<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Conference on Pascal Cotret</title><link>https://pcotret.gitlab.io/pubtypes/conference/</link><description>Recent content in Conference on Pascal Cotret</description><generator>Hugo</generator><language>en</language><lastBuildDate>Mon, 01 Jul 2024 00:00:00 +0000</lastBuildDate><atom:link href="https://pcotret.gitlab.io/pubtypes/conference/index.xml" rel="self" type="application/rss+xml"/><item><title>A Fine-Grained Dynamic Partitioning Against Cache-Based Timing Attacks via Cache Locking</title><link>https://pcotret.gitlab.io/publications/2024-gaudin-isvlsi/</link><pubDate>Mon, 01 Jul 2024 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2024-gaudin-isvlsi/</guid><description>&lt;p&gt;Cache-based timing side-channel attacks are prevalent and correspond to a security threat for both high-end and embedded processors. In this paper, we propose and implement a fine-grained dynamic partitioning countermeasure relying on a hardware-software collaboration. The proposed approach extends the RISC-V Instruction Set Architecture (ISA) with lock and unlock instructions to allow a program to explicitly lock cache lines in the data cache memory, ensuring constant-time accesses. Experimental results show that the proposed solution defeats contention-based cache side-channel attacks such as Prime+probe and leads to a low area overhead (&amp;lt;3%), a low impact on binary code size (&amp;lt;0.3 %) and a low impact on miss rate (&amp;lt;2%).&lt;/p&gt;</description></item><item><title>On The Effect of Replacement Policies on The Security of Randomized Cache Architectures</title><link>https://pcotret.gitlab.io/publications/2024-gaudin-asiaccs/</link><pubDate>Mon, 01 Jul 2024 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2024-gaudin-asiaccs/</guid><description>&lt;p&gt;Randomizing the mapping of addresses to cache entries has proven to be an effective technique for hardening caches against contention-based attacks like Prime+Prome. While attacks and defenses are still evolving, it is clear that randomized caches significantly increase the security against such attacks. However, one aspect that is missing from most analyses of randomized cache architectures is the choice of the replacement policy. Often, only the random- and LRU replacement policies are investigated. However, LRU is not applicable to randomized caches due to its immense hardware overhead, while the random replacement policy is not ideal from a performance and security perspective.&lt;/p&gt;</description></item><item><title>Gigue: A JIT Code Binary Generator for Hardware Testing</title><link>https://pcotret.gitlab.io/publications/2023-ducasse-vmil/</link><pubDate>Mon, 23 Oct 2023 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2023-ducasse-vmil/</guid><description>&lt;p&gt;Just-in-time compilers are the main virtual machine components responsible for performance. They recompile frequently used source code to machine code directly, avoiding the slower interpretation path. Hardware acceleration and performant security primitives would benefit the generated JIT code directly and increase the adoption of hardware-enforced primitives in a high-level execution component. The RISC-V instruction set architecture presents extension capabilities to design and integrate custom instructions. It is available as open-source and several capable open-source cores coexist, usable for prototyping. Testing JIT-compiler-specific instruction extensions would require extending the JIT compiler itself, other VM components, the underlying operating system, and the hardware implementation. As the cost of hardware prototyping is already high, a lightweight representation of the JIT compiler code region in memory would ease prototyping and implementation of new solutions. In this work, we present Gigue, a binary generator that outputs bare-metal executable code, representing a JIT code region snapshot composed of randomly filled methods. Its main goal is to speed up hardware extension prototyping by defining JIT-centered workloads over the newly defined instructions. It is modular and heavily configurable to qualify different JIT code regions’ implementations from VMs and different running applications. We show how the generated binaries can be extended with three custom extensions, whose execution is guaranteed by Gigue’s testing framework. We also present different application case generation and execution on top of a fully-featured RISC-V core.&lt;/p&gt;</description></item><item><title>Porting a JIT compiler to RISC-V: Challenges and Opportunities</title><link>https://pcotret.gitlab.io/publications/2022-ducasse-mplr/</link><pubDate>Wed, 14 Sep 2022 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2022-ducasse-mplr/</guid><description>&lt;p&gt;The RISC-V Instruction Set Architecture (ISA) is an open-source, modular and extensible ISA. The ability to add new instructions into a dedicated core opens up perspectives to accelerate VM components or provide dedicated hardware IPs to applications running on top. However, the RISC-V ISA design is clashing on several aspects with other ISAs and therefore software historically built around them. Among them, the lack of condition codes and instruction expansion through simple instruction combination. In this paper we present the challenges of porting Cogit, the Pharo’s JIT compiler tightly linked to the x86 ISA, on RISC-V. We present concrete examples of them and the rationale behind their inclusion in the RISC-V ISA. We show how those mismatches are solved through design choices of the compilation process or through tools helping development, a VM simulation framework to keep the development in a high-level environment for the most part, an ISA-agnostic test harness covering main VM functionalities and a machine code debugger to explore and execute generated machine code. We also present a way to prototype custom instructions and execute them in the Pharo environment.&lt;/p&gt;</description></item><item><title>Benchmarking quantized neural networks on FPGAs with FINN</title><link>https://pcotret.gitlab.io/publications/2021-ducasse-sloha/</link><pubDate>Fri, 05 Feb 2021 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2021-ducasse-sloha/</guid><description>&lt;p&gt;The ever-growing cost of both training and inference for state-of-the-art neural networks has brought literature to look upon ways to cut off resources used with a minimal impact on accuracy. Using lower precision comes at the cost of negligible loss in accuracy. While training neural networks may require a powerful setup, deploying a network must be possible on low-power and low-resource hardware architectures. Reconfigurable architectures have proven to be more powerful and flexible than GPUs when looking at a specific application. This article aims to assess the impact of mixed-precision when applied to neural networks deployed on FPGAs. While several frameworks exist that create tools to deploy neural networks using reduced-precision, few of them assess the importance of quantization and the framework quality. FINN and Brevitas, two frameworks from Xilinx labs, are used to assess the impact of quantization on neural networks using 2 to 8 bit precisions and weights with several parallelization configurations. Equivalent accuracy can be obtained using lower-precision representation and enough training. However, the compressed network can be better parallelized allowing the deployed network throughput to be 62 times faster. The benchmark set up in this work is available in a public repository (this https URL benchmark).&lt;/p&gt;</description></item><item><title>A novel lightweight hardware-assisted static instrumentation approach for ARM SoC using debug components</title><link>https://pcotret.gitlab.io/publications/2018-wahab-asianhost/</link><pubDate>Mon, 17 Dec 2018 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2018-wahab-asianhost/</guid><description>&lt;p&gt;DIFT (Dynamic Information Flow Tracking) has been a hot topic for more than a decade. Unfortunately, existing hardware DIFT approaches have not been widely used neither by research community nor by hardware vendors. It is due to two major reasons, current hardware DIFT solutions lack support for multithreaded applications and implementations for hardcore processors. This work addresses both issues by introducing an approach with some unique features, DIFT for multi-threaded software, virtual memory protection (rather than physical memory as in related works) and Linux kernel support using an information flow monitor called RFBlare. These goals are accomplished by taking advantage of a notable feature of ARM CoreSight components (context ID) combined with a custom DIFT coprocessor and RFBlare. The communication time overhead, major source of slowdown in total DIFT time overhead, is divided by a factor 3.8 compared to existing solutions with similar software constraints as in this work. The area overhead of this work is lower than 1% and power overhead is 16.2% on a middle-class Xilinx Zynq SoC.&lt;/p&gt;</description></item><item><title>A small and adaptive coprocessor for information flow tracking in ARM SoCs</title><link>https://pcotret.gitlab.io/publications/2018-wahab-reconfig/</link><pubDate>Mon, 03 Dec 2018 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2018-wahab-reconfig/</guid><description>&lt;p&gt;DIFT (Dynamic Information Flow Tracking) has been a hot topic for more than a decade. Unfortunately, existing hardware DIFT approaches have not been widely used neither by research community nor by hardware vendors. It is due to two major reasons, current hardware DIFT solutions lack support for multithreaded applications and implementations for hardcore processors. This work addresses both issues by introducing an approach with some unique features, DIFT for multi-threaded software, virtual memory protection (rather than physical memory as in related works) and Linux kernel support using an information flow monitor called RFBlare. These goals are accomplished by taking advantage of a notable feature of ARM CoreSight components (context ID) combined with a custom DIFT coprocessor and RFBlare. The communication time overhead, major source of slowdown in total DIFT time overhead, is divided by a factor 3.8 compared to existing solutions with similar software constraints as in this work. The area overhead of this work is lower than 1% and power overhead is 16.2% on a middle-class Xilinx Zynq SoC.&lt;/p&gt;</description></item><item><title>ARMHEx: A hardware extension for DIFT on ARM-based SoCs</title><link>https://pcotret.gitlab.io/publications/2017-wahab-fpl/</link><pubDate>Fri, 08 Sep 2017 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2017-wahab-fpl/</guid><description>&lt;p&gt;Security is a major issue nowadays for the embedded systems community. Untrustworthy authorities may use a wide range of attacks in order to retrieve critical information. This paper introduces ARMHEx, a practical solution targeting DIFT (Dynamic Information Flow Tracking) on ARM-based SoCs (e.g. Xilinx Zynq). Current DIFT implementations suffer from two major drawbacks. First, recovering required information for DIFT is generally based on software instrumentation leading to high time overheads. ARMHEx takes profit of ARM CoreSight debug components and static analysis to drastically reduce instrumentation time overhead (up to 90% compared to existing works). Then, security of the DIFT hardware extension itself is not considered in related works. In this work, we tackle this issue by proposing a solution based on ARM Trustzone.&lt;/p&gt;</description></item><item><title>A framework for efficient DIFT in real-world SoCs</title><link>https://pcotret.gitlab.io/publications/2017-wahab-fpl-short/</link><pubDate>Mon, 04 Sep 2017 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2017-wahab-fpl-short/</guid><description>&lt;p&gt;Security is a major issue nowadays for the embedded systems community. Untrustworthy authorities may use a wide range of attacks in order to retrieve critical information. This paper introduces ARMHEx, a practical solution targeting DIFT (Dynamic Information Flow Tracking) on ARM-based SoCs (e.g. Xilinx Zynq). Current DIFT implementations suffer from two major drawbacks. First, recovering required information for DIFT is generally based on software instrumentation leading to high time overheads. ARMHEx takes profit of ARM CoreSight debug components and static analysis to drastically reduce instrumentation time overhead (up to 90% compared to existing works). Then, security of the DIFT hardware extension itself is not considered in related works. In this work, we tackle this issue by proposing a solution based on ARM Trustzone.&lt;/p&gt;</description></item><item><title>ARMHEx: A hardware extension for DIFT on ARM-based SoCs</title><link>https://pcotret.gitlab.io/publications/2017-fournier-sstic/</link><pubDate>Wed, 14 Jun 2017 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2017-fournier-sstic/</guid><description>&lt;p&gt;The commercial drone market has significantly taken off for
a few years. In 2016, sales of drones used for commercial and enterprise purposes was worth 3.4 billion dollars. This fast-growing field raises many questions regarding security since damages caused by such drones could be disastrous. Knowing that in some cases, transmission range is so wide (7 kilometers for a DJI Phantom 4 Pro) and that some drones can lift off more than 30 kg worth of equipment, we cannot deny that there will be (and already are) unexpected and unwanted uses of such a technology. In this article, we introduce DroneJack, an automatic anti-drone solution that can protect an area from being flown over. Using DroneJack, you can conduct a predefined defense over foreign drones as shutting them down, pilot them instead of the true user, direct them towards some GPS coordinates. You can also exploit data owned by the drone to recover photos, videos or flight logs. Even better, you can configure your own attacks on foreign drones and deploy them on DroneJack. Let’s play!&lt;/p&gt;</description></item><item><title>Pwning ARM Debug Components for Sec-Related Stuff</title><link>https://pcotret.gitlab.io/publications/2017-wahab-hitb/</link><pubDate>Fri, 14 Apr 2017 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2017-wahab-hitb/</guid><description>&lt;p&gt;No abstract yet.&lt;/p&gt;</description></item><item><title>Hit the KeyJack: stealing data from your daily wireless devices incognito</title><link>https://pcotret.gitlab.io/publications/2016-fournier-caesar/</link><pubDate>Wed, 23 Nov 2016 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2016-fournier-caesar/</guid><description>&lt;p&gt;Internet of Things (IoT) is one of the most fast-growing field in high technologies nowadays. Therefore, lots of electronic devices include wireless connections with several communication protocols (WiFi, ZigBee, Sigfox, LoRa and so on). Nevertheless, designers of such components do not take care of security features most of the time while focusing on communication reliability (speed, throughput and low power consumption). As a consequence, several wireless IoT devices transmit data in plaintext creating lots of security breaches for both eavesdropping and data injection attacks. This work introduces KeyJack, a preliminary proof-of-concept of a solution aiming to eavesdrop wireless devices and hopefully perform injection attacks afterwards. KeyJack operates on widely-used devices: our keyboards! This solution is based on low-cost embedded electronics and gives an attacker or a white hat hacker the possibility to retrieve data from John Doe&amp;rsquo;s computer. This work also shows that this approach could be used to any wireless device using 2.4GHz radio chips like the NRF24L01 from Nordic Semiconductor.&lt;/p&gt;</description></item><item><title>Multi-standard OFDM transceiver for heterogeneous system-on-chips</title><link>https://pcotret.gitlab.io/publications/2016-cotret-winncomm/</link><pubDate>Tue, 11 Oct 2016 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2016-cotret-winncomm/</guid><description>&lt;p&gt;No abstract yet.&lt;/p&gt;</description></item><item><title>Towards a hardware-assisted information flow tracking ecosystem for ARM processors</title><link>https://pcotret.gitlab.io/publications/2016-wahab-fpl/</link><pubDate>Mon, 29 Aug 2016 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2016-wahab-fpl/</guid><description>&lt;p&gt;Security is a major issue nowadays for the embedded systems community. Untrustworthy authorities may use a wide range of attacks in order to retrieve critical information. This paper introduces ARMHEx, a practical solution targeting DIFT (Dynamic Information Flow Tracking) on ARM-based SoCs (e.g. Xilinx Zynq). Current DIFT implementations suffer from two major drawbacks. First, recovering required information for DIFT is generally based on software instrumentation leading to high time overheads. ARMHEx takes profit of ARM CoreSight debug components and static analysis to drastically reduce instrumentation time overhead (up to 90% compared to existing works). Then, security of the DIFT hardware extension itself is not considered in related works. In this work, we tackle this issue by proposing a solution based on ARM Trustzone.&lt;/p&gt;</description></item><item><title>Embedded wavelet-based face recognition under variable position</title><link>https://pcotret.gitlab.io/publications/2015-cotret-spie/</link><pubDate>Sun, 13 Sep 2015 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2015-cotret-spie/</guid><description>&lt;p&gt;For several years, face recognition has been a hot topic in the image processing field, this technique is applied in several domains such as CCTV, electronic devices delocking and so on. In this context, this work studies the efficiency of a wavelet-based face recognition method in terms of subject position robustness and performance on various systems. The use of wavelet transform has a limited impact on the position robustness of PCA-based face recognition. This work shows, for a well-known database (Yale face database B), that subject position in a 3D space can vary up to 10% of the original ROI size without decreasing recognition rates. Face recognition is performed on approximation coefficients of the image wavelet transform, results are still satisfying after 3 levels of decomposition. Furthermore, face database size can be divided by a factor 64 (22K with K = 3). In the context of ultra-embedded vision systems, memory footprint is one of the key points to be addressed; that is the reason why compression techniques such as wavelet transform are interesting. Furthermore, it leads to a low-complexity face detection stage compliant with limited computation resources available on such systems. The approach described in this work is tested on three platforms from a standard x86-based computer towards nanocomputers such as RaspberryPi and SECO boards. For K = 3 and a database with 40 faces, the execution mean time for one frame is 0.64 ms on a x86-based computer, 9 ms on a SECO board and 26 ms on a RaspberryPi (B model).&lt;/p&gt;</description></item><item><title>Lightweight reconfiguration security services for AXI-based MPSoCs</title><link>https://pcotret.gitlab.io/publications/2012-cotret-fpl/</link><pubDate>Thu, 30 Aug 2012 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2012-cotret-fpl/</guid><description>&lt;p&gt;Nowadays, security is a key constraint in MPSoC development as many critical and secret information can be stored and manipulated within these systems. Addressing the protection issue in an efficient way is challenging as information can leak from many points. However one strategic component of a bus-based MPSoC is the communication architecture as all information that an attacker could try to extract or modify would be visible on the bus. Thus monitoring and controlling communications allows an efficient protection of the whole system. Attacks can be detected and discarded before system corruption. In this work, we propose a lightweight solution to dynamically update hardware firewall enhancements which secure data exchanges in a bus-based MPSoC. It provides a standalone security solution for AXI-based embedded systems where no user intervention is required for security mechanisms update. An FPGA implementation demonstrates an area overhead of around 11% for the adaptive version of the hardware firewall compared to the static one.&lt;/p&gt;</description></item><item><title>Security enhancements for FPGA-based MPSoCs: A boot-to-runtime protection flow for an embedded Linux-based system</title><link>https://pcotret.gitlab.io/publications/2012-cotret-recosoc/</link><pubDate>Wed, 11 Jul 2012 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2012-cotret-recosoc/</guid><description>&lt;p&gt;Nowadays, embedded systems become more and more complex:the hardware/software codesign approach is a method to create such systems in a single chip which can be based on reconfigurable technologies such as FPGAs (Field-Programmable Gate Arrays). In such systems, data exchanges are a key point as they convey critical and confidential information and data are transmitted between several hardware modules and software layers. In case of an FPGA development life cycle, OS (Operating System) / data updates as runtime communications can be done through an insecure link:attackers can use this medium to make the system misbehave (malicious injection) or retrieve bitstream-related information (eavesdropping). Recent works propose solutions to securely boot a bitstream and the associated OS while runtime transactions are not protected. This work proposes a full boot-to-runtime protection flow of an embedded Linux kernel during boot and confidentiality/integrity protection of the external memory containing the kernel and the main application code/data. This work shows that such a solution with hardware components induces an area occupancy of 10% of a xc6vlx240t Virtex-6 FPGA while having an improved throughput for Linux booting and low-latency security for runtime protection.&lt;/p&gt;</description></item><item><title>Bus-based MPSoC security through communication protection: A latency-efficient alternative</title><link>https://pcotret.gitlab.io/publications/2012-cotret-fccm/</link><pubDate>Tue, 01 May 2012 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2012-cotret-fccm/</guid><description>&lt;p&gt;Security in MPSoC is gaining an increasing attention since several years. Digital convergence is one of the numerous reasons explaining such a focus on embedded systems as many sensitive and secret data are now stored, manipulated and exchanged in these systems. Most solutions are currently built at the software level; we believe hardware enhancements also play a major role in system protection. One strategic point is the communication layer as all data goes through its architecture. Monitoring and controlling communications enable to fend off attacks before system corruption. In this work, we propose an efficient solution with several hardware enhancements to secure data exchanges in a bus-based MPSoC. Our approach relies on low complexity distributed firewalls connected to all critical IPs of the system. Designers can deploy different security policies (access right, data format, authentication, confidentiality) in order to protect the system in a flexible way. To illustrate the benefit of such a solution, implementations are discussed for different MPSoCs implemented on Xilinx Virtex-6 FPGAs. Results demonstrate a reduction up to 33% in terms of latency overhead compared to existing efforts.&lt;/p&gt;</description></item><item><title>Efficient key-dependent message authentication in reconfigurable hardware</title><link>https://pcotret.gitlab.io/publications/2011-crenne-fpt/</link><pubDate>Mon, 12 Dec 2011 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2011-crenne-fpt/</guid><description>&lt;p&gt;Cryptographic message authentication is a growing need for FPGA-based embedded systems. In this paper a customized FPGA implementation of a GHASH function that is used in AES-GCM, a widely-used message authentication protocol, is described. The implementation limits GHASH logic utilization by specializing the hardware implementation on a per-key basis. The implemented module can generate a 128bit message authentication code in both pipelined and unpipelined versions. The pipelined GHASH version achieves an authentication throughput of more than 14 Gbit/s on a Spartan-3 FPGA and 292 Gbit/s on a Virtex-6 device. To promote adoption in the field, the complete source code for this work has been made publically-available.&lt;/p&gt;</description></item><item><title>Efficient key-dependent message authentication in reconfigurable hardware</title><link>https://pcotret.gitlab.io/publications/2010-gaspar-reconfig/</link><pubDate>Wed, 15 Dec 2010 00:00:00 +0000</pubDate><guid>https://pcotret.gitlab.io/publications/2010-gaspar-reconfig/</guid><description>&lt;p&gt;The paper presents a novel concept of processor aimed at symmetric-key cryptographic applications. Its architecture is optimized for implementation of common cryptography tasks. The processor has 128-bit separated data and key registers, dedicated instruction set optimized for key generation and management, embedded cipher, and embedded random number generator. From an architectural point of view, the most important characteristic of the proposed crypto-processor is the physical separation of data and key registers and buses, insuring that confidential keys will never leave the system in clear. This way, the processor enables to separate protected and unprotected security zones easily and also achieve complete physical isolation of key management and data zones inside the single FPGA. The first version of the processor implemented in Xilinx Virtex 5 FPGA device achieves the frequency of 160 MHz and it occupies 1343 configurable logic blocks and 21 embedded memory blocks.&lt;/p&gt;</description></item></channel></rss>