Your search keyword '"D.4.6"' showing total 1,269 results

1. Microsegmented Cloud Network Architecture Using Open-Source Tools for a Zero Trust Foundation

Author

Arora, Sunil and Hastings, John

Subjects

Computer Science - Cryptography and Security, Computer Science - Distributed, Parallel, and Cluster Computing, Computer Science - Networking and Internet Architecture, Electrical Engineering and Systems Science - Systems and Control, K.6.5, D.4.6, C.2.1, C.2.3, C.2.4

Abstract

This paper presents a multi-cloud networking architecture built on zero trust principles and micro-segmentation to provide secure connectivity with authentication, authorization, and encryption in transit. The proposed design includes the multi-cloud network to support a wide range of applications and workload use cases, compute resources including containers, virtual machines, and cloud-native services, including IaaS (Infrastructure as a Service (IaaS), PaaS (Platform as a service). Furthermore, open-source tools provide flexibility, agility, and independence from locking to one vendor technology. The paper provides a secure architecture with micro-segmentation and follows zero trust principles to solve multi-fold security and operational challenges., Comment: 8 pages, 6 figures

Published

2024

2. $\mathsf{OPA}$: One-shot Private Aggregation with Single Client Interaction and its Applications to Federated Learning

Author

Karthikeyan, Harish and Polychroniadou, Antigoni

Subjects

Computer Science - Cryptography and Security, Computer Science - Artificial Intelligence, Computer Science - Machine Learning, D.4.6, I.2.11, E.3, K.4.1, I.2

Abstract

Our work aims to minimize interaction in secure computation due to the high cost and challenges associated with communication rounds, particularly in scenarios with many clients. In this work, we revisit the problem of secure aggregation in the single-server setting where a single evaluation server can securely aggregate client-held individual inputs. Our key contribution is the introduction of One-shot Private Aggregation ($\mathsf{OPA}$) where clients speak only once (or even choose not to speak) per aggregation evaluation. Since each client communicates only once per aggregation, this simplifies managing dropouts and dynamic participation, contrasting with multi-round protocols and aligning with plaintext secure aggregation, where clients interact only once. We construct $\mathsf{OPA}$ based on LWR, LWE, class groups, DCR and demonstrate applications to privacy-preserving Federated Learning (FL) where clients \emph{speak once}. This is a sharp departure from prior multi-round FL protocols whose study was initiated by Bonawitz et al. (CCS, 2017). Moreover, unlike the YOSO (You Only Speak Once) model for general secure computation, $\mathsf{OPA}$ eliminates complex committee selection protocols to achieve adaptive security. Beyond asymptotic improvements, $\mathsf{OPA}$ is practical, outperforming state-of-the-art solutions. We benchmark logistic regression classifiers for two datasets, while also building an MLP classifier to train on MNIST, CIFAR-10, and CIFAR-100 datasets. We build two flavors of $\caps$ (1) from (threshold) key homomorphic PRF and (2) from seed homomorphic PRG and secret sharing., Comment: To appear at the NeurIPS 2024 FL@FM workshop

Published

2024

3. IDEAW: Robust Neural Audio Watermarking with Invertible Dual-Embedding

Author

Li, Pengcheng, Zhang, Xulong, Xiao, Jing, and Wang, Jianzong

Subjects

Computer Science - Multimedia, Computer Science - Cryptography and Security, Computer Science - Sound, Electrical Engineering and Systems Science - Audio and Speech Processing, K.6.5, D.4.6

Abstract

The audio watermarking technique embeds messages into audio and accurately extracts messages from the watermarked audio. Traditional methods develop algorithms based on expert experience to embed watermarks into the time-domain or transform-domain of signals. With the development of deep neural networks, deep learning-based neural audio watermarking has emerged. Compared to traditional algorithms, neural audio watermarking achieves better robustness by considering various attacks during training. However, current neural watermarking methods suffer from low capacity and unsatisfactory imperceptibility. Additionally, the issue of watermark locating, which is extremely important and even more pronounced in neural audio watermarking, has not been adequately studied. In this paper, we design a dual-embedding watermarking model for efficient locating. We also consider the impact of the attack layer on the invertible neural network in robustness training, improving the model to enhance both its reasonableness and stability. Experiments show that the proposed model, IDEAW, can withstand various attacks with higher capacity and more efficient locating ability compared to existing methods., Comment: Accepted by the 2024 Conference on Empirical Methods in Natural Language Processing (EMNLP 2024)

Published

2024

4. Comparing Unidirectional, Bidirectional, and Word2vec Models for Discovering Vulnerabilities in Compiled Lifted Code

Author

McCully, Gary A., Hastings, John D., Xu, Shengjie, and Fortier, Adam

Subjects

Computer Science - Cryptography and Security, Computer Science - Computation and Language, Computer Science - Machine Learning, Computer Science - Software Engineering, D.4.6, I.2.6, I.5.1

Abstract

Ransomware and other forms of malware cause significant financial and operational damage to organizations by exploiting long-standing and often difficult-to-detect software vulnerabilities. To detect vulnerabilities such as buffer overflows in compiled code, this research investigates the application of unidirectional transformer-based embeddings, specifically GPT-2. Using a dataset of LLVM functions, we trained a GPT-2 model to generate embeddings, which were subsequently used to build LSTM neural networks to differentiate between vulnerable and non-vulnerable code. Our study reveals that embeddings from the GPT-2 model significantly outperform those from bidirectional models of BERT and RoBERTa, achieving an accuracy of 92.5% and an F1-score of 89.7%. LSTM neural networks were developed with both frozen and unfrozen embedding model layers. The model with the highest performance was achieved when the embedding layers were unfrozen. Further, the research finds that, in exploring the impact of different optimizers within this domain, the SGD optimizer demonstrates superior performance over Adam. Overall, these findings reveal important insights into the potential of unidirectional transformer-based approaches in enhancing cybersecurity defenses., Comment: 6 pages, 2 figures

Published

2024

5. Using Synthetic Data to Mitigate Unfairness and Preserve Privacy through Single-Shot Federated Learning

Author

Wu, Chia-Yuan, Curtis, Frank E., and Robinson, Daniel P.

Subjects

Computer Science - Machine Learning, Computer Science - Computers and Society, Mathematics - Optimization and Control, G.1.6, I.2.6, C.2.4, K.4.1, D.4.6

Abstract

To address unfairness issues in federated learning (FL), contemporary approaches typically use frequent model parameter updates and transmissions between the clients and server. In such a process, client-specific information (e.g., local dataset size or data-related fairness metrics) must be sent to the server to compute, e.g., aggregation weights. All of this results in high transmission costs and the potential leakage of client information. As an alternative, we propose a strategy that promotes fair predictions across clients without the need to pass information between the clients and server iteratively and prevents client data leakage. For each client, we first use their local dataset to obtain a synthetic dataset by solving a bilevel optimization problem that addresses unfairness concerns during the learning process. We then pass each client's synthetic dataset to the server, the collection of which is used to train the server model using conventional machine learning techniques (that do not take fairness metrics into account). Thus, we eliminate the need to handle fairness-specific aggregation weights while preserving client privacy. Our approach requires only a single communication between the clients and the server, thus making it computationally cost-effective, able to maintain privacy, and able to ensuring fairness. We present empirical evidence to demonstrate the advantages of our approach. The results illustrate that our method effectively uses synthetic data as a means to mitigate unfairness and preserve client privacy.

Published

2024

6. LLM Honeypot: Leveraging Large Language Models as Advanced Interactive Honeypot Systems

Author

Otal, Hakan T. and Canbaz, M. Abdullah

Subjects

Computer Science - Cryptography and Security, Computer Science - Artificial Intelligence, Computer Science - Computation and Language, Computer Science - Machine Learning, Computer Science - Networking and Internet Architecture, 68T50, 68M10, I.2.7, D.4.6, K.6.5

Abstract

The rapid evolution of cyber threats necessitates innovative solutions for detecting and analyzing malicious activity. Honeypots, which are decoy systems designed to lure and interact with attackers, have emerged as a critical component in cybersecurity. In this paper, we present a novel approach to creating realistic and interactive honeypot systems using Large Language Models (LLMs). By fine-tuning a pre-trained open-source language model on a diverse dataset of attacker-generated commands and responses, we developed a honeypot capable of sophisticated engagement with attackers. Our methodology involved several key steps: data collection and processing, prompt engineering, model selection, and supervised fine-tuning to optimize the model's performance. Evaluation through similarity metrics and live deployment demonstrated that our approach effectively generates accurate and informative responses. The results highlight the potential of LLMs to revolutionize honeypot technology, providing cybersecurity professionals with a powerful tool to detect and analyze malicious activity, thereby enhancing overall security infrastructure., Comment: 6 pages, 5 figures

Published

2024

7. Protecting Onion Service Users Against Phishing

Author

Güldenring, Benjamin and Roth, Volker

Subjects

Computer Science - Cryptography and Security, Computer Science - Human-Computer Interaction, D.4.6, K.6.5, E.3, E.4

Abstract

Phishing websites are a common phenomenon among Tor onion services, and phishers exploit that it is tremendously difficult to distinguish phishing from authentic onion domain names. Operators of onion services devised several strategies to protect their users against phishing. But as we show in this work, none protect users against phishing without producing traces about visited services - something that particularly vulnerable users might want to avoid. In search of a solution we review prior research addressing this problem, and find that only two known approaches, hash visualization and PAKE, are capable of solving this problem. Hash visualization requires users to recognize large hash values. In order to make hash visualization more practical we design a novel mechanism called recognizer, which substantially reduces the amount of information that users must recognize. We analyze the security and privacy properties of our system formally, and report on our prototype implementation as a browser extension for the Tor web browser., Comment: 17 pages, 3 figures

Published

2024

8. Minimizing the Number of Roles in Bottom-Up Role-Mining using Maximal Biclique Enumeration

Author

Tripunitara, Mahesh

Subjects

Computer Science - Cryptography and Security, Computer Science - Data Structures and Algorithms, 68M25, D.4.6, K.6.5, F.2

Abstract

Bottom-up role-mining is the determination of a set of roles given as input a set of users and the permissions those users possess. It is well-established in the research literature, and in practice, as an important problem in information security. A natural objective that has been explored in prior work is for the set of roles to be of minimum size. We address this problem for practical inputs while reconciling foundations, specifically, that the problem is \cnph. We first observe that an approach from prior work that exploits a sufficient condition for an efficient algorithm, while a useful first step, does not scale to more recently proposed benchmark inputs. We propose a new technique: the enumeration of maximal bicliques. We point out that the number of maximal bicliques provides a natural measure of the hardness of an input. We leverage the enumeration of maximal bicliques in two different ways. Our first approach addresses more than half the benchmark inputs to yield exact results. The other approach is needed for hard instances; in it, we identify and adopt as roles those that correspond to large maximal bicliques. We have implemented all our algorithms and carried out an extensive empirical assessment, which suggests that our approaches are promising. Our code is available publicly as open-source., Comment: 23 pages, 7 figures, 9 tables

Published

2024

9. SETC: A Vulnerability Telemetry Collection Framework

Author

Holeman, Ryan, Hastings, John, and Vaidyan, Varghese Mathew

Subjects

Computer Science - Cryptography and Security, D.4.6

Abstract

As emerging software vulnerabilities continuously threaten enterprises and Internet services, there is a critical need for improved security research capabilities. This paper introduces the Security Exploit Telemetry Collection (SETC) framework - an automated framework to generate reproducible vulnerability exploit data at scale for robust defensive security research. SETC deploys configurable environments to execute and record rich telemetry of vulnerability exploits within isolated containers. Exploits, vulnerable services, monitoring tools, and logging pipelines are defined via modular JSON configurations and deployed on demand. Compared to current manual processes, SETC enables automated, customizable, and repeatable vulnerability testing to produce diverse security telemetry. This research enables scalable exploit data generation to drive innovations in threat modeling, detection methods, analysis techniques, and remediation strategies. The capabilities of the framework are demonstrated through an example scenario. By addressing key barriers in security data generation, SETC represents a valuable platform to support impactful vulnerability and defensive security research., Comment: 7 pages, 2 figures

Published

2024

10. A Survey of Unikernel Security: Insights and Trends from a Quantitative Analysis

Author

Wollman, Alex and Hastings, John

Subjects

Computer Science - Cryptography and Security, Computer Science - Distributed, Parallel, and Cluster Computing, Computer Science - Operating Systems, C.2.4, K.6.5, D.4.6

Abstract

Unikernels, an evolution of LibOSs, are emerging as a virtualization technology to rival those currently used by cloud providers. Unikernels combine the user and kernel space into one "uni"fied memory space and omit functionality that is not necessary for its application to run, thus drastically reducing the required resources. The removed functionality however is far-reaching and includes components that have become common security technologies such as Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP), and Non-executable bits (NX bits). This raises questions about the real-world security of unikernels. This research presents a quantitative methodology using TF-IDF to analyze the focus of security discussions within unikernel research literature. Based on a corpus of 33 unikernel-related papers spanning 2013-2023, our analysis found that Memory Protection Extensions and Data Execution Prevention were the least frequently occurring topics, while SGX was the most frequent topic. The findings quantify priorities and assumptions in unikernel security research, bringing to light potential risks from underexplored attack surfaces. The quantitative approach is broadly applicable for revealing trends and gaps in niche security domains., Comment: 8 pages, 3 figures, 7 tables

Published

2024

11. Bi-Directional Transformers vs. word2vec: Discovering Vulnerabilities in Lifted Compiled Code

Author

McCully, Gary A., Hastings, John D., Xu, Shengjie, and Fortier, Adam

Subjects

Computer Science - Cryptography and Security, Computer Science - Computation and Language, Computer Science - Machine Learning, Computer Science - Software Engineering, D.4.6, I.2.6, I.5.1

Abstract

Detecting vulnerabilities within compiled binaries is challenging due to lost high-level code structures and other factors such as architectural dependencies, compilers, and optimization options. To address these obstacles, this research explores vulnerability detection using natural language processing (NLP) embedding techniques with word2vec, BERT, and RoBERTa to learn semantics from intermediate representation (LLVM IR) code. Long short-term memory (LSTM) neural networks were trained on embeddings from encoders created using approximately 48k LLVM functions from the Juliet dataset. This study is pioneering in its comparison of word2vec models with multiple bidirectional transformers (BERT, RoBERTa) embeddings built using LLVM code to train neural networks to detect vulnerabilities in compiled binaries. Word2vec Skip-Gram models achieved 92% validation accuracy in detecting vulnerabilities, outperforming word2vec Continuous Bag of Words (CBOW), BERT, and RoBERTa. This suggests that complex contextual embeddings may not provide advantages over simpler word2vec models for this task when a limited number (e.g. 48K) of data samples are used to train the bidirectional transformer-based models. The comparative results provide novel insights into selecting optimal embeddings for learning compiler-independent semantic code representations to advance machine learning detection of vulnerabilities in compiled binaries., Comment: Updated with improvements

Published

2024

12. Confronting the Reproducibility Crisis: A Case Study of Challenges in Cybersecurity AI

Author

Moulton, Richard H., McCully, Gary A., and Hastings, John D.

Subjects

Computer Science - Machine Learning, Computer Science - Artificial Intelligence, Computer Science - Cryptography and Security, I.2.0, D.4.6, K.6.5, I.5.1

Abstract

In the rapidly evolving field of cybersecurity, ensuring the reproducibility of AI-driven research is critical to maintaining the reliability and integrity of security systems. This paper addresses the reproducibility crisis within the domain of adversarial robustness -- a key area in AI-based cybersecurity that focuses on defending deep neural networks against malicious perturbations. Through a detailed case study, we attempt to validate results from prior work on certified robustness using the VeriGauge toolkit, revealing significant challenges due to software and hardware incompatibilities, version conflicts, and obsolescence. Our findings underscore the urgent need for standardized methodologies, containerization, and comprehensive documentation to ensure the reproducibility of AI models deployed in critical cybersecurity applications. By tackling these reproducibility challenges, we aim to contribute to the broader discourse on securing AI systems against advanced persistent threats, enhancing network and IoT security, and protecting critical infrastructure. This work advocates for a concerted effort within the research community to prioritize reproducibility, thereby strengthening the foundation upon which future cybersecurity advancements are built., Comment: 8 pages, 0 figures, 2 tables, updated to incorporate feedback and improvements

Published

2024

13. VeriFence: Lightweight and Precise Spectre Defenses for Untrusted Linux Kernel Extensions

Author

Gerhorst, Luis, Herzog, Henriette, Wägemann, Peter, Ott, Maximilian, Kapitza, Rüdiger, and Hönig, Timo

Subjects

Computer Science - Cryptography and Security, Computer Science - Operating Systems, 68M25, D.4.6

Abstract

High-performance IO demands low-overhead communication between user- and kernel space. This demand can no longer be fulfilled by traditional system calls. Linux's extended Berkeley Packet Filter (BPF) avoids user-/kernel transitions by just-in-time compiling user-provided bytecode and executing it in kernel mode with near-native speed. To still isolate BPF programs from the kernel, they are statically analyzed for memory- and type-safety, which imposes some restrictions but allows for good expressiveness and high performance. However, to mitigate the Spectre vulnerabilities disclosed in 2018, defenses which reject potentially-dangerous programs had to be deployed. We find that this affects 31% to 54% of programs in a dataset with 844 real-world BPF programs from popular open-source projects. To solve this, users are forced to disable the defenses to continue using the programs, which puts the entire system at risk. To enable secure and expressive untrusted Linux kernel extensions, we propose VeriFence, an enhancement to the kernel's Spectre defenses that reduces the number of BPF application programs rejected from 54% to zero. We measure VeriFence's overhead for all mainstream performance-sensitive applications of BPF (i.e., event tracing, profiling, and packet processing) and find that it improves significantly upon the status-quo where affected BPF programs are either unusable or enable transient execution attacks on the kernel., Comment: RAID'24

Published

2024

14. Multicore DRAM Bank-& Row-Conflict Bomb for Timing Attacks in Mixed-Criticality Systems

Author

Savino, Antonio, Gala, Gautam, Cinque, Marcello, and Fohler, Gerhard

Subjects

Computer Science - Cryptography and Security, 68M25, 68M15, C.3, B.3.3, D.4.6

Abstract

With the increasing use of multicore platforms to realize mixed-criticality systems, understanding the underlying shared resources, such as the memory hierarchy shared among cores, and achieving isolation between co-executing tasks running on the same platform with different criticality levels becomes relevant. In addition to safety considerations, a malicious entity can exploit shared resources to create timing attacks on critical applications. In this paper, we focus on understanding the shared DRAM dual in-line memory module and created a timing attack, that we named the "bank & row conflict bomb", to target a victim task in a multicore platform. We also created a "navigate" algorithm to understand how victim requests are managed by the Memory Controller and provide valuable inputs for designing the bank & row conflict bomb. We performed experimental tests on a 2nd Gen Intel Xeon Processor with an 8GB DDR4-2666 DRAM module to show that such an attack can produce a significant increase in the execution time of the victim task by about 150%, motivating the need for proper countermeasures to help ensure the safety and security of critical applications., Comment: To appear in the proceedings of the 27th IEEE international Symposium on Real-time Distributed Computing (ISORC)

Published

2024

15. DevPhish: Exploring Social Engineering in Software Supply Chain Attacks on Developers

Author

Siadati, Hossein, Jafarikhah, Sima, Sahin, Elif, Hernandez, Terrence Brent, Tripp, Elijah Lorenzo, Khryashchev, Denis, and Kharraz, Amin

Subjects

Computer Science - Software Engineering, Computer Science - Cryptography and Security, computer security, phishing, software supply chain, D.4.6, E.3

Abstract

The Software Supply Chain (SSC) has captured considerable attention from attackers seeking to infiltrate systems and undermine organizations. There is evidence indicating that adversaries utilize Social Engineering (SocE) techniques specifically aimed at software developers. That is, they interact with developers at critical steps in the Software Development Life Cycle (SDLC), such as accessing Github repositories, incorporating code dependencies, and obtaining approval for Pull Requests (PR) to introduce malicious code. This paper aims to comprehensively explore the existing and emerging SocE tactics employed by adversaries to trick Software Engineers (SWEs) into delivering malicious software. By analyzing a diverse range of resources, which encompass established academic literature and real-world incidents, the paper systematically presents an overview of these manipulative strategies within the realm of the SSC. Such insights prove highly beneficial for threat modeling and security gap analysis., Comment: 7 pages, 2 figures

Published

2024

16. CovRL: Fuzzing JavaScript Engines with Coverage-Guided Reinforcement Learning for LLM-based Mutation

Author

Eom, Jueon, Jeong, Seyeon, and Kwon, Taekyoung

Subjects

Computer Science - Cryptography and Security, Computer Science - Computation and Language, Computer Science - Machine Learning, Computer Science - Software Engineering, D.4.6, I.2.5, D.2.4

Abstract

Fuzzing is an effective bug-finding technique but it struggles with complex systems like JavaScript engines that demand precise grammatical input. Recently, researchers have adopted language models for context-aware mutation in fuzzing to address this problem. However, existing techniques are limited in utilizing coverage guidance for fuzzing, which is rather performed in a black-box manner. This paper presents a novel technique called CovRL (Coverage-guided Reinforcement Learning) that combines Large Language Models (LLMs) with reinforcement learning from coverage feedback. Our fuzzer, CovRL-Fuzz, integrates coverage feedback directly into the LLM by leveraging the Term Frequency-Inverse Document Frequency (TF-IDF) method to construct a weighted coverage map. This map is key in calculating the fuzzing reward, which is then applied to the LLM-based mutator through reinforcement learning. CovRL-Fuzz, through this approach, enables the generation of test cases that are more likely to discover new coverage areas, thus improving vulnerability detection while minimizing syntax and semantic errors, all without needing extra post-processing. Our evaluation results indicate that CovRL-Fuzz outperforms the state-of-the-art fuzzers in terms of code coverage and bug-finding capabilities: CovRL-Fuzz identified 48 real-world security-related bugs in the latest JavaScript engines, including 39 previously unknown vulnerabilities and 11 CVEs., Comment: 14 pages, 4 figures, 9 tables, 2 listings

Published

2024

17. Topology-Based Reconstruction Prevention for Decentralised Learning

Author

Dekker, Florine W., Erkin, Zekeriya, and Conti, Mauro

Subjects

Computer Science - Cryptography and Security, Computer Science - Distributed, Parallel, and Cluster Computing, Computer Science - Discrete Mathematics, Computer Science - Machine Learning, C.2.4, D.4.6, G.2.2

Abstract

Decentralised learning has recently gained traction as an alternative to federated learning in which both data and coordination are distributed over its users. To preserve data confidentiality, decentralised learning relies on differential privacy, multi-party computation, or a combination thereof. However, running multiple privacy-preserving summations in sequence may allow adversaries to perform reconstruction attacks. Unfortunately, current reconstruction countermeasures either cannot trivially be adapted to the distributed setting, or add excessive amounts of noise. In this work, we first show that passive honest-but-curious adversaries can infer other users' private data after several privacy-preserving summations. For example, in subgraphs with 18 users, we show that only three passive honest-but-curious adversaries succeed at reconstructing private data 11.0% of the time, requiring an average of 8.8 summations per adversary. The success rate depends only on the adversaries' direct neighbourhood, independent of the size of the full network. We consider weak adversaries, who do not control the graph topology and can exploit neither the inner workings of the summation protocol nor the specifics of users' data. We develop a mathematical understanding of how reconstruction relates to topology and propose the first topology-based decentralised defence against reconstruction attacks. Specifically, we show that reconstruction requires a number of adversaries linear in the length of the network's shortest cycle. Consequently, reconstructing private data from privacy-preserving summations is impossible in acyclic networks. Our work is a stepping stone for a formal theory of topology-based reconstruction defences. Such a theory would generalise our countermeasure beyond summation, define confidentiality in terms of entropy, and describe the effects of differential privacy., Comment: 13 pages, 8 figures, submitted to PETS 2024, for associated experiment source code see doi:10.4121/21572601

Published

2023

18. Automated SELinux RBAC Policy Verification Using SMT

Author

Pahuja, Divyam, Tang, Alvin, and Tsoutsman, Klim

Subjects

Computer Science - Cryptography and Security, Computer Science - Logic in Computer Science, F.4.1, D.4.6

Abstract

Security-Enhanced Linux (SELinux) is a Linux kernel module that allows for a role-based access control (RBAC) mechanism. It provides a fine-grained security framework enabling system administrators to define security policies at the system and application level. Whilst SELinux offers robust security features through a customisable, powerful RBAC model, its manual policy management is prone to error, leaving the system vulnerable to accidental misconfigurations or loopholes. We present a tool to automate the conversion of SELinux policies into satisfiability modulo theories (SMT), enabling the verification of the intended security configurations using automated theorem proving. Our tool is capable of flagging common policy misconfigurations by asserting consistency between supplied RBAC policies and the intended specification by the user in SMT. RBAC policies are inherently complicated to verify entirely. We envision that the automated tool presented here can be further extended to identify an even broader range of policy misconfigurations, relieving the burden of managing convoluted policies on system administrators., Comment: 10 pages (excluding appendices), 2 figures, 3 appendices

Published

2023

19. Protecting Sensitive Tabular Data in Hybrid Clouds

Author

Anderson, Maya, Gershinsky, Gidon, Salant, Eliot, and Garcia, Salvador

Subjects

Computer Science - Cryptography and Security, D.4.6, K.6.5, J.3

Abstract

Regulated industries, such as Healthcare and Finance, are starting to move parts of their data and workloads to the public cloud. However, they are still reluctant to trust the public cloud with their most sensitive records, and hence leave them in their premises, leveraging the hybrid cloud architecture. We address the security and performance challenges of big data analytics using a hybrid cloud in a real-life use case from a hospital. In this use case, the hospital collects sensitive patient data and wants to run analytics on it in order to lower antibiotics resistance, a significant challenge in healthcare. We show that it is possible to run large-scale analytics on data that is securely stored in the public cloud encrypted using Apache Parquet Modular Encryption (PME), without significant performance losses even if the secret encryption keys are stored on-premises. PME is a standard mechanism for data encryption and key management, not specific to any public cloud, and therefore helps prevent vendor lock-in. It also provides privacy and integrity guarantees, and enables granular access control to the data. We also present an innovation in PME for lowering the performance hit incurred by calls to the Key Management Service. Our solution therefore enables protecting large amounts of sensitive data in hybrid clouds and still allows to efficiently gain valuable insights from it., Comment: 5 pages, 3 figures

Published

2023

20. DeFi Security: Turning The Weakest Link Into The Strongest Attraction

Author

Kashyap, Ravi

Subjects

Computer Science - Cryptography and Security, Computer Science - Computational Engineering, Finance, and Science, Computer Science - Computers and Society, Quantitative Finance - Portfolio Management, Quantitative Finance - Risk Management, 94A62, 93A14, 94A60, 91G45, 97U70, K.6.5, D.4.6, D.2.11, B.8.2, I.2.8, H.1.1

Abstract

The primary innovation we pioneer -- focused on blockchain information security -- is called the Safe-House. The Safe-House is badly needed since there are many ongoing hacks and security concerns in the DeFi space right now. The Safe-House is a piece of engineering sophistication that utilizes existing blockchain principles to bring about greater security when customer assets are moved around. The Safe-House logic is easily implemented as smart contracts on any decentralized system. The amount of funds at risk from both internal and external parties -- and hence the maximum one time loss -- is guaranteed to stay within the specified limits based on cryptographic fundamentals. To improve the safety of the Safe-House even further, we adapt the one time password (OPT) concept to operate using blockchain technology. Well suited to blockchain cryptographic nuances, our secondary advancement can be termed the one time next time password (OTNTP) mechanism. The OTNTP is designed to complement the Safe-House making it even more safe. We provide a detailed threat assessment model -- discussing the risks faced by DeFi protocols and the specific risks that apply to blockchain fund management -- and give technical arguments regarding how these threats can be overcome in a robust manner. We discuss how the Safe-House can participate with other external yield generation protocols in a secure way. We provide reasons for why the Safe-House increases safety without sacrificing the efficiency of operation. We start with a high level intuitive description of the landscape, the corresponding problems and our solutions. We then supplement this overview with detailed discussions including the corresponding mathematical formulations and pointers for technological implementation. This approach ensures that the article is accessible to a broad audience.

Published

2023

21. Configuring Timing Parameters to Ensure Execution-Time Opacity in Timed Automata

Author

André, Étienne, Lefaucheux, Engel, Lime, Didier, Marinho, Dylan, and Sun, Jun

Subjects

Computer Science - Logic in Computer Science, Computer Science - Cryptography and Security, Computer Science - Software Engineering, F.1.1, F.4.1, D.4.6

Abstract

Timing information leakage occurs whenever an attacker successfully deduces confidential internal information by observing some timed information such as events with timestamps. Timed automata are an extension of finite-state automata with a set of clocks evolving linearly and that can be tested or reset, making this formalism able to reason on systems involving concurrency and timing constraints. In this paper, we summarize a recent line of works using timed automata as the input formalism, in which we assume that the attacker has access (only) to the system execution time. First, we address the following execution-time opacity problem: given a timed system modeled by a timed automaton, given a secret location and a final location, synthesize the execution times from the initial location to the final location for which one cannot deduce whether the secret location was visited. This means that for any such execution time, the system is opaque: either the final location is not reachable, or it is reachable with that execution time for both a run visiting and a run not visiting the secret location. We also address the full execution-time opacity problem, asking whether the system is opaque for all execution times; we also study a weak counterpart. Second, we add timing parameters, which are a way to configure a system: we identify a subclass of parametric timed automata with some decidability results. In addition, we devise a semi-algorithm for synthesizing timing parameter valuations guaranteeing that the resulting system is opaque. Third, we report on problems when the secret has itself an expiration date, thus defining expiring execution-time opacity problems. We finally show that our method can also apply to program analysis with configurable internal timings., Comment: In Proceedings TiCSA 2023, arXiv:2310.18720. This invited paper mainly summarizes results on opacity from two recent works published in ToSEM (2022) and at ICECCS 2023, providing unified notations and concept names for the sake of consistency. In addition, we prove a few original results absent from these works

Published

2023

22. RIPencapsulation: Defeating IP Encapsulation on TI MSP Devices

Author

Sah, Prakhar and Hicks, Matthew

Subjects

Computer Science - Cryptography and Security, D.4.6

Abstract

Internet of Things (IoT) devices sit at the intersection of unwieldy software complexity and unprecedented attacker access. This unique position comes with a daunting security challenge: how can I protect both proprietary code and confidential data on a device that the attacker has unfettered access to? Trusted Execution Environments (TEEs) promise to solve this challenge through hardware-based separation of trusted and untrusted computation and data. While TEEs do an adequate job of protecting secrets on desktop-class devices, we reveal that trade-offs made in one of the most widely-used commercial IoT devices undermine their TEE's security. This paper uncovers two fundamental weaknesses in IP Encapsulation (IPE), the TEE deployed by Texas Instruments for MSP430 and MSP432 devices. We observe that lack of call site enforcement and residual state after unexpected TEE exits enable an attacker to reveal all proprietary code and secret data within the IPE. We design and implement an attack called RIPencapsulation, which systematically executes portions of code within the IPE and uses the partial state revealed through the register file to exfiltrate secret data and to identify gadget instructions. The attack then uses gadget instructions to reveal all proprietary code within the IPE. Our evaluation with commodity devices and a production compiler and settings shows that -- even after following all manufacturer-recommended secure coding practices -- RIPencapsultaion reveals, within minutes, both the code and keys from third-party cryptographic implementations protected by the IPE., Comment: 13 pages, 3 figures, 6 tables

Published

2023

23. Proving the Absence of Microarchitectural Timing Channels

Author

Buckley, Scott, Sison, Robert, Wistoff, Nils, Millar, Curtis, Murray, Toby, Klein, Gerwin, and Heiser, Gernot

Subjects

Computer Science - Operating Systems, Computer Science - Cryptography and Security, Computer Science - Logic in Computer Science, D.4.6, D.2.4, F.3.1

Abstract

Microarchitectural timing channels are a major threat to computer security. A set of OS mechanisms called time protection was recently proposed as a principled way of preventing information leakage through such channels and prototyped in the seL4 microkernel. We formalise time protection and the underlying hardware mechanisms in a way that allows linking them to the information-flow proofs that showed the absence of storage channels in seL4., Comment: Scott Buckley and Robert Sison were joint lead authors

Published

2023

24. ZTD$_{JAVA}$: Mitigating Software Supply Chain Vulnerabilities via Zero-Trust Dependencies

Author

Amusuo, Paschal C., Robinson, Kyle A., Singla, Tanmay, Peng, Huiyun, Machiry, Aravind, Torres-Arias, Santiago, Simon, Laurent, and Davis, James C.

Subjects

Computer Science - Cryptography and Security, Computer Science - Software Engineering, K.6.5, D.4.6

Abstract

Third-party software components like Log4J accelerate software application development but introduce substantial risk. These components have led to many software supply chain attacks. These attacks succeed because third-party software components are implicitly trusted in an application. Although several security defenses exist to reduce the risks from third-party software components, none of them fulfills the full set of requirements needed to defend against common attacks. No individual solution prevents malicious access to operating system resources, is dependency-aware, and enables the discovery of least privileges, all with low runtime costs. Consequently, they cannot prevent software supply chain attacks. This paper proposes applying the NIST Zero Trust Architecture to software applications. Our Zero Trust Dependencies concept applies the NIST ZTA principles to an application's dependencies. First, we assess the expected effectiveness and feasibility of Zero Trust Dependencies using a study of third-party software components and their vulnerabilities. Then, we present a system design, ZTDSYS, that enables the application of Zero Trust Dependencies to software applications and a prototype, ZTDJAVA, for Java applications. Finally, with evaluations on recreated vulnerabilities and realistic applications, we show that ZTDJAVA can defend against prevalent vulnerability classes, introduces negligible cost, and is easy to configure and use., Comment: 15 pages, 5 figures, 5 tables

Published

2023

25. Security Properties through the Lens of Modal Logic

Author

Soloviev, Matvey, Balliu, Musard, and Guanciale, Roberto

Subjects

Computer Science - Cryptography and Security, Computer Science - Logic in Computer Science, Computer Science - Multiagent Systems, 68Q60, D.4.6, I.2.4

Abstract

We introduce a framework for reasoning about the security of computer systems using modal logic. This framework is sufficiently expressive to capture a variety of known security properties, while also being intuitive and independent of syntactic details and enforcement mechanisms. We show how to use our formalism to represent various progress- and termination-(in)sensitive variants of confidentiality, integrity, robust declassification and transparent endorsement, and prove equivalence to standard definitions. The intuitive nature and closeness to semantic reality of our approach allows us to make explicit several hidden assumptions of these definitions, and identify potential issues and subtleties with them, while also holding the promise of formulating cleaner versions and future extension to entirely novel properties., Comment: 19 pages, including references and appendix. Extended version of paper accepted to CSF 2024

Published

2023

26. OSmosis: No more D\'ej\`a vu in OS isolation

Author

Agrawal, Sidhartha, Achermann, Reto, and Seltzer, Margo

Subjects

Computer Science - Cryptography and Security, Computer Science - Operating Systems, D.4.6, D.4.7

Abstract

Operating systems provide an abstraction layer between the hardware and higher-level software. Many abstractions, such as threads, processes, containers, and virtual machines, are mechanisms to provide isolation. New application scenarios frequently introduce new isolation mechanisms. Implementing each isolation mechanism as an independent abstraction makes it difficult to reason about the state and resources shared among different tasks, leading to security vulnerabilities and performance interference. We present OSmosis, an isolation model that expresses the precise level of resource sharing, a framework in which to implement isolation mechanisms based on the model, and an implementation of the framework on seL4. The OSmosis model lets the user determine the degree of isolation guarantee that they need from the system. This determination empowers developers to make informed decisions about isolation and performance trade-offs, and the framework enables them to create mechanisms with the desired degree of isolation., Comment: 6 pages, 1 figure

Published

2023

27. Penetrating Shields: A Systematic Analysis of Memory Corruption Mitigations in the Spectre Era

Author

Na, Weon Taek, Emer, Joel S., and Yan, Mengjia

Subjects

Computer Science - Cryptography and Security, Computer Science - Hardware Architecture, K.6.5, D.4.6, C.2.0

Abstract

This paper provides the first systematic analysis of a synergistic threat model encompassing memory corruption vulnerabilities and microarchitectural side-channel vulnerabilities. We study speculative shield bypass attacks that leverage speculative execution attacks to leak secrets that are critical to the security of memory corruption mitigations (i.e., the shields), and then use the leaked secrets to bypass the mitigation mechanisms and successfully conduct memory corruption exploits, such as control-flow hijacking. We start by systematizing a taxonomy of the state-of-the-art memory corruption mitigations focusing on hardware-software co-design solutions. The taxonomy helps us to identify 10 likely vulnerable defense schemes out of 20 schemes that we analyze. Next, we develop a graph-based model to analyze the 10 likely vulnerable defenses and reason about possible countermeasures. Finally, we present three proof-of-concept attacks targeting an already-deployed mitigation mechanism and two state-of-the-art academic proposals., Comment: 14 pages

Published

2023

28. Implementation of Formal Semantics and the Potential of Non-Classical Logic Systems for the Enhancement of Access Control Models: A Literature Review

Author

Tang, Alvin

Subjects

Computer Science - Logic in Computer Science, Computer Science - Cryptography and Security, F.4.1, D.4.6

Abstract

This literature review discovers an implementation of formal logic systems in cyber security by enhancing access control models. We explore the characteristics of the existing access control theories, their limitations and how classical logic is used therein. We then delve into the possibility of utilising non-classical logic systems for improving the models. In particular, we explore how classical logic can be used to describe and prove the correctness of role-based access control and attribute-based access control models., Comment: 10 pages

Published

2023

29. SoK: The Ghost Trilemma

Author

Mukherjee, Sulagna, Ravi, Srivatsan, Schmitt, Paul, and Raghavan, Barath

Subjects

Computer Science - Cryptography and Security, Computer Science - Computers and Society, D.4.6, H.5, K.4

Abstract

Trolls, bots, and sybils distort online discourse and compromise the security of networked platforms. User identity is central to the vectors of attack and manipulation employed in these contexts. However it has long seemed that, try as it might, the security community has been unable to stem the rising tide of such problems. We posit the Ghost Trilemma, that there are three key properties of identity -- sentience, location, and uniqueness -- that cannot be simultaneously verified in a fully-decentralized setting. Many fully-decentralized systems -- whether for communication or social coordination -- grapple with this trilemma in some way, perhaps unknowingly. In this Systematization of Knowledge (SoK) paper, we examine the design space, use cases, problems with prior approaches, and possible paths forward. We sketch a proof of this trilemma and outline options for practical, incrementally deployable schemes to achieve an acceptable tradeoff of trust in centralized trust anchors, decentralized operation, and an ability to withstand a range of attacks, while protecting user privacy., Comment: 22 pages with 1 figure and 8 tables

Published

2023

30. Learning When to Say Goodbye: What Should be the Shelf Life of an Indicator of Compromise?

Author

Tostes, Breno, Ventura, Leonardo, Lovat, Enrico, Martins, Matheus, and Menasché, Daniel Sadoc

Subjects

Computer Science - Cryptography and Security, K.6.5, D.4.6

Abstract

Indicators of Compromise (IOCs), such as IP addresses, file hashes, and domain names associated with known malware or attacks, are cornerstones of cybersecurity, serving to identify malicious activity on a network. In this work, we leverage real data to compare different parameterizations of IOC aging models. Our dataset comprises traffic at a real environment for more than 1 year. Among our trace-driven findings, we determine thresholds for the ratio between miss over monitoring costs such that the system benefits from storing IOCs for a finite time-to-live (TTL) before eviction. To the best of our knowledge, this is the first real world evaluation of thresholds related to IOC aging, paving the way towards realistic IOC decaying models., Comment: 2023 IEEE International Conference on Cyber Security and Resilience (IEEE CSR)

Published

2023

31. Execution at RISC: Stealth JOP Attacks on RISC-V Applications

Author

Buckwell, Loïc, Gilles, Olivier, Pérez, Daniel Gracia, and Kosmatov, Nikolai

Subjects

Computer Science - Cryptography and Security, Computer Science - Software Engineering, 68M25, D.4.6

Abstract

RISC-V is a recently developed open instruction set architecture gaining a lot of attention. To achieve a lasting security on these systems and design efficient countermeasures, a better understanding of vulnerabilities to novel and potential future attacks is mandatory. This paper demonstrates that RISC-V is sensible to Jump-Oriented Programming, a class of complex code-reuse attacks. We provide an analysis of new dispatcher gadgets we discovered, and show how they can be used together in order to build a stealth attack, bypassing existing protections. A proof-of-concept attack is implemented on an embedded web server compiled for RISC-V, in which we introduced a vulnerability, allowing an attacker to remotely read an arbitrary file from the host machine., Comment: 16 pages. arXiv admin note: text overlap with arXiv:2211.16212

Published

2023

32. Information Leakage from Optical Emanations

Author

Loughry, Joe and Umphress, David A.

Subjects

Computer Science - Cryptography and Security, Electrical Engineering and Systems Science - Signal Processing, C.2.0, D.4.6, E.3, K.6.5

Abstract

A previously unknown form of compromising emanations has been discovered. LED status indicators on data communication equipment, under certain conditions, are shown to carry a modulated optical signal that is significantly correlated with information being processed by the device. Physical access is not required; the attacker gains access to all data going through the device, including plaintext in the case of data encryption systems. Experiments show that it is possible to intercept data under realistic conditions at a considerable distance. Many different sorts of devices, including modems and Internet Protocol routers, were found to be vulnerable. A taxonomy of compromising optical emanations is developed, and design changes are described that will successfully block this kind of "Optical TEMPEST" attack., Comment: 26 pages, 11 figures

Published

2023

33. Performance and Reliability Analysis for Practical Byzantine Fault Tolerance with Repairable Voting Nodes

Author

Chang, Yan-Xia, Wang, Qing, Li, Quan-Lin, and Ma, Yaqian

Subjects

Computer Science - Performance, Mathematics - Numerical Analysis, Mathematics - Probability, 90B22, 60J28, H.2.4, H.3.5, E.2, E.3, D.4.6, D.4.8

Abstract

The practical Byzantine fault tolerant (PBFT) consensus protocol is one of the basic consensus protocols in the development of blockchain technology. At the same time, the PBFT consensus protocol forms a basis for some other important BFT consensus protocols, such as Tendermint, Streamlet, HotStuff, and LibraBFT. In general, the voting nodes may always fail so that they can leave the PBFT-based blockchain system in a random time interval, making the number of timely available voting nodes uncertain. Thus, this uncertainty leads to the analysis of the PBFT-based blockchain systems with repairable voting nodes being more challenging. In this paper, we develop a novel PBFT consensus protocol with repairable voting nodes and study such a new blockchain system using a multi-dimensional Markov process and the first passage time method. Based on this, we provide performance and reliability analysis, including throughput, availability, and reliability, for the new PBFT-based blockchain system with repairable voting nodes. Furthermore, we provide an approximate algorithm for computing the throughput of the new PBFT-based blockchain system. We employ numerical examples to demonstrate the validity of our theoretical results and illustrate how the key system parameters influence performance measures of the PBFT-based blockchain system with repairable voting nodes. We hope the methodology and results developed in this paper will stimulate future research endeavors and open up new research trajectories in this field., Comment: 55 pages, 17 figures

Published

2023

34. Survey of Federated Learning Models for Spatial-Temporal Mobility Applications

Author

Belal, Yacine, Mokhtar, Sonia Ben, Haddadi, Hamed, Wang, Jaron, and Mashhadi, Afra

Subjects

Computer Science - Machine Learning, Computer Science - Artificial Intelligence, Computer Science - Distributed, Parallel, and Cluster Computing, Computer Science - Information Retrieval, Computer Science - Social and Information Networks, A.1, D.4.6, H.4.3, H.5.6, I.2.6, I.5.3, I.5.8

Abstract

Federated learning involves training statistical models over edge devices such as mobile phones such that the training data is kept local. Federated Learning (FL) can serve as an ideal candidate for training spatial temporal models that rely on heterogeneous and potentially massive numbers of participants while preserving the privacy of highly sensitive location data. However, there are unique challenges involved with transitioning existing spatial temporal models to decentralized learning. In this survey paper, we review the existing literature that has proposed FL-based models for predicting human mobility, traffic prediction, community detection, location-based recommendation systems, and other spatial-temporal tasks. We describe the metrics and datasets these works have been using and create a baseline of these approaches in comparison to the centralized settings. Finally, we discuss the challenges of applying spatial-temporal models in a decentralized setting and by highlighting the gaps in the literature we provide a road map and opportunities for the research community.

Published

2023

35. CoVE: Towards Confidential Computing on RISC-V Platforms

Author

Sahita, Ravi, Patra, Atish, Shanbhogue, Vedvyas, Ortiz, Samuel, Bresticker, Andrew, Reid, Dylan, Khare, Atul, and Kanwal, Rajnesh

Subjects

Computer Science - Cryptography and Security, Computer Science - Hardware Architecture, D.4.6

Abstract

Multi-tenant computing platforms are typically comprised of several software and hardware components including platform firmware, host operating system kernel, virtualization monitor, and the actual tenant payloads that run on them (typically in a virtual machine, container, or application). This model is well established in large scale commercial deployment, but the downside is that all platform components and operators are in the Trusted Computing Base (TCB) of the tenant. This aspect is ill-suited for privacy-oriented workloads that aim to minimize the TCB footprint. Confidential computing presents a good stepping-stone towards providing a quantifiable TCB for computing. Confidential computing [1] requires the use of a HW-attested Trusted Execution Environments for data-in-use protection. The RISC-V architecture presents a strong foundation for meeting the requirements for Confidential Computing and other security paradigms in a clean slate manner. This paper describes a reference architecture and discusses ISA, non-ISA and system-on-chip (SoC) requirements for confidential computing on RISC-V Platforms. It discusses proposed ISA and non-ISA Extension for Confidential Virtual Machine for RISC-V platforms, referred to as CoVE.

Published

2023

36. Smartphones with UWB: Evaluating the Accuracy and Reliability of UWB Ranging

Author

Heinrich, Alexander, Krollmann, Sören, Putz, Florentin, and Hollick, Matthias

Subjects

Computer Science - Cryptography and Security, Computer Science - Performance, 68M25, 62N05, D.4.8, D.4.6, C.4

Abstract

More and more consumer devices implement the IEEE Ultra-Wide Band (UWB) standard to perform distance measurements for sensitive tasks such as keyless entry and startup of modern cars, to find lost items using coin-sized trackers, and for smart payments. While UWB promises the ability to perform time-of-flight centimeter-accurate distance measurements between two devices, the accuracy and reliability of the implementation in up-to-date consumer devices have not been evaluated so far. In this paper, we present the first evaluation of UWB smartphones from Apple, Google, and Samsung, focusing on accuracy and reliability in passive keyless entry and smart home automation scenarios. To perform the measurements for our analysis, we build a custom-designed testbed based on a Gimbal-based platform for Wireless Evaluation (GWEn), which allows us to create reproducible measurements. All our results, including all measurement data and a manual to reconstruct a GWEn are published online. We find that the evaluated devices can measure the distance with an error of less than 20cm, but fail in producing reliable measurements in all scenarios. Finally, we give recommendations on how to handle measurement results when implementing a passive keyless entry system., Comment: 16 pages, 14 figures

Published

2023

37. Distributed Non-Interference

Author

Gorrieri, Roberto

Subjects

Computer Science - Cryptography and Security, Computer Science - Logic in Computer Science, 68Q60, 68Q85, D.4.6, F.1.1, H.1.1

Abstract

Information flow security properties were defined some years ago (see, e.g., the surveys \cite{FG01,Ry01}) in terms of suitable equivalence checking problems. These definitions were provided by using sequential models of computations (e.g., labeled transition systems \cite{GV15}), and interleaving behavioral equivalences (e.g., bisimulation equivalence \cite{Mil89}). More recently, the distributed model of Petri nets has been used to study non-interference in \cite{BG03,BG09,BC15}, but also in these papers an interleaving semantics was used. We argue that in order to capture all the relevant information flows, truly-concurrent behavioral equivalences must be used. In particular, we propose for Petri nets the distributed non-interference property, called DNI, based on {\em branching place bisimilarity} \cite{Gor23b}, which is a sensible, decidable equivalence for finite Petri nets with silent moves. Then we focus our attention on the subclass of Petri nets called {\em finite-state machines}, which can be represented (up to isomorphism) by the simple process algebra CFM \cite{Gor17}. DNI is very easily checkable on CFM processes, as it is compositional, so that it does does not suffer from the state-space explosion problem. Moreover, we show that DNI can be characterized syntactically on CFM by means of a type system.

Published

2023

38. PUF for the Commons: Enhancing Embedded Security on the OS Level

Author

Kietzmann, Peter, Schmidt, Thomas C., and Wählisch, Matthias

Subjects

Computer Science - Cryptography and Security, D.4.6, B.8.2

Abstract

Security is essential for the Internet of Things (IoT). Cryptographic operations for authentication and encryption commonly rely on random input of high entropy and secure, tamper-resistant identities, which are difficult to obtain on constrained embedded devices. In this paper, we design and analyze a generic integration of physically unclonable functions (PUFs) into the IoT operating system RIOT that supports about 250 platforms. Our approach leverages uninitialized SRAM to act as the digital fingerprint for heterogeneous devices. We ground our design on an extensive study of PUF performance in the wild, which involves SRAM measurements on more than 700 IoT nodes that aged naturally in the real-world. We quantify static SRAM bias, as well as the aging effects of devices and incorporate the results in our system. This work closes a previously identified gap of missing statistically significant sample sizes for testing the unpredictability of PUFs. Our experiments on COTS devices of 64 kB SRAM indicate that secure random seeds derived from the SRAM PUF provide 256 Bits-, and device unique keys provide more than 128 Bits of security. In a practical security assessment we show that SRAM PUFs resist moderate attack scenarios, which greatly improves the security of low-end IoT devices., Comment: 18 pages, 12 figures, 3 tables

Published

2023

39. On Blockchain We Cooperate: An Evolutionary Game Perspective

Author

Zhang, Luyao and Tian, Xinyu

Subjects

Economics - General Economics, Computer Science - Cryptography and Security, Computer Science - Computers and Society, Computer Science - Computer Science and Game Theory, 91A80, J.4, I.6.3, H.4.3, D.4.6, C.2.4

Abstract

Cooperation is fundamental for human prosperity. Blockchain, as a trust machine, is a cooperative institution in cyberspace that supports cooperation through distributed trust with consensus protocols. While studies in computer science focus on fault tolerance problems with consensus algorithms, economic research utilizes incentive designs to analyze agent behaviors. To achieve cooperation on blockchains, emerging interdisciplinary research introduces rationality and game-theoretical solution concepts to study the equilibrium outcomes of various consensus protocols. However, existing studies do not consider the possibility for agents to learn from historical observations. Therefore, we abstract a general consensus protocol as a dynamic game environment, apply a solution concept of bounded rationality to model agent behavior, and resolve the initial conditions for three different stable equilibria. In our game, agents imitatively learn the global history in an evolutionary process toward equilibria, for which we evaluate the outcomes from both computing and economic perspectives in terms of safety, liveness, validity, and social welfare. Our research contributes to the literature across disciplines, including distributed consensus in computer science, game theory in economics on blockchain consensus, evolutionary game theory at the intersection of biology and economics, bounded rationality at the interplay between psychology and economics, and cooperative AI with joint insights into computing and social science. Finally, we discuss that future protocol design can better achieve the most desired outcomes of our honest stable equilibria by increasing the reward-punishment ratio and lowering both the cost-punishment ratio and the pivotality rate.

Published

2022

40. Systematic Assessment of Fuzzers using Mutation Analysis

Author

Görz, Philipp, Mathis, Björn, Hassler, Keno, Güler, Emre, Holz, Thorsten, Zeller, Andreas, and Gopinath, Rahul

Subjects

Computer Science - Software Engineering, Computer Science - Cryptography and Security, D.2.5, D.4.6

Abstract

Fuzzing is an important method to discover vulnerabilities in programs. Despite considerable progress in this area in the past years, measuring and comparing the effectiveness of fuzzers is still an open research question. In software testing, the gold standard for evaluating test quality is mutation analysis, which evaluates a test's ability to detect synthetic bugs: If a set of tests fails to detect such mutations, it is expected to also fail to detect real bugs. Mutation analysis subsumes various coverage measures and provides a large and diverse set of faults that can be arbitrarily hard to trigger and detect, thus preventing the problems of saturation and overfitting. Unfortunately, the cost of traditional mutation analysis is exorbitant for fuzzing, as mutations need independent evaluation. In this paper, we apply modern mutation analysis techniques that pool multiple mutations and allow us -- for the first time -- to evaluate and compare fuzzers with mutation analysis. We introduce an evaluation bench for fuzzers and apply it to a number of popular fuzzers and subjects. In a comprehensive evaluation, we show how we can use it to assess fuzzer performance and measure the impact of improved techniques. The required CPU time remains manageable: 4.09 CPU years are needed to analyze a fuzzer on seven subjects and a total of 141,278 mutations. We find that today's fuzzers can detect only a small percentage of mutations, which should be seen as a challenge for future research -- notably in improving (1) detecting failures beyond generic crashes (2) triggering mutations (and thus faults)., Comment: 13 pages, 4 figures

Published

2022

41. Performance Evaluation, Optimization and Dynamic Decision in Blockchain Systems: A Recent Overview

Author

Li, Quan-Lin, Chang, Yan-Xia, and Wang, Qing

Subjects

Computer Science - Performance, Computer Science - Information Theory, Computer Science - Machine Learning, Mathematics - Optimization and Control, 90B22, 60J28, H.2.4, H.3.5, E.2, E.3, D.4.6, D.4.8

Abstract

With rapid development of blockchain technology as well as integration of various application areas, performance evaluation, performance optimization, and dynamic decision in blockchain systems are playing an increasingly important role in developing new blockchain technology. This paper provides a recent systematic overview of this class of research, and especially, developing mathematical modeling and basic theory of blockchain systems. Important examples include (a) performance evaluation: Markov processes, queuing theory, Markov reward processes, random walks, fluid and diffusion approximations, and martingale theory; (b) performance optimization: Linear programming, nonlinear programming, integer programming, and multi-objective programming; (c) optimal control and dynamic decision: Markov decision processes, and stochastic optimal control; and (d) artificial intelligence: Machine learning, deep reinforcement learning, and federated learning. So far, a little research has focused on these research lines. We believe that the basic theory with mathematical methods, algorithms and simulations of blockchain systems discussed in this paper will strongly support future development and continuous innovation of blockchain technology., Comment: 42 pages, 9 figures

Published

2022

42. An Integrity-Focused Threat Model for Software Development Pipelines

Author

Reichert, B. M. and Obelheiro, R. R.

Subjects

Computer Science - Cryptography and Security, Computer Science - Software Engineering, D.4.6, D.2

Abstract

In recent years, there has been a growing concern with software integrity, that is, the assurance that software has not been tampered with on the path between developers and users. This path is represented by a software development pipeline and plays a pivotal role in software supply chain security. While there have been efforts to improve the security of development pipelines, there is a lack of a comprehensive view of the threats affecting them. We develop a systematic threat model for a generic software development pipeline using the STRIDE framework and identify possible mitigations for each threat. The pipeline adopted as a reference comprises five stages (integration, continuous integration, infrastructure-as-code, deployment, and release), and we review vulnerabilities and attacks in all stages reported in the literature. We present a case study applying this threat model to a specific pipeline, showing that the adaptation is straightforward and produces a list of relevant threats., Comment: 36 pages, 5 figures

Published

2022

43. A Secure Future for Open-Source Computational Science and Engineering

Author

Milewicz, Reed, Carver, Jeffrey, Grayson, Samuel, and Atkison, Travis

Subjects

Computer Science - Software Engineering, D.4.6, D.2.0, J.2

Abstract

Journalists, public policy analysts, and economists have called attention to the growing importance that high-performance and scientific computing have to national security and industrial leadership. As computing continues to power scientific advances in virtually every discipline, so too does it improve our economic productivity and quality of life. The increasing social, political, and economic importance of research software, however, has also brought the question of software security to the fore. Just as unintentional software errors can threaten the integrity of scientific studies, malicious actors could leverage vulnerabilities to alter results, exfiltrate data, and sabotage computing resources. In this editorial, the authors argue for the need to incorporate security practices and perspectives throughout the research software lifecycle, and they propose directions for future work in this space., Comment: 5 pages. Pre-print version of upcoming editorial for Computing in Science and Engineering

Published

2022

44. Mahiru: a federated, policy-driven data processing and exchange system

Author

Veen, Lourens E., Shakeri, Sara, and Grosso, Paola

Subjects

Computer Science - Distributed, Parallel, and Cluster Computing, H.3.5, D.4.6

Abstract

Secure, privacy-preserving sharing of scientific or business data is currently a popular topic for research and development, both in academia and outside of it. Systems have been proposed for sharing individual facts about individuals and sharing entire data sets, for sharing data through trusted third parties, for obfuscating sensitive data by anonymisation and homomorphic encryption, for distributed processing as in federated machine learning and secure multiparty computation, and for trading data access or ownership. However, these systems typically support only one of these solutions, while organisations often have a variety of data and use cases for which different solutions are appropriate. If a single system could be built that is flexible enough to support a variety of solutions, then administration would be greatly simplified and attack surfaces reduced. In this paper we present Mahiru, a design for a data exchange and processing system in which owners of data and software fully control their assets, users may submit a wide variety of processing requests including most of the above applications, and all parties collaborate to execute those requests in a distributed fashion, while ensuring that the policies are adhered to at all times. This is achieved through a federated, mostly decentralised architecture and a powerful policy mechanism designed to be easy to understand and simple to implement. We have created a proof-of-concept implementation of the system which is openly available and in continuous development, and which we aim to continue to extend with new functionality., Comment: 15 pages, 5 figures

Published

2022

45. Review of Cookie Synchronization Detection Methods

Author

Smith, Jake

Subjects

Computer Science - Cryptography and Security, D.4.6, E.3

Abstract

The research community has deemed cookie synchronization detection an inherently challenging task. Studies aiming to identify cookie synchronizations often share high-level design choices, but deviate amongst low-level implementations. For example, the majority of studies label a cookie synchronization iff a user identifier is shared with a third party; however, there is a lack of consistency among implementations, such as party relations or identifier value definitions, or whether such definitions are even included. This review intends to provide a record of established methods and promote standardization of methods choice in future work., Comment: 9 pages, 0 figures

Published

2022

46. Dynamic Practical Byzantine Fault Tolerance and Its Blockchain System: A Large-Scale Markov Modeling

Author

Chang, Yan-Xia, Li, Quan-Lin, Wang, Qing, and Song, Xing-Shuo

Subjects

Computer Science - Performance, Computer Science - Cryptography and Security, Computer Science - Information Theory, Mathematics - Probability, 90B22, 60J28, H.2.4, H.3.5, E.2, E.3, D.4.6, D.4.8

Abstract

In a practical Byzantine fault tolerance (PBFT) blockchain network, the voting nodes may always leave the network while some new nodes can also enter the network, thus the number of voting nodes is constantly changing. Such a new PBFT with dynamic nodes is called a dynamic PBFT. Clearly, the dynamic PBFT can more strongly support the decentralization and distributed structure of blockchain. However, analyzing dynamic PBFT blockchain systems will become more interesting and challenging. In this paper, we propose a large-scale Markov modeling technique to analyze the dynamic PBFT voting processes and its dynamic PBFT blockchain system. To this end, we set up a large-scale Markov process (and further a multi-dimensional Quasi-Birth-and-Death (QBD) process) and provide performance analysis for both the dynamic PBFT voting processes and the dynamic PBFT blockchain system. In particular, we obtain an effective computational method for the throughput of the complicated dynamic PBFT blockchain system. Finally, we use numerical examples to check the validity of our theoretical results and indicate how some key system parameters influence the performance measures of the dynamic PBFT voting processes and of the dynamic PBFT blockchain system. Therefore, by using the theory of multi-dimensional QBD processes and the RG-factorization technique, we hope that the methodology and results developed in this paper shed light on the study of dynamic PBFT blockchain systems such that a series of promising research can be developed potentially., Comment: 46 pages, 13 figures

Published

2022

47. RPoA: Redefined Proof of Activity

Author

Kamali, Sina, Shabihi, Shayan, Fakharian, Mohammad Taha, Arbabi, Alireza, Tajmehrabi, Pouriya, Saadati, Mohammad, and Bahrak, Behnam

Subjects

Computer Science - Cryptography and Security, Computer Science - Distributed, Parallel, and Cluster Computing, Computer Science - Information Theory, 94A08, D.4.6, E.3, C.2.4, H.1.1

Abstract

The consensus protocol is the core of a blockchain system which guarantees its secure and stable operation. Proof of Activity (PoA) is a consensus protocol that tries to address some of the issues pertinent to the most widely used protocols, such as Proof of Stake (PoS) and Proof of Work (PoW). However, it still needs to solve the issues regarding high energy consumption, significant resources required, high mining latency, and the need for private blockchains. In this paper, we propose Redefined Proof of Activity (RPoA), a new consensus protocol that builds on top of some of the best features of the existing protocols, such as PoW, PoS, and PoA, and values active service provided by users on the network. Our approach tries to address the issues above and falls in the service-based protocols category that gives mining credit to users as they serve on the network., Comment: 11 pages with 1 figure

Published

2022

48. Impact of a non-deterministic rekey interval on the performance of arc4random

Author

Cannoo, Keelan and Dindyal, Jeevesh Rishi

Subjects

Computer Science - Cryptography and Security, D.4.6, D.4.8

Abstract

This paper is intended to provide the readers with a clear understanding of the modification done to the pseudo-random number generator (PRNG) arc4random. The arc4random PRNG was modified to implement a non-deterministic rekey interval. A comparison was made with the unpatched version regarding performance and the rekey interval's randomization. All measurements were done when the rekey was performed. A slight increase in performance was observed, and the rekey interval was randomized as expected.

Published

2022

49. Bao-Enclave: Virtualization-based Enclaves for Arm

Author

Pereira, Samuel, Sousa, Joao, Pinto, Sandro, Martins, José, and Cerdeira, David

Subjects

Computer Science - Cryptography and Security, D.4.6

Abstract

General-purpose operating systems (GPOS), such as Linux, encompass several million lines of code. Statistically, a larger code base inevitably leads to a higher number of potential vulnerabilities and inherently a more vulnerable system. To minimize the impact of vulnerabilities in GPOS, it has become common to implement security-sensitive programs outside the domain of the GPOS, i.e., in a Trusted Execution Environment (TEE). Arm TrustZone is the de-facto technology for implementing TEEs in Arm devices. However, over the last decade, TEEs have been successfully attacked hundreds of times. Unfortunately, these attacks have been possible due to the presence of several architectural and implementation flaws in TrustZone-based TEEs. In this paper, we propose Bao-Enclave, a virtualization-based solution that enables OEMs to remove security functionality from the TEE and move them into normal world isolated environments, protected from potentially malicious OSes, in the form of lightweight virtual machines (VMs). We evaluate Bao-Enclave on real hardware platforms and find out that Bao-Enclave may improve the performance of security-sensitive workloads by up to 4.8x, while significantly simplifying the TEE software TCB., Comment: 6 pages, 5 figures, WF-IoT 2022

Published

2022

50. A Markov Process Theory for Network Growth Processes of DAG-based Blockchain Systems

Author

Song, Xing-Shuo, Li, Quan-Lin, Chang, Yan-Xia, and Zhang, Chi

Subjects

Computer Science - Performance, Mathematics - Dynamical Systems, Mathematics - Probability, 90B22, 60J28, 94A15, H.2.4, H.3.5, E.2, E.3, D.4.6, D.4.8

Abstract

Note that the serial structure of blockchain has many essential pitfalls, thus a data network structure and its DAG-based blockchain are introduced to resolve the blockchain pitfalls. From such a network perspective, analysis of the DAG-based blockchain systems becomes interesting and challenging. So, the simulation models are adopted widely. In this paper, we first describe a simple Markov model for the DAG-based blockchain with IOTA Tangle by means of two layers of tips and internal tips' impatient connection behavior. Then we set up a continuous-time Markov process to analyze the DAG-based blockchain system and show that this Markov process is a level-dependent quasi-birth-and-death (QBD) process. Based on this, we prove that the QBD process must be irreducible and positive recurrent. Furthermore, once the stationary probability vector of the QBD process is given, we provide performance analysis of the DAG-based blockchain system. Next, we propose a new effective method for computing the average confirmation time of any arriving internal tip at this system by means of the first passage times and the PH distributions. Finally, we use numerical examples to check the validity of our theoretical results and indicate how some key system parameters influence the performance measures of this system. Therefore, we hope that the methodology and results developed in this paper can be applicable to deal with more general DAG-based blockchain systems such that a series of promising research can be developed potentially., Comment: 49 pages, 9 figures

Published

2022