{"title":"斯内普:处理异质飞地的黑魔法","authors":"Zahra Tarkhani, Anil Madhavapeddy, R. Mortier","doi":"10.1145/3301418.3313945","DOIUrl":null,"url":null,"abstract":"Code executing on the edge needs to run on hardware platforms that feature different memory architectures, virtualization extensions, and using a range of security features. Forcing application code to conform to a monolithic API such as POSIX, or ABI such as Linux, ties developers into large, complex platforms that make it difficult to use such hardware-specific features effectively as well as coming with their own baggage and the attendant security issues. As edge computing proliferates, handling increasingly sensitive and intimate data in our everyday lives, it becomes important for developers to be able to use all the hardware resources of their particular platform, correctly and efficiently. To this end, we propose Snape, an API and composable platform for matching applications' needs to the available hardware features in a heterogeneous environment. Unlike existing solutions, Snape provides applications with a flexible trust model and replaces untrusted host OS services with corresponding hw-assisted secured services. We report experience with our proof-of-concept implementation that enables Solo5 unikernels on Raspberry Pi 3 boards to make effective use of ARM TrustZone security technology.","PeriodicalId":131097,"journal":{"name":"Proceedings of the 2nd International Workshop on Edge Systems, Analytics and Networking","volume":"71 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Snape: The Dark Art of Handling Heterogeneous Enclaves\",\"authors\":\"Zahra Tarkhani, Anil Madhavapeddy, R. Mortier\",\"doi\":\"10.1145/3301418.3313945\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Code executing on the edge needs to run on hardware platforms that feature different memory architectures, virtualization extensions, and using a range of security features. Forcing application code to conform to a monolithic API such as POSIX, or ABI such as Linux, ties developers into large, complex platforms that make it difficult to use such hardware-specific features effectively as well as coming with their own baggage and the attendant security issues. As edge computing proliferates, handling increasingly sensitive and intimate data in our everyday lives, it becomes important for developers to be able to use all the hardware resources of their particular platform, correctly and efficiently. To this end, we propose Snape, an API and composable platform for matching applications' needs to the available hardware features in a heterogeneous environment. Unlike existing solutions, Snape provides applications with a flexible trust model and replaces untrusted host OS services with corresponding hw-assisted secured services. We report experience with our proof-of-concept implementation that enables Solo5 unikernels on Raspberry Pi 3 boards to make effective use of ARM TrustZone security technology.\",\"PeriodicalId\":131097,\"journal\":{\"name\":\"Proceedings of the 2nd International Workshop on Edge Systems, Analytics and Networking\",\"volume\":\"71 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-03-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2nd International Workshop on Edge Systems, Analytics and Networking\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3301418.3313945\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2nd International Workshop on Edge Systems, Analytics and Networking","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3301418.3313945","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Snape: The Dark Art of Handling Heterogeneous Enclaves
Code executing on the edge needs to run on hardware platforms that feature different memory architectures, virtualization extensions, and using a range of security features. Forcing application code to conform to a monolithic API such as POSIX, or ABI such as Linux, ties developers into large, complex platforms that make it difficult to use such hardware-specific features effectively as well as coming with their own baggage and the attendant security issues. As edge computing proliferates, handling increasingly sensitive and intimate data in our everyday lives, it becomes important for developers to be able to use all the hardware resources of their particular platform, correctly and efficiently. To this end, we propose Snape, an API and composable platform for matching applications' needs to the available hardware features in a heterogeneous environment. Unlike existing solutions, Snape provides applications with a flexible trust model and replaces untrusted host OS services with corresponding hw-assisted secured services. We report experience with our proof-of-concept implementation that enables Solo5 unikernels on Raspberry Pi 3 boards to make effective use of ARM TrustZone security technology.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
