Visible to the public Biblio

Filters: Keyword is Operating systems  [Clear All Filters]
2021-07-08
Sato, Masaya, Taniguchi, Hideo, Nakamura, Ryosuke.  2020.  Virtual Machine Monitor-based Hiding Method for Access to Debug Registers. 2020 Eighth International Symposium on Computing and Networking (CANDAR). :209—214.
To secure a guest operating system running on a virtual machine (VM), a monitoring method using hardware breakpoints by a virtual machine monitor is required. However, debug registers are visible to guest operating systems; thus, malicious programs on a guest operating system can detect or disable the monitoring method. This paper presents a method to hide access to debug registers from programs running on a VM. Our proposed method detects programs' access to debug registers and disguises the access as having succeeded. The register's actual value is not visible or modifiable to programs, so the monitoring method is hidden. This paper presents the basic design and evaluation results of our method.
2021-07-07
Moustafa, Nour, Ahmed, Mohiuddin, Ahmed, Sherif.  2020.  Data Analytics-Enabled Intrusion Detection: Evaluations of ToNİoT Linux Datasets. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :727–735.
With the widespread of Artificial Intelligence (AI)-enabled security applications, there is a need for collecting heterogeneous and scalable data sources for effectively evaluating the performances of security applications. This paper presents the description of new datasets, named ToNİoT datasets that include distributed data sources collected from Telemetry datasets of Internet of Things (IoT) services, Operating systems datasets of Windows and Linux, and datasets of Network traffic. The paper aims to describe the new testbed architecture used to collect Linux datasets from audit traces of hard disk, memory and process. The architecture was designed in three distributed layers of edge, fog, and cloud. The edge layer comprises IoT and network systems, the fog layer includes virtual machines and gateways, and the cloud layer includes data analytics and visualization tools connected with the other two layers. The layers were programmatically controlled using Software-Defined Network (SDN) and Network-Function Virtualization (NFV) using the VMware NSX and vCloud NFV platform. The Linux ToNİoT datasets would be used to train and validate various new federated and distributed AI-enabled security solutions such as intrusion detection, threat intelligence, privacy preservation and digital forensics. Various Data analytical and machine learning methods are employed to determine the fidelity of the datasets in terms of examining feature engineering, statistics of legitimate and security events, and reliability of security events. The datasets can be publicly accessed from [1].
2021-06-24
Stöckle, Patrick, Grobauer, Bernd, Pretschner, Alexander.  2020.  Automated Implementation of Windows-related Security-Configuration Guides. 2020 35th IEEE/ACM International Conference on Automated Software Engineering (ASE). :598—610.
Hardening is the process of configuring IT systems to ensure the security of the systems' components and data they process or store. The complexity of contemporary IT infrastructures, however, renders manual security hardening and maintenance a daunting task. In many organizations, security-configuration guides expressed in the SCAP (Security Content Automation Protocol) are used as a basis for hardening, but these guides by themselves provide no means for automatically implementing the required configurations. In this paper, we propose an approach to automatically extract the relevant information from publicly available security-configuration guides for Windows operating systems using natural language processing. In a second step, the extracted information is verified using the information of available settings stored in the Windows Administrative Template files, in which the majority of Windows configuration settings is defined. We show that our implementation of this approach can extract and implement 83% of the rules without any manual effort and 96% with minimal manual effort. Furthermore, we conduct a study with 12 state-of-the-art guides consisting of 2014 rules with automatic checks and show that our tooling can implement at least 97% of them correctly. We have thus significantly reduced the effort of securing systems based on existing security-configuration guides. In many organizations, security-configuration guides expressed in the SCAP (Security Content Automation Protocol) are used as a basis for hardening, but these guides by themselves provide no means for automatically implementing the required configurations. In this paper, we propose an approach to automatically extract the relevant information from publicly available security-configuration guides for Windows operating systems using natural language processing. In a second step, the extracted information is verified using the information of available settings stored in the Windows Administrative Template files, in which the majority of Windows configuration settings is defined. We show that our implementation of this approach can extract and implement 83% of the rules without any manual effort and 96% with minimal manual effort. Furthermore, we conduct a study with 12 state-of-the-art guides consisting of 2014 rules with automatic checks and show that our tooling can implement at least 97% of them correctly. We have thus significantly reduced the effort of securing systems based on existing security-configuration guides. In this paper, we propose an approach to automatically extract the relevant information from publicly available security-configuration guides for Windows operating systems using natural language processing. In a second step, the extracted information is verified using the information of available settings stored in the Windows Administrative Template files, in which the majority of Windows configuration settings is defined. We show that our implementation of this approach can extract and implement 83% of the rules without any manual effort and 96% with minimal manual effort. Furthermore, we conduct a study with 12 state-of-the-art guides consisting of 2014 rules with automatic checks and show that our tooling can implement at least 97% of them correctly. We have thus significantly reduced the effort of securing systems based on existing security-configuration guides. We show that our implementation of this approach can extract and implement 83% of the rules without any manual effort and 96% with minimal manual effort. Furthermore, we conduct a study with 12 state-of-the-art guides consisting of 2014 rules with automatic checks and show that our tooling can implement at least 97% of them correctly. We have thus significantly reduced the effort of securing systems based on existing security-configuration guides.
2021-05-05
Đuranec, A., Gruičić, S., Žagar, M..  2020.  Forensic analysis of Windows 10 Sandbox. 2020 43rd International Convention on Information, Communication and Electronic Technology (MIPRO). :1224—1229.

With each Windows operating system Microsoft introduces new features to its users. Newly added features present a challenge to digital forensics examiners as they are not analyzed or tested enough. One of the latest features, introduced in Windows 10 version 1909 is Windows Sandbox; a lightweight, temporary, environment for running untrusted applications. Because of the temporary nature of the Sandbox and insufficient documentation, digital forensic examiners are facing new challenges when examining this newly added feature which can be used to hide different illegal activities. Throughout this paper, the focus will be on analyzing different Windows artifacts and event logs, with various tools, left behind as a result of the user interaction with the Sandbox feature on a clear virtual environment. Additionally, the setup of testing environment will be explained, the results of testing and interpretation of the findings will be presented, as well as open-source tools used for the analysis.

2021-04-29
Belim, S. V., Belim, S. Y..  2020.  The Security Policies Optimization Problem for Composite Information Systems. 2020 International Multi-Conference on Industrial Engineering and Modern Technologies (FarEastCon). :1—4.

The problem of optimizing the security policy for the composite information system is formulated. Subject-object model for information system is used. Combining different types of security policies is formalized. The target function for the optimization task is recorded. The optimization problem for combining two discretionary security policies is solved. The case of combining two mandatory security policies is studied. The main problems of optimization the composite security policy are formulated. +50 CHMBOJIOB‼!

2021-03-15
Piessens, F..  2020.  Security across abstraction layers: old and new examples. 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS PW). :271–279.
A common technique for building ICT systems is to build them as successive layers of bstraction: for instance, the Instruction Set Architecture (ISA) is an abstraction of the hardware, and compilers or interpreters build higher level abstractions on top of the ISA.The functionality of an ICT application can often be understood by considering only a single level of abstraction. For instance the source code of the application defines the functionality using the level of abstraction of the source programming language. Functionality can be well understood by just studying this source code.Many important security issues in ICT system however are cross-layer issues: they can not be understood by considering the system at a single level of abstraction, but they require understanding how multiple levels of abstraction are implemented. Attacks may rely on, or exploit, implementation details of one or more layers below the source code level of abstraction.The purpose of this paper is to illustrate this cross-layer nature of security by discussing old and new examples of cross-layer security issues, and by providing a classification of these issues.
2021-03-09
Muslim, A. A., Budiono, A., Almaarif, A..  2020.  Implementation and Analysis of USB based Password Stealer using PowerShell in Google Chrome and Mozilla Firefox. 2020 3rd International Conference on Computer and Informatics Engineering (IC2IE). :421—426.

Along with the development of the Windows operating system, browser applications to surf the internet are also growing rapidly. The most widely used browsers today are Google Chrome and Mozilla Firefox. Both browsers have a username and password management feature that makes users login to a website easily, but saving usernames and passwords in the browser is quite dangerous because the stored data can be hacked using brute force attacks or read through a program. One way to get a username and password in the browser is to use a program that can read Google Chrome and Mozilla Firefox login data from the computer's internal storage and then show those data. In this study, an attack will be carried out by implementing Rubber Ducky using BadUSB to run the ChromePass and PasswordFox program and the PowerShell script using the Arduino Pro Micro Leonardo device as a USB Password Stealer. The results obtained from this study are the username and password on Google Chrome and Mozilla Firefox successfully obtained when the USB is connected to the target device, the average time of the attack is 14 seconds then sending it to the author's email.

2021-03-04
Afreen, A., Aslam, M., Ahmed, S..  2020.  Analysis of Fileless Malware and its Evasive Behavior. 2020 International Conference on Cyber Warfare and Security (ICCWS). :1—8.

Malware is any software that causes harm to the user information, computer systems or network. Modern computing and internet systems are facing increase in malware threats from the internet. It is observed that different malware follows the same patterns in their structure with minimal alterations. The type of threats has evolved, from file-based malware to fileless malware, such kind of threats are also known as Advance Volatile Threat (AVT). Fileless malware is complex and evasive, exploiting pre-installed trusted programs to infiltrate information with its malicious intent. Fileless malware is designed to run in system memory with a very small footprint, leaving no artifacts on physical hard drives. Traditional antivirus signatures and heuristic analysis are unable to detect this kind of malware due to its sophisticated and evasive nature. This paper provides information relating to detection, mitigation and analysis for such kind of threat.

Matin, I. Muhamad Malik, Rahardjo, B..  2020.  A Framework for Collecting and Analysis PE Malware Using Modern Honey Network (MHN). 2020 8th International Conference on Cyber and IT Service Management (CITSM). :1—5.

Nowadays, Windows is an operating system that is very popular among people, especially users who have limited knowledge of computers. But unconsciously, the security threat to the windows operating system is very high. Security threats can be in the form of illegal exploitation of the system. The most common attack is using malware. To determine the characteristics of malware using dynamic analysis techniques and static analysis is very dependent on the availability of malware samples. Honeypot is the most effective malware collection technique. But honeypot cannot determine the type of file format contained in malware. File format information is needed for the purpose of handling malware analysis that is focused on windows-based malware. For this reason, we propose a framework that can collect malware information as well as identify malware PE file type formats. In this study, we collected malware samples using a modern honey network. Next, we performed a feature extraction to determine the PE file format. Then, we classify types of malware using VirusTotal scanning. As the results of this study, we managed to get 1.222 malware samples. Out of 1.222 malware samples, we successfully extracted 945 PE malware. This study can help researchers in other research fields, such as machine learning and deep learning, for malware detection.

Ferryansa, Budiono, A., Almaarif, A..  2020.  Analysis of USB Based Spying Method Using Arduino and Metasploit Framework in Windows Operating System. 2020 3rd International Conference on Computer and Informatics Engineering (IC2IE). :437—442.

The use of a very wide windows operating system is undeniably also followed by increasing attacks on the operating system. Universal Serial Bus (USB) is one of the mechanisms used by many people with plug and play functionality that is very easy to use, making data transfers fast and easy compared to other hardware. Some research shows that the Windows operating system has weaknesses so that it is often exploited by using various attacks and malware. There are various methods used to exploit the Windows operating system, one of them by using a USB device. By using a USB device, a criminal can plant a backdoor reverse shell to exploit the victim's computer just by connecting the USB device to the victim's computer without being noticed. This research was conducted by planting a reverse shell backdoor through a USB device to exploit the victim's device, especially the webcam and microphone device on the target computer. From 35 experiments that have been carried out, it was found that 83% of spying attacks using USB devices on the Windows operating system were successfully carried out.

Moustafa, N., Keshky, M., Debiez, E., Janicke, H..  2020.  Federated TONİoT Windows Datasets for Evaluating AI-Based Security Applications. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :848—855.

Existing cyber security solutions have been basically developed using knowledge-based models that often cannot trigger new cyber-attack families. With the boom of Artificial Intelligence (AI), especially Deep Learning (DL) algorithms, those security solutions have been plugged-in with AI models to discover, trace, mitigate or respond to incidents of new security events. The algorithms demand a large number of heterogeneous data sources to train and validate new security systems. This paper presents the description of new datasets, the so-called ToNİoT, which involve federated data sources collected from Telemetry datasets of IoT services, Operating system datasets of Windows and Linux, and datasets of Network traffic. The paper introduces the testbed and description of TONİoT datasets for Windows operating systems. The testbed was implemented in three layers: edge, fog and cloud. The edge layer involves IoT and network devices, the fog layer contains virtual machines and gateways, and the cloud layer involves cloud services, such as data analytics, linked to the other two layers. These layers were dynamically managed using the platforms of software-Defined Network (SDN) and Network-Function Virtualization (NFV) using the VMware NSX and vCloud NFV platform. The Windows datasets were collected from audit traces of memories, processors, networks, processes and hard disks. The datasets would be used to evaluate various AI-based cyber security solutions, including intrusion detection, threat intelligence and hunting, privacy preservation and digital forensics. This is because the datasets have a wide range of recent normal and attack features and observations, as well as authentic ground truth events. The datasets can be publicly accessed from this link [1].

Ramadhanty, A. D., Budiono, A., Almaarif, A..  2020.  Implementation and Analysis of Keyboard Injection Attack using USB Devices in Windows Operating System. 2020 3rd International Conference on Computer and Informatics Engineering (IC2IE). :449—454.

Windows is one of the popular operating systems in use today, while Universal Serial Bus (USB) is one of the mechanisms used by many people with practical plug and play functions. USB has long been used as a vector of attacks on computers. One method of attack is Keylogger. The Keylogger can take advantage of existing vulnerabilities in the Windows 10 operating system attacks carried out in the form of recording computer keystroke activity without the victim knowing. In this research, an attack will be carried out by running a Powershell Script using BadUSB to be able to activate the Keylogger program. The script is embedded in the Arduino Pro Micro device. The results obtained in the Keyboard Injection Attack research using Arduino Pro Micro were successfully carried out with an average time needed to run the keylogger is 7.474 seconds with a computer connected to the internet. The results of the keylogger will be sent to the attacker via email.

Moskvichev, A. D., Dolgachev, M. V..  2020.  System of Collection and Analysis Event Log from Sources under Control of Windows Operating System. 2020 International Multi-Conference on Industrial Engineering and Modern Technologies (FarEastCon). :1—5.

The purpose of this work is to implement a universal system for collecting and analyzing event logs from sources that use the Windows operating system. The authors use event-forwarding technology to collect data from logs. Security information and event management detects incidents from received events. The authors analyze existing methods for transmitting event log entries from sources running the Windows operating system. This article describes in detail how to connect event sources running on the Windows operating system to the event collector without connecting to a domain controller. Event sources are authenticated using certificates created by the event collector. The authors suggest a scheme for connecting the event collector to security information and event management. Security information and event management must meet the requirements for use in conjunction with event forwarding technology. The authors of the article demonstrate the scheme of the test stand and the result of testing the event forwarding technology.

2021-02-10
Kerschbaumer, C., Ritter, T., Braun, F..  2020.  Hardening Firefox against Injection Attacks. 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS PW). :653—663.
Web browsers display content in the form of HTML, CSS and JavaScript retrieved from the world wide web. The loaded content is subject to the web security model and considered untrusted and potentially malicious. To complicate security matters, Firefox uses the same technologies to render its user interface as it does to render untrusted web content which blurs the distinction between the two privilege levels.Getting interactions between the two correct turns out to be complicated and has led to numerous real-world security vulnerabilities. We study those vulnerabilities to discover common threats and explain how we address them systematically to harden Firefox.
2020-12-17
Zong, Y., Guo, Y., Chen, X..  2019.  Policy-Based Access Control for Robotic Applications. 2019 IEEE International Conference on Service-Oriented System Engineering (SOSE). :368—3685.

With the wide application of modern robots, more concerns have been raised on security and privacy of robotic systems and applications. Although the Robot Operating System (ROS) is commonly used on different robots, there have been few work considering the security aspects of ROS. As ROS does not employ even the basic permission control mechanism, applications can access any resources without limitation, which could result in equipment damage, harm to human, as well as privacy leakage. In this paper we propose an access control mechanism for ROS based on an extended policy-based access control (PBAC) model. Specifically, we extend ROS to add an additional node dedicated for access control so that it can provide user identity and permission management services. The proposed mechanism also allows the administrator to revoke a permission dynamically. We implemented the proposed method in ROS and demonstrated its applicability and performance through several case studies.

Lagraa, S., Cailac, M., Rivera, S., Beck, F., State, R..  2019.  Real-Time Attack Detection on Robot Cameras: A Self-Driving Car Application. 2019 Third IEEE International Conference on Robotic Computing (IRC). :102—109.

The Robot Operating System (ROS) are being deployed for multiple life critical activities such as self-driving cars, drones, and industries. However, the security has been persistently neglected, especially the image flows incoming from camera robots. In this paper, we perform a structured security assessment of robot cameras using ROS. We points out a relevant number of security flaws that can be used to take over the flows incoming from the robot cameras. Furthermore, we propose an intrusion detection system to detect abnormal flows. Our defense approach is based on images comparisons and unsupervised anomaly detection method. We experiment our approach on robot cameras embedded on a self-driving car.

Rivera, S., Lagraa, S., State, R..  2019.  ROSploit: Cybersecurity Tool for ROS. 2019 Third IEEE International Conference on Robotic Computing (IRC). :415—416.

Robotic Operating System(ROS) security research is currently in a preliminary state, with limited research in tools or models. Considering the trend of digitization of robotic systems, this lack of foundational knowledge increases the potential threat posed by security vulnerabilities in ROS. In this article, we present a new tool to assist further security research in ROS, ROSploit. ROSploit is a modular two-pronged offensive tool covering both reconnaissance and exploitation of ROS systems, designed to assist researchers in testing exploits for ROS.

Basan, E., Gritsynin, A., Avdeenko, T..  2019.  Framework for Analyzing the Security of Robot Control Systems. 2019 International Conference on Information Systems and Computer Science (INCISCOS). :354—360.

The purpose of this work is to analyze the security model of a robotized system, to analyze the approaches to assessing the security of this system, and to develop our own framework. The solution to this problem involves the use of developed frameworks. The analysis will be conducted on a robotic system of robots. The prefix structures assume that the robotic system is divided into levels, and after that it is necessary to directly protect each level. Each level has its own characteristics and drawbacks that must be considered when developing a security system for a robotic system.

Abeykoon, I., Feng, X..  2019.  Challenges in ROS Forensics. 2019 IEEE SmartWorld, Ubiquitous Intelligence Computing, Advanced Trusted Computing, Scalable Computing Communications, Cloud Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI). :1677—1682.

The usage of robot is rapidly growth in our society. The communication link and applications connect the robots to their clients or users. This communication link and applications are normally connected through some kind of network connections. This network system is amenable of being attached and vulnerable to the security threats. It is a critical part for ensuring security and privacy for robotic platforms. The paper, also discusses about several cyber-physical security threats that are only for robotic platforms. The peer to peer applications use in the robotic platforms for threats target integrity, availability and confidential security purposes. A Remote Administration Tool (RAT) was introduced for specific security attacks. An impact oriented process was performed for analyzing the assessment outcomes of the attacks. Tests and experiments of attacks were performed in simulation environment which was based on Gazbo Turtlebot simulator and physically on the robot. A software tool was used for simulating, debugging and experimenting on ROS platform. Integrity attacks performed for modifying commands and manipulated the robot behavior. Availability attacks were affected for Denial-of-Service (DoS) and the robot was not listened to Turtlebot commands. Integrity and availability attacks resulted sensitive information on the robot.

Basheer, M. M., Varol, A..  2019.  An Overview of Robot Operating System Forensics. 2019 1st International Informatics and Software Engineering Conference (UBMYK). :1—4.
Autonomous technologies have been rapidly replacing the traditional manual intervention nearly in every aspect of our life. These technologies essentially require robots to carry out their automated processes. Nowadays, with the emergence of industry 4.0, robots are increasingly being remote-controlled via client-server connection, which creates uncommon vulnerabilities that allow attackers to target those robots. The development of an open source operational environment for robots, known as Robot Operating System (ROS) has come as a response to these demands. Security and privacy are crucial for the use of ROS as the chance of a compromise may lead to devastating ramifications. In this paper, an overview of ROS and the attacks targeting it are detailed and discussed. Followed by a review of the ROS security and digital investigation studies.
2020-12-11
Liu, F., Li, J., Wang, Y., Li, L..  2019.  Kubestorage: A Cloud Native Storage Engine for Massive Small Files. 2019 6th International Conference on Behavioral, Economic and Socio-Cultural Computing (BESC). :1—4.
Cloud Native, the emerging computing infrastructure has become a new trend for cloud computing, especially after the development of containerization technology such as docker and LXD, and the orchestration system for them like Kubernetes and Swarm. With the growing popularity of Cloud Native, the following problems have been raised: (i) most Cloud Native applications were designed for making full use of the cloud platform, but their file storage has not been completely optimized for adapting it. (ii) the traditional file system is designed as a utility for storing and retrieving files, usually built into the kernel of the operating systems. But when placing it to a large-scale condition, like a network storage server shared by thousands of computing instances, and stores millions of files, it will be slow and even unstable. (iii) most storage solutions use metadata for faster tracking of files, but the metadata itself will take up a lot of space, and the capacity of it is usually limited. If the file system store metadata directly into hard disk without caching, the tracking of massive small files will be a lot slower. (iv) The traditional object storage solution can't provide enough features to make itself more practical on the cloud such as caching and auto replication. This paper proposes a new storage engine based on the well-known Haystack storage engine, optimized in terms of service discovery and Automated fault tolerance, make it more suitable for Cloud Native infrastructure, deployment and applications. We use the object storage model to solve the large and high-frequency file storage needs, offering a simple and unified set of APIs for application to access. We also take advantage of Kubernetes' sophisticated and automated toolchains to make cloud storage easier to deploy, more flexible to scale, and more stable to run.
2020-12-07
Xu, M., Huber, M., Sun, Z., England, P., Peinado, M., Lee, S., Marochko, A., Mattoon, D., Spiger, R., Thom, S..  2019.  Dominance as a New Trusted Computing Primitive for the Internet of Things. 2019 IEEE Symposium on Security and Privacy (SP). :1415–1430.
The Internet of Things (IoT) is rapidly emerging as one of the dominant computing paradigms of this decade. Applications range from in-home entertainment to large-scale industrial deployments such as controlling assembly lines and monitoring traffic. While IoT devices are in many respects similar to traditional computers, user expectations and deployment scenarios as well as cost and hardware constraints are sufficiently different to create new security challenges as well as new opportunities. This is especially true for large-scale IoT deployments in which a central entity deploys and controls a large number of IoT devices with minimal human interaction. Like traditional computers, IoT devices are subject to attack and compromise. Large IoT deployments consisting of many nearly identical devices are especially attractive targets. At the same time, recovery from root compromise by conventional means becomes costly and slow, even more so if the devices are dispersed over a large geographical area. In the worst case, technicians have to travel to all devices and manually recover them. Data center solutions such as the Intelligent Platform Management Interface (IPMI) which rely on separate service processors and network connections are not only not supported by existing IoT hardware, but are unlikely to be in the foreseeable future due to the cost constraints of mainstream IoT devices. This paper presents CIDER, a system that can recover IoT devices within a short amount of time, even if attackers have taken root control of every device in a large deployment. The recovery requires minimal manual intervention. After the administrator has identified the compromise and produced an updated firmware image, he/she can instruct CIDER to force the devices to reset and to install the patched firmware on the devices. We demonstrate the universality and practicality of CIDER by implementing it on three popular IoT platforms (HummingBoard Edge, Raspberry Pi Compute Module 3 and Nucleo-L476RG) spanning the range from high to low end. Our evaluation shows that the performance overhead of CIDER is generally negligible.
2020-11-17
Singh, M., Butakov, S., Jaafar, F..  2018.  Analyzing Overhead from Security and Administrative Functions in Virtual Environment. 2018 International Conference on Platform Technology and Service (PlatCon). :1—6.
The paper provides an analysis of the performance of an administrative component that helps the hypervisor to manage the resources of guest operating systems under fluctuation workload. The additional administrative component provides an extra layer of security to the guest operating systems and system as a whole. In this study, an administrative component was implemented by using Xen-hypervisor based para-virtualization technique and assigned some additional roles and responsibilities that reduce hypervisor workload. The study measured the resource utilizations of an administrative component when excessive input/output load passes passing through the system. Performance was measured in terms of bandwidth and CPU utilisation Based on the analysis of administrative component performance recommendations have been provided with the goal to improve system availability. Recommendations included detection of the performance saturation point that indicates the necessity to start load balancing procedures for the administrative component in the virtualized environment.
Benhani, E. M., Bossuet, L..  2018.  DVFS as a Security Failure of TrustZone-enabled Heterogeneous SoC. 2018 25th IEEE International Conference on Electronics, Circuits and Systems (ICECS). :489—492.
Today, most embedded systems use Dynamic Voltage and Frequency Scaling (DVFS) to minimize energy consumption and maximize performance. The DVFS technique works by regulating the important parameters that govern the amount of energy consumed in a system, voltage and frequency. For the implementation of this technique, the operating system (OS) includes software applications that dynamically control a voltage regulator or a frequency regulator or both. In this paper, we demonstrate for the first time a malicious use of the frequency regulator against a TrustZone-enabled System-on-Chip (SoC). We demonstrate a use of frequency scaling to create covert channel in a TrustZone-enabled heterogeneous SoC. We present four proofs of concept to transfer sensitive data from a secure entity in the SoC to a non-secure one. The first proof of concept is from a secure ARM core to outside of SoC. The second is from a secure ARM core to a non-secure one. The third is from a non-trusted third party IP embedded in the programmable logic part of the SoC to a non-secure ARM core. And the last proof of concept is from a secure third party IP to a non-secure ARM core.
2020-10-30
Jeong, Yeonjeong, Kim, Jinmee, Jeon, Seunghyub, Cha, Seung-Jun, Ramneek, Jung, Sungin.  2019.  Design and Implementation of Azalea unikernel file IO offload. 2019 International Conference on Information and Communication Technology Convergence (ICTC). :398—401.

{Unikernel is smaller in size than existing operating systems and can be started and shut down much more quickly and safely, resulting in greater flexibility and security. Since unikernel does not include large modules like the file system in its library to reduce its size, it is common to choose offloading to handle file IO. However, the processing of IO offload of unikernel transfers the file IO command to the proxy of the file server and copies the file IO result of the proxy. This can result in a trade-off of rapid processing, an advantage of unikernel. In this paper, we propose a method to offload file IO and to perform file IO with direct copy from file server to unikernel}.