Abstract of Dmitrii’s talk:
Shielded execution based on Intel SGX provides strong security guarantees for legacy applications running on untrusted platforms. However, memory safety attacks such as Heartbleed can render the confidentiality and integrity properties of shielded execution completely ineffective. To prevent these attacks, the state-of-the-art memory-safety approaches can be used in the context of shielded execution. In the talk, we first showcase that two prominent software- and hardware-based defenses, AddressSanitizer and Intel MPX respectively, are impractical for shielded execution due to high performance and memory overheads. This motivated our design of SGXBounds—an efficient memory-safety approach for shielded execution exploiting the architectural features of Intel SGX. Our design is based on a simple combination of tagged pointers and compact memory layout. We implemented SGXBounds based on the LLVM compiler framework targeting unmodified multithreaded applications. Our evaluation using Phoenix, PARSEC, and RIPE benchmark suites shows that SGXBounds has performance and memory overheads of 17% and 0.1% respectively, while providing security guarantees similar to AddressSanitizer and Intel MPX. Finally, we discuss the reasons behind subpar performance of Intel MPX and provide insights of its advantages and limitations.
Abstract of Do’s talk:
Approximate computing has recently emerged as a promising computing paradigm which allows making a systematic trade-off between the output accuracy and computation efficiency. Approximate computing is based on the observation that for many practical applications it is acceptable to approximate rather than produce exact output results. The idea behind approximate computing is to compute over a partial subset instead of the entire input data to achieve efficient execution. Unfortunately, the state-of-the-art systems for approximate computing primarily target batch analytics, where the input data remains unchanged during the course of computation. In this talk, we will present the design of StreamApprox – a stream analytics system for approximate computing. StreamApprox implements an online stratified reservoir sampling algorithm to produce approximate output with rigorous error bounds. Importantly, our proposed algorithm is generic and can be applied to two prominent types of stream processing systems: (1) batched stream processing such as Apache Spark Streaming, and (2) pipelined stream processing such as Apache Flink.
Bio of Dmitrii Kuvaiskii:
Dmitrii defended his PhD “Hardware-Assisted Dependable Systems” at TU Dresden, Germany in January, 2018. He was co-supervised by Prof. Dr. Christof Fetzer (TU Dresden) and Prof. Dr. Pramod Bhatotia (University of Edinburgh). His research work was published in many top venues, including EuroSys, DSN, and SRDS, with best paper awards at SRDS’14, DSN’15, and EuroSys’17. His research interests lie in the field of dependability of software systems, with a particular focus on fault tolerance and security. Before joining TU Dresden, Dmitrii worked as a software engineer at Auriga Inc (2010 — 2011) and Diasoft (2007 — 2010) in Moscow, Russia. During his PhD, he interned with Intel Labs, USA. He will soon join Intel Labs as a research scientist, concentrating on security in data centers.
Bio of Do Le Quoc:
Do is a PostDoc at the Systems Engineering Group of TU Dresden. During his Ph.D., he was co-supervised by Prof. Dr. Christof Fetzer (TU Dresden) and Prof. Dr. Pramod Bhatotia (University of Edinburgh). His research interests include big data analytics, approximate computing, and distributed systems. Since 2016, he’s been lucky to have fruitful internship/collaboration with Bell Labs. Prior to joining TU Dresden, he received his Masters degree in computer science from Pohang University of Science and Technology (POSTECH), Korea in 2012 under the supervision of Prof. Dr. James Won-Ki Hong. He also worked at the R&D center of DASAN Networks company, Seoul, Korea after receiving his Masters degree.