References of "Volp, Marcus 50008905"
     in
Bookmark and Share    
Full Text
See detailPriLock:Citizen-protecting distributed epidemic tracing
Esteves-Verissimo, Paulo UL; Decouchant, Jérémie UL; Volp, Marcus UL et al

E-print/Working paper (2020)

Contact tracing is an important instrument for national health services to fight epidemics. As part of the COVID-19 situation, many proposals have been made for scaling up contract tracing capacities with ... [more ▼]

Contact tracing is an important instrument for national health services to fight epidemics. As part of the COVID-19 situation, many proposals have been made for scaling up contract tracing capacities with the help of smartphone applications, an important but highly critical endeavor due to the privacy risks involved in such solutions. Extending our previously expressed concern, we clearly articulate in this article, the functional and non-functional requirements that any solution has to meet, when striving to serve, not mere collections of individuals, but the whole of a nation, as required in face of such potentially dangerous epidemics. We present a critical information infrastructure, PriLock, a fully-open preliminary architecture proposal and design draft for privacy preserving contact tracing, which we believe can be constructed in a way to fulfill the former requirements. Our architecture leverages the existing regulated mobile communication infrastructure and builds upon the concept of "checks and balances", requiring a majority of independent players to agree to effect any operation on it, thus preventing abuse of the highly sensitive information that must be collected and processed for efficient contact tracing. This is enforced with a largely decentralised layout and highly resilient state-of-the-art technology, which we explain in the paper, finishing by giving a security, dependability and resilience analysis, showing how it meets the defined requirements, even while the infrastructure is under attack. [less ▲]

Detailed reference viewed: 22 (0 UL)
Full Text
See detailBehind the Last Line of Defense -- Surviving SoC Faults and Intrusions
Pinto Gouveia, Ines UL; Volp, Marcus UL; Esteves-Verissimo, Paulo UL

E-print/Working paper (2020)

Today, leveraging the enormous modular power, diversity and flexibility of manycore systems-on-a-chip (SoCs) requires careful orchestration of complex resources, a task left to low-level software, e.g ... [more ▼]

Today, leveraging the enormous modular power, diversity and flexibility of manycore systems-on-a-chip (SoCs) requires careful orchestration of complex resources, a task left to low-level software, e.g. hypervisors. In current architectures, this software forms a single point of failure and worthwhile target for attacks: once compromised, adversaries gain access to all information and full control over the platform and the environment it controls. This paper proposes Midir, an enhanced manycore architecture, effecting a paradigm shift from SoCs to distributed SoCs. Midir changes the way platform resources are controlled, by retrofitting tile-based fault containment through well known mechanisms, while securing low-overhead quorum-based consensus on all critical operations, in particular privilege management and, thus, management of containment domains. Allowing versatile redundancy management, Midir promotes resilience for all software levels, including at low level. We explain this architecture, its associated algorithms and hardware mechanisms and show, for the example of a Byzantine fault tolerant microhypervisor, that it outperforms the highly efficient MinBFT by one order of magnitude. [less ▲]

Detailed reference viewed: 51 (1 UL)
Full Text
Peer Reviewed
See detailPrivacy-Preserving Processing of Filtered DNA Reads
Fernandes, Maria UL; Decouchant, Jérémie UL; Volp, Marcus UL et al

Scientific Conference (2019, October 22)

Detailed reference viewed: 40 (7 UL)
Full Text
Peer Reviewed
See detailDNA-SeAl: Sensitivity Levels to Optimize the Performance of Privacy-Preserving DNA Alignment
Fernandes, Maria UL; Decouchant, Jérémie UL; Volp, Marcus UL et al

in IEEE Journal of Biomedical and Health Informatics (2019)

The advent of next-generation sequencing (NGS) machines made DNA sequencing cheaper, but also put pressure on the genomic life-cycle, which includes aligning millions of short DNA sequences, called reads ... [more ▼]

The advent of next-generation sequencing (NGS) machines made DNA sequencing cheaper, but also put pressure on the genomic life-cycle, which includes aligning millions of short DNA sequences, called reads, to a reference genome. On the performance side, efficient algorithms have been developed, and parallelized on public clouds. On the privacy side, since genomic data are utterly sensitive, several cryptographic mechanisms have been proposed to align reads more securely than the former, but with a lower performance. This manuscript presents DNA-SeAl a novel contribution to improving the privacy × performance product in current genomic workflows. First, building on recent works that argue that genomic data needs to be treated according to a threat-risk analysis, we introduce a multi-level sensitivity classification of genomic variations designed to prevent the amplification of possible privacy attacks. We show that the usage of sensitivity levels reduces future re-identification risks, and that their partitioning helps prevent linkage attacks. Second, after extending this classification to reads, we show how to align and store reads using different security levels. To do so, DNA-SeAl extends a recent reads filter to classify unaligned reads into sensitivity levels, and adapts existing alignment algorithms to the reads sensitivity. We show that using DNA-SeAl allows high performance gains whilst enforcing high privacy levels in hybrid cloud environments. [less ▲]

Detailed reference viewed: 114 (16 UL)
Full Text
Peer Reviewed
See detailSustainable Security and Safety: Challenges and Opportunities
Paverd, Andrew; Volp, Marcus UL; Brasser, Ferdinand et al

in OpenAccess Series in Informatics (OASIcs) (2019), 73

A significant proportion of today's information and communication technology (ICT) systems are entrusted with high value assets, and our modern society has become increasingly dependent on these systems ... [more ▼]

A significant proportion of today's information and communication technology (ICT) systems are entrusted with high value assets, and our modern society has become increasingly dependent on these systems operating safely and securely over their anticipated lifetimes. However, we observe a mismatch between the lifetimes expected from ICT-supported systems (such as autonomous cars) and the duration for which these systems are able to remain safe and secure, given the spectrum of threats they face. Whereas most systems today are constructed within the constraints of foreseeable technology advancements, we argue that long term, i.e., sustainable security & safety, requires anticipating the unforeseeable and preparing systems for threats not known today. In this paper, we set out our vision for sustainable security & safety. We summarize the main challenges in realizing this desideratum in real-world systems, and we identify several design principles that could address these challenges and serve as building blocks for achieving this vision. [less ▲]

Detailed reference viewed: 39 (6 UL)
Full Text
Peer Reviewed
See detailVulnerability Analysis and Mitigation of Directed Timing Inference Based Attacks on Time-Triggered Systems
Krüger, Kristin; Volp, Marcus UL; Fohler, Gerhard

in LIPIcs-Leibniz International Proceedings in Informatics (2018), 106

Much effort has been put into improving the predictability of real-time systems, especially in safety-critical environments, which provides designers with a rich set of methods and tools to attest safety ... [more ▼]

Much effort has been put into improving the predictability of real-time systems, especially in safety-critical environments, which provides designers with a rich set of methods and tools to attest safety in situations with no or a limited number of accidental faults. However, with increasing connectivity of real-time systems and a wide availability of increasingly sophisticated exploits, security and, in particular, the consequences of predictability on security become concerns of equal importance. Time-triggered scheduling with offline constructed tables provides determinism and simplifies timing inference, however, at the same time, time-triggered scheduling creates vulnerabilities by allowing attackers to target their attacks to specific, deterministically scheduled and possibly safety-critical tasks. In this paper, we analyze the severity of these vulnerabilities by assuming successful compromise of a subset of the tasks running in a real-time system and by investigating the attack potential that attackers gain from them. Moreover, we discuss two ways to mitigate direct attacks: slot-level online randomization of schedules, and offline schedule-diversification. We evaluate these mitigation strategies with a real-world case study to show their practicability for mitigating not only accidentally malicious behavior, but also malicious behavior triggered by attackers on purpose. [less ▲]

Detailed reference viewed: 81 (4 UL)
Full Text
Peer Reviewed
See detailIntrusion-Tolerant Autonomous Driving
Volp, Marcus UL; Verissimo, Paulo UL

in Proceedings of 2018 IEEE 21st International Symposium on Real-Time Distributed Computing (ISORC) (2018, May 29)

Fully autonomous driving is one if not the killer application for the upcoming decade of real-time systems. However, in the presence of increasingly sophisticated attacks by highly skilled and well ... [more ▼]

Fully autonomous driving is one if not the killer application for the upcoming decade of real-time systems. However, in the presence of increasingly sophisticated attacks by highly skilled and well equipped adversarial teams, autonomous driving must not only guarantee timeliness and hence safety. It must also consider the dependability of the software concerning these properties while the system is facing attacks. For distributed systems, fault-and-intrusion tolerance toolboxes already offer a few solutions to tolerate partial compromise of the system behind a majority of healthy components operating in consensus. In this paper, we present a concept of an intrusion-tolerant architecture for autonomous driving. In such a scenario, predictability and recovery challenges arise from the inclusion of increasingly more complex software on increasingly less predictable hardware. We highlight how an intrusion tolerant design can help solve these issues by allowing timeliness to emerge from a majority of complex components being fast enough, often enough while preserving safety under attack through pre-computed fail safes. [less ▲]

Detailed reference viewed: 86 (10 UL)
Full Text
Peer Reviewed
See detailVelisarios: Byzantine Fault-Tolerant Protocols Powered by Coq
Rahli, Vincent UL; Vukotic, Ivana UL; Volp, Marcus UL et al

in ESOP 2018 (2018, April)

Our increasing dependence on complex and critical information infrastructures and the emerging threat of sophisticated attacks, ask for extended efforts to ensure the correctness and security of these ... [more ▼]

Our increasing dependence on complex and critical information infrastructures and the emerging threat of sophisticated attacks, ask for extended efforts to ensure the correctness and security of these systems. Byzantine fault-tolerant state-machine replication (BFT-SMR) provides a way to harden such systems. It ensures that they maintain correctness and availability in an application-agnostic way, provided that the replication protocol is correct and at least n-f out of n replicas survive arbitrary faults. This paper presents Velisarios a logic-of-events based framework implemented in Coq, which we developed to implement and reason about BFT-SMR protocols. As a case study, we present the first machine-checked proof of a crucial safety property of an implementation of the area's reference protocol: PBFT. [less ▲]

Detailed reference viewed: 476 (60 UL)
Full Text
Peer Reviewed
See detailAccurate filtering of privacy-sensitive information in raw genomic data
Decouchant, Jérémie UL; Fernandes, Maria UL; Volp, Marcus UL et al

in Journal of Biomedical Informatics (2018)

Sequencing thousands of human genomes has enabled breakthroughs in many areas, among them precision medicine, the study of rare diseases, and forensics. However, mass collection of such sensitive data ... [more ▼]

Sequencing thousands of human genomes has enabled breakthroughs in many areas, among them precision medicine, the study of rare diseases, and forensics. However, mass collection of such sensitive data entails enormous risks if not protected to the highest standards. In this article, we follow the position and argue that post-alignment privacy is not enough and that data should be automatically protected as early as possible in the genomics workflow, ideally immediately after the data is produced. We show that a previous approach for filtering short reads cannot extend to long reads and present a novel filtering approach that classifies raw genomic data (i.e., whose location and content is not yet determined) into privacy-sensitive (i.e., more affected by a successful privacy attack) and non-privacy-sensitive information. Such a classification allows the fine-grained and automated adjustment of protective measures to mitigate the possible consequences of exposure, in particular when relying on public clouds. We present the first filter that can be indistinctly applied to reads of any length, i.e., making it usable with any recent or future sequencing technologies. The filter is accurate, in the sense that it detects all known sensitive nucleotides except those located in highly variable regions (less than 10 nucleotides remain undetected per genome instead of 100,000 in previous works). It has far less false positives than previously known methods (10% instead of 60%) and can detect sensitive nucleotides despite sequencing errors (86% detected instead of 56% with 2% of mutations). Finally, practical experiments demonstrate high performance, both in terms of throughput and memory consumption. [less ▲]

Detailed reference viewed: 233 (41 UL)
Full Text
Peer Reviewed
See detailFacing the Safety-Security Gap in RTES: the Challenge of Timeliness
Volp, Marcus UL; Kozhaya, David UL; Verissimo, Paulo UL

Scientific Conference (2017, December)

Safety-critical real-time systems, including real-time cyber-physical and industrial control systems, need not be solely correct but also timely. Untimely (stale) results may have severe consequences that ... [more ▼]

Safety-critical real-time systems, including real-time cyber-physical and industrial control systems, need not be solely correct but also timely. Untimely (stale) results may have severe consequences that could render the control system’s behaviour hazardous to the physical world. To ensure predictability and timeliness, developers follow a rigorous process, which essentially ensures real-time properties a priori, in all but the most unlikely combinations of circumstances. However, we have seen the complexity of both real-time applications, and the environments they run on, increase. If this is matched with the also increasing sophistication of attacks mounted to RTES systems, the case for ensuring both safety and security through aprioristic predictability loses traction, and presents an opportunity, which we take in this paper, for discussing current practices of critical realtime system design. To this end, with a slant on low-level task scheduling, we first investigate the challenges and opportunities for anticipating successful attacks on real-time systems. Then, we propose ways for adapting traditional fault- and intrusiontolerant mechanisms to tolerate such hazards. We found that tasks which typically execute as analyzed under accidental faults, may exhibit fundamentally different behavior when compromised by malicious attacks, even with interference enforcement in place. [less ▲]

Detailed reference viewed: 143 (15 UL)
Full Text
Peer Reviewed
See detailProbabilistic Analysis of Low-Criticality Execution
Küttler, Martin; Roitzsch, Michael; Hamann, Claude-Joachim et al

Scientific Conference (2017, December)

The mixed-criticality toolbox promises system architects a powerful framework for consolidating real-time tasks with different safety properties on a single computing platform. Thanks to the research ... [more ▼]

The mixed-criticality toolbox promises system architects a powerful framework for consolidating real-time tasks with different safety properties on a single computing platform. Thanks to the research efforts in the mixed-criticality field, guarantees provided to the highest criticality level are well understood. However, lower-criticality job execution depends on the condition that all high-criticality jobs complete within their more optimistic low-criticality execution time bounds. Otherwise, no guarantees are made. In this paper, we add to the mixed-criticality toolbox by providing a probabilistic analysis method for low-criticality tasks. While deterministic models reduce task behavior to constant numbers, probabilistic analysis captures varying runtime behavior. We introduce a novel algorithmic approach for probabilistic timing analysis, which we call symbolic scheduling. For restricted task sets, we also present an analytical solution. We use this method to calculate per-job success probabilities for low-criticality tasks, in order to quantify, how low-criticality tasks behave in case of high-criticality jobs overrunning their optimistic low-criticality reservation. [less ▲]

Detailed reference viewed: 62 (4 UL)
Full Text
Peer Reviewed
See detailA Perspective of Security for Mobile Service Robots
Cornelius, Gary Philippe UL; Hochgeschwender, Nico UL; Voos, Holger UL et al

in Iberian Robotics Conference, Seville, Spain, 2017 (2017, November 22)

Future homes will contain Mobile Service Robots (MSR) with diverse functionality. MSRs act in close proximity to humans and have the physical capabilities to cause serious harm to their environment ... [more ▼]

Future homes will contain Mobile Service Robots (MSR) with diverse functionality. MSRs act in close proximity to humans and have the physical capabilities to cause serious harm to their environment. Furthermore, they have sensors that gather large amounts of data, which might contain sensitive information. A mobile service robot’s physical capabilities are controlled by networked computers susceptible to faults and intrusions. The proximity to humans and the possibility to physically interact with them makes it critical to think about the security issues of MSRs. In this work, we investigate possible attacks on mobile service robots. We survey adversary motivations to attack MSRs, analyse threat vectors and list different available defence mechanisms against attacks on MSRs. [less ▲]

Detailed reference viewed: 289 (67 UL)
Full Text
Peer Reviewed
See detailA Hardware/Software Stack for Heterogeneous Systems
Castrillon, Jeronimo; Lieber, Matthias; Klueppelholz, Sascha et al

in IEEE Transactions on Multi-Scale Computing Systems (2017), PP(99), 1

Plenty of novel emerging technologies are being proposed and evaluated today, mostly at the device and circuit levels. It is unclear what the impact of different new technologies at the system level will ... [more ▼]

Plenty of novel emerging technologies are being proposed and evaluated today, mostly at the device and circuit levels. It is unclear what the impact of different new technologies at the system level will be. What is clear, however, is that new technologies will make their way into systems and will increase the already high complexity of heterogeneous parallel computing platforms, making it ever so difficult to program them. This paper discusses a programming stack for heterogeneous systems that combines and adapts well-understood principles from different areas, including capability-based operating systems, adaptive application runtimes, dataflow programming models, and model checking. We argue why we think that these principles built into the stack and the interfaces among the layers will also be applicable to future systems that integrate heterogeneous technologies. The programming stack is evaluated on a tiled heterogeneous multicore. [less ▲]

Detailed reference viewed: 126 (4 UL)
Full Text
Peer Reviewed
See detailEnclave-Based Privacy-Preserving Alignment of Raw Genomic Information
Volp, Marcus UL; Decouchant, Jérémie UL; Lambert, Christoph UL et al

Scientific Conference (2017, October)

Recent breakthroughs in genomic sequencing led to an enormous increase of DNA sampling rates, which in turn favored the use of clouds to efficiently process huge amounts of genomic data. However, while ... [more ▼]

Recent breakthroughs in genomic sequencing led to an enormous increase of DNA sampling rates, which in turn favored the use of clouds to efficiently process huge amounts of genomic data. However, while allowing possible achievements in personalized medicine and related areas, cloud-based processing of genomic information also entails significant privacy risks, asking for increased protection. In this paper, we focus on the first, but also most data-intensive, processing step of the genomics information processing pipeline: the alignment of raw genomic data samples (called reads) to a synthetic human reference genome. Even though privacy-preserving alignment solutions (e.g., based on homomorphic encryption) have been proposed, their slow performance encourages alternatives based on trusted execution environments, such as Intel SGX, to speed up secure alignment. Such alternatives have to deal with data structures whose size by far exceeds secure enclave memory, requiring the alignment code to reach out into untrusted memory. We highlight how sensitive genomic information can be leaked when those enclave-external alignment data structures are accessed, and suggest countermeasures to prevent privacy breaches. The overhead of these countermeasures indicate that the competitiveness of a privacy-preserving enclave-based alignment has yet to be precisely evaluated. [less ▲]

Detailed reference viewed: 208 (25 UL)
Full Text
Peer Reviewed
See detailImproving Security for Time-Triggered Real-Time Systems against Timing Inference Based Attacks by Schedule Obfuscation
Krüger, Kristin; Fohler, Gerhard; Volp, Marcus UL

Scientific Conference (2017, June)

Covert timing channels in real-time systems allow adversaries to not only exfiltrate application secrets but also to mount timing inference based attacks. Much effort has been put into improving real-time ... [more ▼]

Covert timing channels in real-time systems allow adversaries to not only exfiltrate application secrets but also to mount timing inference based attacks. Much effort has been put into improving real-time system predictability with the additional benefit of reducing the former class of confidentiality attacks. However, the more predictable the system behaves, the easier timing inference based attacks become. Time-triggered scheduling is particularly vulnerable to these types of attacks due to offline constructed tables that are scheduled with clock synchronization and OS-timer predictability. In this paper, we obfuscate timetriggered scheduling to complicate timing inference based attacks while maintaining strong protection against exfiltration attacks. [less ▲]

Detailed reference viewed: 60 (5 UL)
Full Text
Peer Reviewed
See detailExploiting Transistor-Level Reconfiguration to Optimize Combinational Circuits on the Example of a Conditional Sum Adder
Raitza, Michael; Kumar, Akash; Volp, Marcus UL et al

Scientific Conference (2017, March)

Silicon nanowire reconfigurable field effect transistors (SiNW RFETs) abolish the physical separation of n-type and p-type transistors by taking up both roles in a configurable way within a doping-free ... [more ▼]

Silicon nanowire reconfigurable field effect transistors (SiNW RFETs) abolish the physical separation of n-type and p-type transistors by taking up both roles in a configurable way within a doping-free technology. However, the potential of transistor-level reconfigurability has not been demonstrated in larger circuits, so far. In this paper, we present first steps to a new compact and efficient design of combinational circuits by employing transistor-level reconfiguration. We contribute new basic gates realized with silicon nanowires, such as 2/3-XOR and MUX gates. Exemplifying our approach with 4-bit, 8-bit and 16-bit conditional carry adders, we were able to reduce the number of transistors to almost one half. With our current case study we show that SiNW technology can reduce the required chip area by 16 %, despite larger size of the individual transistor, and improve circuit speed by 26 %. [less ▲]

Detailed reference viewed: 240 (10 UL)
Full Text
Peer Reviewed
See detailPermanent Reencryption: How to Survive Generations of Cryptanalysts to Come
Volp, Marcus UL; Rocha, Francisco; Decouchant, Jérémie UL et al

in Twenty-fifth International Workshop on Security Protocols (2017)

Detailed reference viewed: 232 (25 UL)
Full Text
Peer Reviewed
See detailMeeting the Challenges of Critical and Extreme Dependability and Security
Verissimo, Paulo UL; Volp, Marcus UL; Decouchant, Jérémie UL et al

in Proceedings of the 22nd Pacific Rim International Symposium on Dependable Computing (2017)

The world is becoming an immense critical information infrastructure, with the fast and increasing entanglement of utilities, telecommunications, Internet, cloud, and the emerging IoT tissue. This may ... [more ▼]

The world is becoming an immense critical information infrastructure, with the fast and increasing entanglement of utilities, telecommunications, Internet, cloud, and the emerging IoT tissue. This may create enormous opportunities, but also brings about similarly extreme security and dependability risks. We predict an increase in very sophisticated targeted attacks, or advanced persistent threats (APT), and claim that this calls for expanding the frontier of security and dependability methods and techniques used in our current CII. Extreme threats require extreme defenses: we propose resilience as a unifying paradigm to endow systems with the capability of dynamically and automatically handling extreme adversary power, and sustaining perpetual and unattended operation. In this position paper, we present this vision and describe our methodology, as well as the assurance arguments we make for the ultra-resilient components and protocols they enable, illustrated with case studies in progress. [less ▲]

Detailed reference viewed: 90 (3 UL)
Full Text
Peer Reviewed
See detailFormally Verified Differential Dynamic Logic
Bohrer, Brandon; Rahli, Vincent UL; Vukotic, Ivana UL et al

in CPP 2017 (2017)

Detailed reference viewed: 297 (54 UL)
Full Text
Peer Reviewed
See detailAvoiding Leakage and Synchronization Attacks through Enclave-Side Preemption Control
Volp, Marcus UL; Lackorzynski, Adam; Decouchant, Jérémie UL et al

Scientific Conference (2016, December 12)

Intel SGX is the latest processor architecture promising secure code execution despite large, complex and hence potentially vulnerable legacy operating systems (OSs). However, two recent works identified ... [more ▼]

Intel SGX is the latest processor architecture promising secure code execution despite large, complex and hence potentially vulnerable legacy operating systems (OSs). However, two recent works identified vulnerabilities that allow an untrusted management OS to extract secret information from Intel SGX's enclaves, and to violate their integrity by exploiting concurrency bugs. In this work, we re-investigate delayed preemption (DP) in the context of Intel SGX. DP is a mechanism originally proposed for L4-family microkernels as disable-interrupt replacement. Recapitulating earlier results on language-based information-flow security, we illustrate the construction of leakage-free code for enclaves. However, as long as adversaries have fine-grained control over preemption timing, these solutions are impractical from a performance/complexity perspective. To overcome this, we resort to delayed preemption, and sketch a software implementation for hypervisors providing enclaves as well as a hardware extension for systems like SGX. Finally, we illustrate how static analyses for SGX may be extended to check confidentiality of preemption-delaying programs. [less ▲]

Detailed reference viewed: 303 (28 UL)