Search for: All records

Although the importance of using static taint analysis to detect taint-style vulnerabilities in Linux-based embedded firmware is widely recognized, existing approaches are plagued by following major limitations: (a) Existing works cannot properly handle indirect call on the path from attacker-controlled sources to security-sensitive sinks, resulting in lots of false negatives. (b) They employ heuristics to identify mediate taint source and it is not accurate enough, which leads to high false positives. To address issues, we propose EmTaint, a novel static approach for accurate and fast detection of taint-style vulnerabilities in Linux-based embedded firmware. In EmTaint, we first design a structured symbolic expression-based (SSE-based) on-demand alias analysis technique. Based on it, we come up with indirect call resolution and accurate taint analysis scheme. Combined with sanitization rule checking, EmTaint can eventually discovers a large number of taint-style vulnerabilities accurately within a limited time. We evaluated EmTaint against 35 real-world embedded firmware samples from six popular vendors. The result shows EmTaint discovered at least 192 vulnerabilities, including 41 n-day vulnerabilities and 151 0-day vulnerabilities. At least 115 CVE/PSV numbers have been allocated from a subset of the reported vulnerabilities at the time of writing. Compared with state-of-the-art tools such as KARONTE and SaTC, EmTaint found significantly more vulnerabilities on the same dataset in less time. 

This work demonstrates a novel junction termination extension (JTE) with a graded charge profile for vertical GaN p-n diodes. The fabrication of this JTE obviates GaN etch and requires only a single-step implantation. A bi-layer photoresist is used to produce an ultra-small bevel angle (~0.1°) at the sidewall of a dielectric layer. This tapered dielectric layer is then used as the implantation mask to produce a graded charge profile in p-GaN. The fabricated GaN p-n diodes show a breakdown voltage ( BV ) of 1.7 kV (83% of the parallel-plane limit) with positive temperature coefficient, as well as a high avalanche current density over 1100 A/cm 2 at BV in the unclamped inductive switching test. This robust avalanche is ascribed to the migration of the major impact ionization location from the JTE edge to the main junction. This single-implant, efficient, avalanche-capable JTE can potentially become a building block of many vertical GaN devices, and its fabrication technique has wide device and material applicability. 

We report the first experimental demonstration of a vertical superjunction device in GaN. P-type nickel oxide (NiO) is sputtered conformally in 6μm deep n-GaN trenches. Sputter recipe is tuned to enable 1017 cm −3 level acceptor concentration in NiO, easing its charge balance with the 9×1016 cm −3 doped n-GaN. Vertical GaN superjunction p-n diodes (SJ-PNDs) are fabricated on both native GaN and low-cost sapphire substrates. GaN SJ-PNDs on GaN and sapphire both show a breakdown voltage (BV) of 1100 V, being at least 900 V higher than their 1-D PND counterparts. The differential specific on-resistance (RON,SP) of the two SJ-PNDs are both 0.3mΩ⋅ cm 2 , with the drift region resistance (RDR,SP) extracted to be 0.15mΩ⋅ cm 2 . The RON,SP∼BV trade-off is among the best in GaN-on-GaN diodes and sets a new record for vertical GaN devices on foreign substrates. The RDR,SP∼BV trade-off exceeds the 1-D GaN limit, fulfilling the superjunction functionality in GaN. 

Medium-voltage (MV) power electronic devices are widely used in renewable energy processing, electric grids, pulse power systems, etc. Current MV devices are mainly made of Si and SiC. This paper presents our recent efforts in developing a new generation of MV devices based on the multi-channel AlGaN/GaN platform and many new device designs involving charge balance, fin, and Cascode. The specific on-resistance of our 10 kV-class GaN Schottky barrier diodes and normally-OFF transistors is ~40 mΩ•cm 2 , rendering a Baliga’s figure of merit exceeding the 1-D unipolar SiC limits. We show the great promise of GaN in medium and high-voltage power applications. 

Novel anti‐ambipolar transistors (AATs) are gate tunable rectifiers with a marked potential for multi‐valued logic circuits. In this work, the optoelectronic applications of AATs in cryogenic conditions are studied, of which the AAT devices consist of vertically stackedp‐SnS andn‐MoSe₂nanoflakes to form a type‐II staggered band alignment. An electrostatically tunable p‐SnS/n‐MoSe₂cryo‐phototransistor is presented with unique anti‐ambipolar characteristics and cryogenic‐enhanced optoelectronic performance. The cryo‐phototransistor exhibits a sharp and highly symmetric anti‐ambipolar transfer curve at 77 K with the peak‐to‐valley ratio of 10³operating under a low bias voltage of 1 V. The high cooling‐enhanced charge mobilities in the cryo‐phototransistor grant this AAT device remarkable photodetection capabilities. At 77 K, thep‐SnS/n‐MoSe₂cryo‐phototransistor, holding a broad photoresponse in the spectral range of 250−900 nm, demonstrates its high responsivity of 2 × 10⁴ A W⁻¹and detectivity of 7.5 × 10¹³ Jones with the excitation at 532 nm. The high‐performancep‐SnS/n‐MoSe₂low‐dimensional phototransistor with low operating voltages at 77−150 K is eligible for optoelectronic applications in cryogenic environments. Furthermore, the cryo‐characteristics of this heterostructure can be further extended to design the mul‐tivalued logic circuits operated in cryogenic conditions.