The Viability of Using Trusted Execution Environments to Protect Data in Node-RED : A study on using AMD-SEV and Intel SGX to protect sensitive data when Node-RED is deployed on the cloud. / Möjligheten att använda Trusted Execution Environments för att skydda data i Node-RED : En studie om användandet av AMD-SEV och Intel SGX för att skydda känslig data när Node-RED körs på molnet.

Leijonberg, Carl

January 2021

The Internet of Things (IoT) consists of a network of physical devices that are connected over the internet for the purpose of exchanging data with other devices and systems. IoT platforms, such as Node-RED, have been introduced in recent times to facilitate communication between different IoT devices. Hosting Node-RED on a cloud service provider might result in the confidentiality of sensitive data on Node-RED being violated by malicious attackers, since users are forced to entrust their sensitive data with the cloud service providers. Using trusted execution environments, such as AMD-SEV and Intel SGX, can mitigate several potential attacks from exposing sensitive information in Node-RED. This thesis investigates if AMD-SEV and Intel SGX are viable options to protect sensitive data in Node-RED when hosted on a cloud service provider. The work in this thesis investigates difficulties encountered when deploying Node-RED on AMD-SEV and Intel SGX, from a usability perspective. Usability is measured by running Node-RED in AMDSEV and Intel SGX, and then recording the complexity of the process. Several performance tests are conducted to measure the performance overhead of Node-RED caused by AMD-SEV. A literature review is also conducted to investigate potential vulnerabilities in AMD-SEV and Intel SGX that could undermine the security of user’s data in Node-RED. The results from this thesis finds that AMD-SEV is a viable option to protect sensitive data in Node-RED when hosted on a cloud service provider. Deploying Node-RED on AMD-SEV is found to be a relatively simple process from a usability perspective. There are some noticeable performance overhead with regards to CPU utilization and TCP throughput, but all other metrics show marginal performance overhead. The potential vulnerabilities in AMD-SEV are not found to be significant enough to make AMD-SEV unviable. The thesis finds Intel SGX to be an unviable solution primarily due to usability. The process of running Node-RED in an Intel SGX enclave is extremely complex and the results show that for most users of Node-RED, this is not viable. The security vulnerabilities found from the literature review, are not significant enough to make Intel SGX an unviable option to protect sensitive user data inNode-RED. / Internet of Things (IoT) är en nätverk av fysiska enheter som är sammankopplade via internet för att kunna skicka data till andra fysiska enheter eller system. IoTplattformar, som Node-RED, har utvecklats för att förenkla kommunikationen mellan olika IoT- enheter. Att köra Node-RED på en molntjänst kan leda till att sekretessen av känslig data på Node-RED blir kränkt av en attack mot molntjänsten. Det är på grund av att användarna av Node-RED är tvungna att tillförlita deras känsliga data till molntjänsten, som deras data kan bli kränkt. Detta problem kan förminskas genom att användarna utnyttjar trusted execution environments som AMD-SEV och Intel SGX för att skydda sin känsliga data på molntjänsten. I denna avhandling, undersöks det om AMDSEV och Intel SGX kan användas för att skydda data i Node-RED när den körs på en molntjänst. Användarvänligheten av att köra Node-RED med AMD-SEV och Intel SGX undersöks genom att uppskatta hur komplicerad denna process är. Flera tester genomförs också för att mäta vilken påverkan AMD-SEV har på prestandan av Node-RED. En litteraturöversikt genomförs också för att undersöka potentiella sårbarheter i AMD-SEV och Intel SGX som skulle kunna utnyttjas för att komma åt känslig data i Node-RED. Resultaten från avhandlingen visar att AMD-SEV kan vara användbart för att skydda känslig data i Node-RED när den körs på en molntjänst. AMDSEV är väldigt användarvänlig när Node-RED ska köras. AMD-SEV har en märkbar påverkan på prestandan av processorn och TCP- genomströmning, men för de andra faktorerna som mäts har AMD-SEV ingen större påverkan. Litteraturöversikten finner inga sårbarheter som är tillräckligt farliga för att göra AMD-SEV oanvändbar för att skydda känslig data iNode-RED. Resultaten från avhandlingen visar dock att Intel SGX inte är särskilt användbar för att skydda känslig data i Node-RED när den körs på en molntjänst. Detta är främst för att det är väldigt komplicerat att köra Node-RED i en Intel SGX enklav från en användarvänlighet synpunkt. De flesta av Node-REDs användare skulle finna det för komplicerat att använda Intel SGX för att skydda sin känsliga data. Litteraturöversikten finner inga sårbarheter allvarliga nog för att göra Intel SGX oanvändbar.

Trusted execution environments

AMD-SEV

Intel SGX

Internet of Things

Node-RED

Computer and Information Sciences

Data- och informationsvetenskap

Effect of double-layer structure in intramucosal gastric signet-ring cell carcinoma on lymph node metastasis: a retrospective, single-center study / 胃粘膜内印環細胞癌における二層構造とリンパ節転移との関連性：単施設後ろ向き研究

Murai, Katsuyuki

23 May 2023

京都大学 / 新制・論文博士 / 博士(医学) / 乙第13552号 / 論医博第2281号 / 新制||医||1067(附属図書館) / (主査)教授 武藤 学, 教授 小濱 和貴, 教授 佐藤 俊哉 / 学位規則第4条第2項該当 / Doctor of Medical Science / Kyoto University / DFAM

Stomach neoplasms

Signet-ring cell carcinoma

Lymph node metastasis

Double-layer structure

490

A Fuzzy Logic Based Virtual Surgery System

Kutuva, Shanthanand R.

05 October 2006

No description available.

nodes

FUZZY

Membership Functions

VIRTUAL SURGERY

Node Cell

fuzzy regions

surgical

Static Scheduling for Synchronous Data Flow Graphs

Khasawneh, Samer Fayiz

13 September 2007

No description available.

SDFG

iteration bound

static schedule

EHG

DFG

node

DATA FLOW GRAPHS

Non-Destructive Investigation & FEA Correlation on an Aircraft Sandwich Composite STructure

Bail, Justin

January 2007

No description available.

Engineering, Aerospace

radome

FEA

FINITE ELEMENT

Shearography

Fixed Node

Vibrometry

boundary conditions

Interior Node Projection Techniques in Sweeping Algorithms

Scott, Michael Andrew

28 November 2005

The enhancement of node projection techniques in sweeping is the subject of this thesis. Sweeping is a method used to produce all-hexahedral finite element meshes on certain classes of geometry. The placement of nodes in the interior of the geometry during the sweeping process remains a difficult problem. This thesis presents advancements in this area which improve the speed of the algorithm and the resulting element quality. A comparison of existing projection methods was performed. The existing Faceted projection sweeping method was extended to be applicable to more general classes of sweepable geometry. This comparison and extension of node projection algorithms led to the development of a new node projection technique: the SmartAffine method. This method builds on previous techniques and is characterized by its speed. Finally, a technique for coupling node projection techniques is presented. This technique characterizes the complexity of the sweepable geometry and applies the most appropriate node projection scheme. This is accomplished without user interaction and improves the speed of the sweeping algorithm and the quality of swept meshes.

mesh generation

finite element analysis

node projection

sweeping

Civil and Environmental Engineering

Hexahedral Mesh Refinement Using an Error Sizing Function

Paudel, Gaurab

01 June 2011

The ability to effectively adapt a mesh is a very important feature of high fidelity finite element modeling. In a finite element analysis, a relatively high node density is desired in areas of the model where there are high error estimates from an initial analysis. Providing a higher node density in such areas improves the accuracy of the model and reduces the computational time compared to having a high node density over the entire model. Node densities can be determined for any model using the sizing functions based on the geometry of the model or the error estimates from the finite element analysis. Robust methods for mesh adaptation using sizing functions are available for refining triangular, tetrahedral, and quadrilateral elements. However, little work has been published for adaptively refining all hexahedral meshes using sizing functions. This thesis describes a new approach to drive hexahedral refinement based upon an error sizing function and a mechanism to compare the sizes of the node after refinement.

Hexahedral

Mesh

Refinement

Error

Sizing

Element

Modeling

Node

Density

Geometry

Triangular

Tetrahedral

Quadrilateral

Civil and Environmental Engineering

Performance Modeling of OpenStack Controller

Samadi Khah, Pouya

January 2016

OpenStack is currently the most popular open source platform for Infrastructure as a Service (IaaS) clouds. OpenStack lets users deploy virtual machines and other instances, which handle different tasks for managing a cloud environment on the fly. A lot of cloud platform offerings, including the Ericsson Cloud System, are based on OpenStack. Despite the popularity of OpenStack, there is currently a limited understanding of how much resource is consumed/needed by components of OpenStack under different operating conditions such as number of compute nodes, number of running VMs, the number of users and the rate of requests to the various services. The master thesis attempts to model the resource demand of the various components of OpenStack in function of different operating condition, identify correlations and evaluate how accurate the predictions are. For this purpose, a physical OpenStack is setup with one strong controller node and eight compute nodes. All the experiments and measurements were on virtual OpenStack components on top of the main physical one. In conclusion, a simple model is generated for idle behavior of OpenStack, starting and stopping a Virtual Machine (VM) API calls which predicts the total CPU utilization based on the number of Compute Nodes and VMs.

Compute node

CPU Utilization

Idle Experiment

OpenStack Controller

and Per API Call.

Computer and Information Sciences

Data- och informationsvetenskap

A comparative study between server and client rendering of real-time data visualizations using D3 / En jämförande studie mellan server- och klientrendering av real-time data visualiseringar med D3

Andersson, Petter, Wörlund, Robert

January 2017

Applying visualization techniques to larger data sets is important to make them easier to explore and analyze. It is also desirable for the visualizations to be done efficiently where there is a continuous flow of data that needs to be visualized. This thesis will explore the performance difference of client and server rendering respectively with the implemented JavaScript visualization framework D3. To perform the comparative study, two prototypes were created, one using server-side rendering and one using client-side rendering. The time was measured and compared between the two versions to see the impact on render and total time for different data sizes and different amount of concurrently connected clients. Rendering times on the client version showed to be faster than on the server, however the data as JSON objects transferred in the client version was significantly larger than the SVG elements in the server version, which leads to a trade off between transferring times and rendering times between the two versions. Increasing the amount of concurrent clients showed to have a significant impact on the server version for larger data sets which was to be expected. / Appliceringen av visualiseringstekniker för större mängder av data är viktigt för att göra dem lättare att utforska och analysera. Det är också önskvärt för visualiseringarna att göras effektivt där det finns ett kontinuerligt flöde av data som behöver visualiseras. Denna rapport utforskar prestanda skillnaderna mellan klient och server rendering med det implementerade JavaScript visualiseringsramverket D3. Den jämförande studien gjordes genom att göra två stycken prototyper, den ena renderade på server-sidan medan den andra renderade på klient-sidan. Olika data mängder och olika antal klienter testades för att se deras påverkan på renderings- och totaltiden för de två versionerna. Renderingstiderna på klient-versionen var snabbare än på servern, dock var datan som skickades på klient-versionen större än de SVG element som skickades på server-versionen vilket leder till att det blir en avvägning mellan överföringstider och renderingstider för de två versionerna. En ökning av antalet parallella klienter hade en stor inverkan på tiden för server-versionen för större datamängder vilket var förväntat.

Computer Sciences

Datavetenskap (datalogi)

Performance Analysis of New Algorithms for Routing in Mobile Ad-hoc Networks. The development and performance evaluation of some new routing algorithms for mobile ad-hoc networks based on the concepts of angle direction and node density.

Elazhari, Mohamed S.

January 2010

Mobile Ad hoc Networks (MANETs) are of great interest to researchers and have become very popular in the last few years. One of the great challenges is to provide a routing protocol that is capable of offering the shortest and most reliable path in a MANET in which users are moving continuously and have no base station to be used as a reference for their position. This thesis proposes some new routing protocols based on the angles (directions) of the adjacent mobile nodes and also the node density. In choosing the next node in forming a route, the neighbour node with the closest heading angle to that of the node of interest is selected, so the connection between the source and the destination consists of a series of nodes that are moving in approximately the same direction. The rationale behind this concept is to maintain the connection between the nodes as long as possible. This is in contrast to the well known hop count method, which does not consider the connection lifetime. We propose three enhancements and modifications of the Ad-hoc on demand distance vector (AODV) protocol that can find a suitable path between source and destination using combinations and prioritization of angle direction and hop count. Firstly, we consider that if there are multiple routing paths available, the path with the minimum hop count is selected and when the hop counts are the same the path with the best angle direction is selected. Secondly, if multiple routing paths are available the paths with the best angle direction are chosen but if the angles are the same (fall within the same specified segment), the path with minimum hop count is chosen. Thirdly, if there is more than one path available, we calculate the average of all the heading angles in every path and find the best one (lowest average) from the source to the destination. In MANETs, flooding is a popular message broadcasting technique so we also propose a new scheme for MANETS where the value of the rebroadcast packets for every host node is dynamically adjusted according to the number of its neighbouring nodes. A fixed probabilistic scheme algorithm that can dynamically adjust the rebroadcasting probability at a given node according to its ID is also proposed; Fixed probabilistic schemes are one of the solutions to reduce rebroadcasts and so alleviate the broadcast storm problem. Performance evaluation of the proposed schemes is conducted using the Global Mobile Information System (GloMoSim) network simulator and varying a number of important MANET parameters, including node speed, node density, number of nodes and number of packets, all using a Random Waypoint (RWP) mobility model. Finally, we measure and compare the performance of all the proposed approaches by evaluating them against the standard AODV routing protocol. The simulation results reveal that the proposed approaches give relatively comparable overall performance but which is better than AODV for almost all performance measures and scenarios examined.

Mobile Ad hoc Networks (MANETs)

Performance analysis

Routing algorithms

Angle direction

Node density