Multicore Computing Security - Machines with multiple cores have become more and more popular. In order to fully utilize their parallel computation ability, efficient scheduling algorithm plays an important role. A good scheduler should output the reasonably good result quickly but most of the current schedulers fail to achieve this goal and always have to compromise between the running time and result quality. In response to the above concerns, this paper proposes one algorithm, Longest Path First In (LPFI), to do scheduling efficiently and effectively for multi-core. This algorithm uses a deterministic allocation mechanism to prioritize processes which are in long dependency chain. The experiment results show that, compared with greedy scheduling algorithm, LPFI has around 10\% improvement in the final result and can output the optimal result much faster than integer linear programming (ILP) scheduler.
Authored by Xiangyu Gao, Meikang Qiu
Multicore Computing Security - Automobiles have become an indispensable part of life for both business and pleasure in today s society. Because of the long-term continuous work, fatigue presents a great danger to ride-sharing and truck drivers. Therefore, this paper aims to design a device that provides valuable feedback by evaluating driver status and surroundings. A gradient judgment is made through lane detection and face detection. When a dangerous condition is detected, the driver will be alerted by music and audio announcements with different degrees. The system also has two additional functions. First, a digital record-keeping to assist the professional driver. The other is a security system that if a stranger starts the car, a text message will be sent to the owner s phone. Compared with those in previous works, the proposed system s efficacy and efficiency are validated qualitatively and quantitatively in driver fatigue detection.
Authored by Kai Yan, Chaoyue Zhao, Chengkang Shen, Peiyan Wang, Guoqing Wang
Multicore Computing Security - The automotive industry has recently emphasized reducing the number of Electronic Control Units (ECUs) installed in vehicles for economic and ecological reasons. This reduction means that the design and verification must be independent of the vehicle’s final choice of (MC)SoCs, knowing they will evolve as time passes. To that end, dataflow Models of Computation and Communication (MoCCs) are powerful tools for maintaining this independence. A subclass of dataflow MoCCs –deterministic dataflow MoCCs– is of particular interest since it allows designers to derive safety and security properties at compile-time. This work proposes a short survey of the existing deterministic dataflow MoCCs. We describe the properties of each dataflow MoCC and present an expressiveness hierarchy of dataflow MoCCs adjustable to designers’ needs.
Authored by Guillaume Roumage, Selma Azaiez, Stephane Louise
Multicore Computing Security - With the continuous improvement of processor performance requirements, technologies such as superscalar, deep pipeline, and multi-core which can improve instruction parallelism are frequently used. Under this technical background, branch prediction errors will increase the delay used to flush the pipeline and greatly reduce the performance of the processor. Therefore, for high-performance processors, branch predictors with high prediction accuracy are particularly important. Based on the open source RISC-V processor core SweRV EH1, this paper adopts two prediction predictors, the hybrid predictor, and the TAGE predictor to improve the prediction performance of the original processor. This paper uses the riscv-tests selfchecking test scheme to verify the instruction set of the optimized processor and completes the prototype verification on the Kintex7 KC705 FPGA. Based on PowerStone and CoreMark test programs, this paper separately evaluates the branch prediction performance and processor performance of the processor core with two kinds of branch predictors. Experiments show that the implementation of the hybrid predictor and the TAGE predictor respectively improves the branch prediction accuracy of PowerStone programs by 3.65\% and 3.39\%; the average branch prediction rate respectively reaches 85.98\% and 90.06\%. The performance of SweRV EH1 is respectively improved by 2.56\% and 5.43\%.
Authored by Changbiao Yao, Ziqin Meng, Wen Guo, Jianyang Zhou, Zichao Guo
Multicore Computing Security - This paper deals with hash based secure chaotic steganography technique for hiding secret information, into the cover image. Hash function has been used in the proposed work for computing the Non LSB positions for hiding the secret data bits. Secret is encoded with chaotic sequences and randomness of the sequences has been validated with NIST test suite. Shared memory implementation for faster execution of the proposed security technique has been done in OpenMP platform. Sequential and the parallel versions of the techniques have been implemented in C++, OpenMP and simulated in the Intel Haswell processor based multi-core environment. With the advantages offered by multicore processors the proposed technique ensures low time complexity. Significant speedup and linear scalability have been reported with increase in the number of threads. Standard statistical validation test results viz. PSNR, Euclidean distance, histogram analysis, SSIM index applied to validate the quality of stego image show satisfactory results.
Authored by Gaurav Gambhir, Jyotsna Mandal, Monika Gambhir
Multicore Computing Security - In this paper, we study the effectiveness of denial-ofservice (DoS) attacks on Intel’s heterogeneous multicore systemon-chips with integrated GPU (iGPU) in which the last level cache (LLC) and the main memory subsystem are shared between the multicore CPU and the iGPU. Using two Intel processors with iGPU, we evaluate four different DoS attacks, three CPU based and one iGPU based, and show they can induce very high degree of shared resource contention and thus dramatically slowdown the victim’s execution time. We further evaluate the effectiveness of Intel’s recent hardware based shared resource isolation mechanisms, namely Intel Cache Allocation Technology (CAT) and Graphics Technology Class of Service (GT COS), which provide shared LLC partitioning capability for the CPU cores and the iGPU, respectively, in defending against these DoS attacks. Using both synthetic and real-world benchmarks, we find that hardware based LLC partitioning mechanisms does provide spatial LLC space isolation but does not necessarily provide temporal isolation.
Authored by Michael Bechtel, Heechul Yun
Multicore Computing Security - Physical memories or RAMs are essential components in a computer system to hold temporary information required for both software and hardware to work properly. When a system’s security is compromised (e.g., due to a malicious application), sensitive information being held in the memories can be leaked out for example to “the cloud”. The RISC-V privileged architecture standard adopts a method called Physical Memory Protection (PMP) to segregate a system’s memory into regions with different policy and permissions to prevent unprivileged software from accessing unauthorized regions. However, PMP does not prevent malicious software from hijacking an Input/Output (IO) device with Direct Memory Access (DMA) capability to indirectly gain unauthorized accesses and hence, a similar method commonly termed as “IOPMP” is being worked on in the RISC-V community. This paper describes an early implementation of IOPMP and how it is used to protect physical memory regions in a RISC-V system. Then, the potential performance impact of IOPMP is briefly elaborated. There are still work to be done and this early IOPMP implementation allows various aspects of the protection method such as its scalability, practicality, and effectiveness etc. to be studied for future enhancement.
Authored by Jien Ng, Chee Ang, Hwa Law
Middleware Security - Virtual machine (VM) based application sandboxes leverage strong isolation guarantees of virtualization techniques to address several security issues through effective containment of malware. Specifically, in end-user physical hosts, potentially vulnerable applications can be isolated from each other (and the host) using VM based sandboxes. However, sharing data across applications executing within different sandboxes is a nontrivial requirement for end-user systems because at the end of the day, all applications are used by the end-user owning the device. Existing file sharing techniques compromise the security or efficiency, especially considering lack of technical expertise of many end-users in the contemporary times.
Authored by Saketh Maddamsetty, Ayush Tharwani, Debadatta Mishra
Middleware Security - An evolvable hardware platform (EHWP) based on programmable devices can realize specific hardware function structures by changing the bitstreams. As EHWP becomes more and more widely used in security chips, issues related to hardware security have received focused attention, especially hardware Trojans (HTs). However, current research has focused on implementing defense against HTs in the underlying hardware, with very sparse mitigation solutions for HTs in the overlay/middleware layer. Given this, we attempt to implement an HTs mitigation solution using the characteristics of the EHWP. Specifically, we utilize evolutionary algorithm (EA) to explore new circuit structures to replace the HTsinfected resources, thus avoiding the related security issues. The experimental results show that the scheme proposed in this paper can effectively mitigate the HTs on EHWP.
Authored by Zeyu Li, Zhao Huang, Junjie Wang, Quan Wang
Middleware Security - Online advertisements are a significant element of the Internet ecosystem. Businesses monitor their customers via pushing advertising (Ads). Within minutes, cybercriminals try to defraud and steal data through advertisements. Therefore, the issue of ads must be solved. Ads are obtrusive, a security risk, and they hinder performance and efficiency. Hence, the goal is to create an ad-blocker that would operate across the entire network and prevent advertisement on any website s web pages. To put it another way, it s a little computer with such a SoC (System - On - chip) also referred to as a Raspberry Pi that is merged with a networking system, for which we need to retrain the advertisements. On the home network, software named Pi Hole is used to block websites with advertisements. Any network traffic that passes via devices connected to the home network now passes through the Pi. As a result, the adverts are finally checked out during the Raspberry Pi before they reach the users machine and they will be blocked.
Authored by Harshal Sonawane, Manasi Patil, Shashank Patil, Uma Thakur, Bhavin Patil, Abha Marathe
Middleware Security - Securing IoT networks has been one of recent most active research topics. However, unlike traditional network security, where the emphasis is given on the core network, IoT networks are mostly investigated from the data standpoint. Lightweight data transmission protocols, such as Message Queue Telemetry Transport (MQTT), are often deployed for data-sharing and device authentication due to limited onboard resources. This paper presents the MQTT protocol’s security vulnerabilities by incorporating Elliptic Curve Cryptographybased (ECC-based) security to improve confidentiality issues. We used commercially off-the-shelf (COTS) devices such as Raspberry Pi to build a simplified network topology that connects IoT devices in our smart home laboratory. The results illustrate an ECC-based security application in confidentiality increase of 70.65\% from 29.35\% in time parameter during publish/subscribe communication protocol for the smart home.
Authored by Zainatul Yusoff, Mohamad Ishak, Lukman Rahim, Omer Ali
Middleware Security - Cybersecurity of power hardware is becoming increasingly critical with the emergence of smart and connected devices such as Grid-connected inverters, EVs and their chargers, microgrid controllers, energy storage / energy management controllers, and smart appliances. Cyber-attacks on power hardware have had far-reaching and widespread impacts. For such cyber-physical systems, security must be ensured at all levels in the design - hardware, firmware, software and interfaces. Although previous approaches to cybersecurity have focused mainly on vulnerabilities in the firmware middleware, or software, vulnerabilities in the hardware itself are hard to identify and harder to mitigate, especially when most hardware components are proprietary and not examinable. This paper presents one approach to mitigate this conundrum - a completely open-source implementation of a microcontroller core along with the associated peripherals based on the well-known RISC-V instruction set architecture (ISA). The proof-of-concept architecture presented here uses the “Shakti” E-Class microcontroller core integrated with a fully custom PWM controller implemented in Verilog, and validated on a Xilinx Artix FPGA. For critical applications such designs may be replicated as a custom ASIC thereby guaranteeing total security of the computing hardware.
Authored by S Swakath, Abhijit Kshirsagar, Koteswararao Kondepu, Satish Banavath, Andrii Chub, Dmitri Vinnikov
Middleware Security - Connected devices are being deployed at a steady rate, providing services like data collection. Pervasive applications rely on those edge devices to seamlessly provide services to users. To connect applications and edge devices, using a middleware has been a popular approach. The research is active on the subject as there are many open challenges. The secure management of the edge devices and the security of the middleware are two of them. As security is a crucial requirement for pervasive environment, we propose a middleware architecture easing the secure use of edge devices for pervasive applications, while supporting the heterogeneity of communication protocols and the dynamism of devices. Because of the heterogeneity in protocols and security features, not all edge devices are equally secure. To allow the pervasive applications to gain control over this heterogeneous security, we propose a model to describe edge devices security. This model is accessible by the applications through our middleware. To validate our work, we developed a demonstrator of our middleware and we tested it in a concrete scenario.
Authored by Arthur Desuert, Stéphanie Chollet, Laurent Pion, David Hely
Middleware Security - Web application security is the most important area when it comes to developing a web application. Many web applications having vulnerabilities due to poor implementation of security measures. These web applications will be deployed without fixing the vulnerabilities thus becomes vulnerable to many cyber-attacks. Simple attacks like brute-force and NoSQL injection could give unauthorized access to the user accounts. This leads to user privacy issues which could create huge loss to the organizations. These vulnerabilities can be fixed by implementing the necessary security measures while developing the web application. OWASP (Open Web Application Security Project) is a non-profit organization which gives the severity, impact and prevention methods about Top 10 vulnerabilities in web applications. This research deals with the implementation of bestsecurity practices for Node.js web applications in detail. This research paper proposes the security mechanisms for attacks related to front-end, middleware and backend web development using OWASP suggestions. The main focus of this research paper is on prevention of Denial-of-service attack, Brute force attack, NoSQL injection attack and Unrestricted file upload vulnerability.The proposed prevention methods are implemented in a web application to test the defensive mechanisms against the mentionedvulnerabilities.
Authored by Akshay Kumar, Usha Rani
Middleware Security - Robot Operating System 2 (ROS2) is the latest release of a framework for enabling robot applications. Data Distribution Service (DDS) middleware is used for communication between nodes in a ROS2 cluster. The DDS middleware provides a distributed discovery system, message definitions and serialization, and security. In ROS2, the DDS middleware is accessed through an abstraction layer, making it easy to switch from one implementation to another. The existing middleware implementations differ in a number of ways, e.g., in how they are supported in ROS2, in their support for the security features, their ease of use, their performance, and their interoperability. In this work, the focus is on the ease of use, interoperability, and security features aspects of ROS2 DDS middleware. We compare the ease of installation and ease of use of three different DDS middleware, and test the interoperability of different middleware combinations in simple deployment scenarios. We highlight the difference that enabling the security option makes to interoperability, and conduct performance experiments that show the effect that turning on security has on the communication performance. Our results provide guidelines for choosing and deploying DDS middleware on a ROS2 cluster.
Authored by Max Aartsen, Kanta Banga, Konrad Talko, Dustin Touw, Bertus Wisman, Daniel Meïnsma, Mathias Björkqvist
Metadata Discovery Problem - In order to enable a collaborative Model-based Systems Engineering (MBSE) environment through computer systems, it is completely necessary to enable the possibility of communicating tools (interoperability) and reusing previous engineering designs saving costs and time. In this context, the understanding of the underlying concepts and relationships embedded in the system artifacts becomes a cornerstone to properly exploit engineering artifacts. MBSE tool-chains and suites, such as Matlab Simulink, can be applied to different engineering activities: architecture design (descriptive modeling), simulation (analytical modeling) or verification. Reuse capabilities in specific engineering tools are a kind of non-functional aspect that is usually covered providing a type of search capability based on artifact metadata. In this work, we aim to ease the reuse of the knowledge embedded in Simulink models through a solution called PhysicalModel2Simulink. The proposed approach makes use of an ontology for representing, indexing and retrieving information following a meta-model (mainly to semantically represent concepts and relationships). Under this schema, both meta-data and contents are represented using a common domain vocabulary and taxonomy creating a property graph that can be exploited for system artifact discovery. To do so, a mapping between the Matlab Simulink meta-model and the RSHP (RelationShHiP) meta-model is defined to represent and serialize physical models in a repository. Then, a retrieval process is implemented on top of this repository to allow users to perform text-based queries and look up similar artifacts. To validate the proposed solution, 38 Simulink models have been used and 20 real user queries have been designed to study the effectiveness, in terms or precision and recall, of the proposed solution against the Matlab Simulink searching capabilities.
Authored by Eduardo Cibrian, Roy Mendieta, Jose Alvarez-Rodriguez, Juan Llorens
Metadata Discovery Problem - Collaborative software development platforms like GitHub have gained tremendous popularity. Unfortunately, many users have reportedly leaked authentication secrets (e.g., textual passwords and API keys) in public Git repositories and caused security incidents and finical loss. Recently, several tools were built to investigate the secret leakage in GitHub. However, these tools could only discover and scan a limited portion of files in GitHub due to platform API restrictions and bandwidth limitations. In this paper, we present SecretHunter, a real-time large-scale comprehensive secret scanner for GitHub. SecretHunter resolves the file discovery and retrieval difficulty via two major improvements to the Git cloning process. Firstly, our system will retrieve file metadata from repositories before cloning file contents. The early metadata access can help identify newly committed files and enable many bandwidth optimizations such as filename filtering and object deduplication. Secondly, SecretHunter adopts a reinforcement learning model to analyze file contents being downloaded and infer whether the file is sensitive. If not, the download process can be aborted to conserve bandwidth. We conduct a one-month empirical study to evaluate SecretHunter. Our results show that SecretHunter discovers 57\% more leaked secrets than state-of-the-art tools. SecretHunter also reduces 85\% bandwidth consumption in the object retrieval process and can be used in low-bandwidth settings (e.g., 4G connections).
Authored by Elliott Wen, Jia Wang, Jens Dietrich
Metadata Discovery Problem - Millions of connected devices like connected cameras and streaming videos are introduced to smart cities every year, which are valuable source of information. However, such rich source of information is mostly left untapped. Thus, in this paper, we propose distributed deep neural networks (DNNs) over edge visual Internet of Things (VIoT) devices for parallel, real-time video scene parsing and indexing in conjunction with BigQuery retrieval on stored data in the cloud. The IoT video streams parsed into adaptive meta-data of person, attributes, actions, object, and relations using pre-trained DNNs. The meta-data cached at the edge-cloud for real-time analytics and also continuously transferred to the cloud for data fusion and BigQuery batch processing. The proposed distributed deep learning search platform bridges the gap between edge-to-cloud continuum computation by utilizing state-of-the-art distributed deep learning and BigQuery search algorithms for the geo-distributed Visual Internet of Things (VIoT). We show that our proposed system supports real-time event-driven computing at 122 milliseconds on virtual IoT devices in parallel, and as low as 2.4 seconds batch query response time on multi-table JOIN and GROUP-BY aggregation.
Authored by Arun Das, Mehdi Roopaei, Mo Jamshidi, Peyman Najafirad
Metadata Discovery Problem - To conduct a well-designed and reproducible study, researchers must define and adhere to clear inclusion and exclusion criteria for subjects. Similarly, a well-run journal or conference should publish easily understood inclusion and exclusion criteria that determine which submissions will receive more detailed peer review. This will empower authors to identify the conferences and journals that are the best fit for their manuscripts while allowing organizers and peer reviewers to spend more time on the submissions that are of greatest interest. To provide a more systematic way of representing these criteria, we extend the syntax for concept-validating constraints of the Nexus-PORTAL-DOORS-Scribe cyberinfrastructure, which already serve as criteria for inclusion of records in a repository, to allow description of exclusion criteria.
Authored by Adam Craig, Carl Taswell
Metadata Discovery Problem - We present a methodology for constructing a spatial ontology-based datasets navigation model to allow cross-reference navigation between datasets. We defined the structure of the dataset as metadata, the field names, and the actual values. We defined the relationship between datasets as 3-layer such as metadata layer, field names layer, and data value layer. The relationships in the metadata layer was defined as the correspondence between metadata values. We standardized the field names in dataset to discover the relationships between field names. We designed a method to discover the relationship between data values based on common knowledge datasets for each domain. To confirm the validity of the presented methodology, we applied our methodology to implement an ontology-based knowledge navigation model for actual disasterrelated processes in operation. We built a knowledge navigation model based on spatial common knowledge.
Authored by Yun-Young Hwang, Sumi Shin
Metadata Discovery Problem - We defined and expressed graph-based relationships of pieces of knowledge to allow cross-reference navigation of the knowledge as an ontology. We present a methodology for constructing an ontology-based knowledge navigation model to allow cross-reference navigation between pieces of knowledge, related concepts and datasets. We defined the structure of the dataset as metadata, the field names of the actual values, and the actual values. We defined the relationship between datasets as 3-layer such as metadata layer, field names layer, and data value layer. The relationships in the metadata layer was defined as the correspondence between metadata values. We standardized the field names in dataset to discover the relationships between field names. We designed a method to discover the relationship between data values based on common knowledge for each domain. To confirm the validity of the presented methodology, we applied our methodology to implement an ontology-based knowledge navigation model for actual disaster-related processes in operation. We built a knowledge navigation model based on spatial common knowledge to confirm that the configuration of the knowledge navigation model was correct.
Authored by Yun-Young Hwang, Jiseong Son, Sumi Shin
Metadata Discovery Problem - The OPC UA (Open Platform Communications Unified Architecture) technology is found in many industrial applications as it addresses many of Industry 4.0’s requirements. One of its appeals is its service-oriented architecture. Nonetheless, it requires engineering efforts during deployment and maintenance to bind or associate the correct services to a client or consumer system. We propose the integration of OPC UA with the Eclipse Arrowhead Framework (EAF) to enable automatic service discovery and binding at runtime, reducing delays, costs, and errors. The integration also enables the client system to get the service endpoints by querying the service attributes or metadata. Moreover, this forms a bridge to other industrial communication technologies such as Modbus TCP (Transmission Control Protocol) as the framework is not limited to a specific protocol. To demonstrate the idea, an indexed line with an industrial PLC (programmable logic controller) with an OPC UA server is used to show that the desired services endpoints are revealed at runtime when querying their descriptive attributes or metadata through the EAF’s Orchestrator system.
Authored by Aparajita Tripathy, Jan Van Deventer, Cristina Paniagua, Jerker Delsing
Metadata Discovery Problem - Researchers seeking to apply computational methods are increasingly turning to scientific digital archives containing images of specimens. Unfortunately, metadata errors can inhibit the discovery and use of scientific archival images. One such case is the NSF-sponsored Biology Guided Neural Network (BGNN) project, where an abundance of metadata errors has significantly delayed development of a proposed, new class of neural networks. This paper reports on research addressing this challenge. We present a prototype workflow for specimen scientific name metadata verification that is grounded in Computational Archival Science (CAS), report on a taxonomy of specimen name metadata error types with preliminary solutions. Our 3-phased workflow includes tag extraction, text processing, and interactive assessment. A baseline test with the prototype workflow identified at least 15 scientific name metadata errors out of 857 manually reviewed, potentially erroneous specimen images, corresponding to a ∼ 0.2\% error rate for the full image dataset. The prototype workflow minimizes the amount of time domain experts need to spend reviewing archive metadata for correctness and AI-readiness before these archival images can be utilized in downstream analysis.
Authored by Joel Pepper, Andrew Senin, Dom Jebbia, David Breen, Jane Greenberg
Metadata Discovery Problem - Semantic segmentation is one of the key research areas in computer vision, which has very important applications in areas such as autonomous driving and medical image diagnosis. In recent years, the technology has advanced rapidly, where current models have been able to achieve high accuracy and efficient speed on some widely used datasets. However, the semantic segmentation task still suffers from the inability to generate accurate boundaries in the case of insufficient feature information. Especially in the field of medical image segmentation, most of the medical image datasets usually have class imbalance issues and there are always variations in factors such as shape and color between different datasets and cell types. Therefore, it is difficult to establish general algorithms across different classes and robust algorithms that differ across different datasets. In this paper, we propose a conditional data preprocessing strategy, i.e., Conditional Metadata Embedding (CME) data preprocessing strategy. The CME data preprocessing method will embed conditional information to the training data, which can assist the model to better overcome the differences in the datasets and extract useful feature information in the images. The experimental results show that the CME data preprocessing method can help different models achieve higher segmentation performance on different datasets, which shows the high practicality and robustness of this method.
Authored by Juntuo Wang, Qiaochu Zhao, Dongheng Lin, Erick Purwanto, Ka Man
Metadata Discovery Problem - Open Educational Resources (OER) are educational materials that are available in different repositories such as Merlot, SkillsCommons, MIT OpenCourseWare, etc. The quality of metadata facilitates the search and discovery tasks of educational resources. This work evaluates the metadata quality of 4142 OER from SkillsCommons. We applied supervised machine learning algorithms (Support Vector Machine and Random Forest Classifier) for automatic classification of two metadata: description and material type. Based on our data and model, performances of a first classification effort is reported with the accuracy of 70\%.
Authored by Veronica Segarra-Faggioni, Audrey Romero-Pelaez