Biblio

Hardware IPs are assumed to be roots-of-trust in complex SoCs. However, their design and security verification are still heavily dependent on manual expertise. Extensive research in this domain has shown that even cryptographic modules may lack information flow security, making them susceptible to remote attacks. Further, when an SoC is in the hands of the attacker, physical attacks such as fault injection are possible. This paper introduces EISec, a novel tool utilizing symbolic execution for exhaustive analysis of hardware IPs. EISec operates at the pre-silicon stage on the gate level netlist of a design. It detects information flow security violations and generates the exhaustive set of control sequences that reproduces them. We further expand its capabilities to quantify the confusion and diffusion present in cryptographic modules and to analyze an FSM's susceptibility to fault injection attacks. The proposed methodology efficiently explores the complete input space of designs utilizing symbolic execution. In short, EISec is a holistic security analysis tool to help hardware designers capture security violations early on and mitigate them by reporting their triggers.

At present, code reuse attacks, such as Return Oriented Programming (ROP), execute attacks through the code of the application itself, bypassing the traditional defense mechanism and seriously threatening the security of computer software. The existing two mainstream defense mechanisms, Address Space Layout Randomization (ASLR), are vulnerable to information disclosure attacks, and Control-Flow Integrity (CFI) will bring high overhead to programs. At the same time, due to the widespread use of software of unknown origin, there is no source code provided or available, so it is not always possible to secure the source code. In this paper, we propose FRCFI, an effective method based on binary rewriting to prevent code reuse attacks. FRCFI first disrupts the program's memory space layout through function shuffling and NOP insertion, then verifies the execution of the control-flow branch instruction ret and indirect call/jmp instructions to ensure that the target address is not modified by attackers. Experiment show shows that FRCFI can effectively defend against code reuse attacks. After randomization, the survival rate of gadgets is only 1.7%, and FRCFI adds on average 6.1% runtime overhead on SPEC CPU2006 benchmark programs.

From the past few years cloud services are so popular and are being used by many people from various domains for various purposes such as data storage, e-mails, backing up data and much more. While there were many options to perform such things why did people choose cloud? The answer is clouds are more flexible, convenient, reliable and efficient. Coming to security of data over cloud, it is secure to store data over cloud rather than storing data locally as there is chance of some computer breakdown or any natural disaster may also occur. There are also many threats for data security over cloud namely data breaching, lack of access-key management and much more. As the data has been processed and being stored online for various purposes, there is a clear requirement for data security. Many organizations face various challenges while storing their data over cloud such as data leakages, account hijacking, insufficient credentials and so on. So to overcome these challenges and safeguard the data, various encryption techniques were implemented. However, even though encryption is used, the data still needs to be decrypted in order to do any type of operation. As a result, we must choose a manner in which the data can be analyzed, searched for, or used in any other way without needing to be decoded. So, the objective is to introduce a technique that goes right for the above conditions mentioned and for data security over cloud.

Cloud computing plays major role in the development of accessing clouduser’s document and sensitive information stored. It has variety of content and representation. Cyber security and attacks in the cloud is a challenging aspect. Information security attains a vital part in Cyber Security management. It involves actions intended to reduce the adverse impacts of such incidents. To access the documents stored in cloud safely and securely, access control will be introduced based on cloud users to access the user’s document in the cloud. To achieve this, it is highly required to combine security components (e.g., Access Control, Usage Control) in the security document to get automatic information. This research work has proposed a Role Key Homomorphic Encryption Algorithm (RKHEA) to monitor the cloud users, who access the services continuously. This method provides access creation of session-based key to store the singularized encryption to reduce the key size from random methods to occupy memory space. It has some terms and conditions to be followed by the cloud users and also has encryption method to secure the document content. Hence the documents are encrypted with the RKHEA algorithm based on Service Key Access (SKA). Then, the encrypted key will be created based on access control conditions. The proposed analytics result shows an enhanced control over the documents in cloud and improved security performance.

Biometric security is the fastest growing area that receives considerable attention over the past few years. Digital hiding and encryption technologies provide an effective solution to secure biometric information from intentional or accidental attacks. Visual cryptography is the approach utilized for encrypting the information which is in the form of visual information for example images. Meanwhile, the biometric template stored in the databases are generally in the form of images, the visual cryptography could be employed effectively for encrypting the template from the attack. This study develops a share creation with improved encryption process for secure biometric verification (SCIEP-SBV) technique. The presented SCIEP-SBV technique majorly aims to attain security via encryption and share creation (SC) procedure. Firstly, the biometric images undergo SC process to produce several shares. For encryption process, homomorphic encryption (HE) technique is utilized in this work. To further improve the secrecy, an improved bald eagle search (IBES) approach was exploited in this work. The simulation values of the SCIEP-SBV system are tested on biometric images. The extensive comparison study demonstrated the improved outcomes of the SCIEP-SBV technique over compared methods.

The FAA proposes Safety Continuum that recognizes the public expectation for safety outcomes vary with aviation sectors that have different missions, aircraft, and environments. The purpose is to align the rigor of oversight to the public expectations. An aircraft, its variants or derivatives may be used in operations with different expectations. The differences in mission might bring immutable risks for some applications that reuse or revise the original aircraft type design. The continuum enables a more agile design approval process for innovations in the context of a dynamic ecosystems, addressing the creation of variants for different sectors and needs. Since an aircraft type design can be reused in various operations under part 91 or 135 with different mission risks the assurance case will have many branches reflecting the variants and derivatives.This paper proposes a model for the holistic, performance-based, through-life safety assurance case that focuses applicant and oversight alike on achieving the safety outcomes. This paper describes the application of goal-based, technology-neutral features of performance-based assurance cases extending the philosophy of UL 4600, to the Safety Continuum. This paper specifically addresses component reuse including third-party vehicle modifications and changes to operational concept or eco-system. The performance-based assurance argument offers a way to combine the design approval more seamlessly with the oversight functions by focusing all aspects of the argument and practice together to manage the safety outcomes. The model provides the context to assure mitigated risk are consistent with an operation’s place on the safety continuum, while allowing the applicant to reuse parts of the assurance argument to innovate variants or derivatives. The focus on monitoring performance to constantly verify the safety argument complements compliance checking as a way to assure products are "fit-for-use". The paper explains how continued operational safety becomes a natural part of monitoring the assurance case for growing variety in a product line by accounting for the ecosystem changes. Such a model could be used with the Safety Continuum to promote applicant and operator accountability delivering the expected safety outcomes.

In this paper we consider cyber security requirements of the smart buildings. We identify cyber risks, threats, attack scenarios, security objectives and related security controls. The work was done as a part of a smart building design and construction work. From the controls identified w e concluded security practices for engineering-in smart buildings security. The paper provides an idea toward which system security engineers can strive in the basic design and implementation of the most critical components of the smart buildings. The intent of the concept is to help practitioners to avoid ad hoc approaches in the development of security mechanisms for smart buildings with shared space.

Wireless-fidelity (Wi-Fi) and Bluetooth are examples of modern wireless communication technologies that employ radio waves as the primary channel for data transmission. but it ought to find alternatives over the limitation and interference in the radio frequency (RF) band. For viable alternatives, visible light communication (VLC) technology comes to play as Light Fidelity (Li-Fi) which uses visible light as a channel for delivering very high-speed communication in a Wi-Fi way. In terms of availability, bandwidth, security and efficiency, Li-Fi is superior than Wi-Fi. In this paper, we present a Li-Fi-based indoor communication system. prototype model has been proposed for single user scenario using visible light portion of electromagnetic spectrum. This system has been designed for audio data communication in between the users in transmitter and receiver sections. LED and photoresistor have been used as optical source and receiver respectively. The electro-acoustic transducer provides the required conversion of electrical-optical signal in both ways. This system might overcome problems like radio-frequency bandwidth scarcity However, its major problem is that it only works when it is pointed directly at the target.

The operation of the modern power grid is becoming increasingly reliant on its underlying communication network, especially within the context of the rapidly growing integration of Distributed Energy Resources (DERs). This tight cyber-physical coupling brings uncertainties and challenges for the power grid operation and control. To help operators manage the complex cyber-physical environment, ensure the integrity, and continuity of reliable grid operation, a two-stage approach is proposed that is compatible with current ICS protocols to improve the deliverability of time critical operations. With the proposed framework, the impact Denial of Service (DoS) attack can have on a Transmission Control Protocol (TCP) session could be effectively prevented and mitigated. This coordinated approach combines the efficiency of congestion window reconfiguration and the applicability of physical-only mitigation approaches. By expanding the state and action space to encompass both the cyber and physical domains. This approach has been proven to outperform the traditional, physical-only method, in multiple network congested scenarios that were emulated in a real-time cyber-physical testbed.

We address the problem of recovering signals from compressed measurements based on generative priors. Recently, generative-model based compressive sensing (GMCS) methods have shown superior performance over traditional compressive sensing (CS) techniques in recovering signals from fewer measurements. However, it is possible to further improve the performance of GMCS by introducing controlled sparsity in the latent-space. We propose a proximal meta-learning (PML) algorithm to enforce sparsity in the latent-space while training the generator. Enforcing sparsity naturally leads to a union-of-submanifolds model in the solution space. The overall framework is named as sparsity driven latent space sampling (SDLSS). In addition, we derive the sample complexity bounds for the proposed model. Furthermore, we demonstrate the efficacy of the proposed framework over the state-of-the-art techniques with application to CS on standard datasets such as MNIST and CIFAR-10. In particular, we evaluate the performance of the proposed method as a function of the number of measurements and sparsity factor in the latent space using standard objective measures. Our findings show that the sparsity driven latent space sampling approach improves the accuracy and aids in faster recovery of the signal in GMCS.

We propose a human-operator guided planning approach to pushing-based manipulation in clutter. Most recent approaches to manipulation in clutter employs randomized planning. The problem, however, remains a challenging one where the planning times are still in the order of tens of seconds or minutes, and the success rates are low for difficult instances of the problem. We build on these control-based randomized planning approaches, but we investigate using them in conjunction with human-operator input. In our framework, the human operator supplies a high-level plan, in the form of an ordered sequence of objects and their approximate goal positions. We present experiments in simulation and on a real robotic setup, where we compare the success rate and planning times of our human-in-the-loop approach with fully autonomous sampling-based planners. We show that with a minimal amount of human input, the low-level planner can solve the problem faster and with higher success rates.

The full integration of Remotely Piloted Aircraft Systems (RPAS) in non-segregated airspace is one of the major objectives for the worldwide aviation organizations and authorities. However, there are several technological and regulatory issues due to the increase of the air traffic in the next years and to the need of keeping high safety levels. In this framework, a real-time validation environment capable to simulate complex scenarios related to future air traffic management (ATM) conditions is of paramount importance. These facilities allow detailed testing and tuning of new technologies and procedures before executing flight tests. With such motivations, the Italian Aerospace Research Centre has developed the Integrated Simulation Facility (ISF) able to accurately reproduce ATM complex scenarios in real-time with hardware and human in-the-loop simulations, aiming to validate new ATM procedures and innovative system prototypes for RPAS and General Aviation aircraft. In the present work, the ISF facility has been used for reproducing relevant ATM scenarios to validate the functionalities of a Detect and Avoid system (DAA). The results of the ISF test campaign demonstrate the effectiveness of the developed algorithm in the autonomous resolution of mid-air collisions in presence of both air traffic and fixed obstacles (i.e. bad weather areas, no-fly-zone and terrain) and during critical flight phases, thus exceeding the current DAA state-of-the-art.

In recent days cloud domain gains a lot of user attention in order to store and access the data from remote locations connected through the internet. As it is generally known that all the sensitive data come from remote locations will be stored in the centralized storage medium and then try to access the data from that centralized storage space controlled by the cloud server. It is facing a problem like there is no security for the data in terms of user authorization and data authentication from the centralized storage location. Hence, it is required to migrate for a new storage procedure like Decentralized storage of cloud data in which the systems that do not rely on a central authority, so that the collusion resistance can be avoided by maintaining a global identifier. Here, the term de-centralized access means granting multi authorities to control the access for providing more security for the sensitive data. The proposed research study attempts to develop a new scheme by adding a global identifier like Attribute Authority (AA) for providing access keys for the data users who wish to access the sensitive information from the cloud server. The proposed research work attempts to incorporate the composite order bilinear groups scheme for providing access facility for the data users and provide more security for the sensitive data. By conducting various experiments on the proposed model, the obtained result clearly tells that the proposed system is very efficient to access the data in a de-centralized manner by using a global identifier.

Modern cyberattacks are the most powerful disturbance factor for computer networks, as they have a complex and devastating impact. The impact of cyberattacks is primarily aimed at disrupting the performance of computer network protection means. Therefore, managing this defense system in the face of cyberattacks is an important task. The paper examines a technique for constructing an effective control system for a computer network security system operating in real time in the context of cyber attacks. It is supposed that it is built on the basis of constructing a system state space and a stack of control decisions. The probability of finding the security system in certain state at each control step is calculated using a finite Markov chain. The technique makes it possible to predict the number of iterations for managing the security system when exposed to cyber attacks, depending on the segment of the space of its states and the selected number of transitions, as well as automatically generate control decisions. An algorithm has been developed for situational control of a computer network security system in conditions of cyber attacks. The experimental results obtained using the generated dataset demonstrated the high efficiency of the developed technique and the ability to use it to determine the parameters that are most susceptible to abnormal deviations during the impact of cyber attacks.

In more electrical aircraft, the embedded electrical network is handling more and more vital functions, being more and more strained as well. Attenuation of switching harmonics is a key step in the network reliability, thus filtering elements play a central role. To keep the weight of the embedded network reasonable, weakly damped high-order filters shall be preferred. Flatness-based control (FBC) can offer both high bandwidth regulation and large signal stability proof. This make FBC a good candidate to handle the inherent oscillating behavior of aforementioned filters. However, this control strategy can be tricky to implement, especially with high order systems. Moreover, FBC is more sensor demanding than classic PI-based control. This paper address these two drawbacks. First, a novel trajectory planning for high order systems is proposed. This method does not require multiple derivations. Then the input sensors are removed thanks to a parameters estimator. Feasibility and performances are verified with experimental results. Performances comparison with cascaded-loop topologies are given in final section to prove the relevance of the proposed control strategy.

Code-reuse techniques have emerged as a way to defeat the control-flow defenses that prevent the injection and execution of new code, as they allow an adversary to hijack the control flow of a victim program without injected code. A well-known code-reuse attack technique is Return-OrientedProgramming (ROP), which considers and links together (relatively short) code snippets, named ROP gadgets, already present in the victim’s memory address space through a controlled use of the stack values of the victim program. Although ROP attacks are known to be Turing-complete, there are still open question such as the quantification of the executional power of an adversary, which is determined by whatever code exists in the memory of a victim program, and whether an adversary can build a ROP chain, made up of ROP gadgets, for any kind of algorithm. To fill these gaps, in this paper we first define a virtual language, dubbed ROPLANG, that defines a set of operations (specifically, arithmetic, assignment, dereference, logical, and branching operations) which are mapped to ROP gadgets. We then use it to evaluate the executional power of an adversary in Windows 7 and Windows 10, in both 32- and 64-bit versions. In addition, we have developed ROP3, a tool that accepts a set of program files and a ROP chain described with our language and returns the code snippets that make up the ROP chain. Our results show that there are enough ROP gadgets to simulate any virtual operation and that branching operations are the less frequent ones. As expected, our results also indicate that the larger a program file is, the more likely to find ROP gadgets within it for every virtual operation.

Modern control flow attacks circumvent existing defense mechanisms to transfer the program control to attacker chosen malicious code in the program, leaving application vulnerable to attack. Advanced attacks such as Return-Oriented Programming (ROP) attack and its variants, transfer program execution to gadgets (code-snippet that ends with return instruction). The code space to generate gadgets is large and attacks using these gadgets are Turing-complete. One big challenge to harden the program against ROP attack is to confine gadget selection to a limited locations, thus leaving the attacker to search entire code space according to payload criteria. In this paper, we present a novel approach to label the nodes of the Control-Flow Graph (CFG) of a program such that labels of the nodes on a valid control flow edge satisfy a Hamming distance property. The newly encoded CFG enables detection of illegal control flow transitions during the runtime in the processor pipeline. Experimentally, we have demonstrated that the proposed Control Flow Integrity (CFI) implementation is effective against control-flow hijacking and the technique can reduce the search space of the ROP gadgets upto 99.28%. We have also validated our technique on seven applications from MiBench and the proposed labeling mechanism incurs no instruction count overhead while, on average, it increases instruction width to a maximum of 12.13%.

Return-oriented programming (ROP)is a technique used to break data execution protection(DEP). Existing ROP chain automatic construction technology cannot effectively use program controllable memory area. In order to improve the utilization of memory space, this paper proposes a method of ROP chain fragmentation layout. By searching the controllable memory area of the program, a set of layoutable space is formed, and the overall ROP chain is segmented to add jump instructions at the end of each segment, thereby achieving a fragmented layout of the ROP chain. The prototype system ROP-chip based on S2E proved the effectiveness of the fragmented layout of the ROP chain.

The dynamic and adaptable characteristics of mobile ad hoc networks have made it a significant field for deploying various applications in wireless sensor networks. Increasing popularity of the portable devices is the main reason for the development of mobile ad hoc networks. Furthermore, the network does not require a fixed architecture and it is easy to deploy. This type of network is highly vulnerable to cyber-attacks as the nodes communicate with each other through a Wireless medium. The most critical attack in ad hoc network is jellyfish attack. In this research we have proposed a Direct Trust-based Detection Algorithm to detect and prevent jellyfish attack in MANET.

The ability to react to a malicious attack starts with high fidelity recognition, and with that, an agile response to the attack. The current Operational Technology (OT) systems for a critical infrastructure include an intrusion detection system (IDS), but the ability to adapt to an intrusion is a human initiated response. Orchestrators, which are coming of age in the financial sector and allow for levels of automated response, are not prevalent in the OT space. To evolve to such responses in the OT space, a tradeoff analysis is first needed. This tradeoff analysis should evaluate the mitigation benefits of responses versus the physical affects that result. Providing an informed and automated response decision. This paper presents a formulation of a novel tradeoff analysis and its use in advancing a cyber-physical architecture for automated responses (CyPhAAR).

Nowadays, massive amounts of data are stored in the cloud, how to access control the cloud data has become a prerequisite for protecting the security of cloud data. In order to address the problems of centralized control and privacy protection in current access control, we propose an access control scheme based on the blockchain and re-encryption technology, namely PERBAC-BC scheme. The access control policy is managed by the decentralized and immutability characteristics of blockchain, while the re-encryption is protected by the trusted computing characteristic of blockchain and the privacy is protected by the identity re-encryption technology. The overall structure diagram and detailed execution flow of the scheme are given in this paper. Experimental results show that, compared with the traditional hybrid encryption scheme, the time and space consumption is less when the system is expanded. Then, the time and space performance of each part of the scheme is simulated, and the security of blockchain is proved. The results also show that the time and space performance of the scheme are better and the security is stronger, which has certain stability and expandability.

When a robot breaks a person's trust by making a mistake or failing, continued interaction will depend heavily on how the robot repairs the trust that was broken. Prior work in psychology has demonstrated that both the trust violation framing and the trust repair strategy influence how effectively trust can be restored. We investigate trust repair between a human and a robot in the context of a competitive game, where a robot tries to restore a human's trust after a broken promise, using either a competence or integrity trust violation framing and either an apology or denial trust repair strategy. Results from a 2×2 between-subjects study ( n=82) show that participants interacting with a robot employing the integrity trust violation framing and the denial trust repair strategy are significantly more likely to exhibit behavioral retaliation toward the robot. In the Dyadic Trust Scale survey, an interaction between trust violation framing and trust repair strategy was observed. Our results demonstrate the importance of considering both trust violation framing and trust repair strategy choice when designing robots to repair trust. We also discuss the influence of human-to-robot promises and ethical considerations when framing and repairing trust between a human and robot.

In this paper, we propose a compositional scheme for the construction of abstractions for networks of control systems by using the interconnection matrix and joint dissipativity-type properties of subsystems and their abstractions. In the proposed framework, the abstraction, itself a control system (possibly with a lower dimension), can be used as a substitution of the original system in the controller design process. Moreover, we provide a procedure for constructing abstractions of a class of nonlinear control systems by using the bounds on the slope of system nonlinearities. We illustrate the proposed results on a network of linear control systems by constructing its abstraction in a compositional way without requiring any condition on the number or gains of the subsystems. We use the abstraction as a substitute to synthesize a controller enforcing a certain linear temporal logic specification. This example particularly elucidates the effectiveness of dissipativity-type compositional reasoning for large-scale systems.

We consider a compositional construction of approximate abstractions of interconnected control systems. In our framework, an abstraction acts as a substitute in the controller design process and is itself a continuous control system. The abstraction is related to the concrete control system via a so-called simulation function: a Lyapunov-like function, which is used to establish a quantitative bound between the behavior of the approximate abstraction and the concrete system. In the first part of the paper, we provide a small gain type condition that facilitates the compositional construction of an abstraction of an interconnected control system together with a simulation function from the abstractions and simulation functions of the individual subsystems. In the second part of the paper, we restrict our attention to linear control system and characterize simulation functions in terms of controlled invariant, externally stabilizable subspaces. Based on those characterizations, we propose a particular scheme to construct abstractions for linear control systems. We illustrate the compositional construction of an abstraction on an interconnected system consisting of four linear subsystems. We use the abstraction as a substitute to synthesize a controller to enforce a certain linear temporal logic specification.

At present, the network architecture is based on the TCP/IP protocol and node communications are achieved by the IP address and identifier of the node. The IP address in the network remains basically unchanged, so it is more likely to be attacked by network intruder. To this end, it is important to make periodic dynamic hopping in a specific address space possible, so that an intruder fails to obtain the internal network address and grid topological structure in real time and to continue to perform infiltration by the building of a new address space layout randomization system on the basis of SDN from the perspective of an attacker.