Slot Games for Detecting Timing Leaks of Programs

In this paper we describe a method for verifying secure information flow of programs, where apart from direct and indirect flows a secret information can be leaked through covert timing channels. That is, no two computations of a program that differ only on high-security inputs can be distinguished by low-security outputs and timing differences. We attack this problem by using slot-game semantics for a quantitative analysis of programs. We show how slot-games model can be used for performing a precise security analysis of programs, that takes into account both extensional and intensional properties of programs. The practicality of this approach for automated verification is also shown.Comment: In Proceedings GandALF 2013, arXiv:1307.416

The Brave Little Troll - a visual rhythm game for the Deaf and hearing-impaired children

The aim of this work is to reflect and document the multiple phases of the design and development process of The Brave Little Troll, a visual rhythm game for the Deaf and hearing-impaired children. The thesis consists of both the game and the written thesis. The paper is a valuable contribution to the design community as it provides a record of the project challenges and solutions. Thus being a useful resource for other project groups facing similar challenges. The work aims to describe on general level; the project's goals, audience, methods, challenges, solutions, results and limitations. The paper also addresses the future work and application of the game as well as the author's role and involvement in the project

Serberus: Protecting Cryptographic Code from Spectres at Compile-Time

We present Serberus, the first comprehensive mitigation for hardening constant-time (CT) code against Spectre attacks (involving the PHT, BTB, RSB, STL and/or PSF speculation primitives) on existing hardware. Serberus is based on three insights. First, some hardware control-flow integrity (CFI) protections restrict transient control-flow to the extent that it may be comprehensively considered by software analyses. Second, conformance to the accepted CT code discipline permits two code patterns that are unsafe in the post-Spectre era. Third, once these code patterns are addressed, all Spectre leakage of secrets in CT programs can be attributed to one of four classes of taint primitives--instructions that can transiently assign a secret value to a publicly-typed register. We evaluate Serberus on cryptographic primitives in the OpenSSL, Libsodium, and HACL* libraries. Serberus introduces 21.3% runtime overhead on average, compared to 24.9% for the next closest state-of-the-art software mitigation, which is less secure.Comment: Authors' version; to appear in the Proceedings of the IEEE Symposium on Security and Privacy (S&P) 202

Design and Implementation of Algorithms for Traffic Classification

Traffic analysis is the practice of using inherent characteristics of a network flow such as timings, sizes, and orderings of the packets to derive sensitive information about it. Traffic analysis techniques are used because of the extensive adoption of encryption and content-obfuscation mechanisms, making it impossible to infer any information about the flows by analyzing their content. In this thesis, we use traffic analysis to infer sensitive information for different objectives and different applications. Specifically, we investigate various applications: p2p cryptocurrencies, flow correlation, and messaging applications. Our goal is to tailor specific traffic analysis algorithms that best capture network traffic’s intrinsic characteristics in those applications for each of these applications. Also, the objective of traffic analysis is different for each of these applications. Specifically, in Bitcoin, our goal is to evaluate Bitcoin traffic’s resilience to blocking by powerful entities such as governments and ISPs. Bitcoin and similar cryptocurrencies play an important role in electronic commerce and other trust-based distributed systems because of their significant advantage over traditional currencies, including open access to global e-commerce. Therefore, it is essential to the consumers and the industry to have reliable access to their Bitcoin assets. We also examine stepping stone attacks for flow correlation. A stepping stone is a host that an attacker uses to relay her traffic to hide her identity. We introduce two fingerprinting systems, TagIt and FINN. TagIt embeds a secret fingerprint into the flows by moving the packets to specific time intervals. However, FINN utilizes DNNs to embed the fingerprint by changing the inter-packet delays (IPDs) in the flow. In messaging applications, we analyze the WhatsApp messaging service to determine if traffic leaks any sensitive information such as members’ identity in a particular conversation to the adversaries who watch their encrypted traffic. These messaging applications’ privacy is essential because these services provide an environment to dis- cuss politically sensitive subjects, making them a target to government surveillance and censorship in totalitarian countries. We take two technical approaches to design our traffic analysis techniques. The increasing use of DNN-based classifiers inspires our first direction: we train DNN classifiers to perform some specific traffic analysis task. Our second approach is to inspect and model the shape of traffic in the target application and design a statistical classifier for the expected shape of traffic. DNN- based methods are useful when the network is complex, and the traffic’s underlying noise is not linear. Also, these models do not need a meticulous analysis to extract the features. However, deep learning techniques need a vast amount of training data to work well. Therefore, they are not beneficial when there is insufficient data avail- able to train a generalized model. On the other hand, statistical methods have the advantage that they do not have training overhead

Leveraging Gate-Level Properties to Identify Hardware Timing Channels

Abstract—Modern embedded computing systems such as med-ical devices, airplanes, and automobiles continue to dominate some of the most critical aspects of our lives. In such systems, the movement of information throughout a device must be tightly controlled to prevent violations of privacy or integrity. Unfortunately, bounding the flow of information can often present a significant challenge, as information can flow through channels that are difficult to detect, such as timing channels. As has been demonstrated by recent research in hardware security, information flow tracking techniques deployed at the hardware or gate level show promise at identifying these “timing flows ” but provide no formal statements about this claim nor mechanisms for separating out timing information from other types of flows. In this paper, we first prove that gate-level information flow tracking can in fact detect timing flows. In addition, we work to identify these timing flows separately from other flows by presenting a framework for identifying a different type of flow that we call functional flows. By using this framework to either confirm or rule out the existence of such flows, we leverage the previous work in hardware information flow tracking to effectively isolate timing flows. To show the effectiveness of this model, we demonstrate its usage on three practical examples: a shared bus (I2C), a cache in a MIPS-based processor, and an RSA encryption core, all of which were written in Verilog/VHDL and then simulated in a variety of scenarios. In each scenario, we demonstrate how our framework can be used to identify timing and functional flows and also analyze our model’s overhead

NASA Tech Briefs, July 2009

Topics covered include: Dual Cryogenic Capacitive Density Sensor; Hail Monitor Sensor; Miniature Six-Axis Load Sensor for Robotic Fingertip; Improved Blackbody Temperature Sensors for a Vacuum Furnace; Wrap-Around Out-the-Window Sensor Fusion System; Wide-Range Temperature Sensors with High-Level Pulse Train Output; Terminal Descent Sensor Simulation; A Robust Mechanical Sensing System for Unmanned Sea Surface Vehicles; Additive for Low-Temperature Operation of Li-(CF)n Cells; Li/CFx Cells Optimized for Low-Temperature Operation; Number Codes Readable by Magnetic-Field-Response Recorders; Determining Locations by Use of Networks of Passive Beacons; Superconducting Hot-Electron Submillimeter-Wave Detector; Large-Aperture Membrane Active Phased-Array Antennas; Optical Injection Locking of a VCSEL in an OEO; Measuring Multiple Resistances Using Single-Point Excitation; Improved-Bandwidth Transimpedance Amplifier; Inter-Symbol Guard Time for Synchronizing Optical PPM; Novel Materials Containing Single-Wall Carbon Nanotubes Wrapped in Polymer Molecules; Light-Curing Adhesive Repair Tapes; Thin-Film Solid Oxide Fuel Cells; Zinc Alloys for the Fabrication of Semiconductor Devices; Small, Lightweight, Collapsible Glove Box; Radial Halbach Magnetic Bearings; Aerial Deployment and Inflation System for Mars Helium Balloons; Steel Primer Chamber Assemblies for Dual Initiated Pyrovalves; Voice Coil Percussive Mechanism Concept for Hammer Drill; Inherently Ducted Propfans and Bi-Props; Silicon Nanowire Growth at Chosen Positions and Orientations; Detecting Airborne Mercury by Use of Gold Nanowires; Detecting Airborne Mercury by Use of Palladium Chloride; Micro Electron MicroProbe and Sample Analyzer; Nanowire Electron Scattering Spectroscopy; Electron-Spin Filters Would Offer Spin Polarization Greater than 1; Subcritical-Water Extraction of Organics from Solid Matrices; A Model for Predicting Thermoelectric Properties of Bi2Te3; Integrated Miniature Arrays of Optical Biomolecule Detectors; A Software Rejuvenation Framework for Distributed Computing; Kurtosis Approach to Solution of a Nonlinear ICA Problem; Robust Software Architecture for Robots; R4SA for Controlling Robots; Bio-Inspired Neural Model for Learning Dynamic Models; Evolutionary Computing Methods for Spectral Retrieval; Monitoring Disasters by Use of Instrumented Robotic Aircraft; Complexity for Survival of Living Systems; Using Drained Spacecraft Propellant Tanks for Habitation; Connecting Node; and Electrolytes for Low-Temperature Operation of Li-CFx Cells

Easterner, Vol. 21, No. 14, January 27, 1971

This issue includes articles about the availability of camping gear for students, an ombudsman to help students navigate their college experience, the upcoming student election, an student art show, upcoming student and faculty music performances, the proposal for an environmental studies center at Turnbull Wildlife Refuge, women\u27s rights activities on campus, Bob Maplestone\u27s victory at the NAIA Indoor Track Championship, a discussion of homosexuality led by Dr. Frank M. Rosekrans, and new courses in Indian education.https://dc.ewu.edu/student_newspapers/1403/thumbnail.jp

Private computation on public clouds

Public clouds offer valuable services at the expense of privacy. Since the cloud provider controls the privileged software on their machines (the operating system and the hypervisor), they enjoy access to the secrets processed by the applications they host. As a result, users must either trust public clouds or avoid them. Recently, hardware manufacturers have extended CPU designs to provide trusted execution environments (TEEs). Hardware ensures the data inside a TEE can only be accessed by the code inside that TEE, protecting secrets from all software that the provider controls. However, TEEs do not provide meaningful security for many applications on their own. In practice, many applications are proprietary or make use of accelerators like GPUs. Code inside the TEE has access to user secrets and the freedom to communicate them to the outside world; users cannot vet proprietary code to ensure it does not exercise that freedom (accidentally or intentionally). GPUs are not controlled by the CPU directly but instead by drivers under the cloud provider’s control, making it trivial for the cloud provider to extract secrets that the user offloads to a GPU for processing. GPU TEEs can prevent unauthorized access to GPU memory, but communication with the GPU can still leak information. We demonstrate system designs that leverage existing (CPU) and pro- posed (GPU) TEEs that protect users‘ data even when the application code is colluding with the cloud provider to steal it, or when the user offloads parts of the application to GPUs.Computer Science