1,720,965 research outputs found
파이프라인 변환 회로를 포함하는 전자 회로
No full textAn electronic circuit includes a first converting circuit, an amplifying circuit, and a second converting circuit. The first converting circuit outputs a first residual voltage associated with converting an analog signal into a first digital signal and a second residual voltage generated based on the first residual voltage. The amplifying circuit generates a third residual voltage by amplifying the first residual voltage through an amplifying path during a first time duration and generates a fourth residual voltage by amplifying the second residual voltage through the amplifying path during a second time duration after the first time duration. The second converting circuit generates a second digital signal associated with the analog signal by performing an interpolation operation based on the third residual voltage and the fourth residual voltage
SuM: Efficient shadow stack protection on ARM Cortex-M
No full textSystem software written in unsafe languages such as C/C++ is susceptible to various types of security vulnerabilities. Historically, backward-edges such as return addresses have been an attractive target for control-flow hijacking attacks due to the severity and ease of exploitation. Although various backward-edge control-flow integrity schemes have been proposed over the years, most of them mainly focus on protecting desktop/server-class systems, leaving embedded systems unprotected. Even worse, bringing their defense mechanisms into resource-constrained embedded systems is undesirable because they were originally designed for high-end computing systems and thus are not directly applicable to embedded systems without compromising performance and real-time constraints. In this paper, we propose Shadow under the Mask (SUM), an efficient and robust backward-edge control flow protection that is applicable to ARM Cortex-M processors. Specifically, SUM realizes a non-bypassable shadow stack mechanism and safeguards its structural integrity in a novel combination of an MPU and FaultMask—an overlooked hardware feature in Cortex-M processors. To be more specific, SUM restricts all access to the shadow stack through MPU, ensuring its integrity; and temporarily disables its MPU protection through FaultMask during the execution of safe instructions, guaranteeing that only authorized instructions can modify the shadow stack. In our empirical evaluation, SUM incurs minimal runtime overhead of 2.77% and 2.63%, respectively, on the BEEBS and CoreMark benchmark suites. These results underscore the viability of our proposed approach as a practical and potent solution to address the highlighted cybersecurity challenge.
HELIOS: Hardware-assisted High-performance Security Extension for Cloud Networking
No full textWith the increasing adoption of containerization in cloud services, container networking has become a critical concern, as it enables the agile deployment of microservices but also introduces new vulnerabilities susceptible to network attacks, posing a threat to container environments. While several security solutions have been introduced to address this concern, they unfortunately exhibit significant shortcomings, including security vulnerabilities and limited performance. We thus propose Helios, a novel hardware-based network security extension that addresses the security and performance limitations in existing solutions. Leveraging a smartNIC, Helios enhances both the security and performance facets of container networking through two key mechanisms: (i) the establishment of physically isolated container communication channels and (ii) the network security engines fully offloaded to the smartNIC. Our evaluation shows that Helios mitigates various network threats initiated from both container- and host-side while performing up to 3x faster than the existing solutions in container communication
gShock: A GNN-Based Fingerprinting System for Permissioned Blockchain Networks Over Encrypted Channels
No full textBlockchain technology has ushered in a transformative paradigm of decentralized and transparent systems, offering innovative solutions across diverse sectors. While these systems strive for unparalleled transparency and trustlessness in a fully distributed framework, permissionless blockchains, such as Bitcoin and Ethereum, encounter vulnerabilities due to their intrinsically public nature. Addressing these vulnerabilities, the emergence of permissioned blockchains presents a fortified alternative, incorporating rigorous access controls and authentication protocols to ensure participation exclusivity and transaction confidentiality. Nevertheless, a keen observation reveals that, despite encryption, the operational traffic within these blockchains manifests distinct time-series patterns and operational relations during sensitive data exchanges. Such patterns hold the potential to inadvertently expose critical details about the network, encompassing its topology and the operational dependencies among nodes. In light of this revelation, we introduce a pioneering blockchain fingerprinting mechanism, denoted as gShock. This system meticulously analyzes periodic patterns and the context of operational relations from the collected blockchain network traffic. It employs a Graph Neural Network (GNN)-based model, adept at capturing the intricate characteristics innate to specialized blockchain operations. Through empirical experiments conducted in a realistic permissioned blockchain environment, comprising various nodes, we ascertain that gShock demonstrates a remarkable proficiency in classifying blockchain operational traffic with an F1-score of >= 96 % and identifying individual dependencies with a macro F1-score of >= 93 %.
MUFLLER: Secure Tor Traffic Obfuscation with Dynamic Connection Shuffling and Distributing
No full textHyperion: Hardware-Based High-Performance and Secure System for Container Networks
No full textContainers have become the predominant virtualization technique for deploying microservices in cloud environments. However, container networking, critical for microservice functionality, often introduces significant overhead and resource consumption, potentially degrading the performance of microservices. This challenge arises from the complexity of the software-based network data plane, responsible for network virtualization and access control within container traffic. To tackle this challenge, we propose Hyperion, a novel hardware-based container networking system that prioritizes high performance and security. Leveraging smartNICs, commonly found in cloud environments, Hyperion implements a fully-functional container network data plane, encompassing network virtualization and access control. It also has the capability to dynamically optimize its data plane for agile responses to frequent changes in container environments, ensuring up-to-date data plane operation. This hardware-based design empowers Hyperion to significantly improve the overall container networking performance without relying on the host system resources. Notably, Hyperion seamlessly integrates with existing containerized applications without necessitating modifications. Our evaluation shows that compared to state-of-the-art solutions, Hyperion achieves significant improvements in HTTP container communication latency and throughput by up to 2.25x and 4.3x, respectively. Furthermore, it reduces CPU utilization associated with container networking by up to 4x.
HardMesh: Enabling High-performance Service Mesh Ingress Processing with SmartNICs
No full textService meshes have become essential for enabling microservices in cloud environments; however, they also introduce substantial network overhead. In particular, the ingress gateway, which serves as the primary entry point for external traffic, has emerged as a major performance bottleneck due to CPU-intensive traffic analysis and prolonged forwarding paths through multiple network stack layers. Our analysis indicates that these inefficiencies can result in a 4-fold reduction in network throughput and increased CPU resource consumption. In response, we propose HardMesh, a hardware-software hybrid ingress gateway that leverages a SmartNIC for high-performance traffic analysis and efficient traffic routing. This process is augmented by a lightweight CPU-based proxy for traffic management. Evaluations show that HardMesh outperforms existing ingress gateways, achieving up to 4.4× higher throughput while providing the same range of traffic management services
PASSREFINDER-FL: Privacy-preserving credential stuffing risk prediction via graph-based federated learning for representing password reuse between websites
No full textCredential stuffing attacks have caused significant harm to online users who frequently reuse passwords across multiple websites. While prior research has attempted to detect users with reused passwords or identify malicious login attempts, existing methods often compromise usability by restricting password creation or website access, and their reliance on complex account-sharing mechanisms hinders real-world deployment. To address these limitations, we propose PASSREFINDER-FL, a novel framework that predicts credential stuffing risks across web-sites. We introduce the concept of password reuse relations-defined as the likelihood of users reusing passwords between websites-and represent them as edges in a website graph. Using graph neural networks (GNNs), we perform a link prediction task to assess credential reuse risk between sites. Our approach scales to a large number of arbitrary websites by incorporating public website information and linking newly observed websites as nodes in the graph. To preserve user privacy, we extend PASSREFINDER-FL with a federated learning (FL) approach that eliminates the need to share user sensitive information across administrators. Evaluation on a real-world dataset of 360 million breached accounts from 22,378 websites shows that PASSREFINDER-FL achieves an F1-score of 0.9153 in the FL setting. We further validate that our FL-based GNN achieves a 4-11 % performance improvement over other state-of-the-art GNN models through an ablation study. Finally, we demonstrate that the predicted results can be used to quantify password reuse likelihood as actionable risk scores. Our implementation is available at https://github.com/jaehanwork/PassREfinder-FL.
Going Beyond Counting First Authors in Author Co-citation Analysis
Full text linkThe present study examines one of the fundamental aspects of author co-citation analysis (ACA) - the way co-citation
counts are defined. Co-citation counting provides the data on which all subsequent statistical analyses and mappings
are based, and we compare ACA results based on two different types of co-citation counting - the traditional type that
only counts the first one among a cited work's authors on the one hand and a non-traditional type that takes into
account the first 5 authors of a cited work on the other hand. Results indicate that the picture produced through this non-traditional author co-citation counting contains more coherent author groups and is therefore considerably clearer. However, this picture represents fewer specialties in the research field being studied than that produced through the traditional first-author co-citation counting when the same number of top-ranked authors is selected and analyzed. Reasons for these effects are discussed
- …
