Security for VEDLIoT Components, from Cloud through Edge to IoT. Marcelo Pasin. Workshop on Deep Learning for IoT (DL4IoT), co-located with HiPEAC 2022, Budapest, Hungary, June 2022
Global Azure boot camp 2015 - Microsoft IoT Solutions with AzureVinoth Rajagopalan
This document discusses Microsoft IoT solutions using Azure. It introduces Internet of Things concepts and why the cloud is important for IoT. It describes key Azure IoT services like Event Hubs and Stream Analytics. Popular IoT protocols like MQTT and AllJoyn are covered. Microsoft operating systems for IoT devices from Windows Embedded to Windows 10 IoT editions are explained. Finally, it demos connecting devices to Azure services and discusses the Connect the Dots open source project.
Distributed intelligence using edge computing addresses challenges with centralized cloud computing like high latency and bandwidth usage. However, it introduces new security challenges with multiple providers and tenants. Solutions include encrypting all data, communications and keys; using technologies like TPM and SGX for secure execution; and reducing overhead of encryption through hardware accelerators to ensure security and performance in fog computing environments.
Industrial IoT Mayhem? Java IoT Gateways to the RescueEurotech
Industrial IoT comes with great expectations for operational efficiency, promising improved asset utilization and productivity gains. IIoT challenges include reliability, security, low maintenance, long lifecycle, and integration into heterogeneous and fragmented systems. This session proposes some architectural patterns that can be leveraged to overcome these challenges. It introduces, at the center of the solution, Java-powered IoT gateways and modular IoT application frameworks such as the open source Eclipse Kura. Incorporating a live demonstration, the presentation highlights some of the latest Eclipse Kura features such as a pluggable device model for fieldbus protocols, visual data flow, and connectivity across various IoT cloud service providers.
JavaOne 2016 - Presentation by Dave Woodard and Walt Bowers
Developers’ mDay u Banjoj Luci - Janko Isidorović, Mainflux – Unified IoT Pl...mCloud
This document provides information on unified IoT platforms and discusses Mainflux, an open source IoT platform. It begins with an overview of IoT devices, edge computing, on-premise deployment and cloud deployment challenges. It emphasizes the importance of a unified architecture to reduce costs and complexity. The document then describes Mainflux, highlighting its use of microservices and ability to deploy on various hardware from constrained devices to the cloud. It discusses how Mainflux addresses issues like scalability, security and support for multiple protocols and databases.
Attestation Mechanisms for Trusted Execution Environments Demystified - Prese...Jämes Ménétrey
The presentation slides of the paper Attestation Mechanisms for Trusted Execution Environments Demystified, published in the proceedings of the 22nd IFIP International Conference on Distributed Applications and Interoperable Systems, June 2022.
Read the publication here: https://arxiv.org/abs/2206.03780
This publication incorporates results from the VEDLIoT project, which received funding from the European Union's Horizon 2020 research and innovation programme under grant agreement No 957197.
The number of internet-connected devices is growing exponentially, enabling an increasing number of edge applications in environments such as smart cities, retail, and industry 4.0. These intelligent solutions often require processing large amounts of data, running models to enable image recognition, predictive analytics, autonomous systems, and more. Increasing system workloads and data processing capacity at the edge is essential to minimize latency, improve responsiveness, and reduce network traffic back to data centers. Purpose-built systems such as Supermicro’s short-depth, multi-node SuperEdge, powered by 3rd Gen Intel® Xeon® Scalable processors, increase compute and I/O density at the edge and enable businesses to further accelerate innovation.
Join this webinar to discover new insights in edge-to-cloud infrastructures and learn how Supermicro SuperEdge multi-node solutions leverage data center scale, performance, and efficiency for 5G, IoT, and Edge applications.
The document discusses an Audi telematics project in collaboration with IBM. IBM provided the overall architecture, components for the telematics control unit, and project management. The goal was to develop an end-to-end telematics prototype integrating the vehicle with external content and applications through a wireless gateway. IBM's architecture offered flexibility, security, and integration of the vehicle with the internet and wireless networks. The project helped build the foundation for Audi's telematics platform and global leadership position.
Edge computing has been gaining popularity as it defines a model that brings compute and storage closer to where they are consumed by the end-user. By being closer to the end-user a better experience can be provided with a reduction in overall latency, lower bandwidth requirements, lower TCO, more flexible hardware/software model, while also ensuring security and reliability. In this talk, Abhishek discusses aligning Apache CloudStack with this evolving cloud computing model and supporting Edge Zones, which can be also looked upon as lightweight zones, with minimal resources.
Abhishek Kumar is a committer of the Apache CloudStack project and has worked on the notable features such as VM ingestion, CloudStack Kubernetes Service, IPv6 support, etc. He works as a Software Engineer at ShapeBlue.
-----------------------------------------
CloudStack Collaboration Conference 2022 took place on 14th-16th November in Sofia, Bulgaria and virtually. The day saw a hybrid get-together of the global CloudStack community hosting 370 attendees. The event hosted 43 sessions from leading CloudStack experts, users and skilful engineers from the open-source world, which included: technical talks, user stories, new features and integrations presentations and more.
Software development in ar mv8 m architecture - yiuArm
This document provides information on ARMv8-M architecture and TrustZone security for microcontrollers. It introduces the Cortex-M23 and Cortex-M33 processors that implement the ARMv8-M architecture. It describes the ARMv8-M sub-profiles and highlights key features of the Cortex-M23 and Cortex-M33 such as enhanced debug capabilities and support for TrustZone security. The document also discusses software development concepts for the ARMv8-M architecture such as separation of secure and non-secure worlds and debug authentication. Finally, it outlines how TrustZone can provide security for Internet of Things applications and endpoints.
LinuxCon Tokyo 2016 focused on developing secure IoT gateways. The presentation discussed gateway architecture choices like ARM and x86 processors. Connectivity options for sensors like Bluetooth and WiFi were also covered. Security is a major concern, and the talk evaluated both reactive measures like intrusion detection and proactive approaches like mandatory access control. Maintaining gateways over long product lifecycles requires techniques like live kernel patching and signed over-the-air updates to securely deploy upgrades. Embedded Linux provides a robust software platform for building reliable and secure IoT gateways.
Confidential Computing provides comprehensive protection for sensitive data by performing computation within hardware-based Trusted Execution Environments. This prevents unauthorized access to applications and data in use, increasing security assurances for regulated industries. IBM offers a portfolio of Confidential Computing services spanning on-premises and cloud options, including confidential virtual servers, databases, containers, and cryptography. These services allow customers to benefit from cloud capabilities while maintaining strict control and privacy of sensitive data.
Walking through the fog (computing) - Keynote talk at Italian Networking Work...FBK CREATE-NET
"Walking through the fog (computing): trends, use-cases and open issues"
Despite its huge success in many IT-enabled application scenarios, cloud computing has demonstrated some intrinsic limitations that may severely limit its adoption in several contexts where constraints like e.g. preserving data locally, ensuring real-time reactivity or guaranteeing operation continuity despite lack of Internet connectivity (or a combination of them) are mandatory. These distinguishing requirements fostered an increased interest toward computing approaches that inherit the flexibility and adaptability of the cloud paradigm, while acting in proximity of a specific scenario. As a consequence, the emergence of this “proximity computing” approach has exploded into a plethora of architectural solutions (and novel terms) like fog computing, edge computing, dew computing, mist computing but also cloudlets, mobile cloud computing, mobile edge computing (and probably few others I may not be aware of…). The talk will initially make an attempt to introduce some clarity among these “foggy” definitions by proposing a taxonomy whose aim is to help identifying their peculiarities as well as their overlaps. Afterwards, the most important components of a generalized proximity computing architecture will be explained, followed by the description of few research works and use cases investigated within our Center and based on this emerging paradigm. An overview of open issues and interesting research directions will conclude the talk.
Developing Interoperable Components for an Open IoT Foundation Eurotech
In this presentation Eurotech and Red Hat present Kapua, a modular cloud platform that provides management for Internet of Things (IoT) gateways and smart edge devices. It represents a key milestone towards the development of a truly open, end-to-end foundation for IoT and its ecosystem of partners and solutions. Kapua provides a core integration framework with services for device registry, data and device management, message routing, and applications.
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...IRJET Journal
The document discusses public key infrastructure (PKI) and asymmetric encryption algorithms for securing data in VxWorks real-time operating systems (RTOS). It analyzes the performance of the RSA and Elliptic Curve Cryptography (ECC) asymmetric algorithms on a VxWorks Trusted Platform Module (TPM). The results show that ECC utilizes less memory and CPU than RSA while also having faster execution times. Therefore, the document concludes that ECC is better suited than RSA for use in VxWorks TPMs due to its increased efficiency, which can ultimately improve the overall performance of the RTOS.
The document discusses the challenges of creating truly dependable systems that are also affordable. It summarizes research done at NICTA on developing the seL4 microkernel, which has undergone formal verification to prove functional correctness and isolation properties. This level of assurance was achieved at a relatively affordable cost of $400 per line of code. The research demonstrates that formal methods can be cost-effective for developing high-assurance systems if the trusted computing base is minimized and components are designed for verification. Ongoing work aims to further scale this approach to larger systems.
1) Express Logic produces the real-time operating system ThreadX which is known for its source code quality and lack of bugs.
2) The presentation will examine ThreadX source code using the static code analysis tools Coverity and Structure101 to analyze code quality and detect any potential bugs or defects.
3) A live demo will show the results of analyzing ThreadX code and identifying any issues, as well as demonstrating the simple ThreadX application programming interface.
The document discusses best practices for implementing DevSecOps for microservices architectures. It begins by defining microservices and explaining their advantages over monolithic architectures. It then covers challenges of microservices including communication between services, databases, testing, and deployment. The document recommends using a choreography pattern for asynchronous communication between loosely coupled services. It provides examples of event-driven architectures and deploying to Kubernetes. It also discusses technologies like Jenkins, Docker, Kubernetes, SonarQube, and Trivy that can help support continuous integration, deployment, and security in DevSecOps pipelines.
Security and Compliance for Enterprise Cloud InfrastructureCloudPassage
This document discusses security challenges for enterprise cloud infrastructure and different approaches to addressing them. It summarizes common cloud use cases like ITaaS, development/testing in public clouds, and big data analytics. It then outlines challenges like virtualized networks and lack of hardware controls. Next-generation approaches like virtual appliances, in-hypervisor controls, and workload-based security are presented along with pros and cons. The document focuses on CloudPassage's workload-based security agent Halo, which provides automated security and compliance controls that scale across cloud environments.
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...xKinAnx
The document provides instructions for installing and configuring Spectrum Scale 4.1. Key steps include: installing Spectrum Scale software on nodes; creating a cluster using mmcrcluster and designating primary/secondary servers; verifying the cluster status with mmlscluster; creating Network Shared Disks (NSDs); and creating a file system. The document also covers licensing, system requirements, and IBM and client responsibilities for installation and maintenance.
Similar to HiPEAC 2022_Marcelo Pasin presentation (20)
IoT Tech Expo 2023_Micha vor dem Berge presentationVEDLIoT Project
VEDLIoT Next Generation AIoT Applications. Micha vor dem Berge. VEDLIoT Conference Track co-located with IoT Tech Expo, Amsterdam, Netherlands, September 2023
Next generation accelerated AIoT systems and applications. Pedro Trancoso. Special Session on EU Projects, co-located with Computing Frontiers 2023, Bologna, Italy, May 2023
The document outlines an agenda for a presentation on the VEDLIoT project. The agenda includes an introduction to VEDLIoT by Pedro Trancoso, a presentation on VEDLIoT Hardware Platforms by Kevin Mika, and a discussion of Performance Evaluation and Benchmarking in VEDLIoT by Mario Pormann. The VEDLIoT project aims to develop very efficient deep learning techniques for IoT applications through the use of heterogeneous hardware platforms and accelerators.
IoT Week 2022-NGIoT session_Micha vor dem Berge presentationVEDLIoT Project
This document discusses optimizing a smart home system using edge computing and machine learning. It describes using embedded accelerators like the Nvidia Jetson AGX and Xavier to distribute neural networks and machine learning models to devices around the home. These include a smart mirror, kitchen, door, and other devices. The goal is to optimize the models to increase energy efficiency and distribute the workloads across the edge devices. One focus is developing a smart mirror prototype that can recognize faces, objects and gestures using embedded accelerators like the t.RECS and u.RECS boards to analyze camera input and interact with users through voice and a virtual display.
Next Generation IoT Architectures_Hans SalomonssonVEDLIoT Project
VEDLIoT Toolchain for Efficient Deep Learning on heterogeneous hardware, Hans Salomonsson, EU-IoT Training Workshops Series – "Next Generation IoT Architectures”, November 2021
The document discusses hardware platforms and accelerators for VEDLIoT. It describes the VEDLIoT Hardware Platform as a heterogeneous, modular, and scalable microserver system that supports the IoT spectrum from embedded to edge to cloud. It then provides details on several platforms: the RECS|Box platform which uses Computer-on-Module standards to achieve flexibility and performance; the t.RECS platform optimized for local edge applications; and the uRECS embedded device platform that supports machine learning acceleration and communication interfaces. Diagrams and specifications are given for the architectures of these platforms.
VEDLIoT Cognitive IoT Hardware Platform. René Griessl. Workshop on Deep Learning for IoT (DL4IoT), co-located with HiPEAC 2022, Budapest, Hungary, June 2022
SS-CPSIoT 2023_Kevin Mika and Piotr Zierhoffer presentationVEDLIoT Project
VEDLIoT – Accelerated AIoT. Kevin Mika and Piotr Zierhoffer. CPS&IoT’2023 Summer School on Cyber-Physical Systems and Internet-of-Things, Budva, Montenegro, June 2023
VEDLIOT – Accelerated AIoT. Jens Hagemeyer. 2nd Workshop on Deep Learning for IoT (DL4IoT), co-located with HiPEAC 2023, Toulouse, France, January 2023
VEDLIoT – A heterogeneous hardware platform for next-gen AIoT applications, Jens Hagemeyer, EU-IoT Training Session on “Machine Learning at the Edge and the FarEdge”, IoT Week (online event), August 2021
Reconfigurable ML Accelerators in VEDLIoT. Marco Tassemeier. Workshop on Deep Learning for IoT (DL4IoT), co-located with HiPEAC 2022, Budapest, Hungary, June 2022
EU-IoT Training Workshops Series: AIoT and Edge Machine Learning 2021_Jens Ha...VEDLIoT Project
IoT - Accelerated Deep Learning for Cognitive Edge Computing, Jens Hagemeyer, EU-IoT Training Workshops Series – “AIoT and Edge Machine Learning”, May 2021
This an presentation about electrostatic force. This topic is from class 8 Force and Pressure lesson from ncert . I think this might be helpful for you. In this presentation there are 4 content they are Introduction, types, examples and demonstration. The demonstration should be done by yourself
Types of Garden (Mughal and Buddhist style)saloniswain225
Garden is the place where, flower blooming on a plant ,aesthetic things are present like Topiary, Hedges, Arches and many more. Whereas, Botanical garden is an educational institution for scientific research as well as gathering information about different culture. Such as, Hindu, Mughal , Buddhist style.
PART 1 The New Natural Principles of Electromagnetism and Electromagnetic Fie...Thane Heins
Document Summary and the History of Perpetual Motion
Every single Faraday Generator coil since 1834 has been and is currently performing Negative Work at infinite efficiency with created Electromagnetic Field Energy during electricity generation and its physical Kinetic Energy reduction or Electromagnetic Resistance of the changing magnetic field which is initially inducing Electric Current in the generator coil according to Faraday's Law of Induction.
The Work-Energy Principle confirms mathematically that the magnitude of the changing magnetic field's Kinetic Energy reduction is equal to the magnitude of Negative Work performed at infinite efficiency, which is equal to the magnitude of Energy (Electromagnetic Field Energy which is created according to Oersted's Law of Creation of Energy of 1820). Created Electromagnetic Field Energy is required in order to perform the Negative Work – because Work cannot be performed in the absence of Energy.
In 2007 Thane Heins of Almonte Ontario, Canada discovered that unlimited amounts of Positive Electromechanical Work could be performed at infinite efficiency with created and TIME DELAYED Electromagnetic Field Energy.
Every single ReGenX Generator coil since 2007 has been and is currently performing Positive Work at infinite efficiency with created Electromagnetic Field Energy during electricity generation and during its physical Kinetic Energy increase or Electromagnetic Assistance of the changing magnetic field which is initially inducing Electric Current in the generator coil according to Heins' Law of Induction.
Faraday Electric Generators all harness internally Created Electromagnetic Field Energy in order to perform Negative Work (system Kinetic Energy reduction) at infinite efficiency and ReGenX Electric Generators harness internally created and Time Delayed Electromagnetic Field Energy in order to perform Positive Work (system Kinetic Energy increase) at infinite efficiency.
Both Faraday Generators and ReGenX Generators operate as Perpetual Motion Machines of the First Kind because they both have the ability to perform both Negative or Positive Work indefinitely and at infinite efficiency without requiring any External Energy input. The unlimited Energy required to perform either the Negative or Positive Work is created at the Sub-Atomic Quantum Electron level inside the generators' Current Bearing Wires according to the Law of Creation of Energy.
Hans Christian Oersted discovered the Law of Creation of Energy in 1820 when he demonstrated the world's first Perpetual Motion Machine of the First Kind at the University of Copenhagen when he also simultaneously violated Newton's 1st, 2nd and 3rd Laws of Motion.
Michael Faraday built and demonstrated the world's second Perpetual Motion Machine of the First Kind in 1822 when he demonstrated his Electric Motor invention which harnessed created Electromagnetic Field Energy in order to perform Positive Electromechanical Work at infinite efficienc
Ethical considerations play a crucial role in research, ensuring the protection of participants and the integrity of the study. Here are some subject-specific ethical issues that researchers need
TOPIC: INTRODUCTION TO FORENSIC SCIENCE.pptximansiipandeyy
This presentation, "Introduction to Forensic Science," offers a basic understanding of forensic science, including its history, why it's needed, and its main goals. It covers how forensic science helps solve crimes and its importance in the justice system. By the end, you'll have a clear idea of what forensic science is and why it's essential.
Principles of Colorimetry - Mastering the Art of Colour MeasurementColours Guide
Unlock the secrets of colour science with our comprehensive presentation on the principles of colorimetry. This guide delves into the critical aspects of colour measurement, essential for ensuring consistent quality and customer satisfaction across various industries.
Key Topics Covered:
- Introduction to Colorimetry
- Human Perception of Colour
- Importance of Metamerism and Colour Constancy
- Understanding Different Colour Spaces (RGB, CMYK, Lab)
Utilising Spectrophotometers and Colorimeters
- Implementing Quality Control for Colour Consistency
Learn how mastering these techniques can enhance product quality and meet customer expectations. Perfect for professionals in printing, textiles, paint, food, cosmetics, automotive, electronics, and more.
Read the full article: https://colours.guide/principles-of-colorimetry/
Visit www.colours.guide for more insights and resources on colour science.
Cause and solution of Water hyacinth (Terror of Bengal)saloniswain225
Water hyacinth is a buoyant plant that has a clump of leaves with squishy stalks arising from the lower feathery roots and it is an invasive species came from South America
Dalghren, Thorne and Stebbins System of Classification of AngiospermsGurjant Singh
The Dahlgren, Thorne, and Stebbins system of classification is a modern method for categorizing angiosperms (flowering plants) based on phylogenetic relationships. Developed by botanists Rolf Dahlgren, Robert Thorne, and G. Ledyard Stebbins, this system emphasizes evolutionary relationships and incorporates extensive morphological and molecular data. It aims to provide a more accurate reflection of the genetic and evolutionary connections among angiosperm families and orders, facilitating a better understanding of plant diversity and evolution. This classification system is a valuable tool for botanists, researchers, and horticulturists in studying and organizing the vast diversity of flowering plants.
This an presentation about electrostatic force. This topic is from class 8 Force and Pressure lesson from ncert . I think this might be helpful for you. In this presentation there are 4 content they are Introduction, types, examples and demonstration. The demonstration should be done by yourself
CULEX MOSQUITOES, SYSTEMATIC CLASSIFICATION, MORPHOLOGY, LIFE CYCLE , CLINICA...DhakeshworShougrakpa
showing Culex mosquitoes' systematic classification, a completed life cycle i.e. egg, larva, pupa and adult mosquitoes also known as imago, also this slide showed the morphology of culex mosquitoes including head, thorax, abdomen, wing, egg larval stage, resting position,etc. by comparing with anopheles' mosquitoes. it's also showed the transmission of wuchereria bancrofti transmitted by vector Culex quinquefasciatus. Host: W. bancrofti completes its life cycle in
two hosts.
1. Definitive host: Man
2. Intermediate host: Mosquito named
Culex quinquefasciatus is the principle
vector worldwide. Rarely Anopheles
(rural Africa) or Aedes (Pacific Island)
can serve as a vector.
Infective form: Third stage filariform larvae
are the infective form found in the proboscis
of the mosquito.
Mode of transmission: L3
filariform larvae get
deposited in skin by the insect bite. Residents living in the endemic areas are exposed to
about 50–300 L3
larvae every year.Human cycle
z Develop into adults: Larvae penetrate
the skin, enter into lymphatic vessels and
migrate to the local lymph nodes where they
molt twice to develop into adult worms in
few months (4–6 weeks for B. malayi)
z Adults lay L1
larvae (microfilariae): Adult
worms reside in the afferent lymphatics or
cortical sinuses of the lymph nodes where
they mate and start laying the first stage
larvae (microfilariae). Male worms die after
mating where as the female worms live for
5–10 years. A gravid female can discharge
50,000 microfilariae/day
z Prepatent period: It is the time period
between the infection (entry of L3
larvae)
and diagnosis (detection of microfilariae
in blood). This is variable ranging from 80
days to 150 days
Mosquito cycle
z Transmission: When the mosquito bites
an infected man, the microfilariae are
ingested. Culex bites in night where as Aedes
bites in daytime
z Exsheathing: Microfilariae come out of the
sheath within 1–2 hours of ingestion
z Migration to thoracic muscle: L1
larvae
penetrate the stomach wall and migrate to
thoracic muscle in 6–12 hours where they
become sausage shaped (short and thick)
z Develop to infective L3
larvae: L1
larvae
molt twice to develop L2
(long and thick
form) followed by L3
(long and thin form).
The highly active L3
larvae migrate to the
labella (distal part of proboscis) of the
mosquito and serve as the infective stage
to man
z Extrinsic incubation period: Under
optimum conditions, the mosquito cycle
takes around 10–14 days
Clinical symptoms:
The clinical symptoms and signs are mainly determined by the duration of the infection. The
adult worms, which live in the lymphatic vessels, can cause severe inflammation of the
lymphatic system and acute recurrent fever. Secondary bacterial infections are a major factor in
the progression towards lymphoedema and elephantiasis, the characteristic swelling of the limbs,
genitalia and breasts.
treatment like using larvicide like fenthion can spray on water
Prototype Implementation of Non-Volatile Memory Support for RISC-V Keystone E...LenaYu2
Handling confidential information has become an increasingly important concern among many areas of society. However, current computing environments have been still vulnerable to various threats, and we should think they are untrusted.
Trusted Execution Environments (TEEs) have attracted attention because they can execute a program in a trusted environment constructed on an untrusted platform.
Particularly, the RISC-V Keystone is one of the interesting TEEs since it is a flexibly customizable and fully open-source platform. On the other hand, as same as other TEEs, it must also delegate I/O processing, such as file accesses, to a host OS, resulting in the expensive overhead. For this problem, we thought utilizing byte-addressable non-volatile memory (NVM) modules is a useful solution to handle persistent data objects for TEEs.
In this paper, we introduce a prototype implementation of NVM support for the Keystone. Additionally, we evaluate it on the Freedom U500 built on a VC707 FPGA dev kit.
https://ken.ieice.org/ken/paper/20210720TC4K/
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
just download it to see!
1. Marcelo Pasin
University of Neuchâtel
HiPEAC 2022
Budapest, 20 June 2022
Security for VEDLIoT Components,
from Cloud through Edge to IoT
2. 2
Applications
(WP7)
Requirements
(WP2)
Security &
Safety (WP5)
Trusted Exec.
Hardware
(WP4)
Accelerator
(WP3)
Middleware
(WP6)
Embedded / Far Edge (u.RECS) Near Edge (t.RECS) Cloud (RECS|Box)
FPGA Reconfigurable Infrastructure
Communication
Run-Time
reconfiguration
Management
ASIC AI Accelerators
Ultra
Low
Power
Mid
Range
High
Performance
AI Toolchain (EmbeDL)
Optimization
Model Zoo
Robustness
Deployment
Industrial IoT
Motor Condition
Classification
Arc
Detection
Automotive AI
Automatic
Emergency
Breaking
Safety and
Robustness
Monitoring
RISC-V
extensions
Trusted Web
Assembly VM
Root of Trust
Distributed
Attestation
RISC-V evaluation
(Embench Tester)
Benchmark Framework
(Kenning)
Smart Home
Smart Mirror
Require-
ments
Engineering
Ethics
Safety and
Robustness
Modelling
and
Verification
IoT/Edge Emulation
Framework (Renode)
Processing
Platforms
Peripherals
Communication
Infrastructures
ARM, x86, RISC-V, GPU, FPGA, ASIC
Open Calls
… … …
Trusted Com.
Secure IoT
Gateway
LORA/5G
3. 3
Processing IoT data in 2022
• Cloud applications are everywhere
• High availability and performance, flexible management
• Very common usage: cloud-backed handheld apps
• Edge processing capacity is expanding
• Proximity, lower latency
• Legal compliance
• Internet of things is being deployed
• Small devices, simple tasks, user-centred
• VEDLIoT project
• Develop hardware and software solutions
• Use deep learning to process IoT data
GPS
4. 4
Security must be part of the continuum
• Providers, developers and users must be able to trust in the whole continuum
• Security has always been essential in the cloud
• Users need guarantees that their data's confidentiality and integrity are respected
• Hard to provide in a multi-tenant system: co-tenants may use vulnerabilities to uncover (or infer) data
• Even harder when the providers are curious, they have the power to inspect all content
• Infrastructure providers wish to be protected from malicious tenants
• Tenants may try to exploit vulnerabilities for their own profit
• Edge-based infrastructure offers far fewer guarantees than the cloud
• Edge computers are much more distributed when compared to the cloud
• Installed in user buildings, shared infrastructures, next to roads
• Impossible to maintain physical control over the resources
• Edge administrators have physical control of the edge devices (similar to cloud)
• Users are in the proximity of the edge devices and may physically abuse them
• IoT security: either same as edge, or the end-user responsibility
5. 5
Trusted execution environments can help
• Most recent computer architectures include a practical solution for establishing trust
• Trusted execution environments (TEEs)
• TEEs allow software execution in a segregated (secure) space
• Access to the space is architecturally impossible from other software
• Not even machine administrators can access TEE software
• Hardware implementations include an extra execution mode in the processor
• May even include memory (RAM) encryption for TEE data
• Very popular implementation of TEE: Intel's Secure Guard Extensions (SGX)
• Commercial cloud services already exist (ex. Azure Confidential Computing)
• Similar solution is necessary for the edge deployments as well
• Very popular edge architecture: Arm, offers TrustZone as a TEE
• Underlying hardware is built using proprietary and incompatible solutions
• Harder to reuse trusted software from cloud to edge and vice versa
7. 7
WebAssembly as the common denominator
• In VEDLIoT, we proposed using WebAssembly as the technology
• We advocate that it is adequate for implementing applications in the continuum
• Seamless technology across most hardware devices and software environments
• Modern hardware is already able to run WebAssembly efficiently
• Technology developed for running distributed applications in web browsers
• Good performance and decent levels of security
• One can increase security using trusted execution environments
• So many bits are still missing for the true continuum
• Some of the missing bits are being developed in VEDLIoT
• Several security artifacts around TEEs
• In this presentation: TEEs in WebAssembly
8. 8
TWINE, a solution with Intel SGX
• TWINE: an execution environment suited for WebAssembly applications inside TEEs
• Implemented using
Intel SGX
• Built with two main blocks
• WebAssembly runtime
• Adapted WAMR
• Entirely inside the TEE
• WASI interface
• Bridge between trusted and untrusted environments
• Abstracts the machinery of the underlying OS
10. 10
WATZ, a solution with Arm TrustZone
• WATZ: WebAssembly for TrustZone
• Similar to TWINE, using Arm processors
• Added missing functionality: remote attestation
• Extended WASI interface
12. 12
There’s much more in VEDLIoT
Other components for implementing security (this list keeps growing)
• Physical Memory Protection Unit for RISC-V
• ISA extension for facilitating trusted execution on embedded devices
• Free and open-source implementation and docs
• Secure communication in TrustZone-M (IoT devices)
• Mechanism for communication between the TEE and the untrusted environment
• Lightweight message protection scheme using the Memory Protection Unit
• Replicated remote attestation system
• Byzantine fault-tolerant implementation
• Auditable integrity-protected storage
• Membership and coordination primitives
13. 13
Conclusion
Security for VEDLIoT Components, from cloud through edge to the IoT
• WebAssembly to build composable applications over the continuum
• WebAssembly runtimes for Intel SGX and Arm TrustZone, with attestation
• Byzantine fault-tolerant attestation service
• TEE for RISC-V
• Communication for Arm TEE for embedded systems
• Work ahead
• Support applications, for example: (yet to define)
• Running machine learning in TEEs
• Implement distributed attestation in a use case
• Maybe edge-cloud migration (offloading)