skip to main content


Search for: All records

Creators/Authors contains: "Zhang, Ning"

Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).
What is a DOI Number?

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

  1. With the proliferation of safety-critical real-time systems in our daily life, it is imperative that their security is protected to guarantee their functionalities. To this end, one of the most powerful modern security primitives is the enforcement of data flow integrity. However, the run-time overhead can be prohibitive for real-time cyber-physical systems. On the other hand, due to strong safety requirements on such real-time cyber-physical systems, platforms are often designed with enough reservation such that the system remains real-time even if it is experiencing the worst-case execution time. We conducted a measurement study on eight popular CPS systems and found the worst-case execution time is often at least five times the average run time. In this paper, we propose opportunistic data flow integrity, OP-DFI, that takes advantage of the system reservation to enforce data flow integrity to the CPS software. To avoid impacting the real-time property, OP-DFI tackles the challenge of slack estimation and run-time policy swapping to take advantage of the extra time in the system opportunistically. To ensure the security protection remains coherent, OP-DFI leverages in-line reference monitors and hardware-assisted features to perform dynamic fine-grained sandboxing. We evaluated OP-DFI on eight real-time CPS. With a worst-case execution time overhead of 2.7%, OP-DFI effectively performs DFI checking on 95.5% of all memory operations and 99.3% of safety-critical control-related memory operations on average. 
    more » « less
    Free, publicly-accessible full text available August 14, 2025
  2. Free, publicly-accessible full text available June 1, 2025
  3. Plants and animals detect biomolecules termed microbe-associated molecular patterns (MAMPs) and induce immunity. Agricultural production is severely impacted by pathogens which can be controlled by transferring immune receptors. However, most studies use a single MAMP epitope and the impact of diverse multicopy MAMPs on immune induction is unknown. Here, we characterized the epitope landscape from five proteinaceous MAMPs across 4,228 plant-associated bacterial genomes. Despite the diversity sampled, natural variation was constrained and experimentally testable. Immune perception in bothArabidopsisand tomato depended on both epitope sequence and copy number variation. For example, Elongation Factor Tu is predominantly single copy, and 92% of its epitopes are immunogenic. Conversely, 99.9% of bacterial genomes contain multiple cold shock proteins, and 46% carry a nonimmunogenic form. We uncovered a mechanism for immune evasion, intrabacterial antagonism, where a nonimmunogenic cold shock protein blocks perception of immunogenic forms encoded in the same genome. These data will lay the foundation for immune receptor deployment and engineering based on natural variation.

     
    more » « less
    Free, publicly-accessible full text available June 4, 2025
  4. Sinnott, Susan (Ed.)
    Biological materials have consistently intrigued researchers due to their remarkable properties and intricate structure–property-function relationships. Deciphering the pathways through which nature has bestowed its exceptional properties represents a complex challenge. The hierarchical architectures of biomaterials are recognized as the basis for mechanical robustness. Moreover, it is well-established that the intriguing properties of biomaterials arise primarily from the architecture at the nanoscale, particularly the abundant carefully designed interfaces. Driven by the diverse functionality and the increasing comprehension of the underlying design mechanisms in biomaterials, substantial endeavors have been directed toward emulating the architectures and interactions in synthetic materials. By reviewing atomistic modeling of nacre, wood, and coconut endocarp, in this work, we aim at highlighting the significant role of atomistic modeling in revealing nanoscale strengthening and toughening mechanisms of biomaterials, subsequently advancing the development of bioinspired material. 
    more » « less
    Free, publicly-accessible full text available January 25, 2025
  5. The rapid development of deep neural networks and generative AI has catalyzed growth in realistic speech synthesis. While this technology has great potential to improve lives, it also leads to the emergence of ''DeepFake'' where synthesized speech can be misused to deceive humans and machines for nefarious purposes. In response to this evolving threat, there has been a significant amount of interest in mitigating this threat by DeepFake detection. Complementary to the existing work, we propose to take the preventative approach and introduce AntiFake, a defense mechanism that relies on adversarial examples to prevent unauthorized speech synthesis. To ensure the transferability to attackers' unknown synthesis models, an ensemble learning approach is adopted to improve the generalizability of the optimization process. To validate the efficacy of the proposed system, we evaluated AntiFake against five state-of-the-art synthesizers using real-world DeepFake speech samples. The experiments indicated that AntiFake achieved over 95% protection rate even to unknown black-box models. We have also conducted usability tests involving 24 human participants to ensure the solution is accessible to diverse populations. 
    more » « less
  6. Graphics Processing Units (GPU) are increasingly deployed on Cyber-physical Systems (CPSs), frequently used to perform real-time safety-critical functions, such as object detection on autonomous vehicles. As a result, availability is important for GPU tasks in CPS platforms. However, existing Trusted Execution Environments (TEE) solutions with availability guarantees focus only on CPU computing.To bridge this gap, we propose AvaGPU, a TEE that guarantees real-time availability for CPU tasks involving GPU execution under compromised OS. There are three technical challenges. First, to prevent malicious resource contention due to separate scheduling of CPU and GPU tasks, we proposed a CPU-GPU co-scheduling framework that couples the priority of CPU and GPU tasks. Second, we propose software-based secure preemption on GPU tasks to bound the degree of priority inversion on GPU. Third, we propose a new split design of GPU driver with minimized Trusted Computing Base (TCB) to achieve secure and efficient GPU management for CPS. We implement a prototype of AvaGPU on the Jetson AGX Orin platform. The system is evaluated on benchmark, synthetic tasks, and real-world applications with 15.87% runtime overhead on average. 
    more » « less
    Free, publicly-accessible full text available November 15, 2024
  7. The Butterfly Attack, introduced in an RTSS 2019 paper, was billed as a new kind of timing attack against control loops in cyber-physical systems. We conduct a close inspection of the Butterfly Attack in order to identify the root vulnerability that it exploits, and show that an appropriate application of real-time scheduling theory provides an effective countermeasure. We propose improved defenses against this and similar attacks by drawing upon techniques from real-time scheduling theory, control theory, and systems implementation, that are both provably secure and are able to make efficient use of computing resources. 
    more » « less
  8. The coconut shell consists of three distinct layers: the skin-like outermost exocarp, the thick fibrous mesocarp, and the hard and tough inner endocarp. In this work, we focused on the endocarp because it features a unique combination of superior properties, including low weight, high strength, high hardness, and high toughness. These properties are usually mutually exclusive in synthesized composites. The microstructures of the secondary cell wall of the endocarp at the nanoscale, in which cellulose microfibrils are surrounded by hemicellulose and lignin, were generated. All-atom molecular dynamics simulations with PCFF force field were conducted to investigate the deformation and failure mechanisms under uniaxial shear and tension. Steered molecular dynamics simulations were carried out to study the interaction between different types of polymer chains. The results demonstrated that cellulose–hemicellulose and cellulose–lignin exhibit the strongest and weakest interactions, respectively. This conclusion was further validated against the DFT calculations. Additionally, through shear simulations of sandwiched polymer models, it was found that cellulose–hemicellulose-cellulose exhibits the highest strength and toughness, while cellulose–lignin-cellulose shows the lowest strength and toughness among all tested cases. This conclusion was further confirmed by uniaxial tension simulations of sandwiched polymer models. It was revealed that hydrogen bonds formed between the polymer chains are responsible for the observed strengthening and toughening behaviors. Additionally, it was interesting to note that failure mode under tension varies with the density of amorphous polymers located between cellulose bundles. The failure mode of multilayer polymer models under tension was also investigated. The findings of this work could potentially provide guidelines for the design of coconut-inspired lightweight cellular materials. 
    more » « less
  9. Recent advances in large language models (LMs) have facilitated their ability to synthesize programming code. However, they have also raised concerns about intellectual property (IP) rights violations. Despite the significance of this issue, it has been relatively less explored. In this paper, we aim to bridge the gap by presenting CODEIPPROMPT, a platform for automatic evaluation of the extent to which code language models may reproduce licensed programs. It comprises two key components: prompts constructed from a licensed code database to elicit LMs to generate IP-violating code, and a measurement tool to evaluate the extent of IP violation of code LMs. We conducted an extensive evaluation of existing open-source code LMs and commercial products, and revealed the prevalence of IP violations in all these models. We further identified that the root cause is the substantial proportion of training corpus subject to restrictive licenses, resulting from both intentional inclusion and inconsistent license practice in the real world. To address this issue, we also explored potential mitigation strategies, including fine-tuning and dynamic token filtering. Our study provides a testbed for evaluating the IP violation issues of the existing code generation platforms and stresses the need for a better mitigation strategy. 
    more » « less
    Free, publicly-accessible full text available July 23, 2024
  10. Tiny machine learning (TinyML) is an essential component of emerging smart microcontrollers (MCUs). However, the protection of the intellectual property (IP) of the model is an increasing concern due to the lack of desktop/server-grade resources on these power-constrained devices. In this paper, we propose STML, a system and algorithm co-design to Secure IP of TinyML on MCUs with ARM TrustZone. Our design jointly optimizes memory utilization and latency while ensuring the security and accuracy of emerging models. We implemented a prototype and benchmarked with 7 models, demonstrating STML reduces 40% of model protection runtime overhead on average. 
    more » « less