Satellite technologies are used for both civil and military purposes in the modern world, and typical applications include Communication, Navigation and Surveillance (CNS) services, which have a direct impact several economic, social and environmental protection activity. The increasing reliance on satellite services for safety-of-life and mission-critical applications (e.g., transport, defense and public safety services) creates a severe, although often overlooked, security problem, particularly when it comes to cyber threats. Like other increasingly digitized services, satellites and space platforms are vulnerable to cyberattacks. Thus, the existence of cybersecurity flaws may pose major threats to space-based assets and associated key infrastructure on the ground. These dangers could obstruct global economic progress and, by implication, international security if they are not properly addressed. Mega-constellations make protecting space infrastructure from cyberattacks much more difficult. This emphasizes the importance of defensive cyber countermeasures to minimize interruptions and ensure efficient and reliable contributions to critical infrastructure operations. Very importantly, space systems are inherently complex Cyber-Physical System (CPS) architectures, where communication, control and computing processes are tightly interleaved, and associated hardware/software components are seamlessly integrated. This represents a new challenge as many known physical threats (e.g., conventional electronic warfare measures) can now manifest their effects in cyberspace and, vice-versa, some cyber-threats can have detrimental effects in the physical domain. The concept of cyberspace underlies nearly every aspect of modern society s critical activities and relies heavily on critical infrastructure for economic advancement, public safety and national security. Many governments have expressed the desire to make a substantial contribution to secure cyberspace and are focusing on different aspects of the evolving industrial ecosystem, largely under the impulse of digital transformation and sustainable development goals. The level of cybersecurity attained in this framework is the sum of all national and international activities implemented to protect all actions in the cyber-physical ecosystem. This paper focuses on cybersecurity threats and vulnerabilities in various segments of space CPS architectures. More specifically, the paper identifies the applicable cyber threat mechanisms, conceivable threat actors and the associated space business implications. It also presents metrics and strategies for countering cyber threats and facilitating space mission assurance.

With the increased commercialization of deep learning (DL) models, there is also a growing need to protect them from illicit usage. For cost- and ease of deployment reasons it is becoming increasingly common to run DL models on the hardware of third parties. Although there are some hardware mechanisms, such as Trusted Execution Environments (TEE), to protect sensitive data, their availability is still limited and not well suited to resource demanding tasks, like DL models, that benefit from hardware accelerators. In this work, we make model stealing more difficult, presenting a novel way to divide up a DL model, with the main part on normal infrastructure and a small part in a remote TEE, and train it using adversarial techniques. In initial experiments on image classification models for the Fashion MNIST and CIFAR 10 datasets, we observed that this obfuscation protection makes it significantly more difficult for an adversary to leverage the exposed model components.

Counteracting the most dangerous attacks –advanced persistent threats – is an actual problem of modern enterprises. Usually these threats aimed not only at information resources but also at software and hardware resources of automated systems of industrial plants. As a rule, attackers use a number of methods including social engineering methods. The article is devoted to development of the methods for timely prevention from advanced persistent threats based on analysis of attackers’ tactics. Special attention in the article is paid to methods for detection provocations of the modernization of protection systems, as well as methods for monitoring the state of resources of the main automated system. Technique of identification of suspicious changes in the resources is also considered in the article. The result of applying this set of methods will help to increase the protection level of automated systems’ resources.

Practical cryptographic systems rely on a true random number generator (TRNG), which is a necessary component in any hardware Root-of-Trust (RoT). Hardware trust anchors are also integrated into larger chips, for instance as hard-IP cores in FPGAs, where the remaining FPGA fabric is freely programmable. To provide security guarantees, proper operation of the TRNG is critical. By that, adversaries are interested to tamper with the ability of TRNGs to produce unpredictable random numbers. In this paper, we show that an FPGA on-chip attack can reduce the true randomness of a TRNG integrated as a hard-IP module in the FPGA. This module is considered to be an immutable security module, compliant with NIST SP 800193 Platform Firmware Resilience Guidelines (PFR), which is a well known guideline for system resilience, and it is also certified by the Cryptographic Algorithm Validation Program (CAVP). By performing an on-chip voltage drop-based fault attack with user-programmable FPGA logic, the random numbers produced by the IP core fail NIST SP 800-22 and BSI AIS31 tests, meaning they are not truly random anymore. By that, this paper shows that new attack vectors can break even verified IP cores, since on-chip attacks are usually not considered in the threat model, which can still affect highly integrated systems.

With the development of Internet of Things (IoT) technology, the digital pill has been employed as an IoT system for emerging remote health monitoring to detect the impact of medicine intake on patients’ biological index. The medical data is then used for model training with federated learning. An adversary can launch poisoning attacks by tampering with patients’ medical data, which will lead to misdiagnosis of the patients’ conditions. Lots of studies have been conducted to defend against poisoning attacks based on blockchain or hardware. However, 1) Blockchain-based schemes can only exploit on-chain data to deal with poisoning attacks due to the lack of off-chain trusted entities. 2) Typical hardware-based schemes have the bottleneck of single point of failure. To overcome these defects, we propose a defense scheme via multiple Trusted Platform Modules (TPMs) and blockchain oracle. Benefitting from multiple TPMs verification results, a distributed blockchain oracle is proposed to obtain off-chain verification results for smart contracts. Then, the smart contracts could utilize the off-chain verification result to identify poisoning attacks and store the unique identifiers of the non-threatening IoT device immutably on the blockchain as a whitelist of federated learning participants. Finally, we analyze the security features and evaluate the performance of our scheme, which shows the robustness and efficiency of the proposed work.

The continuously growing importance of today’s technology paradigms such as the Internet of Things (IoT) and the new 5G/6G standard open up unique features and opportunities for smart systems and communication devices. Famous examples are edge computing and network slicing. Generational technology upgrades provide unprecedented data rates and processing power. At the same time, these new platforms must address the growing security and privacy requirements of future smart systems. This poses two main challenges concerning the digital processing hardware. First, we need to provide integrated trustworthiness covering hardware, runtime, and the operating system. Whereas integrated means that the hardware must be the basis to support secure runtime and operating system needs under very strict latency constraints. Second, applications of smart systems cover a wide range of requirements where "one- chip-fits-all" cannot be the cost and energy effective way forward. Therefore, we need to be able to provide a scalable hardware solution to cover differing needs in terms of processing resource requirements.In this paper, we discuss our research on an integrated design of a secure and scalable hardware platform including a runtime and an operating system. The architecture is built out of composable and preferably simple components that are isolated by default. This allows for the integration of third-party hardware/software without compromising the trusted computing base. The platform approach improves system security and provides a viable basis for trustworthy communication devices.

Hardware breakpoints are used to monitor the behavior of a program on a virtual machine (VM). Although a virtual machine monitor (VMM) can inspect programs on a VM at hardware breakpoints, the programs themselves can detect hardware breakpoints by reading debug registers. Malicious programs may change their behavior to avoid introspection and other security mechanisms if a hardware breakpoint is detected. To prevent introspection evasion, methods for hiding hardware breakpoints by returning a fake value to the VM are proposed. These methods detect the read and write operations of the debug register from the VM and then return the processing to the VM as if their access has succeeded. However, VM introspection remains detectable from the VM by confirming the availability of the debug exception in the address set. While the previous work handles the read and write operations of the debug register, the debug exception is not delivered to the VM program. To address this problem, this study presents a method for making hardware breakpoints compatible with VM introspection. The proposed method uses surplus debug address registers to deliver the debug exception at the hardware breakpoint set by the VM program. If a VM program attempts to write a value to a debug register, the VMM detects and stores the value in a real debug register that is not used for VM introspection. Because debug exception at the hardware breakpoint was delivered to the VM, hardware breakpoints set by the VM were compatible with VM introspection. The evaluation results showed that the proposed method had a low performance overhead.

Virtualization is essential in assisting businesses in lowering operational costs while still ensuring increased productivity, better hardware utilization, and flexibility. According to Patrick Lin, Senior Director of Product Management for VMware, "virtualization is both an opportunity and a threat." This survey gives a review of the literature on major virtualization technology security concerns. Our study primarily focuses on several open security flaws that virtualization introduces into the environment. Virtual machines (VMs) are overtaking physical machine infrastructures due to their capacity to simulate hardware environments, share hardware resources, and make use of a range of operating systems (OS). By offering a higher level of hardware abstraction and isolation, efficient external monitoring and recording, and on-demand access, VMs offer more effective security architecture than traditional machines. It concentrates on virtual machine-specific security concerns. The security risks mentioned in this proposal apply to all of the virtualization technologies now on the market; they are not unique to any one particular virtualization technology. In addition to some security advantages that come along with virtualization, the survey first gives a brief review of the various virtualization technologies that are now on the market. It conclude by going into great depth on a number of security gaps in the virtualized environment.

In the era of big data, more and more applications of smart devices are computing-intensive, thus raising the strong demand for task offloading to cloud data centers. However, it gives rise to network delay and privacy data leak issues. Edge computing can effectively solve latency, bandwidth occupation and data privacy problems, but the deployment of applications are also limited by hardware architectures and resources, i.e., computing and storage resources. Therefore, the combination of virtualization technology and edge computing become important in order to realize the rapid deployment of intelligent application in an edge server or an edge node by virtualization technology. The traditional virtual machine (VM) is no longer suitable for resource-constrained devices. Container technique including Docker can effectively solve these problems, but it also depends on an operating system. Unikernel is the state-of-art virtualization technology. In this paper, we combine Unikernel with edge computing to explore its application in an edge computing system. An application architecture of edge computing based on Unikernel is proposed. It is suitable for application in edge computing.

In this fast growing technology and tight integration of physical devices in conventional networks, the resource management and adaptive scalability is a problematic undertaking particularly when it comes to network security measures. Current work focuses on software defined network (SDN) and network function virtualization (NFV) based security solution to address problems in network and security management. However, deployment, configuration and implementation of SDN/NFVbased security solution remains a real challenge. To overcome this research challenge, this paper presents the implementation of SDN-NFVs based network security solution. The proposed methodology is based on using open network operating system (ONOS) SDN Controller with Zodiac FX Openflow switches and virtual network functions (VNF). VNF comprises of virtual security functions (VSF) which includes firewall, intrusion prevention system (IPS) and intrusion detection system (IDS). One of the main contributions of this research is the implementation of security solution of an enterprise, utilizing SDN-NFV platform and commodity hardware. We demonstrate the successful implementation, configuration and deployment of the proposed NFVbased network security solution for an enterprise.

Virtualization is essential in assisting businesses in lowering operational costs while still ensuring increased productivity, better hardware utilization, and flexibility. According to Patrick Lin, Senior Director of Product Management for VMware, "virtualization is both an opportunity and a threat." This survey gives a review of the literature on major virtualization technology security concerns. Our study primarily focuses on several open security flaws that virtualization introduces into the environment. Virtual machines (VMs) are overtaking physical machine infrastructures due to their capacity to simulate hardware environments, share hardware resources, and make use of a range of operating systems (OS). By offering a higher level of hardware abstraction and isolation, efficient external monitoring and recording, and on-demand access, VMs offer more effective security architecture than traditional machines. It concentrates on virtual machine-specific security concerns. The security risks mentioned in this proposal apply to all of the virtualization technologies now on the market; they are not unique to any one particular virtualization technology. In addition to some security advantages that come along with virtualization, the survey first gives a brief review of the various virtualization technologies that are now on the market. It conclude by going into great depth on a number of security gaps in the virtualized environment.

The experimental results demonstrated that, With the development of cloud computing, more and more people use cloud computing to do all kinds of things. However, for cloud computing, the most important thing is to ensure the stability of user data and improve security at the same time. From an analysis of the experimental results, it can be found that Cloud computing makes extensive use of technical means such as computing virtualization, storage system virtualization and network system virtualization, abstracts the underlying physical facilities into external unified interfaces, maps several virtual networks with different topologies to the underlying infrastructure, and provides differentiated services for external users. By comparing and analyzing the experimental results, it is clear that virtualization technology will be the main way to solve cloud computing security. Virtualization technology introduces a virtual layer between software and hardware, provides an independent running environment for applications, shields the dynamics, distribution and differences of hardware platforms, supports the sharing and reuse of hardware resources, provides each user with an independent and isolated computer environment, and facilitates the efficient and dynamic management and maintenance of software and hardware resources of the whole system. Applying virtualization technology to cloud security reduces the hardware cost and management cost of "cloud security" enterprises to a certain extent, and improves the security of "cloud security" technology to a certain extent. This paper will outline the basic cloud computing security methods, and focus on the analysis of virtualization cloud security technology.

Quantum Computing Security 2022 - As the development of quantum computing hardware is on the rise, its potential application to various research areas has been investigated, including to machine learning. Recently, there have been several initiatives to expand the work to quantum federated learning (QFL). However, challenges arise due to the fact that quantum computation poses different characteristics from classical computation, giving an even more challenge for a federated setting. In this paper, we present a highlevel overview of the current state of research in QFL. Furthermore, we also describe in brief about quantum computation and discuss its present limitations in relation to QFL development. Additionally, possible approaches to deploy QFL are explored. Lastly, remarks and challenges of QFL are also presented.

Quantum Computing Security 2022 - We propose a new paradigm for security of quantum protocols. Instead of making one, powerful, difficult to check assumption about the system, we make a few, which are easy to verify or otherwise justify. This enables us to combine very high security levels with relatively low hardware complexity. We present a self-testing quantum random number generator that demonstrates the usefulness of our paradigm. We describe this device, prove its security against active attacks, backdoors and malfunctions and analyze its efficiency.

Predictive Security Metrics - This paper belongs to a sequence of manuscripts that discuss generic and easy-to-apply security metrics for Strong PUFs. These metrics cannot and shall not fully replace in-depth machine learning (ML) studies in the security assessment of Strong PUF candidates. But they can complement the latter, serve in initial PUF complexity analyses, and are much easier and more efficient to apply: They do not require detailed knowledge of various ML methods, substantial computation times, or the availability of an internal parametric model of the studied PUF. Our metrics also can be standardized particularly easily. This avoids the sometimes inconclusive or contradictory findings of existing ML-based security test, which may result from the usage of different or non-optimized ML algorithms and hyperparameters, differing hardware resources, or varying numbers of challenge-response pairs in the training phase.

Oscillating Behaviors - There is a constant push for ever increasing performance in traditional computing systems, leading to high power consumption and, in the end, to the incapacity of conventional electronics to handle heavy computing tasks, which usually require learning features. Thus, the development of novel nanoelectronic devices with inherent neuromorphic characteristics and a low energy footprint has become a viable alternative. In order to simulate neuromorphic features utilizing memristive devices, the threshold switching effect is critical, which can be seen in the rich dynamics of metallic conductive filament (CF). In this paper, a realistic model of the unipolar nature of CBRAM devices is exploited to create a memristor-based oscillator that can integrate neuromorphic features. Bipolar memristive devices have been used to match the weight of the neurons in a crossbar configuration. The used physical model for these memristors was fitted to fabricated devices in order to achieve the expected accuracy in the circuit simulation. The oscillator’s output signal and behavior matched the theoretical background of biological neurons. Thus, this approach can be considered as the first step towards the development of low-power oscillation-based neuromorphic hardware with biological-like behavior.

Operating Systems Security - Drive Backup is an application for backing up data, including creating copies of partitions for quick recovery in case of an accident, virus attack or, if necessary, replacing all data, including the operating system and installed ones. Software, plus a new hard drive. Reinstalling the operating system and applications after a hardware failure or virus attack does not take you much time and effort. The best way to protect your computer is to create a backup of the system partition with the operating system installed on it and all the necessary applications. In this paper, The commercial hard disk backup system for quick recovery operating system in cloud storage system. Copies can be made to hard drives and removable media as well as network-connected drives. If you need a disk management program, check out the corporate version of this package. A multicast function for transferring copies of an image to multiple computers at the same time, well suited to the needs of corporate offices (for example, to create or restore multiple workstations). But for home backup, you may need to think about other programs - simpler and faster.

Operating Systems Security - The operating system is the core of the smart power terminal. It is designed to strengthen security from five aspects: terminal container security, system security, security audit, communication protocol security, and hardware access control. By formulating a verification strategy, a comparative security test was carried out for the security hardening and non-security hardening operating systems of smart power terminals, and a detailed comparison test table was formed, demonstrating the importance of security hardening and security hardening for the operating systems of smart power terminals The advantages. The security-hardened operating system can effectively ensure the security of the operating environment of the terminal body and prevent illegal access by malicious programs.

Network Security Architecture - Design a new generation of smart power meter components, build a smart power network, implement power meter safety protection, and complete smart power meter network security protection. The new generation of smart electric energy meters mainly complete legal measurement, safety fee control, communication, control, calculation, monitoring, etc. The smart power utilization structure network consists of the master station server, front-end processor, cryptographic machine and master station to form a master station management system. Through data collection and analysis, the establishment of intelligent energy dispatching operation, provides effective energy-saving policy algorithms and strategies, and realizes energy-smart electricity use manage. The safety protection architecture of the electric energy meter is designed from the aspects of its own safety, full-scenario application safety, and safety management. Own security protection consists of hardware security protection and software security protection. The full-scene application security protection system includes four parts: boundary security, data security, password security, and security monitoring. Security management mainly provides application security management strategies and security responsibility division strategies. The construction of the intelligent electric energy meter network system lays the foundation for network security protection.

Network on Chip Security - With the advancements in VLSI technology, Tiled Chip Multicore Processors (TCMP) with packet switched Network-on-Chip (NoC) have emerged as the backbone of the modern data intensive parallel multi-core systems. Tight timeto-market and cost constraints have forced chip manufacturers to use third-party IPs in sophisticated TCMP designs. This dependence over third party IPs has instigated security vulnerabilities in inter-tile communication that cannot be detected at manufacturing and testing phases. This includes possibility of having malicious circuits like Hardware Trojans (HT). NoC is the likely target of HT insertion due to its significance and positional advantage from system and communication standpoints. Recent research shows that HTs can manipulate control fields of NoC packets and leads to dead flit attacks that has the potential to disrupt the on-chip communication resulting in application level stalling. In this paper, we propose run time detection of such dead flit attacks by analyzing packet movement behaviours. We also propose a cost effective mitigation mechanism by re-routing the packets around the HT infected router. Our experimental study with real benchmarks on 8x8 mesh TCMP evaluates the effectiveness of the proposed solution.

Network on Chip Security - Due to the increasing complexity of modern heterogeneous System-on-Chips (SoC) and the growing vulnerabilities, security risk assessment and quantification is required to measure the trustworthiness of a SoC. This paper describes a systematic approach to model the security risk of a system for malicious hardware attacks. The proposed method uses graph analysis to assess the impact of an attack and the Common Vulnerability Scoring System (CVSS) is used to quantify the security level of the system. To demonstrate the applicability of the proposed metric, we consider two open source SoC benchmarks with different architectures. The overall risk is calculated using the proposed metric by computing the exploitability and impact of attack on critical components of a SoC.

Network on Chip Security - This paper designs a network security protection system based on artificial intelligence technology from two aspects of hardware and software. The system can simultaneously collect Internet public data and secret-related data inside the unit, and encrypt it through the TCM chip solidified in the hardware to ensure that only designated machines can read secret-related materials. The data edgecloud collaborative acquisition architecture based on chip encryption can realize the cross-network transmission of confidential data. At the same time, this paper proposes an edge-cloud collaborative information security protection method for industrial control systems by combining endaddress hopping and load balancing algorithms. Finally, using WinCC, Unity3D, MySQL and other development environments comprehensively, the feasibility and effectiveness of the system are verified by experiments.

Network on Chip Security - Soft real-time applications, including multimedia, gaming, and smart appliances, rely on specific architectural characteristics to deliver output in a time-constrained fashion. Any violation of application deadlines can lower the Quality-of-Service (QoS). The data sets associated with these applications are distributed over cores that communicate via Network-on-Chip (NoC) in multi-core systems. Accordingly, the response time of such applications depends on the worst-case latency of request/reply packets. A malicious implant such as Hardware Trojan (HT) that initiates a delay-of-service attack can tamper with the system performance. We model an HT that mounts a time-delay attack in the system by violating the path selection strategy used by the adaptive NoC router. Our analysis shows that once activated, the proposed HT increases the packet latency by 17\% and degrades the system performance (IPC) by 18\% over the Baseline. Furthermore, we propose an HT detection framework that uses packet traffic analysis and path monitoring to localise the HT. Experiment results show that the proposed detection framework exhibits 4.8\% less power consumption and 6.4\% less area than the existing technique.

Network on Chip Security - The Network-on-Chip (NoC) is the communication heart in Multiprocessors System-on-Chip (MPSoC). It offers an efficient and scalable interconnection platform, which makes it a focal point of potential security threats. Due to outsourcing design, the NoC can be infected with a malicious circuit, known as Hardware Trojan (HT), to leak sensitive information or degrade the system’s performance and function. An HT can form a security threat by consciously dropping packets from the NoC, structuring a Black Hole Router (BHR) attack. This paper presents an end-to-end secure interconnection network against the BHR attack. The proposed scheme is energy-efficient to detect the BHR in runtime with 1\% and 2\% average throughput and energy consumption overheads, respectively.

Network on Chip Security - Coarse-Grained Reconfigurable Arrays (CGRA) implemented using FPGA are widely applied due to the portability and compatibility. As an evolvable hardware (EHW) platform, it also faces hardware security problems, among which hardware Trojans (HTs) is the most prominent threat. HTs are malicious hardware components. Once implanted in the route units (RUs) of the network-on-chip (NoC) in CGRA, it will leak confidential information or destroy the entire system. However, few studies have focused on HT mitigation in RUs of NoC in CGRA. To this end, we present an evolutionary algorithm (EA)-based method to mitigate HT attacks in NoC of CGRA. Specifically, we employ the EA to explore generating the circuit structures that do not contain HT-infected RUs. In the simulation experiments built using Python, this paper reports the experimental results for two target evolutionary circuits in NoC and outlines the effectiveness of the proposed method.