56 research outputs found
On the Use of Underspecified Data-Type Semantics for Type Safety in Low-Level Code
In recent projects on operating-system verification, C and C++ data types are
often formalized using a semantics that does not fully specify the precise byte
encoding of objects. It is well-known that such an underspecified data-type
semantics can be used to detect certain kinds of type errors. In general,
however, underspecified data-type semantics are unsound: they assign
well-defined meaning to programs that have undefined behavior according to the
C and C++ language standards.
A precise characterization of the type-correctness properties that can be
enforced with underspecified data-type semantics is still missing. In this
paper, we identify strengths and weaknesses of underspecified data-type
semantics for ensuring type safety of low-level systems code. We prove
sufficient conditions to detect certain classes of type errors and, finally,
identify a trade-off between the complexity of underspecified data-type
semantics and their type-checking capabilities.Comment: In Proceedings SSV 2012, arXiv:1211.587
The Path to Fault- and Intrusion-Resilient Manycore Systems on a Chip
The hardware computing landscape is changing. What used to be distributed
systems can now be found on a chip with highly configurable, diverse,
specialized and general purpose units. Such Systems-on-a-Chip (SoC) are used to
control today's cyber-physical systems, being the building blocks of critical
infrastructures. They are deployed in harsh environments and are connected to
the cyberspace, which makes them exposed to both accidental faults and targeted
cyberattacks. This is in addition to the changing fault landscape that
continued technology scaling, emerging devices and novel application scenarios
will bring. In this paper, we discuss how the very features, distributed,
parallelized, reconfigurable, heterogeneous, that cause many of the imminent
and emerging security and resilience challenges, also open avenues for their
cure though SoC replication, diversity, rejuvenation, adaptation, and
hybridization. We show how to leverage these techniques at different levels
across the entire SoC hardware/software stack, calling for more research on the
topic
I-GWAS: Privacy-Preserving Interdependent Genome-Wide Association Studies
Genome-wide Association Studies (GWASes) identify genomic variations that are
statistically associated with a trait, such as a disease, in a group of
individuals. Unfortunately, careless sharing of GWAS statistics might give rise
to privacy attacks. Several works attempted to reconcile secure processing with
privacy-preserving releases of GWASes. However, we highlight that these
approaches remain vulnerable if GWASes utilize overlapping sets of individuals
and genomic variations. In such conditions, we show that even when relying on
state-of-the-art techniques for protecting releases, an adversary could
reconstruct the genomic variations of up to 28.6% of participants, and that the
released statistics of up to 92.3% of the genomic variations would enable
membership inference attacks. We introduce I-GWAS, a novel framework that
securely computes and releases the results of multiple possibly interdependent
GWASes. I-GWAS continuously releases privacy-preserving and noise-free GWAS
results as new genomes become available
Secure and Distributed Assessment of Privacy-Preserving Releases of GWAS
Genome-wide association studies (GWAS) identify correlations between the
genetic variants and an observable characteristic such as a disease. Previous
works presented privacy-preserving distributed algorithms for a federation of
genome data holders that spans multiple institutional and legislative domains
to securely compute GWAS results. However, these algorithms have limited
applicability, since they still require a centralized instance to decide
whether GWAS results can be safely disclosed, which is in violation to privacy
regulations, such as GDPR. In this work, we introduce GenDPR, a distributed
middleware that leverages Trusted Execution Environments (TEEs) to securely
determine a subset of the potential GWAS statistics that can be safely
released. GenDPR achieves the same accuracy as centralized solutions, but
requires transferring significantly less data because TEEs only exchange
intermediary results but no genomes. Additionally, GenDPR can be configured to
tolerate all-but-one honest-but-curious federation members colluding with the
aim to expose genomes of correct members
Behind the Last Line of Defense -- Surviving SoC Faults and Intrusions
Today, leveraging the enormous modular power, diversity and flexibility of
manycore systems-on-a-chip (SoCs) requires careful orchestration of complex
resources, a task left to low-level software, e.g. hypervisors. In current
architectures, this software forms a single point of failure and worthwhile
target for attacks: once compromised, adversaries gain access to all
information and full control over the platform and the environment it controls.
This paper proposes Midir, an enhanced manycore architecture, effecting a
paradigm shift from SoCs to distributed SoCs. Midir changes the way platform
resources are controlled, by retrofitting tile-based fault containment through
well known mechanisms, while securing low-overhead quorum-based consensus on
all critical operations, in particular privilege management and, thus,
management of containment domains. Allowing versatile redundancy management,
Midir promotes resilience for all software levels, including at low level. We
explain this architecture, its associated algorithms and hardware mechanisms
and show, for the example of a Byzantine fault tolerant microhypervisor, that
it outperforms the highly efficient MinBFT by one order of magnitude
Automatic Repair and Deadlock Detection for Parameterized Systems
We present an algorithm for the repair of parameterized systems.
The repair problem is, for a given process implementation, to find a
refinement such that a given safety property is satisfied by the resulting
parameterized system, and deadlocks are avoided.
Our algorithm uses a parameterized model checker to determine the correctness of candidate solutions
and employs a constraint system to rule out candidates.
We apply this algorithm on systems that can be
represented as well-structured transition systems (WSTS), including
disjunctive systems, pairwise rendezvous systems, and broadcast protocols.
Moreover, we show that parameterized deadlock detection can be
decided in EXPTIME for disjunctive systems,
and that deadlock detection is in general undecidable for broadcast protocols
Property Law in Roman Egypt in the Light of the Papyri: Safeguarding Women's Economic Interests
This study looks at the role of women in the economic environment of Roman Egypt in the light of the papyri. By examining marriage and inheritance documents from the first three centuries, the study shows that marital and inheritance laws and customs in Roman Egypt were made to protect womenâs interests when it came to ownership and possession of property, which is one of the main reasons why women played such a prominent role in Egyptâs economic environment
Flat but Trustworthy: Security Aspects in Flattened Hierarchical Scheduling *
Abstract Virtualization is a well-proven technology for consolidating desktop and server applications onto the same hardware platform while maintaining their native environments. However, although embedded real-time systems start to adopt this technology, constrained resources and strict timeliness demands complicate this consolidation task, in particular if some applications are more critical than others and if the timeliness of the latter may be sacrificed for the sake of completing the former. In a previous publication, we have introduced flattening as a means to integrate mixed-criticality tasks into a single real-time system while maintaining most of their native environment as it is provided by virtual machines (VMs) and their monitors. In this paper, we focus on the security and trustworthiness aspects of flattening and on the interfaces for isolating mixed-criticality VMs on top of our microkernel for embedded real-time systems
The Path to Fault- and Intrusion-Resilient Manycore Systems on a Chip
peer reviewedThe hardware computing landscape is changing. What used to be distributed systems can now be found on a chip with highly configurable, diverse, specialized and general purpose units. Such Systems-on-a-Chip (SoC) are used to control today's cyber-physical systems, being the building blocks of critical infrastructures. They are deployed in harsh environments and are connected to the cyberspace, which makes them exposed to both accidental faults and targeted cyberattacks. This is in addition to the changing fault landscape that continued technology scaling, emerging devices and novel application scenarios will bring. In this paper, we discuss how the very features - distributed, parallelized, reconfigurable, heterogeneous - that cause many of the imminent and emerging security and resilience challenges, also open avenues for their cure though SoC replication, diversity, rejuvenation, adaptation, and hybridization. We show how to leverage these techniques at different levels across the entire SoC hardware/software stack, calling for more research on the topic
PriLok: Citizen-protecting distributed epidemic tracing
Contact tracing is an important instrument for national health services to
fight epidemics. As part of the COVID-19 situation, many proposals have been
made for scaling up contract tracing capacities with the help of smartphone
applications, an important but highly critical endeavor due to the privacy
risks involved in such solutions. Extending our previously expressed concern,
we clearly articulate in this article, the functional and non-functional
requirements that any solution has to meet, when striving to serve, not mere
collections of individuals, but the whole of a nation, as required in face of
such potentially dangerous epidemics. We present a critical information
infrastructure, PriLock, a fully-open preliminary architecture proposal and
design draft for privacy preserving contact tracing, which we believe can be
constructed in a way to fulfill the former requirements. Our architecture
leverages the existing regulated mobile communication infrastructure and builds
upon the concept of "checks and balances", requiring a majority of independent
players to agree to effect any operation on it, thus preventing abuse of the
highly sensitive information that must be collected and processed for efficient
contact tracing. This is enforced with a largely decentralised layout and
highly resilient state-of-the-art technology, which we explain in the paper,
finishing by giving a security, dependability and resilience analysis, showing
how it meets the defined requirements, even while the infrastructure is under
attack
- âŠ