using logic based reduction for adversarial component
play

Using Logic-Based Reduction for Adversarial Component Recovery* J. - PowerPoint PPT Presentation

Feb 11, 2024 •359 likes •727 views

Air Force Institute of Technology Develop America's Airmen Today ... for Tomorrow Using Logic-Based Reduction for Adversarial Component Recovery* J. Todd McDonald, Eric D. Trias, Yong C. Kim, and Michael R. Grimaila Center for Cyberspace

  1. Air Force Institute of Technology Develop America's Airmen Today ... for Tomorrow Using Logic-Based Reduction for Adversarial Component Recovery* J. Todd McDonald, Eric D. Trias, Yong C. Kim, and Michael R. Grimaila Center for Cyberspace Research Air Force Institute of Technology WPAFB, OH * The views expressed in this article are those of the authors and do not reflect the official policy or position of the United States Air Force, Department of Defense, or the U.S. Government Air University: The Intellectual and Leadership Center of the Air Force 1 Integrity - Service - Excellence

  2. Outline Develop America's Airmen Today ... for Tomorrow • Protection Context • Polymorphic Variation as Protection • Hiding Properties of Interest • Framework and Experimental Results Air University: The Intellectual and Leadership Center of the Air Force 2 Integrity - Service - Excellence

  3. Protection Context Develop America's Airmen Today ... for Tomorrow • Embedded Systems / “Hardware” • Increasingly represented as reprogrammable logic (i.e., software!) • We used to like hardware because it offered “hard” solutions for protection (physical anti-tamper, etc.) • Our beginning point: what happens if hardware-based protections fail? • Hardware protection: I try to keep you from physically getting the netlist/machine code • Software protection: I give you a netlist/machine code listing and ask you questions pertaining to some protection property of interest • Protection/exploitation both exist in the eye of the beholder Air University: The Intellectual and Leadership Center of the Air Force 3 Integrity - Service - Excellence

  4. Protection Context Develop America's Airmen Today ... for Tomorrow • Critical military / commercial systems vulnerable to malicious reverse engineering attacks • Financial loss • National security risk • Reverse Engineering and Digital Circuit Abstractions Air University: The Intellectual and Leadership Center of the Air Force 4 Integrity - Service - Excellence

  5. Polymorphic Variation as Protection Develop America's Airmen Today ... for Tomorrow • Experimental Approach: • Consider practical / real-world / theoretic circuit properties related to security • Use a variation process to create polymorphic circuit versions • Polymorphic = many forms of circuits with semantically equivalent or semantically recoverable functionality • Characterize algorithmic effects: • Empirically demonstrate properties • Prove as intractable • Prove as undecidable Air University: The Intellectual and Leadership Center of the Air Force 5 Integrity - Service - Excellence

  6. Two Roads Met in the Woods… and I Went Down Both… Develop America's Airmen Today ... for Tomorrow Semantic Semantic Changing Preserving Black-Box Refinement Polymorphic Generation Semantic Transformation Polymorphic Generation Obfuscation Program Encryption Random Program Model What can I measure? What can I prove / not prove What can I characterize? under RPM? What are the limits if I am only allowed to retain functionality? Air University: The Intellectual and Leadership Center of the Air Force 6 Integrity - Service - Excellence

  7. Defining Obfuscation Develop America's Airmen Today ... for Tomorrow • Since we can’t hide all information leakage…. • Can we protect intent? • Tampering with code in order to get specific results • Manipulating input in order to get specific results • Correlating input/output with environmental context • Can we impede identical exploits on functionally equivalent versions? • Can we define and measure any useful definition of hiding short of absolute proof and not based solely on variant size ? Air University: The Intellectual and Leadership Center of the Air Force 7 Integrity - Service - Excellence

  8. Hierarchy of Obfuscating Transforms Develop America's Airmen Today ... for Tomorrow Functional Hiding Logical Control Hiding View Component Hiding Signal Hiding Topology Hiding (Gate Replacement) Side Channel Properties Physical Manifestation Air University: The Intellectual and Leadership Center of the Air Force 8 Integrity - Service - Excellence

  9. Polymorphic Variation as Protection Develop America's Airmen Today ... for Tomorrow Algorithm and Variant Characterization: Selection: 1) Random 2) Deterministic 3) Mixture Replacement 1) Random 2) Deterministic 3) Mixture Air University: The Intellectual and Leadership Center of the Air Force 9 Integrity - Service - Excellence

  10. Framework and Experimental Results Develop America's Airmen Today ... for Tomorrow • When does (random/deterministic) iterative selection and replacement: 1) Manifest hiding properties of interest? 2) Cause an adversarial reverse engineering task to become intractable or undecidable? • What role does logic reduction and adversarial reversal play in the outcome (ongoing) • Are there circuits which will fail despite the best variation we can produce? (yes) Air University: The Intellectual and Leadership Center of the Air Force 10 Integrity - Service - Excellence

  11. Components Develop America's Airmen Today ... for Tomorrow • Components are building block for virtually all real- world circuits • Given: • circuit C • gate set G • input set I • integer k > 1, where k is the number of components • Set M of components { c 1 ,…, c k } partitions G and I into k disjoint sets of inputs and/or gates. • Four base cases • Based on input/output boundary of component and the parent circuit Air University: The Intellectual and Leadership Center of the Air Force 11 Integrity - Service - Excellence

  12. Component Recovery Develop America's Airmen Today ... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force 12 Integrity - Service - Excellence

  13. Independent Components and Induced Redundancy Develop America's Airmen Today ... for Tomorrow ORIGINAL WHITE-BOX VARIANTS REDUCED VARIANTS Air University: The Intellectual and Leadership Center of the Air Force 13 Integrity - Service - Excellence

  14. Observing Independent Component Hiding Develop America's Airmen Today ... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force 14 Integrity - Service - Excellence

  15. Develop America's Airmen Today ... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force 15 Integrity - Service - Excellence

  16. Develop America's Airmen Today ... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force 16 Integrity - Service - Excellence

  17. Case Study Develop America's Airmen Today ... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force 17 Integrity - Service - Excellence

  18. Conclusions Develop America's Airmen Today ... for Tomorrow Air University: The Intellectual and Leadership Center of the Air Force 18 Integrity - Service - Excellence

  19. Questions Develop America's Airmen Today ... for Tomorrow ? Air University: The Intellectual and Leadership Center of the Air Force 19 Integrity - Service - Excellence

  20. Hiding Properties of Interest General Intuition and Hardness of Obfuscation Develop America's Airmen Today ... for Tomorrow The ONLY true “Virtual Black Box” 1 1 2 5 3 2 6 4 7 4 3 6 7 “The How” Semantic Behavior Air University: The Intellectual and Leadership Center of the Air Force 20 Integrity - Service - Excellence

  21. Framework and Experimental Results Develop America's Airmen Today ... for Tomorrow • Is perfect or near topology recovery useful (therefore, is topology hiding useful)? • In some cases, yes • Foundation for other properties (signal / component hiding) • For certain attacks, it is all that is required • Accomplishing topology hiding • Change basis type (normalizing distributions, removing all original) • Guarantee every gate is replaced at least once • Multiple / overlapping replacement = diffusion Topology: Gate fan-in Gate fan-out Gate type Air University: The Intellectual and Leadership Center of the Air Force 21 Integrity - Service - Excellence

  22. Experiment 1: Measuring “Replacement” Basis Change Develop America's Airmen Today ... for Tomorrow c432 c432 120 gates ( 4 ANDs + 79 NANDs + 19 NORs + 18 XORs + 40 inverters ) Decomposed 230 gates ( 60 ANDs + 151 NANDs + 19 NORs + 40 inverters ) Decomposed 843 gates ( 843 NORs) NOR Air University: The Intellectual and Leadership Center of the Air Force 22 Integrity - Service - Excellence

  23. Experiment 1a: Measuring “Replacement” Basis Change Develop America's Airmen Today ... for Tomorrow  = {NOR}   = {AND, NAND, OR, XOR, NXOR} Air University: The Intellectual and Leadership Center of the Air Force 23 Integrity - Service - Excellence

  24. Experiment 1b: Measuring “Replacement” Basis Change Develop America's Airmen Today ... for Tomorrow  = {NAND}   = {AND, NOR, OR, XOR, NXOR} Air University: The Intellectual and Leadership Center of the Air Force 24 Integrity - Service - Excellence

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Dimensionality Reduction Based on Geodesic Distance Hao Li,515030910494 Yifan Shen,515030910491

Dimensionality Reduction Based on Geodesic Distance Hao Li,515030910494 Yifan Shen,515030910491

Dimensionality Reduction Based on Geodesic Distance Hao Li,515030910494 Yifan Shen,515030910491 2018.5.28 Background Dimensionality reduction method: Principle Component Analysis PCA Isometric Mapping ISOMAP Locally Linear Embedding LLE

341 views • 18 slides
For use in AIM Awards centres Component Level: Level Three Component Guided Learning Hours: 21

For use in AIM Awards centres Component Level: Level Three Component Guided Learning Hours: 21

Qualification Component and Record of Learner Achievement Instructing Violence Reduction Skills: Presentation Skills L3(T/505/0543) For use in AIM Awards centres Component Level: Level Three Component Guided Learning Hours: 21 Ofqual Component

346 views • 7 slides
Dimensionality Reduction: Linear Discriminant Analysis and Principal Component Analysis CMSC 678

Dimensionality Reduction: Linear Discriminant Analysis and Principal Component Analysis CMSC 678

Dimensionality Reduction: Linear Discriminant Analysis and Principal Component Analysis CMSC 678 UMBC Outline Linear Algebra/Math Review Two Methods of Dimensionality Reduction Linear Discriminant Analysis (LDA, LDiscA) Principal Component

884 views • 70 slides
GAN-based Photo Video Synthesis Summary of Generative Adversarial Nets Lei Zhang What is

GAN-based Photo Video Synthesis Summary of Generative Adversarial Nets Lei Zhang What is

GAN-based Photo Video Synthesis Summary of Generative Adversarial Nets Lei Zhang What is Generative Adversarial Networks (GAN)? Generative - creating new data that depends on the choice of the training set Adversarial - competitive

894 views • 9 slides
CSE 573: Artificial Intelligence Adversarial Search Dan Weld Based on slides from Dan Klein,

CSE 573: Artificial Intelligence Adversarial Search Dan Weld Based on slides from Dan Klein,

CSE 573: Artificial Intelligence Adversarial Search Dan Weld Based on slides from Dan Klein, Stuart Russell, Pieter Abbeel, Andrew Moore and Luke Zettlemoyer 1 (best illustrations from ai.berkeley.edu) Outline Adversarial Search Minimax

1.5k views • 52 slides
Model reduction via principal component truncation for the optimal design of atmospheric

Model reduction via principal component truncation for the optimal design of atmospheric

Model reduction via principal component truncation for the optimal design of atmospheric monitoring networks OLIVIER SAUNIER 1,2 , MARC BOCQUET 2,3 , ANNE MATHIEU 1 AND RACHID ABIDA 2,3 1 Institute of Radiation Protection and Nuclear Safety

507 views • 17 slides
CSE 473: Artificial Intelligence Adversarial Search Dan Weld Based on slides from Dan Klein,

CSE 473: Artificial Intelligence Adversarial Search Dan Weld Based on slides from Dan Klein,

10/19/16 CSE 473: Artificial Intelligence Adversarial Search Dan Weld Based on slides from Dan Klein, Stuart Russell, Pieter Abbeel, Andrew Moore and Luke Zettlemoyer 1 (best illustrations from ai.berkeley.edu) Outline Adversarial Search

389 views • 12 slides
Component-based Robotics Middleware Software Development and Integration in Robotics (SDIR V)

Component-based Robotics Middleware Software Development and Integration in Robotics (SDIR V)

Motivation Use Case Component-based Robotics Middleware Conclusion and Discussion Component-based Robotics Middleware Software Development and Integration in Robotics (SDIR V) Tutorial on Component-based Robotics Engineering 2010 IEEE

597 views • 37 slides
Singular spectral analysis and principal component analysis of ULF geomagnetic data; reduction of

Singular spectral analysis and principal component analysis of ULF geomagnetic data; reduction of

Singular spectral analysis and principal component analysis of ULF geomagnetic data; reduction of global noises and possible changes associate with the 2000 Izu Islands Earthquake swarm in Japan Katsumi Hattori and Daishi Kaida Graduate School

579 views • 47 slides
Advanced Section #4: Methods of Dimensionality Reduction: Principal Component Analysis (PCA)

Advanced Section #4: Methods of Dimensionality Reduction: Principal Component Analysis (PCA)

Advanced Section #4: Methods of Dimensionality Reduction: Principal Component Analysis (PCA) Cedric Flamant CS109A Introduction to Data Science Pavlos Protopapas, Kevin Rader, and Chris Tanner 1 Outline 1. Introduction: a. Why

586 views • 34 slides
Methods of Dimensionality Reduction: Principal Component Analysis A uthors : M. M attheakis , P. P

Methods of Dimensionality Reduction: Principal Component Analysis A uthors : M. M attheakis , P. P

CS 109A: A dvanced T opics in D ata S cience P rotopapas , R ader Methods of Dimensionality Reduction: Principal Component Analysis A uthors : M. M attheakis , P. P rotopapas B ased on W. R yan L ee s notes of CS109, F all 2017 1

265 views • 10 slides
Hoare logic separation logic. We looked at the concepts separation logic is based on, the new

Hoare logic separation logic. We looked at the concepts separation logic is based on, the new

Introduction In the previous lecture, we saw how reasoning about pointers in Hoare logic was problematic, which motivated introducing Hoare logic separation logic. We looked at the concepts separation logic is based on, the new assertions that

396 views • 14 slides
Component- -based, Context based, Context- -aware aware Component Software Systems Software

Component- -based, Context based, Context- -aware aware Component Software Systems Software

Component- -based, Context based, Context- -aware aware Component Software Systems Software Systems Workshop on Spontaneous Networking Rutgers University Michael Przybilski 1 10.05.2006 michael.przybilski@cs.helsinki.fi Outline

593 views • 19 slides
CSE 473: Artificial Intelligence Autumn 2011 Adversarial Search Luke Zettlemoyer Based on

CSE 473: Artificial Intelligence Autumn 2011 Adversarial Search Luke Zettlemoyer Based on

CSE 473: Artificial Intelligence Autumn 2011 Adversarial Search Luke Zettlemoyer Based on slides from Dan Klein Many slides over the course adapted from either Stuart Russell or Andrew Moore 1 Today Adversarial Search Minimax

1.03k views • 49 slides
Modeling Component- -based based Modeling Component Systems in BIP Systems in BIP ETR 2007

Modeling Component- -based based Modeling Component Systems in BIP Systems in BIP ETR 2007

Modeling Component- -based based Modeling Component Systems in BIP Systems in BIP ETR 2007 ETR 2007 Nantes, Sept. 2007 Nantes, Sept. 2007 Joseph Sifakis VERIMAG sifakis@imag.fr In collaboration with G. Goessler (INRIA), A. Basu, M.

1.07k views • 80 slides
Advanced Section #4: Methods of Dimensionality Reduction: Principal Component Analysis (PCA)

Advanced Section #4: Methods of Dimensionality Reduction: Principal Component Analysis (PCA)

Advanced Section #4: Methods of Dimensionality Reduction: Principal Component Analysis (PCA) Marios Mattheakis and Pavlos Protopapas CS109A Introduction to Data Science Pavlos Protopapas and Kevin Rader 1 Outline 1. Introduction: a. Why

470 views • 31 slides
ECE 3060 VLSI and Advanced Digital Design Lecture 5 Complex Gates Example: NAND Gate (Vertical)

ECE 3060 VLSI and Advanced Digital Design Lecture 5 Complex Gates Example: NAND Gate (Vertical)

ECE 3060 VLSI and Advanced Digital Design Lecture 5 Complex Gates Example: NAND Gate (Vertical) ECE 3060 Lecture 52 Example: NAND Gate (Horizontal) ECE 3060 Lecture 53 Other Gates And Or Invert (AOI) Or And Invert (OAI)

367 views • 12 slides
Low-Depth, Low-Size Circuits for Cryptographic Applications Joan Boyar* 1 Magnus Gausdal Find 2

Low-Depth, Low-Size Circuits for Cryptographic Applications Joan Boyar* 1 Magnus Gausdal Find 2

Low-Depth, Low-Size Circuits for Cryptographic Applications Joan Boyar* 1 Magnus Gausdal Find 2 Ren Peralta 2 1 University of Southern Denmark 2 National Institute of Standards and Technology, USA BFA 2017 Boyar, Find, Peralta Heuristic:

612 views • 49 slides
CSE 311: Foundations of Computing Lecture 3: Digital Circuits & Equivalence Homework #1

CSE 311: Foundations of Computing Lecture 3: Digital Circuits & Equivalence Homework #1

CSE 311: Foundations of Computing Lecture 3: Digital Circuits & Equivalence Homework #1 You should have received An e-mail from [cse311] with information pointing you to Canvas to submit HW An e-mail from UW Canvas with a

774 views • 32 slides
Synthesis and optimization of domino logic Min Zhao and Sachin Sapatnekar Department of

Synthesis and optimization of domino logic Min Zhao and Sachin Sapatnekar Department of

Synthesis and optimization of domino logic Min Zhao and Sachin Sapatnekar Department of Electrical Engineering University of Minnesota Minneapolis, MN 55455 1 Outline I Introduction to domino logic I Domino logic synthesis flow I Technology

231 views • 20 slides
Excitability, dynamical instabilities and interaction of localized structures in a nonlinear

Excitability, dynamical instabilities and interaction of localized structures in a nonlinear

LENCOS 09 Sevilla, July 14 - 17, 2009 Excitability, dynamical instabilities and interaction of localized structures in a nonlinear optical cavity Dami Gomila, Adrin Jacobo, Manuel Matas, Pere Colet http://ifisc.uib-csic.es - Mallorca

643 views • 20 slides
In-depth crypto a9acks It always takes two bugs Karsten

In-depth crypto a9acks It always takes two bugs Karsten

In-depth crypto a9acks It always takes two bugs Karsten Nohl <nohl@srlabs.de> SRLabs Template v11 Agenda A risk perspec*ve on cryptography

540 views • 31 slides
On Multiparty Garbling of Arithmetic Circuits Aner Ben-Efraim Ariel University & Ben-Gurion

On Multiparty Garbling of Arithmetic Circuits Aner Ben-Efraim Ariel University & Ben-Gurion

On Multiparty Garbling of Arithmetic Circuits Aner Ben-Efraim Ariel University & Ben-Gurion University Lecture Plan MPC & Our Results Garbled Circuits Yao and BMR Our Techniques and Constructions What is secure multiparty

492 views • 27 slides
NP-hardness of Minimum Circuit Size Problem for OR-AND-MOD Circuits Shuichi Hirahara (The

NP-hardness of Minimum Circuit Size Problem for OR-AND-MOD Circuits Shuichi Hirahara (The

NP-hardness of Minimum Circuit Size Problem for OR-AND-MOD Circuits Shuichi Hirahara (The University of Tokyo) Igor C. Oliveira (University of Oxford) Rahul Santhanam (University of Oxford) CCC 2018 @ San Diego June 22, 2018 Talk Outline

610 views • 40 slides

More recommend