-
Runtime Verification for Trustworthy Computing
Authors:
Robert Abela,
Christian Colombo,
Axel Curmi,
Mattea Fenech,
Mark Vella,
Angelo Ferrando
Abstract:
Autonomous and robotic systems are increasingly being trusted with sensitive activities with potentially serious consequences if that trust is broken. Runtime verification techniques present a natural source of inspiration for monitoring and enforcing the desirable properties of the communication protocols in place, providing a formal basis and ways to limit intrusiveness. A recently proposed app…
▽ More
Autonomous and robotic systems are increasingly being trusted with sensitive activities with potentially serious consequences if that trust is broken. Runtime verification techniques present a natural source of inspiration for monitoring and enforcing the desirable properties of the communication protocols in place, providing a formal basis and ways to limit intrusiveness. A recently proposed approach, RV-TEE, shows how runtime verification can enhance the level of trust to the Rich Execution Environment (REE), consequently adding a further layer of protection around the Trusted Execution Environment (TEE).
By reflecting on the implication of deploying RV in the context of trustworthy computing, we propose practical solutions to two threat models for the RV-TEE monitoring process: one where the adversary has gained access to the system without elevated privileges, and another where the adversary gains all privileges to the host system but fails to steal secrets from the TEE.
△ Less
Submitted 3 October, 2023;
originally announced October 2023.
-
Morphology-preserving Autoregressive 3D Generative Modelling of the Brain
Authors:
Petru-Daniel Tudosiu,
Walter Hugo Lopez Pinaya,
Mark S. Graham,
Pedro Borges,
Virginia Fernandez,
Dai Yang,
Jeremy Appleyard,
Guido Novati,
Disha Mehra,
Mike Vella,
Parashkev Nachev,
Sebastien Ourselin,
Jorge Cardoso
Abstract:
Human anatomy, morphology, and associated diseases can be studied using medical imaging data. However, access to medical imaging data is restricted by governance and privacy concerns, data ownership, and the cost of acquisition, thus limiting our ability to understand the human body. A possible solution to this issue is the creation of a model able to learn and then generate synthetic images of th…
▽ More
Human anatomy, morphology, and associated diseases can be studied using medical imaging data. However, access to medical imaging data is restricted by governance and privacy concerns, data ownership, and the cost of acquisition, thus limiting our ability to understand the human body. A possible solution to this issue is the creation of a model able to learn and then generate synthetic images of the human body conditioned on specific characteristics of relevance (e.g., age, sex, and disease status). Deep generative models, in the form of neural networks, have been recently used to create synthetic 2D images of natural scenes. Still, the ability to produce high-resolution 3D volumetric imaging data with correct anatomical morphology has been hampered by data scarcity and algorithmic and computational limitations. This work proposes a generative model that can be scaled to produce anatomically correct, high-resolution, and realistic images of the human brain, with the necessary quality to allow further downstream analyses. The ability to generate a potentially unlimited amount of data not only enables large-scale studies of human anatomy and pathology without jeopardizing patient privacy, but also significantly advances research in the field of anomaly detection, modality synthesis, learning under limited data, and fair and ethical AI. Code and trained models are available at: https://github.com/AmigoLab/SynthAnatomy.
△ Less
Submitted 7 September, 2022;
originally announced September 2022.
-
Individual and Team Trust Preferences for Robotic Swarm Behaviors
Authors:
Elena M Vella,
Daniel A Williams,
Airlie Chapman,
Chris Manzie
Abstract:
Trust between humans and multi-agent robotic swarms may be analyzed using human preferences. These preferences are expressed by an individual as a sequence of ordered comparisons between pairs of swarm behaviors. An individual's preference graph can be formed from this sequence. In addition, swarm behaviors may be mapped to a feature vector space. We formulate a linear optimization problem to loca…
▽ More
Trust between humans and multi-agent robotic swarms may be analyzed using human preferences. These preferences are expressed by an individual as a sequence of ordered comparisons between pairs of swarm behaviors. An individual's preference graph can be formed from this sequence. In addition, swarm behaviors may be mapped to a feature vector space. We formulate a linear optimization problem to locate a trusted behavior in the feature space. Extending to human teams, we define a novel distinctiveness metric using a sparse optimization formulation to cluster similar individuals from a collection of individuals' labeled pairwise preferences. The case of anonymized unlabeled pairwise preferences is also examined to find the average trusted behavior and minimum covariance bound, providing insights into group cohesion. A user study was conducted, with results suggesting that individuals with similar trust profiles can be clustered to facilitate human-swarm teaming.
△ Less
Submitted 27 March, 2022;
originally announced March 2022.
-
Casting exploit analysis as a Weird Machine reconstruction problem
Authors:
Robert Abela,
Mark Vella
Abstract:
Exploits constitute malware in the form of application inputs. They take advantage of security vulnerabilities inside programs in order to yield execution control to attackers. The root cause of successful exploitation lies in emergent functionality introduced when programs are compiled and loaded in memory for execution, called `Weird Machines' (WMs). Essentially WMs are unexpected virtual machin…
▽ More
Exploits constitute malware in the form of application inputs. They take advantage of security vulnerabilities inside programs in order to yield execution control to attackers. The root cause of successful exploitation lies in emergent functionality introduced when programs are compiled and loaded in memory for execution, called `Weird Machines' (WMs). Essentially WMs are unexpected virtual machines that execute attackers' bytecode, complicating malware analysis whenever the bytecode set is unknown. We take the direction that WM bytecode is best understood at the level of the process memory layout attained by exploit execution. Each step building towards this memory layout comprises an exploit primitive, an exploit's basic building block. This work presents a WM reconstruction algorithm that works by identifying pre-defined exploit primitive-related behaviour during the dynamic analysis of target binaries, associating it with the responsible exploit segment - the WM bytecode. In this manner any analyst familiar with exploit programming will immediately recognise the reconstructed WM bytecode's semantics. This work is a first attempt at studying the feasibility of this method and focuses on web browsers when targeted by JavaScript exploits.
△ Less
Submitted 27 September, 2021;
originally announced September 2021.
-
Enhanced Hyperspectral Image Super-Resolution via RGB Fusion and TV-TV Minimization
Authors:
Marija Vella,
Bowen Zhang,
Wei Chen,
João F. C. Mota
Abstract:
Hyperspectral (HS) images contain detailed spectral information that has proven crucial in applications like remote sensing, surveillance, and astronomy. However, because of hardware limitations of HS cameras, the captured images have low spatial resolution. To improve them, the low-resolution hyperspectral images are fused with conventional high-resolution RGB images via a technique known as fusi…
▽ More
Hyperspectral (HS) images contain detailed spectral information that has proven crucial in applications like remote sensing, surveillance, and astronomy. However, because of hardware limitations of HS cameras, the captured images have low spatial resolution. To improve them, the low-resolution hyperspectral images are fused with conventional high-resolution RGB images via a technique known as fusion based HS image super-resolution. Currently, the best performance in this task is achieved by deep learning (DL) methods. Such methods, however, cannot guarantee that the input measurements are satisfied in the recovered image, since the learned parameters by the network are applied to every test image. Conversely, model-based algorithms can typically guarantee such measurement consistency. Inspired by these observations, we propose a framework that integrates learning and model based methods. Experimental results show that our method produces images of superior spatial and spectral resolution compared to the current leading methods, whether model- or DL-based.
△ Less
Submitted 13 June, 2021;
originally announced June 2021.
-
Responding to Living-Off-the-Land Tactics using Just-in-Time Memory Forensics (JIT-MF) for Android
Authors:
Jennifer Bellizzi,
Mark Vella,
Christian Colombo,
Julio Hernandez-Castro
Abstract:
Digital investigations of stealthy attacks on Android devices pose particular challenges to incident responders. Whereas consequential late detection demands accurate and comprehensive forensic timelines to reconstruct all malicious activities, reduced forensic footprints with minimal malware involvement, such as when Living-Off-the-Land (LOtL) tactics are adopted, leave investigators little evide…
▽ More
Digital investigations of stealthy attacks on Android devices pose particular challenges to incident responders. Whereas consequential late detection demands accurate and comprehensive forensic timelines to reconstruct all malicious activities, reduced forensic footprints with minimal malware involvement, such as when Living-Off-the-Land (LOtL) tactics are adopted, leave investigators little evidence to work with. Volatile memory forensics can be an effective approach since app execution of any form is always bound to leave a trail of evidence in memory, even if perhaps ephemeral. Just-in-Time Memory Forensics (JIT-MF) is a recently proposed technique that describes a framework to process memory forensics on existing stock Android devices, without compromising their security by requiring them to be rooted. Within this framework, JIT-MF drivers are designed to promptly dump in-memory evidence related to app usage or misuse. In this work, we primarily introduce a conceptualized presentation of JIT-MF drivers. Subsequently, through a series of case studies involving the hijacking of widely-used messaging apps, we show that when the target apps are forensically enhanced with JIT-MF drivers, investigators can generate richer forensic timelines to support their investigation, which are on average 26% closer to ground truth.
△ Less
Submitted 12 May, 2021;
originally announced May 2021.
-
EtherClue: Digital investigation of attacks on Ethereum smart contracts
Authors:
Simon Joseph Aquilina,
Fran Casino,
Mark Vella,
Joshua Ellul,
Constantinos Patsakis
Abstract:
Programming errors in Ethereum smart contracts can result in catastrophic financial losses from stolen cryptocurrency. While vulnerability detectors can prevent vulnerable contracts from being deployed, this does not mean that such contracts will not be deployed. Once a vulnerable contract is instantiated on the blockchain and becomes the target of attacks, the identification of exploit transactio…
▽ More
Programming errors in Ethereum smart contracts can result in catastrophic financial losses from stolen cryptocurrency. While vulnerability detectors can prevent vulnerable contracts from being deployed, this does not mean that such contracts will not be deployed. Once a vulnerable contract is instantiated on the blockchain and becomes the target of attacks, the identification of exploit transactions becomes indispensable in assessing whether it has been actually exploited and identifying which malicious or subverted accounts were involved.
In this work, we study the problem of post-factum investigation of Ethereum attacks using Indicators of Compromise (IoCs) specially crafted for use in the blockchain. IoC definitions need to capture the side-effects of successful exploitation in the context of the Ethereum blockchain. Therefore, we define a model for smart contract execution, comprising multiple abstraction levels that mirror the multiple views of code execution on a blockchain. Subsequently, we compare IoCs defined across the different levels in terms of their effectiveness and practicality through EtherClue, a prototype tool for investigating Ethereum security incidents. Our results illustrate that coarse-grained IoCs defined over blocks of transactions can detect exploit transactions with less computation; however, they are contract-specific and suffer from false negatives. On the other hand, fine-grained IoCs defined over virtual machine instructions can avoid these pitfalls at the expense of increased computation which are nevertheless applicable for practical use.
△ Less
Submitted 2 September, 2021; v1 submitted 12 April, 2021;
originally announced April 2021.
-
SpotCheck: On-Device Anomaly Detection for Android
Authors:
Mark Vella,
Christian Colombo
Abstract:
In recent years the PC has been replaced by mobile devices for many security sensitive operations, both from a privacy and a financial standpoint. While security mechanisms are deployed at various levels, these are frequently put under strain by previously unseen malware. An additional protection layer capable of novelty detection is therefore needed. In this work we propose SpotCheck, an anomaly…
▽ More
In recent years the PC has been replaced by mobile devices for many security sensitive operations, both from a privacy and a financial standpoint. While security mechanisms are deployed at various levels, these are frequently put under strain by previously unseen malware. An additional protection layer capable of novelty detection is therefore needed. In this work we propose SpotCheck, an anomaly detector intended to run on Android devices. It samples app executions and submits suspicious apps to more thorough processing by malware sandboxes. We compare Kernel Principal Component Analysis (KPCA) and Variational Autoencoders (VAE) on app execution representations based on the well-known system call traces, as well as a novel approach based on memory dumps. Results show that when using VAE, SpotCheck attains a level of effectiveness comparable to what has been previously achieved for network anomaly detection. Interestingly this is also true for the memory dump approach, relinquishing the need for continuous app monitoring.
△ Less
Submitted 25 February, 2021; v1 submitted 23 February, 2021;
originally announced February 2021.
-
Overcoming Measurement Inconsistency in Deep Learning for Linear Inverse Problems: Applications in Medical Imaging
Authors:
Marija Vella,
João F. C. Mota
Abstract:
The remarkable performance of deep neural networks (DNNs) currently makes them the method of choice for solving linear inverse problems. They have been applied to super-resolve and restore images, as well as to reconstruct MR and CT images. In these applications, DNNs invert a forward operator by finding, via training data, a map between the measurements and the input images. It is then expected t…
▽ More
The remarkable performance of deep neural networks (DNNs) currently makes them the method of choice for solving linear inverse problems. They have been applied to super-resolve and restore images, as well as to reconstruct MR and CT images. In these applications, DNNs invert a forward operator by finding, via training data, a map between the measurements and the input images. It is then expected that the map is still valid for the test data. This framework, however, introduces measurement inconsistency during testing. We show that such inconsistency, which can be critical in domains like medical imaging or defense, is intimately related to the generalization error. We then propose a framework that post-processes the output of DNNs with an optimization algorithm that enforces measurement consistency. Experiments on MR images show that enforcing measurement consistency via our method can lead to large gains in reconstruction performance.
△ Less
Submitted 31 May, 2021; v1 submitted 29 November, 2020;
originally announced November 2020.
-
Robust Single-Image Super-Resolution via CNNs and TV-TV Minimization
Authors:
Marija Vella,
João F. C. Mota
Abstract:
Single-image super-resolution is the process of increasing the resolution of an image, obtaining a high-resolution (HR) image from a low-resolution (LR) one. By leveraging large training datasets, convolutional neural networks (CNNs) currently achieve the state-of-the-art performance in this task. Yet, during testing/deployment, they fail to enforce consistency between the HR and LR images: if we…
▽ More
Single-image super-resolution is the process of increasing the resolution of an image, obtaining a high-resolution (HR) image from a low-resolution (LR) one. By leveraging large training datasets, convolutional neural networks (CNNs) currently achieve the state-of-the-art performance in this task. Yet, during testing/deployment, they fail to enforce consistency between the HR and LR images: if we downsample the output HR image, it never matches its LR input. Based on this observation, we propose to post-process the CNN outputs with an optimization problem that we call TV-TV minimization, which enforces consistency. As our extensive experiments show, such post-processing not only improves the quality of the images, in terms of PSNR and SSIM, but also makes the super-resolution task robust to operator mismatch, i.e., when the true downsampling operator is different from the one used to create the training dataset.
△ Less
Submitted 2 April, 2020;
originally announced April 2020.
-
Single Image Super-Resolution via CNN Architectures and TV-TV Minimization
Authors:
Marija Vella,
João F. C. Mota
Abstract:
Super-resolution (SR) is a technique that allows increasing the resolution of a given image. Having applications in many areas, from medical imaging to consumer electronics, several SR methods have been proposed. Currently, the best performing methods are based on convolutional neural networks (CNNs) and require extensive datasets for training. However, at test time, they fail to impose consistenc…
▽ More
Super-resolution (SR) is a technique that allows increasing the resolution of a given image. Having applications in many areas, from medical imaging to consumer electronics, several SR methods have been proposed. Currently, the best performing methods are based on convolutional neural networks (CNNs) and require extensive datasets for training. However, at test time, they fail to impose consistency between the super-resolved image and the given low-resolution image, a property that classic reconstruction-based algorithms naturally enforce in spite of having poorer performance. Motivated by this observation, we propose a new framework that joins both approaches and produces images with superior quality than any of the prior methods. Although our framework requires additional computation, our experiments on Set5, Set14, and BSD100 show that it systematically produces images with better peak signal to noise ratio (PSNR) and structural similarity (SSIM) than the current state-of-the-art CNN architectures for SR.
△ Less
Submitted 27 November, 2019; v1 submitted 11 July, 2019;
originally announced July 2019.
-
The DARHT Phase 2 Linac
Authors:
HL Rutkowski,
LL Reginato,
WL Waldron,
KP Chow,
MC Vella,
WM Fawley,
R Briggs,
S Nelson,
Z Wolf,
D Birx
Abstract:
The second phase accelerator for the Dual Axis Hydrodynamic Test facility (DARHT) is designed to provide an electron beam pulse that is 2 microsec long, 2kA, and 20 MeV in particle energy. The injector provides 3.2 MeV so that the linac need only provide 16.8 MeV. The linac is made with two types of induction accelerator cells. The first block of 8 cells have a 14 in. beam pipe compared to 10 in…
▽ More
The second phase accelerator for the Dual Axis Hydrodynamic Test facility (DARHT) is designed to provide an electron beam pulse that is 2 microsec long, 2kA, and 20 MeV in particle energy. The injector provides 3.2 MeV so that the linac need only provide 16.8 MeV. The linac is made with two types of induction accelerator cells. The first block of 8 cells have a 14 in. beam pipe compared to 10 in. in the remaining 80 cells. The other principal difference is that the first 8 cells have reduced volt-sec in their induction cores as a result of a larger diameter beam pipe. The cells are designed for very reliable high voltage operation. The insulator is Mycalex. Results from prototype tests are given including results from solenoid measurements. Each cell contains a solenoid for beam transport and a set of x-y correction coils to reduce corkscrew motion. Details of tests to determine RF mode impedances relevant to BBU generation are given. Blocks of cells are separated by "intercells" some of which contain transport solenoids. The intercells provide vacuum pum** stations as well. Issues of alignment and installation are discussed.
△ Less
Submitted 18 August, 2000;
originally announced August 2000.
-
RF Cell Modeling and Experiments for Wakefield Minimization in DARHT-II
Authors:
Scott D. Nelson,
Michael Vella
Abstract:
Electron beams of linear induction accelerators experience deflective forces caused by RF fields building up as a result of accelerating cavities of finite size. These forces can significantly effect the beam when a long linac composed of identical cells is assembled. Recent techniques in computational modeling, simulation, and experiments for 20 MeV DARHT-II (Dual Axis Radiographic Hydrodynamic…
▽ More
Electron beams of linear induction accelerators experience deflective forces caused by RF fields building up as a result of accelerating cavities of finite size. These forces can significantly effect the beam when a long linac composed of identical cells is assembled. Recent techniques in computational modeling, simulation, and experiments for 20 MeV DARHT-II (Dual Axis Radiographic Hydrodynamic Test) accelerator cells were found to reduce the wakefield impedance of the cells from 800 ohms/meter to 350 ohms/meter and experimental results confirm the results of the modeling efforts. Increased performance of the cell was obtained through a parametric study of the accelerator structure, materials, material tuning, and geometry. As a result of this effort, it was found that thickness-tuned ferrite produced a 50% deduction in the wakefield impedance in the low frequency band and was easily tunable based on the material thickness. It was also found that shaped metal sections allow for high-Q resonances to be de-tuned, thus decreasing the amplitude of the resonance and increasing the cell s performance. For the geometries used for this cell, a roughly 45 degree angle had the best performance in affecting the wakefield modes.
△ Less
Submitted 21 August, 2000; v1 submitted 16 August, 2000;
originally announced August 2000.