Program（Secure Society in Future）

Speaker: Zikun Han

Abstract: In recent years, the application of distributed computing has become more and more widespread. Volunteer Computing defined as a kind of distributed computing infrastructure has gained people’s favor in terms of only requiring low cost to exchange for a large amount of computing power. However, for volunteer computing, security issues are paramount importance due to the computing source provided by the volunteers. Blockchain is a chain storage structure that has been widely used in recent years, and non-tamperability is one of its most important characteristics. Therefore, this research aims to improve the security and credibility of volunteer computing by using blockchain technology. A novel volunteer network is established on the Ethereum test network named Ropsten, and its feasibility is verified with a neural network used for computing.

Speaker: R. Madhukar Yerraguntla

Abstract: Security in IoT systems is severly compromised due to ill-defined interfaces, lack of secure information flow and low-level programming. Lustre is a high-level reactive dataflow language that can provide a programming model for synchronous IoT systems. In this presentation we describe in brief our framework, based on Denning’s security lattices, to derive correct and secure-by-construction implementations of Lustre programs. We also present our ongoing work on Vélus-Lustre compiler to transform secure Lustre programs into secure C programs.

Speaker: Haibo Zhang

Abstract: In software engineering, if two code fragments are closely similar with minor modifications, or even identical as a result of copy-paste behavior, they are called software/code clones. Code clones can cause trouble in software maintenance and the debugging process because identifying all copied compromised code fragments in other locations is time-consuming. Researchers have been studying code clone detection issues for a long time, and the discussion mainly focuses on software engineering management and system maintenance. Another considerable issue is that code cloning provides an easy way for attackers to maliciously inject code. A thorough survey of code clone identification/detection from the security perspective is indispensable for providing a comprehensive review of previous related studies and proposing potential research directions. We review and introduce previous security-related studies following three classifications and various comparison criteria. We then discuss three further research directions: (i) deep learning-based code clone vulnerability detection, (ii) vulnerable code clone detection for 5G-Internet of Things devices, and (iii) real-time detection methods for more efficiently detecting clone attacks. These methods are more advanced and adaptive to technological development and still have sufficient research space for future studies.

Speaker: Sandeep Kumar

Abstract: A trusted execution environment or a TEE facilitates the secure execution of an application on a remote untrusted server. In a TEE, the confidentiality, integrity, and freshness properties for the code and data hold throughout the execution. In a TEE setting, specifically Intel SGX, even the operating system (OS) is not trusted. This results in certain limitations of a secure application’s functionality, such as no access to the file system and network – as it requires OS support.
Prior works have focused on alleviating this problem by allowing an application to access the file system securely. However, we show that they are susceptible to replay attacks, where replaying an old encrypted version of a file may remain undetected. Furthermore, they do not consider the impact of Intel SGX operations on the design of the file system.
To this end, we present SecureFS, a secure, efficient, and scalable file system for Intel SGX that ensures confidentiality, integrity, and freshness of the data stored in it. SecureFS can work with unmodified binaries. SecureFS also considers the impact of Intel SGX to ensure optimal performance. We implement a prototype of SecureFS on a real Intel SGX machine. We incur a minimal overhead (≈1.8%) over the current state-of-the-art techniques while adding freshness to the list of security guarantees.

Speaker: Takeshi Masumoto

Abstract: The purpose of our research is to provide defense against code injection attacks on the system. Code injection attack is one of the most dangerous attacks to a system, which can even give an attacker a chance to fully compromise the system by executing arbitrary code. Moving Target Defense (MTD) can protect the system from attacks by dynamically changing the target area of attacks including vulnerability as well as reduce the reachability of attacks.
System call randomization is an MTD technique that disables code injection attacks by randomizing the mapping between system call numbers and the functions called by them. The purpose of system call randomization is to limit the processing and resources that the injected program can perform and access. As system calls are the only way for user applications to access system resources, randomizing system calls can give attackers more difficulty to achieve their goals, even if they can inject the program. Existing system call randomization techniques once performed randomization before loading the program, however, such methods only once in advance have no effect when information about randomization is disclosed to attackers. In this paper, we propose a method of re-randomizing multiple times at run-time to solve this problem. We implemented a script that directly edits the ELF executable format. In fact, as a result of running the script on a small program, we succeeded in generating a new executable file to which the method is applied. Our experiments show that run-time system call randomization is effective against code injection attacks, and this technique may also be applied to existing compiled programs.

Speaker: Alaa Allakany

Abstract: Cyber security education and training is very efficient element for security namely for securing IoT space, by training and increasing cybersecurity knowledge of the organizations’s users we can help organizations and institutes to avoid many attacks. Traditional training such as attending courses at universities, is not enough for training personnel in industry, and they are required to develop their skills in real or simulation scenarios. So, after the college student graduated they are forced to enroll in numerous certification programs in order to develop their skills that are not taught in college. However, the faculties are good at teaching and training, but, they have less resource and facing difficulties when they deploy an education courses by themselves especially for advance training such us education on penetration testing. Thus, in this research we use our pervious penetration testing framework for creating an effective cybersecurity E-learning courses. Our framework will work as a tool that can reflect the most updates threats and attacks scenarios and collects data and introduce it in an easy way for instructors to help them to create the course without any difficulties. We will show and example of a course that created based on our tool and the evolution.

Speaker: Samuel Wedaj

Abstract: The proliferation of application specific cyber-physical systems coupled with the emergence of a variety of attacks on such systems (malware such as Mirai and Hajime) underlines the need to secure such networks. Most existing security efforts have focused on only detection of the presence of malware. However given the ability of most attacks to spread through the network once they infect a few devices, it is important to contain the spread of a virus and at the same time systematically cleanse the impacted nodes using the communication capabilities of the network. Toward this end, we introduce a method and system to detect the application software’s corruption on an IoT node, and self corrects itself using its neighbors. This decentralized mechanism prevents the spread of self-propagating malware and can also be used as a technique for updating application code on IoT devices. We assess the performance of Airmed using the embedded systems security architecture of TrustLite in the OMNeT++simulator. The results show that our approach scales up to thousands of devices, ensures guaranteedupdate of the entire network, and can recover 95% of the nodes in 10 minutes in both internal and external propagation models. Moreover, we evaluate memory and communication costs and show that this approachis efficient and incurs very low overhead.

Speaker: Wei SHI

Abstract: Our WP aims to discuss the development of e-learning materials of IoT Security. In the past years, we have already proposed a new framework which supports the automatic generation of e-learning materials and quizzes based on the Linked Data. Our framework supports to include the 3D contents and 360-degree VR contents in the e-learning materials, which can simulate the real situations for obtaining better educational effects. Furthermore, we will discuss how to collect learners’ log data when they are using our e-learning materials for further analyzation. We apply two visually analyzing tools, Time Tunnel and Cubic Gantt Chart, to perform the visual data analyzation. By using these two tools, we hope to obtain the activity patterns of the learners in different score ranges. Based on the analyzation result, we can improve the created e-learning materials, or provide advice to help learners to effectively use our e-learning materials.

Speaker: Takatsugu Ono

Abstract: In this talk, we present an online program identification technique for a secure processor. Increasing the number of IoT devices, the demand for secure processing is growing. To improve the security of IoT devices, we employ an allowed-list approach. The allowed-list approach identifies the executing program is registered on the list or not.
We propose a new identification methodology consisting of two parts: a classifier and an identifier. We divide the program execution into small chunks and extract the behavior during execution. Then, we develop a classifier that compares the extracted behavior and the allowed list program’s behavior. Also, we propose an identification algorithm that can predict the program is registered on the allowed list or not based on the classification results. In our evaluation, we confirmed that our approach achieves about 80% accuracy executing only 30% of the programs.