Paper Session 3

file

Visible to the public A Formal Security Analysis of Zigbee

Submitted by Anonymous on Fri, 03/13/2020 - 1:17pm. Contributors:
The rapid increase in the number of IoT devices in recent years indi-cates how much financial investment and efforts the tech-industries and the device manufacturers have put in. Unfortunately, this ag-gressive competition can give rise to poor quality IoT devices that are prone to adversarial attacks. To make matter worse, these at-tacks can compromise not only security but also safety, since an IoT device can directly operate on the physical world.
file

Visible to the public WOLF: Automated Machine Learning Workflow Management for various Applications

Submitted by sanaawan on Fri, 03/13/2020 - 12:51pm. Contributors:
Applying machine learning techniques to solve real-world prob-lems is a highly iterative process. The process from idea to code and then to experiment may require up to thousands of iterations to find the optimum set of hyper-parameters. Also, it is hard to find best machine learning techniques for a given dataset. The WOLF framework has been designed to simultaneously automate the pro-cess of selecting the best algorithm and searching for the optimum hyper-parameters.
file

Visible to the public Ghostbusting: Mitigating Spectre with Intraprocess Memory Isolation

Submitted by Sergey Bratus on Fri, 03/13/2020 - 12:41pm. Contributors:
Spectre attacks have drawn much attention since their announce-ment. Speculative execution creates so-called transient instructions, those whose results are ephemeral and not committed architec-turally. However, various side-channels exist to extract these tran-sient results from the microarchitecture, e.g., caches. Spectre Variant 1, the so-called Bounds Check Bypass, was the first such attack to be demonstrated.
file

Visible to the public Neutralizing Manipulation of Critical Data by Enforcing Data-Instruction Dependency

Submitted by George Amariucai on Fri, 03/13/2020 - 12:35pm. Contributors:
In this paper, we propose a new approach to neutralize attacks that tamper with critical program data. Our technique uses a sequence of instructions as a trap against the illicit modification of the critical data. In a nutshell, we set up a dependency such that the contin-ued execution of the program is contingent upon the successful execution of the instruction sequence and the successful execution of the instruction sequence is contingent upon the integrity of the critical data.