222 research outputs found
Covert Bits Through Queues
We consider covert communication using a queuing timing channel in the
presence of a warden. The covert message is encoded using the inter-arrival
times of the packets, and the legitimate receiver and the warden observe the
inter-departure times of the packets from their respective queues. The
transmitter and the legitimate receiver also share a secret key to facilitate
covert communication. We propose achievable schemes that obtain non-zero covert
rate for both exponential and general queues when a sufficiently high rate
secret key is available. This is in contrast to other channel models such as
the Gaussian channel or the discrete memoryless channel where only
covert bits can be sent over channel uses, yielding
a zero covert rate.Comment: To appear at IEEE CNS, October 201
Securing Real-Time Internet-of-Things
Modern embedded and cyber-physical systems are ubiquitous. A large number of
critical cyber-physical systems have real-time requirements (e.g., avionics,
automobiles, power grids, manufacturing systems, industrial control systems,
etc.). Recent developments and new functionality requires real-time embedded
devices to be connected to the Internet. This gives rise to the real-time
Internet-of-things (RT-IoT) that promises a better user experience through
stronger connectivity and efficient use of next-generation embedded devices.
However RT- IoT are also increasingly becoming targets for cyber-attacks which
is exacerbated by this increased connectivity. This paper gives an introduction
to RT-IoT systems, an outlook of current approaches and possible research
challenges towards secure RT- IoT frameworks
A Survey of Techniques for Improving Security of GPUs
Graphics processing unit (GPU), although a powerful performance-booster, also
has many security vulnerabilities. Due to these, the GPU can act as a
safe-haven for stealthy malware and the weakest `link' in the security `chain'.
In this paper, we present a survey of techniques for analyzing and improving
GPU security. We classify the works on key attributes to highlight their
similarities and differences. More than informing users and researchers about
GPU security techniques, this survey aims to increase their awareness about GPU
security vulnerabilities and potential countermeasures
A Novel Side-Channel in Real-Time Schedulers
We demonstrate the presence of a novel scheduler side-channel in preemptive,
fixed-priority real-time systems (RTS); examples of such systems can be found
in automotive systems, avionic systems, power plants and industrial control
systems among others. This side-channel can leak important timing information
such as the future arrival times of real-time tasks.This information can then
be used to launch devastating attacks, two of which are demonstrated here (on
real hardware platforms). Note that it is not easy to capture this timing
information due to runtime variations in the schedules, the presence of
multiple other tasks in the system and the typical constraints (e.g.,
deadlines) in the design of RTS. Our ScheduLeak algorithms demonstrate how to
effectively exploit this side-channel. A complete implementation is presented
on real operating systems (in Real-time Linux and FreeRTOS). Timing information
leaked by ScheduLeak can significantly aid other, more advanced, attacks in
better accomplishing their goals
Vulnerability Analysis and Mitigation of Directed Timing Inference Based Attacks on Time-Triggered Systems
Much effort has been put into improving the predictability of real-time systems, especially in safety-critical environments, which provides designers with a rich set of methods and tools to attest safety in situations with no or a limited number of accidental faults. However, with increasing connectivity of real-time systems and a wide availability of increasingly sophisticated exploits, security and, in particular, the consequences of predictability on security become concerns of equal importance. Time-triggered scheduling with offline constructed tables provides determinism and simplifies timing inference, however, at the same time, time-triggered scheduling creates vulnerabilities by allowing attackers to target their attacks to specific, deterministically scheduled and possibly safety-critical tasks. In this paper, we analyze the severity of these vulnerabilities by assuming successful compromise of a subset of the tasks running in a real-time system and by investigating the attack potential that attackers gain from them. Moreover, we discuss two ways to mitigate direct attacks: slot-level online randomization of schedules, and offline schedule-diversification. We evaluate these mitigation strategies with a real-world case study to show their practicability for mitigating not only accidentally malicious behavior, but also malicious behavior triggered by attackers on purpose
- …