Results 1-14 of 14.
((uid:50008905))

Bookmark and Share    
Full Text
Peer Reviewed
See detailFacing the Safety-Security Gap in RTES: the Challenge of Timeliness
Volp, Marcus UL; Kozhaya, David UL; Verissimo, Paulo UL

Scientific Conference (2017, December)

Safety-critical real-time systems, including real-time cyber-physical and industrial control systems, need not be solely correct but also timely. Untimely (stale) results may have severe consequences that ... [more ▼]

Safety-critical real-time systems, including real-time cyber-physical and industrial control systems, need not be solely correct but also timely. Untimely (stale) results may have severe consequences that could render the control system’s behaviour hazardous to the physical world. To ensure predictability and timeliness, developers follow a rigorous process, which essentially ensures real-time properties a priori, in all but the most unlikely combinations of circumstances. However, we have seen the complexity of both real-time applications, and the environments they run on, increase. If this is matched with the also increasing sophistication of attacks mounted to RTES systems, the case for ensuring both safety and security through aprioristic predictability loses traction, and presents an opportunity, which we take in this paper, for discussing current practices of critical realtime system design. To this end, with a slant on low-level task scheduling, we first investigate the challenges and opportunities for anticipating successful attacks on real-time systems. Then, we propose ways for adapting traditional fault- and intrusiontolerant mechanisms to tolerate such hazards. We found that tasks which typically execute as analyzed under accidental faults, may exhibit fundamentally different behavior when compromised by malicious attacks, even with interference enforcement in place. [less ▲]

Detailed reference viewed: 25 (2 UL)
Full Text
Peer Reviewed
See detailProbabilistic Analysis of Low-Criticality Execution
Küttler, Martin; Roitzsch, Michael; Hamann, Claude-Joachim et al

Scientific Conference (2017, December)

The mixed-criticality toolbox promises system architects a powerful framework for consolidating real-time tasks with different safety properties on a single computing platform. Thanks to the research ... [more ▼]

The mixed-criticality toolbox promises system architects a powerful framework for consolidating real-time tasks with different safety properties on a single computing platform. Thanks to the research efforts in the mixed-criticality field, guarantees provided to the highest criticality level are well understood. However, lower-criticality job execution depends on the condition that all high-criticality jobs complete within their more optimistic low-criticality execution time bounds. Otherwise, no guarantees are made. In this paper, we add to the mixed-criticality toolbox by providing a probabilistic analysis method for low-criticality tasks. While deterministic models reduce task behavior to constant numbers, probabilistic analysis captures varying runtime behavior. We introduce a novel algorithmic approach for probabilistic timing analysis, which we call symbolic scheduling. For restricted task sets, we also present an analytical solution. We use this method to calculate per-job success probabilities for low-criticality tasks, in order to quantify, how low-criticality tasks behave in case of high-criticality jobs overrunning their optimistic low-criticality reservation. [less ▲]

Detailed reference viewed: 22 (2 UL)
Full Text
Peer Reviewed
See detailA Perspective of Security for Mobile Service Robots
Cornelius, Gary Philippe UL; Hochgeschwender, Nico UL; Voos, Holger UL et al

in Iberian Robotics Conference, Seville, Spain, 2017 (2017, November 22)

Future homes will contain Mobile Service Robots (MSR) with diverse functionality. MSRs act in close proximity to humans and have the physical capabilities to cause serious harm to their environment ... [more ▼]

Future homes will contain Mobile Service Robots (MSR) with diverse functionality. MSRs act in close proximity to humans and have the physical capabilities to cause serious harm to their environment. Furthermore, they have sensors that gather large amounts of data, which might contain sensitive information. A mobile service robot’s physical capabilities are controlled by networked computers susceptible to faults and intrusions. The proximity to humans and the possibility to physically interact with them makes it critical to think about the security issues of MSRs. In this work, we investigate possible attacks on mobile service robots. We survey adversary motivations to attack MSRs, analyse threat vectors and list different available defence mechanisms against attacks on MSRs. [less ▲]

Detailed reference viewed: 114 (50 UL)
Full Text
Peer Reviewed
See detailA Hardware/Software Stack for Heterogeneous Systems
Castrillon, Jeronimo; Lieber, Matthias; Klueppelholz, Sascha et al

in IEEE Transactions on Multi-Scale Computing Systems (2017), PP(99), 1

Plenty of novel emerging technologies are being proposed and evaluated today, mostly at the device and circuit levels. It is unclear what the impact of different new technologies at the system level will ... [more ▼]

Plenty of novel emerging technologies are being proposed and evaluated today, mostly at the device and circuit levels. It is unclear what the impact of different new technologies at the system level will be. What is clear, however, is that new technologies will make their way into systems and will increase the already high complexity of heterogeneous parallel computing platforms, making it ever so difficult to program them. This paper discusses a programming stack for heterogeneous systems that combines and adapts well-understood principles from different areas, including capability-based operating systems, adaptive application runtimes, dataflow programming models, and model checking. We argue why we think that these principles built into the stack and the interfaces among the layers will also be applicable to future systems that integrate heterogeneous technologies. The programming stack is evaluated on a tiled heterogeneous multicore. [less ▲]

Detailed reference viewed: 21 (3 UL)
Full Text
Peer Reviewed
See detailEnclave-Based Privacy-Preserving Alignment of Raw Genomic Information
Volp, Marcus UL; Decouchant, Jérémie UL; Lambert, Christoph UL et al

Scientific Conference (2017, October)

Recent breakthroughs in genomic sequencing led to an enormous increase of DNA sampling rates, which in turn favored the use of clouds to e ciently process huge amounts of genomic data. However, while ... [more ▼]

Recent breakthroughs in genomic sequencing led to an enormous increase of DNA sampling rates, which in turn favored the use of clouds to e ciently process huge amounts of genomic data. However, while allowing possible achievements in personalized medicine and related areas, cloud-based processing of genomic information also entails signi cant privacy risks, asking for increased protection. In this paper, we focus on the rst, but also most data-intensive, processing step of the genomics information processing pipeline: the alignment of raw genomic data samples (called reads) to a synthetic human reference genome. Even though privacypreserving alignment solutions (e.g., based on homomorphic encryption) have been proposed, their slow performance encourages alternatives based on trusted execution environments, such as Intel SGX, to speed up secure alignment. Such alternatives have to deal with data structures whose size by far exceeds secure enclave memory, requiring the alignment code to reach out into untrusted memory. We highlight how sensitive genomic information can be leaked when those enclave-external alignment data structures are accessed, and suggest countermeasures to prevent privacy breaches. The overhead of these countermeasures indicate that the competitiveness of a privacy-preserving enclavebased alignment has yet to be precisely evaluated. [less ▲]

Detailed reference viewed: 48 (1 UL)
Full Text
Peer Reviewed
See detailImproving Security for Time-Triggered Real-Time Systems against Timing Inference Based Attacks by Schedule Obfuscation
Krüger, Kristin; Fohler, Gerhard; Volp, Marcus UL

Scientific Conference (2017, June)

Covert timing channels in real-time systems allow adversaries to not only exfiltrate application secrets but also to mount timing inference based attacks. Much effort has been put into improving real-time ... [more ▼]

Covert timing channels in real-time systems allow adversaries to not only exfiltrate application secrets but also to mount timing inference based attacks. Much effort has been put into improving real-time system predictability with the additional benefit of reducing the former class of confidentiality attacks. However, the more predictable the system behaves, the easier timing inference based attacks become. Time-triggered scheduling is particularly vulnerable to these types of attacks due to offline constructed tables that are scheduled with clock synchronization and OS-timer predictability. In this paper, we obfuscate timetriggered scheduling to complicate timing inference based attacks while maintaining strong protection against exfiltration attacks. [less ▲]

Detailed reference viewed: 16 (3 UL)
Full Text
Peer Reviewed
See detailExploiting Transistor-Level Reconfiguration to Optimize Combinational Circuits on the Example of a Conditional Sum Adder
Raitza, Michael; Kumar, Akash; Volp, Marcus UL et al

Scientific Conference (2017, March)

Silicon nanowire reconfigurable field effect transistors (SiNW RFETs) abolish the physical separation of n-type and p-type transistors by taking up both roles in a configurable way within a doping-free ... [more ▼]

Silicon nanowire reconfigurable field effect transistors (SiNW RFETs) abolish the physical separation of n-type and p-type transistors by taking up both roles in a configurable way within a doping-free technology. However, the potential of transistor-level reconfigurability has not been demonstrated in larger circuits, so far. In this paper, we present first steps to a new compact and efficient design of combinational circuits by employing transistor-level reconfiguration. We contribute new basic gates realized with silicon nanowires, such as 2/3-XOR and MUX gates. Exemplifying our approach with 4-bit, 8-bit and 16-bit conditional carry adders, we were able to reduce the number of transistors to almost one half. With our current case study we show that SiNW technology can reduce the required chip area by 16 %, despite larger size of the individual transistor, and improve circuit speed by 26 %. [less ▲]

Detailed reference viewed: 176 (10 UL)
Full Text
Peer Reviewed
See detailFormally Verified Differential Dynamic Logic
Bohrer, Brandon; Rahli, Vincent UL; Vukotic, Ivana UL et al

in CPP 2017 (2017)

Detailed reference viewed: 154 (35 UL)
Full Text
Peer Reviewed
See detailPermanent Reencryption: How to Survive Generations of Cryptanalysts to Come
Volp, Marcus UL; Rocha, Francisco; Decouchant, Jérémie UL et al

in Twenty-fifth International Workshop on Security Protocols (2017)

Detailed reference viewed: 68 (15 UL)
Full Text
Peer Reviewed
See detailAvoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control
Volp, Marcus UL; Lackorzynski, Adam; Decouchant, Jérémie UL et al

Scientific Conference (2016, December 12)

Intel SGX is the latest processor architecture promising secure code execution despite large, complex and hence potentially vulnerable legacy operating systems (OSs). However, two recent works identified ... [more ▼]

Intel SGX is the latest processor architecture promising secure code execution despite large, complex and hence potentially vulnerable legacy operating systems (OSs). However, two recent works identified vulnerabilities that allow an untrusted management OS to extract secret information from Intel SGX's enclaves, and to violate their integrity by exploiting concurrency bugs. In this work, we re-investigate delayed preemption (DP) in the context of Intel SGX. DP is a mechanism originally proposed for L4-family microkernels as disable-interrupt replacement. Recapitulating earlier results on language-based information-flow security, we illustrate the construction of leakage-free code for enclaves. However, as long as adversaries have fine-grained control over preemption timing, these solutions are impractical from a performance/complexity perspective. To overcome this, we resort to delayed preemption, and sketch a software implementation for hypervisors providing enclaves as well as a hardware extension for systems like SGX. Finally, we illustrate how static analyses for SGX may be extended to check confidentiality of preemption-delaying programs. [less ▲]

Detailed reference viewed: 177 (23 UL)
Full Text
Peer Reviewed
See detailThe Orchestration Stack: The Impossible Task of Designing Software for Unknown Future Post-CMOS Hardware
Volp, Marcus UL; Klüppelholz, Sascha; Castrillon, Jeronimo et al

Scientific Conference (2016, November 14)

Future systems based on post-CMOS technologies will be wildly heterogeneous, with properties largely unknown today. This paper presents our design of a new hardware/software stack to address the challenge ... [more ▼]

Future systems based on post-CMOS technologies will be wildly heterogeneous, with properties largely unknown today. This paper presents our design of a new hardware/software stack to address the challenge of preparing software development for such systems. It combines well-understood technologies from different areas, e.g., network-on-chips, capability operating systems, flexible programming models and model checking. We describe our approach and provide details on key technologies. [less ▲]

Detailed reference viewed: 107 (10 UL)
Full Text
Peer Reviewed
See detailTowards Safe and Secure Autonomous and Cooperative Vehicle Ecosystems
Caldeira Lima, Antonio UL; Rocha, Francisco UL; Volp, Marcus UL et al

in Proceedings of the Second ACM Workshop on Cyber-Physical Systems Security and PrivaCy (2016, October)

Semi-autonomous driver assists are already widely deployed and fully autonomous cars are progressively leaving the realm of laboratories. This evolution coexists with a progressive connectivity and ... [more ▼]

Semi-autonomous driver assists are already widely deployed and fully autonomous cars are progressively leaving the realm of laboratories. This evolution coexists with a progressive connectivity and cooperation, creating important safety and security challenges, the latter ranging from casual hackers to highly-skilled attackers, requiring a holistic analysis, under the perspective of fully-fledged ecosystems of autonomous and cooperative vehicles. This position paper attempts at contributing to a better understanding of the global threat plane and the specific threat vectors designers should be at- tentive to. We survey paradigms and mechanisms that may be used to overcome or at least mitigate the potential risks that may arise through the several threat vectors analyzed. [less ▲]

Detailed reference viewed: 307 (72 UL)
Full Text
Peer Reviewed
See detailM3: A Hardware/Operating-System Co-Design to Tame Heterogeneous Manycores
Asmussen, Nils; Volp, Marcus UL; Nöthen, Benedikt et al

in Architectural Support for Programming Languages and Operating Systems (ASPLOS) (2016, April)

Detailed reference viewed: 221 (29 UL)
Full Text
Peer Reviewed
See detailTowards Dependable CPS Infrastructures: Architectural and Operating-System Challenges
Volp, Marcus UL; Asmussen, Nils; Härtig, Hermann et al

Scientific Conference (2015)

Detailed reference viewed: 105 (22 UL)