This document contains the slides from a webinar presented by Achmad Mardiansyah on queue types in Mikrotik routers. The webinar covered quality of service (QoS), queueing theory, and different queue types including FIFO, RED, SFQ, and PCQ. It also discussed implementing QoS using HTB on RouterOS and provided an overview of a live practice session and question and answer portion at the end. The webinar was presented by the training organization GLC Networks to help networking professionals learn about queue configuration and traffic management in Mikrotik routers.
"Session ID: SFO17-102
Session Name: Deploy STM32 family on Zephyr - SFO17-102
Speaker: Erwan Gouriou
Track: LITE
★ Session Summary ★
Objects:
-Quick intro on STM32 offer
-Strategy used to minimize code and maintenance effort and break silos
-Status on supported drivers
Slides:
-STM32 families and SoCs (highlight number of refs (>900) and need for mutualization)
-SoC naming conventions
-ST boards
-STM32Cube
-Initial deployment in Zephyr
-STM32Cube introduction and introduction in Zephyr
*HAL vs LL
*Information conveyed by CMSIS files
-Driver deployment strategy
*CMSIS (generic defines)
*LL/HAL
-Simplification brought by driver init code and pinmux generated by Device tree
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/sfo17/sfo17-102/
Presentation:
Video:
---------------------------------------------------
★ Event Details ★
Linaro Connect San Francisco 2017 (SFO17)
25-29 September 2017
Hyatt Regency San Francisco Airport
---------------------------------------------------
Keyword:
http://www.linaro.org
http://connect.linaro.org
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://twitter.com/linaroorg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961"
This document discusses solutions for generating unique IDs in distributed systems. It describes existing solutions like auto-incrementing database IDs, ticket servers, and UUIDs, and their pros and cons. It then explains Twitter's Snowflake algorithm in detail, which generates compact, sortable, unique IDs across distributed nodes at high speeds without coordination. Finally, it introduces SepTech's Snowflake4S library, which is inspired by Twitter's Snowflake and makes unique ID generation easily embeddable in applications.
This document discusses SDN programming with Golang. It introduces Shukra Networks, a telecom startup developing an SDN stack focused on wide area networking and inter-AS routing. It covers network programmability and SDN architecture, using NFF-Go to decouple the forwarding and control planes, and modifying packets within user defined functions attached to a packet processing graph.
Webinar topic: Radio Optimization In Telco
Presenter: Achmad Mardiansyah, Yoyok Dwi Parindra
In this webinar series, Radio Optimization In Telco
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/M0sAMZHqziA
Webinar topic: OSPF On Router OS7
Presenter: Achmad Mardiansyah & M. Taufik Nurhuda
In this webinar series, How OSPF On Router OS7
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/nuByFdZHvAg
This document outlines the agenda for a webinar on Access Control Lists (ACLs) on Linux hosted by GLC Networks. The webinar will include an introduction to ACLs, a review of prerequisite Linux permission knowledge, a demonstration of how to configure ACLs using commands like getfacl and setfacl, a live practice session, and a question and answer period. The trainer, Achmad Mardiansyah, will lead the webinar and has over 20 years of experience working with Linux and Mikrotik networks.
Module: drand - the Distributed Randomness BeaconIoannis Psaras
drand is a distributed randomness beacon. It provides
publicly-verifiable, unpredictable and bias-resistant random numbers as a public service. In this module we'll walk through:
- Threshold Cryptography & Randomness
- The Distributed Key Generation in drand
- The Setup and Randomness Generation Phases
- The League of Entropy
This document contains the slides from a webinar presented by Achmad Mardiansyah on queue types in Mikrotik routers. The webinar covered quality of service (QoS), queueing theory, and different queue types including FIFO, RED, SFQ, and PCQ. It also discussed implementing QoS using HTB on RouterOS and provided an overview of a live practice session and question and answer portion at the end. The webinar was presented by the training organization GLC Networks to help networking professionals learn about queue configuration and traffic management in Mikrotik routers.
"Session ID: SFO17-102
Session Name: Deploy STM32 family on Zephyr - SFO17-102
Speaker: Erwan Gouriou
Track: LITE
★ Session Summary ★
Objects:
-Quick intro on STM32 offer
-Strategy used to minimize code and maintenance effort and break silos
-Status on supported drivers
Slides:
-STM32 families and SoCs (highlight number of refs (>900) and need for mutualization)
-SoC naming conventions
-ST boards
-STM32Cube
-Initial deployment in Zephyr
-STM32Cube introduction and introduction in Zephyr
*HAL vs LL
*Information conveyed by CMSIS files
-Driver deployment strategy
*CMSIS (generic defines)
*LL/HAL
-Simplification brought by driver init code and pinmux generated by Device tree
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/sfo17/sfo17-102/
Presentation:
Video:
---------------------------------------------------
★ Event Details ★
Linaro Connect San Francisco 2017 (SFO17)
25-29 September 2017
Hyatt Regency San Francisco Airport
---------------------------------------------------
Keyword:
http://www.linaro.org
http://connect.linaro.org
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://twitter.com/linaroorg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961"
This document discusses solutions for generating unique IDs in distributed systems. It describes existing solutions like auto-incrementing database IDs, ticket servers, and UUIDs, and their pros and cons. It then explains Twitter's Snowflake algorithm in detail, which generates compact, sortable, unique IDs across distributed nodes at high speeds without coordination. Finally, it introduces SepTech's Snowflake4S library, which is inspired by Twitter's Snowflake and makes unique ID generation easily embeddable in applications.
This document discusses SDN programming with Golang. It introduces Shukra Networks, a telecom startup developing an SDN stack focused on wide area networking and inter-AS routing. It covers network programmability and SDN architecture, using NFF-Go to decouple the forwarding and control planes, and modifying packets within user defined functions attached to a packet processing graph.
Webinar topic: Radio Optimization In Telco
Presenter: Achmad Mardiansyah, Yoyok Dwi Parindra
In this webinar series, Radio Optimization In Telco
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/M0sAMZHqziA
Webinar topic: OSPF On Router OS7
Presenter: Achmad Mardiansyah & M. Taufik Nurhuda
In this webinar series, How OSPF On Router OS7
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/nuByFdZHvAg
This document outlines the agenda for a webinar on Access Control Lists (ACLs) on Linux hosted by GLC Networks. The webinar will include an introduction to ACLs, a review of prerequisite Linux permission knowledge, a demonstration of how to configure ACLs using commands like getfacl and setfacl, a live practice session, and a question and answer period. The trainer, Achmad Mardiansyah, will lead the webinar and has over 20 years of experience working with Linux and Mikrotik networks.
Module: drand - the Distributed Randomness BeaconIoannis Psaras
drand is a distributed randomness beacon. It provides
publicly-verifiable, unpredictable and bias-resistant random numbers as a public service. In this module we'll walk through:
- Threshold Cryptography & Randomness
- The Distributed Key Generation in drand
- The Setup and Randomness Generation Phases
- The League of Entropy
Webinar topic: CCNA : Intro to Cisco IOS
Presenter: Achmad Mardiansyah, M. Taufik Nurhuda
In this webinar series, CCNA : Intro to Cisco IOS
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/uRDTRlslZtc
Webinar topic: MPLS on Router OS V7 - Part 1
Presenter: Achmad Mardiansyah & M. Taufik Nurhuda
In this webinar series, How MPLS on Router OS V7 works
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/SvZrYNA0-rQ
Webinar topic: MTCNA : Intro to RouterOS
Presenter: Achmad Mardiansyah, M. Taufik Nurhuda
In this webinar series, MTCNA : Intro to RouterOS
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/e9ewUeFl0nc
This document outlines the agenda for a webinar hosted by GLC Networks on Zabbix monitoring. The webinar will include an introduction to GLC Networks and the trainer, a review of prerequisite networking knowledge, an overview of Zabbix monitoring, a live practice session, and a Q&A. Prerequisite topics that will be reviewed include the OSI model, TCP/IP protocols, Ethernet, routing, and network management using FCAPS. The webinar aims to teach participants how to use Zabbix for network monitoring and management.
BUD17-416: Benchmark and profiling in OP-TEE Linaro
"Session ID: BUD17-416
Session Name: Benchmark and profiling in OP-TEE - BUD17-416
Speaker: Jerome Forissier, Igor Opaniuk
Track: Security
★ Session Summary ★
Benchmark and profiling are two newly developed features in OP-TEE. In this session we will cover what has been done and what is left to do and a bit about how it has been implemented.
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/bud17/bud17-416/
Presentation: https://www.slideshare.net/linaroorg/bud17416-benchmark-and-profiling-in-optee
Video: https://youtu.be/gr6AxvqfDds
---------------------------------------------------
★ Event Details ★
Linaro Connect Budapest 2017 (BUD17)
6-10 March 2017
Corinthia Hotel, Budapest,
Erzsébet krt. 43-49,
1073 Hungary
---------------------------------------------------
Keyword: security, OP-TEE, benchmark
http://www.linaro.org
http://connect.linaro.org
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://twitter.com/linaroorg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961"
Webinar topic: Using Zettabyte Filesystem (ZFS)
Presenter: Achmad Mardiansyah
In this webinar series, How Using Zettabyte Filesystem (ZFS)
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/or3duBUZzIs
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.Leszek Mi?
Slides from workshop delivered at Brucon 2017 Conference in Gent, Belgium.
Data exfiltration is the process of transmitting data from pwned or infected networks back to the attacker while trying to minimize detection.
During this workshop (2 hours) we will go through different network exfiltration methods and techniques (DNS, ICMP, TCP, UDP, HTTP, RDP, Cloud-app based and others). I will explain how they work, how to run them and what differences between are. It is a highly interactive workshop (I have dozen short labs already prepared) where you will be guided through the use of a set of open source tools powered by a short-fast theory.
Webinar topic: Layer 7 Firewall on Mikrotik
Presenter: Achmad Mardiansyah
In this webinar series, We are discussing Network Security with Mikrotik
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram
Recording is available on Youtube
https://youtu.be/Z0Akaksp0DA
LAS16-504: Secure Storage updates in OP-TEE
Speakers: Jerome Forissier
Date: September 30, 2016
★ Session Description ★
Since the presentation back in 2015 (SFO15), there has been functionality added, like RPMB and there has also been some changes in general to the secure storage code. This presentation will summarize what has been happening and will also talk about what’s left to do.
★ Resources ★
Etherpad: pad.linaro.org/p/las16-504
Presentations & Videos: http://connect.linaro.org/resource/las16/las16-504/
★ Event Details ★
Linaro Connect Las Vegas 2016 – #LAS16
September 26-30, 2016
http://www.linaro.org
http://connect.linaro.org
Best Current Practice (BCP) 38 Ingress Filtering for SecurityGLC Networks
Webinar topic: Best Current Practice (BCP) 38 Ingress Filtering for Security
Presenter: Achmad Mardiansyah
In this webinar series, we discussed about IBest Current Practice (BCP) 38 Ingress Filtering for Security
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/0YQRQ046Lg8
BUD17-302: LLVM Internals #2
Speaker: Renato Golin, Peter Smith, Diana Picus, Omair Javaid, Adhemerval Zanella
Track: Toolchain
★ Session Summary ★
Continuing from LAS16 and, if we have time, introducing global isel that we’re working on.
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/bud17/bud17-302/
Presentation:
Video:
---------------------------------------------------
★ Event Details ★
Linaro Connect Budapest 2017 (BUD17)
6-10 March 2017
Corinthia Hotel, Budapest,
Erzsébet krt. 43-49,
1073 Hungary
---------------------------------------------------
http://www.linaro.org
http://connect.linaro.org
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://twitter.com/linaroorg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961
"
Webinar topic: Troubleshooting Layer 2 Ethernet Problem: Loop, Broadcast, Security
Presenter: Achmad Mardiansyah, M. Taufik Nurhuda
In this webinar series, Troubleshooting Layer 2 Ethernet Problem: Loop, Broadcast, Security
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/G4IuMNaJZLY
Webinar topic: BGP on RouterOS7 - Part 1
Presenter: Achmad Mardiansyah & M. Taufik Nurhuda
In this webinar series, How BGP on RouterOS7 works
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/CYTHOlY4WU0
Webinar topic: CCNA : Intro to Cisco IOS
Presenter: Achmad Mardiansyah, M. Taufik Nurhuda
In this webinar series, CCNA : Intro to Cisco IOS
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/uRDTRlslZtc
This document contains the slides for a webinar on Mikrotik RouterOS presented by GLC Networks. The webinar covers an introduction to RouterOS, its features, and a live practice session. It begins with reviewing prerequisite networking knowledge like the OSI model, TCP/IP protocols, routing tables, and network devices. It then introduces Mikrotik as a company and product line, and dives into the features and capabilities of RouterOS. The presentation concludes by advertising GLC Network's training courses and inviting questions.
Webinar topic: Up and Running SSH Service
Presenter: Achmad Mardiansyah, M. Taufik Nurhuda
In this webinar series, Up and Running SSH Service
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/8Y0NsleBFRg
Webinar topic: Internet Protocol Deep-Dive
Presenter: Achmad Mardiansyah
In this webinar series, we discussed about Internet Protocol Deep-Dive
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/u8_FxpNfqAs
Webinar topic: Automatic Backup via FTP Part 1
Presenter: Achmad Mardiansyah & Een Fahlepi
In this webinar series, How Automatic Backup via FTP works
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/4gsbidPonps
This document provides an overview of keyed hashing and message authentication codes (MACs). It discusses using cryptographic hash functions and block ciphers to build MACs, as well as dedicated MAC designs like Poly1305 and SipHash. It also covers potential issues like timing attacks on MAC verification and side-channel attacks that can leak the internal state of sponge-based MACs.
Webinar topic: Telecommunication Evolution
Presenter: Achmad Mardiansyah, Jemy Susanto
In this webinar series, Telecommunication Evolution
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/nNa85tjfR_o
The document provides an overview of memory forensics and the Rekall memory analysis tool. It discusses why memory forensics is useful, describes how Rekall supports multiple operating systems through profiles, and covers memory imaging, virtual memory concepts, and analyzing live memory. Rekall's interfaces like the command line, console, notebook, and web console are also introduced.
Hunting and Exploiting Bugs in Kernel Drivers - DefCamp 2012DefCamp
This document provides an introduction to exploiting vulnerabilities in Windows kernel drivers for privilege escalation. It discusses the differences between user mode and kernel mode, how drivers communicate with user programs through I/O requests, techniques for analyzing and fuzzing drivers, potential privilege escalation methods like overwriting function pointers and token stealing, and how to set up a kernel debugging environment. The overall goal is to find bugs in kernel drivers that could allow gaining kernel-level code execution and full system access.
Webinar topic: CCNA : Intro to Cisco IOS
Presenter: Achmad Mardiansyah, M. Taufik Nurhuda
In this webinar series, CCNA : Intro to Cisco IOS
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/uRDTRlslZtc
Webinar topic: MPLS on Router OS V7 - Part 1
Presenter: Achmad Mardiansyah & M. Taufik Nurhuda
In this webinar series, How MPLS on Router OS V7 works
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/SvZrYNA0-rQ
Webinar topic: MTCNA : Intro to RouterOS
Presenter: Achmad Mardiansyah, M. Taufik Nurhuda
In this webinar series, MTCNA : Intro to RouterOS
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/e9ewUeFl0nc
This document outlines the agenda for a webinar hosted by GLC Networks on Zabbix monitoring. The webinar will include an introduction to GLC Networks and the trainer, a review of prerequisite networking knowledge, an overview of Zabbix monitoring, a live practice session, and a Q&A. Prerequisite topics that will be reviewed include the OSI model, TCP/IP protocols, Ethernet, routing, and network management using FCAPS. The webinar aims to teach participants how to use Zabbix for network monitoring and management.
BUD17-416: Benchmark and profiling in OP-TEE Linaro
"Session ID: BUD17-416
Session Name: Benchmark and profiling in OP-TEE - BUD17-416
Speaker: Jerome Forissier, Igor Opaniuk
Track: Security
★ Session Summary ★
Benchmark and profiling are two newly developed features in OP-TEE. In this session we will cover what has been done and what is left to do and a bit about how it has been implemented.
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/bud17/bud17-416/
Presentation: https://www.slideshare.net/linaroorg/bud17416-benchmark-and-profiling-in-optee
Video: https://youtu.be/gr6AxvqfDds
---------------------------------------------------
★ Event Details ★
Linaro Connect Budapest 2017 (BUD17)
6-10 March 2017
Corinthia Hotel, Budapest,
Erzsébet krt. 43-49,
1073 Hungary
---------------------------------------------------
Keyword: security, OP-TEE, benchmark
http://www.linaro.org
http://connect.linaro.org
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://twitter.com/linaroorg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961"
Webinar topic: Using Zettabyte Filesystem (ZFS)
Presenter: Achmad Mardiansyah
In this webinar series, How Using Zettabyte Filesystem (ZFS)
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/or3duBUZzIs
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.Leszek Mi?
Slides from workshop delivered at Brucon 2017 Conference in Gent, Belgium.
Data exfiltration is the process of transmitting data from pwned or infected networks back to the attacker while trying to minimize detection.
During this workshop (2 hours) we will go through different network exfiltration methods and techniques (DNS, ICMP, TCP, UDP, HTTP, RDP, Cloud-app based and others). I will explain how they work, how to run them and what differences between are. It is a highly interactive workshop (I have dozen short labs already prepared) where you will be guided through the use of a set of open source tools powered by a short-fast theory.
Webinar topic: Layer 7 Firewall on Mikrotik
Presenter: Achmad Mardiansyah
In this webinar series, We are discussing Network Security with Mikrotik
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram
Recording is available on Youtube
https://youtu.be/Z0Akaksp0DA
LAS16-504: Secure Storage updates in OP-TEE
Speakers: Jerome Forissier
Date: September 30, 2016
★ Session Description ★
Since the presentation back in 2015 (SFO15), there has been functionality added, like RPMB and there has also been some changes in general to the secure storage code. This presentation will summarize what has been happening and will also talk about what’s left to do.
★ Resources ★
Etherpad: pad.linaro.org/p/las16-504
Presentations & Videos: http://connect.linaro.org/resource/las16/las16-504/
★ Event Details ★
Linaro Connect Las Vegas 2016 – #LAS16
September 26-30, 2016
http://www.linaro.org
http://connect.linaro.org
Best Current Practice (BCP) 38 Ingress Filtering for SecurityGLC Networks
Webinar topic: Best Current Practice (BCP) 38 Ingress Filtering for Security
Presenter: Achmad Mardiansyah
In this webinar series, we discussed about IBest Current Practice (BCP) 38 Ingress Filtering for Security
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/0YQRQ046Lg8
BUD17-302: LLVM Internals #2
Speaker: Renato Golin, Peter Smith, Diana Picus, Omair Javaid, Adhemerval Zanella
Track: Toolchain
★ Session Summary ★
Continuing from LAS16 and, if we have time, introducing global isel that we’re working on.
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/bud17/bud17-302/
Presentation:
Video:
---------------------------------------------------
★ Event Details ★
Linaro Connect Budapest 2017 (BUD17)
6-10 March 2017
Corinthia Hotel, Budapest,
Erzsébet krt. 43-49,
1073 Hungary
---------------------------------------------------
http://www.linaro.org
http://connect.linaro.org
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://twitter.com/linaroorg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961
"
Webinar topic: Troubleshooting Layer 2 Ethernet Problem: Loop, Broadcast, Security
Presenter: Achmad Mardiansyah, M. Taufik Nurhuda
In this webinar series, Troubleshooting Layer 2 Ethernet Problem: Loop, Broadcast, Security
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/G4IuMNaJZLY
Webinar topic: BGP on RouterOS7 - Part 1
Presenter: Achmad Mardiansyah & M. Taufik Nurhuda
In this webinar series, How BGP on RouterOS7 works
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/CYTHOlY4WU0
Webinar topic: CCNA : Intro to Cisco IOS
Presenter: Achmad Mardiansyah, M. Taufik Nurhuda
In this webinar series, CCNA : Intro to Cisco IOS
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/uRDTRlslZtc
This document contains the slides for a webinar on Mikrotik RouterOS presented by GLC Networks. The webinar covers an introduction to RouterOS, its features, and a live practice session. It begins with reviewing prerequisite networking knowledge like the OSI model, TCP/IP protocols, routing tables, and network devices. It then introduces Mikrotik as a company and product line, and dives into the features and capabilities of RouterOS. The presentation concludes by advertising GLC Network's training courses and inviting questions.
Webinar topic: Up and Running SSH Service
Presenter: Achmad Mardiansyah, M. Taufik Nurhuda
In this webinar series, Up and Running SSH Service
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/8Y0NsleBFRg
Webinar topic: Internet Protocol Deep-Dive
Presenter: Achmad Mardiansyah
In this webinar series, we discussed about Internet Protocol Deep-Dive
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/u8_FxpNfqAs
Webinar topic: Automatic Backup via FTP Part 1
Presenter: Achmad Mardiansyah & Een Fahlepi
In this webinar series, How Automatic Backup via FTP works
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/4gsbidPonps
This document provides an overview of keyed hashing and message authentication codes (MACs). It discusses using cryptographic hash functions and block ciphers to build MACs, as well as dedicated MAC designs like Poly1305 and SipHash. It also covers potential issues like timing attacks on MAC verification and side-channel attacks that can leak the internal state of sponge-based MACs.
Webinar topic: Telecommunication Evolution
Presenter: Achmad Mardiansyah, Jemy Susanto
In this webinar series, Telecommunication Evolution
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/nNa85tjfR_o
The document provides an overview of memory forensics and the Rekall memory analysis tool. It discusses why memory forensics is useful, describes how Rekall supports multiple operating systems through profiles, and covers memory imaging, virtual memory concepts, and analyzing live memory. Rekall's interfaces like the command line, console, notebook, and web console are also introduced.
Hunting and Exploiting Bugs in Kernel Drivers - DefCamp 2012DefCamp
This document provides an introduction to exploiting vulnerabilities in Windows kernel drivers for privilege escalation. It discusses the differences between user mode and kernel mode, how drivers communicate with user programs through I/O requests, techniques for analyzing and fuzzing drivers, potential privilege escalation methods like overwriting function pointers and token stealing, and how to set up a kernel debugging environment. The overall goal is to find bugs in kernel drivers that could allow gaining kernel-level code execution and full system access.
Mirko Damiani - An Embedded soft real time distributed system in Golinuxlab_conf
An embedded system usually involves low level languages like C and highly customized hardware. In this talk we will see a use case of a soft real time system which was developed taking a very different approach, written in Go. We will see what are the advantages of this choice, along with its limits.
A Journey into Hexagon: Dissecting Qualcomm BasebandsPriyanka Aash
Mobile phones are quite complicated and feature multiple embedded processors handling wifi, cellular connectivity, bluetooth, and other signal processing in addition to the application processor. Have you ever been curious about how your phone actually makes calls and texts on a low level? Or maybe you want to learn more about the internals of the baseband but have no clue where to start. We will dive into the internals of a qualcomm baseband, tracing it's evolution over the years until its current state. We will discuss the custom, in-house DSP architecture they now run on, and the proprietary RTOS running on it. We will also cover the architecture of the cellular stack, likely places vulnerabilities lie, and exploit mitigations in place. Finally we will cover debugging possibilities, and how to get started analyzing the baseband firmware—how to differentiate between RTOS and cellular functions, how to find C std library functions, and more.
Advanced MySql Data-at-Rest Encryption in Percona ServerSeveralnines
Iwo Panowicz - Percona & Bart Oles - Severalnines AB
The purpose of the talk is to present data-at-rest encryption implementation in Percona Server for MySQL.
Differences between Oracle's MySQL and MariaDB implementation.
- How it is implemented?
- What is encrypted:
- Tablespaces?
- General tablespace?
- Double write buffer/parallel double write buffer?
- Temporary tablespaces? (KEY BLOCKS)
- Binlogs?
- Slow/general/error logs?
- MyISAM? MyRocks? X?
- Performance overhead.
- Backups?
- Transportable tablespaces. Transfer key.
- Plugins
- Keyrings in general
- Key rotation?
- General-Purpose Keyring Key-Management Functions
- Keyring_file
- Is useful? How to make it profitable?
- Keyring Vault
- How does it work?
- How to make a transition from keyring_file
cachegrand: A Take on High Performance CachingScyllaDB
cachegrand is what happens when you throw in a mix a SIMD-accelerated hashtable — capable of performing parallel GET operations without locks or busy-wait loops (e.g. atomic operations) — with fibers, io_uring, your own I/O library, your own memory allocator, and an in-memory & on-disk time series database!
Written in C, built from scratch, natively modular - currently working on Redis compatibility — it's a platform that can deliver very high QPS with low latencies for caching and data streaming with the door open to supporting business logic in Rust & WebAssembly down the line.
This session will focus on developing techniques and OS components used highlighting how they can provide an extra boost to your platforms, no matter the programming language.
Security issues in FPGA based systems.Rajeev Verma
This document discusses managing securities in FPGA-based embedded systems. It begins by outlining benefits of FPGAs like better performance and flexibility. It then discusses using FPGAs for cryptographic applications and the need for isolating plaintext from ciphertext. The document presents a system design with separate memory partitions and cores for different domains. It provides examples of FPGA usage for aviation and surveillance systems. It also covers security issues like design-tool subversion, composition problems, and protecting bitstreams. Potential solutions discussed include life-cycle management, secure architectures using memory protection and tags, and future work in multi-core systems and dynamic reconfiguration.
Microprocessors are computer components made from transistors on a single chip that serve as the central processing unit (CPU) of computers. Microcontrollers are specialized microprocessors designed to control electronic devices. The key differences are that microcontrollers incorporate additional features like RAM, ROM, I/O ports directly on the chip to be self-sufficient, whereas microprocessors rely on external components. An 80286 microprocessor has features like a 16-bit data bus, 24-bit address bus, and memory management abilities. It was used in early PCs and can address up to 16MB of RAM. Microcontrollers are commonly found in embedded systems like appliances and control specific tasks without changes throughout their lifetime.
A Comprehensive Introduction to Apache Cassandra.
Agenda:
- What is NoSQL?
- What is Cassandra?
- Architecture
- Data Model
- Key Features and Benefits
- Cassandra Tools
-- CQL
-- Nodetool
-- DataStax Opscenter
- Who’s using Cassandra?
Machines are getting powerful these days and more and more VMs will run on a single machine. This work started off with a simple goal - to run 3,000 domains on a single host and address any scalability issues come across. I will start with Xen internal then state the problems and solutions. Several improvements are made, from hypervisor, Linux kernel to user space components like console backend and xenstore backend. The main improvement for hypervisor and Dom0 Linux kernel is the new event channel infrastructure, which enable Dom0 to handle much more events simultaneously - the original implementation only allows 1024 and 4096 respectively.
The targeting audiences are cloud developers, kernel developers and those who are interested in Xen scalability and internals. They need to have general knowledge of Linux, knowledge of Xen is not required but nice to have.
Operation Unthinkable – Software Defined Storage @ Booking.com (Peter Buschman)data://disrupted®
The story of the plan that was just crazy enough to work! Learn how Booking.com failed its way to success on a multi-year journey away from single-purpose storage-appliances, predatory-licensing, and over-complicated networking to create a unique storage solution for their hyper-scale private-cloud environment.
Kernel Recipes 2019 - Marvels of Memory Auto-configuration (SPD)Anne Nicolas
System memory configuration is a transparent operation nowadays, something that we all came to expect to just work out of the box. Still, it does happen behind the scenes every single time we boot our computers. This requires the cooperation of hardware components on the mainboard and on memory modules themselves, as well as firmware code to drive these. While it is possible to just let it happen, having a deeper understanding of how it works makes it possible to access valuable information from the operating system at run-time.
I will take you through the history of system memory configuration from the mid 70s to now. We will explore the different types of memory modules, how their configuration data is stored and how the firmware can access them. We will see which problems had to be solved along the way and how they were solved. Lastly we will see how Linux supports reading the memory configuration information and what you can do with that information.
Jean Delvare
Do you know what your digital pins are "really" sayingLeroy Levin
This document discusses logic analyzers and the Sigrok project. It provides a history of logic analyzers, describes the Sigrok project which provides open-source signal analysis software, and demonstrates various communication protocols like UART, SPI, and I2C using logic analyzer hardware and the Pulseview GUI software. Real examples analyzing signals from an RTC and radio modules are also shown.
Slides are mainly on the major security flaws that existed in the Bluetooth 4.0/4.1 (released 2010) specifically Bluetooth Low Energy(BLE) (a.k.a Bluetooth Smart) specification. BLE was introduced as part of Bluetooth 4.0 targeting low power devices which is quite different from classic Bluetooth. Later part contains major security enhancements that are introduced in BLE 4.2
Study on 32-bit Cortex - M3 Powered MCU: STM32F101Premier Farnell
The document summarizes the features and applications of the STM32F101 microcontroller. It has a Cortex-M3 CPU, flash memory, SRAM, low power modes, and various peripherals like ADC, DAC, timers, serial interfaces. It is suitable for industrial equipment, appliances, consumer devices, and other applications requiring a low-cost ARM MCU. Development tools include compilers, debuggers, evaluation boards, and USB-to-JTAG adapters for programming and debugging the STM32F101.
Kubernetes from scratch at veepee sysadmins days 2019🔧 Loïc BLOT
1. The document discusses Kubernetes components, tools, and architecture for deployment at Veepee. It covers the control plane components, node architecture, and tooling used including DNS resolution, metrics collection, and logging.
2. For the control plane, it describes deploying etcd, the API server, scheduler, and controller manager across multiple datacenters. It also discusses configuring the API server and admission controllers.
3. For nodes, it discusses choosing containerd over Docker, configuring the network using kube-router with BGP, and using CoreDNS for internal DNS resolution in the cluster.
4. It provides details on tooling used for DNS, metrics collection, and centralized logging to
This document discusses high performance computing and introduces some basic concepts. It explains that computer performance has increased dramatically over the last five decades due to Moore's law, where transistor density doubles every 18 months. While Moore's law is not a true law, it has held for nearly 50 years. The document also discusses how performance improvements have shifted from advances in manufacturing technology to architectural and organizational innovations since the 1980s. It introduces concepts like computer architecture, instruction set architecture, and Amdahl's law, which quantifies the overall performance gain that can be achieved by improving part of a computation.
The document discusses microprocessors and microcontrollers. It provides a history of microprocessors from 4-bit to 64-bit models over time from companies like Intel and Fairchild. Microcontrollers are described as self-contained systems with a processor, memory, and I/O on a single chip. Common microcontroller architectures and components like memory, I/O, and interrupts are outlined. The key differences between microprocessors and microcontrollers are that microcontrollers have integrated memory, I/O devices and require less external hardware, while microprocessors are more flexible but require more external components.
Similar to Lord of the X86 Rings: A Portable User Mode Privilege Separation Architecture on X86 (CCS'18) (20)
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...Jason Yip
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
In our second session, we shall learn all about the main features and fundamentals of UiPath Studio that enable us to use the building blocks for any automation project.
📕 Detailed agenda:
Variables and Datatypes
Workflow Layouts
Arguments
Control Flows and Loops
Conditional Statements
💻 Extra training through UiPath Academy:
Variables, Constants, and Arguments in Studio
Control Flow in Studio
"What does it really mean for your system to be available, or how to define w...Fwdays
We will talk about system monitoring from a few different angles. We will start by covering the basics, then discuss SLOs, how to define them, and why understanding the business well is crucial for success in this exercise.
AppSec PNW: Android and iOS Application Security with MobSFAjin Abraham
Mobile Security Framework - MobSF is a free and open source automated mobile application security testing environment designed to help security engineers, researchers, developers, and penetration testers to identify security vulnerabilities, malicious behaviours and privacy concerns in mobile applications using static and dynamic analysis. It supports all the popular mobile application binaries and source code formats built for Android and iOS devices. In addition to automated security assessment, it also offers an interactive testing environment to build and execute scenario based test/fuzz cases against the application.
This talk covers:
Using MobSF for static analysis of mobile applications.
Interactive dynamic security assessment of Android and iOS applications.
Solving Mobile app CTF challenges.
Reverse engineering and runtime analysis of Mobile malware.
How to shift left and integrate MobSF/mobsfscan SAST and DAST in your build pipeline.
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
ScyllaDB is making a major architecture shift. We’re moving from vNode replication to tablets – fragments of tables that are distributed independently, enabling dynamic data distribution and extreme elasticity. In this keynote, ScyllaDB co-founder and CTO Avi Kivity explains the reason for this shift, provides a look at the implementation and roadmap, and shares how this shift benefits ScyllaDB users.
"Scaling RAG Applications to serve millions of users", Kevin GoedeckeFwdays
How we managed to grow and scale a RAG application from zero to thousands of users in 7 months. Lessons from technical challenges around managing high load for LLMs, RAGs and Vector databases.
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/temporal-event-neural-networks-a-more-efficient-alternative-to-the-transformer-a-presentation-from-brainchip/
Chris Jones, Director of Product Management at BrainChip , presents the “Temporal Event Neural Networks: A More Efficient Alternative to the Transformer” tutorial at the May 2024 Embedded Vision Summit.
The expansion of AI services necessitates enhanced computational capabilities on edge devices. Temporal Event Neural Networks (TENNs), developed by BrainChip, represent a novel and highly efficient state-space network. TENNs demonstrate exceptional proficiency in handling multi-dimensional streaming data, facilitating advancements in object detection, action recognition, speech enhancement and language model/sequence generation. Through the utilization of polynomial-based continuous convolutions, TENNs streamline models, expedite training processes and significantly diminish memory requirements, achieving notable reductions of up to 50x in parameters and 5,000x in energy consumption compared to prevailing methodologies like transformers.
Integration with BrainChip’s Akida neuromorphic hardware IP further enhances TENNs’ capabilities, enabling the realization of highly capable, portable and passively cooled edge devices. This presentation delves into the technical innovations underlying TENNs, presents real-world benchmarks, and elucidates how this cutting-edge approach is positioned to revolutionize edge AI across diverse applications.
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving
What began over 115 years ago as a supplier of precision gauges to the automotive industry has evolved into being an industry leader in the manufacture of product branding, automotive cockpit trim and decorative appliance trim. Value-added services include in-house Design, Engineering, Program Management, Test Lab and Tool Shops.
QA or the Highway - Component Testing: Bridging the gap between frontend appl...zjhamm304
These are the slides for the presentation, "Component Testing: Bridging the gap between frontend applications" that was presented at QA or the Highway 2024 in Columbus, OH by Zachary Hamm.
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyScyllaDB
Freshworks creates AI-boosted business software that helps employees work more efficiently and effectively. Managing data across multiple RDBMS and NoSQL databases was already a challenge at their current scale. To prepare for 10X growth, they knew it was time to rethink their database strategy. Learn how they architected a solution that would simplify scaling while keeping costs under control.
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...Alex Pruden
Folding is a recent technique for building efficient recursive SNARKs. Several elegant folding protocols have been proposed, such as Nova, Supernova, Hypernova, Protostar, and others. However, all of them rely on an additively homomorphic commitment scheme based on discrete log, and are therefore not post-quantum secure. In this work we present LatticeFold, the first lattice-based folding protocol based on the Module SIS problem. This folding protocol naturally leads to an efficient recursive lattice-based SNARK and an efficient PCD scheme. LatticeFold supports folding low-degree relations, such as R1CS, as well as high-degree relations, such as CCS. The key challenge is to construct a secure folding protocol that works with the Ajtai commitment scheme. The difficulty, is ensuring that extracted witnesses are low norm through many rounds of folding. We present a novel technique using the sumcheck protocol to ensure that extracted witnesses are always low norm no matter how many rounds of folding are used. Our evaluation of the final proof system suggests that it is as performant as Hypernova, while providing post-quantum security.
Paper Link: https://eprint.iacr.org/2024/257
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...DanBrown980551
This LF Energy webinar took place June 20, 2024. It featured:
-Alex Thornton, LF Energy
-Hallie Cramer, Google
-Daniel Roesler, UtilityAPI
-Henry Richardson, WattTime
In response to the urgency and scale required to effectively address climate change, open source solutions offer significant potential for driving innovation and progress. Currently, there is a growing demand for standardization and interoperability in energy data and modeling. Open source standards and specifications within the energy sector can also alleviate challenges associated with data fragmentation, transparency, and accessibility. At the same time, it is crucial to consider privacy and security concerns throughout the development of open source platforms.
This webinar will delve into the motivations behind establishing LF Energy’s Carbon Data Specification Consortium. It will provide an overview of the draft specifications and the ongoing progress made by the respective working groups.
Three primary specifications will be discussed:
-Discovery and client registration, emphasizing transparent processes and secure and private access
-Customer data, centering around customer tariffs, bills, energy usage, and full consumption disclosure
-Power systems data, focusing on grid data, inclusive of transmission and distribution networks, generation, intergrid power flows, and market settlement data
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
Lord of the X86 Rings: A Portable User Mode Privilege Separation Architecture on X86 (CCS'18)
1. Lord of the X86 Rings: A Portable User Mode
Privilege Separation Architecture on X86
Memory Defense Paper Sharing(I) ccs 2018
Hojoon Lee, Chihyun Song, Brent
Byunghoon Kang
Presented by Xingman Chen
2018-10-09
2. In-Process Isolation
● Most attacks against
○ Control Flow
■ Control flow hijack/bending
○ Data Flow
■ Non-control data attack
2
3. In-Process Isolation
● Most attacks against
○ Control Flow
■ Control flow hijack/bending
○ Data Flow
■ Non-control data attack
● Sensitive data in memory
○ Cryptographic keys
○ Function table
○ Control flow intergrity mitigation metadata
○ (Un)trust libs
● Need to be protected
3
5. Motivations
● Metadata Protection
○ Shadow Stack
■ Backup return address to avoid ret based
control flow hijack
■ Sensitive data: backup return address
○ Code Pointer Intergrity
■ Move code pointer and indirect code
pointers to safe region
■ Sensitive data: safe region
5
6. Motivations
● Metadata Protection
○ Shadow Stack
■ Backup return address to avoid ret based
control flow hijack
■ Sensitive data: backup return address
○ Code Pointer Intergrity
■ Move code pointer and indirect code
pointers to safe region
■ Sensitive data: safe region
6
7. Motivations
● Untrusted Library
○ Blackhat’17 by Chaitin: Many Birds, One Stone: Exploiting a Single SQLite Vulnerability
Across Multiple Software
○ CVE-2015-7036
■ SQLite fts3_tokenizer Untrusted Pointer Remote Code Execution Vulnerability
7
8. In-Process Isolation: Approaches
● Software based
○ Randomization based
■ e.g. ASLR
○ Instrument non-sen code with bounds
checks prior to indirect memory
accesses
■ e.g. SFI
8
Application
Sen-Code
(Sensitive Data
Related Code)
Non Sen Code Non Sen Memory
Sen Memory
9. ● Software based
○ Randomization based
■ e.g. ASLR
○ Instrument non-sen code with bounds
checks prior to indirect memory
accesses
■ e.g. Software Fault Isolation(SFI)
● OS/Hardware based
○ OS feature based: Paging or
Segmentation based appoarches
○ Hardware feature based
■ e.g. intel MPX(CFIXX), SGX, CET,
MPK; arm Memory
Domain(Shred)
In-Process Isolation: Approaches
9
Application
Sen-Code
(Sensitive Data
Related Code)
Non Sen Code Non Sen Memory
Sen Memory
10. Lord of the x86 Rings: A Portable User Mode Privilege
Separation Architecture on x86
● Presented LOTRx86, a novel approach that establishes a new user privilege
layer safeguards secure access sensitive data to achieve in-process privilege
separation
● OS Feature based
● Feature
○ No extra hardware feature needed
○ Fast: average of 30.40% overhead on Intel processor
10
11. Motivation
● Randomization based: Weak
● SFI: High overhead
● Hardware feature based: Not portable
● LOTRx86: Trade off
○ Portable approach based on segmentation & paging features
○ Harnesses the underused x86 intermediate Rings (Ring1 and Ring2)
11
12. Preliminaries: Addressing in x86
● Segmentation in x86(IA-32,386)
○ DPL(Description Priviliege Level): in GDT/LDT
○ CPL(Current Priviliege Level): 2bit in Segment
register(cs)
○ RPL(Request Privilege Level)
12
13. Preliminaries: Addressing in x86
● Pagging in x86
○ 2-level page table
■ User/Supervisor: priviliege
required for accessing this page
13
15. Preliminaries: Addressing in x64
● x64(x86_64,amd64/IA-32e, EM64T): Weakened Segmentation
○ Treats the segment base of CS, DS, ES, SS as zero, creating a linear address
○ Used only for memory protection
○ CPL Remained
■ DPL: Valid for code segment descriptor, ignored for data segment descriptor
15
16. Preliminaries: Callgate
● Callgate: Privilege escalation &
de-escalation
○ Callgate Descriptor defined at
GDT/LDT
○ DPLg: minium priv requirement
○ Stack pivot after
escalation/decalation
16
17. Preliminaries: Inter-bitness control transfer
● Bitness(32/64): defined by the
currently active code segment
descriptor
○ L bit
○ callgate cannot target a 32-bit code
segment in long mode(64 bit)
17
18. Thread Model & Target
● Thread Model
○ Arbitary Code Execution
● Security Guarantee
○ User mode cannot directly access a
region protected
18
Application
Sen-Code
(Sensitive Data
Related Code)
Non Sen Code Non Sen Memory
Sen Memory
19. ● Establishing PrivUser memory
space
○ M-SR1. User mode must not be able
to access PrivUser memory
■ set S-page PTE s-bit
Design
19
20. ● Establishing PrivUser memory
space
○ M-SR1. User mode must not be able
to access PrivUser memory
■ set S-page PTE s-bit
○ M-SR2. PrivUser mode must not be
able to access kernel memory space
■ set privuser code page as
32-bit segmentation enabled
code segment
● run 32bit code with
special segment(cs)
Design
20
21. Design
● Challenges
○ Hardware constraint: 32-bit call gate is
disabled, a 64-bit call gate have to be
introduced
○ Potential risk: any non-ring3 64-bit code
can access kernel memory
■ if Privuser jump to 64-bit call gate
area instead of call gate entry, it
can access the kernel memory
21
22. Design
● Challenges
○ Hardware constraint: 32-bit call gate is
disabled, a 64-bit call gate have to be
introduced
○ Potential risk: any non-ring3 64-bit
code can access kernel memory
■ if Privuser jump to 64-bit call gate
area instead of call gate entry, it
can access the kernel memory
● Solution: Inescapable segmentation
enforcement
○ An ring-1 callgate(x64) with lret
22
23. Design
● Challenges
○ Hardware constraint: 32-bit call gate is
disabled, a 64-bit call gate have to be
introduced
○ Potential risk: any non-ring3 64-bit
code can access kernel memory
■ if Privuser jump to 64-bit call gate
area instead of call gate entry, it
can access the kernel memory
● Solution: Inescapable segmentation
enforcement
○ An ring-1 callgate(x64) with lret
23
24. Implementation
● Components
○ lotr-kmod: build PrivUser space
■ space size is fixed
■ generate LDT, init S-page PTE, init ring1 ring2
○ liblotr: util functions for calling initalize PrivUser space, entering, etc.
○ lotr-libc: private libc, no scalable
○ kernel modification: let mmap/mprotect bypass and return error
24