Processor Anchor to Increase the Robustness Against Fault Injection and Cyber Attacks

2021 ◽  
pp. 254-274
Author(s):  
Jean-Luc Danger ◽  
Adrien Facon ◽  
Sylvain Guilley ◽  
Karine Heydemann ◽  
Ulrich Kühne ◽  
...  
Keyword(s):  
Fault Injection ◽  
Cyber Attacks

scholarly journals Cloudstrike: Chaos Engineering for Security and Resiliency in Cloud Infrastructure

2020 ◽  
Author(s):  
Kennedy Torkura
Keyword(s):  
Knowledge Base ◽  
Fault Injection ◽  
Software Tool ◽  
Cloud Security ◽  
Cyber Attacks ◽  
Cloud Infrastructure ◽  
Security Issues ◽  
Security Controls ◽  
Security Models ◽  
Consumption Rates

<div>Most cyber-attacks and data breaches in cloud</div><div>infrastructure are due to human errors and misconfiguration</div><div>vulnerabilities. Cloud customer-centric tools are lacking, and existing</div><div>security models do not efficiently tackle these security challenges.</div><div>Novel security mechanisms are imperative, therefore, we</div><div>propose Risk-driven Fault Injection (RDFI) techniques to tackle</div><div>these challenges. RDFI applies the principles of chaos engineering</div><div>to cloud security and leverages feedback loops to execute, monitor,</div><div>analyze and plan security fault injection campaigns, based on</div><div>a knowledge-base. The knowledge-base consists of fault models</div><div>designed from cloud security best practices and observations</div><div>derived during iterative fault injection campaigns. Furthermore,</div><div>the observations indicate security weaknesses and verify the</div><div>correctness of security attributes (integrity, confidentiality and</div><div>availability) and security controls. Ultimately this knowledge is</div><div>critical in guiding security hardening efforts and risk analysis.</div><div>We have designed and implemented the RDFI strategies including</div><div>various chaos algorithms as a software tool: CloudStrike. Furthermore,</div><div>CloudStrike has been evaluated against infrastructure</div><div>deployed on two major public cloud systems: Amazon Web Service</div><div>and Google Cloud Platform. The time performance linearly</div><div>increases, proportional to increasing attack rates. Similarly, CPU</div><div>and memory consumption rates are acceptable. Also, the analysis</div><div>of vulnerabilities detected via security fault injection has been</div><div>used to harden the security of cloud resources to demonstrate the</div><div>value of CloudStrike. Therefore, we opine that our approaches</div><div>are suitable for overcoming contemporary cloud security issues</div>

scholarly journals Cloudstrike: Chaos Engineering for Security and Resiliency in Cloud Infrastructure

2020 ◽  
Author(s):  
Kennedy Torkura
Keyword(s):  
Knowledge Base ◽  
Fault Injection ◽  
Software Tool ◽  
Cloud Security ◽  
Cyber Attacks ◽  
Cloud Infrastructure ◽  
Security Issues ◽  
Security Controls ◽  
Security Models ◽  
Consumption Rates

<div>Most cyber-attacks and data breaches in cloud</div><div>infrastructure are due to human errors and misconfiguration</div><div>vulnerabilities. Cloud customer-centric tools are lacking, and existing</div><div>security models do not efficiently tackle these security challenges.</div><div>Novel security mechanisms are imperative, therefore, we</div><div>propose Risk-driven Fault Injection (RDFI) techniques to tackle</div><div>these challenges. RDFI applies the principles of chaos engineering</div><div>to cloud security and leverages feedback loops to execute, monitor,</div><div>analyze and plan security fault injection campaigns, based on</div><div>a knowledge-base. The knowledge-base consists of fault models</div><div>designed from cloud security best practices and observations</div><div>derived during iterative fault injection campaigns. Furthermore,</div><div>the observations indicate security weaknesses and verify the</div><div>correctness of security attributes (integrity, confidentiality and</div><div>availability) and security controls. Ultimately this knowledge is</div><div>critical in guiding security hardening efforts and risk analysis.</div><div>We have designed and implemented the RDFI strategies including</div><div>various chaos algorithms as a software tool: CloudStrike. Furthermore,</div><div>CloudStrike has been evaluated against infrastructure</div><div>deployed on two major public cloud systems: Amazon Web Service</div><div>and Google Cloud Platform. The time performance linearly</div><div>increases, proportional to increasing attack rates. Similarly, CPU</div><div>and memory consumption rates are acceptable. Also, the analysis</div><div>of vulnerabilities detected via security fault injection has been</div><div>used to harden the security of cloud resources to demonstrate the</div><div>value of CloudStrike. Therefore, we opine that our approaches</div><div>are suitable for overcoming contemporary cloud security issues</div>

Internal control in banks: Assessing the risk of cyber attacks

2019 ◽  
Vol 25 (3) ◽  
pp. 500-513
Author(s):  
P.V. Revenkov ◽  
Keyword(s):  
Internal Control ◽  
Cyber Attacks

Cyber attacks as a source of operational risk in electronic banking

2018 ◽  
Vol 24 (3) ◽  
pp. 629-640
Author(s):  
P.V. Revenkov ◽  
◽  
A.A. Berdyugin ◽  
Keyword(s):  
Operational Risk ◽  
Cyber Attacks ◽  
Electronic Banking

A Manual Diagnosis Approach Using Targeted Fault Injection and Fault Simulation to Extend ATPG Diagnostic Resolution in Localizing Faults

2019 ◽  
Author(s):  
Rommel Estores ◽  
Karo Vander Gucht
Keyword(s):  
Fault Injection ◽  
Fault Simulation ◽  
Fault Localization ◽  
Pattern Generation ◽  
Test Coverage ◽  
Actual Case ◽  
Electrical Failure ◽  
Starting Point ◽  
Diagnostic Resolution ◽  
Diagnosis Approach

Abstract This paper discusses a creative manual diagnosis approach, a complementary technique that provides the possibility to extend Automatic Test Pattern Generation (ATPG) beyond its own limits. The authors will discuss this approach in detail using an actual case – a test coverage issue where user-generated ATPG patterns and the resulting ATPG diagnosis isolated the fault to a small part of the digital core. However, traditional fault localization techniques was unable to isolate the fault further. Using the defect candidates from ATPG diagnosis as a starting point, manual diagnosis through fault Injection and fault simulation was performed. Further fault localization was performed using the ‘not detected’ (ND) and/or ‘detected’ (DT) fault classes for each of the available patterns. The result has successfully deduced the defect candidates until the exact faulty net causing the electrical failure was identified. The ability of the FA lab to maximize the use of ATPG in combination with other tools/techniques to investigate failures in detail; is crucial in the fast root cause determination and, in case of a test coverage, aid in having effective test screen method implemented.

Timing Sensitivity Analysis of Logical Nodes in Scan Design Integrated Circuits by Pulsed Diode Laser Stimulation

2008 ◽  
Author(s):  
T. Kiyan ◽  
C. Boit ◽  
C. Brillert
Keyword(s):  
Laser Pulse ◽  
Integrated Circuits ◽  
Continuous Wave ◽  
Fault Injection ◽  
Scan Design ◽  
Flip Flop ◽  
Laser Stimulation ◽  
Scan Chain ◽  
P Type ◽  
Scan Pattern

Abstract In this paper, a methodology based upon laser stimulation and a comparison of continuous wave and pulsed laser operation will be presented that localizes the fault relevant sites in a fully functional scan chain cell. The technique uses a laser incident from the backside to inject soft faults into internal nodes of a master-slave scan flip-flop in consequence of localized photocurrent. Depending on the illuminated type of the transistors (n- or p-type), injection of a logic ‘0’ or ‘1’ into the master or the slave stage of a flip-flop takes place. The laser pulse is externally triggered and can easily be shifted to various time slots in reference to clock and scan pattern. This feature of the laser diode allows triggering the laser pulse on the rising or the falling edge of the clock. Therefore, it is possible to choose the stage of the flip-flop in which the fault injection should occur. It is also demonstrated that the technique is able to identify the most sensitive signal condition for fault injection with a better time resolution than the pulse width of the laser, a significant improvement for failure analysis of integrated circuits.

The invisible hole of information on SMB's cybersecurity

2019 ◽  
Vol 7 (1) ◽  
pp. 14-26
Author(s):  
Ruti Gafni ◽  
Tal Pavel
Keyword(s):  
Mass Communication ◽  
Cyber Attacks ◽  
Communication Media ◽  
Specific Information ◽  
Exploratory Research ◽  
Cyber Attack ◽  
Public Attention ◽  
Cyber Threats ◽  
Accessible Information ◽  
Types Of Information

Small and Medium Businesses (SMB) use Internet and computer-based tools in their daily processes, sometimes without being aware to the cyber threats, or without knowing how to be prepared in case of a cyber-attack, although they are a major target for cyber-attacks. Specific information about cybersecurity needed by SMBs, in order to cope with cyber threats, is not always available or easily accessible. In this study, a vast search of different types of information about SMBs’ cybersecurity was performed, in order to find whether a hole of accessible information exists in this area. This exploratory research covered general mass communication media channels, technological and professional cybersecurity websites, and academic journals, and found that indeed very few studies, articles and news items were published in this matter. Leveraging knowledge and awareness, diminishing the shame for reporting cyber-attacks, and increasing mass communication media interest and public attention, may be activities to cover this “invisible hole”.

Sign in / Sign up

Export Citation Format

Share Document