IEEE Transactions on Dependable and Secure Computing

PrePrint: Steward: Scaling Byzantine Fault-Tolerant Replication to Wide Area Networks

This paper presents the first hierarchical Byzantine fault-tolerant replication architecture suitable to systems that span multiple wide area sites. The architecture confines the effects of any malicious replica to its local site, reduces message complexity of wide area communication, and allows read-only queries to be performed locally within a site for the price of additional standard hardware. We present proofs that our algorithm provides safety and liveness properties. A prototype implementation is evaluated over several network topologies and is compared with a flat Byzantine fault-tolerant approach. The experimental results show considerable improvement over flat Byzantine replication algorithms, bringing the performance of Byzantine replication closer to existing benign fault-tolerant replication techniques over wide area networks.

PrePrint: A Novel Bicriteria Scheduling Heuristics Providing a Guaranteed Global System Failure Rate.

We propose a new framework for the (length,reliability) bicriteria static multiprocessor scheduling problem. Our first criteria remains the static schedule's length: this is crucial to assess the system's real-time property. For our second criteria, we consider the global system failure rate, seen as if the whole system were a single task scheduled onto a single processor, instead of the usual reliability, because it does not depend on the schedule length like the reliability does (due to its computation in the classical reliability model of Shatz and Wang). Therefore, we control better the replication factor of each individual task of the dependency task graph given as a specification, with respect to the desired failure rate. To solve this bicriteria optimization problem, we take the failure rate as a constraint, and we minimize the schedule length. We are thus able to produce, for a given dependency task graph and multiprocessor architecture, a Pareto curve of non-dominated solutions, among which the user can choose the compromise that fits his requirements best. Compared to the other bicriteria (length,reliability) scheduling algorithms found in the literature, the algorithm we present here is the first able to improve significantly the reliability, by several orders of magnitude, making it suitable to safety critical systems.

IEEE Transactions on Dependable and Secure Computing - July-September 2008 (Vol. 5, No. 3)

IEEE Transactions on Dependable and Secure Computing

PrePrint: Conformance Testing of Temporal Role-Based Access Control Systems

Access control is a key security service at the foundation of information and system security. It has been extended with temporal constraints to support real-time considerations. Conformance testing of an access control implementation is crucial to ensure that it correctly enforces any required temporal and non-temporal policies for access control. We propose an approach for conformance testing of implementations required to enforce access control policies specified using Temporal Role Based Access Control (TRBAC) model. The proposed approach uses Timed Input Output Automata (TIOA) to model the behavior specified by a TRBAC policy. The TIOA model is then transformed to a deterministic se-FSA model that captures any temporal constraint by using two special events {\it Set} and {\it Exp}. Finally we adapt the W-method and use an integer programming based approach to construct a conformance test suite from the transformed model. The conformance test suite so generated provides complete fault coverage with respect to the proposed fault model for TRBAC specifications.

PrePrint: Beyond Output Voting: Detecting Compromised Replicas Using HMM-based Behavioral Distance

Many host-based anomaly detection techniques have been proposed to detect code-injection attacks on servers. The vast majority, however, are susceptible to "mimicry" attacks in which the injected code masquerades as the original server software, including returning the correct service responses, while conducting its attack. "Behavioral distance", by which two diverse replicas processing the same inputs are continually monitored to detect divergence in their low-level (system-call) behaviors and hence potentially the compromise of one of them, has been proposed for detecting mimicry attacks. In this paper, we present a novel approach to behavioral distance measurement using a new type of Hidden Markov Model, and present an architecture realizing this new approach. We evaluate the detection capability of this approach using synthetic workloads and recorded workloads of production web and game servers, and show that it detects intrusions with substantially greater accuracy than a prior proposal on measuring behavioral distance. We also detail the design and implementation of a new architecture, which takes advantage of virtualization to measure behavioral distance. We apply our architecture to implement intrusion-tolerant web and game servers, and through trace-driven simulations demonstrate that it experiences moderate performance costs even when thresholds are set to detect stealthy mimicry attacks.

PrePrint: Designing Dependable Storage Solutions for Shared Application Environments

The costs of data loss and unavailability can be large, so businesses use many data protection techniques, such as remote mirroring, snapshots, and backups, to guard against failures. Choosing an appropriate combination of techniques is difficult because there are numerous approaches for protecting data and allocating resources. Storage system designers typically use ad hoc techniques, often resulting in over-engineered, expensive solutions or under-provisioned, inadequate ones. In contrast, this paper presents a principled, automated approach for designing dependable storage solutions for multiple applications in shared environments. Our contributions include search heuristics for intelligently exploring the large design space and modeling techniques for capturing interactions between applications during recovery. Using realistic storage system requirements, we show that our design tool produces designs that cost up to 2 times less in initial outlays and expected data penalties than the designs produced by an emulated human design process. Additionally, we compare our design tool to a random search heuristic and a genetic algorithm meta-heuristic, and show that our approach consistently produces better designs for the cases we have studied. Finally, we study the sensitivity of our design tool to several input parameters.

PrePrint: Is Asynchronous Logic More Robust than Synchronous Logic?

With clock rates beyond 1 GHz the model of a system-wide synchronous clock is becoming difficult to maintain, therefore asynchronous design styles are increasingly receiving attention. While the traditional synchronous design style is well-proven and backed up by a rich field experience, comparatively little is known about the properties of asynchronous circuits in practical application. In the face of increased transient fault rates, robustness is a crucial property, and from a conceptual view the so called "delay insensitive" asynchronous design approaches promise to be more robust than synchronous ones, since their operation does not depend on tight timing margins, and data are two-rail coded. A practical assessment of asynchronous designs in fault injection studies does, however, not exist, nor are there adequate methods and tools in this particular domain available. Therefore the objective of this work is (a) to provide a common approach for efficient and accurate fault injection in synchronous and in asynchronous designs, and (b) to experimentally compare the robustness of both synchronous and asynchronous designs. To this end a synchronous 16 bit processor as well as its asynchronous equivalent are subjected to signal flips and delay faults. The results of over 489 million experiments are summarized and discussed, and a detailed comparison is given.

PrePrint: Dual-Quorum: A Highly Available and Consistent Replication System for Edge Services

This article introduces dual-quorum replication, a novel data replication algorithm designed to support Internet edge services. Edge services allow clients to access Internet services via distributed edge servers that operate on a shared collection of underlying data. Although it is generally difficult to share data while providing high availability, good performance, and strong consistency, replication algorithms designed for specific access patterns can offer nearly ideal trade-offs among these metrics. In this article, we focus on the key problem of sharing read/write data objects across a collection of edge servers when the references to each object (a) tend not to exhibit high concurrency across multiple nodes and (b) tend to exhibit bursts of read-dominated or write-dominated behavior. Dual-quorum replication combines volume leases and quorum based techniques to achieve availability, response time, and consistency for such workloads. In particular, through both analytical and experimental evaluation, we show that the dual-quorum protocol can (for the workloads of interest) approach the optimal performance and availability of Read-One/Write-All-Asynchronously (ROWA-A) epidemic algorithms without suffering the weak consistency guarantees and resulting design complexity inherent in ROWA-A systems.

PrePrint: An Advanced Hybrid Peer-to-Peer Botnet

A "botnet" consists of a network of compromised computers controlled by an attacker ("botmaster"). Recently botnets have become the root cause of many Internet attacks. To be well prepared for future attacks, it is not enough to study how to detect and defend against the botnets that have appeared in the past. More importantly, we should study advanced botnet designs that could be developed by botmasters in the near future. In this paper, we present the design of an advanced hybrid peer-to-peer botnet. Compared with current botnets, the proposed botnet is harder to be shut down, monitored, and hijacked. It provides robust network connectivity, individualized encryption and control traffic dispersion, limited botnet exposure by each bot, and easy monitoring and recovery by its botmaster. In the end, we suggest and analyze several possible defenses against this advanced botnet.

PrePrint: Semi-Concurrent On-Line Testing of Transition Faults Through Output Response Comparison of Identical Circuits

We describe a method for on-line testing of delay faults based on the comparison of output responses of identical circuits. The method allows one of the circuits to participate in useful computations during the testing process, while the other circuit must be idle. We refer to this method as semi-concurrent on-line testing. While unknown input vectors are applied to the circuit that participates in useful computations, the proposed method applies modified vectors to the idle circuit. In this way, different conditions are created for the detection of delay faults, allowing identical delay faults that affect both circuits to be detected. In designing the modified vectors, we ensure that the expected fault free responses of the two circuits are identical. We also ensure that the hardware for modifying the vectors applied to the idle circuit will be easy to implement on-chip.

PrePrint: Cryptanalysis of a New Ultralightweight RFID Authentication Protocol - SASI

Since RFID tags are ubiquitous and at times even oblivious to the human user, all modern RFID protocols are designed to resist tracking so that the location privacy of the human RFID user is not violated. Another design criterion for RFIDs is the low computational effort required for tags, in view that most tags are passive devices that derive power from an RFID reader's signals. Along this vein, a class of ultra-lightweight RFID authentication protocols have been designed that use only the most basic bitwise and arithmetic operations like exclusive-OR, OR, addition, rotation, etc. In this paper, we analyze the security of the SASI protocol, a recently proposed ultra-lightweight RFID protocol with better claimed security than earlier protocols. We show that SASI does not achieve resistance to tracking, which is one of its design objectives.

PrePrint: Security Analysis of the SASI Protocol

The ultralightweight RFID protocols only involve simple bit-wise operations (like XOR, AND, OR, etc.) on tags. In this paper, we show that the ultralightweight strong authentication and strong integrity (SASI) protocol has two security vulnerabilities, namely denial-of-service (DoS) and anonymity tracing based on a compromised tag. The former permanently disables the authentication capability of a RFID tag by destroying synchronization between the tag and the RFID reader. The latter links a compromised tag with past actions performed on this tag.

PrePrint: Using Underutilized CPU Resources to Enhance Its Reliability

Soft errors are temporary faults that arise in a circuit due to a variety of internal noise and external sources. Though soft errors still occur infrequently, they are rapidly becoming a major impediment to processor reliability. This is due primarily to processor scaling characteristics. As the feature size keeps shrinking and the proliferation of multiprocessor-on-die in all segments of computer based systems, the capability to detect and recover from faults is also desired for commodity hardware. For such systems, however, performance and power constitute the main drivers, so the traditional solutions prove inadequate. We introduce two independent and complementary micro-architecture level techniques: Double Execution and Double Decoding. Both exploit the low average processor resource utilization that characterizes modern processors to help enhance processor reliability. Double Execution protects the Out-Of-Order part of the CPU by executing each instruction twice. Double Decoding uses a second, low-performance, low-power instruction decoder in order to detect soft errors in the decoder logic. We show that these techniques improve the processor's reliability with relatively low performance, power and hardware overheads, and their implementation is moreover simple. Finally, the resulting "excessive" reliability can even be traded back for performance by increasing clock rate and/or reducing voltage, thereby improving upon single execution approaches.

PrePrint: SigFree: A Signature-Free Buffer Overflow Attack Blocker

We propose SigFree, signature-free, out-of-the-box method for blocking code-injection buffer overflow attack messages targeting at various Internet services such as web service. Motivated by the observation that buffer overflow attacks typically contain executables whereas legitimate client requests never contain executables in most Internet services, SigFree blocks attacks by detecting the presence of code. Unlike the previous code detection algorithms, SigFree uses a new data-flow analysis technique called code abstraction that is generic, fast and hard for exploit code to evade. SigFree first blindly dissembles and extracts instruction sequences from a request. It then applies a novel technique, which uses new data flow anomaly to prune useless instructions in an instruction sequence. Finally it compares the number of useful instructions or dependent degree to a threshold to determine if this instruction sequence contains code. SigFree is signature free, thus it can block new and unknown buffer overflow attacks; SigFree is also immunized from most attack-side code obfuscation methods. Since SigFree is a transparent deployment to the servers being protected, it is good for economical Internet wide deployment with very low deployment and maintenance cost. Our experimental study shows that the dependency-degree based SigFree could block all types of code-injection attack packets (above 750) tested in our experiments with very few false positives.

PrePrint: Chasing the Weakest System Model for Implementing Ω and Consensus

Aguilera et al. and Malkhi et al. have presented two system models, which are weaker than all previously proposed models where the eventual leader election oracle Ω can be implemented and thus also consensus can be solved. The former model assumes assumes unicast steps and at least one correct process with ƒ outgoing eventually timely links, whereas the latter assumes broadcast steps and at least one correct process with ƒ bidirectional but moving eventually timely links. Consequently, those models are incomparable. In this paper, we show that Ω can also be implemented in a system with at least one process with ƒ outgoing moving eventually timely links, assuming either unicast or broadcast steps. It seems to be the weakest system model that allows to solve consensus via Ω-based algorithms known so far. We also provide matching lower bounds for the communication complexity of Ω in this model, which are based on an interesting "stabilization property" of infinite runs. Those results reveal a fairly high price to be paid for the further relaxation of synchrony properties.

PrePrint: A Survey on the Encryption of Convergecast-Traffic with In-Network Processing

We present an overview of end-to-end encryption solutions for convergecast-traffic in wireless sensor networks that support in-network processing at forwarding intermediate nodes. Other than hop-by-hop based encryption approaches, aggregator nodes can perform in-network processing on encrypted data. Since it is not required to decrypt the incoming ciphers before aggregating substantial advantages are i) neither keys nor plaintext is available at aggregating nodes, ii) the overall energy consumption of the backbone can be reduced, iii) the system is more flexible with respect to changing routes, and finally iv) the overall system security increases. We provide a qualitative comparison of available approaches, point out their strengths respectively weaknesses and investigate opportunities for further research.

PrePrint: Error Detection and Fault Tolerance in ECSM Using Input Randomization

For some applications, elliptic curve cryptography (ECC) is an attractive choice because it achieves the same level of security with a much smaller key size in comparison with other schemes such as those that are based on integer factorization or discrete logarithm. For security reasons, especially to provide resistance against fault-based attacks, it is very important to verify the correctness of computations in ECC applications. In this article, error-detecting and fault-tolerant elliptic curve cryptosystems are considered. Error detection may be a sufficient countermeasure for many security applications, however fault-tolerant characteristic enables a system to perform its normal operation in spite of faults. For the purpose of detecting errors due to faults, a number of schemes and hardware structures are presented based on re-computation or parallel computation. It is shown that these structures can be used for detecting errors with a very high probability during the computation of the elliptic curve scalar multiplication (ECSM). Additionally, we show that using parallel computation along with either PV or re-computation, it is possible to have fault-tolerant structures for the ECSM. If certain conditions are met, these schemes are more efficient than others such as the well-known triple modular redundancy.

PrePrint: Layered Approach using Conditional Random Fields for Intrusion Detection

Intrusion detection faces a number of challenges; the system must reliably detect malicious activities in a network and perform efficiently to cope with the large amount of network traffic. In this paper, we address these two issues of Accuracy and Efficiency using Conditional Random Fields and Layered Approach. We demonstrate that high attack detection accuracy can be achieved by using Conditional Random Fields and high efficiency by implementing the Layered Approach. Experimental results on the benchmark KDD'99 intrusion data set show that our proposed system based on Layered Conditional Random Fields outperforms other well known methods such as the decision trees and the naive Bayes. The improvement in attack detection accuracy is very high, particularly, for the U2R attacks (34.8% improvement) and the R2L attacks (34.5% improvement). Statistical Tests also demonstrate higher confidence in detection accuracy for our method. Finally, we show that our system is robust and is able to handle noisy data without compromising performance.

PrePrint: Secure Data Objects Replication in Data Grid

In this paper, we consider data partitioning and dynamic replication in data grids. More specifically, we investigate the problem of optimal allocation of secure data objects that are securely partitioned and replicated. The grid topology we consider consists of two layers. In the upper layer, multiple clusters form a network topology that can be represented by a general graph. The topology within each cluster is represented by a tree graph. We decompose the share replica allocation problem into two sub-problems, the Optimal Inter-cluster Resident Set Problem (OIRSP), that determines which clusters need share replicas, and the Optimal Intra-cluster Share Allocation Problem (OISAP), that determines the number of share replicas needed in a cluster and their placements. We develop two heuristic algorithms for the two sub-problems. Experimental studies show that the heuristic algorithms achieve good performance in reducing communication cost and are close to optimal solutions.

PrePrint: Reducing Soft Errors through Operand Width Aware Policies

Soft errors are an important challenge in contemporary microprocessors. Particle hits on the components of a processor are expected to create an increasing number of transient errors with each new microprocessor generation. In this paper we propose simple mechanisms that effectively reduce the vulnerability to soft errors in a processor. As a faster but less fault tolerant alternative to ECC and parity, we offer a variety of schemes that make use of narrow values and analyze their efficiency in reducing soft error vulnerability of different data-holding components of a processor. On average, techniques that make use of the narrowness of the values can provide 49% error detection, 45% error correction or 27% error avoidance coverage for single bit upsets in the first level data cache across all Spec2K. In other structures such as the immediate field of the issue queue, average error detection rate of 64% is achieved.

PrePrint: Flexible Rollback Recovery in Dynamic Heterogeneous Grid Computing

Large applications executing on Grid or cluster architectures consisting of hundreds or thousands of computational nodes create problems with respect to reliability. The source of the problems are node failures and the need for dynamic configuration over extensive run-time. This paper presents two fault-tolerance mechanisms called Theft Induced Checkpointing and Systematic Event Logging. These are transparent protocols capable of overcoming problems associated with both, benign faults, i.e., crash faults, and node or subnet volatility. Specifically, the protocols base the state of the execution on a dataflow graph, allowing for efficient recovery in dynamic heterogeneous systems as well as multi-threaded applications. By allowing recovery even under different numbers of processors, the approaches are especially suitable for applications with need for adaptive or reactionary configuration control. The low-cost protocols offer the capability of controlling or bounding the overhead. A formal cost model is presented, followed by an experimental evaluation. It is shown that the overhead of the protocol is very small and the maximum work lost by a crashed process is small and bounded.

PrePrint: A Top-Down Design Methodology for Ultra High-Performance Hashing Cores

Many cryptographic primitives that are used in cryptographic schemes and security protocols such as SET, PKI, IPSec and VPN's utilize hash functions which form a special family of cryptographic algorithms. Applications that use these security schemes are becoming very popular as time goes by and this means that some of these applications call for higher throughput either due to their rapid acceptance by the market or due to their nature. In this work a new methodology is presented for achieving high operating frequency and throughput for the implementations of all widely used and those expected to be used in the near future - hash functions such as MD-5, SHA-1, RIPEMD (all versions), SHA-256, SHA-384, and SHA-512 etc. In the proposed methodology five different techniques have been developed and combined with the finest way so as to achieve the maximum performance. Compared to conventional pipelined implementations of hash functions (in FPGAs), the proposed methodology can lead even to a 160% throughput increase.

PrePrint: JANUS: A Framework for Scalable and Secure Routing in Hybrid Wireless Networks

Hybrid networks consisting of cellular and Wi-Fi networks were proposed as a high-throughput architecture for cellular services. In such networks, devices equipped with cellular and Wi-Fi network cards access Internet services through the cellular base station. The Wi-Fi interface is used to provide better service to clients that are far away from the base station, via multihop, ad hoc paths. The modified trust model of hybrid networks generates a set of new security challenges as clients rely on intermediate nodes to participate effectively in the resource reservation process and data forwarding. In this paper we introduce JANUS, a framework for scalable, secure and efficient routing for hybrid cellular and Wi-Fi networks. JANUS uses a scalable routing algorithm with multiple channel access, for improved network throughput. In addition, it provides protection against selfish nodes through a secure crediting protocol and protection against malicious nodes through secure route establishment and data forwarding mechanisms. We evaluate JANUS experimentally and show that it significantly improves the network capabilities of wireless devices, while having a low computation and communication overhead. Moreover, we evaluate the security overhead of JANUS against two type of attacks: a less aggressive, but sufficient for some applications, model of selfish attackers, and purely malicious attacks.

PrePrint: A Puzzle-Based Defense Strategy Against Flooding attacks Using Game Theory

In recent years, a number of puzzle-based defense mechanisms have been proposed against flooding denial-of-service (DoS) attacks in networks. Nonetheless, these mechanisms have not been designed through formal approaches and thereby some important design issues such as effectiveness and optimality have remained unresolved. This paper utilizes game theory to propose a series of optimal puzzle-based strategies for handling increasingly sophisticated flooding attack scenarios. In doing so, the solution concept of Nash equilibrium is used in a prescriptive way, where the defender takes his part in the solution as an optimum defense against rational attackers. This study culminates in a strategy for handling distributed attacks from an unknown number of sources.

PrePrint: KTR: an Efficient Key Management Scheme For Secure Data Access Control in Wireless Broadcast Services

Wireless broadcast is an effective approach to disseminate data to a number of users. To provide secure access to data in wireless broadcast services, symmetric key-based encryption is used to ensure that only users who own the valid keys can decrypt the data. Regarding various subscriptions, an efficient key management to distribute and change keys is in great demand for access control in the broadcast system. In this paper, we propose an efficient key management scheme (namely KTR) to handle key distribution with regarding to complex subscription options and user activities. KTR has the following advantages. First, it supports all subscription activities in wireless broadcast services. Second, in KTR, a user only needs to hold one set of keys for all subscribed programs, instead of separate sets of keys for each program. Third, KTR identifies the minimum set of keys that must be changed to ensure broadcast security and minimize the rekey cost. Our simulations show that KTR can save about 45% of communication overhead in the broadcast channel and about 50% of decryption cost for each user, compared with logical key hierarchy based approaches.

PrePrint: Integrity Codes: Message Integrity Protection and Authentication Over Insecure Channels

Inspired by unidirectional error detecting codes that are used in situations where only one kind of bit errors are possible (e.g., it is possible to change a bit "0" into a bit "1", but not the contrary), we propose integrity codes (I-codes) for a radio communication channel, which enable integrity protection of messages exchanged between entities that do not hold any mutual authentication material (i.e. public keys or shared secret keys). The construction of I-codes enables a sender to encode any message such that if its integrity is violated in transmission over a radio channel, the receiver is able to detect it. In order to achieve this, we rely on the physical properties of the radio channel and on unidirectional error detecting codes. We analyze in detail the use of I-codes on a radio communication channel and we present their implementation on a wireless platform as a "proof of concept". We further introduce a novel concept called "authentication through presence", whose broad applications include broadcast authentication, key establishment and navigation signal protection. We perform a detailed analysis of the security of our coding scheme and we show that it is secure within a realistic attacker model.

PrePrint: The Design of a Generic Intrusion Tolerant Architecture for Web Servers

Nowadays, more and more information systems are connected to the Internet and offer Web interfaces to the general public or to a restricted set of users. Such openness makes them likely targets for intruders, and conventional protection techniques have been shown insufficient to prevent all intrusions in such open systems. This paper proposes a generic architecture to implement intrusion-tolerant Web servers. This architecture is based on redundancy and diversification principles, in order to increase the system resilience to attacks: usually, an attack targets a particular software, running on a particular platform, and fails on others. The architecture is composed of redundant proxies that mediate client requests to a redundant bank of diversified COTS\footnote{Commercial Off The Shelf.} application servers. The redundancy is deployed here to increase system availability and integrity. To improve performance, adaptive redundancy is applied: the redundancy level is selected according to the current alert level. The architecture can be used for static servers, i.e., for Web distribution of stable information (updated off-line), as well as for fully dynamic systems where information updates are executed immediately on an on-line database. The feasibility of this architecture has been demonstrated by implementing an example of a travel agency Web server.

PrePrint: A New Decision Diagram Based Method for Efficient Analysis on Multi-State Systems

Multistate systems can model many practical systems in a wide range of real applications. A distinct characteristic of these systems is that the systems and their components may assume more than two levels of performance (or states) varying from perfect operation to complete failure. The non-binary property of multistate systems and their components make the analysis of multistate systems difficult. This paper proposes a new decision diagram based method, called multistate multivalued decision diagrams (MMDD) for the analysis of multistate systems with multistate components. Examples show how the MMDD models are generated and evaluated to obtain the system state probabilities. The MMDD method is compared with the existing binary decision diagrams (BDD) based method. Empirical results show that the MMDD method can offer less computational complexity and simpler model evaluation algorithm than the BDD-based method.

PrePrint: Dynamic Verification of Memory Consistency in Cache-Coherent Multithreaded Computer Architectures

Multithreaded servers with cache-coherent shared memory are the dominant type of machines used to run critical network services and database management systems. To achieve the high availability required for these tasks, it is necessary to incorporate mechanisms for error detection and recovery. Correct operation of the memory system is defined by the memory consistency model. Errors can therefore be detected by checking if the observed memory system behavior deviates from the specified consistency model. Based on recent work, we design a framework for dynamic verification of memory consistency (DVMC). The framework consists of mechanisms to verify three invariants that are proven to guarantee that a specified memory consistency model is obeyed. We describe an implementation of the framework for the SPARCv9 architecture, and we experimentally evaluate its performance using full-system simulation of commercial workloads.

PrePrint: Dependability Evaluation with Dynamic Reliability Block Diagrams and Dynamic Fault Trees

Dependability evaluation is an important step in designing and analyzing (critical) systems. Introducing control and/or computing devices to automate processes increases the system complexity with an impact on the overall dependability. This occurs as a consequence of interferences and similar effects that can not be adequately managed through reliability block diagrams (RBD), fault trees (FT) and reliability graphs (RG), since the statistical independence assumption is not satisfied. Also more enhanced formalisms such as dynamic FT (DFT) might not be adequate to represent all the behavioral aspects of dynamic systems. To overcome these problems we developed a new formalism derived from RBD: the dynamic RBD (DRBD). DRBD exploit the concept of dependence as the building block to represent dynamic behaviors, allowing to compose the dependencies and adequately managing the arising conflicts by means of a priority algorithm. In this paper we explain how to use the DRBD notation by specifying a practical methodology. Starting from the system knowledge, the proposed methodology drives to the overall system reliability evaluation through the entire phases of modeling and analysis. An example taken from literature, consisting of a multiprocessor distributed computing system, is analyzed.

PrePrint: Modeling Soft Errors at Device and Logic Level for combinational circuits

Radiation induced soft errors in combinational logic is expected to become as important as directly induced errors on state elements. Consequently, it has become important to develop techniques to quickly and accurately predict soft error rates in combinational circuits. In this work, we present methodologies to model soft errors in both device and logic level. At the device level, a hierarchical methodology to model neutron induced soft errors is proposed. This model is used to create a transient current library which will be useful for circuit level soft error estimation. The library contains the transient current response to various different factors such as ion energies, operating voltage, substrate bias, angle and location of impact. At the logic level, we propose a new approach to estimating Soft Error Rate (SER) of logic circuits that attempts to capture electrical, logic and latch window masking concurrently. The average error of the SER estimates using our approach compared to the estimates obtained using circuit level simulations is 6.5% while providing an average speed up of 15000. We have demonstrated the scalability of our approach using designs from the ISCAS-85 benchmarks.

PrePrint: Towards Formal Verification of Role-Based Access Control Policies

Specifying and managing access control policies is a challenging problem. We propose to develop formal verification techniques for access control policies to improve the current state of the art of policy specification and management. In this paper, we formalize classes of security analysis problems in the context of Role-Based Access Control. We show that in general these problems are PSPACE-complete. We also study the factors that contribute to the computational complexity by considering a lattice of various subcases of the problem with different restrictions. We show that several subcases remain PSPACE-complete, several further restricted subcases are NP-complete, and identify two subcases that are solvable in polynomial time. We also discuss our experiences and findings from experimentations that use existing formal method tools, such as model checking and logic programming, for addressing these problems.

PrePrint: The Effectiveness of Checksums for Embedded Control Networks

Embedded control networks commonly use checksums to detect data transmission errors. However, design decisions about which checksum to use are difficult because of a lack of information about the relative effectiveness of available options. We study the error detection effectiveness of the following commonly used checksum computations: exclusive or (XOR), two's complement addition, one's complement addition, Fletcher checksum, Adler checksum, and cyclic redundancy codes (CRC). A study of error detection capabilities for random independent bit errors and burst errors reveals that XOR, two's complement addition, and Adler checksums are suboptimal for typical network use. Instead, one's complement addition should be used for networks willing to sacrifice error detection effectiveness to reduce compute cost, Fletcher checksum for networks looking for a balance of error detection and compute cost, and CRCs for networks willing to pay a higher compute cost for significantly improved error detection.

PrePrint: A Computationally Sound Mechanized Prover for Security Protocols

We present a new mechanized prover for secrecy properties of security protocols. In contrast to most previous provers, our tool does not rely on the Dolev-Yao model, but on the computational model. It produces proofs presented as sequences of games; these games are formalized in a probabilistic polynomial-time process calculus. Our tool provides a generic method for specifying security properties of the cryptographic primitives, which can handle shared-key and public-key encryption, signatures, message authentication codes, and hash functions. Our tool produces proofs valid for a number of sessions polynomial in the security parameter, in the presence of an active adversary. We have implemented our tool and tested it on a number of examples of protocols from the literature.