-
Okapi: Efficiently Safeguarding Speculative Data Accesses in Sandboxed Environments
Authors:
Philipp Schmitz,
Tobias Jauch,
Alex Wezel,
Mohammad R. Fadiheh,
Thore Tiemann,
Jonah Heller,
Thomas Eisenbarth,
Dominik Stoffel,
Wolfgang Kunz
Abstract:
This paper introduces Okapi, a new hardware/software cross-layer architecture designed to mitigate Transient Execution Side Channel attacks, including Spectre variants, in modern computing systems. Okapi provides a hardware basis for secure speculation in sandboxed environments and can replace expensive speculation barriers in software.
At its core, it allows for speculative data accesses to a m…
▽ More
This paper introduces Okapi, a new hardware/software cross-layer architecture designed to mitigate Transient Execution Side Channel attacks, including Spectre variants, in modern computing systems. Okapi provides a hardware basis for secure speculation in sandboxed environments and can replace expensive speculation barriers in software.
At its core, it allows for speculative data accesses to a memory page only after the page has been accessed non-speculatively by the current trust domain. The granularity of the trust domains can be controlled in software to achieve different security and performance trade-offs. For environments with less stringent security needs, the features can be deactivated to remove all performance overhead.
Without relying on any software modification, the Okapi hardware features provide full protection against TES breakout attacks, e.g., by Spectre-PHT or Spectre-BTB, at a thread-level granularity. This incurs an average performance overhead of only 3.17% for the SPEC CPU2017 benchmark suite.
Okapi introduces the OkapiReset instruction for additional software-level security support. This instruction allows for fine-grained sandboxing with any custom size, resulting in 2.34% performance overhead in our WebAssembly runtime experiment.
On top, Okapi provides the possibility to eliminate poisoning attacks. For the highest level of security, the OkapiLoad instruction prevents confidential data from being added to the trust domain after a sequential access, thereby enforcing weak speculative non-interference. In addition, we present a hardware extension that limits the exploitable code space for Spectre gadgets to well-defined sections of the program. Therefore, by ensuring the absence of gadgets in these sections, developers can tailor their software towards achieving beneficial trade-offs between the size of a trust domain and performance.
△ Less
Submitted 14 August, 2025; v1 submitted 13 December, 2023;
originally announced December 2023.
-
Uncertainty Modeling and Analysis of the European X-ray Free Electron Laser Cavities Manufacturing Process
Authors:
Jacopo Corno,
Niklas Georg,
Shahnam Gorgi Zadeh,
Johann Heller,
Vladimir Gubarev,
Toon Roggen,
Ulrich Römer,
Christian Schmidt,
Sebastian Schöps,
Julius Schultz,
Alexey Sulimov,
Ursula van Rienen
Abstract:
This paper reports on comprehensive efforts on uncertainty quantification and global sensitivity analysis for accelerator cavity design. As a case study object the TESLA shaped superconducting cavities, as produced for the European X-ray Free Electron Laser (EXFEL), are selected. The choice for these cavities is explained by the available measurement data that can be leveraged to substantiate the…
▽ More
This paper reports on comprehensive efforts on uncertainty quantification and global sensitivity analysis for accelerator cavity design. As a case study object the TESLA shaped superconducting cavities, as produced for the European X-ray Free Electron Laser (EXFEL), are selected. The choice for these cavities is explained by the available measurement data that can be leveraged to substantiate the simulation model. Each step of the manufacturing chain is documented together with the involved uncertainties. Several of these steps are mimicked on the simulation side, e.g. by introducing a random eigenvalue problem. The uncertainties are then quantified numerically and in particular the sensitivities give valuable insight into the systems behavior. We also compare these findings to purely statistical studies carried out for the manufactured cavities. More advanced, adaptive, surrogate modeling techniques are adopted, which are crucial to incorporate a large number of uncertain parameters. The main contribution is the detailed comparison and fusion of measurement results for the EXFEL cavities on the one hand and simulation based uncertainty studies on the other hand. After introducing the quantities of physical interest for accelerator cavities and the Maxwell eigenvalue problem, the details on the manufacturing of the EXFEL cavities and measurements are reported. This is followed by uncertainty modeling with quantification studies.
△ Less
Submitted 12 December, 2019; v1 submitted 21 June, 2019;
originally announced June 2019.
-
On the Two-View Geometry of Unsynchronized Cameras
Authors:
Cenek Albl,
Zuzana Kukelova,
Andrew Fitzgibbon,
Jan Heller,
Matej Smid,
Tomas Pajdla
Abstract:
We present new methods for simultaneously estimating camera geometry and time shift from video sequences from multiple unsynchronized cameras. Algorithms for simultaneous computation of a fundamental matrix or a homography with unknown time shift between images are developed. Our methods use minimal correspondence sets (eight for fundamental matrix and four and a half for homography) and therefore…
▽ More
We present new methods for simultaneously estimating camera geometry and time shift from video sequences from multiple unsynchronized cameras. Algorithms for simultaneous computation of a fundamental matrix or a homography with unknown time shift between images are developed. Our methods use minimal correspondence sets (eight for fundamental matrix and four and a half for homography) and therefore are suitable for robust estimation using RANSAC. Furthermore, we present an iterative algorithm that extends the applicability on sequences which are significantly unsynchronized, finding the correct time shift up to several seconds. We evaluated the methods on synthetic and wide range of real world datasets and the results show a broad applicability to the problem of camera synchronization.
△ Less
Submitted 22 April, 2017;
originally announced April 2017.
-
Hand-Eye and Robot-World Calibration by Global Polynomial Optimization
Authors:
Jan Heller,
Didier Henrion,
Tomas Pajdla
Abstract:
The need to relate measurements made by a camera to a different known coordinate system arises in many engineering applications. Historically, it appeared for the first time in the connection with cameras mounted on robotic systems. This problem is commonly known as hand-eye calibration. In this paper, we present several formulations of hand-eye calibration that lead to multivariate polynomial opt…
▽ More
The need to relate measurements made by a camera to a different known coordinate system arises in many engineering applications. Historically, it appeared for the first time in the connection with cameras mounted on robotic systems. This problem is commonly known as hand-eye calibration. In this paper, we present several formulations of hand-eye calibration that lead to multivariate polynomial optimization problems. We show that the method of convex linear matrix inequality (LMI) relaxations can be used to effectively solve these problems and to obtain globally optimal solutions. Further, we show that the same approach can be used for the simultaneous hand-eye and robot-world calibration. Finally, we validate the proposed solutions using both synthetic and real datasets.
△ Less
Submitted 13 February, 2014;
originally announced February 2014.
