Constructing software countermeasures against instruction manipulation attacks: an approach based on vulnerability evaluation using fault simulator

Fault injection attacks (FIA), which cause information leakage by injecting intentional faults into the data or operations of devices, are one of the most powerful methods compromising the security of confidential data stored on these devices. Previous studies related to FIA report that attackers can skip instructions running on many devices through many means of fault injection. Most existing anti-FIA countermeasures on software are designed to secure against instruction skip (IS). On the other hand, recent studies report that attackers can use laser fault injection to manipulate instructions running on devices as they want. Although the previous studies have shown that instruction manipulation (IM) could attack the existing countermeasures against IS, no effective countermeasures against IM have been proposed. This paper is the first work tackling this problem, aiming to construct software-based countermeasures against IM faults. Evaluating program vulnerabilities to IM faults is required to consider countermeasures against IM faults. We propose three IM simulation environments for that aim and compare them to reveal their performance difference. GDB (GNU debugger)-based simulator that we newly propose in this paper outperforms the QEMU-based simulator that we presented in AICCSA:1–8, 2020 in advance, in terms of evaluation time at most $$\times$$ × 400 faster. Evaluating a target program using the proposed IM simulators reveals that the IM faults leading to attack successes are classified into four classes. We propose secure coding techniques as countermeasures against IMs of each four classes and show the effectiveness of the countermeasures using the IM simulators.

Vulnerability and site effects in earthquake disasters in Armenia (Colombia) – Part 2 : Observed damage and vulnerability

Damage in Armenia, Colombia, for the 25 January 1999 (Mw=6.2, peak ground acceleration (PGA) 580 Gal) event was disproportionate. We analyze the damage report as a function of number of stories and construction age of buildings. We recovered two vulnerability evaluations made in Armenia in 1993 and in 2004. We compare the results of the 1993 evaluation with damage observed in 1999 and show that the vulnerability evaluation made in 1993 could have predicted the relative frequency of damage observed in 1999. Our results show that vulnerability of the building stock was the major factor behind damage observed in 1999. Moreover, it showed no significant reduction between 1999 and 2004.

A Simulation Software for the Evaluation of Vulnerabilities in Reputation Management Systems

Multi-agent distributed systems are characterized by autonomous entities that interact with each other to provide, and/or request, different kinds of services. In several contexts, especially when a reward is offered according to the quality of service, individual agents (or coordinated groups) may act in a selfish way. To prevent such behaviours, distributed Reputation Management Systems (RMSs) provide every agent with the capability of computing the reputation of the others according to direct past interactions, as well as indirect opinions reported by their neighbourhood. This last point introduces a weakness on gossiped information that makes RMSs vulnerable to malicious agents’ intent on disseminating false reputation values. Given the variety of application scenarios in which RMSs can be adopted, as well as the multitude of behaviours that agents can implement, designers need RMS evaluation tools that allow them to predict the robustness of the system to security attacks, before its actual deployment. To this aim, we present a simulation software for the vulnerability evaluation of RMSs and illustrate three case studies in which this tool was effectively used to model and assess state-of-the-art RMSs.

DataBase Management System (DBMS) of Model Of InTegrated Impact and Vulnerability Evaluation for Climate Change (MOTIVE)

<p>The Model Of InTegrated Impact and Vulnerability Evaluation of climate change (MOTIVE) project (2014 - 2020) develops an integrated assessment platform including health, water (quantity and quality of water, aquatic ecology), agriculture (productivity, suitability, greenhouse-gas emissions), forest (net ecosystem exchanges, soil carbon content, landslide, forest fire), land-ecosystem (species diversity, habitat), ocean (flood area by the typhoon), and fishery (gross primary productivity, catch) sectors. The MOTIVE assesses the societal impact and vulnerability of climate change in the 2030s, 2050s, and 2080s. The 1 km high-resolution Representative Concentration Pathways climate scenarios (RCPs) are predicted by the dynamically downscaling from the Community Earth System Model (CESM) by Korea Environment Institute and the Unified Model (UM) by Korea Meteorological Administration. The user-friendly webpage is designed with the DataBase Management System (DBMS) to visualize the results of MOTIVE. This DBMS-MOTIVE aims to provide the scientific-knowledge for adaptation planning the local community to national scales. This study is supported by “Basic Study on Improving Climate Resilience” (2021-001-03), conducted by the Korea Environment Institute (KEI) upon the request of the Korea Ministry of Environment.</p>