Uday Savagaonkar

Innovative instructions and software model for isolated execution

For years the PC community has struggled to provide secure solutions on open platforms. Intel has developed innovative new technology to enable SW developers to develop and deploy secure applications on open platforms. The technology enables applications to execute with confidentiality and integrity in the native OS environment. It does this by providing ISA extensions for generating hardware enforceable containers at a granularity determined by the developer. These containers while opaque to the operating system are managed by the OS. This paper analyzes the threats and attacks to applications. It then describes the ISA extension for generating a HW based container. Finally it describes the programming model of this container.

Allocation of QoS connections in MF-TDMA satellite systems: a two-phase approach

We address the problem of providing guaranteed quality-of-service (QoS) connections over a multifrequency time-division multiple-access (MF-TDMA) system that employs differential phase-shift keying (DPSK) with various modulation modes. The problem can be divided into two parts-resource calculation and resource allocation. We present algorithms for performing these two tasks and evaluate their performance in the case of a Milstar extremely high frequency satellite communication (EHF-SATCOM) system. In the resource-calculation phase, we calculate the minimum number of timeslots required to provide the desired level of bit-error rate (BER) and data rate. The BER is directly affected by the disturbance in the link parameters. We use a Markov modeling technique to predict the worst case disturbance over the connection duration. The Markov model is trained offline to generate a transition-probability matrix, which is then used for predicting the worst case disturbance level. We provide simulation results to demonstrate that our scheme outperforms the scheme currently implemented in the EHF-SATCOM system. The resource-allocation phase addresses the problem of allocating actual timeslots in the MF-TDMA channel structure (MTCS). If we view the MTCS as a collection of bins, then the allocation of the timeslots can be considered as a variant of the dynamic bin-packing problem. Because the this problem is known to be NP-complete, obtaining an optimal packing scheme requires a prohibitive amount of computation. We propose a novel packing heuristic called reserve channel with priority (RCP) fit and show that it outperforms two common bin-packing heuristics.

Online pricing for bandwidth provisioning in multi-class networks

We consider the problem of pricing for bandwidth provisioning over a single link, where users arrive according to a known stochastic traffic model. The network administrator controls the resource allocation by setting a price at every epoch, and each users response to the price is governed by a demand function. We formulate this problem as a partially observable Markov decision process (POMDP), and explore two novel pricing schemes--reactive pricing and spot pricing--and compare their performance to appropriately tuned flat pricing. We use a gradient-ascent approach in all the three pricing schemes. We provide methods for computing unbiased estimates of the gradient in an online (incremental) fashion. Our simulation results show that our novel schemes take advantage of the known underlying traffic model and significantly outperform the model-free pricing scheme of flat pricing.

Efficient resource allocation for QoS channels in MF-TDMA satellite systems

In this paper, we address the problem of providing guaranteed quality of service (QoS) channels over multi-frequency time division multiple access (MF-TDMA) systems that employ DPSK with multiple modulation modes. The two QoS measures that we consider are the bit error rate (BER) and the data rate. We treat the data rate as a deterministic QoS measure, and the BER as a statistical QoS measure. Our approach is divided into two phases: resource calculation and resource allocation. In the resource calculation phase, we calculate the number of timeslots required to provide the desired level of QoS. We treat this as a disturbance prediction problem and present a Markov model based scheme for solving it. We compare the performance of this scheme with that of the scheme implemented in the extremely high frequency satellite communication (EHF-SATCOM) systems, which are jointly used by the four military services. The resource allocation phase addresses the problem of allocating actual timeslots in the MF-TDMA channel structure (MTCS). The MTCS allows flexibility in capacity allocation, but suffers from inefficiencies caused by fragmentation. Here we propose a novel packing scheme called the Reserve Channel with Priority (RCP) fit, and show that it outperforms the first-fit and the best-fit algorithms in the cases considered.

Mitigating the lying-endpoint problem in virtualized network access frameworks

Malicious root-kits modify the in-memory state of programs executing on an endpoint to hide themselves from security software. Such attacks negatively affect network-based security frameworks that depend on the trustworthiness of endpoint software. In network access control frameworks this issue is called the lying-endpoint problem, where a compromised endpoint spoofs software integrity reports to render the framework untrustworthy. We present a novel architecture called Virtualization-enabled Integrity Services (VIS) to protect the run-time integrity of network-access software in an untrusted environment. We describe the design of a VIS-protected network access stack, and characterize its performance. We show that a network access stack running on an existing operating system can be protected using VIS with less than 5% overhead, even when each network packet causes protection enforcement.

Towards a Virtualization-enabled Framework for Information Traceability (VFIT)

Automated and targeted attacks to steal sensitive information from computers are increasing in frequency along with the stealthiness of these attacks. Tools for generating attacks on existing Information Technology infrastructure are readily available. These attacks can easily evade detection from today’s countermeasures. Information theft is thus an important threat vector for networked communities where sensitive information is exchanged with partners in different administrative domains, with dissimilar security policies and configurations. The combination of disparately managed networks, ability to store information offline, and remote access functionality complicate the enforcement of information security policies. We tackle the issue of protecting sensitive information by applying a systemintegrity and information-auditing perspective. We believe this is the first step towards mitigating insider abuse of data-use privileges. We present a Virtualization- enabled Framework for Information Traceability (VFIT) to prevent unauthorized handling of sensitive information. We show that this hardware platform on which information is created, transformed and stored is a key enforcement point to provide accountable information flow. We describe the application of our previous work on Virtualization-enabled Integrity Service (VIS) to implement VFIT. Our approach is data-centric and provides a mechanism that can deterministically audit use of information while it is in use in volatile or non-volatile memory. Using this mechanism, we describe how existing network security mechanisms and our proposed framework can be applied to applications to provide traceability for sensitive information in a distributed system.