Mauro Migliardi

Harness: a next generation distributed virtual machine

Abstract Heterogeneous Adaptable Reconfigurable Networked SystemS (HARNESS) is an experimental metacomputing system [L. Smarr, C.E. Catlett, Communications of the ACM 35 (6) (1992) 45–52] built around the services of a highly customizable and reconfigurable Distributed Virtual Machine (DVM). The successful experience of the HARNESS design team with the Parallel Virtual Machine (PVM) project has taught us both the features which make the DVM model so valuable to parallel programmers and the limitations imposed by the PVM design. HARNESS seeks to remove some of those limitations by taking a totally different approach to creating and modifying a DVM.

Image processing on high-performance RISC systems

The recent progress of RISC technology has led to the feeling that a significant percentage of image processing applications, which in the past required the use of special purpose computer architectures or of ad hoc hardware, can now be implemented in software on low cost general purpose platforms. We decided to undertake the study described in this paper to understand the extent to which this feeling corresponds to reality. We selected a set of reference RISC-based systems to represent RISC technology, and identified a set of basic image processing tasks to represent the image processing domain. We measured the performance and studied the behavior of the reference systems in the execution of the basic image processing tasks by running a number of experiments based on different program organizations. The results of these experiments are summarized in a table, which can be used by image processing application designers to evaluate whether RISC-based platforms are able to deliver the computing power required for a specific application.

Would You Mind Forking This Process? A Denial of Service Attack on Android (and Some Countermeasures)

We present a previously undisclosed vulnerability of Android OS which can be exploited by mounting a Denial-of-Service attack that makes devices become totally unresponsive. We discuss the characteristics of the vulnerability – which affects all versions of Android – and propose two different fixes, each involving little patching implementing a few architectural countermeasures. We also provide experimental evidence of the effectiveness of the exploit as well as of the proposed countermeasures.

A survey on energy-aware security mechanisms

The increasing adoption of mobile devices as the preferred tool to access the Internet imposes to deepen the investigation of security aspects. In parallel, their power constrained nature must be explicitly considered in order to analyze security in an effective and comprehensive manner. This aspect, which is often neglected in the literature, allows investigating two important behaviors of mobile devices: (i) evaluate if all the layers accounting for privacy and security can be re-engineered or optimized to save power, and (ii) understand the effectiveness of draining energy to conduct attacks.In this perspective, this paper surveys and highlights the most recent work on energy-awareness and security. Also, it summarizes the current state of the art on general techniques to save energy, as well as tools to perform measurements. The major contributions of this survey are, thus, a review of past work aimed at minimizing the energy footprint of security mechanisms, and the identification of promising research trends, such as detecting attacks via anomalous power consumption.

Mobile interfaces to computational, data, and service grid systems

This article briefly describes the issues related to providing mobile access to computational, data, and service Grids. Then it describes our preliminary efforts to enhance computational and service Grids to handle mobile access. In particular, we focus on how the HARNESS mobile extensions project approaches the problem of enhancing Grid computers with mobile access and we describe how the InviNet project provides access to service Grids with consistent quality of service.

A Denial of Service Attack to UMTS Networks Using SIM-Less Devices

One of the fundamental security elements in cellular networks is the authentication procedure performed by means of the Subscriber Identity Module that is required to grant access to network services and hence protect the network from unauthorized usage. Nonetheless, in this work we present a new kind of denial of service attack based on properly crafted SIM-less devices that, without any kind of authentication and by exploiting some specific features and performance bottlenecks of the UMTS network attachment process, are potentially capable of introducing significant service degradation up to disrupting large sections of the cellular network coverage. The knowledge of this attack can be exploited by several applications both in security and in network equipment manufacturing sectors.

Breaking and fixing the Android Launching Flow

The security model of the Android OS is based on the effective combination of a number of well-known security mechanisms (e.g. statically defined permissions for applications, the isolation offered by the Dalvik Virtual Machine, and the well-known Linux discretionary access control model). Although each security mechanism has been extensively tested and proved to be effective in isolation, their combination may suffer from unexpected security flaws. We show that this is actually the case by presenting a severe vulnerability in Android related to the application launching flow. This vulnerability is based on a security flaw affecting a kernel-level socket (namely, the Zygote socket). We also present an exploit of the vulnerability that allows a malicious application to mount a severe Denial-of-Service attack that makes the Android devices become totally unresponsive. Besides explaining the vulnerability (which affects all versions of Android up to version 4.0.3) we propose two fixes. One of the two fixes has been adopted in the official release of Android, starting with version 4.1. We empirically assess the impact of the vulnerability as well as the efficacy of the countermeasures on the end user. We conclude by extending our security analysis to the whole set of sockets, showing that other sockets do not suffer from the same vulnerability as the Zygote one.

Towards energy-aware intrusion detection systems on mobile devices

This paper investigates the correlations between the energy consumption of Android devices and the presence of threats (e.g. battery-drain attacks). In particular, this paper proposes a model for the energy consumption of single hardware components of a mobile device during normal usage and under attack. The model has been implemented in a kernel module and used to build up an energetic signature of both legal and malicious behaviors of WiFi hardware component in different Android devices. Such activity allows us to build a tentative database of signatures that can be used to detect attacks by means of the actual energy consumption of a mobile device. The proposed power consumption model and kernel module can be applied also to other hardware components, so to obtain very precise energetic signatures.

Parallel implementation of the full search block matching algorithm for motion estimation

Motion estimation is a key technique in most algorithms for video compression and particularly in the MPEG and H.261 standards. The most frequently used technique is based on a Full Search Block Matching Algorithm which is highly computing intensive and requires the use of special purpose architectures to obtain real-time performance. We propose an approach to the parallel implementation of the Full Search Block Matching Algorithm which is suitable for implementation on massively parallel architectures ranging from large scale SIMD computers to dedicated processor arrays realized in ASICs. While the first alternative can be used for the implementation of high performance coders the second alternative is particularly attractive for low cost video compression devices. This paper describes the approach proposed for the parallel implementation of the Full Search Block Matching Algorithm and the implementation of such an approach in an ASIC.

What is Green Security

Green Security is a new research field defining and investigating security solutions under an energy-aware perspective. Green Security aims at: 1) evaluating the actual security mechanisms in order to assess their energy consumption; 2) building new security mechanisms by considering energy costs from the design phase. In this paper, we first provide a definition of Green Security and formalism to model it, then we provide a use case showing how it is possible to model the energy consumption of two Intrusion Detection System (IDS) strategies, finally we leverage this model to assess the energy leakage due to the late discovery of bad packets.