Biblio

The goal of building a system for precise time measurement in pixel radiation detectors motivates the development of flexible design and verification environment. It should be suitable for quick simulations when individual elements of the system are developed and should be scalable so that systemlevel verification is possible as well. The approach presented in this paper is to utilize the power of SystemVerilog language and apply basic Object-Oriented Programming concepts to the test program. Since the design under test is a full-custom mixed-signal design, it must be simulated with AMS simulator and various features of analog design environment are used as well (Monte Carlo analysis, corner analysis, schematic capture GUI-related functions). The presented approach combines these two worlds and should be suitable for small academia projects, where design and verification is seldom done by separate teams.

In this paper we propose to combine the safe C dialect Checked C with concolic testing to obtain an effective methodology for attaining safer C code. Checked C is a modern and backward compatible extension to the C programming language which provides facilities for writing memory-safe C code. We utilize incremental conversions of unsafe C software to Checked C. After each increment, we leverage concolic testing, an effective test generation technique, to support the conversion process by searching for newly introduced and existing bugs.Our RISC-V experiments using the RIOT Operating System (OS) demonstrate the effectiveness of our approach. We uncovered 4 previously unknown bugs and 3 bugs accidentally introduced through our conversion process.

The term lateral pressure refers to any tendency (or propensity) of states, firms, and other entities to expand their activities and exert influence and control beyond their established boundaries, whether for economic, political, military, scientific, religious, or other purposes. Framed by Robert C. North and Nazli Choucri, the theory addresses the sources and consequences of such a tendency. This chapter presents the core features—assumptions, logic, core variables, and dynamics—and summarizes the quantitative work undertaken to date. Some aspects of the theory analysis are more readily quantifiable than others. Some are consistent with conventional theory in international relations. Others are based on insights and evidence from other areas of knowledge, thus departing from tradition in potentially significant ways. Initially applied to the causes of war, the theory focuses on the question of: Who does what, when, how, and with what consequences? The causal logic in lateral pressure theory runs from the internal drivers (i.e., the master variables that shape the profiles of states) through the intervening variables (i.e., aggregated and articulated demands given prevailing capabilities), and the outcomes often generate added complexities. To the extent that states expand their activities outside territorial boundaries, driven by a wide range of capabilities and motivations, they are likely to encounter other states similarly engaged. The intersection among spheres of influence is the first step in complex dynamics that lead to hostilities, escalation, and eventually conflict and violence. The quantitative analysis of lateral pressure theory consists of six distinct phases. The first phase began with a large-scale, cross-national, multiple equation econometric investigation of the 45 years leading to World War I, followed by a system of simultaneous equations representing conflict dynamics among competing powers in the post–World War II era. The second phase is a detailed econometric analysis of Japan over the span of more than a century and two World Wars. The third phase of lateral pressure involves system dynamics modeling of growth and expansion of states from 1970s to the end of the 20th century and explores the use of fuzzy logic in this process. The fourth phase focuses on the state-based sources of anthropogenic greenhouse gases to endogenize the natural environment in the study of international relations. The fifth phase presents a detailed ontology of the driving variables shaping lateral pressure and their critical constituents in order to (a) frame their interconnections, (b) capture knowledge on sustainable development, (c) create knowledge management methods for the search, retrieval, and use of knowledge on sustainable development and (d) examine the use of visualization techniques for knowledge display and analysis. The sixth, and most recent, phase of lateral pressure theory and empirical analysis examines the new realities created by the construction of cyberspace and interactions with the traditional international order.

In electronic warfare, communication may not counter reconnaissance and jamming without the help of network-station selection of frequency hopping. The competition in the field of electromagnetic spectrum is becoming more and more fierce with the increasingly complex electromagnetic environment of modern battlefield. The research on detection, identification, parameter estimation and network station selection of frequency hopping communication network has aroused the interest of scholars both at home and abroad, which has been summarized in this paper. Firstly, the working mode and characteristics of two kinds of FH communication networking modes synchronous orthogonal network and asynchronous non orthogonal network are introduced. Then, through the analysis of FH signals time hopping, frequency hopping, bandwidth, frequency, direction of arrival, bad time-frequency analysis, clustering analysis and machine learning method, the feature-based method is adopted Parameter selection technology is used to sort FH network stations. Finally, the key and difficult points of current research on FH communication network separation technology and the research status of blind source separation technology are introduced in details in this paper.

This paper introduces a scheme for achieving trustworthy computing on SoCs that use an outsourced AXI interconnect for on-chip communication. This is achieved through component guarding, data tagging, event verification, and consequently responding dynamically to an attack. Experimental results confirm the ability of the proposed scheme to detect HT attacks and respond to them at run-time. The proposed scheme extends the state-of-art in trustworthy computing on untrustworthy components by focusing on the issue of an untrusted on-chip interconnect for the first time, and by developing a scheme that is independent of untrusted third-party IP.

This paper describes the architecture and the fundamental methodology of an anomaly detector, which by continuously monitoring Simple Network Management Protocol data and by processing it as complex-events, is able to timely recognize patterns of faults and relevant cyber-attacks. This solution has been applied in the context of smart grids, and in particular as part of a security and resilience component of the Information and Communication Technologies (ICT) Gateway, a middleware-based architecture that correlates and fuses measurement data from different sources (e.g., Inverters, Smart Meters) to provide control coordination and to enable grid observability applications. The detector has been evaluated through experiments, where we selected some representative anomalies that can occur on the ICT side of the energy distribution infrastructure: non-malicious faults (indicated by patterns in the system resources usage), as well as effects of typical cyber-attacks directed to the smart grid infrastructure. The results show that the detection is promisingly fast and efficient.

Data provenance (keeping track of who did what, where, when and how) boasts of various attractive use cases for distributed systems, such as intrusion detection, forensic analysis and secure information dependability. This potential, however, can only be realized if provenance is accessible by its primary stakeholders: the end-users. Existing provenance systems are designed in a `all-or-nothing' fashion, making provenance inaccessible, difficult to extract and crucially, not controlled by its key stakeholders. To mitigate this, we propose that provenance be separated into system, data-specific and file-metadata provenance. Furthermore, we expand data-specific provenance as changes at a fine-grain level, or provenance-per-change, that is recorded alongside its source. We show that with the use of delta-encoding, provenance-per-change is viable, asserting our proposed architecture to be effectively realizable.

The use of static code analysis tools for security audits can be time consuming, as the many existing tools focus on different aspects and therefore development teams often use several of these tools to keep code quality high and prevent security issues. Displaying the results of multiple tools, such as code smells and security warnings, in a unified interface can help developers get a better overview and prioritize upcoming work. We present visualizations and a dashboard that interactively display results from static code analysis for “interesting” commits during development. With this, we aim to provide an effective visual analytics tool for code security analysis results.

Intrusion alerts continue to grow in volume, variety, and complexity. Its cryptic nature requires substantial time and expertise to interpret the intended consequence of observed malicious actions. To assist security analysts in effectively diagnosing what alerts mean, this work develops a novel machine learning approach that translates alert descriptions to intuitively interpretable Action-Intent-Stages (AIS) with only 1% labeled data. We combine transfer learning, active learning, and pseudo labels and develop the Pseudo-Active Transfer Learning (PATRL) process. The PATRL process begins with an unsupervised-trained language model using MITRE ATT&CK, CVE, and IDS alert descriptions. The language model feeds to an LSTM classifier to train with 1% labeled data and is further enhanced with active learning using pseudo labels predicted by the iteratively improved models. Our results suggest PATRL can predict correctly for 85% (top-1 label) and 99% (top-3 labels) of the remaining 99% unknown data. Recognizing the need to build confidence for the analysts to use the model, the system provides Monte-Carlo Dropout Uncertainty and Pseudo-Label Convergence Score for each of the predicted alerts. These metrics give the analyst insights to determine whether to directly trust the top-1 or top-3 predictions and whether additional pseudo labels are needed. Our approach overcomes a rarely tackled research problem where minimal amounts of labeled data do not reflect the truly unlabeled data's characteristics. Combining the advantages of transfer learning, active learning, and pseudo labels, the PATRL process translates the complex intrusion alert description for the analysts with confidence.

UPI (Unified Payments Interface) is a framework in India wherein customers can send payments to merchants from their smartphones. The framework consists of UPI servers that are connected to the banks at the sender and receiver ends. To send and receive payments, customers and merchants would have to first register themselves with UPI servers by executing a registration protocol using payment apps such as BHIM, PayTm, Google Pay, and PhonePe. Weaknesses were recently reported on these protocols that allow attackers to make money transfers on behalf of innocent customers and even empty their bank accounts. But the reported weaknesses were found after informal and manual analysis. However, as history has shown, formal analysis of cryptographic protocols often reveals flaws that could not be discovered with manual inspection. In this paper, we model UPI protocols in the pattern of traditional cryptographic protocols such that they can be rigorously studied and analyzed using formal methods. The modeling simplifies many of the complexities in the protocols, making it suitable to analyze and verify UPI protocols with popular analysis and verification tools such as the Constraint Solver, ProVerif and Tamarin. Our modeling could also be used as a general framework to analyze and verify many other financial payment protocols than just UPI protocols, giving it a broader applicability.

Deep learning (DL) models have been shown to be vulnerable to adversarial attacks. DL model security against adversarial attacks is critical to using DL-trained models in forward deployed systems, e.g. facial recognition, document characterization, or object detection. We provide results and lessons learned applying a moving target defense (MTD) strategy against iterative, gradient-based adversarial attacks. Our strategy involves (1) training a diverse ensemble of DL models, (2) applying randomized affine input transformations to inputs, and (3) randomizing output decisions. We report a primary lesson that this strategy is ineffective against a white-box adversary, which could completely circumvent output randomization using a deterministic surrogate. We reveal how our ensemble models lacked the diversity necessary for effective MTD. We also evaluate our MTD strategy against a black-box adversary employing an ensemble surrogate model. We conclude that an MTD strategy against black-box adversarial attacks crucially depends on lack of transferability between models.

In light of the progress achieved by the technology sector in the areas of internet speed and cloud services development, and in addition to other advantages provided by the cloud such as reliability and easy access from anywhere and anytime, most data owners find an opportunity to take advantage of the cloud to store data. However, data owners find a challenge that was and is still facing them in the field of outsourcing, which is protecting sensitive data from leakage. Researchers found that partitioning data into partitions, based on data sensitivity, can be used to protect data from leakage and to increase performance by storing the partition, which contains sensitive data in an encrypted form. In this paper, we review the methods used in designing partitions and dividing data approaches. A hybrid data partitioning approach is proposed to improve these techniques. We consider the frequency attack types used to guess the sensitive data and the most important properties that must be available in order for the encryption to be strong against frequency attacks.

MANET stands for Mobile ad-hoc network, which is also known as a wireless network. It provides a routable networking environment which does not have a centralized infrastructure. MANET is used in many important sectors like economic sector (corporate field), security sector (military field), education sector (video conferences and lectures), law sector (law enforcement) and many more. Even though it plays a vital role in different sectors and improves its economic growth, security is a major concern in MANET. Due to lack of inbuilt security, several attacks like data traffic attack, control traffic attack. The wormhole is a kind of control traffic attack which forms wormhole link between nodes. In this paper, we have proposed an approach to detect and get rid of the wormhole attack. The proposed approach is based on trust values, which will decide whether nodes are affected by using parameters like receiving time and data rate. On evaluation, we have concluded that the wormhole attack decreases the network's performance while using trusted approach its value increases. Means PDR and throughput return best results for the affected network while in case of end to end delay it returns similar results as of unaffected network.

Mobile Ad hoc Networks ‘MANETs’ are still defenseless against peripheral threats due to the fact that this network has vulnerable access and also the absence of significant fact of administration. The black hole attack is a kind of some routing attack, in this type of attack the attacker node answers to the Route Requests (RREQs) thru faking and playing itself as an adjacent node of the destination node in order to get through the data packets transported from the source node. To counter this situation, we propose to deploy some nodes (exhibiting some distinctive functionality) in the network called DPS (Detection and Prevention System) nodes that uninterruptedly monitor the RREQs advertised by all other nodes in the networks. DPS nodes target to satisfy the set objectives in which it has to sense the mischievous nodes by detecting the activities of their immediate neighbor. In the case, when a node demonstrates some peculiar manners, which estimates according to the experimental data, DPS node states that particular distrustful node as black hole node by propagation of a threat message to all the remaining nodes in the network. A protocol with a clustering approach in AODV routing protocol is used to sense and avert the black hole attack in the mentioned network. Consequently, empirical evaluation shows that the black hole node is secluded and prohibited from the whole system and is not allowed any data transfer from any node thereafter.

Three issues should be addressed in ubiquitous power Internet of things (IoT) terminals, such as lack of terminal standardization, high business coupling and weak local intelligent processing ability. The application of operating system in power IoT terminals provides the possibility to solve the above problems, but needs to address the real-time and security problems. In this paper, TrustZone based virtualization architecture is used to tackle the above real-time and security problems, which adopts the dual system architecture of real-time operating system (FreeRTOS) to run real-time tasks, such as power parameter acquisition and control on the real-time operating system, to solve the real-time problem; And non real-time tasks are run on the general operating system(Linux) to solve the expansibility problem of power terminals with hardware assisted virtualization technology achieving the isolation of resources, ensuring the safety of power related applications. The scheme is verified on the physical platform. The results show that the dual operating system power IoT terminal scheme based on ARM TrustZone meets the security requirements and has better real-time performance, with unifying terminal standards, business decoupling and enhancing local processing capacity.

Return-oriented programming(ROP) is a prevalent technique that targets return addresses to hijack control flow. To prevent such attack, researchers mainly focus on either Shadow Stack or MAC-based mechanisms(message code authentication). But Shadow Stack suffers from additional memory overhead and information leakage, while MAC-based mechanisms(e.g. Zipper Stack) impose high runtime overhead for MAC calculations.In this paper, we propose Twine Stack, a hybrid and efficient return address protection mechanism with lightweight hardware extension. It utilizes a tiny hardware shadow stack to realize a new multi-chain Zipper Stack. Specifically, each entry in the shadow stack stores a return address and its MAC in each chain, allowing queueing calculation with just one hash module. At meantime, some return address verifications could be done by comparison with the hardware shadow stack, instead of calculation again. We implemented Twine Stack on RISC-V architecture, and evaluated it on FPGA board. Our experiments show that Twine Stack reduces over 95% hash verifications, and imposes merely 1.38% performance overhead with an area overhead of 974 LUTs and 726 flip flops. The result demonstrates that our hybrid scheme mitigates the drawbacks of each separate scheme.

This paper exploits the possibility of exposing the location of active eavesdropper in commodity passive RFID system. Such active eavesdropper can activate the commodity passive RFID tags to achieve data eavesdropping and jamming. In this paper, we show that these active eavesdroppers can be significantly detrimental to the commodity passive RFID system on RFID data security and system feasibility. We believe that the best way to defeat the active eavesdropper in the commodity passive RFID system is to expose the location of the active eavesdropper and kick it out. To do so, we need to localize the active eavesdropper. However, we cannot extract the channel from the active eavesdropper, since we do not know what the active eavesdropper's transmission and the interference from the tag's backscattered signals. So, we propose an approach to mitigate the tag's interference and cancel out the active eavesdropper's transmission to obtain the subtraction-and-division features, which will be used as the input of the machine learning model to predict the location of active eavesdropper. Our preliminary results show the average accuracy of 96% for predicting the active eavesdropper's position in four grids of the surveillance plane.

In the last several years, wireless Battery Management Systems (BMS) have slowly become a topic of interest from both academia and industry. It came from a necessity derived from the increased production and use in different systems, including electric vehicles. Wireless communication allows for a more flexible and cost-efficient sensor installation in battery packs. However, many wireless technologies, such as those that use the 2.4 GHz frequency band, suffer from interference limitations that need to be addressed. In this paper, we present an alternative approach to communication in BMS that relies on the use of Near Field Communication (NFC) technology for battery sensor readouts. Due to a vital concern over the counterfeited battery pack products, security measures are also considered. To this end, we propose the use of an effective and easy to integrate authentication schema that is supported by dedicated NFC devices. To test the usability of our design, a demonstrator using the targeted devices was implemented and evaluated.

To ensure organization business and resources sustainability, it is required to establish Business Continuity Management System (BCMS). A key component of BCMS is conducting drills, which enables the organization to assess its readiness, sustainability and resiliency with an adequate planning for business continuation of unforeseen circumstances. The testing of the business services and processes is crucial and failing to conduct drills would lead to improper response and recovery strategies which will result in major financial loses. The drills aim to evaluate IT organization response, IT services recovery, identify observations, lessons learned and areas of improvement. As a result, identified observations are shared with service owners and tracked by BCMS to ensure closing all observations. However, tracking observations in a traditional manual approach is always associated with several challenges. This paper presents our experience in planning, executing, and validating the process of drills, by illustrating how an organization could overcome manual approach challenges with an automated observation tracking system. Additionally, we present our solution results in terms of time management and cost saving.

Smart products, such as toy robots, must comply with multiple legal requirements of the countries they are sold and used in. Currently, compliance with the legal environment requires manually customizing products for different markets. In this paper, we explore a design approach for smart products that enforces compliance with aspects of the European Union’s data protection principles within a product’s firmware through a toy robot case study. To this end, we present an exchange between computer scientists and legal scholars that identified the relevant data flows, their processing needs, and the implementation decisions that could allow a device to operate while complying with the EU data protection law. By designing a data-minimizing toy robot, we show that the variety, amount, and quality of data that is exposed, processed, and stored outside a user’s premises can be considerably reduced while preserving the device’s functionality. In comparison with a robot designed using a traditional approach, in which 90% of the collected types of information are stored by the data controller or a remote service, our proposed design leads to the mandatory exposure of only 7 out of 15 collected types of information, all of which are legally required by the data controller to demonstrate consent. Moreover, our design is aligned with the Data Privacy Vocabulary, which enables the toy robot to cross geographic borders and seamlessly adjust its data processing activities to the local regulations.

Rescue robots are expected to soon become commonplace at disaster sites, where they are increasingly being deployed to provide rescuers with improved access and intervention capabilities while mitigating risks. The presence of robots in operation areas, however, is likely to carry a layer of additional ethical complexity to situations that are already ethically challenging. In addition, limited guidance is available for ethically informed, practical decision-making in real-life disaster settings, and specific ethics training programs are lacking. The contribution of this paper is thus to propose a tool aimed at supporting ethics training for rescuers operating with rescue robots. To this end, we have designed an interactive text-based simulation. The simulation was developed in Python, using Tkinter, Python's de-facto standard GUI. It is designed in accordance with the Case-Based Learning approach, a widely used instructional method that has been found to work well for ethics training. The simulation revolves around a case grounded in ethical themes we identified in previous work on ethical issues in rescue robotics: fairness and discrimination, false or excessive expectations, labor replacement, safety, and trust. Here we present the design of the simulation and the results of usability testing.

A human-swarm cooperative system, which mixes multiple robots and a human supervisor to form a mission team, has been widely used for emergent scenarios such as criminal tracking and victim assistance. These scenarios are related to human safety and require a robot team to quickly transit from the current undergoing task into the new emergent task. This sudden mission change brings difficulty in robot motion adjustment and increases the risk of performance degradation of the swarm. Trust in human-human collaboration reflects a general expectation of the collaboration; based on the trust humans mutually adjust their behaviors for better teamwork. Inspired by this, in this research, a trust-aware reflective control (Trust-R), was developed for a robot swarm to understand the collaborative mission and calibrate its motions accordingly for better emergency response. Typical emergent tasks “transit between area inspection tasks”, “response to emergent target - car accident” in social security with eight fault-related situations were designed to simulate robot deployments. A human user study with 50 volunteers was conducted to model trust and assess swarm performance. Trust-R's effectiveness in supporting a robot team for emergency response was validated by improved task performance and increased trust scores.

In a socio-technically connected environment, self-adaptive systems need to cooperate with others to collect information to provide context-dependent functionalities to users. A key component of ensuring safe and secure cooperation is finding trustworthy information and its providers. Trust is an emerging quality attribute that represents the level of belief in the cooperative environments and serves as a promising solution in this regard. In this research, we will focus on analyzing trust characteristics and defining trust-aware models through the trust-aware goal model and the provenance model. The trust-aware goal model is designed to represent the trust-related requirements and their relationships. The provenance model is analyzed as trust evidence to be used for the trust evaluation. The proposed approach contributes to build a comprehensive understanding of trust and design a trust-aware self-adaptive system. In order to show the feasibility of the proposed approach, we will conduct a case study with the crowd navigation system for an unmanned vehicle system.

The main threats in complex networks for large-scale information systems using web browsers or service browsers are analyzed. The necessary security features for these types of systems are compared. The advantages of systems developed with service-browser technology are shown.

When the electrical grid in a region suffers a major outage, e.g., after a catastrophic cyber attack, a “black start” may be required, where the grid is slowly restarted, carefully and incrementally adding generating capacity and demand. To ensure safe and effective black start, the grid control center has to be able to communicate with field personnel and with supervisory control and data acquisition (SCADA) systems. Voice and text communication are particularly critical. As part of the Defense Advanced Research Projects Agency (DARPA) Rapid Attack Detection, Isolation, and Characterization Systems (RADICS) program, we designed, tested and evaluated a self-configuring mesh network prototype called the Phoenix Secure Emergency Network (PhoenixSEN). PhoenixSEN provides a secure drop-in replacement for grid's primary communication networks during black start recovery. The network combines existing and new technologies, can work with a variety of link-layer protocols, emphasizes manageability and auto-configuration, and provides services and applications for coordination of people and devices including voice, text, and SCADA communication. We discuss the architecture of PhoenixSEN and evaluate a prototype on realistic grid infrastructure through a series of DARPA-led exercises.