A Survey of Techniques for Improving Security of GPUs

Graphics processing unit (GPU), although a powerful performance-booster, also has many security vulnerabilities. Due to these, the GPU can act as a safe-haven for stealthy malware and the weakest `link' in the security `chain'. In this paper, we present a survey of techniques for analyzing and improving GPU security. We classify the works on key attributes to highlight their similarities and differences. More than informing users and researchers about GPU security techniques, this survey aims to increase their awareness about GPU security vulnerabilities and potential countermeasures

Sophisticated denial-of-service attack detections through integrated architectural, OS, and appplication level events monitoring

As the first step to defend against DoS attacks, Network-based Intrusion Detection System is well explored and widely used in both commercial tools and research works. Such IDS framework is built upon features extracted from the network traffic, which are application-level features, and is effective in detecting flooding-based DoS attacks. However, in a sophisticated DoS attack, where an attacker manages to bypass the network-based monitors and launch a DoS attack locally, sniffer-based methods have difficulty in differentiating attacks with normal behaviors, since the malicious connection itself behaves in the same manner of normal connections. In this work, we study a Host-based IDS framework which integrates features from architectural and operating system (OS) levels to improve performance of sophisticated DoS intrusion detection. Network traffic collected from a campus network, and real-world exploits are used to provide a realistic evaluation

On Ladder Logic Bombs in Industrial Control Systems

In industrial control systems, devices such as Programmable Logic Controllers (PLCs) are commonly used to directly interact with sensors and actuators, and perform local automatic control. PLCs run software on two different layers: a) firmware (i.e. the OS) and b) control logic (processing sensor readings to determine control actions). In this work, we discuss ladder logic bombs, i.e. malware written in ladder logic (or one of the other IEC 61131-3-compatible languages). Such malware would be inserted by an attacker into existing control logic on a PLC, and either persistently change the behavior, or wait for specific trigger signals to activate malicious behaviour. For example, the LLB could replace legitimate sensor readings with manipulated values. We see the concept of LLBs as a generalization of attacks such as the Stuxnet attack. We introduce LLBs on an abstract level, and then demonstrate several designs based on real PLC devices in our lab. In particular, we also focus on stealthy LLBs, i.e. LLBs that are hard to detect by human operators manually validating the program running in PLCs. In addition to introducing vulnerabilities on the logic layer, we also discuss countermeasures and we propose two detection techniques.Comment: 11 pages, 14 figures, 2 tables, 1 algorith

An Extended Survey on Vehicle Security

The advanced electronic units with wireless capabilities inside modern vehicles have, enhanced the driving experience, but also introduced a myriad of security problems due to the inherent limitations of the internal communication protocol. In the last two decades, a number of security threats have been identified and accordingly, security measures have been proposed. In this paper, we provide a comprehensive review of security threats and countermeasures for the ubiquitous CAN bus communication protocol. Our review of the existing literature leads us to a observation of an overlooked simple, cost-effective, and incrementally deployable solution. Essentially, a reverse firewall, referred to in this paper as an icewall, can be an effective defense against a major class of packet-injection attacks and many denial of service attacks. We cover the fundamentals of the icewall in this paper. Further, by introducing the notion of human-in-the-loop, we discuss the subtle implications to its security when a human driver is accounted for

Automatic Removal of Flaws in Embedded System Software

Tese de mestrado, Segurança Informática, Universidade de Lisboa, Faculdade de Ciências, 2022Currently, embedded systems are present in a myriad of devices, such as Internet of Things, drones, and Cyber-physical Systems. The security of these devices can be critical, depending on the context they are integrated and the role they play (e.g., water plant, car). C is the core language used to develop the software for these devices and is known for missing the bounds of its data types, which leads to vulnerabilities such as buffer overflows. These vulnerabilities, when exploited, cause severe damage and can put human life in danger. Therefore, the software of these devices must be secure. One of the concerns with vulnerable C programs is to correct the code automatically, employing secure code that can remove the existing vulnerabilities and avoid attacks. However, such task faces some challenges after finding the vulnerabilities, namely determining what code is needed to remove them and where to insert that code, maintaining the correct behavior of the application after applying the code correction, and verifying that the generated code correction is secure and effectively removes the vulnerabilities. Another challenge is to accomplish all these elements automatically. This work aims to study diverse types of buffer overflow vulnerabilities in the C programming lan guage, forms to build secure code for invalidating such vulnerabilities, including functions from the C language that can be used to remove flaws. Based on this knowledge, we propose an approach that automatically, after discovering and confirming potential vulnerabilities of an application, applies code correction to fix the vulnerable code of those vulnerabilities verified and validate the new code with fuzzing/attack injection. We implemented our approach and evaluated it with a set of test cases and with real applications. The experimental results showed that the tool detected the intended vulnerabilities and generated corrections capable of removing the vulnerabilities found

APHID: Anomaly Processor in Hardware for Intrusion Detection

The Anomaly Processor in Hardware for Intrusion Detection (APHID) is a step forward in the field of co-processing intrusion detection mechanism. By using small, fast hardware primitives APHID relieves the production CPU from the burden of security processing. These primitives are tightly coupled to the CPU giving them access to critical state information such as the current instruction(s) in execution, the next instruction, registers, and processor state information. By monitoring these hardware elements, APHID is able to determine when an anomalous action occurs within one clock cycle. Upon detection, APHID can force the processor into a corrective state, or a halted state, depending on the required response. APHID primitives also harden the production system against attacks such as Distribute Denial of Service attack and buffer overflow attacks. APHID is designed to be fast and agile, with the ability to create multiple monitors that switch in and out of monitoring with the context switches of the production processor to highly focused coverage over multiple devices and sections of code