TLB-pilot: Mitigating TLB Contention Attack on GPUs with Microarchitecture-Aware Scheduling

Co-running GPU kernels on a single GPU can provide high system throughput and improve hardware utilization, but this raises concerns on application security. We reveal that translation lookaside buffer (TLB) attack, one of the common attacks on CPU, can happen on GPU when multiple GPU kernels co-run. We investigate conditions or principles under which a TLB attack can take effect, including the awareness of GPU TLB microarchitecture, being lightweight, and bypassing existing software and hardware mechanisms. This TLB-based attack can be leveraged to conduct Denial-of-Service (or Degradation-of-Service) attacks. Furthermore, we propose a solution to mitigate TLB attacks. In particular, based on the microarchitecture properties of GPU, we introduce a software-based system, TLB-pilot, that binds thread blocks of different kernels to different groups of streaming multiprocessors by considering hardware isolation of last-level TLBs and the application’s resource requirement. TLB-pilot employs lightweight online profiling to collect kernel information before kernel launches. By coordinating software- and hardware-based scheduling and employing a kernel splitting scheme to reduce load imbalance, TLB-pilot effectively mitigates TLB attacks. The result shows that when under TLB attack, TLB-pilot mitigates the attack and provides on average 56.2% and 60.6% improvement in average normalized turnaround times and overall system throughput, respectively, compared to the traditional Multi-Process Service based co-running solution. When under TLB attack, TLB-pilot also provides up to 47.3% and 64.3% improvement (41% and 42.9% on average) in average normalized turnaround times and overall system throughput, respectively, compared to a state-of-the-art co-running solution for efficiently scheduling of thread blocks.

Survey on Reverse-Engineering Tools for Android Mobile Devices

With the presence of the Internet and the frequent use of mobile devices to send several transactions that involve personal and sensitive information, it becomes of great importance to consider the security aspects of mobile devices. And with the increasing use of mobile applications that are utilized for several purposes such as healthcare or banking, those applications have become an easy and attractive target for attackers who want to get access to mobile devices and obtain users’ sensitive information. Developing a secure application is very important; otherwise, attackers can easily exploit vulnerabilities in mobile applications which lead to serious security issues such as information leakage or injecting applications with malicious programs to access user data. In this paper, we survey the literature on application security on mobile devices, specifically mobile devices running on the Android platform, and exhibit security threats in the Android system. In addition, we study many reverse-engineering tools that are utilized to exploit vulnerabilities in applications. We demonstrate several reverse-engineering tools in terms of methodology, security holes that can be exploited, and how to use these tools to help in developing more secure applications.

Small Prime Divisors Attack and Countermeasure against the RSA-OTP Algorithm

One-time password algorithms are widely used in digital services to improve security. However, many such solutions use a constant secret key to encrypt (process) one-time plaintexts. A paradigm shift from constant to one-time keys could introduce tangible benefits to the application security field. This paper analyzes a one-time password concept for the Rivest–Shamir–Adleman algorithm, in which each key element is hidden, and the value of the modulus is changed after each encryption attempt. The difference between successive moduli is exchanged between communication sides via an unsecure channel. Analysis shows that such an approach is not secure. Moreover, determining the one-time password element (Rivest–Shamir–Adleman modulus) can be straightforward. A countermeasure for the analyzed algorithm is proposed.

Android Apps Security Assessment using Sentiment Analysis Techniques: Comparative Study

Considering that application security is an important aspect, especially nowadays with the increase in technology and the number of fraudsters. It should be noted that determining the security of an application is a difficult task, especially since most fraudsters have become skilled and professional at manipulating people and stealing their sensitive data. Therefore, we pay attention to trying to spot insecurity apps, by analyzing user feedback on the Google Play platform and using sentiment analysis to determine the apps level of security. As it is known, user reviews reflect their experiments and experiences in addition to their feelings and satisfaction with the application or not. But unfortunately, not all of these reviews are real, and as is known, the fake reviews do not reflect the sincerity of feelings, so we have been keen in our work to filter the reviews to be the result is accurate and correct. This study is useful for both users wanting to install android apps and for developers interested in app optimization.

Medical Image Watermarking for Telemedicine Application Security

In this work, we proposed a robust and blind watermarking approach to adequately secure medical images exchanged in telemedicine. This approach ensures the traceability and integrity of the medical and essential image for data security in the field of telemedicine. In this paper, a blind watermarking method is proposed to adequately secure the electronic patient records. The integration of the watermark will be carefully performed by combining the parity of the successive values. This innovative approach will be typically implemented in the three insertion domains: spatial, frequency and multi-resolution. For the spatial domain, the watermark will be integrated into the colorimetric values of the image. In the frequency domain, the watermark bits will be substituted to the DCT coefficient’s least significant bit. For the multi-resolution domain insertion, after calculating a DWT, the obtained LL sub-band coefficients will be used for the integration process. After comparing our approaches to the various recent works in the three domains, the obtained results demonstrate that our proposed approach offers a good imperceptibility for the frequency and spatial domains insertion.