6.5 System Level Security

Time	Label	Presentation Title Authors
11:00	6.5.1	2SMART: A TWO-STAGE MACHINE LEARNING-BASED APPROACH FOR RUN-TIME SPECIALIZED HARDWARE-ASSISTED MALWARE DETECTION Speaker: Houman Homayoun, George Mason University, US Authors: Hossein Sayadi¹, Hosein Mohammadi Makrani², Sai Manoj Pudukotai Dinakarrao¹, Tinoosh Mohsenin³, Avesta Sasan¹, Setareh Rafatirad¹ and Houman Homayoun¹ ¹George Mason University, US; ²George Mason university, US; ³University of Maryland Baltimore County, US Abstract Hardware-assisted Malware Detection (HMD) has emerged as a promising solution to improve the security of computer systems using Hardware Performance Counters (HPCs) information collected at run-time. While several recent studies proposed machine learning-based solutions to identify malware using HPCs, they rely on a large number of microarchitectural events to achieve high accuracy and detection rate. More importantly, they have largely overlooked complexity-effective prediction of malware classes at run-time. As we show in this work, the detection performance of malware classifiers is highly dependent on the number of available HPCs and varies significantly across classes of malware. The limited number of available HPCs in modern microprocessors that can be simultaneously captured makes run-time malware detection with high detection performance using existing solutions a challenging problem, as they require multiple runs of applications to collect a sufficient number of microarchitectural events. In response, in this paper, we first identify the most important HPCs for HMD using an effective feature reduction method. We then develop a specialized two-stage run-time HMD referred as 2SMaRT. 2SMaRT first classifies applications using a multiclass classification technique into either benign or one of the malware classes (Virus, Rootkit, Backdoor, and Trojan). In the second stage, to have a high detection performance, 2SMaRT deploys a machine learning model that works best for each class of malware. To realize an effective run-time solution that relies on only available HPCs, 2SMaRT is further customized using an ensemble learning technique to boost the performance of general malware detectors. The experimental results show that 2SMaRT using ensemble technique with just 4HPCs outperforms state-of-the-art classifiers with 8HPCs by up to 31.25% in terms of detection performance, on average across different classes of malware. Download Paper (PDF; Only available from the DATE venue WiFi)
11:30	6.5.2	SECURE INTERMITTENT COMPUTING PROTOCOL: PROTECTING STATE ACROSS POWER LOSS Speaker: Patrick Schaumont, Virginia Tech, US Authors: Archanaa S. Krishnan, Charles Suslowicz, Daniel Dinu and Patrick Schaumont, Virginia Tech, US Abstract Intermittent computing systems execute long-running tasks under a transient power supply such as an energy harvesting power source. During a power loss, they save intermediate program state as a checkpoint into write-efficient non-volatile memory. When the power is restored, the system state is reconstructed from the checkpoint, and the long-running computation continues. We analyze the security risks when power interruption is used as an attack vector, and we demonstrate the need to protect the integrity, authenticity, confidentiality, continuity, and freshness of checkpointed data. We propose a secure checkpointing technique called the Secure Intermittent Computing Protocol (SICP). The proposed protocol has the following properties. First, it associates every checkpoint with a unique power-on state to checkpoint replay. Second, every checkpoint is cryptographically chained to its predecessor, providing continuity, which enables the programmer to carry run-time security properties such as attested program images across power loss events. Third, SICP is atomic and resistant to power loss. We demonstrate a prototype implementation of SICP on an MSP430 microcontroller, and we investigate the overhead of SICP for several cryptographic kernels. To the best of our knowledge, this is the first work to provide a robust solution to secure intermittent computing. Download Paper (PDF; Only available from the DATE venue WiFi)
12:00	6.5.3	RISKIM: TOWARD COMPLETE KERNEL PROTECTION WITH HARDWARE SUPPORT Speaker: Dongil Hwang, Seoul National University, KR Authors: Dongil Hwang, Myonghoon Yang, Seongil Jeon, Younghan Lee, Donghyun Kwon and Yunheung Paek, Dept. of Electrical and Computer Engineering and Inter-University Semiconductor Research Center (ISRC), Seoul National University, KR Abstract The OS kernel is typically the assumed trusted computing base in a system. Consequently, when they try to protect the kernel, developers often build their solutions in a separate secure execution environment externally located and protected by special hardware. Due to limited visibility into the host system, the external solutions basically all entail the semantic gap problem which can be easily exploited by an adversary to circumvent them. Thus, for complete kernel protection against such adversarial exploits, previous solutions resorted to aggressive techniques that usually come with various adverse side effects, such as high performance overhead, kernel code modifications and/or excessively complicated hardware designs. In this paper, we introduce RiskiM, our new hardware-based monitoring platform to ensure kernel integrity from outside the host system. To overcome the semantic gap problem, we have devised a hardware interface architecture, called PEMI, by which RiskiM is supplied with all internal states of the host system essential for fulfilling its monitoring task to protect the kernel even in the presence of attacks exploiting the semantic gap between the host and RiskiM. To empirically validate the security strength and performance of our monitoring platform in existing systems, we have fully implemented RiskiM in a RISC-V system. Our experiments show that RiskiM succeeds in the host kernel protection by detecting even the advanced attacks which could circumvent previous solutions, yet suffering from virtually no aforementioned side effects. Download Paper (PDF; Only available from the DATE venue WiFi)
12:15	6.5.4	SACHA: SELF-ATTESTATION OF CONFIGURABLE HARDWARE Speaker: Jo Vliegen, imec-COSIC/ESAT, KU Leuven, BE Authors: Jo Vliegen¹, Md Masoom Rabbani², Mauro Conti² and Nele Mentens¹ ¹KU Leuven, BE; ²University of Padua, IT Abstract Device attestation is a procedure to verify whether an embedded device is running the intended application code. This way, protection against both physical attacks and remote attacks on the embedded software is aimed for. With the wide adoption of Field-Programmable Gate Arrays or FPGAs, hardware also became configurable, and hence susceptible to attacks (just like software). In addition, an upcoming trend for hardware-based attestation is the use of configurable FPGA hardware. Therefore, in order to attest a whole system that makes use of FPGAs, the status of both the software and the hardware needs to be verified, without the availability of a tamper-resistant hardware module. In this paper, we propose a solution in which a prover core on the FPGA performs an attestation of the entire FPGA, including a self-attestation. This way, the FPGA can be used as a tamper-resistant hardware module to perform hardware-based attestation of a processor, resulting in a protection of the entire hardware/software system against malicious code updates. Download Paper (PDF; Only available from the DATE venue WiFi)
12:30	IP3-5, 75	FUNCTIONAL ANALYSIS ATTACKS ON LOGIC LOCKING Speaker: Pramod Subramanyan, Indian Institute of Technology Kanpur, IN Authors: Deepak Sirone and Pramod Subramanyan, Indian Institute of Technology Kanpur, IN Abstract This paper proposes Functional Analysis attacks on state of the art Logic Locking algorithms (FALL attacks). FALL attacks use structural and functional analyses of locked circuits to identify the locking key. In contrast to past work, FALL attacks can often (90% of successful attempts in our experiments) fully defeat locking by only analyzing the locked netlist, without oracle access to an activated circuit. Experiments show that FALL attacks succeed against 65 out of 80 (81%) of circuits locked using Secure Function Logic Locking (SFLL), the only combinational logic locking algorithm resilient to known attacks. Download Paper (PDF; Only available from the DATE venue WiFi)
12:31	IP3-6, 178	SIGATTACK: NEW HIGH-LEVEL SAT-BASED ATTACK ON LOGIC ENCRYPTIONS Speaker: Hai Zhou, Northwestern University, US Authors: Yuanqi Shen¹, You Li¹, Shuyu Kong², Amin Rezaei¹ and Hai Zhou¹ ¹Northwestern University, US; ²northwestern university, CN Abstract Logic encryption is a powerful hardware protection technique that uses extra key inputs to lock a circuit from piracy or unauthorized use. The recent discovery of the SAT-based attack with Distinguishing Input Pattern (DIP) generation has rendered all traditional logic encryptions vulnerable, and thus the creation of new encryption methods. However, a critical question for any new encryption method is whether security against the DIP-generation attack means security against all other attacks. In this paper, a new high-level SAT-based attack called SigAttack has been discovered and thoroughly investigated. It is based on extracting a key-revealing signature in the encryption. A majority of all known SAT-resilient encryptions are shown to be vulnerable to SigAttack. By formulating the condition under which SigAttack is effective, the paper also provides guidance for the future logic encryption design. Download Paper (PDF; Only available from the DATE venue WiFi)
12:30		End of session Lunch Break in Lunch Area Coffee Breaks in the Exhibition Area On all conference days (Tuesday to Thursday), coffee and tea will be served during the coffee breaks at the below-mentioned times in the exhibition area. Lunch Breaks (Lunch Area) On all conference days (Tuesday to Thursday), a seated lunch (lunch buffet) will be offered in the Lunch Area to fully registered conference delegates only. There will be badge control at the entrance to the lunch break area. Tuesday, March 26, 2019 Coffee Break 10:30 - 11:30 Lunch Break 13:00 - 14:30 Keynote Lecture "Leonardo da Vinci, Humanism and Engineering between Florence and Milan" by Claudio Giorgione in room 1 13:50 - 14:20 Coffee Break 16:00 - 17:00 Wednesday, March 27, 2019 Coffee Break 10:00 - 11:00 Lunch Break 12:30 - 14:30 Keynote Lecture "Heterogeneous, High Scale Computing in the Era of Intelligent, Cloud-Connected" by David Pellerin, Amazon, US in room 1 13:50 - 14:20 Coffee Break 16:00 - 17:00 Thursday, March 28, 2019 Coffee Break 10:00 - 11:00 University Booth Best Demo Award Presentation at the University Booth 10:30 Lunch Break 12:30 - 14:00 Keynote Lecture "A Fundamental Look at Models and Intelligence" by Edward A. Lee, University of California, Berkeley, US in room 1 13:20 - 13:50 Coffee Break 15:30 - 16:00

Time

Label

Presentation Title
Authors

11:00

6.5.1

2SMART: A TWO-STAGE MACHINE LEARNING-BASED APPROACH FOR RUN-TIME SPECIALIZED HARDWARE-ASSISTED MALWARE DETECTION
Speaker:
Houman Homayoun, George Mason University, US
Authors:
Hossein Sayadi¹, Hosein Mohammadi Makrani², Sai Manoj Pudukotai Dinakarrao¹, Tinoosh Mohsenin³, Avesta Sasan¹, Setareh Rafatirad¹ and Houman Homayoun¹
¹George Mason University, US; ²George Mason university, US; ³University of Maryland Baltimore County, US
Abstract
Hardware-assisted Malware Detection (HMD) has emerged as a promising solution to improve the security of computer systems using Hardware Performance Counters (HPCs) information collected at run-time. While several recent studies proposed machine learning-based solutions to identify malware using HPCs, they rely on a large number of microarchitectural events to achieve high accuracy and detection rate. More importantly, they have largely overlooked complexity-effective prediction of malware classes at run-time. As we show in this work, the detection performance of malware classifiers is highly dependent on the number of available HPCs and varies significantly across classes of malware. The limited number of available HPCs in modern microprocessors that can be simultaneously captured makes run-time malware detection with high detection performance using existing solutions a challenging problem, as they require multiple runs of applications to collect a sufficient number of microarchitectural events. In response, in this paper, we first identify the most important HPCs for HMD using an effective feature reduction method. We then develop a specialized two-stage run-time HMD referred as 2SMaRT. 2SMaRT first classifies applications using a multiclass classification technique into either benign or one of the malware classes (Virus, Rootkit, Backdoor, and Trojan). In the second stage, to have a high detection performance, 2SMaRT deploys a machine learning model that works best for each class of malware. To realize an effective run-time solution that relies on only available HPCs, 2SMaRT is further customized using an ensemble learning technique to boost the performance of general malware detectors. The experimental results show that 2SMaRT using ensemble technique with just 4HPCs outperforms state-of-the-art classifiers with 8HPCs by up to 31.25% in terms of detection performance, on average across different classes of malware.
Download Paper (PDF; Only available from the DATE venue WiFi)

11:30

6.5.2

SECURE INTERMITTENT COMPUTING PROTOCOL: PROTECTING STATE ACROSS POWER LOSS
Speaker:
Patrick Schaumont, Virginia Tech, US
Authors:
Archanaa S. Krishnan, Charles Suslowicz, Daniel Dinu and Patrick Schaumont, Virginia Tech, US
Abstract
Intermittent computing systems execute long-running tasks under a transient power supply such as an energy harvesting power source. During a power loss, they save intermediate program state as a checkpoint into write-efficient non-volatile memory. When the power is restored, the system state is reconstructed from the checkpoint, and the long-running computation continues. We analyze the security risks when power interruption is used as an attack vector, and we demonstrate the need to protect the integrity, authenticity, confidentiality, continuity, and freshness of checkpointed data. We propose a secure checkpointing technique called the Secure Intermittent Computing Protocol (SICP). The proposed protocol has the following properties. First, it associates every checkpoint with a unique power-on state to checkpoint replay. Second, every checkpoint is cryptographically chained to its predecessor, providing continuity, which enables the programmer to carry run-time security properties such as attested program images across power loss events. Third, SICP is atomic and resistant to power loss. We demonstrate a prototype implementation of SICP on an MSP430 microcontroller, and we investigate the overhead of SICP for several cryptographic kernels. To the best of our knowledge, this is the first work to provide a robust solution to secure intermittent computing.
Download Paper (PDF; Only available from the DATE venue WiFi)

12:00

6.5.3

RISKIM: TOWARD COMPLETE KERNEL PROTECTION WITH HARDWARE SUPPORT
Speaker:
Dongil Hwang, Seoul National University, KR
Authors:
Dongil Hwang, Myonghoon Yang, Seongil Jeon, Younghan Lee, Donghyun Kwon and Yunheung Paek, Dept. of Electrical and Computer Engineering and Inter-University Semiconductor Research Center (ISRC), Seoul National University, KR
Abstract
The OS kernel is typically the assumed trusted computing base in a system. Consequently, when they try to protect the kernel, developers often build their solutions in a separate secure execution environment externally located and protected by special hardware. Due to limited visibility into the host system, the external solutions basically all entail the semantic gap problem which can be easily exploited by an adversary to circumvent them. Thus, for complete kernel protection against such adversarial exploits, previous solutions resorted to aggressive techniques that usually come with various adverse side effects, such as high performance overhead, kernel code modifications and/or excessively complicated hardware designs. In this paper, we introduce RiskiM, our new hardware-based monitoring platform to ensure kernel integrity from outside the host system. To overcome the semantic gap problem, we have devised a hardware interface architecture, called PEMI, by which RiskiM is supplied with all internal states of the host system essential for fulfilling its monitoring task to protect the kernel even in the presence of attacks exploiting the semantic gap between the host and RiskiM. To empirically validate the security strength and performance of our monitoring platform in existing systems, we have fully implemented RiskiM in a RISC-V system. Our experiments show that RiskiM succeeds in the host kernel protection by detecting even the advanced attacks which could circumvent previous solutions, yet suffering from virtually no aforementioned side effects.
Download Paper (PDF; Only available from the DATE venue WiFi)

12:15

6.5.4

SACHA: SELF-ATTESTATION OF CONFIGURABLE HARDWARE
Speaker:
Jo Vliegen, imec-COSIC/ESAT, KU Leuven, BE
Authors:
Jo Vliegen¹, Md Masoom Rabbani², Mauro Conti² and Nele Mentens¹
¹KU Leuven, BE; ²University of Padua, IT
Abstract
Device attestation is a procedure to verify whether an embedded device is running the intended application code. This way, protection against both physical attacks and remote attacks on the embedded software is aimed for. With the wide adoption of Field-Programmable Gate Arrays or FPGAs, hardware also became configurable, and hence susceptible to attacks (just like software). In addition, an upcoming trend for hardware-based attestation is the use of configurable FPGA hardware. Therefore, in order to attest a whole system that makes use of FPGAs, the status of both the software and the hardware needs to be verified, without the availability of a tamper-resistant hardware module. In this paper, we propose a solution in which a prover core on the FPGA performs an attestation of the entire FPGA, including a self-attestation. This way, the FPGA can be used as a tamper-resistant hardware module to perform hardware-based attestation of a processor, resulting in a protection of the entire hardware/software system against malicious code updates.
Download Paper (PDF; Only available from the DATE venue WiFi)

12:30

IP3-5, 75

FUNCTIONAL ANALYSIS ATTACKS ON LOGIC LOCKING
Speaker:
Pramod Subramanyan, Indian Institute of Technology Kanpur, IN
Authors:
Deepak Sirone and Pramod Subramanyan, Indian Institute of Technology Kanpur, IN
Abstract
This paper proposes Functional Analysis attacks on state of the art Logic Locking algorithms (FALL attacks). FALL attacks use structural and functional analyses of locked circuits to identify the locking key. In contrast to past work, FALL attacks can often (90% of successful attempts in our experiments) fully defeat locking by only analyzing the locked netlist, without oracle access to an activated circuit. Experiments show that FALL attacks succeed against 65 out of 80 (81%) of circuits locked using Secure Function Logic Locking (SFLL), the only combinational logic locking algorithm resilient to known attacks.
Download Paper (PDF; Only available from the DATE venue WiFi)

12:31

IP3-6, 178

SIGATTACK: NEW HIGH-LEVEL SAT-BASED ATTACK ON LOGIC ENCRYPTIONS
Speaker:
Hai Zhou, Northwestern University, US
Authors:
Yuanqi Shen¹, You Li¹, Shuyu Kong², Amin Rezaei¹ and Hai Zhou¹
¹Northwestern University, US; ²northwestern university, CN
Abstract
Logic encryption is a powerful hardware protection technique that uses extra key inputs to lock a circuit from piracy or unauthorized use. The recent discovery of the SAT-based attack with Distinguishing Input Pattern (DIP) generation has rendered all traditional logic encryptions vulnerable, and thus the creation of new encryption methods. However, a critical question for any new encryption method is whether security against the DIP-generation attack means security against all other attacks. In this paper, a new high-level SAT-based attack called SigAttack has been discovered and thoroughly investigated. It is based on extracting a key-revealing signature in the encryption. A majority of all known SAT-resilient encryptions are shown to be vulnerable to SigAttack. By formulating the condition under which SigAttack is effective, the paper also provides guidance for the future logic encryption design.
Download Paper (PDF; Only available from the DATE venue WiFi)

12:30

End of session
Lunch Break in Lunch Area

Coffee Breaks in the Exhibition Area

On all conference days (Tuesday to Thursday), coffee and tea will be served during the coffee breaks at the below-mentioned times in the exhibition area.

Lunch Breaks (Lunch Area)

On all conference days (Tuesday to Thursday), a seated lunch (lunch buffet) will be offered in the Lunch Area to fully registered conference delegates only. There will be badge control at the entrance to the lunch break area.

Tuesday, March 26, 2019

Coffee Break 10:30 - 11:30
Lunch Break 13:00 - 14:30
Keynote Lecture "Leonardo da Vinci, Humanism and Engineering between Florence and Milan" by Claudio Giorgione in room 1 13:50 - 14:20
Coffee Break 16:00 - 17:00

Wednesday, March 27, 2019

Coffee Break 10:00 - 11:00
Lunch Break 12:30 - 14:30
Keynote Lecture "Heterogeneous, High Scale Computing in the Era of Intelligent, Cloud-Connected" by David Pellerin, Amazon, US in room 1 13:50 - 14:20
Coffee Break 16:00 - 17:00

Thursday, March 28, 2019

Coffee Break 10:00 - 11:00
University Booth Best Demo Award Presentation at the University Booth 10:30
Lunch Break 12:30 - 14:00
Keynote Lecture "A Fundamental Look at Models and Intelligence" by Edward A. Lee, University of California, Berkeley, US in room 1 13:20 - 13:50
Coffee Break 15:30 - 16:00