Approaches for FPGA Design Assurance

Field-Programmable Gate Arrays (FPGAs) are widely used for custom hardware implementations, including in many security-sensitive industries, such as defense, communications, transportation, medical, and more. Compiling source hardware descriptions to FPGA bitstreams requires the use of complex computer-aided design (CAD) tools. These tools are typically proprietary and closed-source, and it is not possible to easily determine that the produced bitstream is equivalent to the source design. In this work, we present various FPGA design flows that leverage pre-synthesizing or pre-implementing parts of the design, combined with open-source synthesis tools, bitstream-to-netlist tools, and commercial equivalence-checking tools, to verify that a produced hardware design is equivalent to the designer’s source design. We evaluate these different design flows on several benchmark circuits and demonstrate that they are effective at detecting malicious modifications made to the design during compilation. We compare our proposed design flows with baseline commercial design flows and measure the overheads to area and runtime.

REVOLVER: a low-cost automated protein purifier based on parallel preparative gravity column workflows

Protein purification is a ubiquitous operation in biochemistry and life sciences and represents a key step to producing purified proteins for research (understanding how proteins work) and various applications. The need for scalable and parallel protein purification systems keeps growing due to the increase in throughput in the production of recombinant proteins and in the ever-growing scale of biochemistry research. Therefore, automating the process to handle multiple samples in parallel with minimal human intervention is highly desirable; yet only a handful of such tools have been developed, all of which are closed source and expensive. To address this challenge, we present REVOLVER, a 3D-printed programmable and automatic protein purification system based on gravity-column workflows and controlled by Arduino boards that can be built for under $130 USD. REVOLVER completes a full protein purification process with almost no human intervention and yields results equivalent to those obtained by an experienced biochemist when purifying a real-world protein sample. We further present and describe MULTI-VOLVER, a scalable version of the REVOLVER that allows for parallel purification of up to six samples and can be built for under $250 USD. Both systems will be useful to accelerate protein purification and ultimately link them to bio-foundries for protein characterization and engineering.

Searching Deterministic Chaotic Properties in System-Wide Vulnerability Datasets

Cybersecurity is a never-ending battle against attackers, who try to identify and exploit misconfigurations and software vulnerabilities before being patched. In this ongoing conflict, it is important to analyse the properties of the vulnerability time series to understand when information systems are more vulnerable. We study computer systems’ software vulnerabilities and probe the relevant National Vulnerability Database (NVD) time-series properties. More specifically, we show through an extensive experimental study based on the National Institute of Standards and Technology (NIST) database that the relevant systems software time series present significant chaotic properties. Moreover, by defining some systems based on open and closed source software, we compare their chaotic properties resulting in statistical conclusions. The contribution of this novel study is focused on the prepossessing stage of vulnerabilities time series forecasting. The strong evidence of their chaotic properties as derived by this research effort could lead to a deeper analysis to provide additional tools to their forecasting process.

ARMPatch: A Binary Patching Framework for ARM-based IoT Devices

With the rapid advancement of hardware and internet technologies, we are surrounded by more and more Internet of Things (IoT) devices. Despite the convenience and boosted productivity that these devices have brought to our lives and industries, new security implications have arisen. IoT devices bring many new attack vectors, causing an increment of cyber-attacks that target these systems in the recent years. However, security vulnerabilities on numerous devices are often not fixed. This may due to providers not being informed in time, they have stopped maintaining these models, or they simply no longer exist. Even if an official fix for a security issue is finally released, it usually takes a long time. This gives hackers time to exploit vulnerabilities extensively, which in many cases requires customers to disconnect vulnerable devices, leading to outages. As the software is usually closed source, it is also unlikely that the community will review and modify the source code themselves and provide updates. In this study, we present ARMPatch, a flexible static binary patching framework for ARM-based IoT devices, with a focus on security fixes. After identified the unique challenges of performing binary patching on ARM platforms, we have provided novel features by replacing, modifying, and adding code to already compiled programs. Then, the viability and usefulness of our solution has been verified through demos and final programs on real devices. Finally, we have discussed the current limitations of our approach and future challenges.

reciprocalspaceship: a Python library for crystallographic data analysis

Crystallography uses the diffraction of X-rays, electrons or neutrons by crystals to provide invaluable data on the atomic structure of matter, from single atoms to ribosomes. Much of crystallography's success is due to the software packages developed to enable automated processing of diffraction data. However, the analysis of unconventional diffraction experiments can still pose significant challenges – many existing programs are closed source, sparsely documented, or challenging to integrate with modern libraries for scientific computing and machine learning. Described here is reciprocalspaceship, a Python library for exploring reciprocal space. It provides a tabular representation for reflection data from diffraction experiments that extends the widely used pandas library with built-in methods for handling space groups, unit cells and symmetry-based operations. As is illustrated, this library facilitates new modes of exploratory data analysis while supporting the prototyping, development and release of new methods.

ANALYSIS OF LINUX OS SECURITY TOOLS FOR PACKET FILTERING AND PROCESSING

Open-source software and its components are widely used in various products, solutions, and applications, even in closed-source. Majority of them are made on Linux or Unix based systems. Netfilter framework is one of the examples. It is used for packet filtering, load-balancing, and many other manipulations with network traffic. Netfilter based packet filter iptables has been most common firewall tool for Linux systems for more than two decades. Successor of iptables – nftables was introduced in 2014. It was designed to overcome various iptables limitations. However, it hasn’t received wide popularity and transition is still ongoing. In recent years researchers and developers around the world are searching for solution to increase performance of packet processing tools. For that purpose, many of them trying to utilize eBPF (Extended Berkeley Packet Filter) with XDP (Express Data Path) data path. This paper focused on analyzing Linux OS packet filters and comparing their performances in different scenarios.

P4Pi

High level, network programming languages, like P4, enable students to gain hands-on experience in the structure of a switch or router. Students can implement the packet processing pipeline themselves, without prior knowledge of circuit design. However, when choosing a P4 programmable target for use in the classroom, instructors face a lack of options. On the one hand, software solutions, such as the behavioral model (BMv2) switch, are overly simplified and offer low performance. On the other hand, existing hardware solutions are closed source and expensive. In this paper, we present P4Pi, a new, low-cost, open-source hardware platform intended for networking education. P4Pi allows students to design and deploy P4-based network devices using the Raspberry Pi board, which has a price tag of less than many academic textbooks. We describe the high-level design of the P4Pi platform, offer some suggestions for how P4Pi could be used in the classroom, and present some additional use-cases for applications and functionality that could be developed using P4Pi.

MAYGEN: an open-source chemical structure generator for constitutional isomers based on the orderly generation principle

The generation of constitutional isomer chemical spaces has been a subject of cheminformatics since the early 1960s, with applications in structure elucidation and elsewhere. In order to perform such a generation efficiently, exhaustively and isomorphism-free, the structure generator needs to ensure the building of canonical graphs already during the generation step and not by subsequent filtering. Here we present MAYGEN, an open-source, pure-Java development of a constitutional isomer molecular generator. The principles of MAYGEN’s architecture and algorithm are outlined and the software is benchmarked in single-threaded mode against the state-of-the-art, but closed-source solution MOLGEN, as well as against the best open-source solution PMG. Based on the benchmarking, MAYGEN is on average 47 times faster than PMG and on average three times slower than MOLGEN in performance.