Upload File

hi, everyone! thank you very much for coming! myname is ......myname is victor costan, and i am here...

  • Home
  • Documents
  • Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,
61
Hi, everyone! Thank you very much for coming! My name is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory, in collaboration with Ilia Lebedev and Prof. Srini Devadas. 1

Upload: others

Post on 08-Jun-2020

3 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

Hi,everyone!Thankyouverymuchforcoming!

My nameisVictorCostan,andIamheretotalkaboutSanctum.

ThisworkwasdoneatMIT’sComputerScienceandAILaboratory,incollaborationwithIliaLebedevandProf.SriniDevadas.

1

Page 2: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

Sanctum’sgoalistrustedcomputing.Inthisrespect,ourworkbelongstothesamefamilyasTPM,TXT,SGX,andTrustZone.However,Sanctumgivesyouunprecedentedprotectionandunprecedentedcontroloveryourcomputer.

MostofSanctum’ssecuritylogicisinsoftware,notinhardwareormicrocode.Oursoftwarecanbeinspectedbythecomputer’sowner,andisamenabletoformalverification.Mostofthissoftwarecanevenbereplacedbythecomputer’sowner.Thisisanunprecedentedlevelofcontrol.

Sanctum’shardwareextensionscanbeappliedtoanyreasonablymodernRISCprocessorcore.IncombinationwithSanctum’ssoftware,thehardwareextensionsprotectagainstanypracticalsoftwareattacks,includingcachetimingattacks.Thisisanunprecedentedlevelofprotection.

OurprototypetargetstheRISC-Varchitecture,andshowsthatSanctumincursacceptableperformanceoverheads.

2

Page 3: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

Togetthingsstarted,letmegiveyouaquickoverview oftrustedcomputing,whichistheproblemthatwe’retryingtosolve.

3

Page 4: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

Sothere’sthisdream,calledsecureremotecomputation.Inthisdream,youcanpackageyourcodeanddataintoabundle,sendthatbundleovertoaremotecomputer,havethecomputerrunyoursoftware,andgettheresultsback.Thethingis,youdon’townthatremotecomputer,soyourelyonmagictoprotectyourcodeanddatafromthecomputer’sowner,andfromtheothersoftwarethatmightberunningonthatcomputer.

Unfortunately,thisisjustadream.Theclosestthingwe’vegotisfullyhomomorphicencryption,andthat’snowherenearlypractical.

4

Page 5: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

Fortunately,wecanapproximatethatdream,ifwe’rewillingtotrustapieceofhardwareontheremote computer.Thetrusted hardwareestablishesasecurecontainerontheremotecomputer,whichprotectsourcomputationanddatafromuntrustedthirdparties.So,ourcomputationissafe,aslongasweonlysendittotrustedhardware.

5

Page 6: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

So,wehaveto makesurethatweonlytalktotrustedhardware.We can usesoftwareattestationforthis.

6

Page 7: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

Veryquickly,softwareattestationmeansthatthereisahardwaremanufacturerthatwetrust,andthemanufactureractsasacertificateauthorityinaPKI.

7

Page 8: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

Eachpieceoftrustedhardwarehas anattestationkey,andthemanufacturerissuesanendorsementcertificateforthepublicattestationkey.Whenweseethatcertificate,weknowthatwecantrustsignaturesissuedbythedevice’sprivateattestationkey,whichisstoredinsecurehardware.

8

Page 9: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

Now,whenwewanttosendourcodeovertotheremotecomputer,wewillfirstaskthe trustedhardwaretocreateasecurecontainerforus,andwewillsendachallengemessagetothatsecurecontainer.

9

Page 10: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

Ourloader codeinthecontainerwillreceivethechallengemessageandcomputearesponsemessage,andthenitwillaskthetrustedhardwaretoproduceanattestationsignature.Theattestationsignaturecoversthemessageproducedbyourcontainer,aswellasameasurementofthesecurecontainer’sinitialstate.Whenwevalidatetheattestationsignature,weareassuredthatwearetalkingtoasecurecontainerthatisinitializedaccordingtoourinstructions,andhostedbyhardwarewetrust.

10

Page 11: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

WhatI’vesaidso farappliestoalltrustedcomputingsolutions.Thesesolutionsdifferbytheamountofsoftwarethatgoesintoasecurecontainer,bythesecurityguaranteesofferedtothecontainer,bythetrustedhardwareandsoftwareneededtoenforcethesystem’ssecurity,andbythedetailsoftheirsoftwareattestationprocess.

TherestofthistalkwillhopefullyclarifywhereSanctumstandsonalltheseaspects.

11

Page 12: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

12

Page 13: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

Oursecurecontainersarecalledenclaves,andtheyare conceptuallyextensionsofapplicationprocesses.Enclavesrunatthelowestpossibleprivilegelevel -- thisisknownasring3inx86,orusermodeanywhereelse.Thismeansenclavescannotcompromisethehostcomputer’sOSorhypervisor.Sowedon’tneedtoworryaboutrestrictingenclaves–thesamemechanismsusedtopoliceuserprocesseswillworkforenclaves.

13

Page 14: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

Enclavescanaccessthememoryspaceoftheirhostapplications,buttheycannotperformsyscalls directly.Thisisbecausewedon’ttrusttheOSkerneltonotdamagetheenclave’sexecutioncontextbeforereturningfromthesyscall.Toworkaroundthis,theenclavemustrelyonitshostapplicationtoproxysyscalls totheOS.Thesyscall proxying requirescodeintheenclave,andinthehostapplication.Weexpectthiscodetobecomeapartoftheruntimelibrary.Forexample,ifyourenclavesoftwareuseslibc,you’dsimplyuseanenclave-awarelibc thatproxiesallthesyscallsitmakes.

14

Page 15: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

Ourenclavesaren’tnew.SGX’senclavesoperateinaverysimilarway.Somethingthat_is_new,andthatI’mreallyproudof– thevastmajorityoursecuritylogicisexpressedinsoftware.Thisisn’tfirmwareormicrocode.It’snormalsoftwarethatexecutesusingtheprocessor’sstandardexecutionfacilities.It’ssoftwarethatthecomputer’sownercaninspectandanalyze.

15

Page 16: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

Thedownsideofnotrelyingonfirmwareormicrocodeisthatoursoftwareisnotautomaticallyisolatedfromrestofthecoderunningonthemachine,andwemayberunningalongsideamalicioushypervisororoperatingsystem.Inordertobeabletoprovideanysortofmeaningfulsecurityguarantees,weassumethatoursoftwarerunsatahigherprivilegelevelthananythingelse.TheRISC-Varchitectureconvenientlyincludesamachinelevel,andourprototypetakesadvantageoftheexistenceofthismachinelevel.

Weruntwopiecesofsoftwareatthemachinelevel.

16

Page 17: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

Thecentralpieceofsoftwareisthesecuritymonitor,whichenforcesSanctum’ssecuritypolicies.Oursecuritymonitoristiny,soitcanbeamenabletoformalverification.Thekeytokeepingitsosmallisthatwedon’tmakeanyresourceallocationdecisionsinthemonitor.Theoperatingsystemgetstomakeallthedecisions,justliketoday.InSanctum,theOSmustsubmititsdecisionstothesecuritymonitorinordertohavethemapplied.Thisway,wecanverifytheOS’decisionsinthemonitor,andwecanrejectdecisionsthatwouldbreakSanctum’ssecurityguarantees.

17

Page 18: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

Theotherpieceofsoftwarethatrunsinmachinemodeisthemeasurementroot.Thiscoderunsatboottime,andsetsupthesoftwareattestationchain.Itdoesnotplayanypartafterthebootprocesscompletes.

18

Page 19: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

Let’sseehowSanctum givescomputerownersunprecedentedcontrolovertheirsystems.

19

Page 20: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

Beforewegointoattestation,let’stalkalittlebitabout Sanctum’sbootprocess.OneofthethingsthatmakeSanctumspecialisthatthesecuritymonitor,whichismostofourlogic,isstoredinflashmemory,andcanbereplacedbythecomputer’sowner.

20

Page 21: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

Inordertokeepthingssecure,werelyonthemeasurementrootcode,whichisstoredintheprocessor’sROM,andcannotbemodified.

21

Page 22: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

Whenthecomputerpowersup,themeasurementrootreadsthesecuritymonitorandcomputesitscryptographichash.

22

Page 23: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

ThishashisfedintosomecryptographicmachinerythateventuallygeneratesanRSAkeypair,whichbecomesthemonitor’sattestationkey.

23

Page 24: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

Finally,themeasurementrootusestheprocessor’sattestationkeytoissueacertificatethatcontainsthemonitor’spublicattestationkeyanditsmeasurementhash.Afterthishappens,themeasurementroothandscontrolovertothesecuritymonitor. Thekeyfacttonotehereisthatthemonitor’scertificatecontainsthemonitor’smeasurement.Ifthecomputerownermodifiesthemonitor,thechangeswillbereflectedintheattestationcertificate.

24

Page 25: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

Ifyou’rehorrifiedbytheprospectofhavingtogenerateanRSAkeyoneveryboot,restassured.Wehaveamechanismtosecurelycachethemonitor’sRSAkeyinflash.Thisway,weonlyneedtoregeneratetheRSAkeywhenthecomputerownerreplacesthesecuritymonitor,whichshouldn’thappenveryoften.

25

Page 26: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

WeborrowedSGX’sgeneralapproachtoenclavemeasurement.Whenanenclaveiscreated,itisinaloadingstate, whereitcannotbeused.TheapplicationthatcreatedtheenclaveworkswiththeOStoallocateresourcestotheenclave,andtoloadtheinitialpagesofcodeanddataintotheenclave.Theparametersofeachloadingoperationarehashedandcontributetotheenclave’smeasurement.

Whentheloadingstageiscomplete,theenclaveisinitialized.Atthispoint,theenclave’smeasurementisfinalized,andthesecuritymonitorwillnotallowtheuseofanyloadingAPIontheenclave.So,anenclave’smeasurementisanaccuraterepresentationoftheenclave’sinitialmemorystate.

26

Page 27: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

Nowthat youknowhowthebootprocessworks,you’llfindtherestoftheattestationtobeprettystandard.I’llgothroughitquickly,soyoucanseetheideasI’veoutlinedcometogether.

27

Page 28: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

First,youtrust theSanctumprocessormanufacturer,whichhasarootkey.

28

Page 29: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

EachSanctumprocessorhasa processorattestationkey,andanendorsementcertificatefromthemanufacturer.

29

Page 30: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

Whenthecomputer powersup,themeasurementrootcreatesamonitorattestationkeypairandissuesanattestationcertificatetothemonitor.

30

Page 31: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

Now,whenyouwanttosendyourcomputationover toaSanctumprocessor,yousendtheenclave’sinitialcontents,andachallengemessage.Theenclavestartsexecuting,readsthechallengemessage,andcomputestheresponsemessage.TheenclaveusesSanctum’ssecureinter-enclavecommunicationprimitivestosendahashofthechallengeresponsetotheSigningEnclave,whichisaspecialenclavethatthesecuritymonitortrusts.

31

Page 32: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

InSanctum,thesecuritymonitordoesnotperformanyoperationsusingtheprivateattestationkey.Instead,thereisaspecialSigningEnclave,whosemeasurementhashishard-codedintothesecuritymonitor.Thisistheonlyenclavethatcanreceivethemonitor’sprivateattestationkey.

32

Page 33: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

So,ourenclavemustuseSanctum’ssecureinter-enclavecommunicationprimitivestosendahashoftheresponsemessagetotheSigningEnclave.TheSigningEnclavecreatesanattestationsignaturethatcoversourenclave’smeasurementandtheresponsemessage.

33

Page 34: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

Atthispoint,wecanexaminetheattestationsignature,andthemonitorandprocessor’sattestationcertificates,toconvinceourselvesthatwearecommunicatingwithanenclavebuiltaccordingtoourinstructions,hostedonaSanctumprocessorrunningasecuritymonitorthatwetrust.

34

Page 35: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

Now,let’stalkabitaboutprotection.

35

Page 36: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

Sanctumwasdesignedformulti-coreprocessorswithasharedlast-levelcache.Thismattersbecauseper-corecachescanbeprotectedprettyeasily– wheneveryouenterorexitanenclave,flushthecore’scaches.Thisisasimplestrategy,andwelikesimple,sothisisexactlywhatwedotoprotectper-corecaches.

ThesharedLLCismoreinteresting,becauseanattackerthreadcouldbeattemptingatimingattackatanytime.Sanctumusesaverysimplescheme,calledpagecoloring,whichIwilloutlinesoon.

36

Page 37: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

Sanctum*almost*scalestoafull-fledgedInteldesktopsystem.Theoneaspectwedon’tsupportishyper-threading.Thisisbecausewithhyper-threading,there’sjustsimplytoomuchmicro-architectural resourcesharing.Wecouldn’tcomeupwithanysanewaytoprotectanenclavethreadfrombeingattackedbyathreadrunningonthesamecore.SoSanctumdoesn’tsupporthyper-threading.

37

Page 38: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

Now,let’sturnontocachetimingattacks.Ataveryhigh level,theseattackstakeadvantageofthefactthatacachehitismuchfasterthanacachemiss.Virtuallyallcachetimingattacksrequiretheattackertoaccessthesamecacheasthevictim,sothememoryaccesstimingcanbeobserved.

Sanctumtargetsset-associativecaches,whicharethemostcommonlyusedcaches.Forthepurposeofthistalk,allthatmattersisthataset-associativecacheismadeupofmultiplesets,andamemorylocationcanonlybecachedinexactlyoneset,dependingonitsaddress.Conceptually,wecanpretendthateachsetinaset-associativecacheisaseparatecachememory.

38

Page 39: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

This istheinsightbehindcachepartitioning.Ifwecanensurethatmemoryownedbyanenclavewillneverendupinthesamecachesetasmemoryownedbyanattacker,wecanconsiderthattheenclaveandtheattackerareusingdifferentcaches.Thisdefeatscachetimingattacks,becausetheyrequireasharedcache.

39

Page 40: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

Set-associativecaches usephysicalmemoryaddressesforsetindexcomputation.

40

Page 41: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

Thisisconvenientforus,becausesoftwareusesaddresstranslation,whichabstractsawayphysicaladdressesalmostcompletely.Wecanasktheoperating systemtostructureitspagetablesinanywaythathelpsusachieveoursecuritygoal.

41

Page 42: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

PagecoloringessentiallycomesdowntothisobservationthatIjustmade.Therearesomephysical addressbitsthatbelongtothecachesetindex,andaresetbythepagetables.Thesebitscanbeusedtocontrolcacheplacement.

42

Page 43: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

Theproblemis,bydefault,thepagecolorbitsareatthebottomofanaddress’physicalpagenumber.IfyoudrawyourDRAMandcoloreachpage,it’sgoingtolooklikethestackontheleft.

Thisisaproblembecause,inSanctum,we’dliketoassignsomecolorsexclusivelytoenclaves.Atthesametime,theoperatingsystemprobablyneedssomelargecontinuouschunksofDRAMforDMA.Forexample,ifyouhaveagraphicscardorahigh-performancenetworkcard,thesethingstendtolikelargeDMAbuffers.

43

Page 44: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

Weuseabitofhardwaretomungethephysicaladdressesastheyenterthecacheunit,andobtainthecolormapontheright.

InSanctum,theDRAMiseffectivelysplitintoequally-sizedDRAMregions,andeachregionmapstodisjointLLCsets.

44

Page 45: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

EachDRAMregioncanbeassignedtoexactlyoneenclave,ortotheoperatingsystemanditsuntrustedprocesses.Mostofeachenclave’svirtualaddressspaceismappedintothehostapplication’smemory,usingthepagetablespreparedbytheOSforthehostapplication.However,onecontinuousrangeisusedtomaptheenclave’sownDRAMregions,usingaseparatesetofpagetablesthatismanagedbytheenclave.

Thisgivesusisolationatalllevels.Thedatainanenclave’sDRAMregionsisnotaccessibletoanyothersoftware.Thepagetablesusedtomaptheenclave’sprivatememoryarealsoisolated,sotheydon’tleakmemoryaccesspatterns.

…andthiswrapsupmyhigh-leveloverview.Theexcitingdetailsareinthepaper!

45

Page 46: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

46

Page 47: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

47

Page 48: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

48

Page 49: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

49

Page 50: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

50

Page 51: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

51

Page 52: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

52

Page 53: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

53

Page 54: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

54

Page 55: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

55

Page 56: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

56

Page 57: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

57

Page 58: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

58

Page 59: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

59

Page 60: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

60

Page 61: Hi, everyone! Thank you very much for coming! Myname is ......Myname is Victor Costan, and I am here to talk about Sanctum. This work was done at MIT’s Computer Science and AI Laboratory,

61


WEATHER, p. 2 TuE: 61° | 43° MIT’s

MIT’S ADT UNIVERSITY

Costan - BELUGA

myname · Title: myname Author: KG Created Date: 10/6/2003 11:51:50 AM

myname - Tumakuru · PDF fileTitle: myname Author: KG Created Date: 9/17/2003 4:15:08 PM

myname · 2015-08-01 · Title: myname Author: KG Created Date: 11/27/2003 4:48:20 PM

MIT’s Strategy for Educational Technology Innovation, 1999

myname · Title: myname Author: KG Created Date: 11/25/2003 4:16:55 PM

Congelados CAYMAN UP - Costan

SIPARIO GREEN ARMONIA GREEN - Costan

The Gold Standard in Coaching | ICF - International Coach … · ex: [email protected] Address Address Address postal / Zip Code Program Onwer 4: E-mail ex: [email protected] Address

MIT’s Technology Review • CyberMedia · nologies conference — EmTech India 2011— brought to you by MIT’s Techology Review and CyberMedia. This is the thrid EmTech conference

VALZER NEXT NOT MULTIPLEXABLE - Costan

SAMBA - Costan

MIT’s Approach to Collaboration

MIT BUILDING SYSTEMSThe DESIGN HANDBOOK describes MIT’s goals for building systems as well as certain special requirements for all construction projects. MIT’s Project Managers,

MIT’s Roles Database: Our Model for Authorizations

HELLO myname is - Sept. 09

Custom: Hi-Tech Solutions Company | Custom SPA · proposte per surgelati firmate Costan _ GrenFit di Costan: untarticolata propose basata su un sisterna logico che garantisce allineamento

myname - Karnataka...Title: myname Author: KG Created Date: 20031006145439Z

GranVista Integral Air - Costan

MIT’s EHS-MS Training System

Installation Guide for SRT/VSRT Executable Software · CustomDriverInstaller.exe VVVV PPPP MyName . Where: VVVV = USB VID . PPPP = USB PID . MyName = device friendly name of your

TANGO BIO - Costan

Myname is Kenichi Yamauchi and I am in charge of ... · Myname is Kenichi Yamauchi and I am in charge of Accounting and Finance. 1. In the FY2018, the Kao Group has reclassified the

MIT’s Eau d’e coli iGEM 2006

TANGO NEXT - Costan

Fusion Energy: MIT’s Pathway to Unlimited Clean Energy

MIT’s Industrial Partnershipsweb.mit.edu/chancellor/IndlPartnershipsRpt.pdf · MIT’s Industrial Partnerships Report of the ad hoc Committee on Industrial Partnership Review Appointed

Hello everyone. Myname is Connie Bodner, and with me ... · Hello everyone. Myname is Connie Bodner, and with me online today are Katherine Maas, Mark Feitl, and Reagan Moore. All

Costan - GRANBERING

MIT’s Stakeholder Framework for Building & Accelerating ... · MIT’s Stakeholder Framework for Building & Accelerating Innovation Ecosystems Generating ‘innovation’ and ‘entrepreneurship’

Lampiran 1 Nama : Costan Rumabar (63 Tahun) Status ...€¦ · Nama : Costan Rumabar (63 Tahun) Status : Kepala Dewan Adat Ambroben, Biak Kota Alamat : Jl. Pramuka, Ambroben, Biak

CROCODILE - Costan

myname - Kar · Title: myname Author: KG Created Date: 20031008111304Z