Cyber security & Safety critical Software

Involved People

  • Giorgio Buttazzo, Full professor
  • Marco Di Natale, Full professor
  • Tommaso Cucinotta, Associate professor
  • Alessandro Biondi, Assistant professor
  • Daniel Casini, Assistant professor
  • Giorgiomaria Cicero, Research Associate
  • Pietro Fara, Ph.D. Student
  • Sandro Di Leonardi, Ph.D. Student
  • Matteo Zini, Ph.D. Student
  • Niccolò Borgioli, Ph.D. Student
  • Gabriele Serra, Ph.D. Student

Security for hypervisor technology and multi-domain software architectures

  • Software mechanisms and hardware accelerators to efficiently enable Control-Flow Integrity (CFI) with Pointer Authentication in platforms that do not dispose of built-in processor extensions [1].
  • Improved key management and attack detection under CFI leveraging hypervisor technology [1][6].
  • Virtualization of trusted execution environments leveraging ARM TrustZone [2].
  • Protection mechanisms at the hypervisor level to control temporal and spatial interference (also preventing side-channel attacks) among domains [3].
  • Hypervisor-based multi-domain software architectures to ensure, among others, security properties in terms of strong isolation [4], and their application to autonomous driving software [5].

References

  1. Gabriele Serra, Pietro Fara, Giorgiomaria Cicero, Francesco Restuccia, and Alessandro Biondi, “PAC-PL: Enabling Control-Flow Integrity with Pointer Authentication in FPGA SoC Platforms” under evaluation for publication at RTAS’22.
  2. Giorgiomaria Cicero, Alessandro Biondi, Giorgio Buttazzo and Anup Patel, “Reconciling Security with Virtualization: A Dual-Hypervisor Design for ARM TrustZone”, In Proceedings of the 18th IEEE International Conference on Industrial Technology (ICIT 2018), Lyon, France, February 20-22, 2018.
  3. Paolo Modica, Alessandro Biondi, Giorgio Buttazzo and Anup Patel, “Supporting Temporal and Spatial Isolation in a Hypervisor for ARM Multicore Platforms”, In Proceedings of the 18th IEEE International Conference on Industrial Technology (ICIT 2018), Lyon, France, February 20-22, 2018.
  4. Alessandro Biondi, Federico Nesti, Giorgiomaria Cicero, Daniel Casini, and Giorgio Buttazzo, “A Safe, Secure, and Predictable Software Architecture for Deep Learning in Safety-Critical Systems”, IEEE Embedded Systems Letters, Volume 12, Issue 3, September 2020.
  5. Luca Belluardo, Andrea Stevanato, Daniel Casini, Giorgiomaria Cicero, Alessandro Biondi, and Giorgio Buttazzo, “A Multi-Domain Software Architecture for Safe and Secure Autonomous Driving”, In Proceedings of the 27th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications (RTCSA 2021), August 18-20, 2021.
  6. Giulia Ferri, Giorgiomaria Cicero, Alessandro Biondi, and Giorgio Buttazzo, “Towards the Hypervision of Hardware-based Control-Flow Integrity for Arm Platforms”, In Proceedings of the Italian Conference on CyberSecurity (ITASEC 2019), Pisa, Italy, February 12-15, 2019.

Security mechanisms for FPGA systems-on-chips

  • Denial-of-service attacks based on the injection of malicious hardware accelerators in reconfigurable FPGA fabrics and corresponding countermeasures [7][9].
  • Hypervisor-controlled FPGA Interconnect to properly isolate accelerators in a multi-domain system [8].

References

  1. Francesco Restuccia, Alessandro Biondi, Mauro Marinoni, and Giorgio Buttazzo, “Safely Preventing Unbounded Delays During Bus Transactions in FPGA-based SoC”, In Proceedings of the 28th IEEE International Symposium On Field-Programmable Custom Computing Machines (FCCM 2020), Fayetteville, Arkansas, USA, May 3-6, 2020.
  2. Francesco Restuccia, Alessandro Biondi, Mauro Marinoni, Giorgiomaria Cicero, and Giorgio Buttazzo, “AXI HyperConnect: A Predictable, Hypervisor-level AXI Interconnect for Hardware Accelerators in FPGA SoC”, In Proceedings of the 57th ACM/ESDA/IEEE Design Automation Conference (DAC 2020), San Francisco, CA, USA, July 19-23, 2020.
  3. Francesco Restuccia, Marco Pagani, Alessandro Biondi, Mauro Marinoni, and Giorgio Buttazzo, “Is Your Bus Arbiter Really Fair? Restoring Fairness in AXI Interconnects for FPGA SoCs”, ACM Transactions on Embedded Computing Systems, Volume 18, Issue 5s, October 2019. Presented at the International Conference on Compilers, Architectures, and Synthesis for Embedded Systems (CASES 2019), New York, USA, October 13 – 18, 2019.

Security for AI algorithms

  • Adversarial attacks to Deep Neural Networks for semantic segmentation and assessment of their effectiveness in both simulated and realistic (i.e., real-world) autonomous driving scenarios [10].
  • Run-time detection of adversarial attacks to Deep Neural Networks [11][12].

References

  1. Giulio Rossolini, Federico Nesti, Saasha Nair, Alessandro Biondi, and Giorgio Buttazzo, “Evaluating the Robustness of Semantic Segmentation for Autonomous Driving against Real-World Adversarial Patch Attacks”, 2022 IEEE Winter Conference of Applications on Computer Vision (WACV 2022), Waikoloa, Hawaii, USA, January 2022.
  2. Federico Nesti, Alessandro Biondi, and Giorgio Buttazzo, “Detecting Adversarial Examples by Input Transformations, Defense Perturbations, and Voting”, IEEE Transactions on Neural Networks and Learning Systems, August 2021.
  3. Giulio Rossolini, Alessandro Biondi, and Giorgio Buttazzo, “Increasing the Confidence of Deep Neural Networks by Coverage Analysis”, under evaluation for publication in IEEE Transactions on Software Engineering

Security in Cloud Infrastructures for Real-Time and High-Performance Services

  • Hardening of OS services and hypervisors for cloud services
  • Trading non-functional requirements like security, real-time and reliability constraints of distributed cloud services
  • Secure scheduling services for real-time and high-performance software stacks
  • Access-control mechanisms for real-time NoSQL cloud data stores

References

  1. T. Cucinotta, L. Abeni., M. Marinoni, R. Mancini and C. Vitucci. “Strong Temporal Isolation among Containers in OpenStack for NFV Services,” (to appear on) IEEE Transactions on Cloud Computing, in print, 2021
  2. T. Cucinotta, Stéphane Betgé-Brezetz. “Method and system for controlling the exchange of Privacy-Sensitive Information,” Patent Grant US10237057B2 March 19th 2019, JP6590807B2 October 16th 2019.
  3. T. Cucinotta. “Method of preventing access to sensitive data of a computing device,” Patent Grant US10410004B2 Sep 10th 2019.
  4. E. Jul, T. Cucinotta, D. Cherubini. “Secure Data Processing,” Patent Grant EP2827276B1, July 3rd 2019.
  5. T. Cucinotta, D. Cherubini, E. Jul. “Apparatus and method for secure data processing,” Patent Grant EP2672673B1 May 25th 2016, US9674153B2 June 6th 2017, CN104335548B March 6th 2018.
  6. K. Konstanteli, T. Cucinotta, K. Psychas, T. Varvarigou. “Elastic Admission Control for Federated Cloud Services,” in IEEE Transactions on Cloud Computing, July 2014, DOI 10.1109/TCC.2014.2325034, ISSN 2168-7161.
  7. T. Cucinotta, D. Cherubini, E. Jul. “Confidential Execution of Cloud Services,” in Proceedings of the 4th International Conference on Cloud Computing and Services Science (CLOSER 2014), April 3-5, 2014, Barcelona, Spain.
  8. T. Cucinotta, N. Redini, G. Dini. “Access Control for the Pepys Internet-Wide File-System,” in Proceedings of the 7th International Workshop on Plan 9 (IWP9 2012), November 14-16 2012, Dublin, Ireland.
  9. R. Asaula, T. Cucinotta, G. Dini, L. Palopoli. “Trading security for control performance in distributed robotic applications,” International Transactions on Systems Science and Applications (ITSSA), Vol. 7, No. 1/2, November 2011, pp. 26-39.
  10. T. Cucinotta “Access Control for Adaptive Reservations on Multi-User Systems,” in Proceedings of the 14th IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS 2008), St. Louis, MO, United States, April 2008.

Security in AUTOSAR automotive systems

  • Enhancement of the design phase of AUTOSAR models when security annotations are reuired [13][16].
  • Representation of high-level security properties in the specification of application components according to the AUTOSAR standard and automatic generation of security components from security-annotated AUTOSAR specifications [14][15].

References

  1. Cinzia Bernardeschi, Marco Di Natale, Gianluca Dini, Maurizio Palmieri, “Verifying data secure flow in AUTOSAR models”, Journal of Computer Virology and Hacking Techniques, 2018
  2. Cinzia Bernardeschi, Marco Di Natale, Gianluca Dini, Dario Varano, “Modeling and generation of secure component communications in AUTOSAR”, In proceedings 32nd ACM SIGAPP Symposium On Applied Computing (SIGAPP 17).
  3. Cinzia Bernardeschi, Marco Di Natale, Gianluca Dini, Dario Varano, “Using AUTOSAR high-level specifications for the synthesis of security components in automotive systems”, 2016 International Workshop on Modelling and Simulation for Autonomous Systems
  4. Cinzia Bernardeschi, Marco Di Natale, Gianluca Dini, Maurizio Palmieri, “Verifying data secure flow in autosar models by static analysis”, 2017 International Workshop on FORmal methods for Security Engineering

Projects

  • SAFURE: Safety And Security By Design For Interconnected Mixed-Critical Cyber-Physical Systems, Horizon 2020 (2016-2018).
  • Virtual trust anchors for automotive computing platforms. Industrial project sponsored by a company in the automotive field.
  • Temporal isolation and security for future automotive systems using MILS technologies and hardware-based security technologies. Industrial project sponsored by a company in the automotive field.
  • Predictable, Safe, and Secure Software Systems for Autonomous and Automated Driving. Industrial project sponsored by a technology corporation.

Courses on Security for PhD students

  • System-level cyber-security” (Alessandro Biondi) offered as part of the PhD program in Emerging Digital Technologies of Scuola Superiore Sant’Anna since 2017.
  • Seasonal school “Cyber-security: A multidisciplinary approach”, offered to both Master and PhD students in 2021.
  • Computer Security – hands-on course for Sant’Anna students, since 2020.
  • Computer Security and Cryptography, offered to international master students since 2005.