Related papers: One for All and All for One: GNN-based Control-Flow Attestation for Embedded Devices

One for All and All for One: GNN-based Control-Flow Attestation for Embedded Devices

URL: http://arxiv.org/abs/2403.07465v1
Date: Tue, 12 Mar 2024 10:00:06 GMT
Title: One for All and All for One: GNN-based Control-Flow Attestation for Embedded Devices
Authors: Marco Chilese, Richard Mitev, Meni Orenbach, Robert Thorburn, Ahmad Atamli, Ahmad-Reza Sadeghi
Abstract summary: Control-Flow (CFA) is a security service that allows an entity (verifier) to verify the integrity of code execution on a remote computer system. Existing CFA schemes suffer from impractical assumptions, such as requiring access to the prover's internal state. We introduce RAGE, a novel, lightweight CFA approach with minimal requirements.
Score: 16.425360892610986
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: Control-Flow Attestation (CFA) is a security service that allows an entity (verifier) to verify the integrity of code execution on a remote computer system (prover). Existing CFA schemes suffer from impractical assumptions, such as requiring access to the prover's internal state (e.g., memory or code), the complete Control-Flow Graph (CFG) of the prover's software, large sets of measurements, or tailor-made hardware. Moreover, current CFA schemes are inadequate for attesting embedded systems due to their high computational overhead and resource usage. In this paper, we overcome the limitations of existing CFA schemes for embedded devices by introducing RAGE, a novel, lightweight CFA approach with minimal requirements. RAGE can detect Code Reuse Attacks (CRA), including control- and non-control-data attacks. It efficiently extracts features from one execution trace and leverages Unsupervised Graph Neural Networks (GNNs) to identify deviations from benign executions. The core intuition behind RAGE is to exploit the correspondence between execution trace, execution graph, and execution embeddings to eliminate the unrealistic requirement of having access to a complete CFG. We evaluate RAGE on embedded benchmarks and demonstrate that (i) it detects 40 real-world attacks on embedded software; (ii) Further, we stress our scheme with synthetic return-oriented programming (ROP) and data-oriented programming (DOP) attacks on the real-world embedded software benchmark Embench, achieving 98.03% (ROP) and 91.01% (DOP) F1-Score while maintaining a low False Positive Rate of 3.19%; (iii) Additionally, we evaluate RAGE on OpenSSL, used by millions of devices and achieve 97.49% and 84.42% F1-Score for ROP and DOP attack detection, with an FPR of 5.47%.

Related papers

SpecCFA: Enhancing Control Flow Attestation/Auditing via Application-Aware Sub-Path Speculation [6.210224116507288]
We propose SpecCFA: an approach for dynamic sub-path speculation in CFA. SpecCFA significantly lowers storage/performance costs that are critical to resource-constrained MCUs.
arXiv Detail & Related papers (2024-09-27T02:39:55Z)
Vulnerability-Hunter: An Adaptive Feature Perception Attention Network for Smart Contract Vulnerabilities [4.487191851300675]
We propose AFPNet, a novel vulnerability detection model equipped with a feature perception module that has dynamic weights for comprehensive scanning of the entire smart contract code. We conduct an evaluation of AFPNet in the several large-scale datasets with vulnerability labels.
arXiv Detail & Related papers (2024-07-07T10:13:41Z)
The Power of Resets in Online Reinforcement Learning [73.64852266145387]
We explore the power of simulators through online reinforcement learning with local simulator access (or, local planning) We show that MDPs with low coverability can be learned in a sample-efficient fashion with only $Qstar$-realizability. We show that the notorious Exogenous Block MDP problem is tractable under local simulator access.
arXiv Detail & Related papers (2024-04-23T18:09:53Z)
DeVAIC: A Tool for Security Assessment of AI-generated Code [5.383910843560784]
DeVAIC (Detection of Vulnerabilities in AI-generated Code) is a tool to evaluate the security of AI-generated Python code.
arXiv Detail & Related papers (2024-04-11T08:27:23Z)
LightFAt: Mitigating Control-flow Explosion via Lightweight PMU-based Control-flow Attestation [0.9999629695552195]
Remote execution often deals with sensitive data or executes proprietary software. It ensures the code is executed in a non-compromised environment by calculating a potentially large sequence of cryptographic hash values. In this work, we propose LightFAt: a Lightweight Control Flow scheme.
arXiv Detail & Related papers (2024-04-03T09:55:15Z)
A Lightweight Multi-Attack CAN Intrusion Detection System on Hybrid FPGAs [13.581341206178525]
Intrusion detection and mitigation approaches have shown promising results in detecting multiple attack vectors in Controller Area Network (CAN) We present a lightweight multi-attack quantised machine learning model that is deployed using Xilinx's Deep Learning Processing Unit IP on a Zynq Ultrascale+ (XCZU3EG) FPGA. The model detects denial of service and fuzzing attacks with an accuracy of above 99 % and a false positive rate of 0.07%, which are comparable to the state-of-the-art techniques in the literature.
arXiv Detail & Related papers (2024-01-19T13:39:05Z)
VELVET: a noVel Ensemble Learning approach to automatically locate VulnErable sTatements [62.93814803258067]
This paper presents VELVET, a novel ensemble learning approach to locate vulnerable statements in source code. Our model combines graph-based and sequence-based neural networks to successfully capture the local and global context of a program graph. VELVET achieves 99.6% and 43.6% top-1 accuracy over synthetic data and real-world data, respectively.
arXiv Detail & Related papers (2021-12-20T22:45:27Z)
Safe RAN control: A Symbolic Reinforcement Learning Approach [62.997667081978825]
We present a Symbolic Reinforcement Learning (SRL) based architecture for safety control of Radio Access Network (RAN) applications. We provide a purely automated procedure in which a user can specify high-level logical safety specifications for a given cellular network topology. We introduce a user interface (UI) developed to help a user set intent specifications to the system, and inspect the difference in agent proposed actions.
arXiv Detail & Related papers (2021-06-03T16:45:40Z)
Enabling certification of verification-agnostic networks via memory-efficient semidefinite programming [97.40955121478716]
We propose a first-order dual SDP algorithm that requires memory only linear in the total number of network activations. We significantly improve L-inf verified robust accuracy from 1% to 88% and 6% to 40% respectively. We also demonstrate tight verification of a quadratic stability specification for the decoder of a variational autoencoder.
arXiv Detail & Related papers (2020-10-22T12:32:29Z)
ALF: Autoencoder-based Low-rank Filter-sharing for Efficient Convolutional Neural Networks [63.91384986073851]
We propose the autoencoder-based low-rank filter-sharing technique technique (ALF) ALF shows a reduction of 70% in network parameters, 61% in operations and 41% in execution time, with minimal loss in accuracy.
arXiv Detail & Related papers (2020-07-27T09:01:22Z)
Automatic Perturbation Analysis for Scalable Certified Robustness and Beyond [171.07853346630057]
Linear relaxation based perturbation analysis (LiRPA) for neural networks has become a core component in robustness verification and certified defense. We develop an automatic framework to enable perturbation analysis on any neural network structures. We demonstrate LiRPA based certified defense on Tiny ImageNet and Downscaled ImageNet.
arXiv Detail & Related papers (2020-02-28T18:47:43Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.