We present a hybrid application methodology comprising a design space exploration with a formal performance analysis for individual applications. This results in several resource reservation configurations with verified real-time guarantees. The Pareto-optimal configurations are handed over to run-time management which searches for a suitable mapping. We achieve real-time guarantees through the concept of composability either by spatial or a novel temporal isolation for tasks and by exploiting composable NoCs. The experiments reveal that the success rate in finding feasible application mappings is increased by temporal isolation by up to 30% and energy consumption is reduced compared to spatial isolation.
Editorial: Need for Artefact Verified Articles in ACM Transactions
The Internet of Things (IoT) is expanding at a large rate, with devices found in commercial and domestic settings from industrial sensors to home appliances. However, as the IoT market grows, so does the number of attacks made against it with some reports claiming an increase of 600\% in 2017. This work seeks to prevent code replacement, injection and exploitation attacks by ensuring correct and platform specific application execution. This combines two previously studied problems: secure application execution and binding hardware and software. We present descriptions of both problems and requirements for ensuring both simultaneously. We then propose a scheme extending previous work that meets these requirements, and describe our implementation of the soft-core Secure Execution Processor developed and tested on Xilinx Spartan-6 FPGA. Finally, we analyse the scheme and our implementation according to performance and the requirements listed.
We present a technique for implementing dataflow networks as compositional hardware circuits. We first define an abstract dataflow model with unbounded buffers that supports data-dependent blocks (mux, demux, and nondeterministic merge); we then show how to faithfully implement such networks with bounded buffers and handshaking. Handshaking admits compositionality: our circuits can be connected with or without buffers and still compute the same function without introducing spurious combinational cycles. As such, inserting or removing buffers affects the performance but not the functionality of our networks; which we demonstrate through experiments that show how design space can be explored.
We explore techniques to reverse-engineer DRAM embedded memory controllers (MCs) including page policies, address mapping and command arbitration. There are several benefits to knowing this information: they allow tightening worst-case bounds of embedded systems, and platform-aware optimizations at the operating system, source-code, and compiler levels. We develop a latency-based analysis, which we use to devise algorithms and C programs to extract MC properties. We show the effectiveness of the proposed approach by reverse-engineering the MC details in the XUPV5-LX110T Xilinx platform. Furthermore, in order to cover a breadth of policies, we use a simulation framework and document our finding.
Elliptic Curve Cryptography (ECC) now is one of the most important approach to instantiate asymmetric encryption and signature schemes, which has been extensively exploited to protect the security of cyber-physical systems. With the advent of the Internet of Things (IoT), a great deal of constrained devices may require software implementations of ECC operations. Under this circumstances, the SM2, a set of public key cryptographic algorithms based on elliptic curves published by Chinese Commercial Cryptography Administration Office, was standardized at ISO in 2017 to enhance the cyber-security. However, few research works on implementations of SM2 for constrained devices have been conducted. In this work, we fill this gap and propose our efficient, secure and compact implementation of scalar multiplication on a 256-bit elliptic curve recommended by the SM2, as well as a comparison implementation of scalar multiplication on the same bit-length elliptic curve recommended by NIST. We re-designed some existent techniques to fit the low-end IoT platform, namely 8-bit AVR processors, and our ECC implementations evaluated on the desired platform show that the SM2 algorithms have competitive efficiency and security with NIST, which would work well to secure the IoT world.
Constructing high assurance, secure hardware remains a challenge, because to do so relies on both a verifiable means of hardware description and implementation. Production hardware description languages (HDL) lack the formal underpinnings required by formal methods in security. Still, there is no such thing as high assurance systems without high assurance hardware. We present a core calculus of secure hardware description with its formal semantics, security type system and mechanization in Coq. This calculus is the core of the functional HDL, ReWire. This work supports a full-fledged formal methodology for producing high assurance hardware.
With the rapid development of the Internet of Things (IoT), security has attracted considerable interest. Conventional security solutions that have been proposed for Internet based on classical cryptography cannot be applied to IoT nodes due to the resource-constrained platform. A physical unclonable function (PUF) can be used to generate a key online or uniquely identify an integrated circuits (ICs) by extracting its internal random differences using the so-called challenge-response pairs (CRPs). The PUF is a new type of hardware-based security primitive; it is regarded as a promising low-cost solution for IoT security. A logic reconfigurable PUF (RPUF) is highly efficient in terms of hardware cost. This paper first presents a new classification of RPUFs into circuit based RPUF (C-RPUF) and algorithm based RPUF (A-RPUF); two XOR-based RPUF circuits (namely the XOR-based reconfigurable bistable ring PUF (XRBR PUF) and the XOR-based reconfigurable ring oscillator PUF (XRRO PUF)) are proposed. Both the XRBR and XRRO PUFs are implemented using Xilinx Spartan-6 FPGAs. The implementation results are compared with previous PUF designs showing a good uniqueness and reliability. Compared to conventional PUF designs, the most significant advantage of the proposed designs is that they are highly efficient in terms of hardware cost. Moreover, the XRRO PUF is the most efficient design when compared with previous RPUFs. Also, both the proposed XRRO and XRBR PUFs require only 12.5% of the hardware resources of previous bitstable ring PUFs and reconfigurable RO PUFs, respectively, to generate a 1-bit response; this confirms that the proposed XRBR and XRRO PUFs are very efficient designs with good uniqueness and reliability.
We develop an assume-guarantee contract framework for cyber-physical system design under probabilistic requirements. Given a stochastic linear system and a set of requirements captured by bounded Stochastic Signal Temporal Logic (StSTL) contracts, we propose algorithms to check contract compatibility, consistency, and refinement, and generate a control trajectory that satisfies a contract. We leverage encodings of the verification and control synthesis tasks into mixed integer optimization problems, and conservative approximations of probabilistic constraints that produce sound and tractable problem formulations. We illustrate the effectiveness of our approach on a few examples, including the design of controllers for aircraft power distribution networks.
Out-of-place update and erase-before-write wear out P/Es and shorten SSD lifetime. Log space in an SSD is updated pages buffer to extend SSD lifetime. We propose DLSpace, a distributed log space allocation strategy, which divides log space into block- and page- log space. DLSpace fully utilizes pages in data and log blocks to avoid erasures of blocks with free pages. Experiments reveal that compared with traditional allocation strategy (TLSpace), DLSpace reduces write amplification and the number of erases by up to 55.2% and 64.1%, extends TLSpaces delay time of garbage collections by 73.3% to optimize SSD lifetime.
In the growing Internet of Things context, thousands of computing devices with various functionalities are producing data (from environmental sensors or other sources). However, they are also collecting, storing, processing and transmitting data to eventually communicate them securely to third parties (e.g. owners of devices or cloud data storage). The deployed devices are often battery-powered mobile or static nodes equipped with sensors and/or actuators and they communicate using wireless technologies. Examples include unmanned aerial vehicles, wireless sensor nodes, smart beacons, and wearable health objects. Such resource-constrained devices include Active RFID (Radio Frequency IDentification) nodes and these are used to illustrate our proposal. In most scenarios, these nodes are unattended in an adverse environment, so data confidentiality must be ensured from the sensing phase through to delivery to authorized entities: in other words, data must be securely stored and transmitted to prevent attack by active adversaries even if the nodes are captured. However, due to the scarce resources available to nodes in terms of energy, storage and/or computation, the proposed security solution has to be lightweight. In this paper, we propose a serverless protocol to enable MDCs (Mobile Data Collectors), such as drones, to securely collect data from mobile and static Active RFID nodes and then deliver them later to an authorized third party. The whole solution ensures data confidentiality at each step (from the sensing phase, before data collection by the MDC, once data have been collected by MDC, and during final delivery) while fulfilling the lightweight requirements for the resource-limited entities involved. To assess the suitability of the protocol against the performance requirements, it was implemented on the most resource-constrained devices to get the worst possible results. In addition, to prove the protocol fulfills the security requirements, it was analyzed with regard to security games and also formally verified using the AVISPA tool.
This paper proposes Momentum, a general power-neutral methodology that can be applied to a wide-range of different computing systems, where the system dynamically scales its performance such that the consumed power equals the harvested power. This methodology combines at run-time a hierarchical control strategy, which utilizes available power management controls to achieve efficient power-neutral operation, a software-based maximum power point tracking scheme and experimental validation on two different scales of computing system. Experimental results show that Momentum operates correctly and exhibits improvements in forward application execution of up to 11% against existing power-neutral approaches, and 46% against existing static approaches.
A typical automotive integrated architecture is a controller area network (CAN) cluster integrated by a central gateway. This study proposes a novel and exact worst case response time (WCRT) analysis method for message-processing tasks in the gateway. We first propose a round search method to obtain lower bound on response time (LBRT) and upper bound on response time (UBRT), respectively. We then obtain the exact WCRT belonging to the scope of the LBRT and UBRT with an effective non-exhaustive exploration. Experiments on real CAN message set reveal that the exact analysis method can reduce 99.99999\% combinations on large-scale CAN clusters.