Defense Notices

Modern high-performance processors utilize techniques such as speculation and out-of-order execution to improve performance. Unfortunately, the recent Spectre and Meltdown exploits take advantage of these techniques to circumvent the security of the system. As speculation and out-of-order execution are complex features meant to enhance performance, full mitigation of these exploits often incurs high overhead and partial defenses need careful considerations to ensure attack surface is not left vulnerable.  In this work, we explore these attacks deeper,  both how they are executed and how to defend against them.   

We first propose a novel micro-architectural extension, SpectreGuard, that takes a data-centric approach to the problem. SpectreGuard attempts to reduce the performance penalty that is common with Spectre defenses by allowing software and hardware to work together. This collaborative approach allows software to tag secrets at the page granularity, then the underlying hardware can optimize secret data for security, while optimizing all other data for performance. Our research shows that such a combined approach allows for the creation of processors that can both achieve a high level of security while maintaining high performance.

We then propose SpectreRewind, a novel strategy for executing speculative execution attacks. SpectreRewind reverses the flow of traditional speculative execution attacks, creating new covert channels that transmit secret data to instructions that appear to execute logically before the attack even takes place. We find this attack vector can bypass some state-of-the-art proposed hardware defenses, as well as increase attack surface for certain Meltdown-type attacks on existing machines. Our research into this area helps towards completing the understanding of speculative execution attacks so that defenses can be designed with the knowledge of all attack vectors.

In data mining, rule induction is a process of extracting formal rules from decision

tables, where the later are the tabulated observations, which typically consist of few

attributes, i.e., independent variables and a decision, i.e., a dependent variable. Each

tuple in the table is considered as a case, and there could be n number of cases for a

table specifying each observation. The efficiency of the rule induction depends on how

many cases are successfully characterized by the generated set of rules, i.e., ruleset.

There are different rule induction algorithms, such as LEM1, LEM2, MLEM2. In the real

world, datasets will be imperfect, inconsistent, and incomplete. MLEM2 is an efficient

algorithm to deal with such sorts of data, but the quality of rule induction largely

depends on the chosen classification strategy. We tried to compare the 16 classification

strategies of rule induction using MLEM2 on incomplete data. For this, we

implemented MLEM2 for inducing rulesets based on the selection of the type of

approximation, i.e., singleton, subset or concept, and the value of alpha for calculating

probabilistic approximations. A program called rule checker is used to calculate the

error rate based on the classification strategy specified. To reduce the anomalies, we

used ten-fold cross-validation to measure the error rate for each classification. Error

rates for the above strategies are being calculated for different datasets, compared, and

presented.​

Recent advances in waveform generation and in computational power have enabled the design and implementation of new complex radar waveforms. Still, even with these advances in computation, in a pulse agile mode, where the radar transmits unique waveforms at every pulse, the requirement to design physically robust waveforms which achieve good autocorrelation sidelobes, are spectrally contained, and have a constant amplitude envelope for high power operation, can require expensive computation equipment and can impede real time operation. This work addresses this concern in the context of FM noise waveforms which have been demonstrated in recent years in both simulation and in experiments to achieve low autocorrelation sidelobes through the high dimensionality of coherent integration when operating in a pulse agile mode. However while they are effective, the approaches to design these waveforms requires the optimization of each individual waveform making them subject to the concern above.

This dissertation takes a different approach. Since these FM noise waveforms are meant to be noise like in the first place, the waveforms here are instantiated as the sample functions of a stochastic process which has been specially designed to produce spectrally contained, constant amplitude waveforms with noise like cancellation of sidelobes. This makes the waveform creation process little more computationally expensive than pulling numbers from a random number generator (RNG) since the optimization designs a waveform generating function (WGF) itself rather than each waveform themselves. This goal is achieved by leveraging gradient descent optimization methods to reduce the expected frequency template error (EFTE) cost function for both the pulsed stochastic waveform generation (StoWGe) waveform model and a new CW version of StoWGe denoted CW-StoWGe. The effectiveness of these approaches and their ability to generate useful radar waveforms is analyzed using several stochastic waveform generation metrics developed here. The EFTE optimization is shown through simulation to produce WGFs which generate FM noise waveforms in both pulsed and CW modes which achieve good spectral containment and autocorrelation sidelobes. The resulting waveforms will be demonstrated in both loopback and in open-air experiments to be robust to physical implementation.

High-order numerical methods for solving PDEs have the potential to deliver higher solution accuracy at a lower cost than their low-order counterparts.  To fully leverage these high-order computational methods, they must be paired with a discretization of the domain that accurately captures key geometric features.  In the presence of curved boundaries, this requires a high-order curvilinear mesh.  Consequently, there is a lot of interest in high-order mesh generation methods.  The majority of such methods warp a high-order straight-sided mesh through the following three step process.  First, they add additional nodes to a low-order mesh to create a high-order straight-sided mesh.  Second, they move the newly added boundary nodes onto the curved domain (i.e., apply a boundary deformation).  Finally, they compute the new locations of the interior nodes based on the boundary deformation.  We have developed a mesh warping framework based on optimal weighted combinations of nodal positions.  Within our framework, we develop methods for optimal affine and convex combinations of nodal positions, respectively.  We demonstrate the effectiveness of the methods within our framework on a variety of high-order mesh generation examples in two and three dimensions.  As with many other methods in this area, the methods within our framework do not guarantee the generation of a valid mesh.  To address this issue, we have also developed two high-order mesh untangling methods.  These optimization-based untangling methods formulate unconstrained optimization problems for which the objective functions are based on the unsigned and signed angles of the curvilinear elements.  We demonstrate the results of our untangling methods on a variety of two-dimensional triangular meshes.

With the emergence of autonomous systems such as self-driving cars and drones, the need for high-performance real-time embedded systems is increasing. On the other hand, the physics of the autonomous systems constraints size, weight, and power consumption (known as SWaP constraints) of the embedded systems. A solution to satisfy the need for high performance while meeting the SWaP constraints is to incorporate multicore processors in real-time embedded systems. However, unlike unicore processors, in multicore processors, the memory system is shared between the cores. As a result, the memory system performance varies widely due to inter-core memory interference. This can lead to over-estimating the worst-case execution time (WCET) of the real-time tasks running on these processors, and therefore, under-utilizing the computation resources. In fact, recent studies have shown that real-time tasks can be slowed down more than 300 times due to inter-core memory interference.

In this work, we propose novel software and hardware extensions to multicore processors to bound the inter-core memory interference in order to reduce the pessimism of WCET and to improve time predictability. We introduce a novel memory abstraction, which we call Deterministic Memory, that cuts across various layers of the system: the application, OS, and hardware. The key characteristic of Deterministic Memory is that the platform—the OS and hardware—guarantees small and tightly bounded worst-case memory access timing.  Additionally, we propose a drop-in hardware IP that enables bounding the memory interference by per-core regulation of the memory access bandwidth at fine-grained time intervals. This new IP, which we call the Bandwidth Regulation Unit (BRU), does not require significant changes to the processor microarchitecture and can be seamlessly integrated with the existing microprocessors. Moreover, BRU has the ability to regulate the memory access bandwidth of multiple cores collectively to improve bandwidth utilization. As for future work, we plan to further improve bandwidth utilization by extending BRU to recognize memory requests accessing different levels of the memory hierarchy (e.g. LLC and DRAM). We propose to fully evaluate these extensions on open-source software and hardware and measure their effectiveness with realistic case studies.

Scheduling of real-time tasks involves analytically determining whether each task in a group of periodic tasks can finish before its deadline. This problem is well understood for unicore platforms and there are exact schedulability tests which can be used for this purpose. However, in multicore platforms, sharing of hardware resources between simultaneously executing real-time tasks creates non-deterministic coupling between them based on their requirement of the shared hardware resource(s) which significantly complicates the schedulability analysis. The standard practice is to over-estimate the worst-case execution time (WCET) of the real-time tasks, by a constant factor (e.g, 2x), when determining schedulability on these platforms. Although widely used, this practice has two serious flaws. Firstly, it can make the schedulability analysis overly pessimistic because all tasks do not interfere with each other equally. Secondly, recent findings have shown that for tasks that do get affected by shared resource interference, they can experience extreme (e.g., >300X) WCET increases on commercial-of-the-shelf (COTS) multicore platforms, in which case, a schedulability analysis incorporating a blanket interference factor of 2x for every task cannot give accurate results. Apart from the problem of WCET estimation, the established schedulability analyses for multicore platforms are inherently pessimistic due to the effect of carry-in jobs from high priority tasks. Finally, the increasing integration of hardware accelerators (e.g., GPU) on SoCs complicates the problem further because of the nuances of scheduling on these devices which is different from traditional CPU scheduling.

We propose a novel approach towards scheduling of real-time tasks on heterogeneous multicore platforms with the aim of increased determinism and utilization in the online execution of real-time tasks and decreased pessimism in the offline schedulability analysis. Under this framework, we propose to statically group different real-time tasks into a single scheduling entity called a virtual-gang. Once formed, these virtual-gangs are to be executed one-at-a-time with strict regulation on interference from other sources with the help of state-of-the-art techniques for performance isolation in multicore platforms. Using this idea, we can achieve three goals. Firstly, we can limit the effect of shared resource interference which can exist only between tasks that are part of the same virtual-gang. Secondly, due to one-gang-at-a-time policy, we can transform the complex problem of scheduling real-time tasks on multicore platforms into simple and well-understood problem of scheduling these tasks on unicore platforms. Thirdly, we can demonstrate that it is easy to incorporate scheduling on integrated GPUs into our framework while preserving the determinism of the overall system. We show that the virtual-gang formation problem can be modeled as an optimization problem and present algorithms for solving it with different trade-offs. We propose to fully implement this framework in the open-source Linux kernel and evaluate it both analytically using generated tasksets and empirically with realistic case-studies.

The Internet of Things (IoT) is evolving rapidly to every aspect of human life including, healthcare, homes, cities, and driverless vehicles that makes humans more dependent on the Internet and related infrastructure. While many researchers have studied the structure of the Internet that is resilient as a whole, new studies are required to investigate the resilience of the edge networks in which people and \things" connect to the Internet. Since the range of service requirements varies at the edge of the network, a wide variety of technologies with different topologies are involved. Though the heterogeneity of the technologies at the edge networks can improve the robustness through the diversity of mechanisms, other issues such as connectivity among the utilized technologies and cascade of failures would not have the same effect as a simple  network. Therefore, regardless of the size of networks at the edge, the structure of these networks is complicated and requires appropriate study.

In this dissertation, we propose an abstract model for smart homes, as part of one of the fast-growing networks at the edge, to illustrate the heterogeneity and complexity of the network structure. As the next step, we make two instances of the abstract smart home model and perform a graph-theoretic analysis to recognize the fundamental behavior of the network to improve its robustness. During the process, we introduce a formal multilayer graph model to highlight the structures, topologies, and connectivity of various technologies at the edge networks and their connections to the Internet core. Furthermore,  we propose another graph model, technology interdependence graph, to represent the connectivity of technologies. This representation shows the degree of connectivity among technologies and illustrates which technologies are more vulnerable to link and node failures.

Moreover, the dominant topologies at the edge change the node and link vulnerability, which can be used to apply worst-case scenario attacks. Restructuring of the network by adding new links associated with various protocols to maximize the robustness of a given network can have distinctive outcomes for different robustness metrics. However, typical centrality metrics usually fail to identify important nodes in multi-technology networks such as smart homes. We propose four new centrality metrics to improve the process of identifying important nodes in multi-technology networks and recognize vulnerable nodes. Finally, we study over 1000 different smart home  topologies to examine the resilience of the networks with typical and the proposed centrality metrics.

In the wake of the Facebook data breach scandal, users begin to realize how vulnerable their per-sonal data is and how blindly they trust the online social networks (OSNs) by giving them an inordinate amount of private data that touch on unlimited areas of their lives. In particular, stud-ies show that users sometimes reveal too much information or unintentionally release regretful messages, especially when they are careless, emotional, or unaware of privacy risks. Additionally, friends on social media platforms are also found to be adversarial and may leak one’s private in-formation. Threats from within users’ friend networks – insider threats by human or bots – may be more concerning because they are much less likely to be mitigated through existing solutions, e.g., the use of privacy settings. Therefore, we argue that the key component of privacy protection in social networks is protecting sensitive/private content, i.e. privacy as having the ability to control dissemination of information. A mechanism to automatically identify potentially sensitive/private posts and alert users before they are posted is urgently needed.

In this dissertation, we propose a context-aware, text-based quantitative model for private information assessment, namely PrivScore, which is expected to serve as the foundation of a privacy leakage alerting mechanism. We first solicit diverse opinions on the sensitiveness of private information from crowdsourcing workers, and examine the responses to discover a perceptual model behind the consensuses and disagreements. We then develop a computational scheme using deep neural networks to compute a context-free PrivScore (i.e., the “consensus” privacy score among average users). Finally, we integrate tweet histories, topic preferences and social contexts to generate a per-sonalized context-aware PrivScore. This privacy scoring mechanism could be employed to identify potentially-private messages and alert users to think again before posting them to OSNs. Such a mechanism could also benefit non-human users such as social media chatbots.​

The Internet of Things is a rapidly growing field that offers improved data collection, analysis and automation as solutions for everyday problems. A smart-city is one major example where these solutions can be applied to issues with urbanization. And while these solutions can help improve the quality of life of the citizens, there are always security & privacy risks. Data collected in a smart-city can infringe upon the privacy of users and reveal potentially harmful information. One example is a surveillance system in a smart city. Research shows that people are less likely to commit crimes if they are being watched. Video footage can also be used by law enforcement to track and stop criminals. But it can also be harmful if accessible to untrusted users. A malicious user who can gain access to a surveillance system can potentially use that information to harm others. There are researched methods that can be used to encrypt the video feed, but then it is only accessible to the system owner. Polls show that public opinion of surveillance systems is declining even if they provide increased security because of the lack of transparency in the system. Therefore, it is vital for the system to be able to do its intended purpose while also preserving privacy and holding malicious users accountable.  

To help resolve these issues with privacy & accountability and to allow for collaboration, we propose Corvus, an IoT surveillance system that targets smart communities. Corvus is a collaborative blockchain based surveillance system that uses context-based image captioning to anonymously describe events & people detected. These anonymous captions are stored on the immutable blockchain and are accessible by other users. If they find the description from another camera relevant to their own, they can request the raw video footage if necessary. This system supports collaboration between cameras from different networks, such as between two neighbors with their own private camera networks.  This paper will explore the design of this system and how it can be used as a privacy-preserving, but translucent & accountable approach to smart-city surveillance. Our contributions include exploring a novel approach to anonymizing detected events and designing the surveillance system to be privacy-preserving and collaborative.

Dynamic binary translation is the process of translating instruction code from one architecture to another while it executes, i.e., dynamically. As modern applications are becoming larger, more complex and more dynamic, the tools to manipulate these programs are also becoming increasingly complex. DynamoRIO is one such dynamic binary translation tool that targets the most common IA-32 (a.k.a. x86) architecture on the most popular operating systems - Windows and Linux. DynamoRIO includes applications ranging from program analysis and understanding to profiling, instrumentation, optimization, improving software security, and more. However, even considering all of these optimization techniques, DynamoRIO still has the limitations of performance and memory usage, which restrict deployment scalability. The goal of my thesis is to break down the various aspects which contribute to the overhead burden and evaluate which factors directly contribute to this overhead. This thesis will discuss all of these factors in further detail. If the process can be streamlined, this application will become more viable for widespread adoption in a variety of areas. We have used industry standard Mi benchmarks in order to evaluate in detail the amount and distribution of the overhead in DynamoRIO. Our statistics from the experiments show that DynamoRIO executes a large number of additional instructions when compared to the native execution of the application. Furthermore, these additional instructions are involved in building the basic blocks, linking, trace creation, and resolution of indirect branches, all of which in return contribute to the frequent exiting of the code cache. We will discuss in detail all of these overheads, show statistics of instructions for each overhead, and finally show the observations and analysis in this defense.