More Like this

1. Enabling per-file data recovery from ransomware attacks via file system forensics and flash translation layer data extraction

   https://doi.org/10.1186/s42400-024-00287-9  

   Dafoe, Josh; Chen, Niusen; Chen, Bo; Wang, Zhenlin (December 2024, Cybersecurity)

   Abstract Ransomware attacks are increasingly prevalent in recent years. Crypto-ransomware corrupts files on an infected device and demands a ransom to recover them. In computing devices using flash memory storage (e.g., SSD, MicroSD, etc.), existing designs recover the compromised data by extracting the entire raw flash memory image, restoring the entire external storage to a good prior state. This is feasible through taking advantage of the out-of-place updates feature implemented in the flash translation layer (FTL). However, due to the lack of “file” semantics in the FTL, such a solution does not allow a fine-grained data recovery in terms of files. Considering the file-centric nature of ransomware attacks, recovering the entire disk is mostly unnecessary. In particular, the user may just wish a speedy recovery of certain critical files after a ransomware attack. In this work, we have designed$$\textsf{FFRecovery}$$ $\mathrm{FFRecovery}$, a new ransomware defense strategy that can support fine-grained per file data recovery after the ransomware attack. Our key idea is that, to restore a file corrupted by the ransomware, we (1) restore its file system metadata via file system forensics, and (2) extract its file data via raw data extraction from the FTL, and (3) assemble the corresponding file system metadata and the file data. Another essential aspect of$$\textsf{FFRecovery}$$ $\mathrm{FFRecovery}$is that we add a garbage collection delay and freeze mechanism into the FTL so that no raw data will be lost prior to the recovery and, additionally, the raw data needed for the recovery can be always located. A prototype of$$\textsf{FFRecovery}$$ $\mathrm{FFRecovery}$has been developed and our experiments using real-world ransomware samples demonstrate the effectiveness of$$\textsf{FFRecovery}$$ $\mathrm{FFRecovery}$. We also demonstrate that$$\textsf{FFRecovery}$$ $\mathrm{FFRecovery}$has negligible storage cost and performance impact. 

   more » « less
2. Canalis: A Throughput-Optimized Framework for Real-Time Stream Processing of Wireless Communication

   https://doi.org/10.1145/3695880  

   Chen, Kuan-Yu; Mason_Nelson, Thomas; Khadem, Alireza; Fayazi, Morteza; Singapuram, Sanjay_Sri Vallabh; Dreslinski, Ronald; Talati, Nishil; Kim, Hun-Seok; Blaauw, David (December 2024, ACM Transactions on Reconfigurable Technology and Systems)

   Stream processing, which involves real-time computation of data as it is created or received, is vital for various applications, specifically wireless communication. The evolving protocols, the requirement for high-throughput, and the challenges of handling diverse processing patterns make it demanding. Traditional platforms grapple with meeting real-time throughput and latency requirements due to large data volume, sequential and indeterministic data arrival, and variable data rates, leading to inefficiencies in memory access and parallel processing. We present Canalis, a throughput-optimized framework designed to address these challenges, ensuring high-performance while achieving low energy consumption. Canalis is a hardware-software co-designed system. It includes a programmable spatial architecture, Flux Stream Processing Unit (FluxSPU), proposed by this work to enhance data throughput and energy efficiency. FluxSPU is accompanied by a software stack that eases the programming process. We evaluated Canalis with eight distinct benchmarks. When compared to CPU and GPU in mobile SoC to demonstrate the effectiveness of domain specialization, Canalis achieves an average speedup of 13.4\(\times\)and 6.6\(\times\), and energy savings of 189.8\(\times\)and 283.9\(\times\), respectively. In contrast to equivalent ASICs of the benchmarks, the average energy overhead of Canalis is within 2.4\(\times\), successfully maintaining generalizations without incurring significant overhead. 

   more » « less
3. Tiny Pointers

   https://doi.org/10.1145/3700594  

   Bender, Michael A; Conway, Alex; Farach-Colton, Martín; Kuszmaul, William; Tagliavini, Guido (October 2024, ACM Transactions on Algorithms)

   This paper introduces a new data-structural object that we call the tiny pointer. In many applications, traditional\(\log n\)-bit pointers can be replaced with\(o(\log n)\)-bit tiny pointers at the cost of only a constant-factor time overhead and a small probability of failure. We develop a comprehensive theory of tiny pointers, and give optimal constructions for both fixed-size tiny pointers (i.e., settings in which all of the tiny pointers must be the same size) and variable-size tiny pointers (i.e., settings in which the average tiny-pointer size must be small, but some tiny pointers can be larger). If a tiny pointer references an item in an array filled to load factor\(1-\delta\), then the optimal tiny-pointer size is\(\Theta(\log\log\log n+\log\delta^{-1})\)bits in the fixed-size case, and\(\Theta(\log\delta^{-1})\)expected bits in the variable-size case. Our tiny-pointer constructions also require us to revisit several classic problems having to do with balls and bins; these results may be of independent interest. Using tiny pointers, we apply tiny pointers to five classic data-structure problems. We show that:A data structure storing\(n\)\(v\)-bit values for\(n\)keys with constant-factor time modifications/queries can be implemented to take space\(nv+O(n\log^{(r)}n)\)bits, for any constant\(r\gt0\), as long as the user stores a tiny pointer of expected size\(O(1)\)with each key—here,\(\log^{(r)}n\)is the\(r\)-th iterated logarithm.Any binary search tree can be made succinct, meaning that it achieves\((1+o(1))\)times the optimal space, with constant-factor time overhead, and can even be made to be within\(O(n)\)bits of optimal if we allow for\(O(\log^{*}n)\)-time modifications—this holds even for rotation-based trees such as the splay tree and the red-black tree.Any fixed-capacity key-value dictionary can be made stable (i.e., items do not move once inserted) with constant-factor time overhead and\((1+o(1))\)-factor space overhead.Any key-value dictionary that requires uniform-size values can be made to support arbitrary-size values with constant-factor time overhead and with an additional space consumption of\(\log^{(r)}n+O(\log j)\)bits per\(j\)-bit value for an arbitrary constant\(r\gt0\)of our choice.Given an external-memory array\(A\)of size\((1+\varepsilon)n\)containing a dynamic set of up to\(n\)key-value pairs, it is possible to maintain an internal-memory stash of size\(O(n\log\varepsilon^{-1})\)bits so that the location of any key-value pair in\(A\)can be computed in constant time (and with no IOs). In each case tiny pointers allow for us to take a natural space-inefficient solution that uses pointers and make it space-efficient for free. 

   more » « less
4. Sprout: A Verifier for Symbolic Multiparty Protocols

   https://doi.org/10.1007/978-3-031-98682-6_16  

   Li, Elaine; Stutz, Felix; Wies, Thomas; Zufferey, Damien (July 2025, Springer Nature Switzerland)

   Abstract We presentSprout, the first sound and complete implementability checker for symbolic multiparty protocols.Sproutsupports protocols with dependent refinements on message values, loop memory, and multiparty communication with generalized, sender-driven choice.Sproutchecks implementability via an optimized, sound and complete reduction to the fixpoint logic$$\mu $$ $\mu$CLP, and usesMuValas a backend solver for$$\mu $$ $\mu$CLP instances. We evaluateSprouton an extended benchmark suite of implementable and non-implementable examples, and show thatSproutoutperforms its competititors in terms of expressivity and precision, and provides competitive runtime performance.Sproutadditionally provides support for verifying custom functional correctness properties beyond implementability. 

   more » « less
5. Opportunistic Data Flow Integrity for Real-time Cyber-physical Systems Using Worst Case Execution Time Reservation

   Wang, Yujie; Li, Ao; Wang, Jinwen; Baruah, Sanjoy; Zhang, Ning (August 2024, Proceedings of the 33rd USENIX Conference on Security Symposium)

   With the proliferation of safety-critical real-time systems in our daily life, it is imperative that their security is protected to guarantee their functionalities. To this end, one of the most powerful modern security primitives is the enforcement of data flow integrity. However, the run-time overhead can be prohibitive for real-time cyber-physical systems. On the other hand, due to strong safety requirements on such real-time cyber-physical systems, platforms are often designed with enough reservation such that the system remains real-time even if it is experiencing the worst-case execution time. We conducted a measurement study on eight popular CPS systems and found the worst-case execution time is often at least five times the average run time. In this paper, we propose opportunistic data flow integrity, OP-DFI, that takes advantage of the system reservation to enforce data flow integrity to the CPS software. To avoid impacting the real-time property, OP-DFI tackles the challenge of slack estimation and run-time policy swapping to take advantage of the extra time in the system opportunistically. To ensure the security protection remains coherent, OP-DFI leverages in-line reference monitors and hardware-assisted features to perform dynamic fine-grained sandboxing. We evaluated OP-DFI on eight real-time CPS. With a worst-case execution time overhead of 2.7%, OP-DFI effectively performs DFI checking on 95.5% of all memory operations and 99.3% of safety-critical control-related memory operations on average. 

   more » « less