Your search keyword '"Zuzák P"' showing total 13 results

1. Michscan: Black-Box Neural Network Integrity Checking at Runtime Through Power Analysis

Author

Paul, Robi and Zuzak, Michael

Subjects

Computer Science - Cryptography and Security

Abstract

As neural networks are increasingly used for critical decision-making tasks, the threat of integrity attacks, where an adversary maliciously alters a model, has become a significant security and safety concern. These concerns are compounded by the use of licensed models, where end-users purchase third-party models with only black-box access to protect model intellectual property (IP). In such scenarios, conventional approaches to verify model integrity require knowledge of model parameters or cooperative model owners. To address this challenge, we propose Michscan, a methodology leveraging power analysis to verify the integrity of black-box TinyML neural networks designed for resource-constrained devices. Michscan is based on the observation that modifications to model parameters impact the instantaneous power consumption of the device. We leverage this observation to develop a runtime model integrity-checking methodology that employs correlational power analysis using a golden template or signature to mathematically quantify the likelihood of model integrity violations at runtime through the Mann-Whitney U-Test. Michscan operates in a black-box environment and does not require a cooperative or trustworthy model owner. We evaluated Michscan using an STM32F303RC microcontroller with an ARM Cortex-M4 running four TinyML models in the presence of three model integrity violations. Michscan successfully detected all integrity violations at runtime using power data from five inferences. All detected violations had a negligible probability P < 10^(-5) of being produced from an unmodified model (i.e., false positive)., Comment: 11 pages, 7 figures. To appear in IEEE International Symposium on Hardware Oriented Security and Trust (HOST) 2025. This material is based upon work supported by the National Science Foundation under Grant No. 2245573

Published

2025

2. ProveRAG: Provenance-Driven Vulnerability Analysis with Automated Retrieval-Augmented LLMs

Author

Fayyazi, Reza, Trueba, Stella Hoyos, Zuzak, Michael, and Yang, Shanchieh Jay

Subjects

Computer Science - Cryptography and Security, Computer Science - Information Retrieval

Abstract

In cybersecurity, security analysts face the challenge of mitigating newly discovered vulnerabilities in real-time, with over 300,000 Common Vulnerabilities and Exposures (CVEs) identified since 1999. The sheer volume of known vulnerabilities complicates the detection of patterns for unknown threats. While LLMs can assist, they often hallucinate and lack alignment with recent threats. Over 25,000 vulnerabilities have been identified so far in 2024, which are introduced after popular LLMs' (e.g., GPT-4) training data cutoff. This raises a major challenge of leveraging LLMs in cybersecurity, where accuracy and up-to-date information are paramount. In this work, we aim to improve the adaptation of LLMs in vulnerability analysis by mimicking how analysts perform such tasks. We propose ProveRAG, an LLM-powered system designed to assist in rapidly analyzing CVEs with automated retrieval augmentation of web data while self-evaluating its responses with verifiable evidence. ProveRAG incorporates a self-critique mechanism to help alleviate omission and hallucination common in the output of LLMs applied in cybersecurity applications. The system cross-references data from verifiable sources (NVD and CWE), giving analysts confidence in the actionable insights provided. Our results indicate that ProveRAG excels in delivering verifiable evidence to the user with over 99% and 97% accuracy in exploitation and mitigation strategies, respectively. This system outperforms direct prompting and chunking retrieval in vulnerability analysis by overcoming temporal and context-window limitations. ProveRAG guides analysts to secure their systems more effectively while documenting the process for future audits.

Published

2024

3. Fusion is Not Enough: Single Modal Attacks on Fusion Models for 3D Object Detection

Author

Cheng, Zhiyuan, Choi, Hongjun, Liang, James, Feng, Shiwei, Tao, Guanhong, Liu, Dongfang, Zuzak, Michael, and Zhang, Xiangyu

Subjects

Computer Science - Computer Vision and Pattern Recognition, Computer Science - Cryptography and Security

Abstract

Multi-sensor fusion (MSF) is widely used in autonomous vehicles (AVs) for perception, particularly for 3D object detection with camera and LiDAR sensors. The purpose of fusion is to capitalize on the advantages of each modality while minimizing its weaknesses. Advanced deep neural network (DNN)-based fusion techniques have demonstrated the exceptional and industry-leading performance. Due to the redundant information in multiple modalities, MSF is also recognized as a general defence strategy against adversarial attacks. In this paper, we attack fusion models from the camera modality that is considered to be of lesser importance in fusion but is more affordable for attackers. We argue that the weakest link of fusion models depends on their most vulnerable modality, and propose an attack framework that targets advanced camera-LiDAR fusion-based 3D object detection models through camera-only adversarial attacks. Our approach employs a two-stage optimization-based strategy that first thoroughly evaluates vulnerable image areas under adversarial attacks, and then applies dedicated attack strategies for different fusion models to generate deployable patches. The evaluations with six advanced camera-LiDAR fusion models and one camera-only model indicate that our attacks successfully compromise all of them. Our approach can either decrease the mean average precision (mAP) of detection performance from 0.824 to 0.353, or degrade the detection score of a target object from 0.728 to 0.156, demonstrating the efficacy of our proposed attack framework. Code is available., Comment: Accepted at ICLR'2024

Published

2023

4. Exploiting Logic Locking for a Neural Trojan Attack on Machine Learning Accelerators

Author

Xu, Hongye, Liu, Dongfang, Merkel, Cory, and Zuzak, Michael

Subjects

Computer Science - Cryptography and Security, Computer Science - Artificial Intelligence, Computer Science - Hardware Architecture

Abstract

Logic locking has been proposed to safeguard intellectual property (IP) during chip fabrication. Logic locking techniques protect hardware IP by making a subset of combinational modules in a design dependent on a secret key that is withheld from untrusted parties. If an incorrect secret key is used, a set of deterministic errors is produced in locked modules, restricting unauthorized use. A common target for logic locking is neural accelerators, especially as machine-learning-as-a-service becomes more prevalent. In this work, we explore how logic locking can be used to compromise the security of a neural accelerator it protects. Specifically, we show how the deterministic errors caused by incorrect keys can be harnessed to produce neural-trojan-style backdoors. To do so, we first outline a motivational attack scenario where a carefully chosen incorrect key, which we call a trojan key, produces misclassifications for an attacker-specified input class in a locked accelerator. We then develop a theoretically-robust attack methodology to automatically identify trojan keys. To evaluate this attack, we launch it on several locked accelerators. In our largest benchmark accelerator, our attack identified a trojan key that caused a 74\% decrease in classification accuracy for attacker-specified trigger inputs, while degrading accuracy by only 1.7\% for other inputs on average., Comment: Accepted in GLSVLSI 2023

Published

2023

5. Robust and Attack Resilient Logic Locking with a High Application-Level Impact

Author

Liu, Yuntao, Zuzak, Michael, Xie, Yang, Chakraborty, Abhishek, and Srivastava, Ankur

Subjects

Computer Science - Cryptography and Security, Computer Science - Hardware Architecture, Computer Science - Formal Languages and Automata Theory

Abstract

Logic locking is a hardware security technique to intellectual property (IP) against security threats in the IC supply chain, especially untrusted fabs. Such techniques incorporate additional locking circuitry within an IC that induces incorrect functionality when an incorrect key is provided. The amount of error induced is known as the effectiveness of the locking technique. "SAT attacks" provide a strong mathematical formulation to find the correct key of locked circuits. In order to achieve high SAT resilience(i.e. complexity of SAT attacks), many conventional logic locking schemes fail to inject sufficient error into the circuit. For example, in the case of SARLock and Anti-SAT, there are usually very few (or only one) input minterms that cause any error at the circuit output. The state-of-the-art stripped functionality logic locking (SFLL) technique introduced a trade-off between SAT resilience and effectiveness. In this work, we prove that such a trade-off is universal in logic locking. In order to attain high effectiveness of locking without compromising SAT resilience, we propose a novel logic locking scheme, called Strong Anti-SAT (SAS). In addition to SAT attacks, removal-based attacks are also popular against logic locking. Based on SAS, we propose Robust SAS (RSAS) which is resilient to removal attacks and maintains the same SAT resilience and as effectiveness as SAS. SAS and RSAS have the following significant improvements over existing techniques. (1) SAT resilience of SAS and RSAS against SAT attack is not compromised by increase in effectiveness. (2) In contrast to prior work focusing solely on the circuit-level locking impact, we integrate SAS-locked modules into a processor and show that SAS has a high application-level impact. (3) Our experiments show that SAS and RSAS exhibit better SAT resilience than SFLL and have similar effectiveness.

Published

2021

6. Benchmarking at the Frontier of Hardware Security: Lessons from Logic Locking

Author

Tan, Benjamin, Karri, Ramesh, Limaye, Nimisha, Sengupta, Abhrajit, Sinanoglu, Ozgur, Rahman, Md Moshiur, Bhunia, Swarup, Duvalsaint, Danielle, D., R., Blanton, Rezaei, Amin, Shen, Yuanqi, Zhou, Hai, Li, Leon, Orailoglu, Alex, Han, Zhaokun, Benedetti, Austin, Brignone, Luciano, Yasin, Muhammad, Rajendran, Jeyavijayan, Zuzak, Michael, Srivastava, Ankur, Guin, Ujjwal, Karfa, Chandan, Basu, Kanad, Menon, Vivek V., French, Matthew, Song, Peilin, Stellari, Franco, Nam, Gi-Joon, Gadfort, Peter, Althoff, Alric, Tostenrude, Joseph, Fazzari, Saverio, Breckenfeld, Eric, and Plaks, Kenneth

Subjects

Computer Science - Cryptography and Security

Abstract

Integrated circuits (ICs) are the foundation of all computing systems. They comprise high-value hardware intellectual property (IP) that are at risk of piracy, reverse-engineering, and modifications while making their way through the geographically-distributed IC supply chain. On the frontier of hardware security are various design-for-trust techniques that claim to protect designs from untrusted entities across the design flow. Logic locking is one technique that promises protection from the gamut of threats in IC manufacturing. In this work, we perform a critical review of logic locking techniques in the literature, and expose several shortcomings. Taking inspiration from other cybersecurity competitions, we devise a community-led benchmarking exercise to address the evaluation deficiencies. In reflecting on this process, we shed new light on deficiencies in evaluation of logic locking and reveal important future directions. The lessons learned can guide future endeavors in other areas of hardware security.

Published

2020

7. Fermi level pinning at the Ge(001) surface - A case for non-standard explanation

Author

Wojtaszek, Mateusz, Zuzak, Rafal, Godlewski, Szymon, Kolmer, Marek, Lis, Jakub, Such, Bartosz, and Szymonski, Marek

Subjects

Condensed Matter - Materials Science, Condensed Matter - Mesoscale and Nanoscale Physics

Abstract

To explore the origin of the Fermi level pinning in germanium we investigate the Ge(001) and Ge(001):H surfaces. The absence of relevant surface states in the case of Ge(001):H should unpin the surface Fermi level. This is not observed. For samples with donors as majority dopants the surface Fermi level appears close to the top of the valence band regardless of the surface structure. Surprisingly, for the passivated surface it is located below the top of the valence band allowing scanning tunneling microscopy imaging within the band gap. We argue that the well known electronic mechanism behind band bending does not apply and a more complicated scenario involving ionic degrees of freedom is therefore necessary. Experimental techniques involve four point probe electric current measurements, scanning tunneling microscopy and spectroscopy., Comment: 5 pages, 4 figures

Published

2015

8. Appearance of effective surface conductivity - an experimental and analytic study

Author

Lis, Jakub, Wojtaszek, Mateusz, Zuzak, Rafal, Such, Bartosz, and Szymonski, Marek

Subjects

Condensed Matter - Mesoscale and Nanoscale Physics

Abstract

Surface conductance measurements on p-type doped germanium show a small but systematic change to the surface conductivity at different length scales. This effect is independent of the structure of the surface states. We interpret this phenomenon as a manifestation of conductivity changes beneath the surface. This hypothesis is confirmed by an analysis of the classical current flow equation. We derive an integral formula for calculating of the effective surface conductivity as a function of the distance from a point source. Furthermore we derive asymptotic values of the surface conductivity at small and large distances. The actual surface conductivity can only be sampled close to the current source. At large distances, the conductivity measured on the surface corresponds to the bulk value., Comment: 11 pages, 8 figures

Published

2015

9. Performance Evaluation of Hierarchical Publish-Subscribe Monitoring Architecture for Service-Oriented Applications

Author

Zuzak, Ivan and Benc, Ivan

Subjects

Computer Science - Distributed, Parallel, and Cluster Computing

Abstract

Contemporary high-performance service-oriented applications demand a performance efficient run-time monitoring. In this paper, we analyze a hierarchical publish-subscribe architecture for monitoring service-oriented applications. The analyzed architecture is based on a tree topology and publish-subscribe communication model for aggregation of distributed monitoring data. In order to satisfy interoperability and platform independence of service-orientation, monitoring reports are represented as XML documents. Since XML formatting introduces a significant processing and network load, we analyze the performance of monitoring architecture with respect to the number of monitored nodes, the load of system machines, and the overall latency of the monitoring system., Comment: 7 pages, 5 figures

Published

2012

10. A Classification Framework for Web Browser Cross-Context Communication

Author

Zuzak, Ivan, Ivankovic, Marko, and Budiselic, Ivan

Subjects

Computer Science - Software Engineering, D.2.11, H.4.3, D.4.4

Abstract

Demand for more advanced Web applications is the driving force behind Web browser evolution. Recent requirements for Rich Internet Applications, such as mashing-up data and background processing, are emphasizing the need for building and executing Web applications as a coordination of browser execution contexts. Since development of such Web applications depends on cross-context communication, many browser primitives and client-side frameworks have been developed to support this communication. In this paper we present a systematization of cross-context communication systems for Web browsers. Based on an analysis of previous research, requirements for modern Web applications and existing systems, we extract a framework for classifying cross-context communica-tion systems. Using the framework, we evaluate the current ecosystem of cross-context communication and outline directions for future Web research and engineering., Comment: 23 pages, 5 figures. This paper contains a more systematic research of cross-context communication systems listed on the pmrpc project website, see http://code.google.com/p/pmrpc/wiki/IWCProjects

Published

2011

11. Sarkómy maternice -- prehľad.

Author

Klačko, M., Babala, P., Mikloš, P., Zuzák, P., Chorváth, M., Ondrušová, M., and Ondruš, D.

Published

2012

12. Phase II study of everolimus in refractory testicular germ cell tumors.

Author

Mego M, Svetlovska D, Miskovska V, Obertova J, Palacka P, Rajec J, Sycova-Mila Z, Chovanec M, Rejlekova K, Zuzák P, Ondrus D, Spanik S, Reckova M, and Mardiak J

Subjects

Adult, Follow-Up Studies, Humans, Male, Middle Aged, Neoplasm Recurrence, Local pathology, Neoplasm Staging, Neoplasms, Germ Cell and Embryonal pathology, Prognosis, Survival Rate, Testicular Neoplasms pathology, Young Adult, Antineoplastic Agents therapeutic use, Drug Resistance, Neoplasm drug effects, Everolimus therapeutic use, Neoplasm Recurrence, Local drug therapy, Neoplasms, Germ Cell and Embryonal drug therapy, Salvage Therapy, Testicular Neoplasms drug therapy

Abstract

Background: Testicular germ cell tumors (TGCTs) represent a highly curable disease; however, a small proportion of patients develop disease recurrence. Loss of the tumor-suppressor gene phosphatase and tensin homolog marks the transition from intratubular germ cell neoplasia to invasive GCT and is correlated with disease progression. Inactivation of phosphatase and tensin homolog is associated with deregulation of the PI3K/Akt pathway and increased mammalian target of rapamycin signaling. This study aimed to determine the efficacy and toxicity of a mammalian target of rapamycin inhibitor, everolimus, in patients with refractory TGCTs., Methods: From December 2011 to February 2015, 15 patients with refractory GCTs were enrolled in the phase II study. All patients were pretreated with at least 2 cisplatin-based therapies; 4 tumors (26.7%) were absolutely refractory to cisplatin and 9 patients (60.0%) had visceral nonpulmonary metastases. Everolimus was administered at a dose of 10mg daily until progression or unacceptable toxicity. The primary end point was the objective response rate, according to Response Evaluation Criteria in Solid Tumors., Results: No objective response was observed, but 6 patients (40.0%) achieved 12-week progression-free survival. During a median follow-up period of 3.6 months (range: 1-35.1mo), all patients experienced disease progression and 11 patients (80.0%) died. Median progression-free survival was 1.7 months (95% CI: 1.1-4.0mo) and median overall survival was 3.6 months (95% CI: 2.0-11.0mo)., Conclusions: This study failed to achieve its primary end point and our data suggest limited efficacy of everolimus against unselected heavily pretreated refractory TGCTs., Condensed Abstract: Everolimus showed limited efficacy in unselected heavily pretreated refractory TGCTs. Prolonged disease stabilization could be achieved in selected patients., (Copyright © 2016 Elsevier Inc. All rights reserved.)

Published

2016

13. [Uterine Sarcomas - a review].

Author

Klačko M, Babala P, Mikloš P, Zuzák P, Chorváth M, Ondrušová M, and Ondruš D

Subjects

Combined Modality Therapy, Female, Humans, Sarcoma classification, Sarcoma pathology, Sarcoma therapy, Uterine Neoplasms classification, Uterine Neoplasms pathology, Uterine Neoplasms therapy

Abstract

Uterine sarcomas are a heterogeneous group, which constitutes about 8% of malignant uterine tumors. This heterogeneousness and rare occurrence were the main cause of non-uniform therapeutical management. In previously published papers, there were mainly retrospective assessments of the experience of individual centres. The basis of relevant conclusions of the studies, beside their prospectiveness, is the use of unified classification criteria. Currently, a completely new classification of uterine sarcomas is being used, which consists of leiomyosarcoma, endometrial stromal sarcomas and adenosarcomas. For classification of carcinosarcomas, there are valid new criteria of endometrial cancer classification. The basic therapeutic approach of leiomyosarcoma and endometrial stromal sarcomas is a surgical intervention. The gold standard is hysterectomy and salpingooophorectomy. Justifiability of lymphadenectomy is being discussed. For carcinosarcomas, the same recommendations as for the surgical treatment of prognostically unfavourable endometrial carcinoma are valid - hysterectomy, salpingooophorectomy, pelvic and paraaortal lymph node dissection and omentectomy. It is necessary to implement the new classification into clinical practice, to publish and evaluate existing papers, which take into account their basic thesis. Only then it will be possible to create unified therapies. They should be aimed to improve patients survival.

Published

2012