skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Sensor Data Transplantation for Redundant Hardware Switchover in Micro Autonomous Vehicles
As our reliance on micro autonomous vehicles in- creases, security vulnerabilities and software defects threaten the successful completion of tasks and missions. Recent work has developed end-to-end toolchains that provide trusted and resilient operation in the face of defects and attacks. These toolchains enable automatically repairing (and patching) the control software in the event of a failure. Existing techniques force the subject control software to terminate and the vehicle to be motionless, making the restart or post-repair deployment more complex and slow. The challenge remains to ensure that vehicle control software can recover from attacks and defects quickly and safely, even while the target vehicle remains in motion. This paper presents a technique for faster, simpler, and seamless hardware switchover that operates while the vehicle is in motion. The key contribution is the ability to restart the control software post-repair while the vehicle is in motion by transplanting sensor data between onboard control computers to bypass a costly portion of initialization. Although existing check- point and restore methods allow software to recover execution at a known-functional state, they are not lightweight enough to support recovery during mission execution. Instead, our approach transplants known-good sensor data from a trusted, isolated execution environment in the onboard computing hardware. Our evaluation successfully reproduces prior simulation results in hardware. Further, sensor transplantation allows for successful initialization while in motion, reduces time-to-ready by 40%, and is robust to variances in sensor readings.  more » « less
Award ID(s):
2211751
PAR ID:
10545927
Author(s) / Creator(s):
; ;
Publisher / Repository:
IEEE
Date Published:
ISBN:
979-8-3503-6927-4
Page Range / eLocation ID:
135 to 146
Subject(s) / Keyword(s):
resilience, autonomous vehicles, redundant hardware
Format(s):
Medium: X
Location:
Hong Kong, Hong Kong
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; ; (, IEEE Design & Test)
    Recent advances in model piracy have uncovered a new security hole for malicious attacks endangering the Intellectual Property (IP) of Deep Learning (DL) systems. This manuscript features our research titled “DeepAttest: An End-toEnd Attestation Framework for Deep Neural Networks” [1] that is selected for the 2021 Top Picks in hardware and embedded security. DeepAttest is the first end-to-end framework that achieves reliable and efficient IP protection of DL devices with hardware-bounded usage control. We leverage device-specific model fingerprinting and Trusted Execution Environment (TEE) to ensure that only DL models with the device-specific fingerprint can run inference on protected hardware 
    more » « less
  2. ; (, 12th USENIX Workshop on Cyber Security Experimentation and Test)
    In this paper, we establish the importance of trusted time for the safe and correct operation of various applications. There are, however, challenges in securing time against hardware timer manipulation, software attacks, and ma- licious network delays on current systems. To provide security of time, we explore the timing capabilities of trusted execution technologies that put their root of trust in hardware. A key concern is that these technologies do not protect time integrity and are susceptible to various timing attacks by a malicious operating system and an untrusted network. We argue that it is essential to safeguard time-based primitives across all layers of a time stack – the hardware timers, platform software, and network time packets. This paper provides a detailed examination of vulnerabilities in current time services, followed by a set of requirements to build a secure time architecture. 
    more » « less
  3. (, ASHES '21: Proceedings of the 5th Workshop on Attacks and Solutions in Hardware Security)
    Speculative execution attacks like Spectre and Meltdown exploit hardware performance optimization features to illegally access a secret and then leak the secret to an unauthorized recipient. Many variants of speculative execution attacks (also called transient execution attacks) have been proposed in the last few years, and new ones are constantly being discovered. While software mitigations for some attacks have been proposed, they often cause very significant performance degradation. Hardware solutions are also being proposed actively by the research community, especially as these are attacks on hardware microarchitecture. In this talk, we identify the critical steps in a speculative attack, and the root cause of successful attacks. We define the concept of "security dependencies", which should be implemented to prevent data leaks and other security breaches. We propose a taxonomy of defense strategies and show how proposed hardware defenses fall under each defense strategy. We discuss security-performance tradeoffs, which can decrease the performance overhead while still preventing security breaches. We suggest design principles for future security-aware microarchitecture. 
    more » « less
  4. ; ; (, Architectural Support for Programming Languages and Operating Systems (ASPLOS))
    This paper presents CirFix, a framework for automatically repairing defects in hardware designs implemented in languages like Verilog. We propose a novel fault localization approach based on assignments to wires and registers, and a fitness function tailored to the hardware domain to bridge the gap between software-level automated program repair and hardware descriptions. We also present a benchmark suite of 32 defect scenarios corresponding to a variety of hardware projects. Overall, CirFix produces plausible repairs for 21/32 and correct repairs for 16/32 of the defect scenarios. This repair rate is comparable to that of successful program repair approaches for software, indicating CirFix is effective at bringing over the benefits of automated program repair to the hardware domain for the first time. 
    more » « less
  5. ; ; ; (, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems)
    RISC-V is a promising open source architecture that targets low-power embedded devices and SoCs. However, there is a dearth of practical and low-overhead security solutions in the RISC-V architecture. Programs compiled using RISC-V toolchains are still vulnerable to code injection and code reuse attacks such as buffer overflow and return-oriented programming (ROP). In this paper, we propose two hardware implemented security extensions to RISC-V that provides a defense mechanism against such attacks. We first employ a Physically Unclonable Function (PUF)-based randomized canary generation technique that removes the need to store the sensitive canary words in memory or CPU registers, thereby being more secure, while incurring low overheads. We implement the proposed Canary Engine in RISC-V RocketChip with Rocket Custom Coprocessor (RoCC). Simulation results show 2.2% average execution overhead with a single buffer protection, while a 10X increase in buffer count only increases the overhead by 1.5X when protection is extended to all buffers. We further improve upon this with a dedicated security coprocessor FIXER, implemented on the RoCC. FIXER enforces fine-grained control-flow integrity (CFI) of running programs on backward edges (returns) and forward edges (calls) without requiring any architectural modifications to the processor core. Compared to software-based solutions, FIXER reduces energy overhead by 60% at minimal execution time (1.5%) and area (2.9%) overheads. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email