Pub Date : 2015-10-04DOI: 10.1109/EMSOFT.2015.7318271
Carlos Moreno, Moaraj Hasan, S. Fischmeister
Security and privacy are growing concerns in modern embedded software, given the increasing level of connectivity as well as complexity and features in embedded devices. Use of cryptographic techniques is often a requirement on which the security of the device relies. However, important challenges arise when potential attackers have physical access to the device. Side-channel analysis, including simple power analysis (SPA), is a class of powerful non-intrusive attacks that are suitable for adversaries with physical access to the device. Countermeasures exist, but they typically involve a considerable performance penalty, and some of them in turn introduce a vulnerability to induced fault attacks. In this work, we present several new efficient cryptographic exponentiation algorithms that work by splitting the exponent in two halves for simultaneous processing while using special representations derived from signed-digit encoding that improve computational efficiency. A key detail in the design of these algorithms is that they are compatible with the idea of buffering the operations to provide resistance to SPA. Experimental results are presented, including implementations of the proposed methods with both modular integer exponentiation and elliptic curve (ECC) scalar multiplication. We also performed statistical analysis of the traces, showing that trace segments for different exponent bits are statistically indistinguishable. Our proposed techniques also exhibit better resistance against fault attacks and combined fault and side-channel attacks, compared to previous SPA-resistant techniques.
{"title":"Exp-HE: a family of fast exponentiation algorithms resistant to SPA, fault, and combined attacks","authors":"Carlos Moreno, Moaraj Hasan, S. Fischmeister","doi":"10.1109/EMSOFT.2015.7318271","DOIUrl":"https://doi.org/10.1109/EMSOFT.2015.7318271","url":null,"abstract":"Security and privacy are growing concerns in modern embedded software, given the increasing level of connectivity as well as complexity and features in embedded devices. Use of cryptographic techniques is often a requirement on which the security of the device relies. However, important challenges arise when potential attackers have physical access to the device. Side-channel analysis, including simple power analysis (SPA), is a class of powerful non-intrusive attacks that are suitable for adversaries with physical access to the device. Countermeasures exist, but they typically involve a considerable performance penalty, and some of them in turn introduce a vulnerability to induced fault attacks. In this work, we present several new efficient cryptographic exponentiation algorithms that work by splitting the exponent in two halves for simultaneous processing while using special representations derived from signed-digit encoding that improve computational efficiency. A key detail in the design of these algorithms is that they are compatible with the idea of buffering the operations to provide resistance to SPA. Experimental results are presented, including implementations of the proposed methods with both modular integer exponentiation and elliptic curve (ECC) scalar multiplication. We also performed statistical analysis of the traces, showing that trace segments for different exponent bits are statistically indistinguishable. Our proposed techniques also exhibit better resistance against fault attacks and combined fault and side-channel attacks, compared to previous SPA-resistant techniques.","PeriodicalId":297297,"journal":{"name":"2015 International Conference on Embedded Software (EMSOFT)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116139899","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-10-04DOI: 10.1109/EMSOFT.2015.7318268
Jean-Baptiste Jeannin, Khalil Ghorbal, Yanni Kouskoulas, Ryan Gardner, Aurora C. Schmidt, E. Zawadzki, André Platzer
Formal verification of industrial systems is very challenging, due to reasons ranging from scalability issues to communication difficulties with engineering-focused teams. More importantly, industrial systems are rarely designed for verification, but rather for operational needs. In this paper we present an overview of our experience using hybrid systems theorem proving to formally verify ACAS X, an airborne collision avoidance system for airliners scheduled to be operational around 2020. The methods and proof techniques presented here are an overview of the work already presented in [8], while the evaluation of ACAS X has been significantly expanded and updated to the most recent version of the system, run 13. The effort presented in this paper is an integral part of the ACAS X development and was performed in tight collaboration with the ACAS X development team.
{"title":"Formal verification of ACAS X, an industrial airborne collision avoidance system","authors":"Jean-Baptiste Jeannin, Khalil Ghorbal, Yanni Kouskoulas, Ryan Gardner, Aurora C. Schmidt, E. Zawadzki, André Platzer","doi":"10.1109/EMSOFT.2015.7318268","DOIUrl":"https://doi.org/10.1109/EMSOFT.2015.7318268","url":null,"abstract":"Formal verification of industrial systems is very challenging, due to reasons ranging from scalability issues to communication difficulties with engineering-focused teams. More importantly, industrial systems are rarely designed for verification, but rather for operational needs. In this paper we present an overview of our experience using hybrid systems theorem proving to formally verify ACAS X, an airborne collision avoidance system for airliners scheduled to be operational around 2020. The methods and proof techniques presented here are an overview of the work already presented in [8], while the evaluation of ACAS X has been significantly expanded and updated to the most recent version of the system, run 13. The effort presented in this paper is an integral part of the ACAS X development and was performed in tight collaboration with the ACAS X development team.","PeriodicalId":297297,"journal":{"name":"2015 International Conference on Embedded Software (EMSOFT)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131551986","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-10-04DOI: 10.1109/EMSOFT.2015.7318273
R. Medhat, S. Ramesh, Borzoo Bonakdarpour, S. Fischmeister
Automata-based models of embedded systems are useful and attractive for many reasons: they are intuitive, precise, at a high level of abstraction, tool independent and can be simulated and analyzed. They also have the advantage of facilitating readability and system comprehension in the case of large systems. This paper proposes an approach for mining automata-based models from input/output execution traces of embedded control systems. The models mined by our approach are hybrid automata models, which capture discrete as well as continuous system behavior. Specifically this paper proposes a framework for analyzing multiple input/output traces by identifying steps like segmentation, clustering, generation of event traces, and automata inference. The framework is general enough to admit multiple techniques or future enhancements of these steps. We demonstrate the power of the framework by using some specific existing methods and tools in two case studies. Our initial results are encouraging and should spur further research in the domain.
{"title":"A framework for mining hybrid automata from input/output traces","authors":"R. Medhat, S. Ramesh, Borzoo Bonakdarpour, S. Fischmeister","doi":"10.1109/EMSOFT.2015.7318273","DOIUrl":"https://doi.org/10.1109/EMSOFT.2015.7318273","url":null,"abstract":"Automata-based models of embedded systems are useful and attractive for many reasons: they are intuitive, precise, at a high level of abstraction, tool independent and can be simulated and analyzed. They also have the advantage of facilitating readability and system comprehension in the case of large systems. This paper proposes an approach for mining automata-based models from input/output execution traces of embedded control systems. The models mined by our approach are hybrid automata models, which capture discrete as well as continuous system behavior. Specifically this paper proposes a framework for analyzing multiple input/output traces by identifying steps like segmentation, clustering, generation of event traces, and automata inference. The framework is general enough to admit multiple techniques or future enhancements of these steps. We demonstrate the power of the framework by using some specific existing methods and tools in two case studies. Our initial results are encouraging and should spur further research in the domain.","PeriodicalId":297297,"journal":{"name":"2015 International Conference on Embedded Software (EMSOFT)","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125538260","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-10-04DOI: 10.1109/EMSOFT.2015.7318280
M. Manderscheid, Gereon Weiss, R. Knorr
Modern Cyber-Physical Systems (CPS) must increasingly adapt to changing contexts, like smart cars to changing driving conditions. Thus, design approaches are facing a rapidly growing number of network runtime configurations. With recent approaches this problem can be solved for design space exploration (DSE) by analyzing the network performance of single configurations which are intended to represent the entire runtime variability space. This technique can be applied for DSE since the latter only intends to find an optimized system setup. Yet it does not meet the requirements of network verification, since it does not necessarily find the worst-case for all applications. To solve this, we developed an integrated model, which allows describing runtime variability in the network performance model with a 0-1 linear-fractional program. Thus, we can cover entire runtime variability spaces without analyzing every single network runtime configuration. Although the approach utilizes heuristics, it still guarantees worst-case results. We can show that in comparison to state-of-the-art methods our approach scales for large automotive systems with multiple network configurations. Moreover, our evaluation results highlight the superior capabilities of our method with respect to accuracy and computation time.
{"title":"Verifying network performance of cyber-physical systems with multiple runtime configurations","authors":"M. Manderscheid, Gereon Weiss, R. Knorr","doi":"10.1109/EMSOFT.2015.7318280","DOIUrl":"https://doi.org/10.1109/EMSOFT.2015.7318280","url":null,"abstract":"Modern Cyber-Physical Systems (CPS) must increasingly adapt to changing contexts, like smart cars to changing driving conditions. Thus, design approaches are facing a rapidly growing number of network runtime configurations. With recent approaches this problem can be solved for design space exploration (DSE) by analyzing the network performance of single configurations which are intended to represent the entire runtime variability space. This technique can be applied for DSE since the latter only intends to find an optimized system setup. Yet it does not meet the requirements of network verification, since it does not necessarily find the worst-case for all applications. To solve this, we developed an integrated model, which allows describing runtime variability in the network performance model with a 0-1 linear-fractional program. Thus, we can cover entire runtime variability spaces without analyzing every single network runtime configuration. Although the approach utilizes heuristics, it still guarantees worst-case results. We can show that in comparison to state-of-the-art methods our approach scales for large automotive systems with multiple network configurations. Moreover, our evaluation results highlight the superior capabilities of our method with respect to accuracy and computation time.","PeriodicalId":297297,"journal":{"name":"2015 International Conference on Embedded Software (EMSOFT)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116889492","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-10-01DOI: 10.1109/EMSOFT.2015.7318277
M. Pajic, Junkil Park, Insup Lee, George J. Pappas, O. Sokolsky
We consider the problem of verification of software implementations of linear time-invariant controllers. Commonly, different implementations use different representations of the controller's state, for example due to optimizations in a third-party code generator. To accommodate this variation, we exploit input-output controller specification captured by the controller's transfer function and show how to automatically verify correctness of C code controller implementations using a Frama-C/Why3/Z3 toolchain. Scalability of the approach is evaluated using randomly generated controller specifications of realistic size.
{"title":"Automatic verification of linear controller software","authors":"M. Pajic, Junkil Park, Insup Lee, George J. Pappas, O. Sokolsky","doi":"10.1109/EMSOFT.2015.7318277","DOIUrl":"https://doi.org/10.1109/EMSOFT.2015.7318277","url":null,"abstract":"We consider the problem of verification of software implementations of linear time-invariant controllers. Commonly, different implementations use different representations of the controller's state, for example due to optimizations in a third-party code generator. To accommodate this variation, we exploit input-output controller specification captured by the controller's transfer function and show how to automatically verify correctness of C code controller implementations using a Frama-C/Why3/Z3 toolchain. Scalability of the approach is evaluated using randomly generated controller specifications of realistic size.","PeriodicalId":297297,"journal":{"name":"2015 International Conference on Embedded Software (EMSOFT)","volume":"53 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114675876","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-10-01DOI: 10.1109/EMSOFT.2015.7318275
Chen Pan, Mimi Xie, Chengmo Yang, Z. Shao, J. Hu
Non-volatile memories (NVMs) such as Phase Change Memory (PCM) have been considered as promising candidates of next generation main memory for embedded systems due to their attractive features. These features include low power, high density, and better scalability. However, most existing NVMs suffer from two drawbacks, namely, limited write endurance and expensive write operation in terms of both time and energy. These problems are worsen when modern high-level languages employ virtual machine with garbage collector that generates a large amount of extra writes on non-volatile main memory. To tackle this challenge, this paper proposes three techniques: Living Objects Remapping (LORE), Dead Object Stamping (DOS), and Smart Wiping with Maximum Likelihood Estimation (SMILE) to reduce the unnecessary writes when garbage collector handles objects. The experimental results show that the proposed techniques not only significantly reduce the writes during each garbage collection cycle but also greatly improve the performance of virtual machine.
{"title":"Nonvolatile main memory aware garbage collection in high-level language virtual machine","authors":"Chen Pan, Mimi Xie, Chengmo Yang, Z. Shao, J. Hu","doi":"10.1109/EMSOFT.2015.7318275","DOIUrl":"https://doi.org/10.1109/EMSOFT.2015.7318275","url":null,"abstract":"Non-volatile memories (NVMs) such as Phase Change Memory (PCM) have been considered as promising candidates of next generation main memory for embedded systems due to their attractive features. These features include low power, high density, and better scalability. However, most existing NVMs suffer from two drawbacks, namely, limited write endurance and expensive write operation in terms of both time and energy. These problems are worsen when modern high-level languages employ virtual machine with garbage collector that generates a large amount of extra writes on non-volatile main memory. To tackle this challenge, this paper proposes three techniques: Living Objects Remapping (LORE), Dead Object Stamping (DOS), and Smart Wiping with Maximum Likelihood Estimation (SMILE) to reduce the unnecessary writes when garbage collector handles objects. The experimental results show that the proposed techniques not only significantly reduce the writes during each garbage collection cycle but also greatly improve the performance of virtual machine.","PeriodicalId":297297,"journal":{"name":"2015 International Conference on Embedded Software (EMSOFT)","volume":"50 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127582479","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2015-07-17DOI: 10.1109/EMSOFT.2015.7318278
N. Aréchiga, J. Kapinski, Jyotirmoy V. Deshmukh, André Platzer, B. Krogh
The use of deductive techniques, such as theorem provers, has several advantages in safety verification of hybrid systems; however, state-of-the-art theorem provers require manual intervention to handle complex systems. Furthermore, there is often a gap between the type of assistance that a theorem prover requires to make progress on a proof task and the assistance that a system designer is able to provide directly. This paper presents an extension to KeYmaera, a deductive verification tool for differential dynamic logic; the new technique allows local reasoning using system designer intuition about performance within particular modes as part of a proof task. Our approach allows the theorem prover to leverage forward invariants, discovered using numerical techniques, as part of a proof of safety. We introduce a new inference rule into the proof calculus of KeYmaera, the forward invariant cut rule, and we present a methodology to discover useful forward invariants, which are then used with the new cut rule to complete verification tasks. We demonstrate how our new approach can be used to complete verification tasks that lie out of the reach of existing automatic verification approaches using several examples, including one involving an automotive powertrain control system.
{"title":"Forward invariant cuts to simplify proofs of safety","authors":"N. Aréchiga, J. Kapinski, Jyotirmoy V. Deshmukh, André Platzer, B. Krogh","doi":"10.1109/EMSOFT.2015.7318278","DOIUrl":"https://doi.org/10.1109/EMSOFT.2015.7318278","url":null,"abstract":"The use of deductive techniques, such as theorem provers, has several advantages in safety verification of hybrid systems; however, state-of-the-art theorem provers require manual intervention to handle complex systems. Furthermore, there is often a gap between the type of assistance that a theorem prover requires to make progress on a proof task and the assistance that a system designer is able to provide directly. This paper presents an extension to KeYmaera, a deductive verification tool for differential dynamic logic; the new technique allows local reasoning using system designer intuition about performance within particular modes as part of a proof task. Our approach allows the theorem prover to leverage forward invariants, discovered using numerical techniques, as part of a proof of safety. We introduce a new inference rule into the proof calculus of KeYmaera, the forward invariant cut rule, and we present a methodology to discover useful forward invariants, which are then used with the new cut rule to complete verification tasks. We demonstrate how our new approach can be used to complete verification tasks that lie out of the reach of existing automatic verification approaches using several examples, including one involving an automotive powertrain control system.","PeriodicalId":297297,"journal":{"name":"2015 International Conference on Embedded Software (EMSOFT)","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-07-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131690176","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: