Biblio

The article considers the approach to static analysis of program code and the general principles of static analyzer operation. The authors identify the most important syntactic and semantic information in the programs, which can be used to find errors in the source code. The general methodology for development of diagnostic rules is proposed, which will improve the efficiency of static code analyzers.

Dependency injection frameworks such as the Spring framework rely on dynamic language features of Java. Errors arising from the improper usage of these features bypass the compile-time checks of the Java compiler. This paper discusses the application of static code analysis as a means to restore compile-time checking for Spring-related configuration errors. First, possible errors in the configuration of Spring are identified and classified. Attributed grammars are applied in order to formally detect the errors and a prototypical compiler extension is implemented based on Java's pluggable annotation processing API.

This paper introduces a newly developed Object-Oriented Open Software Architecture designed for supporting security applications, while leveraging on the capabilities offered by dedicated Open Hardware devices. Specifically, we target the SEcube™ platform, an Open Hardware security platform based on a 3D SiP (System on Package) designed and produced by Blu5 Group. The platform integrates three components employed for security in a single package: a Cortex-M4 CPU, a FPGA and an EAL5+ certified Smart Card. The Open Software Architecture targets both the host machine and the security device, together with the secure communication among them. To maximize its usability, this architecture is organized in several abstraction layers, ranging from hardware interfaces to device drivers, from security APIs to advanced applications, like secure messaging and data protection. We aim at releasing a multi-platform Open Source security framework, where software and hardware cooperate to hide to both the developer and the final users classical security concepts like cryptographic algorithms and keys, focusing, instead, on common operational security concepts like groups and policies.

The coming generation of Internet-of-Things (IoT) applications will process massive amounts of incoming data while supporting data mining and online learning. In cases with demanding real-time requirements, such systems behave as smart memories: a high-bandwidth service that captures sensor input, processes it using machine-learning tools, replicates and stores "interesting" data (discarding uninteresting content), updates knowledge models, and triggers urgently-needed responses. Derecho is a high-throughput library for building smart memories and similar services. At its core Derecho implements atomic multicast (Vertical Paxos) and state machine replication (the classic durable Paxos). Derecho's replicated\textbackslashtextlessT\textbackslashtextgreater template defines a replicated type; the corresponding objects are associated with subgroups, which can be sharded into key-value structures. The persistent\textbackslashtextlessT\textbackslashtextgreater and volatile\textbackslashtextlessT\textbackslashtextgreater storage templates implement version vectors with optional NVM persistence. These support time-indexed access, offering lock-free snapshot isolation that blends temporal precision and causal consistency. Derecho automates application management, supporting multigroup structures and providing consistent knowledge of the current membership mapping. A query can access data from many shards or subgroups, and consistency is guaranteed without any form of distributed locking. Whereas many systems run consensus on the critical path, Derecho requires consensus only when updating membership. By leveraging an RDMA data plane and NVM storage, and adopting a novel receiver-side batching technique, Derecho can saturate a 12.5GB RDMA network, sending millions of events per second in each subgroup or shard. In a single subgroup with 2–16 members, through-put peaks at 16 GB/s for large (100MB or more) objects. While key-value subgroups would typically use 2 or 3-member shards, unsharded subgroups could be large. In tests with a 128-member group, Derecho's multicast and Paxos protocols were just 3–5x slower than for a small group, depending on the traffic pattern. With network contention, slow members, or overlapping groups that generate concurrent traffic, Derecho's protocols remain stable and adapt to the available bandwidth.

Transport Layer Security (TLS), has become the de-facto standard for secure Internet communication. When used correctly, it provides secure data transfer, but used incorrectly, it can leave users vulnerable to attacks while giving them a false sense of security. Numerous efforts have studied the adoption of TLS (and its predecessor, SSL) and its use in the desktop ecosystem, attacks, and vulnerabilities in both desktop clients and servers. However, there is a dearth of knowledge of how TLS is used in mobile platforms. In this paper we use data collected by Lumen, a mobile measurement platform, to analyze how 7,258 Android apps use TLS in the wild. We analyze and fingerprint handshake messages to characterize the TLS APIs and libraries that apps use, and also evaluate weaknesses. We see that about 84% of apps use default OS APIs for TLS. Many apps use third-party TLS libraries; in some cases they are forced to do so because of restricted Android capabilities. Our analysis shows that both approaches have limitations, and that improving TLS security in mobile is not straightforward. Apps that use their own TLS configurations may have vulnerabilities due to developer inexperience, but apps that use OS defaults are vulnerable to certain attacks if the OS is out of date, even if the apps themselves are up to date. We also study certificate verification, and see low prevalence of security measures such as certificate pinning, even among high-risk apps such as those providing financial services, though we did observe major third-party tracking and advertisement services deploying certificate pinning.

In this paper we conduct an empirical study with the purpose of identifying common software weaknesses of embedded devices used as part of industrial control systems in power grids. The data is gathered about the devices and software of 6 companies, ABB, General Electric, Schneider Electric, Schweitzer Engineering Laboratories, Siemens and Wind River. The study uses data from the manufacturersfi online databases, NVD, CWE and ICS CERT. We identified that the most common problems that were reported are related to the improper input validation, cryptographic issues, and programming errors.

We use model-based testing techniques to detect logical vulnerabilities in implementations of the Wi-Fi handshake. This reveals new fingerprinting techniques, multiple downgrade attacks, and Denial of Service (DoS) vulnerabilities. Stations use the Wi-Fi handshake to securely connect with wireless networks. In this handshake, mutually supported capabilities are determined, and fresh pairwise keys are negotiated. As a result, a proper implementation of the Wi-Fi handshake is essential in protecting all subsequent traffic. To detect the presence of erroneous behaviour, we propose a model-based technique that generates a set of representative test cases. These tests cover all states of the Wi-Fi handshake, and explore various edge cases in each state. We then treat the implementation under test as a black box, and execute all generated tests. Determining whether a failed test introduces a security weakness is done manually. We tested 12 implementations using this approach, and discovered irregularities in all of them. Our findings include fingerprinting mechanisms, DoS attacks, and downgrade attacks where an adversary can force usage of the insecure WPA-TKIP cipher. Finally, we explain how one of our downgrade attacks highlights incorrect claims made in the 802.11 standard.

Nowadays we are witnessing an unprecedented evolution in how we gather and process information. Technological advances in mobile devices as well as ubiquitous wireless connectivity have brought about new information processing paradigms and opportunities for virtually all kinds of scientific and business activity. These new paradigms rest on three pillars: i) numerous powerful portable devices operated by human intelligence, ubiquitous in space and available, most of the time, ii) unlimited environment sensing capabilities of the devices, and iii) fast networks connecting the devices to Internet information processing platforms and services. These pillars implement the concepts of crowdsourcing and collective intelligence. These concepts describe online services that are based on the massive participation of users and the capabilities of their devices.in order to produce results and information which are "more than the sum of the part". The EU project Privacy Flag relies exactly on these two concepts in order to mobilize roaming citizens to contribute, through crowdsourcing, information about risky applications and dangerous web sites whose processing may produce emergent threat patterns, not evident in the contributed information alone, reelecting a collective intelligence action. Crowdsourcing and collective intelligence, in this context, has numerous advantages, such as raising privacy-awareness among people. In this paper we summarize our work in this project and describe the capabilities and functionalities of the Privacy Flag Platform.

The cloud computing paradigm enables enterprises to realise significant cost savings whilst boosting their agility and productivity. However, security and privacy concerns generally deter enterprises from migrating their critical data to the cloud. One way to alleviate these concerns, hence bolster the adoption of cloud computing, is to devise adequate security policies that control the manner in which these data are stored and accessed in the cloud. Nevertheless, for enterprises to entrust these policies, a framework capable of providing assurances about their correctness is required. This work proposes such a framework. In particular, it proposes an approach that enables enterprises to define their own view of what constitutes a correct policy through the formulation of an appropriate set of well-formedness constraints. These constraints are expressed ontologically thus enabling–-by virtue of semantic inferencing–- automated reasoning about their satisfaction by the policies.

Many organizations process personal information in the course of normal operations. Improper disclosure of this information can be damaging, so organizations must obey privacy laws and regulations that impose restrictions on its release or risk penalties. Since electronic management of personal information must be held in strict compliance with the law, software systems designed for such purposes must have some guarantee of compliance. To support this, we develop a general methodology for designing and implementing verifiable information systems. This paper develops the design of the History Aware Programming Language into a framework for creating systems that can be mechanically checked against privacy specifications. We apply this framework to create and verify a prototypical Electronic Medical Record System (EMRS) expressed as a set of actor components and first-order linear temporal logic specifications in assume-guarantee form. We then show that the implementation of the EMRS provably enforces a formalized Health Insurance Portability and Accountability Act (HIPAA) policy using a combination of model checking and static analysis techniques.

We consider the problem of verifying the security of finitely many sessions of a protocol that tosses coins in addition to standard cryptographic primitives against a Dolev-Yao adversary. Two properties are investigated here - secrecy, which asks if no adversary interacting with a protocol P can determine a secret sec with probability textgreater 1 - p; and indistinguishability, which asks if the probability observing any sequence 0$øverline$ in P1 is the same as that of observing 0$øverline$ in P2, under the same adversary. Both secrecy and indistinguishability are known to be coNP-complete for non-randomized protocols. In contrast, we show that, for randomized protocols, secrecy and indistinguishability are both decidable in coNEXPTIME. We also prove a matching lower bound for the secrecy problem by reducing the non-satisfiability problem of monadic first order logic without equality.

Applications of true random number generators (TRNGs) span from art to numerical computing and system security. In cryptographic applications, TRNGs are used for generating new keys, nonces and masks. For this reason, a TRNG is an essential building block and often a point of failure for embedded security systems. One type of primitives that are widely used as source of randomness are ring oscillators. For a ring-oscillator-based TRNG, the true randomness originates from its timing jitter. Therefore, determining the jitter strength is essential to estimate the quality of a TRNG. In this paper, we propose a method to measure the jitter strength of a ring oscillator implemented on an FPGA. The fast tapped delay chain is utilized to perform the on-chip measurement with a high resolution. The proposed method is implemented on both a Xilinx FPGA and an Intel FPGA. Fast carry logic components on different FPGAs are used to implement the fast delay line. This carry logic component is designed to be fast and has dedicated routing, which enables a precise measurement. The differential structure of the delay chain is used to thwart the influence of undesirable noise from the measurement. The proposed methodology can be applied to other FPGA families and ASIC designs.

Internet of Things (IoT) will be emerged over many of devices that are dynamically networked. Because of distributed and dynamic nature of IoT, designing a recommender system for them is a challenging problem. Recently, cognitive systems are used to design modern frameworks in different types of computer applications such as cognitive radio networks and cognitive peer-to-peer networks. A cognitive system can learn to improve its performance while operating under its unknown environment. In this paper, we propose a framework for cognitive recommender systems in IoT. To the best of our knowledge, there is no recommender system based on cognitive systems in the IoT. The proposed algorithm is compared with the existing recommender systems.

The privacy of information is an increasing concern of software applications users. This concern was caused by attacks to cloud services over the last few years, that have leaked confidential information such as passwords, emails and even private pictures. Once the information is leaked, the users and software applications are powerless to contain the spread of information and its misuse. With databases as a central component of applications that store almost all of their data, they are one of the most common targets of attacks. However, typical deployments of databases do not leverage security mechanisms to stop attacks and do not apply cryptographic schemes to protect data. This issue has been tackled by multiple secure databases that provide trade-offs between security, query capabilities and performance. Despite providing stronger security guarantees, the proposed solutions still entrust their data to a single entity that can be corrupted or hacked. Secret sharing can solve this problem by dividing data in multiple secrets and storing each secret at a different location. The division is done in such a way that if one location is hacked, no information can be leaked. Depending on the protocols used to divide data, functions can be computed over this data through secure protocols that do not disclose information or actually know which values are being calculated. We propose a SQL database prototype capable of offering a trade-off between security and query latency by using a different secure protocol. An evaluation of the protocols is also performed, showing that our most relaxed protocol has an improvement of 5+ on the query latency time over the original protocol.

Summary form only given. All-optical switching (AOS) has been observed in ferromagnetic (FM) layers and synthetic ferrimagnetic heterostructures [1-4]. In this work, we use anomalous Hall effect (AHE) measurements to demonstrate controlled helicity-dependent switching in synthetic ferrimagnetic heterostructures. The two FM layers are engineered to have different Curie temperatures Tc1 (fixed) and Tc2 (variable). We show that irrespective of whether Tc2 is higher or lower than Tc1, the final magnetic configuration of the heterostructure is controlled by using the laser polarization to set the magnetic state of the FM layer with the highest Tc. All samples were grown on glass substrates at room temperature by DC magnetron sputtering. Two sets of samples were prepared. The first set are single FM layers with layer composition Ta (3 nm)/Pt (4 nm)/FM1(2)/Pt capping (4 nm), where FM1 = Co (0.6 nm) is a Co layer and FM2 = CoFeB (tCoFeB)/Pt(0.4 nm)/ CoFeB (tCoFeB) (0.2 ≤ tCoFeB ≤ 0.6 nm) is a composite CoFeB layer where both CoFeB layers are ferromagnetically coupled and act as a single layer. FM1 and FM2 were used to produce the second set of synthetic ferrimagnetic samples with layer structure Ta (3 nm)/Pt (4 nm)/FM1/Pt (0.4 nm)/Ru (0.9 nm)/Pt (0.4 nm)/FM2/Pt capping (4 nm). The Ru layer provides the antiferromagnetic RKKY interlayer exchange coupling between the adjacent FM1 and FM2 layers while the Pt layers on either side of the Ru layer can tune the strength of the coupling and stabilize their perpendicular anisotropy [5]. To study the AOS, we use a Ti: sapphire fs-laser with a wavelength of 800 nm and a pulse duration of 43 fs. A quarter-wave plate is used to create a circularly polarized [right(σ+) and left-handed (σ-)] beam. We first measured the magnetic properties of the FM1 and FM2 layers using vibrating sample magnetometry (VSM). All FM samples show full remanence in perpendicular hyst- resis loops at room temperature (not shown). The temperature-dependent magnetization scans (not shown) give a Curie temperature Tc1 of 524 K for FM1. For FM2, increasing tCoFeB increases its Curie temperatureTc2. At tCoFeB = 0.5 nm, Tc2 - Tc1. Hall crosses are patterned by optical lithography and ion milling. The width of the current carrying wire is - 5 um, giving a DC current density of - 6 x 109 A/m2 during the measurement. Figure 1(a) shows the resulting perpendicular Hall hysteresis loop of the synthetic ferrimagnetic sample with tCoFeB = 0.2 nm. At remanence, the stable magnetic configurations are the two antiparallel orientations of FM1 and FM2 [State I and II in Fig. 1(a)]. To study the AOS, we swept the laser beam with a power of 0.45 mW and a speed of 1 μm/sec across the Hall cross, and the corresponding Hall voltage was constantly monitored. In Fig. 1(b), we show the normalized Hall voltage, VHall, as a function of the laser beam position x for both beam polarizations σ+ and σ-. The initial magnetic configuration was State I. When the beam is at the center of the cross (position B), both beam polarizations give VHall - 0. As the beam leaves the cross (position C), the σbeam changes the magnetic configurations from State I to State II (FM1 magnetization pointing down), while the system reverts to State I using the σ+ beam. Changing the initial configuration from State I to State II results in the same final magnetic configurations, determined by the laser beam polarizations (not shown). Similar results (not shown) were obtained for samples with tCoFeB ≤ 0.4 nm. However, at tCoFeB = 0.6 nm, the σbeam results in the final magnetic configurations with FM2 magnetization pointing down (State I) and the σ+ beam results in the State II configuration, suggesting that the final state is determined by the beam polar

Local-area networks comprising the Internet of Things (IoT) consist mainly of devices that have limited processing capabilities and face energy constraints. This has an implication on developing security mechanisms, as they require significant computing resources. In this paper, we design a trust-based routing solution with IoT devices in mind. Specifically, we propose a trust-based approach for managing the reputation of every node of an IoT network. The approach is based on the emerging Routing Protocol for Low power and Lossy networks (RPL). The proposed solution is simulated for its routing resilience and compared with two other variants of RPL.

RFID Grouping proof convinces an offline verifier that multiple tags are simultaneously scanned. Various solutions have been proposed but most of them have security and privacy vulnerabilities. In this paper, we propose an elliptic-curve-based RFID grouping proof protocol. Our protocol is proven secure and narrow-strong private. We also demonstrate that our grouping proof can be batch verified to improve the efficiency for large-scale RFID systems and it is suitable for low-cost RFID tags.

The discussion of threats and vulnerabilities in Industrial Control Systems has gained popularity during the last decade due to the increase in interest and growing concern to secure these systems. In order to provide an overview of the complete landscape of these threats and vulnerabilities this contribution provides a tiered security analysis of the assets that constitute Industrial Control Systems. The identification of assets is obtained from a generalization of the system's architecture. Additionally, the security analysis is complemented by discussing security countermeasures and solutions that can be used to counteract the vulnerabilities and increase the security of control systems.

The SCADA infrastructure is a key component for power grid operations. Securing the SCADA infrastructure against cyber intrusions is thus vital for a well-functioning power grid. However, the task remains a particular challenge, not the least since not all available security mechanisms are easily deployable in these reliability-critical and complex, multi-vendor environments that host modern systems alongside legacy ones, to support a range of sensitive power grid operations. This paper examines how effective a few countermeasures are likely to be in SCADA environments, including those that are commonly considered out of bounds. The results show that granular network segmentation is a particularly effective countermeasure, followed by frequent patching of systems (which is unfortunately still difficult to date). The results also show that the enforcement of a password policy and restrictive network configuration including whitelisting of devices contributes to increased security, though best in combination with granular network segmentation.

Technology specific expert knowledge is often required to analyse security configurations and determine potential vulnerabilities, but it becomes difficult when it is a new technology such as Fog computing. Furthermore, additional knowledge is also required regarding how the security configuration has been constructed in respect to an organisation's security policies. Traditionally, organisations will often manage their access control permissions relative to their employees needs, posing challenges to administrators. This problem is even exacerbated in Fog computing systems where security configurations are implemented on a large amount of devices at the edges of Internet, and the administrators are required to retain adequate knowledge on how to perform complex administrative tasks. In this paper, a novel approach of translating object-based security configurations in to a graph model is presented. A technique is then developed to autonomously identify vulnerabilities and perform security auditing of large systems without the need for expert knowledge. Throughout the paper, access control configuration data is used as a case study, and empirical analysis is performed on synthetically generated access control permissions.

We introduce an emotion influenced robotic path planning solution which offers the possibility of enabling emotions in the robot. The robot can change the speed of the path or learn where it should be and where it should not be. Most existing solutions for robotic path planning have no emotional influences. The most successful emotions were taken and included into the solution of this paper. The results were analyzed with regard to the time and speed it takes for a normal robotic path planning without emotions and with emotions of happiness, fear and novelty.

Embry-Riddle Aeronautical University (ERAU) is working with the Air Force Research Lab (AFRL) to develop a distributed multi-layer autonomous UAS planning and control technology for gathering intelligence in Anti-Access Area Denial (A2/AD) environments populated by intelligent adaptive adversaries. These resilient autonomous systems are able to navigate through hostile environments while performing Intelligence, Surveillance, and Reconnaissance (ISR) tasks, and minimizing the loss of assets. Our approach incorporates artificial life concepts, with a high-level architecture divided into three biologically inspired layers: cyber-physical, reactive, and deliberative. Each layer has a dynamic level of influence over the behavior of the agent. Algorithms within the layers act on a filtered view of reality, abstracted in the layer immediately below. Each layer takes input from the layer below, provides output to the layer above, and provides direction to the layer below. Fast-reactive control systems in lower layers ensure a stable environment supporting cognitive function on higher layers. The cyber-physical layer represents the central nervous system of the individual, consisting of elements of the vehicle that cannot be changed such as sensors, power plant, and physical configuration. On the reactive layer, the system uses an artificial life paradigm, where each agent interacts with the environment using a set of simple rules regarding wants and needs. Information is communicated explicitly via message passing and implicitly via observation and recognition of behavior. In the deliberative layer, individual agents look outward to the group, deliberating on efficient resource management and cooperation with other agents. Strategies at all layers are developed using machine learning techniques such as Genetic Algorithm (GA) or NN applied to system training that takes place prior to the mission.

A hardware Trojan is a malicious circuit inserted into a device by a malicious designer or manufacturer in the circuit design or fabrication phase. With the globalization of semiconductor industry, more and more chips and devices are designed, integrated and fabricated by untrusted manufacturers, who can potentially insert hardware Trojans for launching attacks after the devices are deployed. Moreover, the most damaging attack in a smart grid is a large scale electricity failure, which can cause very serious consequences that are worse than any disaster. Unfortunately, this attack can be implemented very easily by synchronized hardware Trojans acting as a collective offline time bomb; the Trojans do not need to interact with one another and can affect a large fraction of nodes in a power grid. More sophisticatedly, this attack can also be realized by online hardware Trojans which keep listening to the communication channel and wait for a trigger event to trigger their malicious payloads; here, a broadcast message triggers all the Trojans at the same time. In this paper, we address the offline synchronized hardware Trojan attack, as it does not require the adversary to penetrate the power grid network for sending triggers. We classify two types of offline synchronized hardware Trojan attacks as type A and B: type B requires communication between different nodes, and type A does not. The hardware Trojans needed for type B turn out to be much more complex (and therefore larger in area size) than those for type A. In order to prevent type A attacks we suggest to enforce each power grid node to work in an unique time domain which has a random time offset to Universal Coordinated Time (UTC). This isolation principle can mitigate type A offline synchronized hardware Trojan attacks in a smart grid, such that even if hardware Trojans are implanted in functional units, e.g. Phasor Measurement Units (PMUs) and Remote Terminal Units (RTUs), they can only cause a minimal damage, i.e. sporadic single node failures. The proposed solution only needs a trusted Global Positioning System (GPS) module which provides the correct UTC together with small additional interface circuitry. This means that our solution can be used to protect the current power grid infrastructure against type A offline attacks without replacing any untrusted functional unit, which may already have embedded hardware Trojans.

Clone product injection into supply chains causes serious problems for industry and customers. Many mechanisms have been introduced to detect clone products in supply chains which make use of RFID technologies. This article gives an overview of these mechanisms, categorizes them by hardware change requirements, and compares their attributes.

Redundant capacity in filesystem timestamps is recently proposed in the literature as an effective means for information hiding and data leakage. Here, we evaluate the steganographic capabilities of such channels and propose techniques to aid digital forensics investigation towards identifying and detecting manipulated filesystem timestamps. Our findings indicate that different storage media and interfaces exhibit different timestamp creation patterns. Such differences can be utilized to characterize file source media and increase the analysis capabilities of the incident response process.