147 research outputs found
ANCHOR: logically-centralized security for Software-Defined Networks
While the centralization of SDN brought advantages such as a faster pace of
innovation, it also disrupted some of the natural defenses of traditional
architectures against different threats. The literature on SDN has mostly been
concerned with the functional side, despite some specific works concerning
non-functional properties like 'security' or 'dependability'. Though addressing
the latter in an ad-hoc, piecemeal way, may work, it will most likely lead to
efficiency and effectiveness problems. We claim that the enforcement of
non-functional properties as a pillar of SDN robustness calls for a systemic
approach. As a general concept, we propose ANCHOR, a subsystem architecture
that promotes the logical centralization of non-functional properties. To show
the effectiveness of the concept, we focus on 'security' in this paper: we
identify the current security gaps in SDNs and we populate the architecture
middleware with the appropriate security mechanisms, in a global and consistent
manner. Essential security mechanisms provided by anchor include reliable
entropy and resilient pseudo-random generators, and protocols for secure
registration and association of SDN devices. We claim and justify in the paper
that centralizing such mechanisms is key for their effectiveness, by allowing
us to: define and enforce global policies for those properties; reduce the
complexity of controllers and forwarding devices; ensure higher levels of
robustness for critical services; foster interoperability of the non-functional
property enforcement mechanisms; and promote the security and resilience of the
architecture itself. We discuss design and implementation aspects, and we prove
and evaluate our algorithms and mechanisms, including the formalisation of the
main protocols and the verification of their core security properties using the
Tamarin prover.Comment: 42 pages, 4 figures, 3 tables, 5 algorithms, 139 reference
Benchmarking some Portuguese S&T system research units: 2nd Edition
The increasing use of productivity and impact metrics for evaluation and
comparison, not only of individual researchers but also of institutions,
universities and even countries, has prompted the development of bibliometrics.
Currently, metrics are becoming widely accepted as an easy and balanced way to
assist the peer review and evaluation of scientists and/or research units,
provided they have adequate precision and recall.
This paper presents a benchmarking study of a selected list of representative
Portuguese research units, based on a fairly complete set of parameters:
bibliometric parameters, number of competitive projects and number of PhDs
produced. The study aimed at collecting productivity and impact data from the
selected research units in comparable conditions i.e., using objective metrics
based on public information, retrievable on-line and/or from official sources
and thus verifiable and repeatable. The study has thus focused on the activity
of the 2003-06 period, where such data was available from the latest official
evaluation.
The main advantage of our study was the application of automatic tools,
achieving relevant results at a reduced cost. Moreover, the results over the
selected units suggest that this kind of analyses will be very useful to
benchmark scientific productivity and impact, and assist peer review.Comment: 26 pages, 20 figures F. Couto, D. Faria, B. Tavares, P.
Gon\c{c}alves, and P. Verissimo, Benchmarking some portuguese S\&T system
research units: 2nd edition, DI/FCUL TR 13-03, Department of Informatics,
University of Lisbon, February 201
The Path to Fault- and Intrusion-Resilient Manycore Systems on a Chip
The hardware computing landscape is changing. What used to be distributed
systems can now be found on a chip with highly configurable, diverse,
specialized and general purpose units. Such Systems-on-a-Chip (SoC) are used to
control today's cyber-physical systems, being the building blocks of critical
infrastructures. They are deployed in harsh environments and are connected to
the cyberspace, which makes them exposed to both accidental faults and targeted
cyberattacks. This is in addition to the changing fault landscape that
continued technology scaling, emerging devices and novel application scenarios
will bring. In this paper, we discuss how the very features, distributed,
parallelized, reconfigurable, heterogeneous, that cause many of the imminent
and emerging security and resilience challenges, also open avenues for their
cure though SoC replication, diversity, rejuvenation, adaptation, and
hybridization. We show how to leverage these techniques at different levels
across the entire SoC hardware/software stack, calling for more research on the
topic
Behind the Last Line of Defense -- Surviving SoC Faults and Intrusions
Today, leveraging the enormous modular power, diversity and flexibility of manycore systems-on-a-chip (SoCs) requires careful orchestration of complex resources, a task left to low-level software, e.g. hypervisors. In current architectures, this software forms a single point of failure and worthwhile target for attacks: once compromised, adversaries gain access to all information and full control over the platform and the environment it controls. This paper proposes Midir, an enhanced manycore architecture, effecting a paradigm shift from SoCs to distributed SoCs. Midir changes the way platform resources are controlled, by retrofitting tile-based fault containment through well known mechanisms, while securing low-overhead quorum-based consensus on all critical operations, in particular privilege management and, thus, management of containment domains. Allowing versatile redundancy management, Midir promotes resilience for all software levels, including at low level. We explain this architecture, its associated algorithms and hardware mechanisms and show, for the example of a Byzantine fault tolerant microhypervisor, that it outperforms the highly efficient MinBFT by one order of magnitude
Behind the Last Line of Defense -- Surviving SoC Faults and Intrusions
Today, leveraging the enormous modular power, diversity and flexibility of
manycore systems-on-a-chip (SoCs) requires careful orchestration of complex
resources, a task left to low-level software, e.g. hypervisors. In current
architectures, this software forms a single point of failure and worthwhile
target for attacks: once compromised, adversaries gain access to all
information and full control over the platform and the environment it controls.
This paper proposes Midir, an enhanced manycore architecture, effecting a
paradigm shift from SoCs to distributed SoCs. Midir changes the way platform
resources are controlled, by retrofitting tile-based fault containment through
well known mechanisms, while securing low-overhead quorum-based consensus on
all critical operations, in particular privilege management and, thus,
management of containment domains. Allowing versatile redundancy management,
Midir promotes resilience for all software levels, including at low level. We
explain this architecture, its associated algorithms and hardware mechanisms
and show, for the example of a Byzantine fault tolerant microhypervisor, that
it outperforms the highly efficient MinBFT by one order of magnitude
Intrusion Resilience Systems for Modern Vehicles
Current vehicular Intrusion Detection and Prevention Systems either incur
high false-positive rates or do not capture zero-day vulnerabilities, leading
to safety-critical risks. In addition, prevention is limited to few primitive
options like dropping network packets or extreme options, e.g., ECU Bus-off
state. To fill this gap, we introduce the concept of vehicular Intrusion
Resilience Systems (IRS) that ensures the resilience of critical applications
despite assumed faults or zero-day attacks, as long as threat assumptions are
met. IRS enables running a vehicular application in a replicated way, i.e., as
a Replicated State Machine, over several ECUs, and then requiring the
replicated processes to reach a form of Byzantine agreement before changing
their local state. Our study rides the mutation of modern vehicular
environments, which are closing the gap between simple and resource-constrained
"real-time and embedded systems", and complex and powerful "information
technology" ones. It shows that current vehicle (e.g., Zonal) architectures and
networks are becoming plausible for such modular fault and intrusion tolerance
solutions,deemed too heavy in the past. Our evaluation on a simulated
Automotive Ethernet network running two state-of-the-art agreement protocols
(Damysus and Hotstuff) shows that the achieved latency and throughout are
feasible for many Automotive applications
- …