Link: https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-lipp.pdf

Summary:

Modern computer systems depend on the kernel being non-accessible, however this paper written by a multitude of authors and teams turns this conception on its head proving that their Attack "meltdown" can exploit side effects of out of order attacks in order to get private data. The prevalence of out of order attacks in modern systems makes this paper even more relevant, given the vulnerability exists in almost every computer in the world. Thankfully however this paper explores mitigation techniques that were developed for other reasons such as the Kaiser defense, which inadvertently can defend against these types of exploits to some degree.

What I liked:

1. The paper details meltdown which is a vulnerability that doesn't go after a vulnerability in software

2. The paper looks into mitigation techniques such as the KAISER defense mechanism for KASLR

3. The paper presents a really interesting end to end attack which looks at the different facets of how an attack would  really happen out in the wild.

4. The paper goes into not only a raw attack but also talks about ways they can optimize the attack

5. The explanation of why Kaiser defends against aspects of Meltdown was a very interesting addition

What I didn't like:

1. This attack is very specific to out of order execution programs - which is starting to become a common vulnerability as we saw in the last paper

2. This attack doesn't work on all windows machines, only a subset of them

3. The mitigation techniques aren't novel ie, we've already deployed them for a different reason

4. The paper doesn't explain at all why this attack doesn't attack ios - does it have to do with the fact that apple builds their chips differently

5. When it comes to asking questions there's a lot of people and teams who worked on this paper - so it might be a challenge finding the right person to get in to contact with

Points for Discussion:

1. How did the discovery of KASLR differ from the discovery of Meltdown

2. Why is out of order prevalent in modern cores from an architecture level as opposed to older cores

3. What have virtual environments done in the aftermath of Meltdown disclosures in order to secure their services

4. Why is there a difference in the vulnerability when it is run on Linux as opposed to Windows

5. Has there been any documented Meltdown attacks on Android

New Ideas:

1. Compare the architecture of Apple chips to intel ones specifically in the context of attacks such as KASLR and Meltdown - why didn't apple fall into the same pitfall as intel

2. Is there an alternative way in order to segment enclave memory to prevent these attacks

3. Map other CPU's that might share similar designs and see if they fall into similar attacks

4. Study the prevalence of Meltdown attacks in android and compare to systems that had timely patches

5. Is there a way to attack the supervisor bit on the processor to get access to restricted areas?

Summary: EnclaveDB is a database engine that guarantees confidentiality, integrity, and freshness for data and queries even when all other actors including the database administrator is a malicious actor. The novel way this can happen is through a small trusted computing base which includes in memory storage and precompiled procedures. I think the real beauty in this technology was the fact that they were able to do it with minimal synchronization of threads - which honestly I would find a challenge to do.

What I liked:

1. The attacker model for this paper is amazing, the study authors managed a way to maintain the integrity of the database even when the database admin is malicious

2. The paper explains really well why current methods for property preserving encryption end up failing or not holding up as well as this solution

3. The system maintains the programming model similar to conventional relational databases so they are not reinventing the wheel.

4. I found it interesting the system allows for remote attestations - which seems very similar to the literature I've read on distributed ledgers and block chain systems

5. The protocol requires minimal synchronization between threads - which explains why the system is able to maintain freshness of data

What I didn't like:

1. Even though the security leaps offered by this system are huge, I think that 40% more overhead might be too much to supplant traditional database systems.

2. The system requires specific hardware (SGX) which means that systems need to replace their current hardware in order to use this system

3. I'm not sure how practical it is to assume that we can host huge amounts of memory in DRAM just because the prices of it are falling

4. The system uses the Intel Attestation verification service to check if a given quote has been signed by a valid attestation key --> From what I understand if this system fails it could end up compromising the entire system. So it could possibly have a single point of failure

5. I'm not really 100% sure how the remote challenger can establish trust in an enclave without a lot of really intensive ZKPs

Points for Discussion:

1. How different are these secure enclaves from the one's used by Apple?

2. How could someone spoof an enclave in an untrusted database

3. Instead of creating a specific area in an untrusted database, why not work on finding a secure data base to work on?

4. How is the Merkle Tree used in EnclaveDB different than the one used in BlockChains

5. What percentage overhead for a secure database system like this is acceptable for wide scale adoption in the enterprise community?

New Ideas:

1. Explore new ways to audit results from this database

2. Building of the distributed attestation might be really interesting because each distributed system could verify in a different way whether the enclave really is an enclave. It could also distribute the computation of a ZKP

3. From a hardware POV is there a way to designate secure memory only for a specific function?

4. How can distributed methods of memory tables be used in systems like Block Chains

5. Analyze the adoption of systems like these and their user groups

Summary: This paper covers a Iron a really powerful functional encryption technique. The reason this paper is really ground breaking is the fact that it allows for a faster more practical version of functional encryption which is a landslide faster than current members. The problem with this paper that makes it hard to analyze is the fact that its built on SGX which is proprietary and as a result security researchers would not have the same access to scrutinize, compared to say open source software. The reason this technology is cool, is because it could pave the way for more sharing of data while at the same time protecting that data from misuse. Now if someone wants to have banking information on the cloud or with some entity - they can create keys that share only the data they agree to share with another entity improving overall security.

What I liked:

1. Functional Encryption is a technology that has a lot of potential applications if the technical and feasibility aspects of it can be worked out

2. This method runs functional encryption at full processor speeds which has been a challenge to accomplish in past studies

3. The method works well on complex functions and might even be better the more complex the function is?

4. The system doesn't put all its hope in the trust offered by SGX and treat it as a black box - the study looks at it from the pov that there are limitations of SGC

5. The study has a very good explanation of the relevant  SGX knowledge needed to understand this paper.

What I didn't like:

1. There might be a single point of failure in the attestation system which secures enclaves

2. There are ways to spoof the request for keys that the paper doesn't cover

3. I'm not sure how realistic it is for the enclave to erase everything relevant to its state from memory

4. This system requires 3 different secure enclaves - is it possible to do it with 2 or less?

5. SGX isn't open source so it might be hard to evaluate it

Points for Discussion:

1. Is there room from a hardware POV for future improvements to functional encryption

2. 20 years down the line say if the encryption encoding functional encryption is broken, is there any precautions that should be taken encoding the core data

3. Has there ever been a documented failure of Intel's verification attester?

4. How comprehensive can a security study of SGC products be given that the core tech is proprietary

5. Are there any other comparable technologies that have different implementations which can be used as the basis for future functional encryption.

New Ideas :

1. Possible audit methods for making sure the technology gives you the right answer using rudimentary systems maybe CSD?

2. Explore side channel attacks which might not have been covered in the paper

3. Develop Iron for an open source environment such as Sanctum

4. Encrypt data even more before putting it into functional encryption

5. What regulations need to be in place for the wide scale adoption of functional encryption

Summary: I think that certain blockchain ideas get a little bit too much hype and this is definetly one of them. Arbitrum claims to be a step up on ethereum by offering smart contracts that have the ability to scale. But I think there are some very fundamental problems with the way this system is implemented which leaves it open to DOS attacks. Furthermore I think the system as a whole places too much power in the hands of third parties, while system like Ethereum only depend on the code. I think that this is my least favorite paper so far of the year

 What I liked:

1. The system works through off the chain approach to figuring out how to conduct transactions -- very good because of issues with latency that plagues normal blockchains - there's a push in blockchains to move off the chain

2. The system for what it's worth is some what cheaper to manage because not everyone is doing the same computations

3. The paper claims to solve scalability issues for EVM smart contracts, its debatable whether it actually does this but the fact they are focusing in on the issue is pretty admirable.

4. I think there's a lot of customization in the VM options which is something you don't get when working with the standard EVM

5. It emulates what I think would be a reasonable human system in the 20th century - its something I could explain to my grandma decently well.

What I didn't like:

1. Ethereum and EOS is probably the industry standard - deviating away from what everyone else is doing doesn't really help improve security. I'd prefer if they built an over the top system

2. I think there's too much power given to the verifiers in this system - it’s a little bit too centralized to scale well in practicality

3. The verification of checking proofs every time there is a dispute could be a little bit challenging - for one who determines what's correct? IE going back to the split between Ethereum vs Ethereum Classic where both sides had a correct answer

4. I think it is very likely you could overwhelm a manager and make them lose out timing - the fact that this type of system needs human intervention makes me very skeptical of it

5. I don't like the idea of negative incentives - ie penalizing someone who challenging something. At worse I think you should be no worse than you started.

Discussion Points:

*Just as a general note -- this paper left a lot of questions in my mind which I guess will end up being solved through usage if this ever gets deployed in the real world

1. Under what circumstances would a malicious actor be able to take control of the smart contract

2. Is it possible to add new managers to the contract while the contract is already alive, ie for a company appointing a new board member

3. Does a manager need to be online 24/7 in order to make sure their vm is working correctly and as intended

4. How do you make a legal system that has no consensus method that is baked in? That just puzzles me a bit, because they claim its platform agnostic but like I think that there should be some for of defauly

5. Are there any ambiguous cases where a verifier could split both ways?

New Ideas:

1. Making a version where you take out the verifier and just have the vm decide what to do (this ends up being very similar to what we have in ethereum) -- the reason is because people are ambiguous code is not

2. Attack model of just creating an infinite amount of disputable assertions - I don't think this system will end up holding against it

3. Create a way to predict before the program is run how much the VM will spend trying to run the program

4. How much more efficient would this system be if the customization of VM's were stripped?

5. Study adoption methods within the wider smart contract community