.*.* 162.*.*.* 163.*.*.* 165.*.*.* 166.*.*.* 167.*.*.* 192.*.*.* 198.*.*.* 202.*.*.* 203.*.*.* 210.*.*.* 218.*.*.* 219.*.*.* 222.*.*.* 729,580,500 IPs. More than we want to try. urbanadventurer (Andrew Horton) www.morningstarsecurity.com IP address blocks in the IANA IPv4 Address Space Registry Prefix Designation Date Whois Status [1] -----
    [Show full text]
  • Dspace 1.8 Documentation
    DSpace 1.8 Documentation DSpace 1.8 Documentation Author: The DSpace Developer Team Date: 03 November 2011 URL: https://wiki.duraspace.org/display/DSDOC18 Page 1 of 621 DSpace 1.8 Documentation Table of Contents 1 Preface _____________________________________________________________________________ 13 1.1 Release Notes ____________________________________________________________________ 13 2 Introduction __________________________________________________________________________ 15 3 Functional Overview ___________________________________________________________________ 17 3.1 Data Model ______________________________________________________________________ 17 3.2 Plugin Manager ___________________________________________________________________ 19 3.3 Metadata ________________________________________________________________________ 19 3.4 Packager Plugins _________________________________________________________________ 20 3.5 Crosswalk Plugins _________________________________________________________________ 21 3.6 E-People and Groups ______________________________________________________________ 21 3.6.1 E-Person __________________________________________________________________ 21 3.6.2 Groups ____________________________________________________________________ 22 3.7 Authentication ____________________________________________________________________ 22 3.8 Authorization _____________________________________________________________________ 22 3.9 Ingest Process and Workflow ________________________________________________________ 24
    [Show full text]
  • Building Multiplayer Games with Web Sockets #GHC19 About Us
    Leveling Up: Building Multiplayer Games with Web Sockets #GHC19 About Us: #GHC19 Agenda 0. Introduction 1. Simple Chat Application 2. Multiplayer Game 3. Further Applications #GHC19 www.kahoot.com #GHC19 #GHC19 #GHC19 #GHC19 Diagram source: BMC Blog #GHC19 Diagram source: BMC Blog TCP and UDP are the transport level protocols TCP UDP Reliable Unreliable Connection-oriented Connectionless Segment sequencing No sequencing Acknowledge No acknowledgement segments #GHC19 Source: Pluralsight #GHC19 Diagram source: BMC Blog #GHC19 Diagram source: BMC Blog HTTP is used to share information on the application layer #GHC19 Graphic Source: Webnots Alternatives to WebSockets ● Browser Plug-Ins ● Polling ● Long Polling ● Server-Sent Events (SSE) #GHC19 The WebSocket protocol is used for real-time communication RFC-6455 #GHC19 Source: IETF RFC-6455 Some benefits of WebSockets Event driven Reduces network overhead - no need to send full HTTP requests HTTP compatible Co-exists on same port as your web server TLS/SSL compatible Same security as HTTPS #GHC19 WebSocket connection overview #GHC19 Diagram source: PubNub Staff Opening Handshake Client Handshake Server Handshake #GHC19 Source: IETF RFC-6455 Opening Handshake Client Handshake Server Handshake #GHC19 Source: IETF RFC-6455 Opening Handshake Client Handshake Server Handshake #GHC19 Source: IETF RFC-6455 Opening Handshake Client Handshake Server Handshake #GHC19 Source: IETF RFC-6455 Opening Handshake Client Handshake Server Handshake #GHC19 Source: IETF RFC-6455 Data Transfer Base Framing Protocol
    [Show full text]
  • Final CATALYST Framework Architecture
    D2.3 F in al CATALYST Framework Architect ure WORKPACKAGE PROGRAMME IDENTIFIER WP2 H2020-EE-2016-2017 DOCUMENT PROJECT NUMBER D2.3 768739 VERSION START DATE OF THE PROJECT 1.0 01/10/2017 PUBLISH DATE DURATION 03/06/2019 36 months DOCUMENT REFERENCE CATALYST.D2.3.PARTNER.WP2.v1.0 PROGRAMME NAME ENERGY EFFICIENCY CALL 2016-2017 PROGRAMME IDENTIFIER H2020-EE-2016-2017 TOPIC Bringing to market more energy efficient and integrated data centres TOPIC IDENTIFIER EE-20-2017 TYPE OF ACTION IA Innovation action PROJECT NUMBER 768739 PROJECT TITLE CATALYST COORDINATOR ENGINEERING INGEGNERIA INFORMATICA S.p.A. (ENG) PRINCIPAL CONTRACTORS SINGULARLOGIC ANONYMI ETAIREIA PLIROFORIAKON SYSTIMATON KAI EFARMOGON PLIROFORIKIS (SiLO), ENEL.SI S.r.l (ENEL), ALLIANDER NV (ALD), STICHTING GREEN IT CONSORTIUM REGIO AMSTERDAM (GIT), SCHUBERG PHILIS BV (SBP), QARNOT COMPUTING (QRN), POWER OPERATIONS LIMITED (POPs), INSTYTUT CHEMII BIOORGANICZNEJ POLSKIEJ AKADEMII NAUK (PSNC), UNIVERSITATEA TEHNICA CLUJ-NAPOCA (TUC) DOCUMENT REFERENCE CATALYST.D2.3.PARTNER.WP2.v1.0 WORKPACKAGE: WP2 DELIVERABLE TYPE R (report) AVAILABILITY PU (Public) DELIVERABLE STATE Final CONTRACTUAL DATE OF DELIVERY 31/05/2019 ACTUAL DATE OF DELIVERY 03/06/2019 DOCUMENT TITLE Final CATALYST Framework Architecture AUTHOR(S) Marzia Mammina (ENG), Terpsi Velivassaki (SiLO), Tudor Cioara (TUC), Nicolas Sainthérant (QRN), Artemis Voulkidis (POPs), John Booth (GIT) REVIEWER(S) Artemis Voulkidis (POPs) Terpsi Velivassaki (SILO) SUMMARY (See the Executive Summary) HISTORY (See the Change History Table)
    [Show full text]
  • Development of a Novel Combined Catalyst and Sorbent for Hydrocarbon Reforming Justinus A
    Chemical and Biological Engineering Publications Chemical and Biological Engineering 2005 Development of a novel combined catalyst and sorbent for hydrocarbon reforming Justinus A. Satrio Iowa State University Brent H. Shanks Iowa State University, [email protected] Thomas D. Wheelock Iowa State University, [email protected] Follow this and additional works at: http://lib.dr.iastate.edu/cbe_pubs Part of the Chemical Engineering Commons The ompc lete bibliographic information for this item can be found at http://lib.dr.iastate.edu/ cbe_pubs/220. For information on how to cite this item, please visit http://lib.dr.iastate.edu/ howtocite.html. This Article is brought to you for free and open access by the Chemical and Biological Engineering at Iowa State University Digital Repository. It has been accepted for inclusion in Chemical and Biological Engineering Publications by an authorized administrator of Iowa State University Digital Repository. For more information, please contact [email protected]. Development of a novel combined catalyst and sorbent for hydrocarbon reforming Abstract A combined catalyst and sorbent was prepared and utilized for steam reforming methane and propane in laboratory-scale systems. The am terial was prepared in the form of small spherical pellets having a layered structure such that each pellet consisted of a highly reactive lime or dolime core enclosed within a porous but strong protective shell made of alumina in which a nickel catalyst was loaded. The am terial served two functions by catalyzing the reaction of hydrocarbons with steam to produce hydrogen while simultaneously absorbing carbon dioxide formed by the reaction. The in situ er moval of CO 2 shifted the reaction equilibrium toward increased H 2 concentration and production.
    [Show full text]