Behind the last line of defense: Surviving SoC faults and intrusions

Pinto, Gouveia, Inês; Völp, Marcus; Esteves-Veríssimo, Paulo

doi:10.1016/j.cose.2022.102920

Cited by 5 publications

(4 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Indeed, FIT protocols are commonly known to be computationally demanding due to (1) quadratic (O(n 2 )) number of exchange of messages between the replicas for reaching the consensus, and (2) the extensive use of cryptography. However, with the advent of powerful hardware-based components, that allowed the use of trusted-trustworthy abstractions (i.e., hybrids) [6], [7], cryptography computation is becoming more efficient, and the spatial complexity can be reduced to N = 2f + 1, eventually requiring fairly simpler message exchange between replicas [7], [20]. Consequently, FIT is being increasingly explored and studied in multi-core on chip embedded systems as we do here.…”

Section: Feasibility Discussionmentioning

confidence: 99%

“…To circumvent the intrusion detection inefficiency, a recent approach is to use intrusion masking [19], [20], inspired from state-machine-replication (SMR) [21] in Distributed Computing. To tolerate up to t malicious or anomalous replicas, intrusion masking requires running a number (n) of concurrent replicas of a process, thus forming a replicated state machine, running on multiple processing cores in this case.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

System on Chip Rejuvenation in the Wake of Persistent Attacks

Sheikh¹,

Shoker²,

Esteves-Veríssimo³

2023

Preprint

View full text Add to dashboard Cite

To cope with the ever increasing threats of dynamic and adaptive persistent attacks, Fault and Intrusion Tolerance (FIT) is being studied at the hardware level to increase critical systems resilience. Based on state-machine replication, FIT is known to be effective if replicas are compromised and fail independently. This requires different ways of diversification at the software and hardware levels. In this paper, we introduce the first hardware-based rejuvenation framework, we call Samsara, that allows for creating new computing cores (on which FIT replicas run) with diverse architectures. This is made possible by taking advantage of the programmable and reconfigurable features of MPSoC with an FPGA. A persistent attack that analyzes and exploits the vulnerability of a core will not be able to exploit it as rejuvenation to a different core architecture is made fast enough. We discuss the feasibility of this design, and we leave the empirical evaluations for future work.

show abstract

Section: Feasibility Discussionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

System on Chip Rejuvenation in the Wake of Persistent Attacks

Sheikh¹,

Shoker²,

Esteves-Veríssimo³

2023

Preprint

View full text Add to dashboard Cite

show abstract

“…We assume for a deployed system that the containers of critical components (such as control) will be hosted directly on top of a real-time operating system (RTOS) that is capable of offering the required isolation. Of course, the RTOS in such architectures forms a single point of failure, which must be addressed in future [e.g., as demonstrated in the Midir architecture (Gouveia et al, 2022)].…”

Section: Implementationmentioning

confidence: 99%

Toward resilient autonomous driving—An experience report on integrating resilience mechanisms into the Apollo autonomous driving software stack

Lucchetti

Graczyk

Völp

2023

Front. Comput. Sci.

Self Cite

View full text Add to dashboard Cite

Autonomous driver assistance systems (ADAS) have been progressively pushed to extremes. Today, increasingly sophisticated algorithms, such as deep neural networks, assume responsibility for critical driving functionality, including operating the vehicle at various levels of autonomy. Elaborate obstacle detection, classification, and prediction algorithms, mostly vision-based, trajectory planning, and smooth control algorithms, take over what humans learn until they are permitted to control vehicles and beyond. And even if humans remain in the loop (e.g., to intervene in case of error, as required by autonomy levels 3 and 4), it remains questionable whether distracted human drivers will react appropriately, given the high speed at which vehicles drive and the complex traffic situations they have to cope with. A further pitfall is trusting the whole autonomous driving stack not to fail due to accidental causes and to be robust against cyberattacks of increasing sophistication. In this experience report, we share our findings in retrofitting application-agnostic resilience mechanisms into an existing hardware-/software-stack for autonomous driving—Apollo—as well as where application knowledge helps improve existing resilience algorithms. Our goal is to ultimately decrease the vulnerability of autonomously driving vehicles to accidental faults and attacks, allowing them to absorb and tolerate both, as well as to come out of them at least as secure as before the attack has happened. We demonstrate replication and rejuvenation on the driving stack's Control module and indicate how this resilience can be extended both downwards to the hardware level, as well as upwards to the prediction and planning modules.

show abstract

“…Kozachok A.V. 7 , Spirin A.A. 8 , Erokhina N.S. 9 Purpose of the work is to develop of a method for input data generation for fuzzing testing of JavaScript engines and its evaluation.…”

mentioning

confidence: 99%

Method for Semantically Correct Code Generation for Fuzzing Testing Javascript Engines

2023

Cybersecurity Issues

View full text Add to dashboard Cite

Цель работы: разработка метода генерации входных данных для фаззинг-тестирования интерпретаторов JavaScript и его оценка.Метод исследования: изучение закономерностей генерации данных и процента покрытия кода с целью его повышения. Предложенный метод позволяет генерировать входные данные для выявления большего количества уязвимостей при последующем фаззинг-тестировании, за счет повышения процента покрытия кода.Результаты исследования: интерпретатор JavaScript является наиболее уязвимым блоком архитектуры веб-браузера, как следствие возникает необходимость постоянного наращивания объемов анализа/тестирования его исходного кода. Фаззинг-тестирование интерпретатора веб-браузера на основе сложноструктурированных входных данных, например, программного кода JavaScript, является актуальной задачей. В работе приведены уязвимости современных веб-браузеров, а также ключевые проблемы, возникающие при тестировании интерпретаторов JavaScript. Наиболее существенными проблемами являются: отсутствие общедоступных синтаксически и семантически корректных входных данных для фаззинг-тестирования, проблема преодоления внутренних механизмов фильтрации входных данных, выбор рационального алгоритма мутации данных, а также проблема повышения степени покрытия тестируемого кода. Авторами предложен метод генерации входных данных для фаззинг-тестирования интерпретаторов JavaScript, который позволяет повысить качество и скорость фаззинг-тестирования.Научная и практическая значимость результатов исследования заключаются в разработке нового метода генерации входных данных для фаззинг-тестирования интерпретаторов JavaScript веб-браузеров, на основе применения нейросетевых языковых моделей, повышающий покрытие исходного кода.

show abstract

Behind the last line of defense: Surviving SoC faults and intrusions

Cited by 5 publications

References 22 publications

System on Chip Rejuvenation in the Wake of Persistent Attacks

System on Chip Rejuvenation in the Wake of Persistent Attacks

Toward resilient autonomous driving—An experience report on integrating resilience mechanisms into the Apollo autonomous driving software stack

Method for Semantically Correct Code Generation for Fuzzing Testing Javascript Engines

Contact Info

Product

Resources

About