Visible to the public Biblio

Found 123 results

Filters: Keyword is Kernel  [Clear All Filters]
2021-07-27
Wang, X., Shen, Q., Luo, W., Wu, P..  2020.  RSDS: Getting System Call Whitelist for Container Through Dynamic and Static Analysis. 2020 IEEE 13th International Conference on Cloud Computing (CLOUD). :600—608.
Container technology has been used for running multiple isolated operating system distros on a host or deploying large scale microservice-based applications. In most cases, containers share the same kernel with the host and other containers on the same host, and the application in the container can make system calls of the host kernel like a normal process on the host. Seccomp is a security mechanism for the Linux kernel, through which we can prohibit certain system calls from being executed by the program. Docker began to support the seccomp mechanism from version 1.10 and disables around 44 system calls out of 300+ by default. However, for a particular container, there are still many system calls that are unnecessary for running it allowed to be executed, and the abuse of system calls by a compromised container can trigger the security vulnerabilities of a host kernel. Unfortunately, Docker does not provide a way to get the necessary system calls for a particular container. In this paper, we propose RSDS, a method combining dynamic analysis and static analysis to get the necessary system calls for a particular container. Our experiments show that our solution can reduce system calls by 69.27%-85.89% compared to the default configuration on an x86-64 PC with Ubuntu 16.04 host OS and does not affect the functionalities of these containers.
2021-06-24
Teplyuk, P.A., Yakunin, A.G., Sharlaev, E.V..  2020.  Study of Security Flaws in the Linux Kernel by Fuzzing. 2020 International Multi-Conference on Industrial Engineering and Modern Technologies (FarEastCon). :1–5.
An exceptional feature of the development of modern operating systems based on the Linux kernel is their leading use in cloud technologies, mobile devices and the Internet of things, which is accompanied by the emergence of more and more security threats at the kernel level. In order to improve the security of existing and future Linux distributions, it is necessary to analyze the existing approaches and tools for automated vulnerability detection and to conduct experimental security testing of some current versions of the kernel. The research is based on fuzzing - a software testing technique, which consists in the automated detection of implementation errors by sending deliberately incorrect data to the input of the fuzzer and analyzing the program's response at its output. Using the Syzkaller software tool, which implements a code coverage approach, vulnerabilities of the Linux kernel level were identified in stable versions used in modern distributions. The direction of this research is relevant and requires further development in order to detect zero-day vulnerabilities in new versions of the kernel, which is an important and necessary link in increasing the security of the Linux operating system family.
2021-06-01
Chen, Zhanhao, Cao, Yinzhi.  2020.  JSKernel: Fortifying JavaScript against Web Concurrency Attacks via a Kernel-Like Structure. 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). :64—75.
As portals to the Internet, web browsers constitute prominent targets for attacks. Existing defenses that redefine web APIs typically capture information related to a single JavaScript function. Thus, they fail to defend against the so-called web concurrency attacks that use multiple interleaved functions to trigger a browser vulnerability. In this paper, we propose JSKernel, the first generic framework that introduces a kernel concept into JavaScript to defend against web concurrency attacks. The JavaScript kernel, inspired from operating system concepts, enforces the execution order of JavaScript events and threads to fortify security. We implement a prototype of JSKernel deployable as add-on extensions to three widely used web browsers, namely Google Chrome, Mozilla Firefox, and Microsoft Edge. These open-source extensions are available at (https://github.com/jskernel2019/jskernel) along with a usability demo at (https://jskernel2019.github.io/). Our evaluation shows the prototype to be robust to web concurrency attacks, fast, and backward compatible with legacy websites.
Xu, Meng, Kashyap, Sanidhya, Zhao, Hanqing, Kim, Taesoo.  2020.  Krace: Data Race Fuzzing for Kernel File Systems. 2020 IEEE Symposium on Security and Privacy (SP). :1643—1660.
Data races occur when two threads fail to use proper synchronization when accessing shared data. In kernel file systems, which are highly concurrent by design, data races are common mistakes and often wreak havoc on the users, causing inconsistent states or data losses. Prior fuzzing practices on file systems have been effective in uncovering hundreds of bugs, but they mostly focus on the sequential aspect of file system execution and do not comprehensively explore the concurrency dimension and hence, forgo the opportunity to catch data races.In this paper, we bring coverage-guided fuzzing to the concurrency dimension with three new constructs: 1) a new coverage tracking metric, alias coverage, specially designed to capture the exploration progress in the concurrency dimension; 2) an evolution algorithm for generating, mutating, and merging multi-threaded syscall sequences as inputs for concurrency fuzzing; and 3) a comprehensive lockset and happens-before modeling for kernel synchronization primitives for precise data race detection. These components are integrated into Krace, an end-to-end fuzzing framework that has discovered 23 data races in ext4, btrfs, and the VFS layer so far, and 9 are confirmed to be harmful.
2021-05-25
Dodson, Michael, Beresford, Alastair R., Richardson, Alexander, Clarke, Jessica, Watson, Robert N. M..  2020.  CHERI Macaroons: Efficient, host-based access control for cyber-physical systems. 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS PW). :688–693.
Cyber-Physical Systems (CPS) often rely on network boundary defence as a primary means of access control; therefore, the compromise of one device threatens the security of all devices within the boundary. Resource and real-time constraints, tight hardware/software coupling, and decades-long service lifetimes complicate efforts for more robust, host-based access control mechanisms. Distributed capability systems provide opportunities for restoring access control to resource-owning devices; however, such a protection model requires a capability-based architecture for CPS devices as well as task compartmentalisation to be effective.This paper demonstrates hardware enforcement of network bearer tokens using an efficient translation between CHERI (Capability Hardware Enhanced RISC Instructions) architectural capabilities and Macaroon network tokens. While this method appears to generalise to any network-based access control problem, we specifically consider CPS, as our method is well-suited for controlling resources in the physical domain. We demonstrate the method in a distributed robotics application and in a hierarchical industrial control application, and discuss our plans to evaluate and extend the method.
2021-05-13
Xu, Shawn, Venugopalan, Subhashini, Sundararajan, Mukund.  2020.  Attribution in Scale and Space. 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). :9677–9686.
We study the attribution problem for deep networks applied to perception tasks. For vision tasks, attribution techniques attribute the prediction of a network to the pixels of the input image. We propose a new technique called Blur Integrated Gradients (Blur IG). This technique has several advantages over other methods. First, it can tell at what scale a network recognizes an object. It produces scores in the scale/frequency dimension, that we find captures interesting phenomena. Second, it satisfies the scale-space axioms, which imply that it employs perturbations that are free of artifact. We therefore produce explanations that are cleaner and consistent with the operation of deep networks. Third, it eliminates the need for baseline parameter for Integrated Gradients for perception tasks. This is desirable because the choice of baseline has a significant effect on the explanations. We compare the proposed technique against previous techniques and demonstrate application on three tasks: ImageNet object recognition, Diabetic Retinopathy prediction, and AudioSet audio event identification. Code and examples are at https://github.com/PAIR-code/saliency.
Niu, Yingjiao, Lei, Lingguang, Wang, Yuewu, Chang, Jiang, Jia, Shijie, Kou, Chunjing.  2020.  SASAK: Shrinking the Attack Surface for Android Kernel with Stricter “seccomp” Restrictions. 2020 16th International Conference on Mobility, Sensing and Networking (MSN). :387–394.
The increasing vulnerabilities in Android kernel make it an attractive target to the attackers. Most kernel-targeted attacks are initiated through system calls. For security purpose, Google has introduced a Linux kernel security mechanism named “seccomp” since Android O to constrain the system calls accessible to the Android apps. Unfortunately, existing Android seccomp mechanism provides a fairly coarse-grained restriction by enforcing a unified seccomp policy containing more than 250 system calls for Android apps, which greatly reduces the effectiveness of seccomp. Also, it lacks an approach to profile the unnecessary system calls for a given Android app. In this paper we present a two-level control scheme named SASAK, which can shrink the attack surface of Android kernel by strictly constraining the system calls available to the Android apps with seccomp mechanism. First, instead of leveraging a unified seccomp policy for all Android apps, SASAK introduces an architecture- dedicated system call constraining by enforcing two separate and refined seccomp policies for the 32-bit Android apps and 64-bit Android apps, respectively. Second, we provide a tool to profile the necessary system calls for a given Android app and enforce an app-dedicated seccomp policy to further reduce the allowed system calls for the apps selected by the users. The app-dedicated control could dynamically change the seccomp policy for an app according to its actual needs. We implement a prototype of SASAK and the experiment results show that the architecture-dedicated constraining reduces 39.6% system calls for the 64-bit apps and 42.5% system calls for the 32-bit apps. 33% of the removed system calls for the 64-bit apps are vulnerable, and the number for the 32-bit apps is 18.8%. The app-dedicated restriction reduces about 66.9% and 62.5% system calls on average for the 64-bit apps and 32-bit apps, respectively. In addition, SASAK introduces negligible performance overhead.
2021-04-27
Furutani, S., Shibahara, T., Hato, K., Akiyama, M., Aida, M..  2020.  Sybil Detection as Graph Filtering. GLOBECOM 2020 - 2020 IEEE Global Communications Conference. :1–6.
Sybils are users created for carrying out nefarious actions in online social networks (OSNs) and threaten the security of OSNs. Therefore, Sybil detection is an urgent security task, and various detection methods have been proposed. Existing Sybil detection methods are based on the relationship (i.e., graph structure) of users in OSNs. Structure-based methods can be classified into two categories: Random Walk (RW)-based and Belief Propagation (BP)-based. However, although almost all methods have been experimentally evaluated in terms of their performance and robustness to noise, the theoretical understanding of them is insufficient. In this paper, we interpret the Sybil detection problem from the viewpoint of graph signal processing and provide a framework to formulate RW- and BPbased methods as low-pass filtering. This framework enables us to theoretically compare RW- and BP-based methods and explain why BP-based methods perform well for scale-free graphs, unlike RW-based methods. Furthermore, by this framework, we relate RW- and BP-based methods and Graph Neural Networks (GNNs) and discuss the difference among these methods. Finally, we evaluate the validity of this framework through numerical experiments.
2021-04-08
Boato, G., Dang-Nguyen, D., Natale, F. G. B. De.  2020.  Morphological Filter Detector for Image Forensics Applications. IEEE Access. 8:13549—13560.
Mathematical morphology provides a large set of powerful non-linear image operators, widely used for feature extraction, noise removal or image enhancement. Although morphological filters might be used to remove artifacts produced by image manipulations, both on binary and gray level documents, little effort has been spent towards their forensic identification. In this paper we propose a non-trivial extension of a deterministic approach originally detecting erosion and dilation of binary images. The proposed approach operates on grayscale images and is robust to image compression and other typical attacks. When the image is attacked the method looses its deterministic nature and uses a properly trained SVM classifier, using the original detector as a feature extractor. Extensive tests demonstrate that the proposed method guarantees very high accuracy in filtering detection, providing 100% accuracy in discriminating the presence and the type of morphological filter in raw images of three different datasets. The achieved accuracy is also good after JPEG compression, equal or above 76.8% on all datasets for quality factors above 80. The proposed approach is also able to determine the adopted structuring element for moderate compression factors. Finally, it is robust against noise addition and it can distinguish morphological filter from other filters.
Zhang, J., Liao, Y., Zhu, X., Wang, H., Ding, J..  2020.  A Deep Learning Approach in the Discrete Cosine Transform Domain to Median Filtering Forensics. IEEE Signal Processing Letters. 27:276—280.
This letter presents a novel median filtering forensics approach, based on a convolutional neural network (CNN) with an adaptive filtering layer (AFL), which is built in the discrete cosine transform (DCT) domain. Using the proposed AFL, the CNN can determine the main frequency range closely related with the operational traces. Then, to automatically learn the multi-scale manipulation features, a multi-scale convolutional block is developed, exploring a new multi-scale feature fusion strategy based on the maxout function. The resultant features are further processed by a convolutional stream with pooling and batch normalization operations, and finally fed into the classification layer with the Softmax function. Experimental results show that our proposed approach is able to accurately detect the median filtering manipulation and outperforms the state-of-the-art schemes, especially in the scenarios of low image resolution and serious compression loss.
Ayub, M. A., Continella, A., Siraj, A..  2020.  An I/O Request Packet (IRP) Driven Effective Ransomware Detection Scheme using Artificial Neural Network. 2020 IEEE 21st International Conference on Information Reuse and Integration for Data Science (IRI). :319–324.
In recent times, there has been a global surge of ransomware attacks targeted at industries of various types and sizes from retail to critical infrastructure. Ransomware researchers are constantly coming across new kinds of ransomware samples every day and discovering novel ransomware families out in the wild. To mitigate this ever-growing menace, academia and industry-based security researchers have been utilizing unique ways to defend against this type of cyber-attacks. I/O Request Packet (IRP), a low-level file system I/O log, is a newly found research paradigm for defense against ransomware that is being explored frequently. As such in this study, to learn granular level, actionable insights of ransomware behavior, we analyze the IRP logs of 272 ransomware samples belonging to 18 different ransomware families captured during individual execution. We further our analysis by building an effective Artificial Neural Network (ANN) structure for successful ransomware detection by learning the underlying patterns of the IRP logs. We evaluate the ANN model with three different experimental settings to prove the effectiveness of our approach. The model demonstrates outstanding performance in terms of accuracy, precision score, recall score, and F1 score, i.e., in the range of 99.7%±0.2%.
2021-03-29
Liu, W., Niu, H., Luo, W., Deng, W., Wu, H., Dai, S., Qiao, Z., Feng, W..  2020.  Research on Technology of Embedded System Security Protection Component. 2020 IEEE International Conference on Advances in Electrical Engineering and Computer Applications( AEECA). :21—27.

With the development of the Internet of Things (IoT), it has been widely deployed. As many embedded devices are connected to the network and massive amounts of security-sensitive data are stored in these devices, embedded devices in IoT have become the target of attackers. The trusted computing is a key technology to guarantee the security and trustworthiness of devices' execution environment. This paper focuses on security problems on IoT devices, and proposes a security architecture for IoT devices based on the trusted computing technology. This paper implements a security management system for IoT devices, which can perform integrity measurement, real-time monitoring and security management for embedded applications, providing a safe and reliable execution environment and whitelist-based security protection for IoT devices. This paper also designs and implements an embedded security protection system based on trusted computing technology, containing a measurement and control component in the kernel and a remote graphical management interface for administrators. The kernel layer enforces the integrity measurement and control of the embedded application on the device. The graphical management interface communicates with the remote embedded device through the TCP/IP protocol, and provides a feature-rich and user-friendly interaction interface. It implements functions such as knowledge base scanning, whitelist management, log management, security policy management, and cryptographic algorithm performance testing.

2021-01-28
Siddiquie, K., Shafqat, N., Masood, A., Abbas, H., Shahid, W. b.  2020.  Profiling Vulnerabilities Threatening Dual Persona in Android Framework. 2019 International Conference on Advances in the Emerging Computing Technologies (AECT). :1—6.

Enterprises round the globe have been searching for a way to securely empower AndroidTM devices for work but have spurned away from the Android platform due to ongoing fragmentation and security concerns. Discrepant vulnerabilities have been reported in Android smartphones since Android Lollipop release. Smartphones can be easily hacked by installing a malicious application, visiting an infectious browser, receiving a crafted MMS, interplaying with plug-ins, certificate forging, checksum collisions, inter-process communication (IPC) abuse and much more. To highlight this issue a manual analysis of Android vulnerabilities is performed, by using data available in National Vulnerability Database NVD and Android Vulnerability website. This paper includes the vulnerabilities that risked the dual persona support in Android 5 and above, till Dec 2017. In our security threat analysis, we have identified a comprehensive list of Android vulnerabilities, vulnerable Android versions, manufacturers, and information regarding complete and partial patches released. So far, there is no published research work that systematically presents all the vulnerabilities and vulnerability assessment for dual persona feature of Android's smartphone. The data provided in this paper will open ways to future research and present a better Android security model for dual persona.

2021-01-11
Khadka, A., Argyriou, V., Remagnino, P..  2020.  Accurate Deep Net Crowd Counting for Smart IoT Video acquisition devices. 2020 16th International Conference on Distributed Computing in Sensor Systems (DCOSS). :260—264.

A novel deep neural network is proposed, for accurate and robust crowd counting. Crowd counting is a complex task, as it strongly depends on the deployed camera characteristics and, above all, the scene perspective. Crowd counting is essential in security applications where Internet of Things (IoT) cameras are deployed to help with crowd management tasks. The complexity of a scene varies greatly, and a medium to large scale security system based on IoT cameras must cater for changes in perspective and how people appear from different vantage points. To address this, our deep architecture extracts multi-scale features with a pyramid contextual module to provide long-range contextual information and enlarge the receptive field. Experiments were run on three major crowd counting datasets, to test our proposed method. Results demonstrate our method supersedes the performance of state-of-the-art methods.

2020-12-28
Raju, R. S., Lipasti, M..  2020.  BlurNet: Defense by Filtering the Feature Maps. 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W). :38—46.

Recently, the field of adversarial machine learning has been garnering attention by showing that state-of-the-art deep neural networks are vulnerable to adversarial examples, stemming from small perturbations being added to the input image. Adversarial examples are generated by a malicious adversary by obtaining access to the model parameters, such as gradient information, to alter the input or by attacking a substitute model and transferring those malicious examples over to attack the victim model. Specifically, one of these attack algorithms, Robust Physical Perturbations (RP2), generates adversarial images of stop signs with black and white stickers to achieve high targeted misclassification rates against standard-architecture traffic sign classifiers. In this paper, we propose BlurNet, a defense against the RP2 attack. First, we motivate the defense with a frequency analysis of the first layer feature maps of the network on the LISA dataset, which shows that high frequency noise is introduced into the input image by the RP2 algorithm. To remove the high frequency noise, we introduce a depthwise convolution layer of standard blur kernels after the first layer. We perform a blackbox transfer attack to show that low-pass filtering the feature maps is more beneficial than filtering the input. We then present various regularization schemes to incorporate this lowpass filtering behavior into the training regime of the network and perform white-box attacks. We conclude with an adaptive attack evaluation to show that the success rate of the attack drops from 90% to 20% with total variation regularization, one of the proposed defenses.

2020-12-14
Efendioglu, H. S., Asik, U., Karadeniz, C..  2020.  Identification of Computer Displays Through Their Electromagnetic Emissions Using Support Vector Machines. 2020 International Conference on INnovations in Intelligent SysTems and Applications (INISTA). :1–5.
As a TEMPEST information security problem, electromagnetic emissions from the computer displays can be captured, and reconstructed using signal processing techniques. It is necessary to identify the display type to intercept the image of the display. To determine the display type not only significant for attackers but also for protectors to prevent display compromising emanations. This study relates to the identification of the display type using Support Vector Machines (SVM) from electromagnetic emissions emitted from computer displays. After measuring the emissions using receiver measurement system, the signals were processed and training/test data sets were formed and the classification performance of the displays was examined with the SVM. Moreover, solutions for a better classification under real conditions have been proposed. Thus, one of the important step of the display image capture can accomplished by automatically identification the display types. The performance of the proposed method was evaluated in terms of confusion matrix and accuracy, precision, F1-score, recall performance measures.
2020-12-11
Ge, X., Pan, Y., Fan, Y., Fang, C..  2019.  AMDroid: Android Malware Detection Using Function Call Graphs. 2019 IEEE 19th International Conference on Software Quality, Reliability and Security Companion (QRS-C). :71—77.

With the rapid development of the mobile Internet, Android has been the most popular mobile operating system. Due to the open nature of Android, c countless malicious applications are hidden in a large number of benign applications, which pose great threats to users. Most previous malware detection approaches mainly rely on features such as permissions, API calls, and opcode sequences. However, these approaches fail to capture structural semantics of applications. In this paper, we propose AMDroid that leverages function call graphs (FCGs) representing the behaviors of applications and applies graph kernels to automatically learn the structural semantics of applications from FCGs. We evaluate AMDroid on the Genome Project, and the experimental results show that AMDroid is effective to detect Android malware with 97.49% detection accuracy.

2020-12-02
Tsiligkaridis, T., Romero, D..  2018.  Reinforcement Learning with Budget-Constrained Nonparametric Function Approximation for Opportunistic Spectrum Access. 2018 IEEE Global Conference on Signal and Information Processing (GlobalSIP). :579—583.

Opportunistic spectrum access is one of the emerging techniques for maximizing throughput in congested bands and is enabled by predicting idle slots in spectrum. We propose a kernel-based reinforcement learning approach coupled with a novel budget-constrained sparsification technique that efficiently captures the environment to find the best channel access actions. This approach allows learning and planning over the intrinsic state-action space and extends well to large state spaces. We apply our methods to evaluate coexistence of a reinforcement learning-based radio with a multi-channel adversarial radio and a single-channel carrier-sense multiple-access with collision avoidance (CSMA-CA) radio. Numerical experiments show the performance gains over carrier-sense systems.

2020-12-01
Garbo, A., Quer, S..  2018.  A Fast MPEG’s CDVS Implementation for GPU Featured in Mobile Devices. IEEE Access. 6:52027—52046.
The Moving Picture Experts Group's Compact Descriptors for Visual Search (MPEG's CDVS) intends to standardize technologies in order to enable an interoperable, efficient, and cross-platform solution for internet-scale visual search applications and services. Among the key technologies within CDVS, we recall the format of visual descriptors, the descriptor extraction process, and the algorithms for indexing and matching. Unfortunately, these steps require precision and computation accuracy. Moreover, they are very time-consuming, as they need running times in the order of seconds when implemented on the central processing unit (CPU) of modern mobile devices. In this paper, to reduce computation times and maintain precision and accuracy, we re-design, for many-cores embedded graphical processor units (GPUs), all main local descriptor extraction pipeline phases of the MPEG's CDVS standard. To reach this goal, we introduce new techniques to adapt the standard algorithm to parallel processing. Furthermore, to reduce memory accesses and efficiently distribute the kernel workload, we use new approaches to store and retrieve CDVS information on proper GPU data structures. We present a complete experimental analysis on a large and standard test set. Our experiments show that our GPU-based approach is remarkably faster than the CPU-based reference implementation of the standard, and it maintains a comparable precision in terms of true and false positive rates.
2020-11-30
Guan, L., Lin, J., Ma, Z., Luo, B., Xia, L., Jing, J..  2018.  Copker: A Cryptographic Engine Against Cold-Boot Attacks. IEEE Transactions on Dependable and Secure Computing. 15:742–754.
Cryptosystems are essential for computer and communication security, e.g., RSA or ECDSA in PGP Email clients and AES in full disk encryption. In practice, the cryptographic keys are loaded and stored in RAM as plain-text, and therefore vulnerable to cold-boot attacks exploiting the remanence effect of RAM chips to directly read memory data. To tackle this problem, we propose Copker, a cryptographic engine that implements asymmetric cryptosystems entirely within the CPU, without storing any plain-text sensitive data in RAM. Copker supports the popular asymmetric cryptosystems (i.e., RSA and ECDSA), and deterministic random bit generators (DRBGs) used in ECDSA signing. In its active mode, Copker stores kilobytes of sensitive data, including the private key, the DRBG seed and intermediate states, only in on-chip CPU caches (and registers). Decryption/signing operations are performed without storing any sensitive information in RAM. In the suspend mode, Copker stores symmetrically-encrypted private keys and DRBG seeds in memory, while employs existing solutions to keep the key-encryption key securely in CPU registers. Hence, Copker releases the system resources in the suspend mode. We implement Copker with the support of multiple private keys. With security analyses and intensive experiments, we demonstrate that Copker provides cryptographic services that are secure against cold-boot attacks and introduce reasonable overhead.
2020-11-02
Shen, Hanji, Long, Chun, Li, Jun, Wan, Wei, Song, Xiaofan.  2018.  A Method for Performance Optimization of Virtual Network I/O Based on DPDK-SRIOV*. 2018 IEEE International Conference on Information and Automation (ICIA). :1550—1554.
Network security testing devices play important roles in Cyber security. Most of the current network security testing devices are based on proprietary hardware, however, the virtual network security tester needs high network I/O throughput performance. Therefore, the solution of the problem, which provides high-performance network I/O in the virtual scene will be explained in this paper. The method we proposed for virtualized network I/O performance optimization on a general hardware platform is able to achieve the I/O throughput performance of the proprietary hardware. The Single Root I/O Virtualization (SRIOV) of the physical network card is divided into a plurality of virtual network function of VF, furthermore, it can be added to different VF and VM. Extensive experiment illustrated that the virtualization and the physical network card sharing based on hardware are realized, and they can be used by Data Plane Development Kit (DPDK) and SRIOV technology. Consequently, the test instrument applications in virtual machines achieves the rate of 10Gps and meet the I/O requirement.
2020-10-30
Jeong, Yeonjeong, Kim, Jinmee, Jeon, Seunghyub, Cha, Seung-Jun, Ramneek, Jung, Sungin.  2019.  Design and Implementation of Azalea unikernel file IO offload. 2019 International Conference on Information and Communication Technology Convergence (ICTC). :398—401.

{Unikernel is smaller in size than existing operating systems and can be started and shut down much more quickly and safely, resulting in greater flexibility and security. Since unikernel does not include large modules like the file system in its library to reduce its size, it is common to choose offloading to handle file IO. However, the processing of IO offload of unikernel transfers the file IO command to the proxy of the file server and copies the file IO result of the proxy. This can result in a trade-off of rapid processing, an advantage of unikernel. In this paper, we propose a method to offload file IO and to perform file IO with direct copy from file server to unikernel}.

Xu, Lai, Yu, Rongwei, Wang, Lina, Liu, Weijie.  2019.  Memway: in-memorywaylaying acceleration for practical rowhammer attacks against binaries. Tsinghua Science and Technology. 24:535—545.

The Rowhammer bug is a novel micro-architectural security threat, enabling powerful privilege-escalation attacks on various mainstream platforms. It works by actively flipping bits in Dynamic Random Access Memory (DRAM) cells with unprivileged instructions. In order to set up Rowhammer against binaries in the Linux page cache, the Waylaying algorithm has previously been proposed. The Waylaying method stealthily relocates binaries onto exploitable physical addresses without exhausting system memory. However, the proof-of-concept Waylaying algorithm can be easily detected during page cache eviction because of its high disk I/O overhead and long running time. This paper proposes the more advanced Memway algorithm, which improves on Waylaying in terms of both I/O overhead and speed. Running time and disk I/O overhead are reduced by 90% by utilizing Linux tmpfs and inmemory swapping to manage eviction files. Furthermore, by combining Memway with the unprivileged posix fadvise API, the binary relocation step is made 100 times faster. Equipped with our Memway+fadvise relocation scheme, we demonstrate practical Rowhammer attacks that take only 15-200 minutes to covertly relocate a victim binary, and less than 3 seconds to flip the target instruction bit.

2020-10-26
Changazi, Sabir Ali, Shafi, Imran, Saleh, Khaled, Islam, M Hasan, Hussainn, Syed Muzammil, Ali, Atif.  2019.  Performance Enhancement of Snort IDS through Kernel Modification. 2019 8th International Conference on Information and Communication Technologies (ICICT). :155–161.
Performance and improved packet handling capacity against high traffic load are important requirements for an effective intrusion detection system (IDS). Snort is one of the most popular open-source intrusion detection system which runs on Linux. This research article discusses ways of enhancing the performance of Snort by modifying Linux key parameters related to NAPI packet reception mechanism within the Linux kernel networking subsystem. Our enhancement overcomes the current limitations related to NAPI throughput. We experimentally demonstrate that current default budget B value of 300 does not yield the best performance of Snort throughput. We show that a small budget value of 14 gives the best Snort performance in terms of packet loss both at Kernel subsystem and at the application level. Furthermore, we compare our results to those reported in the literature, and we show that our enhancement through tuning certain parameters yield superior performance.
2020-10-19
Peng, Ruxiang, Li, Weishi, Yang, Tao, Huafeng, Kong.  2019.  An Internet of Vehicles Intrusion Detection System Based on a Convolutional Neural Network. 2019 IEEE Intl Conf on Parallel Distributed Processing with Applications, Big Data Cloud Computing, Sustainable Computing Communications, Social Computing Networking (ISPA/BDCloud/SocialCom/SustainCom). :1595–1599.
With the continuous development of the Internet of Vehicles, vehicles are no longer isolated nodes, but become a node in the car network. The open Internet will introduce traditional security issues into the Internet of Things. In order to ensure the safety of the networked cars, we hope to set up an intrusion detection system (IDS) on the vehicle terminal to detect and intercept network attacks. In our work, we designed an intrusion detection system for the Internet of Vehicles based on a convolutional neural network, which can run in a low-powered embedded vehicle terminal to monitor the data in the car network in real time. Moreover, for the case of packet encryption in some car networks, we have also designed a separate version for intrusion detection by analyzing the packet header. Experiments have shown that our system can guarantee high accuracy detection at low latency for attack traffic.