This document discusses virtual machine introspection using the Xen hypervisor. It describes how Xen provides isolation between guest VMs and the hypervisor domain (dom0). It also discusses how Xen security modules can be used to move introspection systems out of dom0. The document then covers how to interpret guest VM state using memory forensics techniques and the LibVMI library. It explains how to use EPT and ARM page table permissions to intercept events in the guest VM and forward them to the hypervisor for processing.
Ведущий: Макс Мороз
Обзор системы ClusterFuzz, позволяющей осуществить проверку браузера Chrome на наличие уязвимостей в режиме реального времени и получить воспроизводимые результаты исследования каждого конкретного сбоя. Будут продемонстрированы преимущества использования различных санитайзеров и LibFuzzer, библиотеки для направленного фаззинга. Будет приведена подробная статистика видов уязвимостей, найденных в Chrome. Слушатели узнают о подводных камнях распределенного фаззинга; о том, как можно запустить свои собственные фаззеры в инфраструктуре Google и получить вознаграждение за найденные уязвимости.
Ведущий: Артем Шишкин
Доклад описывает разработку средства отладки при помощи виртуализации: как применить существующие средства виртуализации для отладки, как обеспечить целостность отлаживаемой среды, как сделать отладку интерактивной и как обуздать низкоуровневую специфику аппаратной виртуализации. Докладчик расскажет об интеграции железа с операционной системой и о том, как встроить отладчик прямо в прошивку. Будут рассмотрены несколько жизненных примеров динамического анализа.
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytesPeter Hlavaty
In our recent work we targeted also win32k, what seems to be fruit giving target. @promised_lu made our own TTF-fuzzer which comes with bunch of results in form of gigabytes of crashes and various bugs. Fortunately windows make great work and in February most of our bugs was dead - patched, but not all of them…
Whats left were looking as seemingly unexploitable kernel bugs with ridiculous conditions. We decided to check it out, and finally combine it with our user mode bug & emet bypass. Through IE & flash we break down system and pointed out at weak points in defensive mechanism.
In this talk we will present our research dedicated for pwn2own event this year. We will describe kernel part of exploit in detail*, including bug description, resulting memory corruption conditions & caveats up to final pwn via one of our TTF bugs.
Throughout the talk we will describe how to break various exploit mitigations in windows kernel and why it is possible. We will introduce novel kernel exploitation techniques breaking all what stands { KASLR, SMEP, even imaginary SMAP or CFG } and bring you SYSTEM exec (from kernel driver to system calc).
* unfortunately bug was not fixed at the time of talk, so we do not exposed details about TTF vulnerability, and we skipped directly to some challenges during exploitation, and demonstrate how OS design can overpower introduced exploit mitigations.
In order to prevent exploiting mistakes, introduced in developing process, are continuously implemented various security mitigations & hardening on application level and in operating system level as well.
Even when those mitigations highly increase difficulty of exploitation of common bugs in software / core, you should not rely solely on them. And it can help to know background and limits of those techniques, which protect your software directly or indirectly.
In this talk we will take a look at some of helpful mitigations & features introduces past years (x64 address space, SMAP & SMEP, CFG, ...) focusing from kernel point of view. Its benefits, and weak points same time.
Agenda:
In this talk we will present various locking mechanisms implemented in the linux kernel.
From System V locks to raw spinlocks and the RT patch.
Speaker:
Mark Veltzer - CTO of Hinbit and a senior instructor at John Bryce. Mark is also a member of the Free Source Foundation and contributes to many free projects.
https://github.com/veltzer
Kernel Recipes 2015 - So you want to write a Linux driver frameworkAnne Nicolas
Writing a new driver framework in Linux is hard. There are many pitfalls along the way; this talk hopes to point out some of those pitfalls and hard lessons learned through examples, advice and humorous anecdotes in the hope that it will aid those adventurous enough to take on the task of writing a new driver framework. The scope of the talk includes internal framework design as well as external API design exposed to drivers and consumers of the framework. This presentation pulls directly from the Michael Turquette’s experience authoring the Common Clock
Framework and maintaining that code for the last four years.
Additionally Mike has solicited tips and advice from other subsystem maintainers, for a well-rounded overview. Be prepared to learn some winning design patterns and hear some embarrassing stories of framework design gone wrong.
Mike Turquette, BayLibre
SFO15-202: Towards Multi-Threaded Tiny Code Generator (TCG) in QEMULinaro
SFO15-202: Towards Multi-Threaded Tiny Code Generator (TCG) in QEMU
Speaker: Alex Bennée
Date: September 22, 2015
★ Session Description ★
While QEMU has continued to be optimised for KVM to make use of the growing number of cores on modern systems, TCG emulation has been stuck running in a single thread. This year there is another push to get a workable solution merged upstream. We shall present a review of the challenges that need to be addressed: locking, TLB and cache maintenance and generic solution for the various atomic/exclusive operations. We will discuss previous work that has been done in this field before presenting a design that addresses these requirements. Finally we shall look at the current proposed patches and the design decisions they have taken.
★ Resources ★
Video: https://www.youtube.com/watch?v=9xQGDTEmNtI
Presentation: http://www.slideshare.net/linaroorg/sfo15202-towards-multithreaded-tiny-code-generator-tcg-in-qemu
Etherpad: pad.linaro.org/p/sfo15-202
Pathable: https://sfo15.pathable.com/meetings/302833
★ Event Details ★
Linaro Connect San Francisco 2015 - #SFO15
September 21-25, 2015
Hyatt Regency Hotel
http://www.linaro.org
http://connect.linaro.org
Mingbo Zhang, Rutgers University
Saman Zonouz, Rutgers University
Time-of-check-to-time-of-use (TOCTOU) also known as “race condition” or “double fetch” is a long standing problem. Since memory read/write is so common an operation, it barely triggers no security mechanisms. We leverage a CPU feature called SMAP(Supervisor Mode Access Prevention) to efficiently monitor the events of kernel accessing user-mode memory. When user pages being accessed by kernel, our mitigation kicks in and protect them against further modifications from other user-mode threads. We also leverage the same CPU feature to find double fetch errors in kernel modules. A simple hypervisor is used to confine a system wide CPU feature such as SMAP to particular process.
Ведущий: Макс Мороз
Обзор системы ClusterFuzz, позволяющей осуществить проверку браузера Chrome на наличие уязвимостей в режиме реального времени и получить воспроизводимые результаты исследования каждого конкретного сбоя. Будут продемонстрированы преимущества использования различных санитайзеров и LibFuzzer, библиотеки для направленного фаззинга. Будет приведена подробная статистика видов уязвимостей, найденных в Chrome. Слушатели узнают о подводных камнях распределенного фаззинга; о том, как можно запустить свои собственные фаззеры в инфраструктуре Google и получить вознаграждение за найденные уязвимости.
Ведущий: Артем Шишкин
Доклад описывает разработку средства отладки при помощи виртуализации: как применить существующие средства виртуализации для отладки, как обеспечить целостность отлаживаемой среды, как сделать отладку интерактивной и как обуздать низкоуровневую специфику аппаратной виртуализации. Докладчик расскажет об интеграции железа с операционной системой и о том, как встроить отладчик прямо в прошивку. Будут рассмотрены несколько жизненных примеров динамического анализа.
Windows Kernel Exploitation : This Time Font hunt you down in 4 bytesPeter Hlavaty
In our recent work we targeted also win32k, what seems to be fruit giving target. @promised_lu made our own TTF-fuzzer which comes with bunch of results in form of gigabytes of crashes and various bugs. Fortunately windows make great work and in February most of our bugs was dead - patched, but not all of them…
Whats left were looking as seemingly unexploitable kernel bugs with ridiculous conditions. We decided to check it out, and finally combine it with our user mode bug & emet bypass. Through IE & flash we break down system and pointed out at weak points in defensive mechanism.
In this talk we will present our research dedicated for pwn2own event this year. We will describe kernel part of exploit in detail*, including bug description, resulting memory corruption conditions & caveats up to final pwn via one of our TTF bugs.
Throughout the talk we will describe how to break various exploit mitigations in windows kernel and why it is possible. We will introduce novel kernel exploitation techniques breaking all what stands { KASLR, SMEP, even imaginary SMAP or CFG } and bring you SYSTEM exec (from kernel driver to system calc).
* unfortunately bug was not fixed at the time of talk, so we do not exposed details about TTF vulnerability, and we skipped directly to some challenges during exploitation, and demonstrate how OS design can overpower introduced exploit mitigations.
In order to prevent exploiting mistakes, introduced in developing process, are continuously implemented various security mitigations & hardening on application level and in operating system level as well.
Even when those mitigations highly increase difficulty of exploitation of common bugs in software / core, you should not rely solely on them. And it can help to know background and limits of those techniques, which protect your software directly or indirectly.
In this talk we will take a look at some of helpful mitigations & features introduces past years (x64 address space, SMAP & SMEP, CFG, ...) focusing from kernel point of view. Its benefits, and weak points same time.
Agenda:
In this talk we will present various locking mechanisms implemented in the linux kernel.
From System V locks to raw spinlocks and the RT patch.
Speaker:
Mark Veltzer - CTO of Hinbit and a senior instructor at John Bryce. Mark is also a member of the Free Source Foundation and contributes to many free projects.
https://github.com/veltzer
Kernel Recipes 2015 - So you want to write a Linux driver frameworkAnne Nicolas
Writing a new driver framework in Linux is hard. There are many pitfalls along the way; this talk hopes to point out some of those pitfalls and hard lessons learned through examples, advice and humorous anecdotes in the hope that it will aid those adventurous enough to take on the task of writing a new driver framework. The scope of the talk includes internal framework design as well as external API design exposed to drivers and consumers of the framework. This presentation pulls directly from the Michael Turquette’s experience authoring the Common Clock
Framework and maintaining that code for the last four years.
Additionally Mike has solicited tips and advice from other subsystem maintainers, for a well-rounded overview. Be prepared to learn some winning design patterns and hear some embarrassing stories of framework design gone wrong.
Mike Turquette, BayLibre
SFO15-202: Towards Multi-Threaded Tiny Code Generator (TCG) in QEMULinaro
SFO15-202: Towards Multi-Threaded Tiny Code Generator (TCG) in QEMU
Speaker: Alex Bennée
Date: September 22, 2015
★ Session Description ★
While QEMU has continued to be optimised for KVM to make use of the growing number of cores on modern systems, TCG emulation has been stuck running in a single thread. This year there is another push to get a workable solution merged upstream. We shall present a review of the challenges that need to be addressed: locking, TLB and cache maintenance and generic solution for the various atomic/exclusive operations. We will discuss previous work that has been done in this field before presenting a design that addresses these requirements. Finally we shall look at the current proposed patches and the design decisions they have taken.
★ Resources ★
Video: https://www.youtube.com/watch?v=9xQGDTEmNtI
Presentation: http://www.slideshare.net/linaroorg/sfo15202-towards-multithreaded-tiny-code-generator-tcg-in-qemu
Etherpad: pad.linaro.org/p/sfo15-202
Pathable: https://sfo15.pathable.com/meetings/302833
★ Event Details ★
Linaro Connect San Francisco 2015 - #SFO15
September 21-25, 2015
Hyatt Regency Hotel
http://www.linaro.org
http://connect.linaro.org
Mingbo Zhang, Rutgers University
Saman Zonouz, Rutgers University
Time-of-check-to-time-of-use (TOCTOU) also known as “race condition” or “double fetch” is a long standing problem. Since memory read/write is so common an operation, it barely triggers no security mechanisms. We leverage a CPU feature called SMAP(Supervisor Mode Access Prevention) to efficiently monitor the events of kernel accessing user-mode memory. When user pages being accessed by kernel, our mitigation kicks in and protect them against further modifications from other user-mode threads. We also leverage the same CPU feature to find double fetch errors in kernel modules. A simple hypervisor is used to confine a system wide CPU feature such as SMAP to particular process.
CONFidence 2017: Escaping the (sand)box: The promises and pitfalls of modern ...PROIDEA
Users of modern Linux containerization technologies are frequently at loss with what kind of security guarantees are delivered by tools they use. Typical questions range from Can these be used to isolate software with known security shortcomings and rich history of security vulnerabilities? to even Can I used such technique to isolate user-generated and potentially hostile assembler payloads?
Modern Linux OS code-base as well as independent authors provide a plethora of options for those who desire to make sure that their computational loads are solidly confined. Potential users can choose from solutions ranging from Docker-like confinement projects, through Xen hypervisors, seccomp-bpf and ptrace-based sandboxes, to isolation frameworks based on hardware virtualization (e.g. KVM).
The talk will discuss available today techniques, with focus on (frequently overstated) promises regarding their strength. In the end, as they say: “Many speed bumps don’t make a wall
The Java Memory Model describes how threads in the Java programming language interact through memory. Together with the description of single-threaded execution of code, the memory model provides the semantics of the Java programming language.
It is crucial for a programmer to know how, according to Java Language Specification, write correctly synchronized, race free programs.
Finding Xori: Malware Analysis Triage with Automated DisassemblyPriyanka Aash
"In a world of high volume malware and limited researchers we need a dramatic improvement in our ability to process and analyze new and old malware at scale. Unfortunately what is currently available to the community is incredibly cost prohibitive or does not rise to the challenge. As malware authors and distributors share code and prepackaged tool kits, the corporate sponsored research community is dominated by solutions aimed at profit as opposed to augmenting capabilities available to the broader community. With that in mind, we are introducing our library for malware disassembly called Xori as an open source project. Xori is focused on helping reverse engineers analyze binaries, optimizing for time and effort spent per sample.
Xori is an automation-ready disassembly and static analysis library that consumes shellcode or PE binaries and provides triage analysis data. This Rust library emulates the stack, register states, and reference tables to identify suspicious functionality for manual analysis. Xori extracts structured data from binaries to use in machine learning and data science pipelines.
We will go over the pain-points of conventional open source disassemblers that Xori solves, examples of identifying suspicious functionality, and some of the interesting things we've done with the library. We invite everyone in the community to use it, help contribute and make it an increasingly valuable tool for researchers alike."
Finding Xori: Malware Analysis Triage with Automated DisassemblyPriyanka Aash
In a world of high volume malware and limited researchers, we need a dramatic improvement in our ability to process and analyze new and old malware at scale. Unfortunately, what is currently available to the community is incredibly cost prohibitive or does not rise to the challenge. As malware authors and distributors share code and prepackaged tool kits, the white hat community is dominated by solutions aimed at profit as opposed to augmenting capabilities available to the broader community. With that in mind, we are introducing our library for malware disassembly called Xori as an open source project. Xori is focused on helping reverse engineers analyze binaries, optimizing for time and effort spent per sample.
Xori is an automation-ready disassembly and static analysis library that consumes shellcode or PE binaries and provides triage analysis data. This Rust library emulates the stack, register states, and reference tables to identify suspicious functionality for manual analysis. Xori extracts structured data from binaries to use in machine learning and data science pipelines.
We will go over the pain-points of conventional open source disassemblers that Xori solves, examples of identifying suspicious functionality, and some of the interesting things we've done with the library. We invite everyone in the community to use it, help contribute and make it an increasingly valuable tool in this arms race.
VMware’s Nathan Small who works as a Staff Engineer at Global Support Services has put together a great presentation about Advanced Root Cause Analysis. The presentation was designed to give you more insight into how a VMware Technical Support Engineer reviews logs, gathers data and performs in-depth analysis. Nathan is hoping to show you the skills they’re using every day to help determine the root cause for an issue in your environment. With this core knowledge, you will become more self-sufficient within your own environment and be able to diagnose an issue as it occurs rather than after the damage has been done.
LCU14-101: Coresight Overview
---------------------------------------------------
Speaker: Mathieu Poirier
Date: September 15, 2014
---------------------------------------------------
Coresight is the name given to a set of IP blocks providing hardware assisted tracing for ARM based SoCs. This presentation will give an introduction to the technology, how it works and offer a glimpse of the capabilities it offers. More specifically we will go over the components that are part of the architecture and how they are used. Next will be presented the framework Linaro is working on in an effort to provide consolidation and standardization of interfaces to the coresight subsystem. We will conclude with a status of our current upstreaming efforts and how we see the coming months unfolding.
---------------------------------------------------
★ Resources ★
Zerista: http://lcu14.zerista.com/event/member/137703
Google Event: https://plus.google.com/u/0/events/cvb85kqv10dsc4k3e0hcvbr6i58
Presentation: http://www.slideshare.net/linaroorg/lcu14-101-coresight-overview
Video: https://www.youtube.com/watch?v=NzKPd3FByxI&list=UUIVqQKxCyQLJS6xvSmfndLA
Etherpad: http://pad.linaro.org/p/lcu14-101
---------------------------------------------------
★ Event Details ★
Linaro Connect USA - #LCU14
September 15-19th, 2014
Hyatt Regency San Francisco Airport
---------------------------------------------------
http://www.linaro.org
http://connect.linaro.org
Troubleshooting Complex Performance issues - Oracle SEG$ contentionTanel Poder
From Tanel Poder's Troubleshooting Complex Performance Issues series - an example of Oracle SEG$ internal segment contention due to some direct path insert activity.
ARM Linux Booting Process
One must be wondering How this Embedded Devices come to life? What goes into this devices that will tune to users Commands. We are going to explain about Embedded Arm based devices in general as The ARM architecture is a widely used 32-bit RISC processor architecture. In fact, the ARM family accounts for about 75% of all 32-bit CPUs, and about 90% of all embedded 32-bit CPUs.
Let's trace Linux Lernel with KGDB @ COSCUP 2021Jian-Hong Pan
https://coscup.org/2021/en/session/39M73K
https://www.youtube.com/watch?v=L_Gyvdl_d_k
Engineers have plenty of debug tools for user space programs development, code tracing, debugging and analyzing. Except “printk”, do we have any other debug tools for Linux kernel development? The “KGDB” mentioned in Linux kernel document provides another possibility.
Will share how to experiment with the KGDB in a virtual machine. And, use GDB + OpenOCD + JTAG + Raspberry Pi in the real environment as the demo in this talk.
開發 user space 軟體時,工程師們有方便的 debug 工具進行查找、分析、除錯。但在 Linux kernel 的開發,除了 printk 外,還可以有哪些工具可以使用呢?從 Linux kernel document 可以看到 KGDB 相關的資訊,提供了在 kernel 除錯時的另一個可能性。
本次將分享,從建立最簡單環境的虛擬機機開始,到實際使用 GDB + OpenOCD + JTAG + Raspberry Pi 當作展示範例。
Core Scheduling for Virtualization: Where are We? (If we Want it!)Dario Faggioli
Clever scheduling of virtual CPUs on Symmetric MultiThreaded systems for, among other things, making highly impractical side-channel attacks even more unpractical, is no new idea. Unfortunately, via exploiting L1TF and MDS vulnerabilities in Intel CPUs, impractical is becoming practical!
But, instead than disabling SMT, we can avoid that VM share cores. This is called core-scheduling, and implementing it requires quite some scheduler changes. Nevertheless, work toward that is being done for both KVM and Xen (and other hypervisors have it already).
After an overview of L1TF and MDS, we will see how core-scheduling may help and why it is so tricky to implement (although in different ways) for both KVM and Xen.
We will show numbers from performance evaluation of the currently available implementations. In fact, all this only matters if performance are better than turning SMT off.
How Triton can help to reverse virtual machine based software protectionsJonathan Salwan
The first part of the talk is going to be an introduction to the Triton framework to expose its components and to explain how they work together. Then, the second part will include demonstrations on how it's possible to reverse virtual machine based protections using taint analysis, symbolic execution, SMT simplifications and LLVM-IR optimizations.
Similar to Virtual Machine Introspection with Xen (20)
Estimating Security Risk Through Repository MiningTamas K Lengyel
Slides of my talk at the Linux Security Summit Europe '23, discussing results of our study of the OSSF Scorecard and static analysis results to determine if we can find correlation. We also look at other metrics, like GitHub metadata (forks, watches, etc) and cognitive complexity. We find that number of functions and cognitive complexity are the best predictor for the bugs found by our static analysis tools.
Accelerate Enterprise Software Engineering with PlatformlessWSO2
Key takeaways:
Challenges of building platforms and the benefits of platformless.
Key principles of platformless, including API-first, cloud-native middleware, platform engineering, and developer experience.
How Choreo enables the platformless experience.
How key concepts like application architecture, domain-driven design, zero trust, and cell-based architecture are inherently a part of Choreo.
Demo of an end-to-end app built and deployed on Choreo.
Why React Native as a Strategic Advantage for Startup Innovation.pdfayushiqss
Do you know that React Native is being increasingly adopted by startups as well as big companies in the mobile app development industry? Big names like Facebook, Instagram, and Pinterest have already integrated this robust open-source framework.
In fact, according to a report by Statista, the number of React Native developers has been steadily increasing over the years, reaching an estimated 1.9 million by the end of 2024. This means that the demand for this framework in the job market has been growing making it a valuable skill.
But what makes React Native so popular for mobile application development? It offers excellent cross-platform capabilities among other benefits. This way, with React Native, developers can write code once and run it on both iOS and Android devices thus saving time and resources leading to shorter development cycles hence faster time-to-market for your app.
Let’s take the example of a startup, which wanted to release their app on both iOS and Android at once. Through the use of React Native they managed to create an app and bring it into the market within a very short period. This helped them gain an advantage over their competitors because they had access to a large user base who were able to generate revenue quickly for them.
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...Hivelance Technology
Cryptocurrency trading bots are computer programs designed to automate buying, selling, and managing cryptocurrency transactions. These bots utilize advanced algorithms and machine learning techniques to analyze market data, identify trading opportunities, and execute trades on behalf of their users. By automating the decision-making process, crypto trading bots can react to market changes faster than human traders
Hivelance, a leading provider of cryptocurrency trading bot development services, stands out as the premier choice for crypto traders and developers. Hivelance boasts a team of seasoned cryptocurrency experts and software engineers who deeply understand the crypto market and the latest trends in automated trading, Hivelance leverages the latest technologies and tools in the industry, including advanced AI and machine learning algorithms, to create highly efficient and adaptable crypto trading bots
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar
The European Union Agency for Law Enforcement Cooperation (Europol) has suffered an alleged data breach after a notorious threat actor claimed to have exfiltrated data from its systems. Infamous data leaker IntelBroker posted on the even more infamous BreachForums hacking forum, saying that Europol suffered a data breach this month.
The alleged breach affected Europol agencies CCSE, EC3, Europol Platform for Experts, Law Enforcement Forum, and SIRIUS. Infiltration of these entities can disrupt ongoing investigations and compromise sensitive intelligence shared among international law enforcement agencies.
However, this is neither the first nor the last activity of IntekBroker. We have compiled for you what happened in the last few days. To track such hacker activities on dark web sources like hacker forums, private Telegram channels, and other hidden platforms where cyber threats often originate, you can check SOCRadar’s Dark Web News.
Stay Informed on Threat Actors’ Activity on the Dark Web with SOCRadar!
Modern design is crucial in today's digital environment, and this is especially true for SharePoint intranets. The design of these digital hubs is critical to user engagement and productivity enhancement. They are the cornerstone of internal collaboration and interaction within enterprises.
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
Advanced Flow Concepts Every Developer Should KnowPeter Caitens
Tim Combridge from Sensible Giraffe and Salesforce Ben presents some important tips that all developers should know when dealing with Flows in Salesforce.
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamtakuyayamamoto1800
In this slide, we show the simulation example and the way to compile this solver.
In this solver, the Helmholtz equation can be solved by helmholtzFoam. Also, the Helmholtz equation with uniformly dispersed bubbles can be simulated by helmholtzBubbleFoam.
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTier1 app
Even though at surface level ‘java.lang.OutOfMemoryError’ appears as one single error; underlyingly there are 9 types of OutOfMemoryError. Each type of OutOfMemoryError has different causes, diagnosis approaches and solutions. This session equips you with the knowledge, tools, and techniques needed to troubleshoot and conquer OutOfMemoryError in all its forms, ensuring smoother, more efficient Java applications.
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Anthony Dahanne
Les Buildpacks existent depuis plus de 10 ans ! D’abord, ils étaient utilisés pour détecter et construire une application avant de la déployer sur certains PaaS. Ensuite, nous avons pu créer des images Docker (OCI) avec leur dernière génération, les Cloud Native Buildpacks (CNCF en incubation). Sont-ils une bonne alternative au Dockerfile ? Que sont les buildpacks Paketo ? Quelles communautés les soutiennent et comment ?
Venez le découvrir lors de cette session ignite
3. Isolation
● From in-guest kernel/userspace
• Provided by Xen
• Buggy emulation blurres the line
● From trusted computing base (TCB)
• Possible via Xen Security Modules
• Move introspection system out from dom0!
4. Xen Security Modules (XSM)
● Usable since Xen 4.3
and Linux 3.8
● Disaggregate the TCB
● Available on both
x86 and ARM
● Not enabled by default
6. Interposition
● Trap to Xen when something of interest
happens within the guest
• Enable optional hardware traps
• CLTS, HLT, LGDT, LIDT, LLDT, LTR, SGDT, MOV from
CR3, MOV from CR8, MOV to CR0, MOV to CR3, MOV
to CR4, MOV to CR8, MOV DR, MWAIT, INT3, INT0,
MTF, etc..
• See full list in Intel SDM 3c 25.1.3
8. EPT caveats
“An EPT violation that occurs during as a
result of execution of a read-modify-write
operation sets bit 1 (data write). Whether it
also sets bit 0 (data read) is implementation-
specific and, for a given implementation,
may differ for different kinds of read-modify-
write operations.” - Intel SDM 3c
9. EPT caveats
● “Why can't the hardware report the true
characteristics right away?” - Jan Beulich
● “when spec says so, there is a reason but I
can't tell here. :-)” - Kevin Tian
● Well.. let's just mark all write volation as
read violation too..
● Patched in Xen 4.5
10. EPT caveats
● Requires relaxing the
EPT permissions
● Requires singlestepping
the vCPU
● Many VMEXITs not
shown in picture!
● Fixed for Xen 4.6
11. EPT caveats
● Race-condition if VM
has multiple vCPU
● No solution for this
problem prior to Xen 4.6
● New method introduced
in Xen 4.6 that solves
this: altp2m
12. altp2m
● Add support for
multiple EPTs for
second stage lookup!
● One table for
“restricted view”
● One table for “normal
view”
13. altp2m
● EPT pointer can be
swapped in the
VMCS
● No need to change
EPT PTE permissions
all the time
● No race condition
14. Interposition
● Once trapped to Xen, forward events
• Formerly known as mem_event
• Renamed and reworked as vm_event in 4.6
● Request/response via shared memory ring
• Monitor page used for VMI related events
• Two additional pages: memory sharing and
paging
15. vm_event & mem_access & monitor
● Let's keep track of subsystem names
● vm_event is the underlying request/response
mechanism
● mem_access memops control EPT
● monitor_op domctls control all other optional
VM execution traps
16. Event delivery structures in 4.6
● Defined in xen/vm_event.h public header
● Easily extendable and versioned
● No more hackery
● Event response can trigger specific behavior
without additional hypercalls
• Trigger emulation, singlestepping, swap altp2m...
17. VMI with Xen on ARM
● ARM has two-stage paging similar to EPT
● mem_access implemented for 4.6
● Some caveats:
• No singlestepping?
• Can be worked around but it's a pain
• Split-TLB ambiguities
18. ARM mem_access
● ARM PTEs have fewer software
programmable bits as compared to EPT
● ARM mem_access requires maintaining a
Radix-tree to keep track of PTEs with
custom permissions
● Radix-tree keyed with GPA
19. ARM mem_access
● For a 2nd
stage violation ARM provides the
faulting GVA
● GPA only provided if fault happened during
1st
stage pagetable walk
● Xen needs to translate GVA to GPA to
perform Radix-tree lookup
20. ARM mem_access
● Native CPU instructions to perform GVA to
GPA translation
● Performs lookup as data-fetch access
● What if we trapped an instruction-fetch
access?
• In-guest translation hits iTLB
• Xen hits dTLB
21. ● Split-TLB is a real rootkit problem
• ShadowWalker, MoRE, etc..
● Guest can load the iTLB with rootkit page
and dTLB with benign page
● Flushing the TLB does not help, iTLB
translation may be lost if PT no longer
represents the cached translation
ARM Split-TLB problem
22. ● Execution tracing with mem_access may be
problematic
● Use Secure Monitor Call (SMC) instruction
injection!
● Similar to 0xCC injection on x86
● TODO
ARM future work
23. ● altp2m is primarily designed to be used with
Intel #VE
● VMCALL instruction to perform EPTP
switching from the guest
● Hybrid VMI
● KVM events
x86 future work
24. ● Why aren't we using git pulls?
• Patches in mailinglist without branch-off point
specified
• Carving patches from mbox is a pain
• Start providing a public git branch for your
series!!
Lessons learnt
25. ● Provide build-testing for the community
• It's a waste of time to wait for review on
something that's broken
• Check for style issues automatically?
• Travis-CI is OK but can time-out on large series
• https://github.com/tklengyel/xen/tree/travis
Lessons learnt