Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1...

97
Achieving Keyless CDNs with Conclaves Stephen Herwig Dave Levin Christina Garman

Transcript of Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1...

Page 1: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Achieving Keyless CDNswith Conclaves

Stephen Herwig

Dave LevinChristina Garman

Measurement and Analysis of Private Key Sharing in

the HTTPS Ecosystem

Frank Cangialosi, Taejoong Chung, David Choffnes, Dave Levin, Bruce M. Maggs, Alan Mislove, Christo Wilson

Page 2: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

User Bank

Page 3: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

customer’s origin server

Content Delivery Networks host their customers’ websites

Page 4: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

CDNs

customer’s origin server

CDN’sedge server

Content Delivery Networks host their customers’ websites

Page 5: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

CDNs CDNs reduce page load times

CDN’sedge server

customer’s origin server

Page 6: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

CDNs CDNs reduce page load times

CDN’sedge server

customer’s origin server

Page 7: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

CDNsCDNs mitigate and block attacks

CDN’sedge server

customer’s origin server

Page 8: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

CDNsCDNs mitigate and block attacks

CDN’sedge server

customer’s origin server

Page 9: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Customers share their keys with CDNs

CDN’sedge server

Page 10: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

bank’s private key

Customers share their keys with CDNs

CDN’sedge server

Page 11: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Key sharing is widespread

Cangialosi et al., CCS 2016

Page 12: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Key sharing is widespread

Who shares?

0

0.2

0.4

0.6

0.8

1

0 200k 400k 600k 800k 1M

Fra

cti

on

of

Do

main

s H

oste

do

n T

hir

d-p

art

y P

rovid

ers

Alexa Site Rank (bins of 10,000)

At least one key sharedAll keys shared

43% of the top 10k most popular websites

Cangialosi et al., CCS 2016

Page 13: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Key sharing is widespread

Who shares?

0

0.2

0.4

0.6

0.8

1

0 200k 400k 600k 800k 1M

Fra

cti

on

of

Do

main

s H

oste

do

n T

hir

d-p

art

y P

rovid

ers

Alexa Site Rank (bins of 10,000)

At least one key sharedAll keys shared

43% of the top 10k most popular websites

Cangialosi et al., CCS 2016

The web has consolidated keys in the hands of a few CDNs

Page 14: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Keyless SSL

Introduced by Cloudflare to mitigate key sharing

Page 15: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Keyless SSL

Introduced by Cloudflare to mitigate key sharing

Private keys stay at the key server (origin)

Page 16: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Keyless SSL

Introduced by Cloudflare to mitigate key sharing

Private keys stay at the key server (origin)

Key server performs actions requiring private key

Page 17: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Keyless SSL

Introduced by Cloudflare to mitigate key sharing

Private keys stay at the key server (origin)

Key server performs actions requiring private key

Page 18: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Keyless SSL

Introduced by Cloudflare to mitigate key sharing

Private keys stay at the key server (origin)

Key server performs actions requiring private key

Page 19: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Keyless SSL

Introduced by Cloudflare to mitigate key sharing

Private keys stay at the key server (origin)

Key server performs actions requiring private key

Page 20: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Keyless SSL

Introduced by Cloudflare to mitigate key sharing

Private keys stay at the key server (origin)

Key server performs actions requiring private key

Page 21: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Keyless SSL

Introduced by Cloudflare to mitigate key sharing

Private keys stay at the key server (origin)

Key server performs actions requiring private key

Page 22: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Key server performs actions requiring private key

Keyless SSL

Introduced by Cloudflare to mitigate key sharing

Private keys stay at the key server (origin)

The CDN learns all session keys

Page 23: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Key server performs actions requiring private key

Keyless SSL

Introduced by Cloudflare to mitigate key sharing

Private keys stay at the key server (origin)

The CDN learns all session keys

In practice: CDN

Page 24: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Third-party resources on

using Legacy applications

Can we Maintain privacy

?

Page 25: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Third-party resources

Legacy applications

Maintain privacy The CDN is no more trusted than a standard on-path attacker

Page 26: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Third-party resources

Legacy applications

Maintain privacy The CDN is no more trusted than a standard on-path attacker

No changes to existing code-bases; facilitates deployment and adoption

Page 27: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Third-party resources

Legacy applications

Maintain privacy The CDN is no more trusted than a standard on-path attacker

Leverage the existing infrastructure.One additional assumption: TEEs

No changes to existing code-bases; facilitates deployment and adoption

Page 28: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Third-party resources

Legacy applications

Maintain privacy The CDN is no more trusted than a standard on-path attacker

Leverage the existing infrastructure.One additional assumption: TEEs

No changes to existing code-bases; facilitates deployment and adoption

Page 29: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Third-party resources

Legacy applications

Maintain privacy The CDN is no more trusted than a standard on-path attacker

Leverage the existing infrastructure.One additional assumption: TEEs

No changes to existing code-bases; facilitates deployment and adoption

Phoenix

Page 30: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Trusted execution environments

Hardware

OperatingSystem

Application

By default, assume all system components are untrusted

Code

Service

Page 31: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Trusted execution environments

Hardware

OperatingSystem

Application

By default, assume all system components are untrusted

Small trusted CPU Resistant to physical attacks

Code

Service

Page 32: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Trusted execution environments

Hardware

OperatingSystem

Application

By default, assume all system components are untrusted

Small trusted CPU Resistant to physical attacks

Code

Service

Enclave: Isolated application memory

Enclave

Page 33: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Trusted execution environments

Hardware

OperatingSystem

Application

By default, assume all system components are untrusted

Small trusted CPU Resistant to physical attacks

Code

Service

Model: Code and data can safely reside inside an enclave

Enclave: Isolated application memory

Enclave

Page 34: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Hardware

OperatingSystem

Application Code

Service

Practical limitations of TEEs

Syscalls

Untrusted

Applications inside enclaves cannot make syscalls

Enclave

Page 35: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Hardware

OperatingSystem

Service

libOSesIdea: Implement a small “OS” inside the enclave

Enclave

Page 36: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Hardware

OperatingSystem

Service

Application Code

libOS Service

libOSesIdea: Implement a small “OS” inside the enclave

Enclave

Page 37: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Hardware

OperatingSystem

Service

Application Code

libOS Service

libOSes

"Syscalls"

Idea: Implement a small “OS” inside the enclave

Enclave

Page 38: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Hardware

OperatingSystem

Service

Application Code

libOS Service

libOSes

"Syscalls"

Idea: Implement a small “OS” inside the enclave

Enclave

Service locallywhen possible

Page 39: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Hardware

OperatingSystem

Service

Application Code

libOS Service

libOSes

"Syscalls"

Idea: Implement a small “OS” inside the enclave

Enclave

Service locallywhen possible

Syscalls

Page 40: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Graphene-SGX

Tsai et al., ATC 2017

A libOS for Intel SGX that supports some services

Page 41: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Graphene-SGXA libOS for Intel SGX that supports some services

fork

exec

Graphene’s supported services:

pipes, signals, semaphores

Tsai et al., ATC 2017

Page 42: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Graphene-SGXA libOS for Intel SGX that supports some services

fork

exec

Graphene’s supported services:

pipes, signals, semaphores

What constitutes a CDN?

Cache

Web Application Firewall

Key Server

Web serverMultipletenants

Needs plaintext

Needs disk

Needs safe

storage

Page 43: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Graphene-SGXA libOS for Intel SGX that supports some services

fork

exec

Graphene’s supported services:

pipes, signals, semaphores

What constitutes a CDN?

Cache

Web Application Firewall

Key Server

Reading & writing files

Shared memory

Also critical to a CDN:

Access to private keys

Web serverMultipletenants

Needs plaintext

Needs disk

Needs safe

storage

Page 44: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

The first truly keyless CDN

fork

exec

Graphene’s supported services:

pipes, signals, semaphores

What constitutes a CDN?

Cache

Web Application Firewall

Key Server

Web serverMultipletenants

Needs plaintext

Needs disk

Needs safe

storage

PhoenixContainers of enclavesConclaves

Page 45: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

The first truly keyless CDN

fork

exec

Graphene’s supported services:

pipes, signals, semaphores

What constitutes a CDN?

Cache

Web Application Firewall

Key Server

Reading & writing files

Shared memory

Also critical to a CDN:

Access to private keys

Web serverMultipletenants

Needs plaintext

Needs disk

Needs safe

storage

PhoenixContainers of enclavesConclaves

Page 46: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Enclave

Enclave

Web server

Cache

Web Application Firewall

Enclave

Web server

Cache

Web Application Firewall

The first truly keyless CDN

Key Server

PhoenixContainers of enclavesConclaves

Enclave

Web server

Cache

Web Application Firewall

Insight: Treat enclaves like a distributed system Implement services using kernel servers

Page 47: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Enclave

Enclave

Web server

Cache

Web Application Firewall

Enclave

Web server

Cache

Web Application Firewall

The first truly keyless CDN

Key Server

PhoenixContainers of enclavesConclaves

Enclave

Web server

Cache

Web Application Firewall

Insight: Treat enclaves like a distributed system Implement services using kernel servers

TLS

Enclaves mutually authenticate via

attested TLS

Knauth et al., 2018

Page 48: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Enclave

Enclave

Web server

Cache

Web Application Firewall

Enclave

Web server

Cache

Web Application Firewall

The first truly keyless CDN

Key Server

PhoenixContainers of enclavesConclaves

Enclave

Web server

Cache

Web Application Firewall

Insight: Treat enclaves like a distributed system Implement services using kernel servers

TLS

Private key operation

Enclaves mutually authenticate via

attested TLS

Knauth et al., 2018

Page 49: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Enclave

Enclave

Web server

Cache

Web Application Firewall

Enclave

Web server

Cache

Web Application Firewall

The first truly keyless CDN

Key Server

PhoenixContainers of enclavesConclaves

Enclave

Web server

Cache

Web Application Firewall

Insight: Treat enclaves like a distributed system Implement services using kernel servers

TLS

Private key operation

ResultEnclaves mutually authenticate via

attested TLS

Knauth et al., 2018

Page 50: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

EnclaveEnclave

Web server

Cache

Web Application Firewall

Enclave

Web server

Cache

Web Application Firewall

The first truly keyless CDN

Key Server

PhoenixContainers of enclavesConclaves

Enclave

Web server

Cache

Web Application Firewall

Insight: Treat enclaves like a distributed system Implement services using kernel servers

Enclave

Memory Server

Page 51: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

EnclaveEnclave

Web server

Cache

Web Application Firewall

Enclave

Web server

Cache

Web Application Firewall

The first truly keyless CDN

Key Server

PhoenixContainers of enclavesConclaves

Enclave

Web server

Cache

Web Application Firewall

Insight: Treat enclaves like a distributed system Implement services using kernel servers

Enclave

Memory Server

Shared memory read

Page 52: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

EnclaveEnclave

Web server

Cache

Web Application Firewall

Enclave

Web server

Cache

Web Application Firewall

The first truly keyless CDN

Key Server

PhoenixContainers of enclavesConclaves

Enclave

Web server

Cache

Web Application Firewall

Insight: Treat enclaves like a distributed system Implement services using kernel servers

Enclave

Memory Server

Shared memory read

Shared memory write

Page 53: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

EnclaveEnclave

Web server

Cache

Web Application Firewall

Enclave

Web server

Cache

Web Application Firewall

The first truly keyless CDN

Key Server

PhoenixContainers of enclavesConclaves

Enclave

Web server

Cache

Web Application Firewall

Insight: Treat enclaves like a distributed system Implement services using kernel servers

Enclave

Memory Server

Page 54: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Application Code

libOS Service

Enclave

Enclave

Memory Server

Hardware

OperatingSystem

Service

Shared memoryConclaves

Page 55: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Application

libOS Service

Enclave

Enclave

Memory Server

Hardware

OperatingSystem

Service

fcntl()

Shared memoryConclaves

Page 56: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Application

libOS Service

Enclave

"Syscall"Enclave

Memory Server

Hardware

OperatingSystem

Service

fcntl()

Shared memoryConclaves

Page 57: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Application

libOS Service

Enclave

"Syscall"Enclave

Memory ServerRPC

Hardware

OperatingSystem

Service

fcntl()

Shared memoryConclaves

Page 58: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Application

libOS Service

Enclave

"Syscall"Enclave

Memory ServerRPC

Hardware

OperatingSystem

Service

Coordinates locks Maintains memory locations

fcntl()

Shared memoryConclaves

Page 59: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Application

libOS Service

Enclave

"Syscall"Enclave

Memory Server

Hardware

OperatingSystem

Service

Coordinates locks Maintains memory locations

fcntl()

Shared memoryConclaves

Page 60: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Application

libOS Service

Enclave

"Syscall"Enclave

Memory Server

Hardware

OperatingSystem

Service

SyscallCoordinates locks Maintains memory locations

fcntl()

Shared memoryConclaves

Page 61: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Application

libOS Service

Enclave

"Syscall"Enclave

Memory Server

Hardware

OperatingSystem

Service

SyscallCoordinates locks Maintains memory locations

fcntl()

Shared memoryConclaves

Page 62: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Application

libOS Service

Enclave

"Syscall"Enclave

Memory Server

Hardware

OperatingSystem

Service

Syscall

Memory file Encrypted on untrusted disk

Coordinates locks Maintains memory locations

fcntl()

Shared memoryConclaves

Page 63: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Application

libOS Service

Enclave

"Syscall"Enclave

Memory Server

Hardware

OperatingSystem

Service

Syscall

Memory file Encrypted on untrusted disk

Coordinates locks Maintains memory locations

fcntl()

Shared memoryConclaves

Page 64: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Application

libOS Service

Enclave

Enclave

Memory Server

Hardware

OperatingSystem

Service

Memory file Encrypted on untrusted disk

Coordinates locks Maintains memory locations

Shared Memoryfcntl()

Shared memoryConclaves

Page 65: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

EnclaveEnclave

Web server

Cache

Web Application Firewall

Enclave

Web server

Cache

Web Application Firewall

The first truly keyless CDN

Key Server

PhoenixContainers of enclavesConclaves

Enclave

Web server

Cache

Web Application Firewall

Insight: Treat enclaves like a distributed system Implement services using kernel servers

Enclave

Memory Server

Page 66: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

EnclaveEnclave

Web server

Cache

Web Application Firewall

Enclave

Web server

Cache

Web Application Firewall

The first truly keyless CDN

Key Server

PhoenixContainers of enclavesConclaves

Enclave

Web server

Cache

Web Application Firewall

Insight: Treat enclaves like a distributed system Implement services using kernel servers

Enclave

Memory Server

Enclave

File Server

Page 67: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

EnclaveEnclave

Web server

Cache

Web Application Firewall

Enclave

Web server

Cache

Web Application Firewall

The first truly keyless CDN

Key Server

PhoenixContainers of enclavesConclaves

Enclave

Web server

Cache

Web Application Firewall

Insight: Treat enclaves like a distributed system Implement services using kernel servers

Enclave

Memory Server

Enclave

File Server

Page 68: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

EnclaveEnclave

Web server

Cache

Web Application Firewall

Enclave

Web server

Cache

Web Application Firewall

The first truly keyless CDN

Key Server

PhoenixContainers of enclavesConclaves

Enclave

Web server

Cache

Web Application Firewall

Insight: Treat enclaves like a distributed system Implement services using kernel servers

Enclave

Memory Server

Enclave

File Server

File access

Page 69: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

EnclaveEnclave

Web server

Cache

Web Application Firewall

Enclave

Web server

Cache

Web Application Firewall

The first truly keyless CDN

Key Server

PhoenixContainers of enclavesConclaves

Enclave

Web server

Cache

Web Application Firewall

Insight: Treat enclaves like a distributed system Implement services using kernel servers

Enclave

Memory Server

Enclave

File Server

File access

Verified data

Page 70: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Application Code

libOS Service

Enclave

Enclave

File Server

Hardware

OperatingSystem

Service

File system accessConclaves

Page 71: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Application Code

libOS Service

Enclave

Enclave

File Server

File system accessConclaves

Hardware

OperatingSystem

Service

Merkle TreeEncrypted on untrusted disk

Page 72: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Application

libOS Service

Enclave

Enclave

File Server

Hardware

OperatingSystem

Service

read()

Conclaves

Merkle TreeEncrypted on untrusted disk

File system access

Page 73: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Application

libOS Service

Enclave

"Syscall"Enclave

File Server

Hardware

OperatingSystem

Service

read()

Conclaves

Merkle TreeEncrypted on untrusted disk

File system access

Page 74: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Application

libOS Service

Enclave

"Syscall"Enclave

File ServerRPC

Hardware

OperatingSystem

Service

read()

Conclaves

Merkle TreeEncrypted on untrusted disk

File system access

Page 75: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Application

libOS Service

Enclave

"Syscall" Enclave

read()

libOS

Conclaves

Hardware

OperatingSystem

Service

Merkle TreeEncrypted on untrusted disk

RPC

ext2fs server

Block layerMerkle root

File system access

Page 76: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Application

libOS Service

Enclave

"Syscall" Enclave

read()

libOS

Conclaves

Hardware

OperatingSystem

Service

Merkle TreeEncrypted on untrusted disk

RPC

Syscall

ext2fs server

Block layerMerkle root

File system access

Page 77: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Application

libOS Service

Enclave

"Syscall" Enclave

read()

libOS

Conclaves

Hardware

OperatingSystem

Service

Merkle TreeEncrypted on untrusted disk

RPC

Syscall

ext2fs server

Block layerMerkle root

File system access

Page 78: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Application

libOS Service

Enclave

"Syscall" Enclave

read()

libOS

Conclaves

Hardware

OperatingSystem

Service

Merkle TreeEncrypted on untrusted disk

RPC

Syscall

ext2fs server

Block layerMerkle root

File system access

Page 79: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Application

libOS Service

Enclave

"Syscall" Enclave

read()

libOS

Conclaves

Hardware

OperatingSystem

Service

Merkle TreeEncrypted on untrusted disk

RPC

Syscall

Verifies branches

Decrypts blocks

ext2fs server

Block layerMerkle root

File system access

Page 80: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Application

libOS Service

Enclave

"Syscall" Enclave

read()

libOS

Conclaves

Hardware

OperatingSystem

Service

Merkle TreeEncrypted on untrusted disk

RPC

Syscall

Verifies branches

Decrypts blocks

ext2fs server

Block layerMerkle root

File system access

Page 81: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Application

libOS Service

Enclave

read()

File system accessConclaves

Hardware

OperatingSystem

Service

Merkle TreeEncrypted on untrusted disk

Enclave

ext2fs server

libOS

Block layerMerkle root

Data Verifies branches

Decrypts blocks

Page 82: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

EnclaveEnclave

Web server

Cache

Web Application Firewall

Enclave

Web server

Cache

Web Application Firewall

Key ServerEnclave

Web server

Cache

Web Application Firewall

Execution environment is a distributed system of enclaves

Enclave

Memory Server

Enclave

File Server

The first truly keyless CDNPhoenixContainers of enclavesConclaves

Page 83: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

EnclaveEnclave

Web server

Cache

Web Application Firewall

Enclave

Web server

Cache

Web Application Firewall

Key ServerEnclave

Web server

Cache

Web Application Firewall

Execution environment is a distributed system of enclaves

Enclave

Memory Server

Enclave

File Server

Conclave

The first truly keyless CDNPhoenixContainers of enclavesConclaves

Page 84: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

EnclaveEnclave

Web server

Cache

Web Application Firewall

Enclave

Web server

Cache

Web Application Firewall

The first truly keyless CDN

Key Server

PhoenixContainers of enclavesConclaves

Enclave

Web server

Cache

Web Application Firewall

Execution environment is a distributed system of enclaves

Enclave

Memory Server

Enclave

File Server

Conclave

fork

exec

Conclaves supported services:

pipes, signals, semaphores

Reading & writing files

Shared memory

Access to private keys

Trusted time server

Page 85: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

The first truly keyless CDNPhoenix

Page 86: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

The first truly keyless CDNPhoenix

Websites delegate provisioning to CDNs

Phoenix supports many deployment configurations

Other details in the paper

Supports multi-tenancyBoth CDN and website can store private data

Page 87: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

The first truly keyless CDNPhoenix

Websites delegate provisioning to CDNs

Phoenix supports many deployment configurations

Other details in the paper

Conclave Conclave Conclave

Supports multi-tenancyBoth CDN and website can store private data

Page 88: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

The first truly keyless CDNPhoenix

Conclave Conclave Conclave

ARTIFACTEVALUATED

PASSED

Implemented on top of Graphene-SGX

Evaluated to understand throughput and scalability

Page 89: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

0 500

1000 1500 2000 2500 3000 3500

1 KiB 10 KiB 100 KiB

# Workers1 2 4 8

Thro

ughp

ut (r

eque

sts/

sec)

Downloaded file size

Fetch a file 10,000 times over non-persistent HTTPS connections from among 128 concurrent clients

What is Phoenix’s request throughput?

Page 90: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

0 500

1000 1500 2000 2500 3000 3500

1 KiB 10 KiB 100 KiB

# Workers1 2 4 8

Thro

ughp

ut (r

eque

sts/

sec)

Downloaded file size

Linux

Fetch a file 10,000 times over non-persistent HTTPS connections from among 128 concurrent clients

NGINX running on normal Linux

What is Phoenix’s request throughput?

Page 91: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

0 500

1000 1500 2000 2500 3000 3500

1 KiB 10 KiB 100 KiB

# Workers1 2 4 8

Thro

ughp

ut (r

eque

sts/

sec)

Downloaded file size

LinuxPhoenix-cryptPhoenix-vericrypt

Fetch a file 10,000 times over non-persistent HTTPS connections from among 128 concurrent clients confidentiality

confidentiality & integrity

What is Phoenix’s request throughput?

Page 92: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

How does Phoenix scale to multiple tenants?

0 200 400 600 800

1000 1200 1400 1600

1 2 4 6

Tim

e pe

r req

uest

(ms)

Number of tenants

Linux (shared NGINX)

40 ms

264 ms

Page 93: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

0 200 400 600 800

1000 1200 1400 1600

1 2 4 6

Tim

e pe

r req

uest

(ms)

Number of tenants

Linux (shared NGINX)

Phoenix-crypt (shared nothing)

816

32

48

How does Phoenix scale to multiple tenants?

264 ms

40 ms127 ms

1437 ms

Number of enclaves

Page 94: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

0 200 400 600 800

1000 1200 1400 1600

1 2 4 6

Tim

e pe

r req

uest

(ms)

Number of tenants

Linux (shared NGINX)Phoenix-crypt (shared NGINX)

810

14

18

Phoenix-crypt (shared nothing)

816

32

48

Number of enclaves

How does Phoenix scale to multiple tenants?

264 ms

40 ms

128 ms127 ms

1437 ms

806 ms

Page 95: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

0 200 400 600 800

1000 1200 1400 1600

1 2 4 61

1K

10K

100K

1M

10M

Tim

e pe

r req

uest

(ms)

SGX

pagi

ng e

vent

s

Number of tenants

Linux (shared NGINX)Phoenix-crypt (shared NGINX)

810

14

18

Phoenix-crypt (shared nothing)

816

32

48

How does Phoenix scale to multiple tenants?

Number of enclaves

264 ms

40 ms

128 ms

806 ms

127 ms

1437 ms

Page 96: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

Other results

Benchmark overhead of running WAFs (ModSecurity) in SGX (overhead about the same as in Linux)

Perform detailed micro-benchmarks of each kernel server

Compare standard ocalls to exitless ocalls(not always better)

Page 97: Achieving Keyless CDNs with Conclaves · Key sharing is widespread Who shares? 0 0.2 0.4 0.6 0.8 1 0 200k 400k 600k 800k 1M Fraction of Domains Hosted on Third-party Providers Alexa

ARTIFACTEVALUATED

PASSED

Moderate performance overheads

https://phoenix.cs.umd.edu/

0 500

1000 1500 2000 2500 3000 3500

1 KiB 10 KiB 100 KiB

# Workers1 2 4 8

Thro

ughp

ut (r

eque

sts/

sec)

Downloaded file size

LinuxPhoenix-cryptPhoenix-vericrypt

The first truly keyless CDNPhoenixContainers of enclavesConclaves

Run legacy apps in enclaves


Main Injector at Fermilab. Silicon Vertex Tracker Integrated system of barrels and disks ~ 800k total channels.

Main Injector at Fermilab. Silicon Vertex Tracker Integrated system of barrels and disks ~ 800k total channels.

MALCOLM FRANK - Cognizant Softvision · term “SMAC Stack,” now an industry standard. A highly sought-after speaker, Malcolm has presented at various conclaves, including the World

MALCOLM FRANK - Cognizant Softvision · term “SMAC Stack,” now an industry standard. A highly sought-after speaker, Malcolm has presented at various conclaves, including the World

Daily Showing Activity · 2021. 8. 2. · $250-299k. $300-399k. $400-499k. $500-599k. $600-799k. $800k-1m. $1m+

Daily Showing Activity · 2021. 8. 2. · $250-299k. $300-399k. $400-499k. $500-599k. $600-799k. $800k-1m. $1m+

X-ETD 482 024200K - GS 571 MO,OOOkm 800K EyF … 482 024200K - GS 571 MO,OOOkm 800K EyF-D747filJ— Bwetooth Efi22,800km ETC ECO-S 804 711 4WD 885 757 s 951 757 s 817 028F 4 508 668

X-ETD 482 024200K - GS 571 MO,OOOkm 800K EyF … 482 024200K - GS 571 MO,OOOkm 800K EyF-D747filJ— Bwetooth Efi22,800km ETC ECO-S 804 711 4WD 885 757 s 951 757 s 817 028F 4 508 668

A Start-up company to start your career · • Immediate sales: Amore Pacific –Market pull • ~800k € / yr • Government grants ~1M € • Fund raising 800k € • 20 employees

A Start-up company to start your career · • Immediate sales: Amore Pacific –Market pull • ~800k € / yr • Government grants ~1M € • Fund raising 800k € • 20 employees

600K HWO/SNUBBING UNITBALANCE POINT CONTROL BV Equipment Specification Sheet 600K HWO/SNUBBING UNIT Operational activities: • Removal and installation of all types of completion

600K HWO/SNUBBING UNITBALANCE POINT CONTROL BV Equipment Specification Sheet 600K HWO/SNUBBING UNIT Operational activities: • Removal and installation of all types of completion

Mail Today Conclaves

Mail Today Conclaves

Measurement and Analysis of Hajime: a Peer-to-peer IoT Botnet · 2019-03-04 · NATs undercount bots based on IPs. 0 100K 200K 300K 400K 500K 600K 700K 800K 900K 0 100K 200K 300K

Measurement and Analysis of Hajime: a Peer-to-peer IoT Botnet · 2019-03-04 · NATs undercount bots based on IPs. 0 100K 200K 300K 400K 500K 600K 700K 800K 900K 0 100K 200K 300K

...3D Printer Price Range $05k to $400k $32k to $800k $90k to 37.0k $50k to $1.8m $20k to $600k $200k to $5.Om $20k to $2.Om Gartner ... Note. 3DP = 3D printer; Graphs include only

...3D Printer Price Range $05k to $400k $32k to $800k $90k to 37.0k $50k to $1.8m $20k to $600k $200k to $5.Om $20k to $2.Om Gartner ... Note. 3DP = 3D printer; Graphs include only

Compatibility Bearing Lubrication...Quantity Initial Fill of Bearing - % Free Space 200K 400K 600K 800K 1M 1.2M 1.4M 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Speed factor mm x min-1

Compatibility Bearing Lubrication...Quantity Initial Fill of Bearing - % Free Space 200K 400K 600K 800K 1M 1.2M 1.4M 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Speed factor mm x min-1

BEACON REPORT NEW...$400 - $450K $450 - $500K $500 - $550K $550 - $600K $600 - $650K $650 - $700K $700 - $750K $750 - $800K $800 - $850K $850 - $900K $900 - $950K $950 - $1 Mill $1M-$1.2

BEACON REPORT NEW...$400 - $450K $450 - $500K $500 - $550K $550 - $600K $600 - $650K $650 - $700K $700 - $750K $750 - $800K $800 - $850K $850 - $900K $900 - $950K $950 - $1 Mill $1M-$1.2

Daily Showing Activity · 2021. 8. 23. · $250-299k. $300-399k. $400-499k. $500-599k. $600-799k. $800k-1m. $1m+

Daily Showing Activity · 2021. 8. 23. · $250-299k. $300-399k. $400-499k. $500-599k. $600-799k. $800k-1m. $1m+

Form N-600K, Application for Citizenship and Department of ...€¦ · Form N-600K (Rev. 12/23/16) N. Department of Homeland Security . U. S. Citizenship and Immigration Services.

Form N-600K, Application for Citizenship and Department of ...€¦ · Form N-600K (Rev. 12/23/16) N. Department of Homeland Security . U. S. Citizenship and Immigration Services.

Heidrick - Accelerating Performance Miami · 3/2/2016 1 Accelerating Performance 1 Change is happening fast… 0k 200k 400k 600k 800k 1963 1973 1983 1993 2003 2013 Applications Grants

Heidrick - Accelerating Performance Miami · 3/2/2016 1 Accelerating Performance 1 Change is happening fast… 0k 200k 400k 600k 800k 1963 1973 1983 1993 2003 2013 Applications Grants

THE INFLUENCE OF THE HYDROGEN IN THE ...air values of 400K, 600K, 800K, excess air 5 and primary air/secondary air ratio 0.2 . Represented points are in the upper side of combustion

THE INFLUENCE OF THE HYDROGEN IN THE ...air values of 400K, 600K, 800K, excess air 5 and primary air/secondary air ratio 0.2 . Represented points are in the upper side of combustion

Glen Valley Cemetery Association & $600k Liquid Assets

Glen Valley Cemetery Association & $600k Liquid Assets

Bpc 600k Hwo Snubbing Unit

Bpc 600k Hwo Snubbing Unit

An increasingly rare breed Conclaves...May 2013 Issue 227 Essential, Authoritative Analysis and Opinion for Board Directors, Senior Executives, Investment Professionals and Advisers

An increasingly rare breed Conclaves...May 2013 Issue 227 Essential, Authoritative Analysis and Opinion for Board Directors, Senior Executives, Investment Professionals and Advisers

conclaves - by UBI RSETI Dhalai Directors

conclaves - by UBI RSETI Dhalai Directors

GH 2 RF cavitiesIIT, Kaplan 600k ends 7/05 6D HCC Jlab, Derbenev 850k ends 7/06

GH 2 RF cavitiesIIT, Kaplan 600k ends 7/05 6D HCC Jlab, Derbenev 850k ends 7/06