Cyber-security for embedded systems: methodologies, techniques and tools

L'abstract è presente nell'allegato / the abstract is in the attachmen

Scalable FPGA Graph model to detect routing faults

The SRAM cells that form the configuration memory of an SRAM-based FPGA make such FPGAs particularly vulnerable to soft errors. A soft error occurs when ionizing radiation corrupts the data stored in a circuit. The error persists until new data is written. Soft errors have long been recognized as a potential problem as radiation can come from a variety of sources. This paper presents an FPGA fault model focusing on routing aspects. A graph model of SRAM nodes behavior in case of fault, starting from netlist description of well known FPGA models, is presented. It is also performed a classification of possible logical effects of a soft error in the configuration bit controlling, providing statistics on the possible numbers of faults. Finally it is reported the definition of fault metrics computed on a set of complex benchmarks proving the effectiveness of our approach

Embedded Systems Secure Path Verification at the HW/SW Interface

Embedded systems, like medical or automotive, require basic security functions, often referred to as "secure communications". Interest has been growing around defining and formally verifying security related properties, as potentially able to catch hard-to-detect problems. We follow novel research works focused on formalizing security requirements for information flow. We compare State Properties to Path Properties, as two approaches able to capture different aspects on how to leak/corrupt secure data via unexpected taints and paths. We also discuss tools used to verify Path and State properties, on two existing Secure Embedded Architectures, and we discuss the advantages and drawbacks of each approach

Secure Path Verification

Many embedded systems, like medical, sensing, automotive, military, require basic security functions, often referred to as "secure communications". Nowadays, interest has been growing around defining new security related properties, expressing relationships with information flow and access control. In particular, novel research works are focused on formalizing generic security requirements as propagation properties. These kinds of properties, we name them Path properties, are used to see whether it is possible to leak secure data via unexpected paths. In this paper we compare Path properties, described above, with formal security properties expressed in CTL Logic, named Taint properties. We also compare two verification techniques used to verify Path and Taint properties considering an abstraction of a Secure Embedded Architecture discussing the advantages and drawbacks of each approach

Secure Embedded Architectures: Taint Properties Verification

Nowadays embedded devices collect various kinds of information and provide it to communication networks for further processing. These devices often provide critical functionalities that could be exploited by malicious parties. Using formal techniques is a natural way to increase the confidence in the overall embedded system security. However, the major research focus is on verifying only the correctness of encryption algorithms and their implementation in software and hardware and not the whole security process. Following novel research studies, many security requirements of an embedded architecture can be specified as Taint Properties, expressing properties related to information flow and access control. In this paper we define Taint Properties as a way to find out whether there is a path from src to dest, where src is an RTL signal seeded with the Taint and dest is a signal not to be reached by the Taint in order to satisfy the security requirements. In our scenario a Taint is an untrusted code following an illegal path from src to dest. We present a systematic approach to formalize generic security requirements, referring to a model abstraction, and their related Taint Properties of an embedded architecture. First, we present our model abstraction of two selected embedded secure architectures, then we define a portfolio of Taint Properties to verify key secrecy, isolation, attestation, confidentiality and availability features. We finally perform verification of previously defined formal security properties, hence presenting results on two selected embedded architectures proving the effectiveness of our approach

Measurement of the Ωc0\Omega_c^0 lifetime at Belle II

We report on a measurement of the $\Omega_c^0$ lifetime using $\Omega_c^0 \to \Omega^-\pi^+$ decays reconstructed in $e^+e^-\to c\bar{c}$ data collected by the Belle II experiment and corresponding to $207~{\rm fb^{-1}}$ of integrated luminosity. The result, $\rm\tau(\Omega_c^0)=243\pm48( stat)\pm11(syst)~fs$, agrees with recent measurements indicating that the $\Omega_c^0$ is not the shortest-lived weakly decaying charmed baryon

Measurement of the Ωc0\Omega_c^0 lifetime at Belle II

We report on a measurement of the $\Omega_c^0$ lifetime using $\Omega_c^0 \to \Omega^-\pi^+$ decays reconstructed in $e^+e^-\to c\bar{c}$ data collected by the Belle II experiment and corresponding to $207~{\rm fb^{-1}}$ of integrated luminosity. The result, $\rm\tau(\Omega_c^0)=243\pm48( stat)\pm11(syst)~fs$, agrees with recent measurements indicating that the $\Omega_c^0$ is not the shortest-lived weakly decaying charmed baryon

Measurement of the Ωc0\Omega_c^0 lifetime at Belle II

We report on a measurement of the $\Omega_c^0$ lifetime using $\Omega_c^0 \to \Omega^-\pi^+$ decays reconstructed in $e^+e^-\to c\bar{c}$ data collected by the Belle II experiment and corresponding to $207~{\rm fb^{-1}}$ of integrated luminosity. The result, $\rm\tau(\Omega_c^0)=243\pm48( stat)\pm11(syst)~fs$, agrees with recent measurements indicating that the $\Omega_c^0$ is not the shortest-lived weakly decaying charmed baryon

Test of light-lepton universality in τ\tau decays with the Belle II experiment

International audienceWe present a measurement of the ratio $R_\mu = \mathcal{B}(\tau^-\to \mu^-\bar\nu_\mu\nu_\tau) / \mathcal{B}(\tau^-\to e^-\bar\nu_e\nu_\tau)$ of branching fractions $\mathcal{B}$ of the $\tau$ lepton decaying to muons or electrons using data collected with the Belle II detector at the SuperKEKB $e^+e^-$ collider. The sample has an integrated luminosity of 362 fb$^{-1}$ at a centre-of-mass energy of 10.58 GeV. Using an optimised event selection, a binned maximum likelihood fit is performed using the momentum spectra of the electron and muon candidates. The result, $R_\mu = 0.9675 \pm 0.0007 \pm 0.0036$, where the first uncertainty is statistical and the second is systematic, is the most precise to date. It provides a stringent test of the light-lepton universality, translating to a ratio of the couplings of the muon and electron to the $W$ boson in $\tau$ decays of $0.9974 \pm 0.0019$, in agreement with the standard model expectation of unity