Five Recent Publications

 

Here are five recent and important publications from our research group, DCSL.

Last update: June 3, 2018

  1. ACES: Automatic Compartments for Embedded Systems,” Abraham A. Clements, Naif Saleh Almakhdhub, Saurabh Bagchi, and Mathias Payer. Accepted to appear at the 27th USENIX Security Symposium (USENIX Sec), pp. 1-18, August 15-17, 2018, Baltimore, MD. (Acceptance rate: 100/524 = 19.1%) (Under shepherding)

    2. This paper shows how to automatically partition an embedded application running on a bare-metal IoT device for the purpose of enforcing the principle of least privileges, i.e., give a piece of code the minimum amount of privilege that it needs to execute. This is standard on server and desktop-class systems but is surprisingly hard to pull off on low-end embedded devices because they do not have OS or hardware support. We show how through static analysis you can approximately decide the partitions and then at runtime, using a hardware feature called Memory Protection Unit, enforce checks when transition happens from one protection domain to another. We show how much more lightweight and secure we are compared to ARM's mBed OS.

     

  2. VideoChef: Efficient Approximation for Streaming Video Processing Pipelines,” Ran Xu, Jinkyu Koo, Rakesh Kumar, Peter Bai; Subrata Mitra (Adobe Research); Sasa Misailovic (University of Illinois Urbana-Champaign); Saurabh Bagchi. Accepted to appear at the 2018 USENIX Annual Technical Conference (USENIX ATC), pp. 1-14, July 11-13, 2018, Boston, MA. (Acceptance rate: 76/378 = 20.1%)

    3. Approximate computing has become an important area of work where algorithms reduce the precision of the output and in the process reduce the execution time or save on the energy of computation. An important use case that has been proposed is video analytics, especially as the desire is for the analytics to run on embedded platforms. In this work, which we call VIDEOCHEF, we initially reproduce the prior result that the configuration of the approximation scheme has a great bearing on how much speedup is possible for what level of error. Then we show that the best configuration is dependent on the content of the stream. Then we identify the optimal configuration parameter while the stream is being processed, taking care to re-do the search for the optimal configuration only when needed. We evaluate our approach on 106 videos obtained from YouTube, on a set of 9 video processing pipelines with a total of 10 distinct filters. Our results show significant performance improvement over the baseline and the previous approach that uses summarized content-dependent inputs. We also perform a user study that shows that the videos produced by VIDEOCHEF are often acceptable to human subjects.

  3. How Reliable is my Wearable: A Fuzz Testing-based Study,” Edgardo Barsallo Yi, Amiya K. Maji, Saurabh Bagchi. Accepted to appear at the 48th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 1-8, June 25-28, 2018, Luxembourg City, Luxembourg. (Acceptance rate: 62/221 = 28.1%)

    4. We asked the question about how reliable is the software that runs on wearable devices. This recalls our earlier work (DSN-12, ISSRE-10) where we were the first to analyze the reliability of the Android OS (and Symbian, the OS from Nokia). The standard OS on wearables is Android Wear and in this paper, we use a directed fuzz injection campaign to evaluate the reliability of the software stack on two versions of an Android Watch. We develop and open source a fuzz testing tool for Android Wear apps and services, called Qui- Gon Jinn (QGJ). We perform an extensive fault injection study by mutating inter-process communication messages and UI events and direct about 1.5M such mutated events at 46 apps. These apps are divided into two categories: health/fitness and other. The results of our study show some patterns distinct from prior studies of Android. Over the years, input validation has improved and fewer NullPointerExceptions are seen, however, Android Wear apps crash from unhandled IllegalStateExceptions at a higher rate. There are occasional troubling cases of the entire device rebooting due to unprivileged mutated messages. Reassuringly the apps are quite robust to mutations of UI events with only 0.05% of them causing an app crash.

     

  4. A Game-Theoretic Framework for Securing Interdependent Assets in Networks,” Ashish R. Hota, Abraham A. Clements, Saurabh Bagchi, Shreyas Sundaram, Book chapter in Springer “Game Theory for Security Risk Management: From Theory to Practice”, editors: Stefan Rass, Stefan Schauer, pp. 1-28, 2018.

    5. Many large-scale distributed systems have to be secured since they run important applications, such as, industrial control systems or the power grid. But these systems typically have lots of legacy components and subsets of the assets belong to different stakeholders. Therefore, it is not possible for commercial or administrative reasons to secure all the assets at the same time. In this work, we shed light on which assets to protect and to what extent. We model the interdependencies between the assets that belong to possibly different defenders as a directed graph referred to as an interdependency graph. We present two complementary game-theoretic formulations. In both settings, the defenders assign defense resources to reduce attack success probabilities on the edges of the interdependency graph, but with different objectives. We establish the existence of a pure Nash equilibrium (PNE) in the security risk minimization game, and a generalized Nash equilibrium (GNE) in the defense cost minimization game. For both settings, we show that a defender can compute its best response (i.e., its optimal defense allocation for a given allocation by other defenders) by solving appropriately defined convex optimization problems. We demonstrate how our framework can be used to identify certain important aspects of MTD deployment; specifically, how frequently the configurations should be updated to meet security requirements. We illustrate the application of our framework in two case studies arising in diverse applications---a distributed power grid and a multi-vendor e-commerce application.


  5. Rafiki: A Middleware for Parameter Tuning of NoSQL Datastores for Dynamic Metagenomics Workloads,” Ashraf Mahgoub, Paul Wood, Sachandhan Ganesh, Subrata Mitra (Adobe Research), Wolfgang Gerlach (Argonne National Laboratory), Travis Harrison (Argonne National Laboratory), Folker Meyer (Argonne National Laboratory), Ananth Grama, Saurabh Bagchi, and Somali Chaterji. At the ACM/IFIP/USENIX Middleware Conference, pp. 28-40, Dec 11-15, 2017, Las Vegas, Nevada. (Acceptance rate: 20/85 = 23.5%)

Tuning database configurations has been a technical challenge for many years now. The rise of NoSQL database engines has exacerbated this challenge. For example, the NoSQL database engine Cassandra offers 50+ configuration parameter, and each parameter value can impact overall performance in different ways. We demonstrate that the performance difference between the best and worst configurations for Cassandra can be as high as 102.5% of throughput for a read-heavy workload. Further, the optimal configuration setting for one type of workload is suboptimal for another. In this paper, we present Rafiki, an analysis technique and statistical model for optimizing database configuration parameters to alleviate I/O pressures, and we test it using Cassandra, when handling dynamic metagenomics workloads. Rafiki identifies the significance of configuration parameters using ANOVA. Next, it applies neural networks using the most significant parameters and their workload-dependent mapping to predict database throughput, as a surrogate model. Then, it optimizes the configuration using genetic algorithms on the surrogate to maximize the workload-dependent performance. We apply it to the Cassandra datastore of MG-RAST, the largest metagenomics portal run by our NIH collaborator at Argonne National Lab, and find that Rafiki can continually tune the database as workload configurations change.