Game Theory in Distributed Systems Security: Foundations, Challenges, and Future Directions

Many of our critical infrastructure systems and personal computing systems have a distributed computing systems structure. The incentives to attack them have been growing rapidly as has their attack surface due to increasing levels of connectedness. Therefore, we feel it is time to bring in rigorous reasoning to secure such systems. The distributed system security and the game theory technical communities can come together to effectively address this challenge. In this article, we lay out the foundations from each that we can build upon to achieve our goals. Next, we describe a set of research challenges for the community, organized into three categories -- analytical, systems, and integration challenges, each with "short term" time horizon (2-3 years) and "long term" (5-10 years) items. This article was conceived of through a community discussion at the 2022 NSF SaTC PI meeting.Comment: 11 pages in IEEE Computer Society magazine format, including references and author bios. There is 1 figur

Securing Computer Systems Through Cyber Attack Detection at the Hardware Level

Over the past decades, the major objectives of computer design have been to improve performance and to reduce cost, energy consumption, and size, while security has remained a secondary concern. Meanwhile, malicious attacks have rapidly grown as the number of Internet-connected devices, ranging from personal smart embedded systems to large cloud servers, have been increasing. Traditional antivirus software cannot keep up with the increasing incidence of these attacks, especially for exploits targeting hardware design vulnerabilities. In this research, we propose to add additional layer of malware detection mechanism at the hardware level to improve overall system security by monitoring anomalies in semantic (control flow) and sub-semantic (microarchitectural) behaviors. We developed a real-time application-specific malware detection system which is implemented in tightly coupled FPGA to monitor the Control Flow Integrity (CFI) of running programs on CPU. It runs in parallel with the CPU being monitored and provides real-time feedback to the system in case of control flow violation. The experiment result shows that the solution is scalable for large applications in embedded systems. The impact of malicious attacks targeting hardware vulnerabilities can be catastrophic and widespread and no software patch can completely fix the problem. We propose to detect such attacks by monitoring microarchitectural features deviations. This is done by collecting related data from existing hardware performance counters. We take Rowhammer (exploits DRAM disturbance error vulnerability) and Spectre (exploits speculative execution and side channel vulnerabilities) attacks to demonstrate the feasibility and effectiveness to detect such attacks using microarchitectural features. An online detection method is adopted to detect malicious behaviors during the attack at early stage rather than offline detection after the damage is done. The experimental results show promising detection accuracy. However, the attacker may attempt to evade detection by reshaping the microarchitectural profile of Spectre to mimic benign programs. Future malware detector needs could be evasion resilient by randomly switching between multiple detectors using different features and sampling periods