Test access system, method and computer-accessible medium for chips with spare identical cores

February 16, 2016

Ozgur Sinanoglu

Exemplary system, method and computer-accessible medium for testing a multi-core chip can be provided which can have and/or utilize a plurality of identical cores. This can be performed by comparing each core with as many as at least the number of spare cores plus 1 using a comparator; the number of comparators can equal the total number of cores multiplied by one-half the number of spare cores plus 1.


A Comprehensive Design-for-Test Infrastructure in the Context of Security-Critical Applications

February 11, 2016

Samah Mohamed Saeed and Ozgur Sinanoglu

Testability is a perennial concern that requires ever-improved solutions; however, potentially resultant security vulnerabilities need to be considered as well. This article provides a compact look at a body of DfT work from lead practitioners in the field. The DfT strategies address predicting and data Potential impacts DfT controlling test volume and reducing power. of to security are considered, along with strategies for providing testability without sacrificing security.

System, Method And Computer-Accessible Medium For Facilitating Logic Encryption

February 4, 2016

Jeyavijayan Rajendran, Youngok Pino, Ozgur Sinanoglu, and Ramesh Karri

Exemplary systems, methods and computer-accessible mediums for encrypting at least one integrated circuit (IC) can include determining, using an interference graph, at least one location for a proposed insertion of at least one gate in or at the at least one IC, and inserting the gate(s) into the IC(s) at the location(s). The interference graph can be constructed based at least in part on an effect of the location(s) on at least one further location of the IC(s).

Thwarting location privacy protection in location‐based social discovery services

February 4, 2016

Minhui Xue, Yong Liu, Keith W. Ross, and Haifeng Qian

In this paper, we investigate the user location privacy leakage problem in LBSD services reporting distances in discrete bands. Using number theory, we analytically show that by strategically placing multiple virtual probes with fake Global Positioning System locations, one can nevertheless localize user locations in band-based LBSD.

System, Method and Computer-Accessible Medium for Providing Secure Split Manufacturing

February 4, 2016

Jeyavijayan Rajendran, Ozgur Sinanoglu, and Ramesh Karri 
Exemplary systems, methods and computer-accessible mediums can secure split manufacturing of an integrated circuit by modifying a previous location of at least one pin to a further location of the at least one pin based on a fault analysis procedure. A determination of the further location can include an iterative procedure that can be a greedy iterative procedure. The modification of the location of the at least one partition pin can be performed by swapping at least one further partition pin with the at least one partition pin.

Optimal De-Anonymization in Random Graphs with Community Structure

February 3, 2016

Efe Onaran, Siddharth Garg, and Elza Erkip

Anonymized social network graphs published for academic or advertisement purposes are subject to de-anonymization attacks by leveraging side information in the form of a second, public social network graph correlated with the anonymized graph. This is because the two are from the same underlying graph of true social relationships. In this paper, we (i) characterize the maximum a posteriori (MAP) estimates of user identities for the anonymized graph and (ii) provide sufficient conditions for successful de-anonymization for underlying graphs with community structure. Our results generalize prior work that assumed underlying graphs of Erd\H{o}s-R\’enyi type, in addition to proving the optimality of the attack strategy adopted in the prior work.

Adapting to Varying Distribution of Unknown Response Bits

January 28, 2016

Chandra K. H. Suresh, Ozgur Sinanoglu, and Sule Ozev

In this article, we present several adaptive strategies to enable adaptive unknown bit masking for faster-than-at-speed testing so as to ensure no yield loss while attaining the maximum test quality based on tester memory constraints. We also develop a tester-enabled compression scheme that helps alleviate memory constraints further, shifting the tradeoff space favorably to improve test quality.

Providing a fast, remote security service using hashlists of approved web objects

January 26, 2016

Justin Cappos, Nasir Memon, Sai Teja Peddinti, and Keith Ross

A security system and service, which improves the performance of SECaaS services, is described. A security server system tracks the content that has successfully passed through its security modules and distributes this information to the end user client devices as hashlist information. The remote client devices can then safely bypass the cloud for a significant fraction of Web object requests by using information on a locally stored hashlist to validate Web objects.

Bullet-Proof Credit Card Processing

January 25, 2016

Damon McCoy

In this talk, I will first describe the process of disrupting counterfeit credit card processing which involves placing a test purchase with an online counterfeit website to trace the merchant account accepting payments and then filing a complaint with the card holder association, such as Visa or MasterCard.

BRAIN: BehavioR Based Adaptive Intrusion Detection in Networks: Using Hardware Performance Counters to Detect DDoS Attacks

January 8, 2016

Vinayaka Jyothi, Xueyang Wang, Sateesh K. Addepalli, Ramesh Karri

This work proposes a host based DDoS detection framework called BRAIN: BehavioR based Adaptive Intrusion detection in Networks.

TransCloud: a distributed environment based on dynamic networking

January 6, 2016

Rick McGeer, Joe Mambretti, Paul Mueller, Chris Matthews, Chris Pearson, Yvonne Coady, Jim Chen, Fei Yeh, Andy Bavier, Marco Yuen, Jessica Blaine, Alvin AuYoung, Alex Snoeren, and Justin Cappos 

This general problem: large, heterogeneous data, spread over a distributed computing infrastructure with varying connectivity and no common administrative interface – is ubiquitous through the natural, social, and engineering sciences. We are designing and implementing a computing infrastructure which addresses the distributed data management and query problem, and deploy it in a live service.

Formal Security Verification of Third Party Intellectual Property Cores for Information Leakage

January 4, 2016

Jeyavijayan Rajendran, Arunshankar Muruga Dhandayuthapany, Vivekananda Vedula, and Ramesh Karri

Globalization of the system-on-chip (SoC) design flow has created opportunities for rogue intellectual property (IP) vendors to insert malicious circuits (a.k.a. hardware Trojans) into their IPs. We propose to formally verify third party IPs (3PIPs) for unauthorized information leakage. We validate our technique using Trojan benchmarks from the Trust-Hub.

Security Assessment of Cyberphysical Digital Microfluidic Biochips

December 17, 2015

Sk Subidh Ali, Mohamed Ibrahim, Ozgur Sinanoglu, Krishnendu Chakrabarty, and Ramesh Karri

A digital microfluidic biochip (DMFB) is an emerging technology that enables miniaturized analysis systems for point-of-care clinical diagnostics, DNA sequencing, and environmental monitoring. A DMFB reduces the rate of sample and reagent consumption, and automates the analysis of assays. In this paper, we provide the first assessment of the security vulnerabilities of DMFBs.

Repeatable Reverse Engineering with PANDA

December 8, 2015

Brendan Dolan-Gavitt, Josh Hodosh, Patrick Hulin, Tim Leek, and Ryan Whelan

We present PANDA, an open-source tool that has been purpose-built to support whole system reverse engineering. It is built upon the QEMU whole system emulator, and so analyses have access to all code executing in the guest and all data. PANDA adds the ability to record and replay executions, enabling iterative, deep, whole system analyses. Further, the replay log files are compact and shareable, allowing for repeatable experiments.

Volkswagen and the Real Insider Threat

November 2, 2015


Zachary K. Goldman, Ramesh Karri

Insider threats rightly occupy a significant portion of the public discussion (and private debate inside corporations and government agencies) about cybersecurity.

Fault Attacks on AES and Their Countermeasures

September 17, 2015

Subidh Ali, Xiaofei Guo, Ramesh Karri, and Debdeep Mukhopadhyay

Fault Attacks exploit malicious or accidental faults injected during the computation of a cryptographic algorithm. Combining the seminal idea by Boneh, DeMillo and Lipton with Differential Cryptanalysis, a new field of Differential Fault Attacks (DFA) has emerged. DFA has shown that several ciphers can be compromised if the faults can be suitably controlled. DFA is not restricted to old ciphers, but can be a powerful attack vector even for modern ciphers, like the Advanced Encryption Standard (AES).

Reusing Hardware Performance Counters to Detect and Identify Kernel Control-Flow Modifying Rootkits

August 28, 2015

Xueyang Wang and Ramesh Karri

Kernel rootkits are formidable threats to computer systems. They are stealthy and can have unrestricted access to system resources. This paper presents NumChecker, a new virtual machine (VM) monitor based framework to detect and identify control-flow modifying kernel rootkits in a guest VM. NumChecker detects and identifies malicious modifications to a system call in the guest VM by measuring the number of certain hardware events that occur during the system call’s execution. To automatically count these events, NumChecker leverages the hardware performance counters (HPCs), which exist in modern processors. By using HPCs, the checking cost is significantly reduced and the tamper-resistance is enhanced. We implement a prototype of NumChecker on Linux with the kernel-based VM. An HPC-based two-phase kernel rootkit detection and identification technique is presented and evaluated on a number of real-world kernel rootkits. The results demonstrate its practicality and effectiveness.

Differing outlooks impede Sino-US cooperation to enhance cybersecurity

August 3, 2015


Zachary K. Goldman and Jerome A. Cohen

China and the US both talk about “cybersecurity”, but mean different things. In Washington, cybersecurity is fundamentally about preventing unauthorised access to digital systems and, notwithstanding massive foreign hacking of US government databases, mainly focuses on protecting private-sector data  as well as critical infrastructure.