Evaluating Software-based Hardening Techniques for General-Purpose Registers on a GPGPU

Graphics Processing Units (GPUs) are considered a promising solution for high-performance safety-critical applications, such as self-driving cars. In this application domain, the use of fault tolerance techniques is mandatory to detect or correct faults, since they must work properly even in the presence of faults. GPUs are designed with aggressive technology scaling, which makes them susceptible to faults caused by radiation interference, such as the Single Event Upsets (SEUs), which can lead the system to fail, and that is unacceptable in safety-critical applications. In this paper, we evaluate different software-based hardening techniques developed to detect SEUs in GPUs general-purpose registers and propose optimizations to improve performance and memory utilization. The techniques are implemented in three case-study applications and evaluated in a general-purpose soft-core GPU based on the NVIDIA G80 architecture. A fault injection campaign is performed at register transfer level to assess the fault detection potential of the implemented techniques. Results show that the proposed improvements can be tailored for different scenarios, helping engineers in navigating the design space of hardened GPGPU applications

Analyzing the Sensitivity of GPU Pipeline Registers to Single Events Upsets

Graphics processing units are available solutions for high-performance safety-critical applications, such as self-driving cars. In this application domain, functional-safety and reliability are major concerns. Thus, the adoption of fault tolerance techniques is mandatory to detect or correct faults, since these devices must work properly, even when faults are present. GPUs are designed and implemented with cutting-edge technologies, which makes them sensitive to faults caused by radiation interference, such as single event upsets. These effects can lead the system to a failure, which is unacceptable in safety-critical applications. Therefore, effective detection and mitigation strategies must be adopted to harden the GPU operation. In this paper, we analyze transient effects in the pipeline registers of a GPU architecture. We run four applications at three GPU configurations, considering the source of the fault, its effect on the GPU, and the use of software-based hardening techniques. The evaluation was performed using a general-purpose soft-core GPU based on the NVIDIA G80 architecture. Results can guide designers in building more resilient GPU architectures

A Model-Based Soft Errors Risks Minimization Approach

Minimizing the risk of system failure in any computer structure requires identifying those components whose failure is likely to impact on system functionality. Clearly, the degree of protection or prevention required against faults is not the same for all components. Tolerating soft errors can be much improved if critical components can be identified at an early design phase and measures are taken to lower their criticalities at that stage. This improvement is achieved by presenting a criticality ranking (among the components) formed by combining a prediction of faults, consequences of them, and a propagation of errors at the system modeling phase; and pointing out ways to apply changes in the model to minimize the risk of degradation of desired functionalities. Case study results are given to validate the approach

Security in remote monitoring devices in critical areas

Dissertação de mestrado integrado em Engineering and Management of Information SystemsThe use of Information Technologies has grown exponentially over the past years affecting many critical sectors from the industrial to the financial, energy, and health sectors. The ability to track and remotely monitor people and objects in real-time is one of the changes made possible by Information Technologies. Although those Information Technologies innovations sprang several significant advantages for people and organizations, there are also some security and privacy concerns regarding the monitoring of people, objects, and processes in critical areas. Every day new and more effective cyberattacks are discovered which steal sensitive information from their holders and affect people and organizations. Computational power is increasing and organizations are emerging whose main objective is to profit from the sale of the stolen information assets. These attacks can impact critical areas, such as health and energy; they may even jeopardize the physical integrity of individuals. In Healthcare, a Critical Area, the number of Remote Patient Monitoring Devices Systems is increasing, and the number of patients using them increases as well. At the same time, there have been identified new security vulnerabilities on high technological medical devices. People privacy is also being called into question. Several privacy gaps have forced governments to take action with the main objective of safeguarding the privacy of their citizens, as was the case with the much-discussed General Data Protection Regulation of the European Union. Standards and Frameworks play an important role in the improvement o security. In this scientific work, it was developed and validated a proposal of a sector-specific Security Framework that can be applied to Remote Patient Monitoring Devices Systems to improve their overall security. That framework is based on the best widely spread Security Standards and Frameworks. The Framework define 30 requirements divided into 5 assets. Each requirement has one or more functions, in a total of 4 available. It was also defined 8 implementation groups. To validate the Framework it was developed a Remote Patient Monitoring Device System Simulator composed by a Micro-controller NodeMCU with an ESP8266 Wi-Fi chip connected to a Heart Rate Analog Sensor, and an Interface. When applied to the Framework, the developed simulator obtained a score of 9 in 29 available requirements for that implementation group device. The selected research method used to guide this scientific research was the Design Science Research.A utilização das Tecnologias de Informação tem crescido exponencialmente ao longo dos últimos anos afetando vários setores críticos que vão desde a indústria, passando pelo setor financeiro, energético e até mesmo pela saúde. A capacidade de acompanhamento e monitorização remota de pessoas e objetos em tempo real é uma das mudanças potenciadas pelas Tecnologias de Informação. Embora destas inovações ao nível das Tecnologias de Informação advenham um conjunto de vantagens significativas para pessoas e organizações, surgem também algumas preocupações ao nível da segurança e privacidade no que concerne à monitorização de pessoas, objetos e processos em áreas críticas. Diariamente são identificados e descritos novos e mais eficazes ataques cibernéticos, a pessoas e organizações com o intuito de roubar informação sensível para os seus detentores. O poder computacional é crescente e insurgem-se organizações cujo principal objetivo é lucrar com a venda de ativos informacionais roubados. Estes ataques podem atingir áreas tão críticas, como o setor da saúde e energético, podendo mesmo colocar em causa a integridade física de pessoas. Nos cuidados de saúde, uma área crítica, o número de Sistemas de Dispositivos de Monitorização Remota esta a crescer, bem como o número de pacientes que os usam. Ao mesmo tempo, têm sido identificadas novas vulnerabilidades de segurança em dispositivos médicos altamente tecnológicos. A privacidade das pessoas está também a ser comprometida. É possível assistir-se a várias falhas ao nível da privacidade que obrigou os governos a tomar medidas com o principal objetivo de salvaguardar a privacidade dos seus cidadãos como foi o caso do tão falado Regulamento Geral de Proteção de Dados da União Europeia. Standards e Frameworks desempenham um papel importante na melhoria da segurança. Neste trabalho de investigação foi desenvolvida e validada uma proposta de Framework de Segurança específica para o setor da Saúde e que pode ser aplicada em Sistemas de Dispositivos de Monitorização Remota com o objetivo de aumentar a sua segurança. Esta Framework é baseada nas melhores e mais usadas Frameworks e Standards. A Framework define 30 requisitos divididos em 5 ativos. Cada requisito tem uma ou mais funções, de um total de 4. Foi também definido 8 grupos de implementação. Para validar a Framework foi desenvolvido um Simulador composto por um micro controlador NodeMCU com um chip Wi-FI ESP8266 conectado a um Sensor Analógico de Frequência Cardíaca. Quando aplicado à Framework, o simulador obteve um score de 9 em 29 requisitos disponíveis para aquele grupo de implementação. A metodologia de investigação selecionada para guiar este projeto foi a Design Science Research

Aplicação extraterritorial de regulamentos de direitos autorais no Equador por serviços de computação em nuvem: Termos de Serviço do Twitter e do YouTube

The internet is transforming society on a global level, especially due to the increasing popularity of social media services such as Twitter, Facebook and YouTube. Because cloud computing characteristics have tangible effects on enterprises and economics growth globally, it is necessary to create an understanding of cloud computing’s cross-border nature and the effects of and such paradigm for social media artists located in Ecuador. Therefore, this paper seeks the following objectives: firstly, to establish how Ecuadorian artists can be bound by extraterritorial copyright laws by posting their works in YouTube or Twitter. Secondly, to define the benefits and drawbacks of the relation of Ecuadorian artists with YouTube and Twitter. Lastly, this article shows how U.S. copyright laws bind Ecuadorian users of YouTube and Twitter transnationally.Internet está transformando la sociedad a nivel mundial, especialmente debido a la creciente popularidad de las redes sociales tales como Twitter, Facebook y YouTube. Debido a que las características del cloud computing (computación en la nube) tienen efectos tangibles en las empresas y el crecimiento económico a nivel mundial, es necesario crear una comprensión de la naturaleza transfronteriza de este y los efectos de dicho paradigma para los artistas de redes sociales ubicados en Ecuador. Este articulo busca en primer lugar establecer cómo los artistas ecuatorianos pueden estar sujetos a las leyes de derechos de autor extraterritoriales al publicar sus obras en YouTube o Twitter; definir cuáles pueden ser los beneficios y los inconvenientes de la relación extraterritorial entre artistas ecuatorianos con YouTube y Twitter; y explicar cómo las leyes de derechos de autor de los Estados Unidos obligan a usuarios ecuatorianos de YouTube y Twitter a nivel trasnacional.A Internet está transformando a sociedade em todo o mundo, especialmente devido à crescente popularidade das redes sociais como Twitter, Facebook e YouTube. Por conta das características da computação em nuvem terem efeitos tangíveis nos negócios e no crescimento econômico globalmente, é necessário criar uma compreensão da natureza transfronteiriça da computação em nuvem e os efeitos de tal paradigma para os artistas das redes sociais localizados no Equador. Este artigo busca primeiro estabelecer como os artistas equatorianos podem estar sujeitos às leis de direitos autorais extraterritoriais ao postar seus trabalhos no YouTube ou no Twitter; definir quais podem ser as vantagens e desvantagens da relação extraterritorial dos artistas equatorianos com o YouTube e o Twitter; e explicar como as leis de direitos autorais dos EUA vinculam os usuários equatorianos do YouTube e do Twitter transnacionalmente

The ALICE TPC, a large 3-dimensional tracking device with fast readout for ultra-high multiplicity events

The design, construction, and commissioning of the ALICE Time-Projection Chamber (TPC) is described. It is the main device for pattern recognition, tracking, and identification of charged particles in the ALICE experiment at the CERN LHC. The TPC is cylindrical in shape with a volume close to 90 m^3 and is operated in a 0.5 T solenoidal magnetic field parallel to its axis. In this paper we describe in detail the design considerations for this detector for operation in the extreme multiplicity environment of central Pb--Pb collisions at LHC energy. The implementation of the resulting requirements into hardware (field cage, read-out chambers, electronics), infrastructure (gas and cooling system, laser-calibration system), and software led to many technical innovations which are described along with a presentation of all the major components of the detector, as currently realized. We also report on the performance achieved after completion of the first round of stand-alone calibration runs and demonstrate results close to those specified in the TPC Technical Design Report.Comment: 55 pages, 82 figure

Hardware-Assisted Dependable Systems

Unpredictable hardware faults and software bugs lead to application crashes, incorrect computations, unavailability of internet services, data losses, malfunctioning components, and consequently financial losses or even death of people. In particular, faults in microprocessors (CPUs) and memory corruption bugs are among the major unresolved issues of today. CPU faults may result in benign crashes and, more problematically, in silent data corruptions that can lead to catastrophic consequences, silently propagating from component to component and finally shutting down the whole system. Similarly, memory corruption bugs (memory-safety vulnerabilities) may result in a benign application crash but may also be exploited by a malicious hacker to gain control over the system or leak confidential data. Both these classes of errors are notoriously hard to detect and tolerate. Usual mitigation strategy is to apply ad-hoc local patches: checksums to protect specific computations against hardware faults and bug fixes to protect programs against known vulnerabilities. This strategy is unsatisfactory since it is prone to errors, requires significant manual effort, and protects only against anticipated faults. On the other extreme, Byzantine Fault Tolerance solutions defend against all kinds of hardware and software errors, but are inadequately expensive in terms of resources and performance overhead. In this thesis, we examine and propose five techniques to protect against hardware CPU faults and software memory-corruption bugs. All these techniques are hardware-assisted: they use recent advancements in CPU designs and modern CPU extensions. Three of these techniques target hardware CPU faults and rely on specific CPU features: ∆-encoding efficiently utilizes instruction-level parallelism of modern CPUs, Elzar re-purposes Intel AVX extensions, and HAFT builds on Intel TSX instructions. The rest two target software bugs: SGXBounds detects vulnerabilities inside Intel SGX enclaves, and “MPX Explained” analyzes the recent Intel MPX extension to protect against buffer overflow bugs. Our techniques achieve three goals: transparency, practicality, and efficiency. All our systems are implemented as compiler passes which transparently harden unmodified applications against hardware faults and software bugs. They are practical since they rely on commodity CPUs and require no specialized hardware or operating system support. Finally, they are efficient because they use hardware assistance in the form of CPU extensions to lower performance overhead

Physical Fault Injection and Side-Channel Attacks on Mobile Devices:A Comprehensive Analysis

Today's mobile devices contain densely packaged system-on-chips (SoCs) with multi-core, high-frequency CPUs and complex pipelines. In parallel, sophisticated SoC-assisted security mechanisms have become commonplace for protecting device data, such as trusted execution environments, full-disk and file-based encryption. Both advancements have dramatically complicated the use of conventional physical attacks, requiring the development of specialised attacks. In this survey, we consolidate recent developments in physical fault injections and side-channel attacks on modern mobile devices. In total, we comprehensively survey over 50 fault injection and side-channel attack papers published between 2009-2021. We evaluate the prevailing methods, compare existing attacks using a common set of criteria, identify several challenges and shortcomings, and suggest future directions of research

Blockchain based Identity Management and Ticketing for MaaS

Trabalho de projeto de mestrado, Engenharia Informatica (Engenharia de Software) Universidade de Lisboa, Faculdade de Ciências, 2020As time moves further into the 21st century, the world is progressively becoming more sophisticated, and our capacity to forecast the future is decreasing at the same rate. The emerging global problems require new kinds of tools paving the way to move forward. Across Europe, privatised public transport systems are frequently conceived in separation by an operator resulting in legacy systems with proprietary ticketing solutions causing fragmentation and lack of uniformity of information. The Mobility-as-a-Service (MaaS) concept promises to solve existing problems in the transport industry since it allows the integration of different mobility services, such as car and bicycle sharing, among others, with traditional public transport. To plan a trip, passengers have several mobility options, interconnected to each other, with a range of alternatives according to their preferences. However, it is a huge challenge to expand the MaaS network that includes several operators. Recent innovations in Blockchain and distributed ledger technologies, especially the current developments of smart contracts, it is expected that a novel distributed approach to MaaS is finally feasible. MaaS systems benefit from the power of Blockchain disruptive technology, improving transparency and trust among service providers thereby eliminat ing the middle tier. In order to implement the new MaaS concept and take advantage of the high volumes of data relating to passengers and their tickets, it is essential that trans port operators have a unified system, thus allowing each participant to create, view and modify the information. This project enables the development of a new ticketing solution based on Blockchain, with an Identity Management module capable of managing the identities of passengers across the entire system, as well as the creation of a MaaS application mock-up for the passenger. Finally, the proposed system is evaluated in terms of operation and perfor mance, according predefined use cases and requirements. Results are achieved in terms of the collaboration between multiple service providers operating on a single platform

Handbook for New Actors in Space

Driven by Cold War tensions between the US and the Soviet Union, the space race began almost 60 years ago. Each power was racing to accomplish new feats in space and demonstrate its superiority. In 2017, while much remains the same, much has changed. Space actors comprise a wide variety of national and non-governmental entities comprising diverse rationales, goals, and activities. More than 70 states, commercial companies, and international organizations currently operate more than 1,500 satellites in Earth orbit. Driven largely by the commoditization of space technology and the lowering of barriers to participation, the number of space actors is growing. This broadening of space has both advantages and disadvantages. On the positive side, it is leading to greatly increased technological innovations, lower costs, and greater access to the beneficial capabilities and services offered by satellites. However, the accelerated growth in space activities and the influx of new actors has the potential to exacerbate many of the current threats to the long-term sustainable use of space. These threats include on-orbit crowding, radio-frequency interference, and the chances of an incident in space sparking or escalating geopolitical tensions on Earth. Michael K. Simpson, Ph.D. - Executive Director, Secure World Foundatio