Quantitative Metrics and Measurement Methodologies for System Security Assurance

Ahmed, Md Salman

11 January 2022

Proactive approaches for preventing attacks through security measurements are crucial for preventing sophisticated attacks. However, proactive measures must employ qualitative security metrics and systemic measurement methodologies to assess security guarantees, as some metrics (e.g., entropy) used for evaluating security guarantees may not capture the capabilities of advanced attackers. Also, many proactive measures (e.g., data pointer protection or data flow integrity) suffer performance bottlenecks. This dissertation identifies and represents attack vectors as metrics using the knowledge from advanced exploits and demonstrates the effectiveness of the metrics by quantifying attack surface and enabling ways to tune performance vs. security of existing defenses by identifying and prioritizing key attack vectors for protection. We measure attack surface by quantifying the impact of fine-grained Address Space Layout Randomization (ASLR) on code reuse attacks under the Just-In-Time Return-Oriented Programming (JITROP) threat model. We conduct a comprehensive measurement study with five fine-grained ASLR tools, 20 applications including six browsers, one browser engine, and 25 dynamic libraries. Experiments show that attackers only need several seconds (1.5-3.5) to find various code reuse gadgets such as the Turing Complete gadget set. Experiments also suggest that some code pointer leaks allow attackers to find gadgets more quickly than others. Besides, the instruction-level single-round randomization can restrict Turing Complete operations by preventing up to 90% of gadgets. This dissertation also identifies and prioritizes critical data pointers for protection to enable the capability to tune between performance vs. security. We apply seven rule-based heuristics to prioritize externally manipulatable sensitive data objects/pointers. Our evaluations using 33 ground truths vulnerable data objects/pointers show the successful detection of 32 ground truths with a 42% performance overhead reduction compared to AddressSanitizer. Our results also suggest that sensitive data objects are as low as 3%, and on average, 82% of data objects do not need protection for real-world applications. / Doctor of Philosophy / Proactive approaches for preventing attacks through security measurements are crucial to prevent advanced attacks because reactive measures can become challenging, especially when attackers enter sophisticated attack phases. A key challenge for the proactive measures is the identification of representative metrics and measurement methodologies to assess security guarantees, as some metrics used for evaluating security guarantees may not capture the capabilities of advanced attackers. Also, many proactive measures suffer performance bottlenecks. This dissertation identifies and represents attack elements as metrics using the knowledge from advanced exploits and demonstrates the effectiveness of the metrics by quantifying attack surface and enabling the capability to tune performance vs. security of existing defenses by identifying and prioritizing key attack elements. We measure the attack surface of various software applications by quantifying the available attack elements of code reuse attacks in the presence of fine-grained Address Space Layout Randomization (ASLR), a defense in modern operating systems. ASLR makes code reuse attacks difficult by making the attack components unavailable. We perform a comprehensive measurement study with five fine-grained ASLR tools, real-world applications, and libraries under an influential code reuse attack model. Experiments show that attackers only need several seconds (1.5-3.5) to find various code reuse elements. Results also show the influence of one attack element over another and one defense strategy over another strategy. This dissertation also applies seven rule-based heuristics to prioritize externally manipulatable sensitive data objects/pointers – a type of attack element – to enable the capability to tune between performance vs. security. Our evaluations using 33 ground truths vulnerable data objects/pointers show the successful identification of 32 ground truths with a 42% performance overhead reduction compared to AddressSanitizer, a memory error detector. Our results also suggest that sensitive data objects are as low as 3% of all objects, and on average, 82% of objects do not need protection for real-world applications.

Security Measurement

Attack Surface Quantification

Metrics

Methodologies

Attack Vectors

Data Pointers

Taint Analysis

LLVM

ROP

JITROP

Data-Oriented Attacks

Gadgets

ASLR

Pointer Authentication

Memory Tagging

Practical Exploit Mitigation Design Against Code Re-Use and System Call Abuse Attacks

Jelesnianski, Christopher Stanislaw

09 January 2023

Over the years, many defense techniques have been proposed by the security community. Even so, few have been adopted by the general public and deployed in production. This limited defense deployment and weak security has serious consequences, as large scale cyber-attacks are now a common occurrence in society. One major obstacle that stands in the way is practicality, the quality of being designed for actual use or having usefulness or convenience. For example, an exploit mitigation design may be considered not practical to deploy if it imposes high performance overhead, despite offering excellent and robust security guarantees. This is because achieving hallmarks of practical design, such as minimizing adverse side-effects like performance degradation or memory monopolization, is difficult in practice, especially when trying to provide a high level of security for users. Secure and practical exploit mitigation design must successfully navigate several challenges. To illustrate, modern-day attacks, especially code re-use attacks, understand that rudimentary defenses such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) will be deployed moving forward. These attacks have therefore evolved and diversified their angles of attack to become capable of leveraging a multitude of different code components. Accordingly, the security community has uncovered these threats and maintained progress in providing possible resolutions with new exploit mitigation designs. More specifically though, defenses have had to correspondingly extend their capabilities to protect more aspects of code, leading to defense techniques becoming increasingly complex. Trouble then arises as supporting such fine-grained defenses brings inherent disadvantages such as significant hardware resource utilization that could be otherwise used for useful work. This complexity has made performance, security, and scalability all competing ideals in practical system design. At the same time, other recent efforts have implemented mechanisms with negligible performance impact, but do so at the risk of weaker security guarantees. This dissertation first formalizes the challenges in modern exploit mitigation design. To illustrate these challenges, this dissertation presents a survey from the perspective of both attacker and defender to provide an overview of this current security landscape. This includes defining an informal taxonomy of exploit mitigation strategies, explaining prominent attack vectors that are faced by security experts today, and identifying and defining code components that are generally abused by code re-use. This dissertation then presents two practical design solutions. Both defense system designs uphold goals of achieving realistic performance, providing strong security guarantees, being robust for modern application code-bases, and being able to scale across the system at large. The first practical exploit mitigation design this dissertation presents is MARDU. MARDU is a novel re-randomization approach that utilizes on-demand randomization and the concept of code trampolines to support sharing of code transparently system-wide. To the best of my knowledge, MARDU is the first presented re-randomization technique capable of runtime code sharing for re-randomized code system-wide. Moreover, MARDU is one of the very few re-randomization mechanisms capable of performing seamless live thread migration to newly randomized code without pausing application execution. This dissertation describes the full design, implementation, and evaluation of MARDU to demonstrate its merits and show that careful design can uphold all practical design goals. For instance, scalability is a major challenge for randomization strategies, especially because traditional OS design expects code to be placed in known locations so that it can be reached by multiple processes, while randomization is purposefully trying to achieve the opposite, being completely unpredictable. This clash in expectations between system and defense design breaks a few very important assumptions for an application's runtime environment. This forces most randomization mechanisms to abandon the hope of upholding memory deduplication. MARDU resolves this challenge by applying trampolines to securely reach functions protected under secure memory. Even with this new calling convention in place, MARDU shows re-randomization degradation can be significantly reduced without sacrificing randomization entropy. Moreover, MARDU shows it is capable of defeating prominent code re-use variants with this practical design. This dissertation then presents its second practical exploit mitigation solution, BASTION. BASTION is a fine-grained system call filtering mechanism aimed at significantly strengthening the security surrounding system calls. Like MARDU, BASTION upholds the principles of this dissertation and was implemented with practicality in mind. BASTION's design is based on empirical observation of what a legitimate system call invocation consists of. BASTION introduces System Call Integrity to enforce the correct and intended use of system calls within a program. In order to enforce this novel security policy, BASTION proposes three new specialized contexts for the effective enforcement of legitimate system call usage. Namely, these contexts enforce that: system calls are only invoked with the correct calling convention, system calls are reached through legitimate control-flow paths, and all system call arguments are free from attacker corruption. By enforcing System Call Integrity with the previously mentioned contexts, this dissertation adds further evidence that context-sensitive defense strategies are superior to context-insensitive ones. BASTION is able to prevent over 32 real-world and synthesized exploits in its security evaluation and incurs negligible performance overhead (0.60%-2.01%). BASTION demonstrates that narrow and specialized exploit mitigation designs can be effective in more than one front, to the point that BASTION not only revents code re-use, but is capable of defending against any attack class that requires the utilization of system calls. / Doctor of Philosophy / Limited security defense deployment and weak security has serious consequences, as large scale cyber-attacks are now a common occurrence. This may be surprising since many defense techniques have been proposed; yet in reality, few have become dopted by the general public. To elaborate, designing an ideal defense that is strong security-wise but does not use any computer resources is challenging. In practice, there is no free lunch, and therefore a design must consider how to best balance security with performance in an effort to be practical for users to deploy their defense. Common tradeoffs include adverse side-effects such as slowing down user applications or imposing significant memory usage. Therefore, practical and strong defense design is important to promote integration into the next generation of computer hardware and software. By sustaining practical design, the needed jump between a proof-of-concept and implementing it on commodity computer chips is substantially smaller. A practical defense should foremost guarantee strong levels of security and should not slow down a user's applications. Ideally, a practical defense is implemented to the point it seems invisible to the user and they don't even notice it. However, balancing practicality with strong security is hard to achieve in practice. This dissertation first reviews the current security landscape - specifically two important attack strategies are examined. First, code re-use attacks, are exactly what they sound like; code re-use essentially reuse various bits and pieces of program code to create an attack. Second, system call abuse. System calls are essential functions that ordinarily allow a user program to talk with a computer's operating system; they enable operations such as a program asking for more memory or reading and writing files. When system calls are maliciously abused, they can cause a computer to use up all its free memory or even launch an attacker-written program. This dissertation goes over how these attacks work and correspondingly explains popular defense strategies that have been proposed by the security community so far. This dissertation then presents two defense system solutions that demonstrate how a practical defense system could be made. To that end, the full design, implementation, and evaluation of each defense system, named MARDU and BASTION, is presented. This dissertation leverages attack insights as well as compiler techniques to achieve its goal. A compiler is an essential developer tool that converts human written code into a computer program. Moreover, compilers can be used to apply additional optimizations and security hardening techniques to make a program more secure. This dissertation's first defense solution, MARDU, is a runtime randomization defense. MARDU protects programs by randomizing the location of code chunks throughout execution so that attackers cannot find the code pieces they need to create an attack. Notably, MARDU is the first randomization defense that is able to be seamlessly deployed system-wide and is backwards compatible with programs not outfitted with MARDU. This dissertation's second defense solution, BASTION, is a defense system that strictly focuses on protection of system calls in a program. As mentioned earlier, system calls are security critical functions that allow a program to talk a computer operating system. BASTION protects the entire computer by ensuring that every time a system call is called by a user program, it was rightfully requested by the program and not maliciously by an attacker. BASTION verifies this request is legitimate by confirming that the current program state meets a certain set of criteria.

Exploit Mitigation

Practical Design

System Software

Randomization

Runtime Defense

Return-Oriented Programming

Code Re-use Attacks

System Calls

System Call Specialization

A Robust Dynamic State and Parameter Estimation Framework for Smart Grid Monitoring and Control

Zhao, Junbo

30 May 2018

The enhancement of the reliability, security, and resiliency of electric power systems depends on the availability of fast, accurate, and robust dynamic state estimators. These estimators should be robust to gross errors on the measurements and the model parameter values while providing good state estimates even in the presence of large dynamical system model uncertainties and non-Gaussian thick-tailed process and observation noises. It turns out that the current Kalman filter-based dynamic state estimators given in the literature suffer from several important shortcomings, precluding them from being adopted by power utilities for practical applications. To be specific, they cannot handle (i) dynamic model uncertainty and parameter errors; (ii) non-Gaussian process and observation noise of the system nonlinear dynamic models; (iii) three types of outliers; and (iv) all types of cyber attacks. The three types of outliers, including observation, innovation, and structural outliers are caused by either an unreliable dynamical model or real-time synchrophasor measurements with data quality issues, which are commonly seen in the power system. To address these challenges, we have pioneered a general theoretical framework that advances both robust statistics and robust control theory for robust dynamic state and parameter estimation of a cyber-physical system. Specifically, the generalized maximum-likelihood-type (GM)-estimator, the unscented Kalman filter (UKF), and the H-infinity filter are integrated into a unified framework to yield various centralized and decentralized robust dynamic state estimators. These new estimators include the GM-iterated extended Kalman filter (GM-IEKF), the GM-UKF, the H-infinity UKF and the robust H-infinity UKF. The GM-IEKF is able to handle observation and innovation outliers but its statistical efficiency is low in the presence of non-Gaussian system process and measurement noise. The GM-UKF addresses this issue and achieves a high statistical efficiency under a broad range of non-Gaussian process and observation noise while maintaining the robustness to observation and innovation outliers. A reformulation of the GM-UKF with multiple hypothesis testing further enables it to handle structural outliers. However, the GM-UKF may yield biased state estimates in presence of large system uncertainties. To this end, the H-infinity UKF that relies on robust control theory is proposed. It is shown that H-infinity is able to bound the system uncertainties but lacks of robustness to outliers and non-Gaussian noise. Finally, the robust H-infinity filter framework is proposed that leverages the H-infinity criterion to bound system uncertainties while relying on the robustness of GM-estimator to filter out non-Gaussian noise and suppress outliers. Furthermore, these new robust estimators are applied for system bus frequency monitoring and control and synchronous generator model parameter calibration. Case studies of several different IEEE standard systems show the efficiency and robustness of the proposed estimators. / Ph. D.

Kalman filter

Robust statistics

Power system state estimation

Dynamic state estimation

Unscented transformation

Robust control theory

Estimation theory

Power system dynamics and control

Outliers

Cyber attacks

Phasor measurement units

A Comparative Pentadic Analysis of Mediated Presidential Discourse During 9/11 and Hurricane Katrina

Aljabri, Nadia Michele

12 June 2007

In his first term as president, George W. Bush was confronted with one of the worst national attacks in United States history: the September 11 terrorist attacks of 2001. Through the devastation, however, President Bush triumphed in unifying and guiding this nation during what would become the height of his rhetorical leadership. Following his reelection in 2004, President Bush faced one of the worst natural disasters in the nation's history: Category 4 Hurricane Katrina. In its aftermath, Katrina became known as "one of the worst mishandled disasters ever." Utilizing Kenneth Burke's pentad, this study analyzes the president's rhetorical response and the primetime network news coverage following each crisis in an attempt to determine how President Bush could fare so well in one instance, consoling and leading the American people, while falling short in his second major crisis during his term as president. / Master of Arts

Kenneth Burke

presidential crisis rhetoric

Pentad

President George W. Bush

September 11 terrorist attacks

Hurricane Katrina

television news media

broadcast news media

primetime network news

rhetorical presidency

Co-processor based monitoring to detect control flow attacks / Övervakning baserad på koprocessor för att upptäcka kontrollflödesattacker

Kaddami, Oussama

January 2024

Memory corruption attacks pose a significant threat to the security of embedded devices with limited resources that lack basic protection mechanisms. Control Flow Integrity (CFI) is a promising technique to mitigate these attacks by ensuring that the program’s control flow adheres to a predetermined set of rules. In this project, we propose a CFI solution tailored for embedded devices based on combining a type-based approach for indirect branches with a shadow stack approach to protect return addresses. Our solution targets the ARM Cortex-M33 architecture and is evaluated on various applications that are adequate for low-end devices, including embedded cryptographic primitives and a real-time operating system. Our solution provides a high level of security, allowing for a 99.99% reduction in attacks using the average reduction metric (AIR). However, we acknowledge that the performance overhead may be a concern for some use cases. The evaluation of our Control Flow Integrity (CFI) implementation shows that it incurs a performance overhead ranging between 7% and 81%, with a relatively small size overhead of around 3%. Therefore, we propose that the use of adequate architectural models could help reduce the performance overhead while still maintaining good security guarantees. Our study highlights the trade-off between security and performance in CFI implementations and provides insights into potential areas for improvement. / Minneskorruptionsattacker utgör ett betydande hot mot säkerheten för inbyggda enheter med begränsade resurser som saknar grundläggande skyddsmekanismer. Kontrollflödesintegritet (CFI) är en lovande teknik för att mildra dessa attacker genom att säkerställa att programkontrollen följer en förutbestämd uppsättning regler. I detta projekt föreslår vi en CFI-lösning anpassad för inbyggda enheter som bygger på en kombination av en typbaserad metod för indirekta grenar med en skuggstackmetod för att skydda returadresser. Vår lösning riktar sig mot ARM Cortex-M33-arkitekturen och utvärderas på olika applikationer som är lämpliga för lågpresterande enheter, inklusive inbyggda kryptografiska grundläggande funktioner och ett realtidsoperativsystem. Vår lösning erbjuder en hög säkerhetsnivå och möjliggör en minskning av attacker med 99,99% enligt genomsnittsmätningsmetoden (AIR). Vi erkänner dock att prestandaöverhuvud kan vara en oro i vissa användningsfall. Utvärderingen av vår CFI-implementering visar att den medför en prestandaöverhuvud som varierar mellan 7% och 81%, med en relativt liten storleksöverhuvud på cirka 3%. Därför föreslår vi att användningen av lämpliga arkitekturmodeller kan bidra till att minska prestandaöverhuvudet samtidigt som goda säkerhetsgarantier bibehålls. Vår studie belyser avvägningen mellan säkerhet och prestanda i CFI-implementeringar och ger insikter om potentiella områden för förbättring.

Embedded security

Remote software attacks

Control flow integrity (CFI)

Instrumentation

Inbäddade system säkerhet

Fjärrprogramvaruattacker

Computer and Information Sciences

Data- och informationsvetenskap

Säkerhetsförutsättningar vid attentat mot fysiska evenemang i offentliga miljöer : - En litteraturstudie

Holmberg, Emelie

January 2024

Den ökade hotbilden har gjort att nya frågor har väckts till liv i samhället. Efter en sammanställning gjord av MSB och Polisen är nöjesliv och offentliga miljöer särskilt utsatta gällande dödlighet i attentat. Nöjesliv och offentliga miljöer kan kopplas till olika typer av evenemang. Vid attentat har arrangör, kommun, polis, räddningstjänst och sjukvård olika funktioner men tillsammans kan de utgöra en säkerhetsorganisation inför upprättandet av ett evenemang. Tillsammans i säkerhetsorganisationen kan alla aktörer bidra med sakkunskaper inom respektive ämnesområde.  Syftet med litteraturstudien har varit att undersöka människans beteendeskiljaktigheter mellan händelse av brand respektive attentat. Utöver beteende har också andra förutsättningar för att sätta sig i säkerhet undersökts. Avsikten med studien var att öka kunskapen och förståelsen av evenemangssäkerhet vid antagonistiska hot och terrorism i form av attentat i större folksamlingar.  Evenemangssäkerhet innefattar samarbetspartner som polis, räddningstjänst, ambulans, evenemangsansvarig och övriga aktörer. Följande frågeställningar har ställt i studien:   Vilka svårigheter möter man vid antagonistiska hot och större folksamlingar på evenemang? Hur skiljer sig beteendemönstret vid antagonistiska hot respektive brand? Kan beteendet påverka förmågan att söka sig till säkerhet? Finns det några brister vid planering av evenemang som påverkar säkerhetsförutsättningar som exempelvis inrymning, utrymning eller utestängning? Finns det tydliga åtgärder för att stärka säkerheten mot attentat på ett utomhusevenemang?  Studien behandlar enbart evenemang utomhus och jämför mot inomhusförutsättningar när regelverk saknas för utomhusförutsättningar. Studien har avgränsats till evenemang med höga personantal eller persontätheter i offentliga miljöer som gator, torg och andra ytor där evenemang genomförs. Utöver de nämnda avgränsningarna har studien kompletterats med observationer från händelser genom historien via video och ljudmaterial.  Den teoretiska referensramen för säkerhet innefattar bakgrund för både brand och attentat men även förutsättningar som påverkar utrymning, inrymning och utestängning. Användningsområdet för säkerhets-strategierna utrymning, inrymning och utestängning förklaras och förtydligas. Sammanfattningsvis finns det flera faktorer som påverkar förutsättningarna att sätta sig själv i säkerhet. Där är persontäthet, utrymningsvägar, hastigheter, kommunikation och beteende, faktorer som alla är avgörande i både inomhus- och utomhusförutsättningar.  Evenemangets säkerhetsarbete upprättas i samband med evenemangets olika faser. I upprättandet av evenemanget undersöker man bland annat på förutsättningar i utformning av platsen, skalskydd, beredskap och vilket förbyggande arbete som ska genomföras. Samtidigt undersöks utrymningsmöjligheter av ett område samt vilken samverkan som ska sättas i bruk. Samverkan kan bestå av säkerhet-, kris eller stabsorganisationen och tillämpas utifrån situationen. Utifrån förbestämda insatsplaner delas evenemangsområdet upp i olika zoner för att underlätta en insats.   Utifrån den bristande existensen av regler och reglering gällande evenemangsutformning samt upprättning så finns det flertal bristande i säkerhet på evenemang. Som arrangör finns det bra guider utgivna av MSB men idag är det brist på allmänna råd och lagstadgade utformningar av publik- och utrymningskapacitet.   Skyddade platser, offentliga miljöer, publikkommunikation, prövning av säkerhetspersonal och problematiken med panik är alla faktorer som är intressanta ur ett säkerhetsperspektiv. Utöver dessa faktorer så utreder studien paralleller mellan inomhus- och utomhusförutsättningar ur ett utrymningsperspektiv.  För att kunna erbjuda ett effektivt skydd på offentliga miljöer och evenemangsplatser krävs ett gott organisatoriskt och systematiskt arbete. Arbetet inkluderar allt från handlings-/åtgärdsplaner till utbildning. Övervakningskameror, farthinder och genomsökning av området är några exempel på fysiska skyddsåtgärder och hur en arrangör kan bygga skydd på djupet. / The increased threat level has raised new questions in society. According to a compilation made by MSB and the Police, public environment and entertainment are particularly vulnerable in term of mortality in attacks. Event and public environment can be linked to different types of events. In the event of an attack, the event organizer or manager, municipality, rescue service, police and ambulance have different functions. Together, they can form a security organization prior to the establishment of an event a thus contribute with expertise in their subject area. The purpose of the literature study has been to investigate the difference in human behavior between fire and attack events. In addition to behavior, other prerequisites for safety have been investigated. The purpose of the study was to increase the knowledge and understanding of event security in the event of antagonistic threats in the form of attacks in large crowds. Event security also includes partners such as the police, emergency services, ambulance, event manager and other stakeholders. The following questions have been posed in the study: What difficulties are encountered in the event of a attack and large crowd at events? How do behavioral pattern differ in the case of antagonistic threats versus fire that require safety measures. Can behavior affect the ability to seek safety? Are there any shortcomings in the planning of event that effect security conditions such as containment, evacuation, or exclusion? Are there clear measures to strengthen security against attacks at an outdoor event? The study only deals with outdoor events and compares only with indoor conditions as there are no regulations for outdoor. The study has been limited to events with high numbers or densities of people in public environments such as streets, squares, and other areas where events are held. In addition to the aforementioned limitations, the study has been supplemented with observation from events throughout history. The theoretical framework for security includes the background of  fire, attacks and conditions that affect evacuation, containment, and exclusion. The security strategies of evacuation, containment and exclusion are explained and clarified. In summary, there are several factors that affect the conditions for making oneself safe. There, crowd density, escape routes, speed, communications, and behavior are all factors that are crucial in both indoor and outdoor conditions. Event security work prepared in connections with the various phases of event. The preparation of the event includes checking the conditions for the design of the site, shell protection, preparedness, and the preventive work to be carried out. In the event of an accident, the possibilities for evacuation an area are examined, as well as the cooperation to be implemented by the security, crisis or staff organization based on the situation. Based on predetermined response plans, the event area is divided into different zones to facilitate the response. Due to the lack of rules and regulations regarding event design and set-up, there are several shortcomings in event security. As an organizer, there are good guides published by MSB, but today there is a lack of general advice and statutory designs of audience and evacuation capacity.   Sheltered places, public environments, public communication, crowd communications, security staff training and the problem of panic are topics discussed. Parallels between indoor and outdoor conditions are compared from an evacuation perspective.   Providing effective protection in public spaces and event venues require good organizational and systematic work. This work includes everything from action plans to training. Surveillance cameras, speed bumps and area searches are some examples how an organizer can achieve in-depth protection.

Terrorism

Antagonistic threats

Attacks

Crowd

Event and security

Outdoor public spaces

Terrorism

Antagonistiska hot

Attentat

Folksamlingar

Evenemang och säkerhet

Offentliga miljöer utomhus

Construction Management

Byggproduktion

Safeguarding the functionality of Internet Of Medical Things-based Electronic Devices through a Security Algorithm

Shaban, Ryustem, Husein, Ahmad

January 2024

As the IoMT rapidly expands, severe security risks shadow its profound benefits inpatient monitoring and data management. These devices, integral to critical care like pace-maker shocks and insulin dosing, often sacrifice robust security for functionality due totheir limited capabilities. This critical vulnerability exposes them to exploits that couldhave fatal consequences. This thesis addresses these urgent security gaps by exploring in-novative protection strategies through systematic reviews and simulated penetration testingon a mimicked IoMT environment. Our findings expose pronounced deficiencies withinexisting security frameworks, focusing on Bluetooth LE and Wi-Fi threats, especially theinadequate mechanisms to secure Bluetooth LE connections, commonly used in IoMTdevices and DOS attacks targeted directly to the IoMT devices. In response, two novelsecurity algorithms were designed to enhance the resilience of IoMT systems against cy-ber threats. This algorithm integrates dynamic whitelisting and blacklisting, MAC addressverification, UDID verification, and NFC-based device authentication to curtail unautho-rized access and uphold data integrity. The adopted strategy not only addresses specificsecurity loopholes identified during penetration testing but also establishes a frameworkcapable of adapting to evolving threats. Through this research, we aim to contribute to theongoing discourse on IoMT security, underscoring the critical need for continuous adapta-tion of security measures to protect against emerging vulnerabilities in the rapidly evolvinglandscape of IoT devices. This work aspires to lay the groundwork for future research anddevelopment in IoMT security strategies, fostering a deeper understanding and implemen-tation of adequate security measures within medical technology.

Internet of Things

Internet of Medical Things

IoMT

Security framework

Network layer attacks

Penetration testing

Vulnerability

Algorithms

Threat vectors

Simulation

mimicking

Computer Sciences

Datavetenskap (datalogi)

TOWARDS SECURE AND ROBUST 3D PERCEPTION IN THE REAL WORLD: AN ADVERSARIAL APPROACH

Zhiyuan Cheng (19104104)

11 July 2024

<p dir="ltr">The advent of advanced machine learning and computer vision techniques has led to the feasibility of 3D perception in the real world, which includes but not limited to tasks of monocular depth estimation (MDE), 3D object detection, semantic scene completion, optical flow estimation (OFE), etc. Due to the 3D nature of our physical world, these techniques have enabled various real-world applications like Autonomous Driving (AD), unmanned aerial vehicle (UAV), virtual/augmented reality (VR/AR) and video composition, revolutionizing the field of transportation and entertainment. However, it is well-documented that Deep Neural Network (DNN) models can be susceptible to adversarial attacks. These attacks, characterized by minimal perturbations, can precipitate substantial malfunctions. Considering that 3D perception techniques are crucial for security-sensitive applications, such as autonomous driving systems (ADS), in the real world, adversarial attacks on these systems represent significant threats. As a result, my goal of research is to build secure and robust real-world 3D perception systems. Through the examination of vulnerabilities in 3D perception techniques under such attacks, my dissertation aims to expose and mitigate these weaknesses. Specifically, I propose stealthy physical-world attacks against MDE, a fundamental component in ADS and AR/VR that facilitates the projection from 2D to 3D. I have advanced the stealth of the patch attack by minimizing the patch size and disguising the adversarial pattern, striking an optimal balance between stealth and efficacy. Moreover, I develop single-modal attacks against camera-LiDAR fusion models for 3D object detection, utilizing adversarial patches. This method underscores that mere fusion of sensors does not assure robustness against adversarial attacks. Additionally, I study black-box attacks against MDE and OFE models, which are more practical and impactful as no model details are required and the models can be compromised through only queries. In parallel, I devise a self-supervised adversarial training method to harden MDE models without the necessity of ground-truth depth labels. This enhanced model is capable of withstanding a range of adversarial attacks, including those in the physical world. Through these innovative designs for both attack and defense, this research contributes to the development of more secure and robust 3D perception systems, particularly in the context of the real world applications.</p>

Software and application security

Adversarial machine learning

Adversarial Image Perturbation

3D Perception

Adversarial Training

Adversarial Attacks

AI Security

A Study of Mitigation Methods for Speculative Cache Side Channel Attacks

Mosquera Ferrandiz, Fernando

05 1900

Side channels give attackers the opportunity to reveal private information without accessing it directly. In this study, several novel approaches are presented to mitigate cache side channel attacks including Spectre attack and its variants, resulting in several contributions. CHASM shows the information leakage in several new cache mapping schemes, where different cache address mappings may provide higher or lower protection against cache side channel attacks. GuardCache creates a noisy cache side-channel, making it more difficult for the attacker to determine if an access is a hit or miss (which is the basis for most side channel attacks). SecurityCloak is a framework that encompasses GuardCache with SafeLoadOnMiss whereby cache load misses during speculative execution are delayed until the speculation is resolved, thus preventing attacks that rely on accessing data in during (mis) speculated executions. To search for a compromise between security and performance, it is recommended not always to use protections such as SecurityCloak protections, but also to activate the protection only while executing critical sections of code or on-demand when an attack is detected (or suspected). Our experimental results show a high degree of obfuscation (and prevention of side channels) with a minimal impact on the performance.

Computer Science

Terrorbekämpning i offentliga rum : ur ett designperspektiv / Counter-terrorism in public spaces : from a design perspective

Azad, Dennis, Lidman Syréhn, Evelina

January 2024

Terror attacks have become an increasingly discussed and addressed threat in recent years due to an increased threat level around the world and in Sweden. Public areas are today seen as vulnerable for potential attacks due to its openness and accessibility to the public. Additionally, the study also highlights how design can be used as a tool to prevent and design out terrorism, with a focus on vehicle attacks. An important point of the study is also that barriers can lead to isolation and militarization of the urban spaces through a critical perspective. It is crucial for urban planners and authorities to consider the usage of design measures in the urban spaces, due to the current international situation. However, it is also important to consider what design measures retain the open space, and what measures can lead to an isolation of the urban space. The study aims to highlight both positive and negative perspectives that can arise when measures to protect the urban space and its people are installed into the urban spaces. The main focus of the study is on three different case studies from three different streets in three cities, to create a broader picture and understanding of how design measures have been installed in those cities.

design

urban spaces

terror attacks

barriers

vulnerability

militarization

design

offentliga rum

terrorattacker

barriärer

sårbarhet

militarisering

Övrig annan samhällsvetenskap