LightFAt: Mitigating Control-flow Explosion via Lightweight PMU-based Control-flow Attestation

• URL: http://arxiv.org/abs/2404.02608v2
• Date: Thu, 4 Apr 2024 09:20:33 GMT
• Title: LightFAt: Mitigating Control-flow Explosion via Lightweight PMU-based Control-flow Attestation
• Authors: Jeferson Gonzalez-Gomez, Hassan Nassar, Lars Bauer, Jorg Henkel,
• Abstract summary: Remote execution often deals with sensitive data or executes proprietary software. It ensures the code is executed in a non-compromised environment by calculating a potentially large sequence of cryptographic hash values. In this work, we propose LightFAt: a Lightweight Control Flow scheme.
• Score: 0.9999629695552195
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: With the continuous evolution of computational devices, more and more applications are being executed remotely. The applications operate on a wide spectrum of devices, ranging from IoT nodes with low computational capabilities to large cloud providers with high capabilities. Remote execution often deals with sensitive data or executes proprietary software. Hence, the challenge of ensuring that the code execution will not be compromised rises. Remote Attestation deals with this challenge. It ensures the code is executed in a non-compromised environment by calculating a potentially large sequence of cryptographic hash values. Each hash calculation is computationally intensive and over a large sequence the overhead becomes extremely high. In this work, we propose LightFAt: a Lightweight Control Flow Attestation scheme. Instead of relying on the expensive cryptographic hash calculation, LightFAt leverages the readings from the processor's Performance Monitor Unit (PMU) in conjunction with a lightweight unsupervised machine learning (ML) classifier to detect whether a target application's control flow is compromised, hence improving the system's security. On the verifier's side, LightFAt reaches a detection accuracy of over 95%, with low false-negative and false-positive rates.

Related papers

• Libra: Architectural Support For Principled, Secure And Efficient Balanced Execution On High-End Processors (Extended Version) [9.404954747748523]
  Control-flow leakage (CFL) attacks enable an attacker to expose control-flow decisions of a victim program via side-channel observations. Linearization has been widely believed to be the only effective countermeasure against CFL attacks. We propose Libra, a generic and principled hardware-software codesign to efficiently address CFL on high-end processors.
  arXiv  Detail & Related papers  (2024-09-05T17:56:19Z)
• A Verifiable Computing Scheme for Encrypted Control Systems [0.0]
  It is imperative to verify the correctness of the control signals received from the cloud. Traditional verification methods, like zero-knowledge proof techniques, are computationally demanding in both proof generation and verification. We present a novel computationally inexpensive verifiable computing solution inspired by the probabilistic cut-and-choose approach.
  arXiv  Detail & Related papers  (2024-05-28T21:06:39Z)
• One for All and All for One: GNN-based Control-Flow Attestation for Embedded Devices [16.425360892610986]
  Control-Flow (CFA) is a security service that allows an entity (verifier) to verify the integrity of code execution on a remote computer system. Existing CFA schemes suffer from impractical assumptions, such as requiring access to the prover's internal state. We introduce RAGE, a novel, lightweight CFA approach with minimal requirements.
  arXiv  Detail & Related papers  (2024-03-12T10:00:06Z)
• A Lightweight Multi-Attack CAN Intrusion Detection System on Hybrid FPGAs [13.581341206178525]
  Intrusion detection and mitigation approaches have shown promising results in detecting multiple attack vectors in Controller Area Network (CAN) We present a lightweight multi-attack quantised machine learning model that is deployed using Xilinx's Deep Learning Processing Unit IP on a Zynq Ultrascale+ (XCZU3EG) FPGA. The model detects denial of service and fuzzing attacks with an accuracy of above 99 % and a false positive rate of 0.07%, which are comparable to the state-of-the-art techniques in the literature.
  arXiv  Detail & Related papers  (2024-01-19T13:39:05Z)
• Deep Learning Assisted Multiuser MIMO Load Modulated Systems for Enhanced Downlink mmWave Communications [68.96633803796003]
  This paper is focused on multiuser load modulation arrays (MU-LMAs) which are attractive due to their low system complexity and reduced cost for millimeter wave (mmWave) multi-input multi-output (MIMO) systems. The existing precoding algorithm for downlink MU-LMA relies on a sub-array structured (SAS) transmitter which may suffer from decreased degrees of freedom and complex system configuration. In this paper, we conceive an MU-LMA system employing a full-array structured (FAS) transmitter and propose two algorithms accordingly.
  arXiv  Detail & Related papers  (2023-11-08T08:54:56Z)
• Distributed-Training-and-Execution Multi-Agent Reinforcement Learning for Power Control in HetNet [48.96004919910818]
  We propose a multi-agent deep reinforcement learning (MADRL) based power control scheme for the HetNet. To promote cooperation among agents, we develop a penalty-based Q learning (PQL) algorithm for MADRL systems. In this way, an agent's policy can be learned by other agents more easily, resulting in a more efficient collaboration process.
  arXiv  Detail & Related papers  (2022-12-15T17:01:56Z)
• An Adaptive Device-Edge Co-Inference Framework Based on Soft Actor-Critic [72.35307086274912]
  High-dimension parameter model and large-scale mathematical calculation restrict execution efficiency, especially for Internet of Things (IoT) devices. We propose a new Deep Reinforcement Learning (DRL)-Soft Actor Critic for discrete (SAC-d), which generates the emphexit point, emphexit point, and emphcompressing bits by soft policy iterations. Based on the latency and accuracy aware reward design, such an computation can well adapt to the complex environment like dynamic wireless channel and arbitrary processing, and is capable of supporting the 5G URL
  arXiv  Detail & Related papers  (2022-01-09T09:31:50Z)
• AQD: Towards Accurate Fully-Quantized Object Detection [94.06347866374927]
  We propose an Accurate Quantized object Detection solution, termed AQD, to get rid of floating-point computation. Our AQD achieves comparable or even better performance compared with the full-precision counterpart under extremely low-bit schemes.
  arXiv  Detail & Related papers  (2020-07-14T09:07:29Z)
• FCOS: A simple and strong anchor-free object detector [111.87691210818194]
  We propose a fully convolutional one-stage object detector (FCOS) to solve object detection in a per-pixel prediction fashion. Almost all state-of-the-art object detectors such as RetinaNet, SSD, YOLOv3, and Faster R-CNN rely on pre-defined anchor boxes. In contrast, our proposed detector FCOS is anchor box free, as well as proposal free.
  arXiv  Detail & Related papers  (2020-06-14T01:03:39Z)
• Near-chip Dynamic Vision Filtering for Low-Bandwidth Pedestrian Detection [99.94079901071163]
  This paper presents a novel end-to-end system for pedestrian detection using Dynamic Vision Sensors (DVSs) We target applications where multiple sensors transmit data to a local processing unit, which executes a detection algorithm. Our detector is able to perform a detection every 450 ms, with an overall testing F1 score of 83%.
  arXiv  Detail & Related papers  (2020-04-03T17:36:26Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.