recentpopularlog in

jabley : papers   27

Cloud Programming Simplified: A Berkeley View on Serverless Computing
Serverless cloud computing handles virtually all the system administration operations needed to make it
easier for programmers to use the cloud. It provides an interface that greatly simplifies cloud programming,
and represents an evolution that parallels the transition from assembly language to high-level programming
languages. This paper gives a quick history of cloud computing, including an accounting of the predictions
of the 2009 Berkeley View of Cloud Computing paper, explains the motivation for serverless computing,
describes applications that stretch the current limits of serverless, and then lists obstacles and research
opportunities required for serverless computing to fulfill its full potential. Just as the 2009 paper identified
challenges for the cloud and predicted they would be addressed and that cloud use would accelerate, we
predict these issues are solvable and that serverless computing will grow to dominate the future of cloud
report  papers  cloud  serverless  filetype:pdf 
march 2019 by jabley
ExSpectre: Hiding Malware in Speculative Execution
Recently, the Spectre and Meltdown attacks revealed serious vulnerabilities in modern CPU designs, allowing
an attacker to exfiltrate data from sensitive programs. These
vulnerabilities take advantage of speculative execution to coerce
a processor to perform computation that would otherwise not
occur, leaking the resulting information via side channels to an
In this paper, we extend these ideas in a different direction,
and leverage speculative execution in order to hide malware from
both static and dynamic analysis. Using this technique, critical
portions of a malicious program’s computation can be shielded
from view, such that even a debugger following an instructionlevel trace of the program cannot tell how its results were
We introduce ExSpectre, which compiles arbitrary malicious
code into a seemingly-benign payload binary. When a separate
trigger program runs on the same machine, it mistrains the CPU’s
branch predictor, causing the payload program to speculatively
execute its malicious payload, which communicates speculative
results back to the rest of the payload program to change its
real-world behavior.
We study the extent and types of execution that can be
performed speculatively, and demonstrate several computations
that can be performed covertly. In particular, within speculative execution we are able to decrypt memory using AES-NI
instructions at over 11 kbps. Building on this, we decrypt and
interpret a custom virtual machine language to perform arbitrary
computation and system calls in the real world. We demonstrate
this with a proof-of-concept dial back shell, which takes only
a few milliseconds to execute after the trigger is issued. We
also show how our corresponding trigger program can be a preexisting benign application already running on the system, and
demonstrate this concept with OpenSSL driven remotely by the
attacker as a trigger program.
ExSpectre demonstrates a new kind of malware that evades
existing reverse engineering and binary analysis techniques. Because its true functionality is contained in seemingly unreachable
dead code, and its control flow driven externally by potentially
any other program running at the same time, ExSpectre poses a
novel threat to state-of-the-art malware analysis techniques.
malware  cpu  papers  security  filetype:pdf  infosec  spectre  vulnerability 
march 2019 by jabley

Copy this bookmark:

to read