5,376 research outputs found
Tarmo: A Framework for Parallelized Bounded Model Checking
This paper investigates approaches to parallelizing Bounded Model Checking
(BMC) for shared memory environments as well as for clusters of workstations.
We present a generic framework for parallelized BMC named Tarmo. Our framework
can be used with any incremental SAT encoding for BMC but for the results in
this paper we use only the current state-of-the-art encoding for full PLTL.
Using this encoding allows us to check both safety and liveness properties,
contrary to an earlier work on distributing BMC that is limited to safety
properties only.
Despite our focus on BMC after it has been translated to SAT, existing
distributed SAT solvers are not well suited for our application. This is
because solving a BMC problem is not solving a set of independent SAT instances
but rather involves solving multiple related SAT instances, encoded
incrementally, where the satisfiability of each instance corresponds to the
existence of a counterexample of a specific length. Our framework includes a
generic architecture for a shared clause database that allows easy clause
sharing between SAT solver threads solving various such instances.
We present extensive experimental results obtained with multiple variants of
our Tarmo implementation. Our shared memory variants have a significantly
better performance than conventional single threaded approaches, which is a
result that many users can benefit from as multi-core and multi-processor
technology is widely available. Furthermore we demonstrate that our framework
can be deployed in a typical cluster of workstations, where several multi-core
machines are connected by a network
Software Grand Exposure: SGX Cache Attacks Are Practical
Side-channel information leakage is a known limitation of SGX. Researchers
have demonstrated that secret-dependent information can be extracted from
enclave execution through page-fault access patterns. Consequently, various
recent research efforts are actively seeking countermeasures to SGX
side-channel attacks. It is widely assumed that SGX may be vulnerable to other
side channels, such as cache access pattern monitoring, as well. However, prior
to our work, the practicality and the extent of such information leakage was
not studied.
In this paper we demonstrate that cache-based attacks are indeed a serious
threat to the confidentiality of SGX-protected programs. Our goal was to design
an attack that is hard to mitigate using known defenses, and therefore we mount
our attack without interrupting enclave execution. This approach has major
technical challenges, since the existing cache monitoring techniques experience
significant noise if the victim process is not interrupted. We designed and
implemented novel attack techniques to reduce this noise by leveraging the
capabilities of the privileged adversary. Our attacks are able to recover
confidential information from SGX enclaves, which we illustrate in two example
cases: extraction of an entire RSA-2048 key during RSA decryption, and
detection of specific human genome sequences during genomic indexing. We show
that our attacks are more effective than previous cache attacks and harder to
mitigate than previous SGX side-channel attacks
Markov modeling of moving target defense games
We introduce a Markov-model-based framework for Moving Target Defense (MTD) analysis. The framework allows modeling of broad range of MTD strategies, provides general theorems about how the probability of a successful adversary defeating an MTD strategy is related to the amount of time/cost spent by the adversary, and shows how a multi-level composition of MTD strategies can be analyzed by a straightforward combination of the analysis for each one of these strategies. Within the proposed framework we define the concept of security capacity which measures the strength or effectiveness of an MTD strategy: the security capacity depends on MTD specific parameters and more general system parameters. We apply our framework to two concrete MTD strategies
Deterministic Digital Clustering of Wireless Ad Hoc Networks
We consider deterministic distributed communication in wireless ad hoc
networks of identical weak devices under the SINR model without predefined
infrastructure. Most algorithmic results in this model rely on various
additional features or capabilities, e.g., randomization, access to geographic
coordinates, power control, carrier sensing with various precision of
measurements, and/or interference cancellation. We study a pure scenario, when
no such properties are available. As a general tool, we develop a deterministic
distributed clustering algorithm. Our solution relies on a new type of
combinatorial structures (selectors), which might be of independent interest.
Using the clustering, we develop a deterministic distributed local broadcast
algorithm accomplishing this task in rounds, where
is the density of the network. To the best of our knowledge, this is
the first solution in pure scenario which is only polylog away from the
universal lower bound , valid also for scenarios with
randomization and other features. Therefore, none of these features
substantially helps in performing the local broadcast task. Using clustering,
we also build a deterministic global broadcast algorithm that terminates within
rounds, where is the diameter of the
network. This result is complemented by a lower bound , where is the path-loss parameter of the
environment. This lower bound shows that randomization or knowledge of own
location substantially help (by a factor polynomial in ) in the global
broadcast. Therefore, unlike in the case of local broadcast, some additional
model features may help in global broadcast
HardScope: Thwarting DOP with Hardware-assisted Run-time Scope Enforcement
Widespread use of memory unsafe programming languages (e.g., C and C++)
leaves many systems vulnerable to memory corruption attacks. A variety of
defenses have been proposed to mitigate attacks that exploit memory errors to
hijack the control flow of the code at run-time, e.g., (fine-grained)
randomization or Control Flow Integrity. However, recent work on data-oriented
programming (DOP) demonstrated highly expressive (Turing-complete) attacks,
even in the presence of these state-of-the-art defenses. Although multiple
real-world DOP attacks have been demonstrated, no efficient defenses are yet
available. We propose run-time scope enforcement (RSE), a novel approach
designed to efficiently mitigate all currently known DOP attacks by enforcing
compile-time memory safety constraints (e.g., variable visibility rules) at
run-time. We present HardScope, a proof-of-concept implementation of
hardware-assisted RSE for the new RISC-V open instruction set architecture. We
discuss our systematic empirical evaluation of HardScope which demonstrates
that it can mitigate all currently known DOP attacks, and has a real-world
performance overhead of 3.2% in embedded benchmarks
- …