Hardware breakpoints are used to monitor the behavior of a program on a virtual machine (VM). Although a virtual machine monitor (VMM) can inspect programs on a VM at hardware breakpoints, the programs themselves can detect hardware breakpoints by reading debug registers. Malicious programs may change their behavior to avoid introspection and other security mechanisms if a hardware breakpoint is detected. To prevent introspection evasion, methods for hiding hardware breakpoints by returning a fake value to the VM are proposed. These methods detect the read and write operations of the debug register from the VM and then return the processing to the VM as if their access has succeeded. However, VM introspection remains detectable from the VM by confirming the availability of the debug exception in the address set. While the previous work handles the read and write operations of the debug register, the debug exception is not delivered to the VM program. To address this problem, this study presents a method for making hardware breakpoints compatible with VM introspection. The proposed method uses surplus debug address registers to deliver the debug exception at the hardware breakpoint set by the VM program. If a VM program attempts to write a value to a debug register, the VMM detects and stores the value in a real debug register that is not used for VM introspection. Because debug exception at the hardware breakpoint was delivered to the VM, hardware breakpoints set by the VM were compatible with VM introspection. The evaluation results showed that the proposed method had a low performance overhead.

Virtualization is essential in assisting businesses in lowering operational costs while still ensuring increased productivity, better hardware utilization, and flexibility. According to Patrick Lin, Senior Director of Product Management for VMware, "virtualization is both an opportunity and a threat." This survey gives a review of the literature on major virtualization technology security concerns. Our study primarily focuses on several open security flaws that virtualization introduces into the environment. Virtual machines (VMs) are overtaking physical machine infrastructures due to their capacity to simulate hardware environments, share hardware resources, and make use of a range of operating systems (OS). By offering a higher level of hardware abstraction and isolation, efficient external monitoring and recording, and on-demand access, VMs offer more effective security architecture than traditional machines. It concentrates on virtual machine-specific security concerns. The security risks mentioned in this proposal apply to all of the virtualization technologies now on the market; they are not unique to any one particular virtualization technology. In addition to some security advantages that come along with virtualization, the survey first gives a brief review of the various virtualization technologies that are now on the market. It conclude by going into great depth on a number of security gaps in the virtualized environment.

In the era of big data, more and more applications of smart devices are computing-intensive, thus raising the strong demand for task offloading to cloud data centers. However, it gives rise to network delay and privacy data leak issues. Edge computing can effectively solve latency, bandwidth occupation and data privacy problems, but the deployment of applications are also limited by hardware architectures and resources, i.e., computing and storage resources. Therefore, the combination of virtualization technology and edge computing become important in order to realize the rapid deployment of intelligent application in an edge server or an edge node by virtualization technology. The traditional virtual machine (VM) is no longer suitable for resource-constrained devices. Container technique including Docker can effectively solve these problems, but it also depends on an operating system. Unikernel is the state-of-art virtualization technology. In this paper, we combine Unikernel with edge computing to explore its application in an edge computing system. An application architecture of edge computing based on Unikernel is proposed. It is suitable for application in edge computing.

In this fast growing technology and tight integration of physical devices in conventional networks, the resource management and adaptive scalability is a problematic undertaking particularly when it comes to network security measures. Current work focuses on software defined network (SDN) and network function virtualization (NFV) based security solution to address problems in network and security management. However, deployment, configuration and implementation of SDN/NFVbased security solution remains a real challenge. To overcome this research challenge, this paper presents the implementation of SDN-NFVs based network security solution. The proposed methodology is based on using open network operating system (ONOS) SDN Controller with Zodiac FX Openflow switches and virtual network functions (VNF). VNF comprises of virtual security functions (VSF) which includes firewall, intrusion prevention system (IPS) and intrusion detection system (IDS). One of the main contributions of this research is the implementation of security solution of an enterprise, utilizing SDN-NFV platform and commodity hardware. We demonstrate the successful implementation, configuration and deployment of the proposed NFVbased network security solution for an enterprise.

Virtualization is essential in assisting businesses in lowering operational costs while still ensuring increased productivity, better hardware utilization, and flexibility. According to Patrick Lin, Senior Director of Product Management for VMware, "virtualization is both an opportunity and a threat." This survey gives a review of the literature on major virtualization technology security concerns. Our study primarily focuses on several open security flaws that virtualization introduces into the environment. Virtual machines (VMs) are overtaking physical machine infrastructures due to their capacity to simulate hardware environments, share hardware resources, and make use of a range of operating systems (OS). By offering a higher level of hardware abstraction and isolation, efficient external monitoring and recording, and on-demand access, VMs offer more effective security architecture than traditional machines. It concentrates on virtual machine-specific security concerns. The security risks mentioned in this proposal apply to all of the virtualization technologies now on the market; they are not unique to any one particular virtualization technology. In addition to some security advantages that come along with virtualization, the survey first gives a brief review of the various virtualization technologies that are now on the market. It conclude by going into great depth on a number of security gaps in the virtualized environment.

The experimental results demonstrated that, With the development of cloud computing, more and more people use cloud computing to do all kinds of things. However, for cloud computing, the most important thing is to ensure the stability of user data and improve security at the same time. From an analysis of the experimental results, it can be found that Cloud computing makes extensive use of technical means such as computing virtualization, storage system virtualization and network system virtualization, abstracts the underlying physical facilities into external unified interfaces, maps several virtual networks with different topologies to the underlying infrastructure, and provides differentiated services for external users. By comparing and analyzing the experimental results, it is clear that virtualization technology will be the main way to solve cloud computing security. Virtualization technology introduces a virtual layer between software and hardware, provides an independent running environment for applications, shields the dynamics, distribution and differences of hardware platforms, supports the sharing and reuse of hardware resources, provides each user with an independent and isolated computer environment, and facilitates the efficient and dynamic management and maintenance of software and hardware resources of the whole system. Applying virtualization technology to cloud security reduces the hardware cost and management cost of "cloud security" enterprises to a certain extent, and improves the security of "cloud security" technology to a certain extent. This paper will outline the basic cloud computing security methods, and focus on the analysis of virtualization cloud security technology.

Quantum Computing Security 2022 - As the development of quantum computing hardware is on the rise, its potential application to various research areas has been investigated, including to machine learning. Recently, there have been several initiatives to expand the work to quantum federated learning (QFL). However, challenges arise due to the fact that quantum computation poses different characteristics from classical computation, giving an even more challenge for a federated setting. In this paper, we present a highlevel overview of the current state of research in QFL. Furthermore, we also describe in brief about quantum computation and discuss its present limitations in relation to QFL development. Additionally, possible approaches to deploy QFL are explored. Lastly, remarks and challenges of QFL are also presented.

Quantum Computing Security 2022 - We propose a new paradigm for security of quantum protocols. Instead of making one, powerful, difficult to check assumption about the system, we make a few, which are easy to verify or otherwise justify. This enables us to combine very high security levels with relatively low hardware complexity. We present a self-testing quantum random number generator that demonstrates the usefulness of our paradigm. We describe this device, prove its security against active attacks, backdoors and malfunctions and analyze its efficiency.

Predictive Security Metrics - This paper belongs to a sequence of manuscripts that discuss generic and easy-to-apply security metrics for Strong PUFs. These metrics cannot and shall not fully replace in-depth machine learning (ML) studies in the security assessment of Strong PUF candidates. But they can complement the latter, serve in initial PUF complexity analyses, and are much easier and more efficient to apply: They do not require detailed knowledge of various ML methods, substantial computation times, or the availability of an internal parametric model of the studied PUF. Our metrics also can be standardized particularly easily. This avoids the sometimes inconclusive or contradictory findings of existing ML-based security test, which may result from the usage of different or non-optimized ML algorithms and hyperparameters, differing hardware resources, or varying numbers of challenge-response pairs in the training phase.

Oscillating Behaviors - There is a constant push for ever increasing performance in traditional computing systems, leading to high power consumption and, in the end, to the incapacity of conventional electronics to handle heavy computing tasks, which usually require learning features. Thus, the development of novel nanoelectronic devices with inherent neuromorphic characteristics and a low energy footprint has become a viable alternative. In order to simulate neuromorphic features utilizing memristive devices, the threshold switching effect is critical, which can be seen in the rich dynamics of metallic conductive filament (CF). In this paper, a realistic model of the unipolar nature of CBRAM devices is exploited to create a memristor-based oscillator that can integrate neuromorphic features. Bipolar memristive devices have been used to match the weight of the neurons in a crossbar configuration. The used physical model for these memristors was fitted to fabricated devices in order to achieve the expected accuracy in the circuit simulation. The oscillator’s output signal and behavior matched the theoretical background of biological neurons. Thus, this approach can be considered as the first step towards the development of low-power oscillation-based neuromorphic hardware with biological-like behavior.

Operating Systems Security - Drive Backup is an application for backing up data, including creating copies of partitions for quick recovery in case of an accident, virus attack or, if necessary, replacing all data, including the operating system and installed ones. Software, plus a new hard drive. Reinstalling the operating system and applications after a hardware failure or virus attack does not take you much time and effort. The best way to protect your computer is to create a backup of the system partition with the operating system installed on it and all the necessary applications. In this paper, The commercial hard disk backup system for quick recovery operating system in cloud storage system. Copies can be made to hard drives and removable media as well as network-connected drives. If you need a disk management program, check out the corporate version of this package. A multicast function for transferring copies of an image to multiple computers at the same time, well suited to the needs of corporate offices (for example, to create or restore multiple workstations). But for home backup, you may need to think about other programs - simpler and faster.

Operating Systems Security - The operating system is the core of the smart power terminal. It is designed to strengthen security from five aspects: terminal container security, system security, security audit, communication protocol security, and hardware access control. By formulating a verification strategy, a comparative security test was carried out for the security hardening and non-security hardening operating systems of smart power terminals, and a detailed comparison test table was formed, demonstrating the importance of security hardening and security hardening for the operating systems of smart power terminals The advantages. The security-hardened operating system can effectively ensure the security of the operating environment of the terminal body and prevent illegal access by malicious programs.

Network Security Architecture - Design a new generation of smart power meter components, build a smart power network, implement power meter safety protection, and complete smart power meter network security protection. The new generation of smart electric energy meters mainly complete legal measurement, safety fee control, communication, control, calculation, monitoring, etc. The smart power utilization structure network consists of the master station server, front-end processor, cryptographic machine and master station to form a master station management system. Through data collection and analysis, the establishment of intelligent energy dispatching operation, provides effective energy-saving policy algorithms and strategies, and realizes energy-smart electricity use manage. The safety protection architecture of the electric energy meter is designed from the aspects of its own safety, full-scenario application safety, and safety management. Own security protection consists of hardware security protection and software security protection. The full-scene application security protection system includes four parts: boundary security, data security, password security, and security monitoring. Security management mainly provides application security management strategies and security responsibility division strategies. The construction of the intelligent electric energy meter network system lays the foundation for network security protection.

Network on Chip Security - With the advancements in VLSI technology, Tiled Chip Multicore Processors (TCMP) with packet switched Network-on-Chip (NoC) have emerged as the backbone of the modern data intensive parallel multi-core systems. Tight timeto-market and cost constraints have forced chip manufacturers to use third-party IPs in sophisticated TCMP designs. This dependence over third party IPs has instigated security vulnerabilities in inter-tile communication that cannot be detected at manufacturing and testing phases. This includes possibility of having malicious circuits like Hardware Trojans (HT). NoC is the likely target of HT insertion due to its significance and positional advantage from system and communication standpoints. Recent research shows that HTs can manipulate control fields of NoC packets and leads to dead flit attacks that has the potential to disrupt the on-chip communication resulting in application level stalling. In this paper, we propose run time detection of such dead flit attacks by analyzing packet movement behaviours. We also propose a cost effective mitigation mechanism by re-routing the packets around the HT infected router. Our experimental study with real benchmarks on 8x8 mesh TCMP evaluates the effectiveness of the proposed solution.

Network on Chip Security - Due to the increasing complexity of modern heterogeneous System-on-Chips (SoC) and the growing vulnerabilities, security risk assessment and quantification is required to measure the trustworthiness of a SoC. This paper describes a systematic approach to model the security risk of a system for malicious hardware attacks. The proposed method uses graph analysis to assess the impact of an attack and the Common Vulnerability Scoring System (CVSS) is used to quantify the security level of the system. To demonstrate the applicability of the proposed metric, we consider two open source SoC benchmarks with different architectures. The overall risk is calculated using the proposed metric by computing the exploitability and impact of attack on critical components of a SoC.

Network on Chip Security - This paper designs a network security protection system based on artificial intelligence technology from two aspects of hardware and software. The system can simultaneously collect Internet public data and secret-related data inside the unit, and encrypt it through the TCM chip solidified in the hardware to ensure that only designated machines can read secret-related materials. The data edgecloud collaborative acquisition architecture based on chip encryption can realize the cross-network transmission of confidential data. At the same time, this paper proposes an edge-cloud collaborative information security protection method for industrial control systems by combining endaddress hopping and load balancing algorithms. Finally, using WinCC, Unity3D, MySQL and other development environments comprehensively, the feasibility and effectiveness of the system are verified by experiments.

Network on Chip Security - Soft real-time applications, including multimedia, gaming, and smart appliances, rely on specific architectural characteristics to deliver output in a time-constrained fashion. Any violation of application deadlines can lower the Quality-of-Service (QoS). The data sets associated with these applications are distributed over cores that communicate via Network-on-Chip (NoC) in multi-core systems. Accordingly, the response time of such applications depends on the worst-case latency of request/reply packets. A malicious implant such as Hardware Trojan (HT) that initiates a delay-of-service attack can tamper with the system performance. We model an HT that mounts a time-delay attack in the system by violating the path selection strategy used by the adaptive NoC router. Our analysis shows that once activated, the proposed HT increases the packet latency by 17\% and degrades the system performance (IPC) by 18\% over the Baseline. Furthermore, we propose an HT detection framework that uses packet traffic analysis and path monitoring to localise the HT. Experiment results show that the proposed detection framework exhibits 4.8\% less power consumption and 6.4\% less area than the existing technique.

Network on Chip Security - The Network-on-Chip (NoC) is the communication heart in Multiprocessors System-on-Chip (MPSoC). It offers an efficient and scalable interconnection platform, which makes it a focal point of potential security threats. Due to outsourcing design, the NoC can be infected with a malicious circuit, known as Hardware Trojan (HT), to leak sensitive information or degrade the system’s performance and function. An HT can form a security threat by consciously dropping packets from the NoC, structuring a Black Hole Router (BHR) attack. This paper presents an end-to-end secure interconnection network against the BHR attack. The proposed scheme is energy-efficient to detect the BHR in runtime with 1\% and 2\% average throughput and energy consumption overheads, respectively.

Network on Chip Security - Coarse-Grained Reconfigurable Arrays (CGRA) implemented using FPGA are widely applied due to the portability and compatibility. As an evolvable hardware (EHW) platform, it also faces hardware security problems, among which hardware Trojans (HTs) is the most prominent threat. HTs are malicious hardware components. Once implanted in the route units (RUs) of the network-on-chip (NoC) in CGRA, it will leak confidential information or destroy the entire system. However, few studies have focused on HT mitigation in RUs of NoC in CGRA. To this end, we present an evolutionary algorithm (EA)-based method to mitigate HT attacks in NoC of CGRA. Specifically, we employ the EA to explore generating the circuit structures that do not contain HT-infected RUs. In the simulation experiments built using Python, this paper reports the experimental results for two target evolutionary circuits in NoC and outlines the effectiveness of the proposed method.

Multicore Computing Security - Dynamic Voltage and Frequency Scaling (DVFS) is a widely deployed low-power technology in modern systems. In this paper, we discover a vulnerability in the implementation of the DVFS technology that allows us to measure the processor’s frequency in the userspace. By exploiting this vulnerability, we successfully implement a covert channel on the commercial Intel platform and demonstrate that the covert channel can reach a throughput of 28.41bps with an error rate of 0.53\%. This work indicates that the processor’s hardware information that is unintentionally leaked to the userspace by the privileged kernel modules may cause security risks.

Multicore Computing Security - In this paper, we study the effectiveness of denial-ofservice (DoS) attacks on Intel’s heterogeneous multicore systemon-chips with integrated GPU (iGPU) in which the last level cache (LLC) and the main memory subsystem are shared between the multicore CPU and the iGPU. Using two Intel processors with iGPU, we evaluate four different DoS attacks, three CPU based and one iGPU based, and show they can induce very high degree of shared resource contention and thus dramatically slowdown the victim’s execution time. We further evaluate the effectiveness of Intel’s recent hardware based shared resource isolation mechanisms, namely Intel Cache Allocation Technology (CAT) and Graphics Technology Class of Service (GT COS), which provide shared LLC partitioning capability for the CPU cores and the iGPU, respectively, in defending against these DoS attacks. Using both synthetic and real-world benchmarks, we find that hardware based LLC partitioning mechanisms does provide spatial LLC space isolation but does not necessarily provide temporal isolation.

Multicore Computing Security - Physical memories or RAMs are essential components in a computer system to hold temporary information required for both software and hardware to work properly. When a system’s security is compromised (e.g., due to a malicious application), sensitive information being held in the memories can be leaked out for example to “the cloud”. The RISC-V privileged architecture standard adopts a method called Physical Memory Protection (PMP) to segregate a system’s memory into regions with different policy and permissions to prevent unprivileged software from accessing unauthorized regions. However, PMP does not prevent malicious software from hijacking an Input/Output (IO) device with Direct Memory Access (DMA) capability to indirectly gain unauthorized accesses and hence, a similar method commonly termed as “IOPMP” is being worked on in the RISC-V community. This paper describes an early implementation of IOPMP and how it is used to protect physical memory regions in a RISC-V system. Then, the potential performance impact of IOPMP is briefly elaborated. There are still work to be done and this early IOPMP implementation allows various aspects of the protection method such as its scalability, practicality, and effectiveness etc. to be studied for future enhancement.

Middleware Security - An evolvable hardware platform (EHWP) based on programmable devices can realize specific hardware function structures by changing the bitstreams. As EHWP becomes more and more widely used in security chips, issues related to hardware security have received focused attention, especially hardware Trojans (HTs). However, current research has focused on implementing defense against HTs in the underlying hardware, with very sparse mitigation solutions for HTs in the overlay/middleware layer. Given this, we attempt to implement an HTs mitigation solution using the characteristics of the EHWP. Specifically, we utilize evolutionary algorithm (EA) to explore new circuit structures to replace the HTsinfected resources, thus avoiding the related security issues. The experimental results show that the scheme proposed in this paper can effectively mitigate the HTs on EHWP.

Middleware Security - Cybersecurity of power hardware is becoming increasingly critical with the emergence of smart and connected devices such as Grid-connected inverters, EVs and their chargers, microgrid controllers, energy storage / energy management controllers, and smart appliances. Cyber-attacks on power hardware have had far-reaching and widespread impacts. For such cyber-physical systems, security must be ensured at all levels in the design - hardware, firmware, software and interfaces. Although previous approaches to cybersecurity have focused mainly on vulnerabilities in the firmware middleware, or software, vulnerabilities in the hardware itself are hard to identify and harder to mitigate, especially when most hardware components are proprietary and not examinable. This paper presents one approach to mitigate this conundrum - a completely open-source implementation of a microcontroller core along with the associated peripherals based on the well-known RISC-V instruction set architecture (ISA). The proof-of-concept architecture presented here uses the “Shakti” E-Class microcontroller core integrated with a fully custom PWM controller implemented in Verilog, and validated on a Xilinx Artix FPGA. For critical applications such designs may be replicated as a custom ASIC thereby guaranteeing total security of the computing hardware.

Measurement and Metrics Testing - FIPS 140-3 is the main standard defining security requirements for cryptographic modules in U.S. and Canada; commercially viable hardware modules generally need to be compliant with it. The scope of FIPS 140-3 will also expand to the new NIST Post-Quantum Cryptography (PQC) standards when migration from older RSA and Elliptic Curve cryptography begins. FIPS 140-3 mandates the testing of the effectiveness of “non-invasive attack mitigations”, or side-channel attack countermeasures. At higher security levels 3 and 4, the FIPS 140-3 side-channel testing methods and metrics are expected to be those of ISO 17825, which is based on the older Test Vector Leakage Assessment (TVLA) methodology. We discuss how to apply ISO 17825 to hardware modules that implement lattice-based PQC standards for public-key cryptography – Key Encapsulation Mechanisms (KEMs) and Digital Signatures. We find that simple “random key” vs. “fixed key” tests are unsatisfactory due to the close linkage between public and private components of PQC keypairs. While the general statistical testing approach and requirements can remain consistent with older public-key algorithms, a non-trivial challenge in creating ISO 17825 testing procedures for PQC is the careful design of test vector inputs so that only relevant Critical Security Parameter (CSP) leakage is captured in power, electromagnetic, and timing measurements.