EHAP-ORAM: Efficient Hardware-Assisted Persistent ORAM System for Non-volatile Memory

Oblivious RAM (ORAM) protected access pattern is essential for secure NVM. In the ORAM system, data and PosMap metadata are maps in pairs to perform secure access. Therefore, we focus on the problem of crash consistency in the ORAM system. Unfortunately, using traditional software-based support for ORAM system crash consistency is not only expensive, it can also lead to information leaks. At present, there is no relevant research on the specific crash consistency mechanism supporting the ORAM system. To support crash consistency without damaging ORAM system security and compromising the performance, we propose EHAP-ORAM. Firstly, we analyze the access steps of basic ORAM to obtain the basic requirements to support the ORAM system crash consistency. Secondly, improve the ORAM controller. Thirdly, for the improved hardware system, we propose several persistence protocols supporting the ORAM system crash consistency. Finally, we compared our persistent ORAM with the system without crash consistency support, non-recursive and recursive EHAP-ORAM only incurs 3.36% and 3.65% performance overhead. The results show that EHAP-ORAM not only supports effective crash consistency with minimal performance and hardware overhead but also is friendly to NVM lifetime

Malware Detection Module using Machine Learning Algorithms to Assist in Centralized Security in Enterprise Networks

Malicious software is abundant in a world of innumerable computer users, who are constantly faced with these threats from various sources like the internet, local networks and portable drives. Malware is potentially low to high risk and can cause systems to function incorrectly, steal data and even crash. Malware may be executable or system library files in the form of viruses, worms, Trojans, all aimed at breaching the security of the system and compromising user privacy. Typically, anti-virus software is based on a signature definition system which keeps updating from the internet and thus keeping track of known viruses. While this may be sufficient for home-users, a security risk from a new virus could threaten an entire enterprise network. This paper proposes a new and more sophisticated antivirus engine that can not only scan files, but also build knowledge and detect files as potential viruses. This is done by extracting system API calls made by various normal and harmful executable, and using machine learning algorithms to classify and hence, rank files on a scale of security risk. While such a system is processor heavy, it is very effective when used centrally to protect an enterprise network which maybe more prone to such threats.Comment: 6 page

Analysis of the consequences of car to micromobility user side impact crashes

Mobility has changed in recent years in cities worldwide, th.anks to tb.e strong rise in vehicles of micromobility. Bicycle riding is the most widespread micromobility transport mode, followed by stand-up electric scooters (e-scooters). This increase in its use has also led to an increase in related crashes. Both cyclists and e-scooter riders are vulnerable road users and are lik.ely to sustain severe injuries in crashes, especially with motor vehicles. The crashes consequences involving cyclists and other micromobility users have already investigated using numerical simulation software, such as MADYMO and PC-Crash. Most of them have been focused on bicycles and electric bicycles, whereas only few of tbem have analyzed e-scooter crashes consequences. Posirisuk: et al. [1] carried out a computational prediction ofhead-ground impact k:inematics :in e-scooter falls. Ptak et al. [2] analyzed the e-scooter user kinematics after a crash against SUV when the e-scooter chives into the sidefront of tbe vehicle, a side B-pillar crash and a frontal impact initiated by tbe e-scooter to tbe front-end of the vehicle. However, they did not study the consequ.ences of a car to e-scooter side impact crashes. Xu et al. [3] did study these crashes but considering electric self-balancing scooters that are less widespread than e-scooters. Current study focuses on the consequences of a car to micromobility user (cyclist and e-scooter rider) side impact crashes. The analysis is based on numerical simulations with PC-Crash software

Building Reliable Software for Persistent Memory

Persistent memory (PMEM) technologies preserve data across power cycles and provide performance comparable to DRAM. In emerging computer systems, PMEM will operate on the main memory bus, becoming byte-addressable and cache-coherent. One key feature enabled by persistent memory is to allow software directly accessing durable data using the CPU’s load/store instructions, even from the user-space.However, building reliable software for persistent memory faces new challenges from two aspects: crash consistency and fault tolerance. Maintaining crash consistency requires the ability to recover data integrity in the event of system crashes. Using load/store instructions to access durable data introduces a new programming paradigm, that is prone to new types of programming errors. Fault tolerance involves detecting and recovering from persistent memory errors, including memory media errors and scribbles from software bugs. With direct access, file systems and user-space applications have to explicitly manage these errors, instead of relying on convenient functions from lower I/O stacks.We identify unique challenges in improving reliability for PMEM-based software and propose solutions. The thesis first introduces NOVA-Fortis, a fault-tolerant PMEM file system incorporating replication, checksums, and parity for protecting the file system’s metadata and the user’s file data. NOVA-Fortis is both fast and resilient in the face of corruption due to media errors and software bugs.NOVA-Fortis only protects file data via the read() and write() system calls. When an application memory-maps a PMEM file, NOVA-Fortis has to disable file data protection because mmap() leaves the file system unaware of updates made to the file. For protecting memory-mapped PMEM data, we present Pangolin, a fault-tolerant persistent object library to protect an application’s objects from persistent memory errors.Writing programs to ensure crash consistency in PMEM remains challenging. Recovery bugs arise as a new type of programming error, preventing a post-crash PMEM file from recovering to a consistent state. Thus, we design two debugging tools for persistent memory programming: PmemConjurer and PmemSanitizer. PmemConjurer is a static analyzer using symbolic execution to find recovery bugs without running a compiled program. PmemSanitizer contains compiler instrumentation and run-time recovery bug analysis, compensating PmemConjurer with multi-threading support and store reordering tests

Automatically Discovering, Reporting and Reproducing Android Application Crashes

Mobile developers face unique challenges when detecting and reporting crashes in apps due to their prevailing GUI event-driven nature and additional sources of inputs (e.g., sensor readings). To support developers in these tasks, we introduce a novel, automated approach called CRASHSCOPE. This tool explores a given Android app using systematic input generation, according to several strategies informed by static and dynamic analyses, with the intrinsic goal of triggering crashes. When a crash is detected, CRASHSCOPE generates an augmented crash report containing screenshots, detailed crash reproduction steps, the captured exception stack trace, and a fully replayable script that automatically reproduces the crash on a target device(s). We evaluated CRASHSCOPE's effectiveness in discovering crashes as compared to five state-of-the-art Android input generation tools on 61 applications. The results demonstrate that CRASHSCOPE performs about as well as current tools for detecting crashes and provides more detailed fault information. Additionally, in a study analyzing eight real-world Android app crashes, we found that CRASHSCOPE's reports are easily readable and allow for reliable reproduction of crashes by presenting more explicit information than human written reports.Comment: 12 pages, in Proceedings of 9th IEEE International Conference on Software Testing, Verification and Validation (ICST'16), Chicago, IL, April 10-15, 2016, pp. 33-4