Re: As I only live a few miles from The Hill...
I thought that BT and Virgin Media were the only 2 providers which run cables to your house...
34 posts • joined 28 Mar 2013
I notice Oracle is not on the list.
All affected people (including on Azure) over to Oracle Cloud.
When that is added then over to Rackspace's Cloud then to...then to..all the way to Dave's Cloud aka Billy Bob's Cloud...aka...keep changing the name/owner every week!
"Well,shucks...sure we can move them there VM's to Suzie's Cloud for yer, yeeee-haw!"
Not that any of the smaller Cloud providers are cowboy's...perish the thought!
The idea is to put your decryption code in the enclave and then then send encrypted text and a description of the operation you want to perform to the enclave.
The unencrypted data never leaves the enclave, not even the hypervisor sees the unencrypted data.
E.g. to search encrypted data in sql server
What I do not get is how you get the decryption keys into the enclave securely!
"The client driver sends the column encryption keys required for the operations to the secure enclave (over a secure channel)."
What secure channel which the hypervisor cannot see? Hmmm..
Sounds like "Always Encrypted with Enclaves http://smooth1.co.uk/sqlbits2018/sqlbits2018roundup.html#2
1. Is this protected against https://www.theregister.co.uk/2018/03/28/intel_shrugs_off_new_sidechannel_attacks_on_branch_prediction_units_and_sgx/ with "utilization of an appropriate side channel attack-resistant crypto implementation inside the enclave"
2. has it been rebuilt with https://www.theregister.co.uk/2018/03/01/us_researchers_apply_spectrestyle_tricks_to_break_intels_sgx/ " Enclave code will need to be rebuilt and redeployed using the updated development kit to be protected from malicious sysadmins."
3. As per my blog entry above "On first use the client driver and enclave negotiate a shared secret and then setup the secure tunnel" Surely to negotiate a shared secret there is a small initial window where you first have to trust the hypervisor?
"In a production environment, we recommend that you use static IP addresses in conjunction the virtual IP address of a Failover Cluster Instance. We recommend against using DHCP in a production environment. In the event of down time, if the DHCP IP lease expires, extra time is required to re-register the new DHCP IP address associated with the DNS name. "
Just checking Wikipedia https://en.wikipedia.org/wiki/Software_Guard_Extensions#cite_note-14 we see that
a) There was a Prime+Probe attack which used "certain CPU instructions in lieu of a fine-grained timer to exploit cache DRAM side-channels" and a coutermeasure was published
b) The LSDS group at Imperial College London showed a proof of concept that the Spectre speculative execution security vulnerability can be adapted to attack the secure enclave and the code is dated 2 months ago.
I wonder if the "compiler-based tool, DR.SGX" which was a coutermeasure for Prime+Probe could be extended to handle Spectre?
6000 machines...so run 200 machines at a time for 30 times.
What is this obession with 10,100,2000,rest and doing a massive population in 5 steps?
Even if 2110 machines worked fine how long would it take to fix the last 3900 machines if enough of them broke?
For failures it is not the number of times you have done it before but the size of the failure domain and how long it takes to fix.
it should be possible to rollout automatically in small batches and even had multiple upgrades rolling out at the same time on an automatic schedule, ripple across the farm!
If it is automated and scheduled who cares how many batches of upgrades are run?
You would catch errors with less impact that way as the failed batch size would be smaller and it would be minimal extra work if designed correctly.
This is the next stage in cloud service design - being able to have slower rolling upgrades with smaller batches!
This will shutdown 1040 servers, please type 1040 to continue.
This will reduce capacity enough to cause a service failure for the following 8 services
Please type "8 SERVICE FAILURES" to continue.
(Transactions) or (integrity checks).
Integrity checks i expect are unique/primary/check/foreign key constraints. We used to disable them when doing data migrations until the end.
"You can't disable logging on mssql.".
Pity, you can on Informix!
Biting the hand that feeds IT © 1998–2019