The Path to Fault- and Intrusion-Resilient Manycore Systems on a Chip

The hardware computing landscape is changing. What used to be distributed systems can now be found on a chip with highly configurable, diverse, specialized and general purpose units. Such Systems-on-a-Chip (SoC) are used to control today's cyber-physical systems, being the building blocks of critical infrastructures. They are deployed in harsh environments and are connected to the cyberspace, which makes them exposed to both accidental faults and targeted cyberattacks. This is in addition to the changing fault landscape that continued technology scaling, emerging devices and novel application scenarios will bring. In this paper, we discuss how the very features, distributed, parallelized, reconfigurable, heterogeneous, that cause many of the imminent and emerging security and resilience challenges, also open avenues for their cure though SoC replication, diversity, rejuvenation, adaptation, and hybridization. We show how to leverage these techniques at different levels across the entire SoC hardware/software stack, calling for more research on the topic

06371 Abstracts Collection -- From Security to Dependability

From 10.09.06 to 15.09.06, the Dagstuhl Seminar 06371 ``From Security to Dependability\u27\u27 was held in the International Conference and Research Center (IBFI), Schloss Dagstuhl. During the seminar, several participants presented their current research, and ongoing work and open problems were discussed. Abstracts of the presentations given during the seminar as well as abstracts of seminar results and ideas are put together in this paper. The first section describes the seminar topics and goals in general. Links to extended abstracts or full papers are provided, if available

From Analysing Operating System Vulnerabilities to Designing Multiversion Intrusion-Tolerant Architectures

This paper analyses security problems of modern computer systems caused by vulnerabilities in their operating systems. Our scrutiny of widely used enterprise operating systems focuses on their vulnerabilities by examining the statistical data available on how vulnerabilities in these systems are disclosed and eliminated, and by assessing their criticality. This is done by using statistics from both the National Vulnerabilities database (NVD) and the Common Vulnerabilities and Exposures system (CVE). The specific technical areas the paper covers are the quantitative assessment of forever-day vulnerabilities, estimation of days-of-grey-risk, the analysis of the vulnerabilities severity and their distributions by attack vector and impact on security properties. In addition, the study aims to explore those vulnerabilities that have been found across a diverse range of operating systems. This leads us to analysing how different intrusion-tolerant architectures deploying the operating system diversity impact availability, integrity and confidentiality

Intrusion Tolerant Routing Protocols for Wireless Sensor Networks

This MSc thesis is focused in the study, solution proposal and experimental evaluation of security solutions for Wireless Sensor Networks (WSNs). The objectives are centered on intrusion tolerant routing services, adapted for the characteristics and requirements of WSN nodes and operation behavior. The main contribution addresses the establishment of pro-active intrusion tolerance properties at the network level, as security mechanisms for the proposal of a reliable and secure routing protocol. Those properties and mechanisms will augment a secure communication base layer supported by light-weigh cryptography methods, to improve the global network resilience capabilities against possible intrusion-attacks on the WSN nodes. Adapting to WSN characteristics, the design of the intended security services also pushes complexity away from resource-poor sensor nodes towards resource-rich and trustable base stations. The devised solution will construct, securely and efficiently, a secure tree-structured routing service for data-dissemination in large scale deployed WSNs. The purpose is to tolerate the damage caused by adversaries modeled according with the Dolev-Yao threat model and ISO X.800 attack typology and framework, or intruders that can compromise maliciously the deployed sensor nodes, injecting, modifying, or blocking packets, jeopardizing the correct behavior of internal network routing processing and topology management. The proposed enhanced mechanisms, as well as the design and implementation of a new intrusiontolerant routing protocol for a large scale WSN are evaluated by simulation. For this purpose, the evaluation is based on a rich simulation environment, modeling networks from hundreds to tens of thousands of wireless sensors, analyzing different dimensions: connectivity conditions, degree-distribution patterns, latency and average short-paths, clustering, reliability metrics and energy cost

Bubbles (Or, Some Reflections on the Basic Laws of Human Relations)

Very few of us want to live in the absolute isolation of a “bubble.” Most humans cherish the capacity to interact with their external environment even when we know that, at times, such exposure makes us susceptible to all sorts of negative effects ranging from mere annoyance to the contraction of deadly illnesses. Yet, because there are so many positive elements and benefits from that interaction and exposure, we often are willing to take the bitter with the sweet. We tolerate much external exposure to bad things in order to take advantage of the collisions with the good things that our outer environment offers. Yet, at the same time, to one extent or another, we all live with, and choose to cherish at times, some metaphorical, protective bubble around us, and it is the law that helps to define that bubble’s contours and provide its relative strength against those forces that might intrude upon it. This Essay understands the right to exclude and the control of externalities as far more than a real property issue, the area of law where it is normally discussed. Most laws regarding human relations involve these same concepts. Individuals have the right to exercise that dominion by doing what they wish with this property in the self and in things, while keeping people and things out (the right to exclude) or letting people and things in (the right to include, consent). The law struggles to formulate rules, including those related to the boundaries of property or the integrity of the body, to protect these bubbles and to define unacceptable externalities and remediable wrongs. This Essay seeks to identify the difficult choices we must make in deciding which intrusions we must accept as normal, inconvenient incidents of life and which we decide to deem externalities against which we should institute enforceable legal rules and protections

On the Control of Microgrids Against Cyber-Attacks: A Review of Methods and Applications

Nowadays, the use of renewable generations, energy storage systems (ESSs) and microgrids (MGs) has been developed due to better controllability of distributed energy resources (DERs) as well as their cost-effective and emission-aware operation. The development of MGs as well as the use of hierarchical control has led to data transmission in the communication platform. As a result, the expansion of communication infrastructure has made MGs as cyber-physical systems (CPSs) vulnerable to cyber-attacks (CAs). Accordingly, prevention, detection and isolation of CAs during proper control of MGs is essential. In this paper, a comprehensive review on the control strategies of microgrids against CAs and its defense mechanisms has been done. The general structure of the paper is as follows: firstly, MGs operational conditions, i.e., the secure or insecure mode of the physical and cyber layers are investigated and the appropriate control to return to a safer mode are presented. Then, the common MGs communication system is described which is generally used for multi-agent systems (MASs). Also, classification of CAs in MGs has been reviewed. Afterwards, a comprehensive survey of available researches in the field of prevention, detection and isolation of CA and MG control against CA are summarized. Finally, future trends in this context are clarified

RV SONNE 241 Cruise Report / Fahrtbericht, Manzanillo, 23.6.2015 – Guayaquil, 24.7.2015 : SO241 - MAKS: Magmatism induced carbon escape from marine sediments as a climate driver – Guaymas Basin, Gulf of California

SO241 set out to test the hypothesis that rift-related magmatism is able to increase carbon emissions from sedimentary basins to the extent that they can actively force climate. To this end we investigated a study area in the Guaymas Basin in the Gulf of California which is one of very few geological settings where rift-related magmatism presently leads to magmatic intrusions into a sediment basin. During the cruise we collected 1100 km of 2D seismic lines to image the extent and volume of magmatic intrusions as well as the extent of metamorphic overprinting of the surrounding sediments and associated subsurface sediment mobilization. We selected three typical seep sites above magmatic intrusions for detailed geochemical studies using gravity corers, multicorers and TV grab. With these samples we will be able to determine the pore water composition to assess the amount and composition of hydrocarbon compounds that are released from these systems. Detailed ocean bottom seismometer measurements at a seep site in the center of the Guaymas Basin will provide further insights into effects of magmatic intrusions on carbon release and diagenetic overprinting of the sediments. It will be possible to reconstruct its long-term seepage history from big carbonate blocks that we have collected with a TV-grab. The northeastern margin of the Guaymas Basin is known for the presence of gas hydrates. During the cruise we collected several seismic lines, which show a clear but unusually shallow BSR indicating high heat flow in the region. Using the seismic data we discovered a previously unknown geological structure on the flank of the northern rift segment: a large mound that seems to consist entirely of black smoker deposits. It seems to be the result of a recent intrusion into the underlying sediments and changes the view how such systems function. The structure was investigated with a comprehensive geochemical, geothermal, and video surveying program which revealed at least seven vents that are active simultaneously. These vents inject methane and helium-rich vent fluids several hundred meters up into the water column. These findings suggest that large-scale magmatism, for example during the opening of an ocean basin under the influence of a hot spot, can be an effective way of liberating large amounts of carbon high up into the water column. The data collected during SO241 will allow us to constrain the amount of carbon that can escape into the atmosphere during LIP emplacement and their relevance on a global scale can be assessed. In addition to reaching the main objectives of the project we discovered a large landslide complex that was probably associated with a tsunami