EMBEDDED SYSTEMS WEEK

Description

The science of systems security is concerned with security aspects of computing systems at both software and hardware layers. The ever-increasing complexity of computing systems, emerging technologies such as IoT and AI, and advancing attack capabilities pose a variety of (new) challenges on the design and implementation of security concepts, methods and mechanisms.
This talk provides an overview of our journey through the systems security research universe. It points out several aspects of advancing software security and hardware-assisted security in academia and industry. A particular focus of the talk is devoted to the current crucial security threat posed by software-exploitable hardware vulnerabilities that put our critical systems, and hence our society, at risk. Finally, we discuss our future vision and new research directions in systems security.

Description

Many biomedical systems use embedded controllers to control physical processes, and consequently form a class of Cyber-Physical Systems (CPSs). Examples range from pacemakers to automated insulin pumps. These systems must work safely at all times. In this tutorial, we will focus on a design methodology for such CPSs.

We rely on the well-known synchronous approach for modelling the biological processes i.e. the human organ in question at a suitable abstraction-level as well as the medical device. Using the synchronous approach helps in both modelling and verification as well as automated code generation. The synchronous approach provides well known benefits such as deterministic execution, which is an ideal fit for ensuring safety. This tutorial will introduce a systematic design approach starting with modelling of biomedical devices using the SCCharts synchronous language. Next, the Intel NIOS II platform will be introduced as a means of prototyping a given medical device. This prototype device can then be run in closed-loop with a real-time version of the associated human organ. We will use a cardiac pacemaker as a running example and will therefore briefly introduce modelling of the cardiac conduction system using compositional models. We will then demonstrate how the pacemaker can be tested, in closed-loop, with the adjoining model of the cardiac conduction system. Additionally, we will present an approach for the formal verification of this device, using the tool UPPAAL and associated properties to ensure its correct operation. We will also present how pacemakers can be secured in the face of adversarial attacks, before presenting key areas for future research.

Description

Field-Programmable Gate Arrays (FPGAs) are configurable hardware architectures that combine the performance of Application-Specific Integrated Circuits (ASICs) with the programmability of microprocessors. FPGAs are popular implementation platforms for cryptography and security applications. FPGAs are used as accelerators for cryptographic algorithms and network security solutions, and as patchable trusted computing platforms. This lecture will first introduce the technology and design flow of FPGAs. Next, the lecture will concentrate on the use of FPGAs as cryptographic accelerators, as network security solutions and as trusted computing platforms.

Description

Deep Learning (DL) has been increasingly deployed in various real-world applications due to its unprecedented performance and automated capability of learning hidden representations. While DL can achieve high task performance, the training process of a DL model is both time and resource-consuming. Therefore, current supply chains of the DL models assume the customers obtain pre-trained Deep Neural Networks (DNNs) from the third-party providers that have sufficient computing power. In the centralized setting, the model designer trains the DL model using the local dataset. However, the collected training data may contain erroneous or poisoned data points. The model designer might craft malicious training samples and inject backdoors in the DL model distributed to the users. As a result, the userأ•s model will malfunction. In the federated learning setting, the cloud server aggregates local models trained on individual local datasets and updates the global model. In this scenario, the local client could poison the local training set and/or arbitrarily manipulate the local update. If the cloud server incorporates the malicious local gradients in model aggregation, the resulting global model will have degraded performance or backdoor behaviors. In this class, we present a comprehensive overview of contemporary data poisoning and model poisoning attacks against DL models in both centralized and federated learning scenarios. In addition, we review existing detection and defense techniques against various poisoning attacks.

Description

An application might run in a cloud, e.g., an edge cloud with limited physical security. Or, the cloud provider might be in a different jurisdiction. We introduce the fundamental concepts of confidential computing and show how one can ensure the confidentiality, integrity, and consistency of applications أگ even if we cannot trust the external provider. We will also show how to convert a cloud-native application into a cloud-confidential application.

Description

The lecture would provide an overview on fault attacks on modern cryptosystems. We shall start with some classical fault based cryptanalysis of the Advanced Encryption Standard (AES), called Differential Fault Analysis (DFA). Later we discuss another class of fault attacks, called Differential. Fault Intensity Attacks (DFIA), and show how fault bias can be utilized to break redundancy based countermeasures based on classical fault tolerance. In the later part of the talk, we present an overview on some of the advanced fault attack techniques, namely Statistical Ineffective Fault Attacks (SIFA), and Fault Template Attacks (FTA). We also aim to discuss on suitable techniques to thwart these menacing classes of physical attacks. The tutorial would be accompanied with small demonstrations to elucidate the concepts presented.

Description

Fuzz testing is a popular technique for detecting security vulnerabilities in software systems. It proceeds by compile time instrumentation, along with a run-time biased random search to find crashing inputs. The biased random search may be guided by an objective function or by logical constraints leading to different testing setups. In this paper, we will share various mechanisms and viewpoints in adapting or adopting greybox fuzzing for embedded software. This is of increased importance due to increased movement of the attack surface towards the edge. Moreover, as the security vulnerabilities are found and published, the software systems suffer from increased exposure, which can be alleviated by automated program repair technologies. In a synergistic setting, the searches over program edits in program repair, and the search over program inputs can strengthen each other. The tutorial give the audience wide exposure on greybox fuzzing and whitebox fuzzing (also known as symbolic execution) technologies, as well as forward looking techniques for automated program repair, which are seeing increased adoption.

Description

The evolution from desktops over mobile devices to smart-X has brought near perfect visibility on the behavior and whereabouts of citizens, both in the digital and the real world. This comes with numerous features and simplifications of processes, and increasing utility for users and observed individuals. It does raise concerns about the potential for abuse, from unexpected identification to the disclosure of sensitive characteristics, health conditions, or personal peculiarities, despite constant claims of أ’anonymizationأ“ and أ’GDPR complianceأ“.

In this talk we will discuss reasons of the situation, and how claimed protection has proven ineffective under scrutiny.

Description

With the growth and globalization of IC design and development, there is an increase in the number of Designers/Design houses. As setting up a fabrication facility may easily cost upwards of $20 billion, costs for advanced nodes may be even greater. IC design houses that cannot produce their chips in-house have no other option but to make use of external foundries that are often in other countries. Establishing trust with these external foundries can be a challenge, and these foundries are assumed to be untrusted. The use of these untrusted foundries in the global semiconductor supply chain has raised concerns about the security of the fabricated ICs that are targeted for sensitive applications. One of these security threats is the adversarial infestation of fabricated ICs with a Hardware Trojan. A Hardware Trojan (HT) can be broadly described as a malicious modification to a circuit to control, modify, disable, or monitor its logic. Conventional VLSI manufacturing tests and verification methods fall short in detecting HT due to the different and un-modeled nature of these malicious modifications. Current state-of-the-art HT detection methods utilize statistical analysis of various side-channel information collected from ICs, such as power analysis, power supply transient analysis, regional supply current analysis, temperature analysis, wireless transmission power analysis, and delay analysis. To detect HTs, most methods require a trojan-free reference golden IC. A signature from these golden ICs is extracted and used to detect ICs with HTs. However, access to a golden IC is not always feasible. Thus, a novel mechanism for HT detection is sought that does not require the golden IC. Machine Learning (ML) approaches have emerged to be extremely useful to help eliminate the need for a golden IC. Recent works on utilizing ML for HT detection have been shown to be promising in achieving this goal. Thus, in this class, we will explain utilizing ML as a solution to the challenge of HT detection. Additionally, we will describe the Electronic Design Automation (EDA) tool flow for automating ML-assisted HT detection. Moreover, to further discuss the benefits of ML-assisted HT detection solutions, we will demonstrate a Neural Network (NN)-assisted timing profiling method for HT detection. Finally, we will discuss the shortcomings and open challenges of ML-assisted HT detection methods.

Description

Designers use third-party intellectual property (IP) cores and outsource various steps in the integrated circuit (IC) design and manufacturing flow. As a result, security vulnerabilities have been rising. This is forcing IC designers and end users to re-evaluate their trust in ICs. If attackers get hold of an unprotected IC, they can reverse engineer the IC and pirate the IP. Similarly, if attackers get hold of a design, they can insert malicious circuits and backdoors into the design. Unintended design bugs can also result in security weaknesses.
The first part of the class will outline High-Level Design for Trust techniques to prevent these and similar attacks: Locking/Obfuscation and Secure Sourcing of IPs for High-Level Integration. Locking/Obfuscation implements a built-in obfuscation mechanism in ICs to prevent reverse engineering. Secure sourcing can thwart Trojan insertion in 3rd party Intellectual Properties. The second part of the class will discuss hardware security bugs, focusing on the recent common weakness enumeration (CWE) list for hardware design. We will wrap up by pointing out why hardware security is an essential objective from economics, security, and safety aspects and offer a vision of the emerging directions in hardware cybersecurity.