A Secure and Formally Verified Commodity Multiprocessor Hypervisor

Li, Shih-Wei

January 2021

Commodity hypervisors are widely deployed to support virtual machines on multiprocessor server hardware. Modern hypervisors are complex and often integrated with an operating system kernel, posing a significant security risk as writing large, multiprocessor systems software is error-prone. Attackers that successfully exploit hypervisor vulnerabilities may gain unfettered access to virtual machine data and compromise the confidentiality and integrity of virtual machine data. Theoretically, formal verification offers a solution to this problem, by proving that the hypervisor implementation contains no vulnerabilities and protects virtual machine data under all circumstances. However, it remains unknown how one might feasibly verify the entire codebase of a complex, multiprocessor commodity system. My thesis is that modest changes to a commodity system can reduce the required proof effort such that it becomes possible to verify the security properties of the entire system. This dissertation introduces microverification, a new approach for formally verifying the security properties of commodity systems. Microverification reduces the proof effort for a commodity system by retrofitting the system into a small core and a set of untrusted services, thus making it possible to reason about properties of the entire system by verifying the core alone. To verify the multiprocessor hypervisor core, we introduce security-preserving layers to modularize the proof without hiding information leakage so we can prove each layer of the implementation refines its specification, and the top layer specification is refined by all layers of the core implementation. To verify commodity hypervisor features that require dynamically changing information flow, we incorporate data oracles to mask intentional information flow. We can then prove noninterference at the top layer specification and guarantee the resulting security properties hold for the entire hypervisor implementation. Using microverification, we retrofitted the Linux KVM hypervisor with only modest modifications to its codebase. Using Coq, we proved that the hypervisor protects the confidentiality and integrity of VM data, including correctly managing tagged TLBs, shared multi-level page tables, and caches. Our work is the first machine-checked security proof for a commodity multiprocessor hypervisor. Experimental results with real application workloads demonstrate that verified KVM retains KVM’s functionality and performance.

Computer science

Multiprocessors--Programming

Computer security

Virtual computer systems

Linux

Secure and Trusted Execution Framework for Virtualized Workloads

Kotikela, Srujan D

08 1900

In this dissertation, we have analyzed various security and trustworthy solutions for modern computing systems and proposed a framework that will provide holistic security and trust for the entire lifecycle of a virtualized workload. The framework consists of 3 novel techniques and a set of guidelines. These 3 techniques provide necessary elements for secure and trusted execution environment while the guidelines ensure that the virtualized workload remains in a secure and trusted state throughout its lifecycle. We have successfully implemented and demonstrated that the framework provides security and trust guarantees at the time of launch, any time during the execution, and during an update of the virtualized workload. Given the proliferation of virtualization from cloud servers to embedded systems, techniques presented in this dissertation can be implemented on most computing systems.

virtualization

security

trusted

computing

ontology

vulnerabilities

Computer Science

Computer security.

Privacy-Preserving Facial Recognition Using Biometric-Capsules

Tyler Stephen Phillips (8782193)

04 May 2020

<div>In recent years, developers have used the proliferation of biometric sensors in smart devices, along with recent advances in deep learning, to implement an array of biometrics-based recognition systems. Though these systems demonstrate remarkable performance and have seen wide acceptance, they present unique and pressing security and privacy concerns. One proposed method which addresses these concerns is the elegant, fusion-based Biometric-Capsule (BC) scheme. The BC scheme is provably secure, privacy-preserving, cancellable and interoperable in its secure feature fusion design. </div><div><br></div><div>In this work, we demonstrate that the BC scheme is uniquely fit to secure state-of-the-art facial verification, authentication and identification systems. We compare the performance of unsecured, underlying biometrics systems to the performance of the BC-embedded systems in order to directly demonstrate the minimal effects of the privacy-preserving BC scheme on underlying system performance. Notably, we demonstrate that, when seamlessly embedded into a state-of-the-art FaceNet and ArcFace verification systems which achieve accuracies of 97.18% and 99.75% on the benchmark LFW dataset, the BC-embedded systems are able to achieve accuracies of 95.13% and 99.13% respectively. Furthermore, we also demonstrate that the BC scheme outperforms or performs as well as several other proposed secure biometric methods.</div>

Applied Computer Science

Biometrics

Privacy

Deep Learning

Computer Security

NETWORK FEATURE ENGINEERING AND DATA SCIENCE ANALYTICS FOR CYBER THREAT INTELLIGENCE

Unknown Date

While it is evident that network services continue to play an ever-increasing role in our daily lives, it is less evident that our information infrastructure requires a concerted, well-conceived, and fastidiously executed strategy to remain viable. Government agencies, Non-Governmental Organizations (\NGOs"), and private organizations are all targets for malicious online activity. Security has deservedly become a serious focus for organizations that seek to assume a more proactive posture; in order to deal with the many facets of securing their infrastructure. At the same time, the discipline of data science has rapidly grown into a prominent role, as once purely theoretical machine learning algorithms have become practical for implementation. This is especially noteworthy, as principles that now fall neatly into the field of data science has been contemplated for quite some time, and as much as over two hundred years ago. Visionaries like Thomas Bayes [18], Andrey Andreyevich Markov [65], Frank Rosenblatt [88], and so many others made incredible contributions to the field long before the impact of Moore's law [92] would make such theoretical work commonplace for practical use; giving rise to what has come to be known as "Data Science". / Includes bibliography. / Dissertation (Ph.D.)--Florida Atlantic University, 2020. / FAU Electronic Theses and Dissertations Collection

Cyber security

Computer security

Information infrastructure

Predictive analytics

Multi-Functional Interfaces for Accelerators

Piccolboni, Luca

January 2022

Heterogeneous System-on-Chip (SoC) architectures combine general-purpose processors with many accelerators, which are application-specific computing engines. By having their hardware optimized to perform specific tasks, accelerators deliver massive speedups and energy savings compared to corresponding software executions on a processor. Heterogeneity and hardware specialization complicate accelerator design and integration, reducing regularity and reusability across platforms. The many system-level architectural aspects to consider make it hard to explore the design space and arrive to optimal solutions. Furthermore, integrating accelerators affects the programmability of the applications and the security of the entire SoC. In this dissertation, I present design methodologies and architectural contributions that use multi-functional interfaces to simplify many of the tasks that designers perform when designing and integrating accelerators in heterogeneous SoCs. The accelerator interfaces exploit latency-insensitive design to effectively explore the design space when multiple accelerators are integrated and to speed up the verification of accelerators. This improves their reusability across SoC platforms, while ensuring correctness when the accelerators are integrated with the various components of the SoC. In addition, the accelerator interfaces improve the integration with software by making it transparent and by establishing a strong layer of protection between accelerators and applications.The interfaces aim at securing the accelerators and the applications without requiring modifications to the accelerator implementations and without degrading their performance and energy efficiency.

Computer science

Computer engineering

Computer security

Open Source IPSEC Software in Manned and Unmanned Space Missions

Edwards, Jacob

11 August 2012

Network security is a major topic of research because cyber attackers pose a threat to national security. Securing ground-space communications for NASA missions is important because attackers could endanger mission success and human lives. This thesis describes how an open source IPsec software package was used to create a secure and reliable channel for ground-space communications. A cost efficient, reproducible hardware testbed was also created to simulate ground-space communications. The testbed enables simulation of low-bandwidth and high latency communications links to experiment how the open source IPsec software reacts to these network constraints. Test cases were built that allowed for validation of the testbed and the open source IPsec software. The test cases also simulate using an IPsec connection from mission control ground routers to points of interest in outer space. Tested open source IPsec software did not meet all the requirements. Software changes were suggested to meet requirements.

open source software

IPsec

computer security

space communications

NASA

Agile Approaches for Cybersecurity Systems, IoT and Intelligent Transportation

Tashtoush, Yahya M., Darweesh, Dirar A., Husari, Ghaith, Darwish, Omar A., Darwish, Yousef, Issa, Luai Bani, Ashqar, Huthaifa I.

01 January 2022

To adapt to the rapidly increasing vulnerabilities in software products and cyber threats that exploit them, security professionals are actively working with software developers to produce more secure systems. In software development, agile methods are increasingly adopted in critical software projects where security risks are prominent challenges. This adoption stems from the fact that agile methods are highly iterative and support delivering services and products in smaller batches which allows security professionals to seamlessly integrate software development security activities with agile methodologies. In addition, the iterative nature of agile software development encourages frequent inspections, tests, and patching of software systems to mitigate cybersecurity risks and vulnerabilities. Considering the massive growth of the Internet of Things (IoT) and Intelligent Transportation Systems (ITS) products, the challenge of software development while addressing the security and safety concerns of these devices will continue to increase. This paper presents a comprehensive and detailed review of agile software development in the context of IoT, ITS, and their cybersecurity and risk challenges. Furthermore, we provide a systematic comparison of the reviewed literature based on a set of defined criteria. Finally, we provide a broader outlook and an outline for designing future security-enhanced agile software development solutions for IoT and ITS systems.

adaptation models

computer security

crystals

programming

software

teamwork

transportation

Computing

Testing The Impact Of Training With Simulated Scenarios For Information Security Awareness On Virtual Community Of Practice Members

Tidwell, Craig Leonard

01 January 2011

Information security has become a major challenge for all private and public organizations. The protection of proprietary and secret data and the proper awareness of what is entailed in protecting this data are necessary in all organizations. This treatise examines how simulation and training would influence information security awareness over time in virtual communities of practice under a variety of security threats. The hypothesis of the study was that security-trained members of a virtual community of practice would respond significantly better to routine security processes and attempts to breach security or to violate the security policy of their organization or of their virtual community of practice. Deterrence theory was used as the grounded theory and integrated in the information security awareness training with simulated scenarios. The study provided training with simulated scenarios and then tested the users of a virtual community of practice over an approximately twelve-week period to see if the planned security awareness training with simulated security problem scenarios would be effective in improving their responses to the follow-up tests. The research subjects were divided into four groups, the experimental group and three control groups. The experimental group received all of the training and testing events throughout the twelve-week period. The three control groups received various portions of the training and testing. The data from all of the tests were analyzed using the Kruskal-Wallis iv ranked order test, and it was determined that there was no significant difference between the groups at the end of the data collection. Even though the null hypothesis, which stated that there would be no difference between the groups scores on the information security awareness tests, was not rejected, the groups that received the initial training with the simulated scenarios did perform slightly better from the pre-training test to the post-training test when compared with the control group that did not receive the initial training. More research is suggested to determine how information security awareness training with simulated scenarios and follow-up testing can be used to improve and sustain the security practices of members of virtual communities of practice. Specifically, additional research could include: comparing the effect of training with the simulated scenarios and with training that would not use the simulated security scenarios; the potential benefits of using adaptive and intelligent training to focus on the individual subjects’ weaknesses and strengths; the length of the training with simulated scenarios events, the time between each training event, and the overall length of the training; the demographics of the groups used in the training, and how different user characteristics impact the efficacy of the training with simulated scenarios and testing; and lastly examining how increasing the fidelity of the simulated scenarios might impact the results of the follow-up tests.

Communities of practice

Computer security -- Simulation methods

Deterrence (Strategy)

Engineering

A System for Cell Phone Anti-theft Through Gait Recognition

Stearns, Cameron P. Cstearns

01 June 2014

Studies show that smartphone thefts are a significant problem in the United States. [30] With many upcoming proposals to decrease the theft-rate of such devices, investigating new techniques for preventing smartphone theft is an important area of research. The prevalence of new biometric identification techniques for smartphones has led some researchers to propose biometric anti-theft measures for such devices, similar to the current fingerprint authentication system for iOS. Gait identification, a relatively recent field of study, seems to be a good fit for anti-theft because of the non-intrusive nature of passive pattern recognition in walking. In this paper, we reproduce and extend a modern gait recognition technique proposed in Cell Phone-Based Biometrics by testing the technique outside of the laboratory on real users under everyday conditions. We propose how this technique can be applied to create an anti-theft system, and we discuss future developments that will be necessary before such research is ready to be implemented in a release-quality product. Because previous studies have also centered around the ability to differentiate between individual users from a group, we will examine the accuracy of identifying whether or not a specific user is currently using a system. The system proposed in this paper shows results as high as 91% for cross-fold accuracy for some users; however, the predictive accuracy for a single day’s results ranged from 0.8% accuracy to 92.9% accuracy, showing an unreliability that makes such a system unlikely to be useful under the pressure of real-world conditions.

Computer Security

Mobile Computing

Biometrics

Other Computer Engineering

An Approach To Graph-Based Modeling Of Network Exploitations

Li, Wei

10 December 2005

Computer security professionals and researchers are investigating proactive techniques for studying network-based attack behavior. Attack modeling is one of these research areas. In this dissertation, we address a novel attack modeling technique called an exploitation graph (e-graph) for representing attack scenarios. The key assumption in this research is that we can use exploitation graphs to represent attack scenarios, and methods involving e-graphs can be applied to provide vulnerability mitigation strategies. The modeling process consists of three primary steps. The first step is the creation of a knowledge base of vulnerability graphs (v-graphs) from known system vulnerabilities. Each v-graph shows necessary preconditions in order to make the vulnerability exploitable, and post-conditions that denote effects after a successful exploitation. A template is used to facilitate the definition of preconditions and post-conditions. The second step involves the association of multiple v-graphs to create an e-graph specific to a system being modeled. Network topology information and security policies (e.g., firewall rules) are encoded during the modeling process. A set of experiments were designed to test the modeling approach in a cluster computing environment consisting of one server node and eight internal computing nodes. Experimental results showed that e-graphs can be used to evaluate vulnerability mitigation solutions, e.g., identifying critical vulnerabilities and evaluating firewall policies. The third step of this process focuses on devising graph-simplification techniques for large e-graphs. Efficient graph-simplification techniques are described based on host and exploitation similarity. The most distinctive feature of these techniques is that, they help to simplify the most complex graph-generation process and do not require excessive memory storage. Experimental results showed that these techniques can not only reduce the size of e-graphs substantially, but also preserve most information needed for useful attack scenario analysis. The usefulness of the e-graph approach is shown in this dissertation. As a general approach for system administrators, the proposed techniques can be used in, but is not limited to, the cluster-computing environment in providing proactive Vulnerability Assessment (VA) strategies.

exploitation graph

e-graph

vulnerability assessment

network security

computer security