50 research outputs found
Analyzing ChatGPT's Aptitude in an Introductory Computer Engineering Course
ChatGPT has recently gathered attention from the general public and academia
as a tool that is able to generate plausible and human-sounding text answers to
various questions. One potential use, or abuse, of ChatGPT is in answering
various questions or even generating whole essays and research papers in an
academic or classroom setting. While recent works have explored the use of
ChatGPT in the context of humanities, business school, or medical school, this
work explores how ChatGPT performs in the context of an introductory computer
engineering course. This work assesses ChatGPT's aptitude in answering quizzes,
homework, exam, and laboratory questions in an introductory-level computer
engineering course. This work finds that ChatGPT can do well on questions
asking about generic concepts. However, predictably, as a text-only tool, it
cannot handle questions with diagrams or figures, nor can it generate diagrams
and figures. Further, also clearly, the tool cannot do hands-on lab
experiments, breadboard assembly, etc., but can generate plausible answers to
some laboratory manual questions. One of the key observations presented in this
work is that the ChatGPT tool could not be used to pass all components of the
course. Nevertheless, it does well on quizzes and short-answer questions. On
the other hand, plausible, human-sounding answers could confuse students when
generating incorrect but still plausible answers.Comment: 6 page
Survey of Microarchitectural Side and Covert Channels, Attacks, and Defenses
Over last two decades, side and covert channel research has shown variety of ways of exfiltrating information for a computer system. Processor microarchitectural side and covert channel attacks have emerged as some of the most clever attacks, and ones which are difficult to deal with, without impacting system performance. Unlike electro-magnetic or power-based channels, microarchitectural side and covert channel do not require physical proximity to the target device. Instead, only malicious or cooperating spy applications need to be co-located on the same machine as the victim. And in some attacks even co-location is not needed, only timing of the execution of the victim as measured by a remote attacker over the network can form a side channel for information leaks. This survey extracts the key features of the processor\u27s microarchitectural functional units which make the channels possible, presents an analysis and categorization of the variety of microarchitectural side and covert channels others have presented in literature, and surveys existing defense proposals. With advent of cloud computing and ability to launch microarchitectural side and covert channels even across virtual machines, understanding of these channels is critical
Classification of Quantum Computer Fault Injection Attacks
The rapid growth of interest in quantum computing has brought about the need
to secure these powerful machines against a range of physical attacks. As qubit
counts increase and quantum computers achieve higher levels of fidelity, their
potential to execute novel algorithms and generate sensitive intellectual
property becomes more promising. However, there is a significant gap in our
understanding of the vulnerabilities these computers face in terms of security
and privacy attacks. Among the potential threats are physical attacks,
including those orchestrated by malicious insiders within data centers where
the quantum computers are located, which could compromise the integrity of
computations and resulting data. This paper presents an exploration of
fault-injection attacks as one class of physical attacks on quantum computers.
This work first introduces a classification of fault-injection attacks and
strategies, including the domain of fault-injection attacks, the fault targets,
and fault manifestations in quantum computers. The resulting classification
highlights the potential threats that exist. By shedding light on the
vulnerabilities of quantum computers to fault-injection attacks, this work
contributes to the development of robust security measures for this emerging
technology.Comment: 7 pages, 4 figure
Towards Automated Detection of Single-Trace Side-Channel Vulnerabilities in Constant-Time Cryptographic Code
Although cryptographic algorithms may be mathematically secure, it is often
possible to leak secret information from the implementation of the algorithms.
Timing and power side-channel vulnerabilities are some of the most widely
considered threats to cryptographic algorithm implementations. Timing
vulnerabilities may be easier to detect and exploit, and all high-quality
cryptographic code today should be written in constant-time style. However,
this does not prevent power side-channels from existing. With constant time
code, potential attackers can resort to power side-channel attacks to try
leaking secrets. Detecting potential power side-channel vulnerabilities is a
tedious task, as it requires analyzing code at the assembly level and needs
reasoning about which instructions could be leaking information based on their
operands and their values. To help make the process of detecting potential
power side-channel vulnerabilities easier for cryptographers, this work
presents Pascal: Power Analysis Side Channel Attack Locator, a tool that
introduces novel symbolic register analysis techniques for binary analysis of
constant-time cryptographic algorithms, and verifies locations of potential
power side-channel vulnerabilities with high precision. Pascal is evaluated on
a number of implementations of post-quantum cryptographic algorithms, and it is
able to find dozens of previously reported single-trace power side-channel
vulnerabilities in these algorithms, all in an automated manner
Designing Monitoring Systems for Continuous Certification of Cloud Services: Deriving Meta-requirements and Design Guidelines
Continuous service certification (CSC) involves the consistently gathering and assessing certification-relevant information about cloud service operations to validate whether they continue to adhere to certification criteria. Previous research has proposed test-based CSC methodologies that directly assess the components of cloud service infrastructures. However, test-based certification requires that certification authorities can access the cloud infrastructure, which various issues may limit. To address these challenges, cloud service providers need to conduct monitoring-based CSC; that is, monitor their cloud service infrastructure to gather certification-relevant data by themselves and then provide these data to certification authorities. Nevertheless, we need to better understand how to design monitoring systems to enable cloud service providers to perform such monitoring. By taking a design science perspective, we derive universal meta-requirements and design guidelines for CSC monitoring systems based on findings from five expert focus group interviews with 33 cloud experts and 10 one-to-one interviews with cloud customers. With this study, we expand the current knowledge base regarding CSC and monitoring-based CSC. Our derived design guidelines contribute to the development of CSC monitoring systems and enable monitoring-based CSC that overcomes issues of prior test-based approaches
User Archetypes for Effective Information Privacy Communication
In an information systems context, information privacy communication will only work if information systems meet the information needs of their users. Since the needs are neither static nor uniform, a promising approach avoiding inadequacies of ignoring differences in users’ information needs and more practical than dedicated attention to each individual user is to target information privacy communication to user archetypes. To identify such archetypes, we conduct a survey eliciting users’ information needs and apply hierarchical clustering to derive a hierarchical model of user archetypes with respect to their information privacy information needs. We identify a total of 13 archetypes on two hierarchy levels. In contrast to extant research on information privacy user archetypes focusing on information privacy attitudes, the identified information privacy user archetypes are based on information system characteristics desired by users as elicited through our survey. Thus, they yield clear input for enhancing information system design with respect to information privacy. Our research highlights differences and similarities between archetypes and enriches it with an interpretatively derived characterization of the different archetypes. The resulting archetype hierarchy serves as foundation for future research aiming to improve communication of information privacy practices