Biblio

Robustness verification of neural networks (NNs) is a challenging and significant problem, which draws great attention in recent years. Existing researches have shown that bound propagation is a scalable and effective method for robustness verification, and it can be implemented on GPUs and TPUs to get parallelized. However, the bound propagation methods naturally produce weak bound due to linear relaxations on the neurons, which may cause failure in verification. Although tightening techniques for simple ReLU networks have been explored, they are not applicable for NNs with general activation functions such as Sigmoid and Tanh. Improving robustness verification on these NNs is still challenging. In this paper, we propose a Branch-and-Bound (BaB) style method to address this problem. The proposed BaB procedure improves the weak bound by splitting the input domain of neurons into sub-domains and solving the corresponding sub-problems. We propose a generic heuristic function to determine the priority of neuron splitting by scoring the relaxation and impact of neurons. Moreover, we combine bound optimization with the BaB procedure to improve the weak bound. Experimental results demonstrate that the proposed method gains up to 35% improvement compared to the state-of-art CROWN method on Sigmoid and Tanh networks.

With the development of Internet of Things (IoT) technology, the transaction behavior of IoT devices has gradually increased, which also brings the problem of transaction data security and transaction processing efficiency. As one of the research hotspots in the field of data security, blockchain technology has been widely applied in the maintenance of transaction records and the construction of financial payment systems. However, the proportion of microtransactions in the Internet of Things poses challenges to the coupling of blockchain and IoT devices. This paper proposes a three-party scalable architecture based on “IoT device-edge server-blockchain”. In view of the characteristics of micropayment, the verification mechanism of the execution results of the off-chain transaction is designed, and the bridge node is designed in the off-chain architecture, which ensures the finality of the blockchain to the transaction. According to system evaluation, this scalable architecture improves the processing efficiency of micropayments on blockchain, while ensuring its decentration equal to that of blockchain. Compared with other blockchain-based IoT device payment schemes, our architecture is more excellent in activity.

With the advent of cloud storage services many users tend to store their data in the cloud to save storage cost. However, this has lead to many security concerns, and one of the most important ones is ensuring data integrity. Public verification schemes are able to employ a third party auditor to perform data auditing on behalf of the user. But most public verification schemes are vulnerable to procrastinating auditors who may not perform auditing on time. These schemes do not have fair arbitration also, i.e. they lack a way to punish the malicious Cloud Service Provider (CSP) and compensate user whose data has been corrupted. On the other hand, CSP might be storing redundant data that could increase the storage cost for the CSP and computational cost of data auditing for the user. In this paper, we propose a Blockchain-based public auditing and deduplication scheme with a fair arbitration system against procrastinating auditors. The key idea requires auditors to record each verification using smart contract and store the result into a Blockchain as a transaction. Our scheme can detect and punish the procrastinating auditors and compensate users in the case of any data loss. Additionally, our scheme can detect and delete duplicate data that improve storage utilization and reduce the computational cost of data verification. Experimental evaluation demonstrates that our scheme is provably secure and does not incur overhead compared to the existing public auditing techniques while offering an additional feature of verifying the auditor’s performance.

Software-Defined Networking (SDN) technique is presented in this paper to manage the Naval Supervisory Control and Data Acquisition (SCADA) network for equipping the network with the function of reconfiguration and scalability. The programmable nature of SDN enables a programmable Modular Topology Generator (MTG), which provides an extensive control over the network’s internal connectivity and traffic control. Specifically, two functions of MTG are developed and examined in this paper, namely linkHosts and linkSwitches. These functions are able to place the network into three different states, i.e., fully connected, fully disconnected, and partially connected. Therefore, it provides extensive security benefits and allows network administrators to dynamically reconfigure the network and adjust settings according to the network’s needs. Extensive tests on Mininet have demonstrated the effectiveness of SDN for enabling the reconfigurable and scalable Naval SCADA network. Therefore, it provides a potent tool to enhance the resiliency/survivability, scalability/compatibility, and security of naval SCADA networks.

Proving secure compilation of partial programs typically requires back-translating an attack against the compiled program to an attack against the source program. To prove back-translation, one can syntactically translate the target attacker to a source one-i.e., syntax-directed back-translation-or show that the interaction traces of the target attacker can also be emitted by source attackers—i.e., trace-directed back-translation. Syntax-directed back-translation is not suitable when the target attacker may use unstructured control flow that the source language cannot directly represent. Trace-directed back-translation works with such syntactic dissimilarity because only the external interactions of the target attacker have to be mimicked in the source, not its internal control flow. Revealing only external interactions is, however, inconvenient when sharing memory via unforgeable pointers, since information about shared pointers stashed in private memory is not present on the trace. This made prior proofs unnecessarily complex, since the generated attacker had to instead stash all reachable pointers. In this work, we introduce more informative data-flow traces, combining the best of syntax- and trace-directed back-translation in a simpler technique that handles both syntactic dissimilarity and memory sharing well, and that is proved correct in Coq. Additionally, we develop a novel turn-taking simulation relation and use it to prove a recomposition lemma, which is key to reusing compiler correctness in such secure compilation proofs. We are the first to mechanize such a recomposition lemma in the presence of memory sharing. We use these two innovations in a secure compilation proof for a code generation compiler pass between a source language with structured control flow and a target language with unstructured control flow, both with safe pointers and components.

The spread of the Internet of Things (IoT) and the use of smart control systems in many mission-critical or safety-critical applications domains, like automotive or aeronautical, make devices attractive targets for attackers. Nowadays, several of these are mixed-criticality systems, i.e., they run both high-criticality tasks (e.g., a car control system) and low-criticality ones (e.g., infotainment). High-criticality routines often employ Real-Time Operating Systems (RTOS) to enforce hard real-time requirements, while the tasks with lower constraints can be delegated to more generic-purpose operating systems (GPOS).Much of the control code for these devices is written in memory-unsafe languages such as C and C++. This makes them susceptible to powerful binary attacks, such as the famous Return-Oriented Programming (ROP). Control-Flow Integrity (CFI) is the most investigated security technique to protect against such threats. At now, CFI solutions for real-time embedded systems are not as mature as the ones for general-purpose systems, and even more, there is a lack of in-depth studies on how different operating systems with different security requirements and timing constraints can coexist on a single multicore platform.This paper aims at drawing attention to the subject, discussing the current scientific proposal, and in turn proposing a solution for an optimized asymmetric verification system for execution integrity. By using an embedded hypervisor, predefined cores could be dedicated to only high or low-criticality tasks, with the high-priority core being monitored by the lower-criticality core, relying on offline binary instrumentation and a light exchange of information and signals at runtime. The work also presents preliminary results about a possible implementation for multicore ARM platforms, running both RTOS and GPOS, both in terms of security and performance penalties.

Microcontroller-based embedded systems have become ubiquitous with the emergence of IoT technology. Given its critical roles in many applications, its security is becoming increasingly important. Unfortunately, MCU devices are especially vulnerable. Code reuse attacks are particularly noteworthy since the memory address of firmware code is static. This work seeks to combat code reuse attacks, including ROP and more advanced JIT-ROP via continuous randomization. Previous proposals are geared towards full-fledged OSs with rich runtime environments, and therefore cannot be applied to MCUs. We propose the first solution for ARM-based MCUs. Our system, named HARM, comprises a secure runtime and a binary analysis tool with rewriting module. The secure runtime, protected inside the secure world, proactively triggers and performs non-bypassable randomization to the firmware running in a sandbox in the normal world. Our system does not rely on any firmware feature, and therefore is generally applicable to both bare-metal and RTOS-powered firmware. We have implemented a prototype on a development board. Our evaluation results indicate that HARM can effectively thaw code reuse attacks while keeping the performance and energy overhead low.

This paper proposes a control flow integrity checking method based on the LBR register: through an analysis of the static target program loaded binary modules, gain function attributes such as borders and build the initial transfer of legal control flow boundary, real-time maintenance when combined with the dynamic execution of the program flow of control transfer record, build a complete profile control flow transfer security; Get the call location of /bin/sh or system() in the program to build an internal monitor for control-flow integrity checks. In the process of program execution, on the one hand, the control flow transfer outside the outline is judged as the abnormal control flow transfer with attack threat; On the other hand, abnormal transitions across the contour are picked up by an internal detector. In this method, by identifying abnormal control flow transitions, attacks are initially detected before the attack code is executed, while some attacks that bypass the coarse-grained verification of security profile are captured by the refined internal detector of control flow integrity. This method reduces the cost of control flow integrity check by using the safety profile analysis of coarse-grained check. In addition, a fine-grained shell internal detector is inserted into the contour to improve the safety performance of the system and achieve a good balance between performance and efficiency.

This paper shows that the modern high customizable Xtensa architecture for embedded devices is exploitable by Return-Oriented Programming (ROP) attacks. We used a simple Hello-World application written with the RIOT OS as an almost minimal code basis for determining if the number of gadgets that can be found in this code base is sufficient to build a reasonably complex attack. We determined 859 found gadgets which are sufficient to create a gadget catalog for the Xtensa. Despite the code basis used being really small, the presented gadget catalog provides Turing completeness, which allows an arbitrary computation of any exploit program.

Memory-based vulnerabilities are becoming more and more common in low-power and low-cost devices in IOT. We study several low-level vulnerabilities that lead to memory corruption in C and C++ programs, and how to use stack corruption and format string attack to exploit these vulnerabilities. Automatic methods for resisting memory attacks, such as stack canary and address space layout randomization ASLR, are studied. These methods do not need to change the source program. However, a return-oriented programming (ROP) technology can bypass them. Control flow integrity (CFI) can resist the destruction of ROP technology. In fact, the security design is holistic. Finally, we summarize the rules of security coding in embedded devices, and propose two novel methods of software anomaly detection process for IOT devices in the future.

Control flow integrity (CFI) checks are used in desktop systems, in order to protect them from various forms of attacks, but they are rarely investigated for embedded systems, due to their introduced overhead. The contribution of this paper is an efficient software implementation of a CFI-check for ARM-and Xtensa processors. Moreover, we propose the combination of this CFI-check with another defense mechanism against return-oriented-programming (ROP). We show that by this combination the security is significantly improved. Moreover, it will also in-crease the safety of the system, since the combination can detect a failed ROP-attack and bring the system in a safe state, which is not possible when using each technique separately. We will also report on the introduced overhead in code size and run time.

Side-channel attacks have been a constant threat to computing systems. In recent times, vulnerabilities in the architecture were discovered and exploited to mount and execute a state-of-the-art attack such as Spectre. The Spectre attack exploits a vulnerability in the Intel-based processors to leak confidential data through the covert channel. There exist some defenses to mitigate the Spectre attack. Among multiple defenses, hardware-assisted attack/intrusion detection (HID) systems have received overwhelming response due to its low overhead and efficient attack detection. The HID systems deploy machine learning (ML) classifiers to perform anomaly detection to determine whether the system is under attack. For this purpose, a performance monitoring tool profiles the applications to record hardware performance counters (HPC), utilized for anomaly detection. Previous HID systems assume that the Spectre is executed as a standalone application. In contrast, we propose an attack that dynamically generates variations in the injected code to evade detection. The attack is injected into a benign application. In this manner, the attack conceals itself as a benign application and gen-erates perturbations to avoid detection. For the attack injection, we exploit a return-oriented programming (ROP)-based code-injection technique that reuses the code, called gadgets, present in the exploited victim's (host) memory to execute the attack, which, in our case, is the CR-Spectre attack to steal sensitive data from a target victim (target) application. Our work focuses on proposing a dynamic attack that can evade HID detection by injecting perturbations, and its dynamically generated variations thereof, under the cloak of a benign application. We evaluate the proposed attack on the MiBench suite as the host. From our experiments, the HID performance degrades from 90% to 16%, indicating our Spectre-CR attack avoids detection successfully.

This paper presents a program-code mutation technique that is applied in-field to embedded systems in order to create diversity in a population of systems that are identical at the time of their deployment. With this diversity, it becomes more difficult for attackers to carry out the very popular Return-Oriented-Programming (ROP) attack in a large scale, since the gadgets in different systems are located at different program addresses after code permutation. In order to prevent the system from a system crash after a failed ROP attack, we further propose the combination of the code mutation with a return address checking. We will report the overhead in time and memory along with a security analysis.

Since deep learning (DL) can automatically learn features from source code, it has been widely used to detect source code vulnerability. To achieve scalable vulnerability scanning, some prior studies intend to process the source code directly by treating them as text. To achieve accurate vulnerability detection, other approaches consider distilling the program semantics into graph representations and using them to detect vulnerability. In practice, text-based techniques are scalable but not accurate due to the lack of program semantics. Graph-based methods are accurate but not scalable since graph analysis is typically time-consuming. In this paper, we aim to achieve both scalability and accuracy on scanning large-scale source code vulnerabilities. Inspired by existing DL-based image classification which has the ability to analyze millions of images accurately, we prefer to use these techniques to accomplish our purpose. Specifically, we propose a novel idea that can efficiently convert the source code of a function into an image while preserving the program details. We implement Vul-CNN and evaluate it on a dataset of 13,687 vulnerable functions and 26,970 non-vulnerable functions. Experimental results report that VulCNN can achieve better accuracy than eight state-of-the-art vul-nerability detectors (i.e., Checkmarx, FlawFinder, RATS, TokenCNN, VulDeePecker, SySeVR, VulDeeLocator, and Devign). As for scalability, VulCNN is about four times faster than VulDeePecker and SySeVR, about 15 times faster than VulDeeLocator, and about six times faster than Devign. Furthermore, we conduct a case study on more than 25 million lines of code and the result indicates that VulCNN can detect large-scale vulnerability. Through the scanning reports, we finally discover 73 vulnerabilities that are not reported in NVD.

One of the key topics in network security research is the autonomous COA (Couse-of-Action) attack search method. Traditional COA attack search methods that passively search for attacks can be difficult, especially as the network gets bigger. To address these issues, new autonomous COA techniques are being developed, and among them, an intelligent spatial algorithm is designed in this paper for efficient operations in scalable networks. On top of the spatial search, a Monte-Carlo (MC)-based temporal approach is additionally considered for taking care of time-varying network behaviors. Therefore, we propose a spatio-temporal attack COA search algorithm for scalable and time-varying networks.

The blockchain network is often considered a reliable and secure network. However, some security attacks, such as eclipse attacks, have a significant impact on blockchain networks. In order to perform an eclipse attack, the attacker must be able to control enough IP addresses. This type of attack can be mitigated by blocking incoming connections. Connected machines may only establish outbound connections to machines they trust, such as those on a whitelist that other network peers maintain. However, this technique is not scalable since the solution does not allow nodes with new incoming communications to join the network. In this paper, we propose a scalable and secure trust-based solution against eclipse attacks with a peer-selection strategy that minimizes the probability of eclipse attacks from nodes in the network by developing a trust point. Finally, we experimentally analyze the proposed solution by creating a network simulation environment. The analysis results show that the proposed solution reduces the probability of an eclipse attack and has a success rate of over 97%.

Virtual Private Networks (VPNs) have become a communication medium for accessing information, data exchange and flow of information. Many organizations require Intranet or VPN, for data access, access to servers from computers and sharing different types of data among their offices and users. A secure VPN environment is essential to the organizations to protect the information and their IT infrastructure and their assets. Every organization needs to protect their computer network environment from various malicious cyber threats. This paper presents a comprehensive network security management which includes significant strategies and protective measures during the management of a VPN in an organization. The paper also presents the procedures and necessary counter measures to preserve the security of VPN environment and also discussed few Identified Security Strategies and measures in VPN. It also briefs the Network Security and their Policies Management for implementation by covering security measures in firewall, visualized security profile, role of sandbox for securing network. In addition, a few identified security controls to strengthen the organizational security which are useful in designing a secure, efficient and scalable VPN environment, are also discussed.

Cloud computing provides customers with enormous compute power and storage capacity, allowing them to deploy their computation and data-intensive applications without having to invest in infrastructure. Many firms use cloud computing as a means of relocating and maintaining resources outside of their enterprise, regardless of the cloud server's location. However, preserving the data in cloud leads to a number of issues related to data loss, accountability, security etc. Such fears become a great barrier to the adoption of the cloud services by users. Cloud computing offers a high scale storage facility for internet users with reference to the cost based on the usage of facilities provided. Privacy protection of a user's data is considered as a challenge as the internal operations offered by the service providers cannot be accessed by the users. Hence, it becomes necessary for monitoring the usage of the client's data in cloud. In this research, we suggest an effective cloud storage solution for accessing patient medical records across hospitals in different countries while maintaining data security and integrity. In the suggested system, multifactor authentication for user login to the cloud, homomorphic encryption for data storage with integrity verification, and integrity verification have all been implemented effectively. To illustrate the efficacy of the proposed strategy, an experimental investigation was conducted.

Worldwide, societies are rapidly becoming more connected, owing primarily to the growing number of intelligent things and smart applications (e.g, smart automobiles, smart wearable devices, etc.) These have occurred in tandem with the Internet Of Things, a new method of connecting the physical and virtual worlds. It is a new promising paradigm whereby every ‘thing’ can connect to anything via the Internet. However, with IoT systems being deployed even on large-scale, security concerns arise amongst other challenges. Hence the need to allocate appropriate protection of resources. The realization of secure IoT systems could only be accomplished with a comprehensive understanding of the particular needs of a specific system. How-ever, this paradigm lacks a proper and exhaustive classification of security requirements. This paper presents an approach towards understanding and classifying the security requirements of IoT devices. This effort is expected to play a role in designing cost-efficient and purposefully secured future IoT systems. During the coming up with and the classification of the requirements, We present a variety of set-ups and define possible attacks and threats within the scope of IoT. Considering the nature of IoT and security weaknesses as manifestations of unrealized security requirements, We put together possible attacks and threats in categories, assessed the existent IoT security requirements as seen in literature, added more in accordance with the applied domain of the IoT and then classified the security requirements. An IoT system can be secure, scalable, and flexible by following the proposed security requirement classification.

A mail spoofing attack is a harmful activity that modifies the source of the mail and trick users into believing that the message originated from a trusted sender whereas the actual sender is the attacker. Based on the previous work, this paper analyzes the transmission process of an email. Our work identifies new attacks suitable for bypassing SPF, DMARC, and Mail User Agent’s protection mechanisms. We can forge much more realistic emails to penetrate the famous mail service provider like Tencent by conducting the attack. By completing a large-scale experiment on these well-known mail service providers, we find some of them are affected by the related vulnerabilities. Some of the bypass methods are different from previous work. Our work found that this potential security problem can only be effectively protected when all email service providers have a standard view of security and can configure appropriate security policies for each email delivery node. In addition, we also propose a mitigate method to defend against these attacks. We hope our work can draw the attention of email service providers and users and effectively reduce the potential risk of phishing email attacks on them.

We present the new class of non-uniform Rowhammer access patterns that bypass undocumented, proprietary in-DRAM Target Row Refresh (TRR) while operating in a production setting. We show that these patterns trigger bit flips on all 40 DDR4 DRAM devices in our test pool. We make a key observation that all published Rowhammer access patterns always hammer “aggressor” rows uniformly. While uniform accesses maximize the number of aggressor activations, we find that in-DRAM TRR exploits this behavior to catch aggressor rows and refresh neighboring “victims” before they fail. There is no reason, however, to limit Rowhammer attacks to uniform access patterns: smaller technology nodes make underlying DRAM technologies more vulnerable, and significantly fewer accesses are nowadays required to trigger bit flips, making it interesting to investigate less predictable access patterns. The search space for non-uniform access patterns, however, is tremendous. We design experiments to explore this space with respect to the deployed mitigations, highlighting the importance of the order, regularity, and intensity of accessing aggressor rows in non-uniform access patterns. We show how randomizing parameters in the frequency domain captures these aspects and use this insight in the design of Blacksmith, a scalable Rowhammer fuzzer that generates access patterns that hammer aggressor rows with different phases, frequencies, and amplitudes. Blacksmith finds complex patterns that trigger Rowhammer bit flips on all 40 of our recently purchased DDR4 DIMMs, \$2.6 \textbackslashtimes\$ more than state of the art, and generating on average \$87 \textbackslashtimes\$ more bit flips. We also demonstrate the effectiveness of these patterns on Low Power DDR4X devices. Our extensive analysis using Blacksmith further provides new insights on the properties of currently deployed TRR mitigations. We conclude that after almost a decade of research and deployed in-DRAM mitigations, we are perhaps in a worse situation than when Rowhammer was first discovered.

In the last decade, numerous Industrial IoT systems have been deployed. Attack vectors and security solutions for these are an active area of research. However, to the best of our knowledge, only very limited insight in the applicability and real-world comparability of attacks exists. To overcome this widespread problem, we have developed and realized an approach to collect attack traces at a larger scale. An easily deployable system integrates well into existing networks and enables the investigation of attacks on unmodified commercial devices.

While Smart contracts are agreements stored on Blockchain, NFTs are representation of digital assets encoded as Smart Contracts. The uniqueness of a Non-Fungible Token (NFT) is established through the digital signature of the creator/owner that should be authenticatable and verifiable over a long period of time. This requires possession of assured identities by the entities involved in such transactions, and support for long-term validation, which may pave the way for gaining support from legal systems. Public Key Infrastructure (PKI) is a trusted ecosystem that can assure the identity of an entity, including human users, domain names, devices etc. In PKI, a digital certificate assures the identity by chaining and anchoring to a trusted root, which is currently not the case in Smart Contracts and NFTs. The storage of the digital assets in decentralized nodes need to be assured for availability for a long period of time. This invariably depends on the sustenance of the underlying network that requires monitoring and auditing for assurance. In this paper, we discuss the above challenges in detail and bring out the intricate issues. We also bust the myth that decentralized trust models are flawless and incident free and also indicate that over time, they tend to centralize for optimality. We then present our proposals, and structures that leverages the existing Public Key Infrastructure systems, with mechanisms for creating an environment for reliable Smart Contracts and NFTs.

In the PKI-CA system with a traditional trust model based on trust chain and centralized private key management, there are some problems with issuing certificates illegally, denying issued certificates, tampering with issuance log, and leaking certificate private key due to the excessive power of a single CA. A novel distributed CA system based on blockchain was constructed to solve the problems. The system applied blockchain and smart contract to coordinate the certificate issuing process, and stored the issuing process logs and information used to verify certificates on the blockchain. It guaranteed the non-tamperability and non-repudiation of logs and information. Aiming at the disadvantage of easy leakage of private keys in centralized management mode, the system used the homomorphism of elliptic encryption algorithm, CPK and transformation matrix to generate and store user private keys safely and distributively. Experimental analysis showed that the system can not only overcome the drawbacks of the traditional PKI-CA system, but also issue certificates quickly and save as much storage as possible to store certificate private keys.

The access control mechanism of most consortium blockchain is implemented through traditional Certificate Authority scheme based on trust chain and centralized key management such as PKI/CA at present. However, the uneven power distribution of CA nodes may cause problems with leakage of certificate keys, illegal issuance of certificates, malicious rejection of certificates issuance, manipulation of issuance logs and metadata, it could compromise the security and dependability of consortium blockchain. Therefore, this paper design and implement a Certificate Authority scheme based on trust ring model that can not only enhance the reliability of consortium blockchain, but also ensure high performance. Combined public key, transformation matrix and elliptic curve cryptography are applied to the scheme to generate and store keys in a cluster of CA nodes dispersedly and securely for consortium nodes. It greatly reduced the possibility of malicious behavior and key leakage. To achieve the immutability of logs and metadata, the scheme also utilized public blockchain and smart contract technology to organize the whole procedure of certificate issuance, the issuance logs and metadata for certificate validation are stored in public blockchain. Experimental results showed that the scheme can surmount the disadvantages of the traditional scheme while maintaining sufficiently good performance, including issuance speed and storage efficiency of certificates.