Biblio

Many cloud services perform periodic database backup to keep the data safe from failures such as sudden system crashes. In the database system, two techniques are widely used for data backup and recovery: a physical backup and a logical backup. The physical backup uses raw data by copying the files in the database, whereas the logical backup extracts data from the database and dumps it into separated files as a sequence of query statements. Both techniques support a full backup strategy that contains data of the entire database and incremental backup strategy that contains changed data since a previous backup. However, both strategies require additional I/O operations to perform the backup and need a long time to restore a backup. In this paper, we propose an efficient backup and recovery scheme by exploiting write-ahead logging (WAL) in database systems. In the proposed scheme, for backup, we devise a backup system to use log data generated by the existing WAL to eliminate the additional I/O operations. To restore a backup, we utilize and optimize the existing crash recovery procedure of WAL to reduce recovery time. For example, we divide the recovery range and applying the backup data for each range independently via multiple threads. We implement our scheme in MySQL, a popular database management system. The experimental result demonstrates that the proposed scheme provides instant backup while reducing recovery time compared with the existing schemes.

In recent times, there has been a global surge of ransomware attacks targeted at industries of various types and sizes from retail to critical infrastructure. Ransomware researchers are constantly coming across new kinds of ransomware samples every day and discovering novel ransomware families out in the wild. To mitigate this ever-growing menace, academia and industry-based security researchers have been utilizing unique ways to defend against this type of cyber-attacks. I/O Request Packet (IRP), a low-level file system I/O log, is a newly found research paradigm for defense against ransomware that is being explored frequently. As such in this study, to learn granular level, actionable insights of ransomware behavior, we analyze the IRP logs of 272 ransomware samples belonging to 18 different ransomware families captured during individual execution. We further our analysis by building an effective Artificial Neural Network (ANN) structure for successful ransomware detection by learning the underlying patterns of the IRP logs. We evaluate the ANN model with three different experimental settings to prove the effectiveness of our approach. The model demonstrates outstanding performance in terms of accuracy, precision score, recall score, and F1 score, i.e., in the range of 99.7%±0.2%.

Artificial intelligence (AI) software has high algorithm complexity, and the scale and dimension of the input and output parameters are high, and the test oracle isn't explicit. These features make a lot of difficulties for the design of test cases. This paper proposes an AI software testing method based on scene deductive approach. It models the input, output parameters and the environment, uses the random algorithm to generate the inputs of the test cases, then use the algorithm of deductive approach to make the software testing automatically, and use the test assertions to verify the results of the test. After description of the theory, this paper uses intelligent tracking car as an example to illustrate the application of this method and the problems needing attention. In the end, the paper describes the shortcoming of this method and the future research directions.

The penalization of the objective function due to energy deficits is a key element for determining the operational policy of hydroelectric reservoirs. Its definition impacts not only operations, but also system expansion. Brazil historically defined these penalties with basis on a proxy of the economic deficit cost, a value in \$/MWh obtained with aid of the Input-Output Matrix. We propose an approach where these penalties are obtained in order to minimize the operation cost and cost of rationing of the system, considering a criterion of security of supply. A case study with data from the Brazilian System illustrates its application.

The Internet of Things (IoT) is a vast collection of interconnected sensors, devices, and services that share data and information over the Internet with the objective of leveraging multiple information sources to optimize related systems. The technologies associated with the IoT have significantly improved the quality of many existing applications by reducing costs, improving functionality, increasing access to resources, and enhancing automation. The adoption of IoT by industries has led to the next industrial revolution: Industry 4.0. The rise of the Industrial IoT (IIoT) promises to enhance factory management, process optimization, worker safety, and more. However, the rollout of the IIoT is not without significant issues, and many of these act as major barriers that prevent fully achieving the vision of Industry 4.0. One major area of concern is the security and privacy of the massive datasets that are captured and stored, which may leak information about intellectual property, trade secrets, and other competitive knowledge. As a way forward toward solving security and privacy concerns, we aim in this paper to identify common input-output (I/O) design patterns that exist in applications of the IIoT. These design patterns enable constructing an abstract model representation of data flow semantics used by such applications, and therefore better understand how to secure the information related to IIoT operations. In this paper, we describe communication protocols and identify common I/O design patterns for IIoT applications with an emphasis on data flow in edge devices, which, in the industrial control system (ICS) setting, are most often involved in process control or monitoring.

This paper presents the Virtual Open Operating System (vf-OS) Input / Output (IO) Toolkit Generator, which is a design tool to develop vf-OS IO components that interact with all kinds of manufacturing assets, either physical devices like Program Logic Controllers (PLCs), software applications like Enterprise Resource Planning Systems (ERPs) or legacy file formats like STEP. The vf-OS IO Toolkit Generator is based on software scaffolding, a code generation technique that allows a developer to create a working component to interact with a manufacturing asset from the vf-OS Platform without writing a line of code. As described in this paper, software scaffolding not only simplifies the development of interoperability components, but it also fosters system security and platform integration automation. Another contribution of this paper is to propose possible integrations between the IO Toolkit Generator and the vf-OS Security Command Centre in charge of platform security. Additionally, this paper describes how the concept can be extended to address other digital manufacturing platforms like Fi-Ware.

Minimum-Storage Regenerating (MSR) codes have emerged as a viable alternative to Reed-Solomon (RS) codes as they minimize the repair bandwidth while they are still optimal in terms of reliability and storage overhead. Although several MSR constructions exist, so far they have not been practically implemented mainly due to the big number of I/O operations. In this paper, we analyze high-rate MDS codes that are simultaneously optimized in terms of storage, reliability, I/O operations, and repair-bandwidth for single and multiple failures of the systematic nodes. The codes were recently introduced in [1] without any specific name. Due to the resemblance between the hashtag sign \# and the procedure of the code construction, we call them in this paper HashTag Erasure Codes (HTECs). HTECs provide the lowest data-read and data-transfer, and thus the lowest repair time for an arbitrary sub-packetization level α, where α ≤ r⌈k/r⌉, among all existing MDS codes for distributed storage including MSR codes. The repair process is linear and highly parallel. Additionally, we show that HTECs are the first high-rate MDS codes that reduce the repair bandwidth for more than one failure. Practical implementations of HTECs in Hadoop release 3.0.0-alpha2 demonstrate their great potentials.

Network security testing devices play important roles in Cyber security. Most of the current network security testing devices are based on proprietary hardware, however, the virtual network security tester needs high network I/O throughput performance. Therefore, the solution of the problem, which provides high-performance network I/O in the virtual scene will be explained in this paper. The method we proposed for virtualized network I/O performance optimization on a general hardware platform is able to achieve the I/O throughput performance of the proprietary hardware. The Single Root I/O Virtualization (SRIOV) of the physical network card is divided into a plurality of virtual network function of VF, furthermore, it can be added to different VF and VM. Extensive experiment illustrated that the virtualization and the physical network card sharing based on hardware are realized, and they can be used by Data Plane Development Kit (DPDK) and SRIOV technology. Consequently, the test instrument applications in virtual machines achieves the rate of 10Gps and meet the I/O requirement.

In this paper, we consider the runtime verification problem of safety hyperproperties for deterministic programs. Several security and information-flow policies such as data minimality, non-interference, integrity, and software doping are naturally expressed formally as safety hyperproperties. Although there are monitoring results for hyperproperties, the algorithms are very complex since these are properties over set of traces, and not over single traces. For the deterministic input-output programs that we consider, and the specific safety hyperproperties we are interested in, the problem can be reduced to monitoring of trace properties. In this paper, we present a simpler monitoring approach for safety hyperproperties of deterministic programs. The approach involves transforming the given safety hyperproperty into a trace property, extracting a characteristic predicate for the given hyperproperty, and providing a parametric monitor taking such predicate as parameter. For any hyperproperty in the considered subclass, we show how runtime verification monitors can be synthesised. We have implemented our approach in the form of a parameterised monitor for the given class, and have applied it to a number of hyperproperties including data minimisation, non-interference, integrity and software doping. We show results concerning both offline and online monitoring.

In this paper, we continue to investigate the problem of software security. The problem is to check if software under test has some vulnerabilities such as exceeding of admissible values of input/output parameters or internal variables or can reach states where the software (service) behavior is not defined. We illustrate by experiments that the well-known verifier Java Path Finder (JPF) can be utilized for this purpose. We apply JPF-mobile to Android applications and results of security checking experiments are presented.

Anti-virus software (AVS) tools are used to detect Malware in a system. However, software-based AVS are vulnerable to attacks. A malicious entity can exploit these vulnerabilities to subvert the AVS. Recently, hardware components such as Hardware Performance Counters (HPC) have been used for Malware detection. In this paper, we propose PREEMPT, a zero overhead, high-accuracy and low-latency technique to detect Malware by re-purposing the embedded trace buffer (ETB), a debug hardware component available in most modern processors. The ETB is used for post-silicon validation and debug and allows us to control and monitor the internal activities of a chip, beyond what is provided by the Input/Output pins. PREEMPT combines these hardware-level observations with machine learning-based classifiers to preempt Malware before it can cause damage. There are many benefits of re-using the ETB for Malware detection. It is difficult to hack into hardware compared to software, and hence, PREEMPT is more robust against attacks than AVS. PREEMPT does not incur performance penalties. Finally, PREEMPT has a high True Positive value of 94% and maintains a low False Positive value of 2%.

Two-phase I/O is a well-known strategy for implementing collective MPI-IO functions. It redistributes I/O requests among the calling processes into a form that minimizes the file access costs. As modern parallel computers continue to grow into the exascale era, the communication cost of such request redistribution can quickly overwhelm collective I/O performance. This effect has been observed from parallel jobs that run on multiple compute nodes with a high count of MPI processes on each node. To reduce the communication cost, we present a new design for collective I/O by adding an extra communication layer that performs request aggregation among processes within the same compute nodes. This approach can significantly reduce inter-node communication contention when redistributing the I/O requests. We evaluate the performance and compare it with the original two-phase I/O on Cray XC40 parallel computers (Theta and Cori) with Intel KNL and Haswell processors. Using I/O patterns from two large-scale production applications and an I/O benchmark, we show our proposed method effectively reduces the communication cost and hence maintains the scalability for a large number of processes.

{Unikernel is smaller in size than existing operating systems and can be started and shut down much more quickly and safely, resulting in greater flexibility and security. Since unikernel does not include large modules like the file system in its library to reduce its size, it is common to choose offloading to handle file IO. However, the processing of IO offload of unikernel transfers the file IO command to the proxy of the file server and copies the file IO result of the proxy. This can result in a trade-off of rapid processing, an advantage of unikernel. In this paper, we propose a method to offload file IO and to perform file IO with direct copy from file server to unikernel}.

Cyber-physical systems (CPSs) are implemented in many industrial and embedded control applications. Where these systems are safety-critical, correct and safe behavior is of paramount importance. Malicious attacks on such CPSs can have far-reaching repercussions. For instance, if elements of a power grid behave erratically, physical damage and loss of life could occur. Currently, there is a trend toward increased complexity and connectivity of CPS. However, as this occurs, the potential attack vectors for these systems grow in number, increasing the risk that a given controller might become compromised. In this article, we examine how the dangers of compromised controllers can be mitigated. We propose a novel application of runtime enforcement that can secure the safety of real-world physical systems. Here, we synthesize enforcers to a new hardware architecture within programmable logic controller I/O modules to act as an effective line of defence between the cyber and the physical domains. Our enforcers prevent the physical damage that a compromised control system might be able to perform. To demonstrate the efficacy of our approach, we present several benchmarks, and show that the overhead for each system is extremely minimal.

In many industry Internet of Things applications, resources like CPU, memory, and battery power are limited and cannot afford the classic cryptographic security solutions. Silicon physical unclonable function (PUF) is a lightweight security primitive that exploits manufacturing variations during the chip fabrication process for key generation and/or device authentication. However, traditional weak PUFs such as ring oscillator (RO) PUF generate chip-unique key for each device, which restricts their application in security protocols where the same key is required to be shared in resource-constrained devices. In this article, in order to address this issue, we propose a PUF-based key sharing method for the first time. The basic idea is to implement one-to-one input-output mapping with lookup table (LUT)-based interstage crossing structures in each level of inverters of RO PUF. Individual customization on configuration bits of interstage crossing structure and different RO selections with challenges bring high flexibility. Therefore, with the flexible configuration of interstage crossing structures and challenges, crossover RO PUF can generate the same shared key for resource-constrained devices, which enables a new application for lightweight key sharing protocols.

The Rowhammer bug is a novel micro-architectural security threat, enabling powerful privilege-escalation attacks on various mainstream platforms. It works by actively flipping bits in Dynamic Random Access Memory (DRAM) cells with unprivileged instructions. In order to set up Rowhammer against binaries in the Linux page cache, the Waylaying algorithm has previously been proposed. The Waylaying method stealthily relocates binaries onto exploitable physical addresses without exhausting system memory. However, the proof-of-concept Waylaying algorithm can be easily detected during page cache eviction because of its high disk I/O overhead and long running time. This paper proposes the more advanced Memway algorithm, which improves on Waylaying in terms of both I/O overhead and speed. Running time and disk I/O overhead are reduced by 90% by utilizing Linux tmpfs and inmemory swapping to manage eviction files. Furthermore, by combining Memway with the unprivileged posix fadvise API, the binary relocation step is made 100 times faster. Equipped with our Memway+fadvise relocation scheme, we demonstrate practical Rowhammer attacks that take only 15-200 minutes to covertly relocate a victim binary, and less than 3 seconds to flip the target instruction bit.

Modern operating systems for personal computers (including Linux, MAC, and Windows) provide user-level APIs for an application to access the I/O paths of another application. This design facilitates information sharing between applications, enabling applications such as screenshots. However, it also enables user-level malware to log a user's keystrokes or scrape a user's screen output. In this work, we explore a design called SwitchMan to protect a user's I/O paths against user-level malware attacks. SwitchMan assigns each user with two accounts: a regular one for normal operations and a protected one for inputting and outputting sensitive data. Each user account runs under a separate virtual terminal. Malware running under a user's regular account cannot access sensitive input/output under a user's protected account. At the heart of SwitchMan lies a secure protocol that enables automatic account switching when an application requires sensitive input/output from a user. Our performance evaluation shows that SwitchMan adds acceptable performance overhead. Our security and usability analysis suggests that SwitchMan achieves a better tradeoff between security and usability than existing solutions.

This work proposes a scheme to detect, isolate and mitigate malicious disruption of electro-mechanical processes in legacy PLCs where each PLC works as a finite state machine (FSM) and goes through predefined states depending on the control flow of the programs and input-output mechanism. The scheme generates a group-signature for a particular state combining the signature shares from each of these PLCs using \$(k,\textbackslashtextbackslash l)\$-threshold signature scheme.If some of them are affected by the malicious code, signature can be verified by k out of l uncorrupted PLCs and can be used to detect the corrupted PLCs and the compromised state. We use OpenPLC software to simulate Legacy PLC system on Raspberry Pi and show İ/O\$ pin configuration attack on digital and pulse width modulation (PWM) pins. We describe the protocol using a small prototype of five instances of legacy PLCs simultaneously running on OpenPLC software. We show that when our proposed protocol is deployed, the aforementioned attacks get successfully detected and the controller takes corrective measures. This work has been developed as a part of the problem statement given in the Cyber Security Awareness Week-2017 competition.

Software metrics help developers discover and fix mistakes. However, despite promising empirical evidence, vulnerability discovery metrics are seldom relied upon in practice. In prior research, the effectiveness of these metrics has typically been expressed using precision and recall of a prediction model that uses the metrics as explanatory variables. These prediction models, being black boxes, may not be perceived as useful by developers. However, by systematically interpreting the models and metrics, we can provide developers with nuanced insights about factors that have led to security mistakes in the past. In this paper, we present a preliminary approach to using vulnerability discovery metrics to provide insightful feedback to developers as they engineer software. We collected ten metrics (churn, collaboration centrality, complexity, contribution centrality, nesting, known offender, source lines of code, \# inputs, \# outputs, and \# paths) from six open-source projects. We assessed the generalizability of the metrics across two contextual dimensions (application domain and programming language) and between projects within a domain, computed thresholds for the metrics using an unsupervised approach from literature, and assessed the ability of these unsupervised thresholds to classify risk from historical vulnerabilities in the Chromium project. The observations from this study feeds into our ongoing research to automatically aggregate insights from the various analyses to generate natural language feedback on security. We hope that our approach to generate automated feedback will accelerate the adoption of research in vulnerability discovery metrics.

Correct compilers perform program transformations preserving input/output behaviours of programs. Yet, correctness does not prevent program optimisations from introducing information-flow leaks that would make the target program more vulnerable to side-channel attacks than the source program. To tackle this problem, we propose a notion of Information-Flow Preserving (IFP) program transformation which ensures that a target program is no more vulnerable to passive side-channel attacks than a source program. To protect against a wide range of attacks, we model an attacker who is granted arbitrary memory accesses for a pre-defined set of observation points. We propose a compositional proof principle for proving that a transformation is IFP. Using this principle, we show how a translation validation technique can be used to automatically verify and even close information-flow leaks introduced by standard compiler passes such as dead-store elimination and register allocation. The technique has been experimentally validated on the CompCert C compiler.

Relationships like friendship to limit access to resources have been part of social network applications since their beginnings. Describing access control policies in terms of relationships is not particular to social networks and it arises naturally in many situations. Hence, we have recently seen several proposals formalizing different Relationship-based Access Control (ReBAC) models. In this paper, we introduce a class of Datalog programs suitable for modeling ReBAC and argue that this class of programs, that we called ReBAC Datalog policies, provides a very general framework to specify and implement ReBAC policies. To support our claim, we first formalize the merging of two recent proposals for modeling ReBAC, one based on hybrid logic and the other one based on path regular expressions. We present extensions to handle negative authorizations and temporal policies. We describe mechanism for policy analysis, and then discuss the feasibility of using Datalog-based systems as implementations.

A mass attack to web services using leaked account information has been done in recent years. The causes of the attack are information leakage and use of a same password among multiple services. Available measures to the attack are mainly using an alternative authentication method such as two-factor authentication or one-time password. Such measures put an additional operation load or credential management on users, and may also impose additional management costs to users or service providers for dedicated devices. These issues limit the applicability of such measures to only parts of various services. Therefore, I propose an alternative measure against the attack by using the concept of shutters in car garages. The proposed scheme is referred as the "authentication shutter". In this scheme, a legitimate user can control the availability of user authentication directly. This means that, even if an attacker has a valid user ID and password, if a legitimate user sets the user authentication as unavailable, an attacker cannot pass user authentication. I explain the basic idea and how to implement the scheme as a web system, and also discuss about the usability and security of the scheme.

The graphical pattern unlock scheme which requires users to connect a minimum of 4 nodes on 3X3 grid is one of the most popular authentication mechanism on mobile devices. However prior research suggests that users' pattern choices are highly biased and hence vulnerable to guessing attacks. Moreover, 3X3 pattern choices are devoid of features such as longer stroke lengths, direction changes and intersections that are considered to be important in preventing shoulder-surfing attacks. We attribute these insecure practices to the geometry of the grid and its complicated drawing rules which prevent users from realising the full potential of graphical passwords. In this paper, we propose and explore an alternate circular layout referred to as Pass-O which unlike grid layout allows connection between any two nodes, thus simplifying the pattern drawing rules. Consequently, Pass-O produces a theoretical search space of 9,85,824, almost 2.5 times greater than 3X3 grid layout. We compare the security of 3X3 and Pass-O patterns theoretically as well as empirically. Theoretically, Pass-O patterns are uniform and have greater visual complexity due to large number of intersections. To perform empirical analysis, we conduct a large-scale web-based user study and collect more than 1,23,000 patterns from 21,053 users. After examining user-chosen 3X3 and Pass-O patterns across different metrics such as pattern length, stroke length, start point, end point, repetitions, number of direction changes and intersections, we find that Pass-O patterns are much more secure than 3X3 patterns.

In this paper we discuss the Internet of Things (IoT) by exploring aspects which go beyond the proliferation of devices and information enabled by: the growth of the Internet, increased miniaturization, prolonged battery life and an IT literate user base. We highlight the role of feedback mechanisms and illustrate this with reference to implemented computer enabled factory control systems. As the technology has developed, the cost of computing has reduced drastically, programming interfaces have improved, sensors are simpler and more cost effective and high performance communications across a wide area are readily available. We illustrate this by considering an application based on the Raspberry Pi, which is a low cost, small, programmable and network capable computer based on a powerful ARM processor with a programmable I/O interface, which can provide access to sensors (and other devices). The prototype application running on this platform can sense the presence of human being, using inexpensive passive infrared detectors. This can be used to monitor the activity of vulnerable adults, logging the results to a central server using a domestic Internet solution over a Wireless LAN. Whilst this demonstrates the potential for the use of such control/monitoring systems, practical systems spanning thousands of sites will be more complex to deliver and will have more stringent data processing and management demands and security requirements. We will discuss these concepts in the context of delivery of a smart interconnected society.

Live migration is the process used in virtualization environment of datacenters in order to take the benefit of zero downtime during system maintenance. But during migrating live virtual machines along with system files and storage data, network traffic gets increases across network bandwidth and delays in migration time. There is need to reduce the migration time in order to maintain the system performance by analyzing and optimizing the storage overheads which mainly creates due to unnecessary duplicated data transferred during live migration. So there is need of such storage device which will keep the duplicated data residing in both the source as well as target physical host i.e. NAS. The proposed hash map based algorithm maps all I/O operations in order to track the duplicated data by assigning hash value to both NAS and RAM data. Only the unique data then will be sent data to the target host without affecting service level agreement (SLA), without affecting VM migration time, application downtime, SLA violations, VM pre-migration and downtime post migration overheads during pre and post migration of virtual machines.