Visible to the public Biblio

Found 363 results

Filters: First Letter Of Title is B  [Clear All Filters]
A [B] C D E F G H I J K L M N O P Q R S T U V W X Y Z   [Show ALL]
B
Liu, Gao, Dong, Huidong, Yan, Zheng.  2020.  B4SDC: A Blockchain System for Security Data Collection in MANETs. ICC 2020 - 2020 IEEE International Conference on Communications (ICC). :1–6.
Security-related data collection is an essential part for attack detection and security measurement in Mobile Ad Hoc Networks (MANETs). Due to no fixed infrastructure of MANETs, a detection node playing as a collector should discover available routes to a collection node for data collection. Notably, route discovery suffers from many attacks (e.g., wormhole attack), thus the detection node should also collect securityrelated data during route discovery and analyze these data for determining reliable routes. However, few literatures provide incentives for security-related data collection in MANETs, and thus the detection node might not collect sufficient data, which greatly impacts the accuracy of attack detection and security measurement. In this paper, we propose B4SDC, a blockchain system for security-related data collection in MANETs. Through controlling the scale of RREQ forwarding in route discovery, the collector can constrain its payment and simultaneously make each forwarder of control information (namely RREQs and RREPs) obtain rewards as much as possible to ensure fairness. At the same time, B4SDC avoids collusion attacks with cooperative receipt reporting, and spoofing attacks by adopting a secure digital signature. Based on a novel Proof-of-Stake consensus mechanism by accumulating stakes through message forwarding, B4SDC not only provides incentives for all participating nodes, but also avoids forking and ensures high efficiency and real decentralization at the same time. We analyze B4SDC in terms of incentives and security, and evaluate its performance through simulations. The thorough analysis and experimental results show the efficacy and effectiveness of B4SDC.
Brad Miller, Alex Kantchelian, Michael Carl Tschantz, Sadia Afroz, Rekha Bachwani, Riyaz Faizullabhoy, Ling Huang, Vaishaal Shankar, Tony Wu, George Yiu et al..  2015.  Back to the Future: Malware Detection with Temporally Consistent Labels. CoRR. abs/1510.07338

The malware detection arms race involves constant change: malware changes to evade detection and labels change as detection mechanisms react. Recognizing that malware changes over time, prior work has enforced temporally consistent samples by requiring that training binaries predate evaluation binaries. We present temporally consistent labels, requiring that training labels also predate evaluation binaries since training labels collected after evaluation binaries constitute label knowledge from the future. Using a dataset containing 1.1 million binaries from over 2.5 years, we show that enforcing temporal label consistency decreases detection from 91% to 72% at a 0.5% false positive rate compared to temporal samples alone.

The impact of temporal labeling demonstrates the potential of improved labels to increase detection results. Hence, we present a detector capable of selecting binaries for submission to an expert labeler for review. At a 0.5% false positive rate, our detector achieves a 72% true positive rate without an expert, which increases to 77% and 89% with 10 and 80 expert queries daily, respectively. Additionally, we detect 42% of malicious binaries initially undetected by all 32 antivirus vendors from VirusTotal used in our evaluation. For evaluation at scale, we simulate the human expert labeler and show that our approach is robust against expert labeling errors. Our novel contributions include a scalable malware detector integrating manual review with machine learning and the examination of temporal label consistency

Ronczka, J..  2016.  Backchanneling Quantum Bit (Qubit) 'Shuffling': Quantum Bit (Qubit) 'Shuffling' as Added Security by Slipstreaming Q-Morse. 2016 3rd Asia-Pacific World Congress on Computer Science and Engineering (APWC on CSE). :106–115.

A fresh look at the way secure communications is currently being done has been undertaken as a consequence of the large hacking's that have taken place recently. A plausible option maybe a return to the future via Morse code using how a quantum bit (Qubit) reacts when entangled to suggest a cypher. This quantum cyphers uses multiple properties of unique entities that have many random radicals which makes hacking more difficult that traditional 'Rivest-Shamir-Adleman' (RSA), 'Digital Signature Algorithm' (DSA) or 'Elliptic Curve Digital Signature Algorithm' (ECDSA). Additional security is likely by Backchannelling (slipstreaming) Quantum Morse code (Q-Morse) keys composed of living and non-living entities. This means Blockchain ledger history (forwards-backwards) is audited during an active session. Verification keys are Backchannelling (slipstreaming) during the session (e.g. train driver must incrementally activate a switch otherwise the train stops) using predicted-expected sender-receiver properties as well as their past history of disconformities to random radicals encountered. In summary, Quantum Morse code (Q-Morse) plausibly is the enabler to additional security by Backchannelling (slipstreaming) during a communications session.

Bresch, C., Lysecky, R., Hély, D..  2020.  BackFlow: Backward Edge Control Flow Enforcement for Low End ARM Microcontrollers. 2020 Design, Automation Test in Europe Conference Exhibition (DATE). :1606–1609.
This paper presents BackFlow, a compiler-based toolchain that enforces indirect backward edge control flow integrity for low-end ARM Cortex-M microprocessors. BackFlow is implemented within the Clang/LLVM compiler and supports the ARM instruction set and its subset Thumb. The control flow integrity generated by the compiler relies on a bitmap, where each set bit indicates a valid pointer destination. The efficiency of the framework is benchmarked using an STM32 NUCLEO F446RE microcontroller. The obtained results show that the control flow integrity solution incurs an execution time overhead ranging from 1.5 to 4.5%.
Xianguo Zhang, Tiejun Huang, Yonghong Tian, Wen Gao.  2014.  Background-Modeling-Based Adaptive Prediction for Surveillance Video Coding. Image Processing, IEEE Transactions on. 23:769-784.

The exponential growth of surveillance videos presents an unprecedented challenge for high-efficiency surveillance video coding technology. Compared with the existing coding standards that were basically developed for generic videos, surveillance video coding should be designed to make the best use of the special characteristics of surveillance videos (e.g., relative static background). To do so, this paper first conducts two analyses on how to improve the background and foreground prediction efficiencies in surveillance video coding. Following the analysis results, we propose a background-modeling-based adaptive prediction (BMAP) method. In this method, all blocks to be encoded are firstly classified into three categories. Then, according to the category of each block, two novel inter predictions are selectively utilized, namely, the background reference prediction (BRP) that uses the background modeled from the original input frames as the long-term reference and the background difference prediction (BDP) that predicts the current data in the background difference domain. For background blocks, the BRP can effectively improve the prediction efficiency using the higher quality background as the reference; whereas for foreground-background-hybrid blocks, the BDP can provide a better reference after subtracting its background pixels. Experimental results show that the BMAP can achieve at least twice the compression ratio on surveillance videos as AVC (MPEG-4 Advanced Video Coding) high profile, yet with a slightly additional encoding complexity. Moreover, for the foreground coding performance, which is crucial to the subjective quality of moving objects in surveillance videos, BMAP also obtains remarkable gains over several state-of-the-art methods.

Portnoff, Rebecca S., Huang, Danny Yuxing, Doerfler, Periwinkle, Afroz, Sadia, McCoy, Damon.  2017.  Backpage and Bitcoin: Uncovering Human Traffickers. Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. :1595–1604.

Sites for online classified ads selling sex are widely used by human traffickers to support their pernicious business. The sheer quantity of ads makes manual exploration and analysis unscalable. In addition, discerning whether an ad is advertising a trafficked victim or an independent sex worker is a very difficult task. Very little concrete ground truth (i.e., ads definitively known to be posted by a trafficker) exists in this space. In this work, we develop tools and techniques that can be used separately and in conjunction to group sex ads by their true owner (and not the claimed author in the ad). Specifically, we develop a machine learning classifier that uses stylometry to distinguish between ads posted by the same vs. different authors with 90% TPR and 1% FPR. We also design a linking technique that takes advantage of leakages from the Bitcoin mempool, blockchain and sex ad site, to link a subset of sex ads to Bitcoin public wallets and transactions. Finally, we demonstrate via a 4-week proof of concept using Backpage as the sex ad site, how an analyst can use these automated approaches to potentially find human traffickers.

Luo, S., Wang, Y., Huang, W., Yu, H..  2016.  Backup and Disaster Recovery System for HDFS. 2016 International Conference on Information Science and Security (ICISS). :1–4.

HDFS has been widely used for storing massive scale data which is vulnerable to site disaster. The file system backup is an important strategy for data retention. In this paper, we present an efficient, easy- to-use Backup and Disaster Recovery System for HDFS. The system includes a client based on HDFS with additional feature of remote backup, and a remote server with a HDFS cluster to keep the backup data. It supports full backup and regularly incremental backup to the server with very low cost and high throughout. In our experiment, the average speed of backup and recovery is up to 95 MB/s, approaching the theoretical maximum speed of gigabit Ethernet.

Anh, Pham Nguyen Quang, Fan, Rui, Wen, Yonggang.  2016.  Balanced Hashing and Efficient GPU Sparse General Matrix-Matrix Multiplication. Proceedings of the 2016 International Conference on Supercomputing. :36:1–36:12.

General sparse matrix-matrix multiplication (SpGEMM) is a core component of many algorithms. A number of recent works have used high throughput graphics processing units (GPUs) to accelerate SpGEMM. However, exploiting the power of GPUs for SpGEMM requires addressing a number of challenges, including highly imbalanced workloads and large numbers of inefficient random global memory accesses. This paper presents a SpGEMM algorithm which uses several novel techniques to overcome these problems. We first propose two low cost methods to achieve perfect load balancing during the most expensive step in SpGEMM. Next, we show how to eliminate nearly all random global memory accesses using shared memory based hash tables. To optimize the performance of the hash tables, we propose a lightweight method to estimate the number of nonzeros in the output matrix. We compared our algorithm to the CUSP, CUSPARSE and the state-of-the-art BHSPARSE GPU SpGEMM algorithms, and show that it performs 5.6x, 2.4x and 1.5x better on average, and up to 11.8x, 9.5x and 2.5x better in the best case, respectively. Furthermore, we show that our algorithm performs especially well on highly imbalanced and unstructured matrices.

Kumar, A. Ranjith, Sivagami, A..  2019.  Balanced Load Clustering with Trusted Multipath Relay Routing Protocol for Wireless Sensor Network. 2019 Innovations in Power and Advanced Computing Technologies (i-PACT). 1:1–6.

Clustering is one of an eminent mechanism which deals with large number of nodes and effective consumption of energy in wireless sensor networks (WSN). Balanced Load Clustering is used to balance the channel bandwidth by incorporating the concept of HMAC. Presently several research studies works to improve the quality of service and energy efficiency of WSN but the security issues are not taken care of. Relay based multipath trust is one of the methods to secure the network. To this end, a novel approach called Balanced Load Clustering with Trusted Multipath Relay Routing Protocol (BLC-TMR2) to improve the performance of the network. The proposed protocol consists of two algorithms. Initially in order to reduce the energy consumption of the network, balanced load clustering (BLC) concepts is introduced. Secondly to secure the network from the malicious activity trusted multipath relay routing protocol (TMR2) is used. Multipath routing is monitored by the relay node and it computed the trust values. Network simulation (NS2) software is used to obtain the results and the results prove that the proposed system performs better the earlier methods the in terms of efficiency, consumption, QoS and throughput.

Singh, S. K., Bziuk, W., Jukan, A..  2016.  Balancing Data Security and Blocking Performance with Spectrum Randomization in Optical Networks. 2016 IEEE Global Communications Conference (GLOBECOM). :1–7.

Data randomization or scrambling has been effectively used in various applications to improve the data security. In this paper, we use the idea of data randomization to proactively randomize the spectrum (re)allocation to improve connections' security. As it is well-known that random (re)allocation fragments the spectrum and thus increases blocking in elastic optical networks, we analyze the tradeoff between system performance and security. To this end, in addition to spectrum randomization, we utilize an on-demand defragmentation scheme every time a request is blocked due to the spectrum fragmentation. We model the occupancy pattern of an elastic optical link (EOL) using a multi-class continuous-time Markov chain (CTMC) under the random-fit spectrum allocation method. Numerical results show that although both the blocking and security can be improved for a particular so-called randomization process (RP) arrival rate, while with the increase in RP arrival rate the connections' security improves at the cost of the increase in overall blocking.

Esmeel, T. K., Hasan, M. M., Kabir, M. N., Firdaus, A..  2020.  Balancing Data Utility versus Information Loss in Data-Privacy Protection using k-Anonymity. 2020 IEEE 8th Conference on Systems, Process and Control (ICSPC). :158—161.

Data privacy has been an important area of research in recent years. Dataset often consists of sensitive data fields, exposure of which may jeopardize interests of individuals associated with the data. In order to resolve this issue, privacy techniques can be used to hinder the identification of a person through anonymization of the sensitive data in the dataset to protect sensitive information, while the anonymized dataset can be used by the third parties for analysis purposes without obstruction. In this research, we investigated a privacy technique, k-anonymity for different values of on different number columns of the dataset. Next, the information loss due to k-anonymity is computed. The anonymized files go through the classification process by some machine-learning algorithms i.e., Naive Bayes, J48 and neural network in order to check a balance between data anonymity and data utility. Based on the classification accuracy, the optimal values of and are obtained, and thus, the optimal and can be used for k-anonymity algorithm to anonymize optimal number of columns of the dataset.

Moore, A. P., Cassidy, T. M., Theis, M. C., Bauer, D., Rousseau, D. M., Moore, S. B..  2018.  Balancing Organizational Incentives to Counter Insider Threat. 2018 IEEE Security and Privacy Workshops (SPW). :237–246.

Traditional security practices focus on negative incentives that attempt to force compliance through constraints, monitoring, and punishment. This paper describes a missing dimension of most organizations' insider threat defense-one that explicitly considers positive incentives for attracting individuals to act in the interests of the organization. Positive incentives focus on properties of the organizational context of workforce management practices - including those relating to organizational supportiveness, coworker connectedness, and job engagement. Without due attention to the organizational context in which insider threats occur, insider misbehaviors may simply reoccur as a natural response to counterproductive or dysfunctional management practices. A balanced combination of positive and negative incentives can improve employees' relationships with the organization and provide a means for employees to better cope with personal and professional stressors. An insider threat program that balances organizational incentives can become an advocate for the workforce and a means for improving employee work life - a welcome message to employees who feel threatened by programs focused on discovering insider wrongdoing.

Kahvazadeh, Sarang, Masip-Bruin, Xavi, Díaz, Rodrigo, Marín-Tordera, Eva, Jurnet, Alejandro, Garcia, Jordi, Juan, Ana, Simó, Ester.  2019.  Balancing Security Guarantees vs QoS Provisioning in Combined Fog-to-Cloud Systems. 2019 10th IFIP International Conference on New Technologies, Mobility and Security (NTMS). :1–6.

Several efforts are currently active in dealing with scenarios combining fog, cloud computing, out of which a significant proportion is devoted to control, and manage the resulting scenario. Certainly, although many challenging aspects must be considered towards the design of an efficient management solution, it is with no doubt that whatever the solution is, the quality delivered to the users when executing services and the security guarantees provided to the users are two key aspects to be considered in the whole design. Unfortunately, both requirements are often non-convergent, thus making a solution suitably addressing both aspects is a challenging task. In this paper, we propose a decoupled transversal security strategy, referred to as DCF, as a novel architectural oriented policy handling the QoS-Security trade-off, particularly designed to be applied to combined fog-to-cloud systems, and specifically highlighting its impact on the delivered QoS.

Zhi-wen, Wang, Yang, Cheng.  2018.  Bandwidth Allocation Strategy of Networked Control System under Denial-of-Service Attack. 2018 4th Annual International Conference on Network and Information Systems for Computers (ICNISC). :49—55.

In this paper, security of networked control system (NCS) under denial of service (DoS) attack is considered. Different from the existing literatures from the perspective of control systems, this paper considers a novel method of dynamic allocation of network bandwidth for NCS under DoS attack. Firstly, time-constrained DoS attack and its impact on the communication channel of NCS are introduced. Secondly, details for the proposed dynamic bandwidth allocation structure are presented along with an implementation, which is a bandwidth allocation strategy based on error between current state and equilibrium state and available bandwidth. Finally, a numerical example is given to demonstrate the effectiveness of the proposed bandwidth allocation approach.

Geva, M., Herzberg, A., Gev, Y..  2014.  Bandwidth Distributed Denial of Service: Attacks and Defenses. Security Privacy, IEEE. 12:54-61.

The Internet is vulnerable to bandwidth distributed denial-of-service (BW-DDoS) attacks, wherein many hosts send a huge number of packets to cause congestion and disrupt legitimate traffic. So far, BW-DDoS attacks have employed relatively crude, inefficient, brute force mechanisms; future attacks might be significantly more effective and harmful. To meet the increasing threats, we must deploy more advanced defenses.

Hu, Xiaoyi, Wang, Ke.  2020.  Bank Financial Innovation and Computer Information Security Management Based on Artificial Intelligence. 2020 2nd International Conference on Machine Learning, Big Data and Business Intelligence (MLBDBI). :572—575.
In recent years, with the continuous development of various new Internet technologies, big data, cloud computing and other technologies have been widely used in work and life. The further improvement of data scale and computing capability has promoted the breakthrough development of artificial intelligence technology. The generalization and classification of financial science and technology not only have a certain impact on the traditional financial business, but also put forward higher requirements for commercial banks to operate financial science and technology business. Artificial intelligence brings fresh experience to financial services and is conducive to increasing customer stickiness. Artificial intelligence technology helps the standardization, modeling and intelligence of banking business, and helps credit decision-making, risk early warning and supervision. This paper first discusses the influence of artificial intelligence on financial innovation, and on this basis puts forward measures for the innovation and development of bank financial science and technology. Finally, it discusses the problem of computer information security management in bank financial innovation in the era of artificial intelligence.
Sui, Zhiyuan, de Meer, Hermann.  2019.  BAP: A Batch and Auditable Privacy Preservation Scheme for Demand-Response in Smart Grids. IEEE Transactions on Industrial Informatics. :1–1.
Advancing network technologies allows the setup of two-way communication links between energy providers and consumers. These developing technologies aim to enhance grid reliability and energy efficiency in smart grids. To achieve this goal, energy usage reports from consumers are required to be both trustworthy and confidential. In this paper, we construct a new data aggregation scheme in smart grids based on a homomorphic encryption algorithm. In the constructed scheme, obedient consumers who follow the instruction can prove its ajustment using a range proof protocol. Additionally, we propose a new identity-based signature algorithm in order to ensure authentication and integrity of the constructed scheme. By using this signature algorithm, usage reports are verified in real time. Extensive simulations demonstrate that our scheme outperforms other data aggregation schemes.
Dudley, John J., Schuff, Hendrik, Kristensson, Per Ola.  2018.  Bare-Handed 3D Drawing in Augmented Reality. Proceedings of the 2018 Designing Interactive Systems Conference. :241-252.

Head-mounted augmented reality (AR) enables embodied in situ drawing in three dimensions (3D). We explore 3D drawing interactions based on uninstrumented, unencumbered (bare) hands that preserve the user's ability to freely navigate and interact with the physical environment. We derive three alternative interaction techniques supporting bare-handed drawing in AR from the literature and by analysing several envisaged use cases. The three interaction techniques are evaluated in a controlled user study examining three distinct drawing tasks: planar drawing, path description, and 3D object reconstruction. The results indicate that continuous freehand drawing supports faster line creation than the control point based alternatives, although with reduced accuracy. User preferences for the different techniques are mixed and vary considerably between the different tasks, highlighting the value of diverse and flexible interactions. The combined effectiveness of these three drawing techniques is illustrated in an example application of 3D AR drawing.

Lu, Zhaojun, Wang, Qian, Qu, Gang, Liu, Zhenglin.  2018.  BARS: A Blockchain-Based Anonymous Reputation System for Trust Management in VANETs. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :98–103.
The public key infrastructure (PKI) based authentication protocol provides the basic security services for vehicular ad-hoc networks (VANETs). However, trust and privacy are still open issues due to the unique characteristics of vehicles. It is crucial for VANETs to prevent internal vehicles from broadcasting forged messages while simultaneously protecting the privacy of each vehicle against tracking attacks. In this paper, we propose a blockchain-based anonymous reputation system (BARS) to break the linkability between real identities and public keys to preserve privacy. The certificate and revocation transparency is implemented efficiently using two blockchains. We design a trust model to improve the trustworthiness of messages relying on the reputation of the sender based on both direct historical interactions and indirect opinions about the sender. Experiments are conducted to evaluate BARS in terms of security and performance and the results show that BARS is able to establish distributed trust management, while protecting the privacy of vehicles.
Santoro, Donatello, Arocena, Patricia C., Glavic, Boris, Mecca, Giansalvatore, Miller, Renée J., Papotti, Paolo.  2016.  BART in Action: Error Generation and Empirical Evaluations of Data-Cleaning Systems. Proceedings of the 2016 International Conference on Management of Data. :2161–2164.

Repairing erroneous or conflicting data that violate a set of constraints is an important problem in data management. Many automatic or semi-automatic data-repairing algorithms have been proposed in the last few years, each with its own strengths and weaknesses. Bart is an open-source error-generation system conceived to support thorough experimental evaluations of these data-repairing systems. The demo is centered around three main lessons. To start, we discuss how generating errors in data is a complex problem, with several facets. We introduce the important notions of detectability and repairability of an error, that stand at the core of Bart. Then, we show how, by changing the features of errors, it is possible to influence quite significantly the performance of the tools. Finally, we concretely put to work five data-repairing algorithms on dirty data of various kinds generated using Bart, and discuss their performance.

Paone, J., Bolme, D., Ferrell, R., Aykac, D., Karnowski, T..  2015.  Baseline face detection, head pose estimation, and coarse direction detection for facial data in the SHRP2 naturalistic driving study. 2015 IEEE Intelligent Vehicles Symposium (IV). :174–179.

Keeping a driver focused on the road is one of the most critical steps in insuring the safe operation of a vehicle. The Strategic Highway Research Program 2 (SHRP2) has over 3,100 recorded videos of volunteer drivers during a period of 2 years. This extensive naturalistic driving study (NDS) contains over one million hours of video and associated data that could aid safety researchers in understanding where the driver's attention is focused. Manual analysis of this data is infeasible; therefore efforts are underway to develop automated feature extraction algorithms to process and characterize the data. The real-world nature, volume, and acquisition conditions are unmatched in the transportation community, but there are also challenges because the data has relatively low resolution, high compression rates, and differing illumination conditions. A smaller dataset, the head pose validation study, is available which used the same recording equipment as SHRP2 but is more easily accessible with less privacy constraints. In this work we report initial head pose accuracy using commercial and open source face pose estimation algorithms on the head pose validation data set.

Patel, Himanshu B., Jinwala, Devesh C., Patel, Dhiren R..  2016.  Baseline Intrusion Detection Framework for 6LoWPAN Devices. Adjunct Proceedings of the 13th International Conference on Mobile and Ubiquitous Systems: Computing Networking and Services. :72–76.

Internet Engineering Task Force (IETF) is working on 6LoW-PAN standard which allows smart devices to be connected to Internet using large address space of IPV6. 6LoWPAN acts as a bridge between resource constrained devices and the Internet. The entire IoT space is vulnerable to local threats as well as the threats from the Internet. Due to the random deployment of the network nodes and the absence of tamper resistant shield, the resource constrained IoT elements face potential insider attacks even in presence of front line defense mechanism that involved cryptographic protocols. To detect such insidious nodes, an Intrusion Detection System (IDS) is required as a second line of defense. In this paper, we attempt to analyze such potential insider attacks, while reviewing the IDS based countermeasures. We attempt to propose a baseline for designing IDS for 6LoWPAN based IoT system.

Sah, Love Kumar, Polnati, Srivarsha, Islam, Sheikh Ariful, Katkoori, Srinivas.  2020.  Basic Block Encoding Based Run-Time CFI Check for Embedded Software. 2020 IFIP/IEEE 28th International Conference on Very Large Scale Integration (VLSI-SOC). :135–140.
Modern control flow attacks circumvent existing defense mechanisms to transfer the program control to attacker chosen malicious code in the program, leaving application vulnerable to attack. Advanced attacks such as Return-Oriented Programming (ROP) attack and its variants, transfer program execution to gadgets (code-snippet that ends with return instruction). The code space to generate gadgets is large and attacks using these gadgets are Turing-complete. One big challenge to harden the program against ROP attack is to confine gadget selection to a limited locations, thus leaving the attacker to search entire code space according to payload criteria. In this paper, we present a novel approach to label the nodes of the Control-Flow Graph (CFG) of a program such that labels of the nodes on a valid control flow edge satisfy a Hamming distance property. The newly encoded CFG enables detection of illegal control flow transitions during the runtime in the processor pipeline. Experimentally, we have demonstrated that the proposed Control Flow Integrity (CFI) implementation is effective against control-flow hijacking and the technique can reduce the search space of the ROP gadgets upto 99.28%. We have also validated our technique on seven applications from MiBench and the proposed labeling mechanism incurs no instruction count overhead while, on average, it increases instruction width to a maximum of 12.13%.
Peters, Travis, Lal, Reshma, Varadarajan, Srikanth, Pappachan, Pradeep, Kotz, David.  2018.  BASTION-SGX: Bluetooth and Architectural Support for Trusted I/O on SGX. Proceedings of the 7th International Workshop on Hardware and Architectural Support for Security and Privacy. :3:1–3:9.
This paper presents work towards realizing architectural support for Bluetooth Trusted I/O on SGX-enabled platforms, with the goal of providing I/O data protection that does not rely on system software security. Indeed, we are primarily concerned with protecting I/O from all software adversaries, including privileged software. In this paper we describe the challenges in designing and implementing Trusted I/O at the architectural level for Bluetooth. We propose solutions to these challenges. In addition, we describe our proof-of-concept work that extends existing over-the-air Bluetooth security all the way to an SGX enclave by securing user data between the Bluetooth Controller and an SGX enclave.
Beckwith, E., Thamilarasu, G..  2020.  BA-TLS: Blockchain Authentication for Transport Layer Security in Internet of Things. 2020 7th International Conference on Internet of Things: Systems, Management and Security (IOTSMS). :1—8.

Traditional security solutions that rely on public key infrastructure present scalability and transparency challenges when deployed in Internet of Things (IoT). In this paper, we develop a blockchain based authentication mechanism for IoT that can be integrated into the traditional transport layer security protocols such as Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). Our proposed mechanism is an alternative to the traditional Certificate Authority (CA)-based Public Key Infrastructure (PKI) that relies on x.509 certificates. Specifically, the proposed solution enables the modified TLS/DTLS a viable option for resource constrained IoT devices where minimizing memory utilization is critical. Experiments show that blockchain based authentication can reduce dynamic memory usage by up to 20%, while only minimally increasing application image size and time of execution of the TLS/DTLS handshake.