Vulnerability-Tolerant Architectures for Resource-Constrained Devices

L'abstract è presente nell'allegato / the abstract is in the attachmen

Hardware security, vulnerabilities, and attacks: a comprehensive taxonomy

Information Systems, increasingly present in a world that goes towards complete digitalization, can be seen as complex systems at the base of which is the hardware. When dealing with the security of these systems to stop possible intrusions and malicious uses, the analysis must necessarily include the possible vulnerabilities that can be found at the hardware level, since their exploitation can make all defenses implemented at web or software level ineffective. In this paper, we propose a meaningful and comprehensive taxonomy for the vulnerabilities affecting the hardware and the attacks that exploit them to compromise the system, also giving a definition of Hardware Security, in order to clarify a concept often confused with other domains, even in the literature

Hardware-based capture-the-flag challenges

In a world where cybersecurity is becoming increasingly important and where the lack of workforce is estimated in terms of millions of people, gamification is getting a more and more significant role in leading to excellent results in terms of both training and recruitment. Within cybersecurity gamification, the so-called Capture-The-Flag (CTF) challenges are definitely the corner stones, as proved by the high number of events, competitions, and training courses that rely on them. In these events, the participants are confronted directly with games and riddles related to practical problems of hacking, cyber-attack, and cyber-defense. Although hardware security and hardware-based security already play a key role in the cybersecurity arena, in the worldwide panorama of CTF events hardware-based challenges are unfortunately still very marginal. In the present paper, we focus on hardware-based challenges, providing first a formal definition and then proposing, for the first time, a comprehensive taxonomy. We eventually share experiences gathered in preparing and delivering several hardware-based challenges in significant events and training courses that involved hundreds of attendees

Programmers manual FlexGripPlus SASS SM 1.0

This document describes the op-code of the assembly language SASS of the G80 architecture used in the FlexGripPlus model. Every instruction is compatible with the CUDA Programming environment under the SM_1.

HArMoNICS: High-Assurance Microgrid Network Infrastructure Case Study

Modern Intelligent Infrastructures (II) are highly complex, interconnected systems that are now emerging. For instance, II can integrate technologies and processes to provide citizens with faster services and better goods. An average II can include many technologies, e.g., Cloud applications and IoT devices, under different environments, e.g., industry 4.0 production plants and smart buildings. Although II bring concrete benefits to all of these contexts, they also carry security concerns. Reasoning about threats and security exposures that might affect II is non trivial. This is only partially due to their inherent complexity. As a matter of fact, real II are typically in charge of some critical operations that cannot be interrupted or compromised for experimental purposes. An alternative solution is to rely on digital replicas which can provide a good trade off between realism and usability. These assets represent a strategic and highly demanded resource for the security community. In this paper we present HArMoNICS, a case study infrastructure meant to provide a playground for security experts interested in II security. HArMoNICS revolves around a digital replica of a real Smart Polygeneration Microgrid (SPM) located in Italy. Although most of the components are based on or inspired to the real system, HArMoNICS has been enriched with further security-relevant features. As a result, the case study includes vertical uses cases focusing on specific security topics. Security researchers can use it to assess the effectiveness of new methodologies, to carry out security training activities, or even to extend it with new elements

Em-RIPE: Runtime Intrusion Prevention Evaluator for ARM Microcontroller Systems

Although they have been known for some time, the security implications of buffer overflows (BOF) continue to rouse great attention among software experts in the academic and commercial sectors. Recently, there has been particular interest in discussing how to mitigate risks deriving from BOF on embedded and IoT devices, which have lower computational capabilities given their low-cost and low-power requirements. Although the literature is rich of solutions for these devices as well, authors often fail to quantitatively compare their techniques with related work from a security perspective, and mostly rely on qualitative analysis. Existing evaluator benchmarks (such as the famous RIPE, introduced in 2011) are designed to be used only on general-purpose systems, e.g., with a rich Linux OS and Intel architecture. This paper presents Em-RIPE, a prototype evaluation tool written for assessing protections applied to real-time embedded systems, such as microcontrollers equipped with ARM processors. This first version of the tool supports 105 different possible attack combinations, on which the resilience level of the platform under test can be measured. As experimental data, the obtained protection coverage for major compiler-based firmware protections is reported

Real-Time Control-Flow Integrity for Multicore Mixed-Criticality IoT Systems

The spread of the Internet of Things (IoT) and the use of smart control systems in many mission-critical or safety-critical applications domains, like automotive or aeronautical, make devices attractive targets for attackers. Nowadays, several of these are mixed-criticality systems, i.e., they run both high-criticality tasks (e.g., a car control system) and low-criticality ones (e.g., infotainment). High-criticality routines often employ Real-Time Operating Systems (RTOS) to enforce hard real-time requirements, while the tasks with lower constraints can be delegated to more generic-purpose operating systems (GPOS). Much of the control code for these devices is written in memory-unsafe languages such as C and C++. This makes them susceptible to powerful binary attacks, such as the famous Return-Oriented Programming (ROP). Control-Flow Integrity (CFI) is the most investigated security technique to protect against such threats. At now, CFI solutions for real-time embedded systems are not as mature as the ones for general-purpose systems, and even more, there is a lack of in-depth studies on how different operating systems with different security requirements and timing constraints can coexist on a single multicore platform. This paper aims at drawing attention to the subject, discussing the current scientific proposal, and in turn proposing a solution for an optimized asymmetric verification system for execution integrity. By using an embedded hypervisor, predefined cores could be dedicated to only high or low-criticality tasks, with the high-priority core being monitored by the lower-criticality core, relying on offline binary instrumentation and a light exchange of information and signals at runtime. The work also presents preliminary results about a possible implementation for multicore ARM platforms, running both RTOS and GPOS, both in terms of security and performance penalties

Remotizing and Virtualizing Chips and Circuits for Hardware-based Capture-the-Flag Challenges

In the very rapid digital revolution we are experiencing, the availability of cybersecurity experts becomes critical in every organization and at multiple levels. However, classical and theory-oriented training seems to lack effectiveness and power of attraction, while professional selection and training processes based on cybersecurity gamification are being successfully experimented, among which Capture-the-Flag (CTF) competitions certainly stand out. Nevertheless, careful analysis reveals that such initiatives have a major shortcoming in addressing security issues when training people to tackle hardware-related security issues. Several motivations can be identified, including the inadequate technical knowledge of the White Teams charged of the challenges preparations, and the evident logistic problems posed by the availability of real hardware devices when the numbers of trainees significantly scales up. This paper presents a platform able to provide as a service hardware-based CTF challenges and exercises, involving circuits and chips that can be physically connected to a server or simulated, to deal with topics such as hardware bugs, flaws and backdoors, vulnerabilities in test infrastructures, and side-channel attacks. The platform is presented from a technical perspective, and data for deducting related efficiency, stability and scalability are offered

S4 - Real-Time Control-Flow Integrity for Multicore Mixed-Criticality IoT Systems

The spread of the Internet of Things (IoT) and the use of smart control systems in many mission-critical or safetycritical applications domains, like automotive or aeronautical, make devices attractive targets for attackers. Nowadays, several of these are mixed-criticality systems, i.e., they run both highcriticality tasks (e.g., a car control system) and low-criticality ones (e.g., infotainment). High-criticality routines often employ Real-Time Operating Systems (RTOS) to enforce hard real-time requirements, while the tasks with lower constraints can be delegated to more generic-purpose operating systems (GPOS). Much of the control code for these devices is written in memory-unsafe languages such as C and C++. This makes them susceptible to powerful binary attacks, such as the famous Return-Oriented Programming (ROP). Control-Flow Integrity (CFI) is the most investigated security technique to protect against such threats. At now, CFI solutions for real-time embedded systems are not as mature as the ones for general-purpose systems, and even more, there is a lack of in-depth studies on how different operating systems with different security requirements and timing constraints can coexist on a single multicore platform. This paper aims at drawing attention to the subject, discussing the current scientific proposal, and in turn proposing a solution for an optimized asymmetric verification system for execution integrity. By using an embedded hypervisor, predefined cores could be dedicated to only high or low-criticality tasks, with the high-priority core being monitored by the lower-criticality core, relying on offline binary instrumentation and a light exchange of information and signals at runtime. The work also presents preliminary results about a possible implementation for multicore ARM platforms, running both RTOS and GPOS, both in terms of security and performance penalties

Prolepsis: binary analysis and instrumentation of iot software for control-flow integrity

Nowadays, the growing pervasiveness of digital components and their interconnection in the so-called Internet of Things, raises serious questions regarding security and integrity not only of the data exchanged, but also of the devices themselves and the software they run. Code-Reuse Attacks (CRA) are one of the most powerful binary attack paradigms, aiming to exploit memory vulnerabilities such as buffer overflows to force the application to execute an unintended sequence of instructions present in memory. To counter such a kind of attacks, ensuring the program’s control-flow integrity (CFI) appears to be the most promising solution presented so far. A plethora of CFI implementations have been offered in the literature and by vendors, based on control-flow monitors located at the software level or even into hardware extensions. However, many proposed solutions opt for coarse-grained checks, or insert enforcement before all flow transfers. For software running on IoT platforms, where resources are usually limited, protections can increase the footprint in an unsustainable way. This paper presents PROLEPSIS, an automated binary code analysis tool for IoT applications written for ARM platforms. With an optimised search, the tool is able to identify only those executable point (control-flow instructions) that are really at risk of control-flow hijacking. Each recognised insecure point is instrumented according to a custom technique of choice, either based on a software or a hardware monitor, depending on the specific application needs