-
Security and RAS in the Computing Continuum
Authors:
Martí Alonso,
David Andreu,
Ramon Canal,
Stefano Di Carlo,
Odysseas Chatzopoulos,
Cristiano Chenet,
Juanjo Costa,
Andreu Girones,
Dimitris Gizopoulos,
George Papadimitriou,
Enric Morancho,
Beatriz Otero,
Alessandro Savino
Abstract:
Security and RAS are two non-functional requirements under focus for current systems developed for the computing continuum. Due to the increased number of interconnected computer systems across the continuum, security becomes especially pervasive at all levels, from the smallest edge device to the high-performance cloud at the other end. Similarly, RAS (Reliability, Availability, and Serviceabilit…
▽ More
Security and RAS are two non-functional requirements under focus for current systems developed for the computing continuum. Due to the increased number of interconnected computer systems across the continuum, security becomes especially pervasive at all levels, from the smallest edge device to the high-performance cloud at the other end. Similarly, RAS (Reliability, Availability, and Serviceability) ensures the robustness of a system towards hardware defects. Namely, making them reliable, with high availability and design for easy service. In this paper and as a result of the Vitamin-V EU project, the authors detail the comprehensive approach to malware and hardware attack detection; as well as, the RAS features envisioned for future systems across the computing continuum.
△ Less
Submitted 22 October, 2024;
originally announced October 2024.
-
Hardware-based stack buffer overflow attack detection on RISC-V architectures
Authors:
Cristiano Pegoraro Chenet,
Ziteng Zhang,
Alessandro Savino,
Stefano Di Carlo
Abstract:
This work evaluates how well hardware-based approaches detect stack buffer overflow (SBO) attacks in RISC-V systems. We conducted simulations on the PULP platform and examined micro-architecture events using semi-supervised anomaly detection techniques. The findings showed the challenge of detection performance. Thus, a potential solution combines software and hardware-based detectors concurrently…
▽ More
This work evaluates how well hardware-based approaches detect stack buffer overflow (SBO) attacks in RISC-V systems. We conducted simulations on the PULP platform and examined micro-architecture events using semi-supervised anomaly detection techniques. The findings showed the challenge of detection performance. Thus, a potential solution combines software and hardware-based detectors concurrently, with hardware as the primary defense. The hardware-based approaches present compelling benefits that could enhance RISC-V-based architectures.
△ Less
Submitted 12 June, 2024;
originally announced June 2024.
-
Validation, Verification, and Testing (VVT) of future RISC-V powered cloud infrastructures: the Vitamin-V Horizon Europe Project perspective
Authors:
Marti Alonso,
David Andreu,
Ramon Canal,
Stefano Di Carlo,
Cristiano Chenet,
Juanjo Costa,
Andreu Girones,
Dimitris Gizopoulos,
Vasileios Karakostas,
Beatriz Otero,
George Papadimitriou,
Eva Rodriguez,
Alessandro Savino
Abstract:
Vitamin-V is a project funded under the Horizon Europe program for the period 2023-2025. The project aims to create a complete open-source software stack for RISC-V that can be used for cloud services. This software stack is intended to have the same level of performance as the x86 architecture, which is currently dominant in the cloud computing industry. In addition, the project aims to create a…
▽ More
Vitamin-V is a project funded under the Horizon Europe program for the period 2023-2025. The project aims to create a complete open-source software stack for RISC-V that can be used for cloud services. This software stack is intended to have the same level of performance as the x86 architecture, which is currently dominant in the cloud computing industry. In addition, the project aims to create a powerful virtual execution environment that can be used for software development, validation, verification, and testing. The virtual environment will consider the relevant RISC-V ISA extensions required for cloud deployment. Commercial cloud systems use hardware features currently unavailable in RISC-V virtual environments, including virtualization, cryptography, and vectorization. To address this, Vitamin-V will support these features in three virtual environments: QEMU, gem5, and cloud-FPGA prototype platforms. The project will focus on providing support for EPI-based RISC-V designs for both the main CPUs and cloud-important accelerators, such as memory compression. The project will add the compiler (LLVM-based) and toolchain support for the ISA extensions. Moreover, Vitamin-V will develop novel approaches for validating, verifying, and testing software trustworthiness. This paper focuses on the plans and visions that the Vitamin-V project has to support validation, verification, and testing for cloud applications, particularly emphasizing the hardware support that will be provided.
△ Less
Submitted 3 May, 2023;
originally announced May 2023.
-
A survey on hardware-based malware detection approaches
Authors:
Cristiano Pegoraro Chenet,
Alessandro Savino,
Stefano Di Carlo
Abstract:
This paper delves into the dynamic landscape of computer security, where malware poses a paramount threat. Our focus is a riveting exploration of the recent and promising hardware-based malware detection approaches. Leveraging hardware performance counters and machine learning prowess, hardware-based malware detection approaches bring forth compelling advantages such as real-time detection, resili…
▽ More
This paper delves into the dynamic landscape of computer security, where malware poses a paramount threat. Our focus is a riveting exploration of the recent and promising hardware-based malware detection approaches. Leveraging hardware performance counters and machine learning prowess, hardware-based malware detection approaches bring forth compelling advantages such as real-time detection, resilience to code variations, minimal performance overhead, protection disablement fortitude, and cost-effectiveness. Navigating through a generic hardware-based detection framework, we meticulously analyze the approach, unraveling the most common methods, algorithms, tools, and datasets that shape its contours. This survey is not only a resource for seasoned experts but also an inviting starting point for those venturing into the field of malware detection. However, challenges emerge in detecting malware based on hardware events. We struggle with the imperative of accuracy improvements and strategies to address the remaining classification errors. The discussion extends to crafting mixed hardware and software approaches for collaborative efficacy, essential enhancements in hardware monitoring units, and a better understanding of the correlation between hardware events and malware applications.
△ Less
Submitted 18 April, 2024; v1 submitted 22 March, 2023;
originally announced March 2023.
-
Using analog scrambling circuits for automotive sensor integrity and authenticity
Authors:
Cristiano Pegoraro Chenet,
Alessandro Savino,
Stefano di Carlo
Abstract:
The automotive domain rapidly increases the embedded amount of complex and interconnected electronics systems. A considerable proportion of them are real-time safety-critical devices and must be protected against cybersecurity attacks. Recent regulations impose carmakers to protect vehicles against replacing trusted electronic hardware and manipulating the information collected by sensors. Analog…
▽ More
The automotive domain rapidly increases the embedded amount of complex and interconnected electronics systems. A considerable proportion of them are real-time safety-critical devices and must be protected against cybersecurity attacks. Recent regulations impose carmakers to protect vehicles against replacing trusted electronic hardware and manipulating the information collected by sensors. Analog sensors are critical elements whose security is now strictly regulated by the new UN R155 recommendation but lacks well-developed and established solutions. This work takes a step forward in this direction, adding integrity and authentication to automotive analog sensors proposing a schema to create analog signatures based on a scrambling mechanism implemented with commercial-of-the-shelf (COTS) operational amplifiers. The proposed architecture implements a hardware secret and a hard-to-invert exponential function to generate a signal's signature. A prototype of the circuit was implemented and simulated on LTspice. Preliminary results show the feasibility of the proposed schema and provide interesting hints for further developments to increase the robustness of the approach.
△ Less
Submitted 21 February, 2022;
originally announced February 2022.