Geographic landscapes in all over the world may be subject to rapid changes induced,for instance,by urban,forest,and agricultural evolutions.Monitoring such kind of changes is usually achieved through remote sensing.H...Geographic landscapes in all over the world may be subject to rapid changes induced,for instance,by urban,forest,and agricultural evolutions.Monitoring such kind of changes is usually achieved through remote sensing.However,obtaining regular and up-to-date aerial or satellite images is found to be a high costly process,thus preventing regular updating of land cover maps.Alternatively,in this paper,we propose a low-cost solution based on the use of groundlevel geo-located landscape panoramic photos providing high spatial resolution information of the scene.Such photos can be acquired from various sources:digital cameras,smartphone,or even web repositories.Furthermore,since the acquisition is performed at the ground level,the users’immediate surroundings,as sensed by a camera device,can provide information at a very high level of precision,enabling to update the land cover type of the geographic area.In the described herein method,we propose to use inverse perspective mapping(inverse warping)to transform the geo-tagged ground-level 360◦photo onto a top-down view as if it had been acquired from a nadiral aerial view.Once re-projected,the warped photo is compared to a previously acquired remotely sensed image using standard techniques such as correlation.Wide differences in orientation,resolution,and geographical extent between the top-down view and the aerial image are addressed through specific processing steps(e.g.registration).Experiments on publicly available data-sets made of both ground-level photos and aerial images show promising results for updating land cover maps with mobile technologies.Finally,the proposed approach contributes to the crowdsourcing efforts in geo-information processing and mapping,providing hints on the evolution of a landscape.展开更多
With the rapid development of emerging 5G and beyond(B5G),Unmanned Aerial Vehicles(UAVs)are increasingly important to improve the performance of dense cellular networks.As a conventional metric,coverage probability ha...With the rapid development of emerging 5G and beyond(B5G),Unmanned Aerial Vehicles(UAVs)are increasingly important to improve the performance of dense cellular networks.As a conventional metric,coverage probability has been widely studied in communication systems due to the increasing density of users and complexity of the heterogeneous environment.In recent years,stochastic geometry has attracted more attention as a mathematical tool for modeling mobile network systems.In this paper,an analytical approach to the coverage probability analysis of UAV-assisted cellular networks with imperfect beam alignment has been proposed.An assumption was considered that all users are distributed according to Poisson Cluster Process(PCP)around base stations,in particular,Thomas Cluster Process(TCP).Using thismodel,the impact of beam alignment errors on the coverage probabilitywas investigated.Initially,the ProbabilityDensity Function(PDF)of directional antenna gain between the user and its serving base station was obtained.Then,association probability with each tier was achieved.A tractable expression was derived for coverage probability in both Line-of-Sight(LoS)andNon-Line-of-Sight(NLoS)condition links.Numerical results demonstrated that at low UAVs altitude,beam alignment errors significantly degrade coverage performance.Moreover,for a small cluster size,alignment errors do not necessarily affect the coverage performance.展开更多
This article describes a user-centred method used to design innovative pattern recognition software for technical paper documents. This kind of software can make some errors of interpretation. It will therefore be imp...This article describes a user-centred method used to design innovative pattern recognition software for technical paper documents. This kind of software can make some errors of interpretation. It will therefore be important that human operators are able to identify and correct these mistakes. The identification of errors is a difficult task because operators need to establish co-reference between the initial document and it interpretation. Moreover, users must be able to checks the interpretation without forgetting any area. This task requires the interface is easy to use. The experiments showed that the sequential display of interpretation is the most effective and that the interruptions by user reduce task duration. Moreover, queries by the system may improve error detection. This paper summarizes the main results of the research conducted in the context of this design for enhance the interface, and describes the specifications to which it gave rise.展开更多
Translation validation was invented in the 90's by Pnueli et al. as a technique to formally verify the correctness of code generators. Rather than certifying the code generator or exhaustively qualifying it, translat...Translation validation was invented in the 90's by Pnueli et al. as a technique to formally verify the correctness of code generators. Rather than certifying the code generator or exhaustively qualifying it, translation validators attempt to verify that program transformations preserve semantics. In this work, we adopt this approach to formally verify that the clock semantics and data dependence are preserved during the compilation of the Signal compiler. Translation valida- tion is implemented for every compilation phase from the initial phase until the latest phase where the executable code is generated, by proving the transformation in each phase of the compiler preserves the semantics. We represent the clock semantics, the data dependence of a program and its trans- formed counterpart as first-order formulas which are called clock models and synchronous dependence graphs (SDGs), respectively. We then introduce clock refinement and depen- dence refinement relations which express the preservations of clock semantics and dependence, as a relation on clock mod- els and SDGs, respectively. Our validator does not require any instrumentation or modification of the compiler, nor any rewriting of the source program.展开更多
Despite the expanded efforts,the vehicular ad-hoc networks(VANETs)are still facing many challenges such as network performances,network scalability and context-awareness.Many solutions have been proposed to overcome t...Despite the expanded efforts,the vehicular ad-hoc networks(VANETs)are still facing many challenges such as network performances,network scalability and context-awareness.Many solutions have been proposed to overcome these obstacles,and the edge computing,an extension of the cloud computing,is one of them.With edge computing,communication,storage and computational capabilities are brought closer to end users.This could offer many benefits to the global vehicular network including,for example,lower latency,network off-loading and context-awareness(location,environment factors,etc.).Different approaches of edge computing have been developed:mobile edge computing(MEC),fog computing(FC)and cloudlet are the main ones.After introducing the vehicular environment background,this paper aims to study and compare these different technologies.For that purpose their main features are compared and the state-of-the-art applications in VANETs are analyzed.In addition,MEC,FC,and cloudlet are classified and their suitability level is debated for different types of vehicular applications.Finally,some challenges and future research directions in the fields of edge computing and VANETs are discussed.展开更多
Architecture analysis & design language (AADL) has been increasingly adopted in the design of em- bedded systems, and corresponding scheduling and formal verification have been well studied. However, little work ta...Architecture analysis & design language (AADL) has been increasingly adopted in the design of em- bedded systems, and corresponding scheduling and formal verification have been well studied. However, little work takes code distribution and architecture exploration into ac- count, particularly considering clock constraints, for dis- tributed multi-processor systems. In this paper, we present an overview of our approach to handle these concerns, together with the associated toolchain, AADL-PoLYCHRONY-SYNDEx. First, in order to avoid semantic ambiguities of AADL, the polychronous/multiclock semantics of AADL, based on a polychronous model of computation, is considered. Clock synthesis is then carried out in POLYCHRONY, which bridges the gap between the polychronous semantics and the syn- chronous semantics of SYNDEx. The same timing semantics is always preserved in order to ensure the correctness of the transformations between different formalisms. Code distri- bution and corresponding scheduling is carried out on the obtained SYNDEx model in the last step, which enables the exploration of architectures originally specified in AADL. Our contribution provides a fast yet efficient architecture ex- ploration approach for the design of distributed real-time and embedded systems. An avionic case study is used here to illustrate our approach.展开更多
This paper investigates how state diagrams can be best represented in the polychronous model of computation (MoC) and proposes to use this model for code validation of behavior specifications in architecture analysis ...This paper investigates how state diagrams can be best represented in the polychronous model of computation (MoC) and proposes to use this model for code validation of behavior specifications in architecture analysis & design language (AADL). In this relational MoC, the basic objects are signals, which are related through dataflow equations. Signals are associated with logical clocks, which provide the capability to describe systems in which components obey multiple clock rates. We propose a model of finite-state automata, called polychronous automata, which is based on clock relationships. A specificity of this model is that an automaton is submitted to clock constraints, which allows one to specify a wide range of control-related configurations, being either reactive or restrictive with respect to their control environment. A semantic model is defined for these polychronous automata, which relies on boolean algebra of clocks. Based on a previously defined modeling method for AADL software architectures using the polychronous MoC, the proposed model is used as a formal model for the AADL behavior annex. This is illustrated with a case study involving an adaptive cruise control system.展开更多
The k-set agreement problem is a generalization of the consensus problem: considering a system made up of n processes where each process proposes a value, each non-faulty process has to decide a value such that a dec...The k-set agreement problem is a generalization of the consensus problem: considering a system made up of n processes where each process proposes a value, each non-faulty process has to decide a value such that a decided value is a proposed value, and no more than k different values are decided. While this problem cannot be solved in an asynchronous system prone to t process crashes when t≥ k, it can always be solved in a synchronous system; [t/k]+1 is then a lower bound on the number of rounds (consecutive communication steps) for the non-faulty processes to decide. The condition-based approach has been introduced in the consensus context. Its aim was to both circumvent the consensus impossibility in asynchronous systems, and allow for more efficient consensus algorithms in synchronous systems. This paper addresses the condition-based approach in the context of the k-set agreement problem. It has two main contributions. The first is the definition of a framework that allows defining conditions suited to the l-set agreement problem and the second is a generic synchronous k-set agreement algorithm based on conditions.展开更多
This paper considers the eventual leader election problem in asynchronous message-passing systems where an arbitrary number t of processes can crash(t〈n,where n is the total number of processes).It considers weak a...This paper considers the eventual leader election problem in asynchronous message-passing systems where an arbitrary number t of processes can crash(t〈n,where n is the total number of processes).It considers weak assumptions both on the initial knowledge of the processes and on the network behavior.More precisely,initially,a process knows only its identity and the fact that the process identities are different and totally ordered(it knows neither n nor t).Two eventual leader election protocols and a lower bound are presented.The first protocol assumes that a process also knows a lower bound α on the number of processes that do not crash.This protocol requires the following behavioral properties from the underlying network:the graph made up of the correct processes and fair lossy links is strongly connected,and there is a correct process connected to(n〈f)-α other correct processes(where f is the actual number of crashes in the considered run) through eventually timely paths(paths made up of correct processes and eventually timely links).This protocol is not communication-efficient in the sense that each correct process has to send messages forever.The second protocol is communication-efficient:after some time,only the final common leader has to send messages forever.This protocol does not require the processes to know α,but requires stronger properties from the underlying network:each pair of correct processes has to be connected by fair lossy links(one in each direction),and there is a correct process whose n〈f-1 output links to the rest of correct processes have to be eventually timely.A matching lower bound result shows that any eventual leader election protocol must have runs with this number of eventually timely links,even if all processes know all the processes identities.In addition to being communication-efficient,the second protocol has another noteworthy efficiency property,namely,be the run finite or infinite,all the local variables and message fields have a finite domain in the run.展开更多
In modern computer systems,user processes are isolated from each other by the operating system and the hardware.Additionally,in a cloud scenario it is crucial that the hypervisor isolates tenants from other tenants th...In modern computer systems,user processes are isolated from each other by the operating system and the hardware.Additionally,in a cloud scenario it is crucial that the hypervisor isolates tenants from other tenants that are co-located on the same physical machine.However,the hypervisor does not protect tenants against the cloud provider and thus,the supplied operating system and hardware.Intel SGX provides a mechanism that addresses this scenario.It aims at protecting user-level software from attacks from other processes,the operating system,and even physical attackers.In this paper,we demonstrate fine-grained software-based side-channel attacks from a malicious SGX enclave targeting co-located enclaves.Our attack is the first malware running on real SGX hardware,abusing SGX protection features to conceal itself.Furthermore,we demonstrate our attack both in a native environment and across multiple Docker containers.We perform a Prime+Probe cache side-channel attack on a co-located SGX enclave running an up-to-date RSA implementation that uses a constant-time multiplication primitive.The attack works,although in SGX enclaves,there are no timers,no large pages,no physical addresses,and no shared memory.In a semi-synchronous attack,we extract 96%of an RSA private key from a single trace.We extract the full RSA private key in an automated attack from 11 traces within 5 min.展开更多
In modern computer systems,user processes are isolated from each other by the operating system and the hardware.Additionally,in a cloud scenario it is crucial that the hypervisor isolates tenants from other tenants th...In modern computer systems,user processes are isolated from each other by the operating system and the hardware.Additionally,in a cloud scenario it is crucial that the hypervisor isolates tenants from other tenants that are co-located on the same physical machine.However,the hypervisor does not protect tenants against the cloud provider and thus,the supplied operating system and hardware.Intel SGX provides a mechanism that addresses this scenario.It aims at protecting user-level software from attacks from other processes,the operating system,and even physical attackers.In this paper,we demonstrate fine-grained software-based side-channel attacks from a malicious SGX enclave targeting co-located enclaves.Our attack is the first malware running on real SGX hardware,abusing SGX protection features to conceal itself.Furthermore,we demonstrate our attack both in a native environment and across multiple Docker containers.We perform a Prime+Probe cache side-channel attack on a co-located SGX enclave running an up-to-date RSA implementation that uses a constant-time multiplication primitive.The attack works,although in SGX enclaves,there are no timers,no large pages,no physical addresses,and no shared memory.In a semi-synchronous attack,we extract 96% of an RSA private key from a single trace.We extract the full RSA private key in an automated attack from 11 traces within 5 min.展开更多
The generalized likelihood ratio(GLR)method is a recently introduced gradient estimation method for handling discontinuities in a wide range of sample performances.We put the GLR methods from previous work into a sing...The generalized likelihood ratio(GLR)method is a recently introduced gradient estimation method for handling discontinuities in a wide range of sample performances.We put the GLR methods from previous work into a single framework,simplify regularity conditions to justify the unbiasedness of GLR,and relax some of those conditions that are difficult to verify in practice.Moreover,we combine GLR with conditional Monte Carlo methods and randomized quasi-Monte Carlo methods to reduce the variance.Numerical experiments show that variance reduction could be significant in various applications.展开更多
文摘Geographic landscapes in all over the world may be subject to rapid changes induced,for instance,by urban,forest,and agricultural evolutions.Monitoring such kind of changes is usually achieved through remote sensing.However,obtaining regular and up-to-date aerial or satellite images is found to be a high costly process,thus preventing regular updating of land cover maps.Alternatively,in this paper,we propose a low-cost solution based on the use of groundlevel geo-located landscape panoramic photos providing high spatial resolution information of the scene.Such photos can be acquired from various sources:digital cameras,smartphone,or even web repositories.Furthermore,since the acquisition is performed at the ground level,the users’immediate surroundings,as sensed by a camera device,can provide information at a very high level of precision,enabling to update the land cover type of the geographic area.In the described herein method,we propose to use inverse perspective mapping(inverse warping)to transform the geo-tagged ground-level 360◦photo onto a top-down view as if it had been acquired from a nadiral aerial view.Once re-projected,the warped photo is compared to a previously acquired remotely sensed image using standard techniques such as correlation.Wide differences in orientation,resolution,and geographical extent between the top-down view and the aerial image are addressed through specific processing steps(e.g.registration).Experiments on publicly available data-sets made of both ground-level photos and aerial images show promising results for updating land cover maps with mobile technologies.Finally,the proposed approach contributes to the crowdsourcing efforts in geo-information processing and mapping,providing hints on the evolution of a landscape.
基金supported by Princess Nourah bint Abdulrahman University Researchers Supporting Project number(PNURSP2022R323)Princess Nourah bint Abdulrahman University,Riyadh,Saudi Arabia,and Taif University Researchers Supporting Project Number TURSP-2020/34,Taif,Saudi Arabia.
文摘With the rapid development of emerging 5G and beyond(B5G),Unmanned Aerial Vehicles(UAVs)are increasingly important to improve the performance of dense cellular networks.As a conventional metric,coverage probability has been widely studied in communication systems due to the increasing density of users and complexity of the heterogeneous environment.In recent years,stochastic geometry has attracted more attention as a mathematical tool for modeling mobile network systems.In this paper,an analytical approach to the coverage probability analysis of UAV-assisted cellular networks with imperfect beam alignment has been proposed.An assumption was considered that all users are distributed according to Poisson Cluster Process(PCP)around base stations,in particular,Thomas Cluster Process(TCP).Using thismodel,the impact of beam alignment errors on the coverage probabilitywas investigated.Initially,the ProbabilityDensity Function(PDF)of directional antenna gain between the user and its serving base station was obtained.Then,association probability with each tier was achieved.A tractable expression was derived for coverage probability in both Line-of-Sight(LoS)andNon-Line-of-Sight(NLoS)condition links.Numerical results demonstrated that at low UAVs altitude,beam alignment errors significantly degrade coverage performance.Moreover,for a small cluster size,alignment errors do not necessarily affect the coverage performance.
文摘This article describes a user-centred method used to design innovative pattern recognition software for technical paper documents. This kind of software can make some errors of interpretation. It will therefore be important that human operators are able to identify and correct these mistakes. The identification of errors is a difficult task because operators need to establish co-reference between the initial document and it interpretation. Moreover, users must be able to checks the interpretation without forgetting any area. This task requires the interface is easy to use. The experiments showed that the sequential display of interpretation is the most effective and that the interruptions by user reduce task duration. Moreover, queries by the system may improve error detection. This paper summarizes the main results of the research conducted in the context of this design for enhance the interface, and describes the specifications to which it gave rise.
文摘Translation validation was invented in the 90's by Pnueli et al. as a technique to formally verify the correctness of code generators. Rather than certifying the code generator or exhaustively qualifying it, translation validators attempt to verify that program transformations preserve semantics. In this work, we adopt this approach to formally verify that the clock semantics and data dependence are preserved during the compilation of the Signal compiler. Translation valida- tion is implemented for every compilation phase from the initial phase until the latest phase where the executable code is generated, by proving the transformation in each phase of the compiler preserves the semantics. We represent the clock semantics, the data dependence of a program and its trans- formed counterpart as first-order formulas which are called clock models and synchronous dependence graphs (SDGs), respectively. We then introduce clock refinement and depen- dence refinement relations which express the preservations of clock semantics and dependence, as a relation on clock mod- els and SDGs, respectively. Our validator does not require any instrumentation or modification of the compiler, nor any rewriting of the source program.
文摘Despite the expanded efforts,the vehicular ad-hoc networks(VANETs)are still facing many challenges such as network performances,network scalability and context-awareness.Many solutions have been proposed to overcome these obstacles,and the edge computing,an extension of the cloud computing,is one of them.With edge computing,communication,storage and computational capabilities are brought closer to end users.This could offer many benefits to the global vehicular network including,for example,lower latency,network off-loading and context-awareness(location,environment factors,etc.).Different approaches of edge computing have been developed:mobile edge computing(MEC),fog computing(FC)and cloudlet are the main ones.After introducing the vehicular environment background,this paper aims to study and compare these different technologies.For that purpose their main features are compared and the state-of-the-art applications in VANETs are analyzed.In addition,MEC,FC,and cloudlet are classified and their suitability level is debated for different types of vehicular applications.Finally,some challenges and future research directions in the fields of edge computing and VANETs are discussed.
文摘Architecture analysis & design language (AADL) has been increasingly adopted in the design of em- bedded systems, and corresponding scheduling and formal verification have been well studied. However, little work takes code distribution and architecture exploration into ac- count, particularly considering clock constraints, for dis- tributed multi-processor systems. In this paper, we present an overview of our approach to handle these concerns, together with the associated toolchain, AADL-PoLYCHRONY-SYNDEx. First, in order to avoid semantic ambiguities of AADL, the polychronous/multiclock semantics of AADL, based on a polychronous model of computation, is considered. Clock synthesis is then carried out in POLYCHRONY, which bridges the gap between the polychronous semantics and the syn- chronous semantics of SYNDEx. The same timing semantics is always preserved in order to ensure the correctness of the transformations between different formalisms. Code distri- bution and corresponding scheduling is carried out on the obtained SYNDEx model in the last step, which enables the exploration of architectures originally specified in AADL. Our contribution provides a fast yet efficient architecture ex- ploration approach for the design of distributed real-time and embedded systems. An avionic case study is used here to illustrate our approach.
基金Nankai University and by the National Natural Science Foundation of China (Grant No. 61672074).
文摘This paper investigates how state diagrams can be best represented in the polychronous model of computation (MoC) and proposes to use this model for code validation of behavior specifications in architecture analysis & design language (AADL). In this relational MoC, the basic objects are signals, which are related through dataflow equations. Signals are associated with logical clocks, which provide the capability to describe systems in which components obey multiple clock rates. We propose a model of finite-state automata, called polychronous automata, which is based on clock relationships. A specificity of this model is that an automaton is submitted to clock constraints, which allows one to specify a wide range of control-related configurations, being either reactive or restrictive with respect to their control environment. A semantic model is defined for these polychronous automata, which relies on boolean algebra of clocks. Based on a previously defined modeling method for AADL software architectures using the polychronous MoC, the proposed model is used as a formal model for the AADL behavior annex. This is illustrated with a case study involving an adaptive cruise control system.
基金supported by the European Network of Excellence ReSIST.
文摘The k-set agreement problem is a generalization of the consensus problem: considering a system made up of n processes where each process proposes a value, each non-faulty process has to decide a value such that a decided value is a proposed value, and no more than k different values are decided. While this problem cannot be solved in an asynchronous system prone to t process crashes when t≥ k, it can always be solved in a synchronous system; [t/k]+1 is then a lower bound on the number of rounds (consecutive communication steps) for the non-faulty processes to decide. The condition-based approach has been introduced in the consensus context. Its aim was to both circumvent the consensus impossibility in asynchronous systems, and allow for more efficient consensus algorithms in synchronous systems. This paper addresses the condition-based approach in the context of the k-set agreement problem. It has two main contributions. The first is the definition of a framework that allows defining conditions suited to the l-set agreement problem and the second is a generic synchronous k-set agreement algorithm based on conditions.
基金supported by the Comunidad de Madrid under Grant No.S2009/TIC-1692the Spanish MEC under Grant Nos.TIN2007-67353-C02-01 and TIN2008-06735-C02-01
文摘This paper considers the eventual leader election problem in asynchronous message-passing systems where an arbitrary number t of processes can crash(t〈n,where n is the total number of processes).It considers weak assumptions both on the initial knowledge of the processes and on the network behavior.More precisely,initially,a process knows only its identity and the fact that the process identities are different and totally ordered(it knows neither n nor t).Two eventual leader election protocols and a lower bound are presented.The first protocol assumes that a process also knows a lower bound α on the number of processes that do not crash.This protocol requires the following behavioral properties from the underlying network:the graph made up of the correct processes and fair lossy links is strongly connected,and there is a correct process connected to(n〈f)-α other correct processes(where f is the actual number of crashes in the considered run) through eventually timely paths(paths made up of correct processes and eventually timely links).This protocol is not communication-efficient in the sense that each correct process has to send messages forever.The second protocol is communication-efficient:after some time,only the final common leader has to send messages forever.This protocol does not require the processes to know α,but requires stronger properties from the underlying network:each pair of correct processes has to be connected by fair lossy links(one in each direction),and there is a correct process whose n〈f-1 output links to the rest of correct processes have to be eventually timely.A matching lower bound result shows that any eventual leader election protocol must have runs with this number of eventually timely links,even if all processes know all the processes identities.In addition to being communication-efficient,the second protocol has another noteworthy efficiency property,namely,be the run finite or infinite,all the local variables and message fields have a finite domain in the run.
基金This project has received funding from the European Research Council(ERC)under the European Union’s Horizon 2020 research and innovation programme(grant agreement No 681402)This work was partially supported by the TU Graz LEAD project“Dependable Internet of Things in Adverse Environments”.
文摘In modern computer systems,user processes are isolated from each other by the operating system and the hardware.Additionally,in a cloud scenario it is crucial that the hypervisor isolates tenants from other tenants that are co-located on the same physical machine.However,the hypervisor does not protect tenants against the cloud provider and thus,the supplied operating system and hardware.Intel SGX provides a mechanism that addresses this scenario.It aims at protecting user-level software from attacks from other processes,the operating system,and even physical attackers.In this paper,we demonstrate fine-grained software-based side-channel attacks from a malicious SGX enclave targeting co-located enclaves.Our attack is the first malware running on real SGX hardware,abusing SGX protection features to conceal itself.Furthermore,we demonstrate our attack both in a native environment and across multiple Docker containers.We perform a Prime+Probe cache side-channel attack on a co-located SGX enclave running an up-to-date RSA implementation that uses a constant-time multiplication primitive.The attack works,although in SGX enclaves,there are no timers,no large pages,no physical addresses,and no shared memory.In a semi-synchronous attack,we extract 96%of an RSA private key from a single trace.We extract the full RSA private key in an automated attack from 11 traces within 5 min.
基金received funding from the European Research Council(ERC)under the European Union’s Horizon 2020 research and innovation programme(grant agreement No 681402)partially supported by the TU Graz LEAD project“Dependable Internet of Things in Adverse Environments”.
文摘In modern computer systems,user processes are isolated from each other by the operating system and the hardware.Additionally,in a cloud scenario it is crucial that the hypervisor isolates tenants from other tenants that are co-located on the same physical machine.However,the hypervisor does not protect tenants against the cloud provider and thus,the supplied operating system and hardware.Intel SGX provides a mechanism that addresses this scenario.It aims at protecting user-level software from attacks from other processes,the operating system,and even physical attackers.In this paper,we demonstrate fine-grained software-based side-channel attacks from a malicious SGX enclave targeting co-located enclaves.Our attack is the first malware running on real SGX hardware,abusing SGX protection features to conceal itself.Furthermore,we demonstrate our attack both in a native environment and across multiple Docker containers.We perform a Prime+Probe cache side-channel attack on a co-located SGX enclave running an up-to-date RSA implementation that uses a constant-time multiplication primitive.The attack works,although in SGX enclaves,there are no timers,no large pages,no physical addresses,and no shared memory.In a semi-synchronous attack,we extract 96% of an RSA private key from a single trace.We extract the full RSA private key in an automated attack from 11 traces within 5 min.
基金the National Natural Science Foundation of China(NSFC)under Grant 72022001,92146003,71901003the Air Force Office of Scientific Research under Grant FA95502010211by Discover GrantRGPIN-2018-05795fromNSERCCanada.
文摘The generalized likelihood ratio(GLR)method is a recently introduced gradient estimation method for handling discontinuities in a wide range of sample performances.We put the GLR methods from previous work into a single framework,simplify regularity conditions to justify the unbiasedness of GLR,and relax some of those conditions that are difficult to verify in practice.Moreover,we combine GLR with conditional Monte Carlo methods and randomized quasi-Monte Carlo methods to reduce the variance.Numerical experiments show that variance reduction could be significant in various applications.
