Corpore Sano Workshop 2019

Corpore Sano Centre arranges an international by-invitation-only expert workshop focusing on next-generation industrial software challenges. This workshop will be arranged at Scandic Ishavshotell, 09.00 – 17.00 April 9, 2019 followed by workshop dinner at Rå sushi restaurant at 19.00.

Program for the workshop:

09.00 – 09.30 Professor Dag Johansen, UiT

Title: “Corporō Sano, Towards Next-generation Enterprise Systems”

Abstract. This talk will provide the context for this workshop outlining on-going collaborative efforts in creating an inter-disciplinary R&D cluster of academics, industry and public sector stake holders. Our main problem is to research and develop robust and efficient technologies so that digitalization can be a facilitator for sustainable organizational development, growth, internationalization and business.  Our use-case is primarily rooted in the financial sector but has wide applicability for almost any Internet focused domain.

09.30 – 10.15 Professor Robbert van Renesse, Cornell University

Title: “X-Containers: Breaking Down Barriers to Improve Performance and Isolation of Cloud-Native Containers

Abstract. Cloud-native” container platforms, such as Kubernetes, have become an integral part of production cloud environments. One of the principles in designing cloud-native applications is called Single Concern Principle, which suggests that each container should handle a single responsibility well.  In this talk, we propose X-Containers as a new security paradigm for isolating single-concerned cloud-native containers. Each container is run with a Library OS (LibOS) that supports multi-processing for concurrency and compatibility. A minimal exokernel ensures strong isolation with small kernel attack surface. We show an implementation of the X-Containers architecture that leverages Xen paravirtualization (PV) to turn Linux kernel into a LibOS. Doing so results in a highly efficient LibOS platform that does not require hardware-assisted virtualization, improves intercontainer isolation, and supports binary compatibility and multi-processing. By eliminating some security barriers such as seccomp and Meltdown patch, X-Containers have up to 27% higher raw system call throughput compared to Docker containers, while also achieving competitive or superior performance on various benchmarks compared to recent container platforms such as Google’s gVisor and Intel’s Clear Containers.

10.15 – 10.45 Break
10.45 – 11.15 PhD student Anders Gjerdrum, UiT

Title: “BoronBase: A mutually distrusting clique-partitioned database implemented in Intel SGX

Abstract. Current state of the art secure data storage and processing systems assume execution on a trusted underlying platform. Compromised software, hardware, or malicious administrators may invalidate this premise, and leave unmitigated applications exposed to attacks.

Hardware based Trusted Execution Environments (TEEs) , like Intel SGX and ARM Trustzone enable new execution models for running software securely in untrusted environments. From this, new trusted storage and processing systems can safeguard sensitive data while executing in an untrusted environment. Examples of users of such systems include: medical researchers, law enforcement, financial analysts, and corporate RnD, all of which have strict privacy requirements regarding curation of data.

We define such cohorts of users with joint access to a shared data repository as a “clique”. A clique consists of 10s to 100s of users requiring authenticated, verifiable and attested access to a shared data repository. Moreover, cliques are considered mutually distrusting and require shielding from other cliques and instances must therefore be hosted in separate hardware isolated contexts.

Limitations in the current generation of SGX reduce amount of memory available for trusted execution and datastore instances must therefore maintain a small memory footprint in order to allow cost efficient colocalization.

This talk presents BoronBase, a hardware isolated per-clique micro database engine allowing partitioned data stores for cohosting mutually distrusted contexts. In BoronBase, data is stored and processed in entirely separate hardware contexts, preventing information leakage and cross tainting between cliques. In addition to shielding data from untrusted underlying infrastructure, BoronBase reduces the risk of data leaks caused by privilege escalation, buffer overflows and SQL injection attacks by jointly attesting the correctness of both server and client. Only pre-approved data queries and data requestors may execute in a BoronBase instance, where clients use is authenticated by also executing in trusted hardware.

11.15 – 12.00 Professor Hein Meling, University of Stavanger

Title: “The Vision of a Global Academic Database of Degree Certificates“.

Abstract. We envision a global academic database of degree certificates issued by universities and other entities whose users are identifiable through biometrics. The goal is to eliminate the existence of fraudulent documents, while at the same time guaranteeing the long-term availability of documents for users.

In this context, we are working on addressing three key challenges:

  • Ensuring that nodes in a storage network keep the documents they are expected to store with sufficient replication degree.
  • Tying documents issued by institutions to real persons using biometrics.
  • Novel communication abstractions for building consensus and reconfiguration algorithms that can help to simplify development of complex systems, such as our global academic database.
12.00 – 13.15 Lunch
13.15 – 14.00 Senior Research Scientist Michael Riegler, Simula

Title: “Applied machine learning in medicine, sport and remote sensing

Abstract. With the huge increase in processing power, machine learning has recently received an increased interest in various areas. In this talk, we will present various real-world case studies ranging from medicine over sports to remote sensing to showcase applications of machine learning. In particular, we will present examples from anomaly detection in the gastrointestinal tract, mental health, ECG analysis, sperm analysis, athlete training monitoring, and disaster event analysis from social networks and remote sensing data. Proposed solutions, challenges and experimental results will be introduced, and some challenges regarding understandable systems and privacy will be touched upon.

14.00 – 14.45 Partner Architect, Aleksander Øhrn, Microsoft

Title: “Machine learning at FAST

Abstract: FAST, being part of the Office organization in Microsoft, owns and drives efforts in Office along three main pillars: People services (e.g., live people cards), search (e.g., retrieval and ranking across enterprise content) and graph services (e.g., operating the Microsoft Graph that relates entities.) All of these areas benefit from applying machine learning to add intelligence – both to create compelling user experiences, and to maximize the efficiency of running the underlying services. This talk will present a selection of ongoing activities at FAST that addresses some of these opportunities.

14.45-15.15 Break
15.15 – 16.00 Professor Jon Petter Rui, Faculty of Law, UiT

Title: “Exploring the Legal Architecture in Next Generation Technologies – Privacy, Security and the Rule of Law

Abstract: Next generation industrial software technologies offer unprecedented possibilities in a wide range of areas. At the same time, a common denominator of these new technologies is that they involve the processing of private citizen’s personal data. The right to one’s personal data is an important aspect of the right to private life. The respect of private life is a cornerstone of any civilized society based upon the rule of law. Without establishing proper limitations on private companies and the state, the processing of personal data will violate and deteriorate the citizen’s inherent right to freedom and human dignity. Thus, there is a need to explore and develop a legal architecture for next generation technologies.

The presentation focuses on one specific area, i.e. new technologies and the collection of financial intelligence by  al institutions according to the European anti-money laundering and terrorist financing regulations.

16.00-17.00 Corporate Vice-President Bjørn Olstad, Microsoft/Director MDCN and Professor Dag Johansen, UiT

“To where from here?”; open discussion and closing.