INTERNET OF THINGS SYSTEMS SECURITY: BENCHMARKING AND PROTECTION

Naif S Almakhdhub (8810120)

07 May 2020

<div><p>Internet of Things (IoT) systems running on Microcontrollers (MCUS) have become a prominent target of remote attacks. Although deployed in security and safety critical domains, such systems lack basic mitigations against control-flow hijacking attacks. Attacks against IoT systems already enabled malicious takeover of smartphones, vehicles, unmanned aerial vehicles, and industrial control systems.</p></div><div><p> </p><div><p>The thesis introduces a systemic analysis of previous defense mitigations to secure IoT systems. Building off this systematization, we identify two main issues in IoT systems security. First, efforts to protect IoT systems are hindered by the lack of realistic benchmarks and evaluation frameworks. Second, existing solutions to protect from control-flow hijacking on the return edge are either impractical or have limited security guarantees. This thesis addresses these issues using two approaches. </p></div><div><p> </p></div><div><p>First, we present BenchIoT, a benchmark suite of five realistic IoT applications and an evaluation framework that enables automated and extensible evaluation of 14 metrics covering security, performance, memory usage, and energy. BenchIoT enables evaluating and comparing security mechanisms. Using BenchIoT, we show that even if two security mechanisms have similarly modest runtime overhead, one can have undesired consequences on security such as a large portion of privileged user execution.</p></div><div><p> </p></div><div><p>Second, we introduce Return Address Integrity (RAI), a novel security mechanism to prevent all control-flow hijacking attacks targeting return edges, without requiring special hardware. We design and implement μRAI to enforce the RAI property. Our results show μRAI has a low runtime overhead of 0.1% on average, and therefore is a</p></div><div><p>practical solution for IoT systems. </p></div><div><p> </p></div><div><p>This thesis enables measuring the security IoT systems through standardized benchmarks and metrics. Using static analysis and runtime monitors, it prevents control-flow hijacking attacks on return edges with low runtime overhead. Combined, this thesis advances the state-of-the-art of protecting IoT systems and benchmarking its security.</p></div></div>

Computer Engineering

Applied Computer Science

Computer System Security

Cyber security

Computer Security

System Security

Software Security

Embedded Systems Security

IoT Security

Internet of things(IoT)

control-flow hijacking

embedded systems

Cybersecurity

Multidimensional flow mapping for proportional valves

Sitte, André, Koch, Oliver, Liu, Jianbin, Tautenhahn, Ralf, Weber, Jürgen

25 June 2020

Inverse, multidimensional input-output flow mapping is very important for use of valves in precision motion control applications. Due to the highly nonlinear characteristic and uncertain model structure of the cartridge valves, it is hard to formulate the modelling of their flow mappings into simple parameter estimation problems. This contribution conducts a comprehensive analysis and validation of three- and four-dimensional input-output-mapping approaches for a proportional pilot operated seat valves. Therefore, a virtual and a physical test-rig setup are utilized for initial measurement, implementation and assessment. After modeling and validating the valve under consideration, as a function of flow, pressure and temperature different mapping methods are investigated. More specifically, state of the art approaches, deep-learning methods and a newly developed approach (extPoly) are examined. Especially ANNs and Polynomials show reasonable approximation results even for more than two inputs. However, the results are strongly dependent on the structure and distribution of the input data points. Besides identification effort, the invertibility was investigated.

info:eu-repo/classification/ddc/620

ddc:620

TAMING IRREGULAR CONTROL-FLOW WITH TARGETED COMPILER TRANSFORMATIONS

Charitha Saumya Gusthinna Waduge (15460634)

15 May 2023

<p>    </p> <p>Irregular control-flow structures like deeply nested conditional branches are common in real-world software applications. Improving the performance and efficiency of such programs is often challenging because it is difficult to analyze and optimize programs with irregular control flow. We observe that real-world programs contain similar or identical computations within different code paths of the conditional branches. Compilers can merge similar code to improve performance or code size. However, existing compiler optimizations like code hoisting/sinking, and tail merging do not fully exploit this opportunity. We propose a new technique called Control-Flow Melding (CFM) that can merge similar code sequences at the control-flow region level. We evaluate CFM in two applications. First, we show that CFM reduces the control divergence in GPU programs and improves the performance. Second, we apply CFM to CPU programs and show its effectiveness in reducing code size without sacrificing performance. In the next part of this dissertation, we investigate how CFM can be extended to improve dynamic test generation techniques like Dynamic Symbolic Execution (DSE). DSE suffers from path explosion problem when many conditional branches are present in the program. We propose a non-semantics-preserving branch elimination transformation called CFM-SE that reduces the number of symbolic branches in a program. We also provide a framework for detecting and reasoning about false positive bugs that might be added to the program by non-semantics-preserving transformations like CFM-SE. Furthermore, we evaluate CFM-SE on real-world applications and show its effectiveness in improving DSE performance and code coverage. </p>

High performance computing

Performance evaluation

Automated software engineering

Programming languages

Compilers

LLVM

Software Engineering

GPGPU Computing

Code Size

Software Testing

Control-flow Divergence

Hardware and Software Fault-Tolerance of Softcore Processors Implemented in SRAM-Based FPGAs

Rollins, Nathaniel Hatley

09 March 2012

Softcore processors are an attractive alternative to using expensive radiation-hardened processors for space-based applications. Since they can be implemented in the latest SRAM-based FPGA technologies, they are fast, flexible and significantly less expensive. However, unlike ASIC-based processors, the logic and routing of a softcore processor are vulnerable to the effects of single-event upsets (SEUs). To protect softcore processors from SEUs, this dissertation explores the processor design-space for the LEON3 softcore processor implemented in a commercial SRAM-based FPGA. The traditional mitigation techniques of triple modular redundancy (TMR) and duplication with compare (DWC) and checkpointing provide reliability to a softcore processor at great spatial cost. To reduce the spatial cost, terrestrial ASIC-based processor protection techniques are applied to the LEON3 processor. These techniques come at the cost of time instead of area. The software fault-tolerance techniques used to protect the logic and routing of the LEON3 softcore processor include a modified version of software implemented fault tolerance (SWIFT), consistency checks, software indications, and checkpointing. To measure the reliability of a mitigated LEON3 softcore processor, an updated hardware fault-injection model is created, and novel reliability metrics are employed. The improvement in reliabilty over an unmitigated LEON3 is measured using four metrics: architectural vulnerability factor (AVF), mean time to failure (MTTF), mean useful instructions to failure (MuITF), and reliability-area-performance (RAP). Traditional reliability techniques provide the best reliability: DWC with checkpointing improves the MTTF and MuITF by almost 35x and TMR with triplicated input and outputs improves the MTTF and MuITF by almost 6000x. Software fault-tolerance provides significant reliability for a much lower area cost. Each of these techniques provides greater processor protection than a popular state-of-the-art rad-hard processor.

FPGA

reliability

SEU

radiation effects

softcore processors

software fault-tolerance

checkpointing

consistency checks

control-flow monitoring

software indicators

duplication with compare

TMR

AVF

MTTF

MuITF

probability modeling

hardware fault-injection

Electrical and Computer Engineering

On the (in)security of behavioral-based dynamic anti-malware techniques

Ersan, Erkan

21 April 2017

The Internet has become the primary vector for the delivery of malicious code in cyber attacks, and malware has rapidly become a pervasive critical threat. Anti- malware products offer effective protection from malware threats for servers and endpoint devices using a variety of techniques. Advanced enterprise-level anti-malware products rely on state-of-art behavioral-based detection algorithms, in addition to traditional signature-based mechanisms. These dynamic detection techniques have been around for more than a decade and in response hackers have developed methods to evade them. However, currently known bypass methods require intensive manual labor. Moreover, this manual work has to be repeated whenever a parameter of the environment (such as the payload, operating system, Antivirus version, etc) changes, making these methods impractical. This may lead to the belief that dynamic techniques provide a good deterrence, and hence good protection. In this thesis we evaluate dynamic techniques. Specifically, we build tools to implement generic unhooking and funneling, and using these tools we show how dynamic techniques can be bypassed with considerably less effort than by fully manual methods. We also extend the repertoire of existing bypass methods and introduce a new malicious function call technique which exploits detection techniques that monitor a limited collection of critical system functions, as well as a method for bypassing guard-page protections. We demonstrate the effectiveness of all our techniques by conducting attacks against two enterprise antivirus products. Our results lead us to conclude that that dynamic techniques do not provide sufficient protection. / Graduate / 2018-02-07 / 0984 / erkanersan@gmail.com

Malware

Malware Detection

Computer Security

Anti-malware

Antivirus

Cyber Attacks

Behavioral-based Detection

EMET

Hooking

Unhooking

Guard Pages

Bypassing Techniques

Evasion Techniques

Evasion

funneling

Control Flow Integrity

CFI

Web-based malware

ROP

Return-Oriented Programming

Shellcode

Payload

Windows

Anti-malware Evaluation

Antivirus Evaluation

Anti-malware Effectiveness

Antivirus Effectiveness

Über Minoren gerichteter Graphen

Seidler, Steffen

17 May 2011

Seit 1983 begründet die Publikationsreihe "Graph Minors" von N. Robertson und P.D. Seymour im Wesentlichen die Minorentheorie mit mächtigen Hilfsmitteln wie der Baumzerlegung und weitreichenden Resultaten wie dem Minorensatz. Für gerichtete Graphen existiert allerdings noch keine einheitliche Minorentheorie und verschiedene Ansätze werden in dieser Arbeit systematisiert. Einige gerichtete Versionen der Baumzerlegung (gerichtete Baumzerlegung nach B. Reed, arboreale, D- und DAG-Zerlegung) werden unter einheitlichen Aspekten untersucht. Die D-Weite ist dabei besonders vielversprechend. Enge Verbindungen zu zwei gerichteten Räuber-und-Gendarmen-Spielen werden unter analogen Aspekten betrachtet und sind wichtige Hilfsmittel. Der zentrale Begriff des Minoren ist im Wesentlichen für ungerichtete Graphen definiert und eine gerichtete Version wirft einige Probleme auf, welche untersucht werden. In \"Directed Tree-Width\" schlugen T. Johnson, N. Robertson, P.D. Seymour und R. Thomas 2001 einen Kompromiss vor. Durch Einschränkung der möglichen Kontraktionen soll der gewonnen Minorenbegriff mit einigen fundamentalen Anforderungen vereinbar sein und trotzdem ein mächtiges Werkzeug darstellen. Dieser Ansatz wird mit einer Anforderungsliste systematisch verfolgt und schrittweise Einschränkungen betrachtet. Die gerichtete Version topologischer Minoren ist dabei besonders vielversprechend. Die Minorentheorie gerichteter Graphen wird auf reduzible Flussgraphen angewandt. Wesentliche Resultate sind Konstruktionen arborealer und D-Zerlegungen mit Weite <2, sowie Gegenbeispiele für die Beschränktheit der DAG-Weite. Analoge Resultate folgen für die jeweiligen gerichteten Räuber-und-Gendarmen-Spiele.

Graphentheorie

Graph

Gerichteter Graph

Digraph

Minor

Topologischer Minor

Flussgraph

Kontrollflussgraph

reduzibel

Graph Theory

Graph

Directed Graph

Digraph

Minor

Topological Minor

Flow Graph

Control Flow Graph

reducible

ddc:510

ddc:512

rvk:SK 890

Graphentheorie

Graph

Gerichteter Graph

Digraph <Mathematik>

Minor <Graphentheorie>

Mechanismy zvýšení spolehlivosti vestavěných systémů pracujících v reálném čase / Mechanisms for Dependability Enhancement of Real-Time Embedded Systems

Slimařík, František

January 2010

This thesis deals with issue of reliability of real-time embedded systems. Contains a summary of basic concepts related to field in real-time embedded systems and mechanisms for dependability enhancement through redundancy techniques and control flow checking. Describes the implementation of selected control flow checking mechanisms, the technique uses software watchdog timers, use of hardware n-modular redundancy in software environment and technique of process pairs using operating system uC/OS-II. The different mechanisms are validated by method injection of faults into the chosen data structures of system uC/OS-II.

Über Minoren gerichteter Graphen

Seidler, Steffen

04 February 2011

Seit 1983 begründet die Publikationsreihe "Graph Minors" von N. Robertson und P.D. Seymour im Wesentlichen die Minorentheorie mit mächtigen Hilfsmitteln wie der Baumzerlegung und weitreichenden Resultaten wie dem Minorensatz. Für gerichtete Graphen existiert allerdings noch keine einheitliche Minorentheorie und verschiedene Ansätze werden in dieser Arbeit systematisiert. Einige gerichtete Versionen der Baumzerlegung (gerichtete Baumzerlegung nach B. Reed, arboreale, D- und DAG-Zerlegung) werden unter einheitlichen Aspekten untersucht. Die D-Weite ist dabei besonders vielversprechend. Enge Verbindungen zu zwei gerichteten Räuber-und-Gendarmen-Spielen werden unter analogen Aspekten betrachtet und sind wichtige Hilfsmittel. Der zentrale Begriff des Minoren ist im Wesentlichen für ungerichtete Graphen definiert und eine gerichtete Version wirft einige Probleme auf, welche untersucht werden. In \"Directed Tree-Width\" schlugen T. Johnson, N. Robertson, P.D. Seymour und R. Thomas 2001 einen Kompromiss vor. Durch Einschränkung der möglichen Kontraktionen soll der gewonnen Minorenbegriff mit einigen fundamentalen Anforderungen vereinbar sein und trotzdem ein mächtiges Werkzeug darstellen. Dieser Ansatz wird mit einer Anforderungsliste systematisch verfolgt und schrittweise Einschränkungen betrachtet. Die gerichtete Version topologischer Minoren ist dabei besonders vielversprechend. Die Minorentheorie gerichteter Graphen wird auf reduzible Flussgraphen angewandt. Wesentliche Resultate sind Konstruktionen arborealer und D-Zerlegungen mit Weite <2, sowie Gegenbeispiele für die Beschränktheit der DAG-Weite. Analoge Resultate folgen für die jeweiligen gerichteten Räuber-und-Gendarmen-Spiele.:1 Einleitung 1.1 Grundbegriffe der Graphentheorie 1.2 Reduzibilität 2 Über Minoren von Graphen 2.1 Minoren von Graphen 2.2 Topologische Minoren von Graphen 2.3 Baumzerlegung und Baumweite tw(G) 2.4 Wegzerlegung und Wegbreite pw(G) 2.5 Räuber-und-Gendarmen-Spiele auf Graphen 2.6 Resultate und Anwendungen 3 Über Minoren von Digraphen 3.1 Übertragung der Minorenrelation auf Digraphen 3.2 Hindernisse bei der De?nition einer gerichteten Baumweite 3.3 Arboreale Weite dtw(D) 3.3.1 Arboreale Weite und Räuber-und-Gendarmen-Spiele 3.3.2 Resultate und Anwendungen 3.4 Gerichtete Baumweite dtwR(D) 3.5 D-Weite dw(D) 3.6 DAG-Weite dgw(D) 3.6.1 DAG-Weite und Räuber-und-Gendarmen-Spiele 3.6.2 Resultate und Anwendungen 3.7 Räuber-und-Gendarmen-Spiele auf Digraphen 3.8 Eingeschränkte Minorenrelation für Digraphen 3.8.1 Die Teilgraphenrelation für Digraphen 3.8.2 Die topologische Minorenrelation für Digraphen 3.8.3 Die Minorenrelation auf Digraphen nach JRST 3.8.4 Eingeschränkte Minorenrelationen 4 Verbindungen zwischen Reduzibilität und Minoren von Digraphen 4.1 Reduzibilität und initiale Wurzeldigraphen 4.2 Charakterisierung der Reduzibilität durch eingeschränkte Minoren 4.3 Resultate der Minorentheorie für reduzible initiale Wurzeldigraphen 5 Zusammenfassung und Ausblick Literaturverzeichnis Abbildungsverzeichnis

info:eu-repo/classification/ddc/510

ddc:510

info:eu-repo/classification/ddc/512

ddc:512

On-the-Fly Dynamic Dead Variable Analysis

Self, Joel P.

22 March 2007

State explosion in model checking continues to be the primary obstacle to widespread use of software model checking. The large input ranges of variables used in software is the main cause of state explosion. As software grows in size and complexity the problem only becomes worse. As such, model checking research into data abstraction as a way of mitigating state explosion has become more and more important. Data abstractions aim to reduce the effect of large input ranges. This work focuses on a static program analysis technique called dead variable analysis. The goal of dead variable analysis is to discover variable assignments that are not used. When applied to model checking, this allows us to ignore the entire input range of dead variables and thus reduce the size of the explored state space. Prior research into dead variable analysis for model checking does not make full use of dynamic run-time information that is present during model checking. We present an algorithm for intraprocedural dead variable analysis that uses dynamic run-time information to find more dead variables on-the-fly and further reduce the size of the explored state space. We introduce a definition for the maximal state space reduction possible through an on-the-fly dead variable analysis and then show that our algorithm produces a maximal reduction in the absence of non-determinism.

model checking

computer science

static

static analysis

dynamic analysis

analysis

program

program analysis

Estes

GDB

dead variable analysis

dead variable

live variable

live variable analysis

CFG

abstraction

data abstraction

on-the-fly

static program analysis

control flow graph

software model checking

state space

depth first search

state explosion

state explosion problem

Computer Sciences