-
EC-CFI: Control-Flow Integrity via Code Encryption Counteracting Fault Attacks
Authors:
Pascal Nasahl,
Salmin Sultana,
Hans Liljestrand,
Karanvir Grewal,
Michael LeMay,
David M. Durham,
David Schrammel,
Stefan Mangard
Abstract:
Fault attacks enable adversaries to manipulate the control-flow of security-critical applications. By inducing targeted faults into the CPU, the software's call graph can be escaped and the control-flow can be redirected to arbitrary functions inside the program. To protect the control-flow from these attacks, dedicated fault control-flow integrity (CFI) countermeasures are commonly deployed. Howe…
▽ More
Fault attacks enable adversaries to manipulate the control-flow of security-critical applications. By inducing targeted faults into the CPU, the software's call graph can be escaped and the control-flow can be redirected to arbitrary functions inside the program. To protect the control-flow from these attacks, dedicated fault control-flow integrity (CFI) countermeasures are commonly deployed. However, these schemes either have high detection latencies or require intrusive hardware changes. In this paper, we present EC-CFI, a software-based cryptographically enforced CFI scheme with no detection latency utilizing hardware features of recent Intel platforms. Our EC-CFI prototype is designed to prevent an adversary from esca** the program's call graph using faults by encrypting each function with a different key before execution. At runtime, the instrumented program dynamically derives the decryption key, ensuring that the code only can be successfully decrypted when the program follows the intended call graph. To enable this level of protection on Intel commodity systems, we introduce extended page table (EPT) aliasing allowing us to achieve function-granular encryption by combing Intel's TME-MK and virtualization technology. We open-source our custom LLVM-based toolchain automatically protecting arbitrary programs with EC-CFI. Furthermore, we evaluate our EPT aliasing approach with the SPEC CPU2017 and Embench-IoT benchmarks and discuss and evaluate potential TME-MK hardware changes minimizing runtime overheads.
△ Less
Submitted 24 March, 2023; v1 submitted 31 January, 2023;
originally announced January 2023.
-
Generative Pre-Trained Transformer for Cardiac Abnormality Detection
Authors:
Pierre Louis Gaudilliere,
Halla Sigurthorsdottir,
Clémentine Aguet,
Jérôme Van Zaen,
Mathieu Lemay,
Ricard Delgado-Gonzalo
Abstract:
ECG heartbeat classification plays a vital role in diagnosis of cardiac arrhythmia. The goal of the Physionet/CinC 2021 challenge was to accurately classify clinical diagnosis based on 12, 6, 4, 3 or 2-lead ECG recordings in order to aid doctors in the diagnoses of different heart conditions. Transformers have had great success in the field of natural language processing in the past years. Our tea…
▽ More
ECG heartbeat classification plays a vital role in diagnosis of cardiac arrhythmia. The goal of the Physionet/CinC 2021 challenge was to accurately classify clinical diagnosis based on 12, 6, 4, 3 or 2-lead ECG recordings in order to aid doctors in the diagnoses of different heart conditions. Transformers have had great success in the field of natural language processing in the past years. Our team, CinCSEM, proposes to draw the parallel between text and periodic time series signals by viewing the repeated period as words and the whole signal as a sequence of such words. In this way, the attention mechanisms of the transformers can be applied to periodic time series signals. In our implementation, we follow the Transformer Encoder architecture, which combines several encoder layers followed by a dense layer with linear or sigmoid activation for generative pre-training or classification, respectively. The use case presented here is multi-label classification of heartbeat abnormalities of ECG recordings shared by the challenge. Our best entry, not exceeding the challenge's hardware limitations, achieved a score of 0.12, 0.07, 0.10, 0.10 and 0.07 on 12-lead, 6-lead, 4-lead, 3-lead and 2-lead test set respectively. Unfortunately, our team was unable to be ranked because of a missing pre-print.
△ Less
Submitted 7 October, 2021;
originally announced October 2021.
-
The Endokernel: Fast, Secure, and Programmable Subprocess Virtualization
Authors:
Bum** Im,
Fangfei Yang,
Chia-Che Tsai,
Michael LeMay,
Anjo Vahldiek-Oberwagner,
Nathan Dautenhahn
Abstract:
Commodity applications contain more and more combinations of interacting components (user, application, library, and system) and exhibit increasingly diverse tradeoffs between isolation, performance, and programmability. We argue that the challenge of future runtime isolation is best met by embracing the multi-principle nature of applications, rethinking process architecture for fast and extensibl…
▽ More
Commodity applications contain more and more combinations of interacting components (user, application, library, and system) and exhibit increasingly diverse tradeoffs between isolation, performance, and programmability. We argue that the challenge of future runtime isolation is best met by embracing the multi-principle nature of applications, rethinking process architecture for fast and extensible intra-process isolation. We present, the Endokernel, a new process model and security architecture that nests an extensible monitor into the standard process for building efficient least-authority abstractions. The Endokernel introduces a new virtual machine abstraction for representing subprocess authority, which is enforced by an efficient self-isolating monitor that maps the abstraction to system level objects (processes, threads, files, and signals). We show how the Endokernel can be used to develop specialized separation abstractions using an exokernel-like organization to provide virtual privilege rings, which we use to reorganize and secure NGINX. Our prototype, includes a new syscall monitor, the nexpoline, and explores the tradeoffs of implementing it with diverse mechanisms, including Intel Control Enhancement Technology. Overall, we believe sub-process isolation is a must and that the Endokernel exposes an essential set of abstractions for realizing this in a simple and feasible way.
△ Less
Submitted 10 August, 2021; v1 submitted 8 August, 2021;
originally announced August 2021.
-
Isolation Without Taxation: Near Zero Cost Transitions for SFI
Authors:
Matthew Kolosick,
Shravan Narayan,
Evan Johnson,
Conrad Watt,
Michael LeMay,
Deepak Garg,
Ranjit Jhala,
Deian Stefan
Abstract:
Software sandboxing or software-based fault isolation (SFI) is a lightweight approach to building secure systems out of untrusted components. Mozilla, for example, uses SFI to harden the Firefox browser by sandboxing third-party libraries, and companies like Fastly and Cloudflare use SFI to safely co-locate untrusted tenants on their edge clouds. While there have been significant efforts to optimi…
▽ More
Software sandboxing or software-based fault isolation (SFI) is a lightweight approach to building secure systems out of untrusted components. Mozilla, for example, uses SFI to harden the Firefox browser by sandboxing third-party libraries, and companies like Fastly and Cloudflare use SFI to safely co-locate untrusted tenants on their edge clouds. While there have been significant efforts to optimize and verify SFI enforcement, context switching in SFI systems remains largely unexplored: almost all SFI systems use \emph{heavyweight transitions} that are not only error-prone but incur significant performance overhead from saving, clearing, and restoring registers when context switching. We identify a set of \emph{zero-cost conditions} that characterize when sandboxed code has sufficient structured to guarantee security via lightweight \emph{zero-cost} transitions (simple function calls). We modify the Lucet Wasm compiler and its runtime to use zero-cost transitions, eliminating the undue performance tax on systems that rely on Lucet for sandboxing (e.g., we speed up image and font rendering in Firefox by up to 29.7\% and 10\% respectively). To remove the Lucet compiler and its correct implementation of the Wasm specification from the trusted computing base, we (1) develop a \emph{static binary verifier}, VeriZero, which (in seconds) checks that binaries produced by Lucet satisfy our zero-cost conditions, and (2) prove the soundness of VeriZero by develo** a logical relation that captures when a compiled Wasm function is semantically well-behaved with respect to our zero-cost conditions. Finally, we show that our model is useful beyond Wasm by describing a new, purpose-built SFI system, SegmentZero32, that uses x86 segmentation and LLVM with mostly off-the-shelf passes to enforce our zero-cost conditions; our prototype performs on-par with the state-of-the-art Native Client SFI system.
△ Less
Submitted 18 November, 2021; v1 submitted 30 April, 2021;
originally announced May 2021.
-
Cardiac Arrhythmia Detection from ECG with Convolutional Recurrent Neural Networks
Authors:
Jérôme Van Zaen,
Ricard Delgado-Gonzalo,
Damien Ferrario Mathieu Lemay
Abstract:
Except for a few specific types, cardiac arrhythmias are not immediately life-threatening. However, if not treated appropriately, they can cause serious complications. In particular, atrial fibrillation, which is characterized by fast and irregular heart beats, increases the risk of stroke. We propose three neural network architectures to detect abnormal rhythms from single-lead ECG signals. These…
▽ More
Except for a few specific types, cardiac arrhythmias are not immediately life-threatening. However, if not treated appropriately, they can cause serious complications. In particular, atrial fibrillation, which is characterized by fast and irregular heart beats, increases the risk of stroke. We propose three neural network architectures to detect abnormal rhythms from single-lead ECG signals. These architectures combine convolutional layers to extract high-level features pertinent for arrhythmia detection from sliding windows and recurrent layers to aggregate these features over signals of varying durations. We applied the neural networks to the dataset used for the challenge of Computing in Cardiology 2017 and a dataset built by joining three databases available on PhysioNet. Our architectures achieved an accuracy of 86.23% on the first dataset, similar to the winning entries of the challenge, and an accuracy of 92.02% on the second dataset.
△ Less
Submitted 7 October, 2020;
originally announced October 2020.
-
ECG Classification with a Convolutional Recurrent Neural Network
Authors:
Halla Sigurthorsdottir,
Jérôme Van Zaen,
Ricard Delgado-Gonzalo,
Mathieu Lemay
Abstract:
We developed a convolutional recurrent neural network to classify 12-lead ECG signals for the challenge of PhysioNet/ Computing in Cardiology 2020 as team Pink Irish Hat. The model combines convolutional and recurrent layers, takes sliding windows of ECG signals as input and yields the probability of each class as output. The convolutional part extracts features from each sliding window. The bi-di…
▽ More
We developed a convolutional recurrent neural network to classify 12-lead ECG signals for the challenge of PhysioNet/ Computing in Cardiology 2020 as team Pink Irish Hat. The model combines convolutional and recurrent layers, takes sliding windows of ECG signals as input and yields the probability of each class as output. The convolutional part extracts features from each sliding window. The bi-directional gated recurrent unit (GRU) layer and an attention layer aggregate these features from all windows into a single feature vector. Finally, a dense layer outputs class probabilities. The final decision is made using test time augmentation (TTA) and an optimized decision threshold. Several hyperparameters of our architecture were optimized, the most important of which turned out to be the choice of optimizer and the number of filters per convolutional layer. Our network achieved a challenge score of 0.511 on the hidden validation set and 0.167 on the full hidden test set, ranking us 23rd out of 41 in the official ranking.
△ Less
Submitted 6 October, 2020; v1 submitted 28 September, 2020;
originally announced September 2020.
-
Perseus: Characterizing Performance and Cost of Multi-Tenant Serving for CNN Models
Authors:
Matthew LeMay,
Shijian Li,
Tian Guo
Abstract:
Deep learning models are increasingly used for end-user applications, supporting both novel features such as facial recognition, and traditional features, e.g. web search. To accommodate high inference throughput, it is common to host a single pre-trained Convolutional Neural Network (CNN) in dedicated cloud-based servers with hardware accelerators such as Graphics Processing Units (GPUs). However…
▽ More
Deep learning models are increasingly used for end-user applications, supporting both novel features such as facial recognition, and traditional features, e.g. web search. To accommodate high inference throughput, it is common to host a single pre-trained Convolutional Neural Network (CNN) in dedicated cloud-based servers with hardware accelerators such as Graphics Processing Units (GPUs). However, GPUs can be orders of magnitude more expensive than traditional Central Processing Unit (CPU) servers. These resources could also be under-utilized facing dynamic workloads, which may result in inflated serving costs. One potential way to alleviate this problem is by allowing hosted models to share the underlying resources, which we refer to as multi-tenant inference serving. One of the key challenges is maximizing the resource efficiency for multi-tenant serving given hardware with diverse characteristics, models with unique response time Service Level Agreement (SLA), and dynamic inference workloads. In this paper, we present Perseus, a measurement framework that provides the basis for understanding the performance and cost trade-offs of multi-tenant model serving. We implemented Perseus in Python atop a popular cloud inference server called Nvidia TensorRT Inference Server. Leveraging Perseus, we evaluated the inference throughput and cost for serving various models and demonstrated that multi-tenant model serving led to up to 12% cost reduction.
△ Less
Submitted 30 March, 2020; v1 submitted 4 December, 2019;
originally announced December 2019.
-
Secure Stream Processing for Medical Data
Authors:
Carlos Segarra,
Enric Muntané,
Mathieu Lemay,
Valerio Schiavoni,
Ricard Delgado-Gonzalo
Abstract:
Medical data belongs to whom it produces it. In an increasing manner, this data is usually processed in unauthorized third-party clouds that should never have the opportunity to access it. Moreover, recent data protection regulations (e.g., GDPR) pave the way towards the development of privacy-preserving processing techniques. In this paper, we present a proof of concept of a streaming IoT archite…
▽ More
Medical data belongs to whom it produces it. In an increasing manner, this data is usually processed in unauthorized third-party clouds that should never have the opportunity to access it. Moreover, recent data protection regulations (e.g., GDPR) pave the way towards the development of privacy-preserving processing techniques. In this paper, we present a proof of concept of a streaming IoT architecture that securely processes cardiac data in the cloud combining trusted hardware and Spark. The additional security guarantees come with no changes to the application's code in the server. We tested the system with a database containing ECGs from wearable devices comprised of 8 healthy males performing a standarized range of in-lab physisical activities (e.g., run, walk, bike). We show that, when compared with standard Spark Streaming, the addition of privacy comes at the cost of doubling the execution time.
△ Less
Submitted 30 July, 2019; v1 submitted 29 July, 2019;
originally announced July 2019.
-
Classification of Cardiac Arrhythmias from Single Lead ECG with a Convolutional Recurrent Neural Network
Authors:
Jérôme Van Zaen,
Olivier Chételat,
Mathieu Lemay,
Enric M. Calvo,
Ricard Delgado-Gonzalo
Abstract:
While most heart arrhythmias are not immediately harmful, they can lead to severe complications. In particular, atrial fibrillation, the most common arrhythmia, is characterized by fast and irregular heart beats and increases the risk of suffering a stroke. To detect such abnormal heart conditions, we propose a system composed of two main parts: a smart vest with two cooperative sensors to collect…
▽ More
While most heart arrhythmias are not immediately harmful, they can lead to severe complications. In particular, atrial fibrillation, the most common arrhythmia, is characterized by fast and irregular heart beats and increases the risk of suffering a stroke. To detect such abnormal heart conditions, we propose a system composed of two main parts: a smart vest with two cooperative sensors to collect ECG data and a neural network architecture to classify heart rhythms. The smart vest uses two dry bi-electrodes to record a single lead ECG signal. The biopotential signal is then streamed via a gateway to the cloud where a neural network detects and classifies the heart arrhythmias. We selected an architecture that combines convolutional and recurrent layers. The convolutional layers extract relevant features from sliding windows of ECG and the recurrent layer aggregates them for a final softmax layer that performs the classification. Our neural network achieves an accuracy of 87.50% on the dataset of the challenge of Computing in Cardiology 2017.
△ Less
Submitted 25 June, 2019;
originally announced July 2019.
-
Using Trusted Execution Environments for Secure Stream Processing of Medical Data
Authors:
Carlos Segarra,
Ricard Delgado-Gonzalo,
Mathieu Lemay,
Pierre-Louis Aublin,
Peter Pietzuch,
Valerio Schiavoni
Abstract:
Processing sensitive data, such as those produced by body sensors, on third-party untrusted clouds is particularly challenging without compromising the privacy of the users generating it. Typically, these sensors generate large quantities of continuous data in a streaming fashion. Such vast amount of data must be processed efficiently and securely, even under strong adversarial models. The recent…
▽ More
Processing sensitive data, such as those produced by body sensors, on third-party untrusted clouds is particularly challenging without compromising the privacy of the users generating it. Typically, these sensors generate large quantities of continuous data in a streaming fashion. Such vast amount of data must be processed efficiently and securely, even under strong adversarial models. The recent introduction in the mass-market of consumer-grade processors with Trusted Execution Environments (TEEs), such as Intel SGX, paves the way to implement solutions that overcome less flexible approaches, such as those atop homomorphic encryption. We present a secure streaming processing system built on top of Intel SGX to showcase the viability of this approach with a system specifically fitted for medical data. We design and fully implement a prototype system that we evaluate with several realistic datasets. Our experimental results show that the proposed system achieves modest overhead compared to vanilla Spark while offering additional protection guarantees under powerful attackers and threat models.
△ Less
Submitted 17 June, 2019;
originally announced June 2019.
-
Query Completion Using Bandits for Engines Aggregation
Authors:
Audrey Durand,
Jean-Alexandre Beaumont,
Christian Gagne,
Michel Lemay,
Sebastien Paquet
Abstract:
Assisting users by suggesting completed queries as they type is a common feature of search systems known as query auto-completion. A query auto-completion engine may use prior signals and available information (e.g., user is anonymous, user has a history, user visited the site before the search or not, etc.) in order to improve its recommendations. There are many possible strategies for query auto…
▽ More
Assisting users by suggesting completed queries as they type is a common feature of search systems known as query auto-completion. A query auto-completion engine may use prior signals and available information (e.g., user is anonymous, user has a history, user visited the site before the search or not, etc.) in order to improve its recommendations. There are many possible strategies for query auto-completion and a challenge is to design one optimal engine that considers and uses all available information. When different strategies are used to produce the suggestions, it becomes hard to rank these heterogeneous suggestions. An alternative strategy could be to aggregate several engines in order to enhance the diversity of recommendations by combining the capacity of each engine to digest available information differently, while kee** the simplicity of each engine. The main objective of this research is therefore to find such mixture of query completion engines that would beat any engine taken alone. We tackle this problem under the bandits setting and evaluate four strategies to overcome this challenge. Experiments conducted on three real datasets show that a mixture of engines can outperform a single engine.
△ Less
Submitted 12 September, 2017;
originally announced September 2017.
-
Network-on-Chip Firewall: Countering Defective and Malicious System-on-Chip Hardware
Authors:
Michael LeMay,
Carl A. Gunter
Abstract:
Mobile devices are in roles where the integrity and confidentiality of their apps and data are of paramount importance. They usually contain a System-on-Chip (SoC), which integrates microprocessors and peripheral Intellectual Property (IP) connected by a Network-on-Chip (NoC). Malicious IP or software could compromise critical data. Some types of attacks can be blocked by controlling data transfer…
▽ More
Mobile devices are in roles where the integrity and confidentiality of their apps and data are of paramount importance. They usually contain a System-on-Chip (SoC), which integrates microprocessors and peripheral Intellectual Property (IP) connected by a Network-on-Chip (NoC). Malicious IP or software could compromise critical data. Some types of attacks can be blocked by controlling data transfers on the NoC using Memory Management Units (MMUs) and other access control mechanisms. However, commodity processors do not provide strong assurances regarding the correctness of such mechanisms, and it is challenging to verify that all access control mechanisms in the system are correctly configured. We propose a NoC Firewall (NoCF) that provides a single locus of control and is amenable to formal analysis. We demonstrate an initial analysis of its ability to resist malformed NoC commands, which we believe is the first effort to detect vulnerabilities that arise from NoC protocol violations perpetrated by erroneous or malicious IP.
△ Less
Submitted 16 January, 2017; v1 submitted 14 April, 2014;
originally announced April 2014.