Roberto Gallo

T-DRE: a hardware trusted computing base for direct recording electronic vote machines

We present a hardware trusted computing base (TCB) aimed at Direct Recording Voting Machines (T-DRE), with novel design features concerning vote privacy, device verifiability, signed-code execution and device resilience. Our proposal is largely compliant with the VVSG (Voluntary Voting System Guidelines), while also strengthening some of its rec-comendations. To the best of our knowledge, T-DRE is the first architecture to employ multi-level, certification-based, hardware-enforced privileges to the running software. T-DRE also makes a solid case for the feasibility of strong security systems: it is the basis of 165,000 voting machines, set to be used in a large upcoming national election. In short, our contribution is a viable computational trusted base for both modern and classical voting protocols.

Design, Simulation and Hardware Implementation of a Digital Television System: LDPC channel coding

In this paper, we describe a hardware implementation of a low-density parity-check (LDPC) code for the MI-SBTVD project, which aims at the development of an advanced digital television (DTV) system for the SBTVD program. We begin the paper by describing the concept of LDPC codes and the design strategies we have used. We also provide some simulation results that show that the proposed code greatly outperforms codes used by other DTV standards. Finally, we provide details of the hardware implementation of the code

Security and system architecture: comparison of Android customizations

Smartphone manufacturers frequently customize Android distributions so as to create competitive advantages by adding, removing and modifying packages and configurations. In this paper we show that such modifications have deep architectural implications for security. We analysed five different distributions: Google Nexus 4, Google Nexus 5, Sony Z1, Samsung Galaxy S4 and Samsung Galaxy S5, all running OS versions 4.4.X (except for Samsung S4 running version 4.3). Our conclusions indicate that serious security issues such as expanded attack surface and poorer permission control grow sharply with the level of customization.

FORTUNA - A probabilistic framework for early design stages of hardware-based secure systems

This paper introduces FORTUNA, a probabilistic framework that supports the conception and early design stages of hardware-based secure systems. FORTUNA can point out potential weaknesses of complex systems, involving physical and logical attacks, basic human interaction or even a few classes of unknown threats. FORTUNA consists of two main elements: a) a logical-probabilistic theoretic model in which quantitative and qualitative security assessments of hardware-based systems can be done; and b) a semiautomatic tool, based on the proposed model, that can assist secure system designing from the very initial development stages. To the best of our knowledge, FORTUNA is the first framework (and tool) to support such a broad scope of interactions and also the first aimed at the conception and early design phases of hardware-based systems. Other contributions include a proof of the “policy of least privileges” under our model and an example of use of the framework in the design of a secure microprocessor.

On device identity establishment and verification

Many high security applications rely ultimately on the security of hardware-based solutions in order to protect both data and code against tampering. For these applications, assuring the devices identity and integrity is paramount. In our work, we explore a number of factors that help to improve on device accreditation, by devising and defining both architectural and procedural requirements related to device construction, shipping and usage. Based on that, we proposed two integrity shared verification schemes which enable regular and auditing users of such applications to promptly and easily verify whether their interfacing hardware is trustworthy. We implemented our solutions in a key application, namely a hardware security module (HSM) suitable for use in supporting PKIs and also showed how it performs equally well in Direct Recording Electronic (DRE) voting machines.

Case Study: On the Security of Key Storage on PCs

In this work we review the security of the industry standard, software-based, cryptographic services providers Mozilla NSS Softoken and Microsoft CAPI CSPs. We also provide practical measurements of the user experienced security level. We found that this security level is much lower than expected and some service providers should be avoided.

Hardware Security Evaluation Using Assurance Case Models

The security of computing systems relies heavily on their hardware architecture. Currently, hardware is evaluated using mostly manual processes that are prone to errors, and generate a large, complex workload. In this paper, we are the first to report the use of the Assurance Case methodology to guide a hardware architecture security analysis. We were able to analyze real-world systems, and to detect known and some possibly unknown vulnerabilities. We also show that, by employing Assurance Cases, other benefits are gained, such as better security analysis coverage and better documentation of the security-relevant aspects of the system.

FORTUNA-A framework for the design and development of hardware-based secure systems

Security requires a holistic view. In this work we contribute to this goal by taking a new viewpoint, with the proposal of the logic-probabilistic framework FORTUNA to support the design and development of hardware-based-security systems (HwBSS). It extends and further substantiates our ideas presented in a previous conference paper (Gallo et al., 2011). Our contributions in this article are: (a) to extend and validate FORTUNA, and (b) to illustrate its effectiveness uncovering an unreported SPARC V8 architectural security flaw.

ACBuilder: A tool for hardware architecture security evaluation

In this work we propose to enable the security analysis of hardware architecture independently of its physical implementation. This will help to discover vulnerabilities and flaws in a broad range of architectures, and to identify problems before the costly process of design and manufacturing. Our approach employs Assurance Cases, proposed in [1] as a flexible methodology that builds upon Safety Case approaches used in such mission-critical industries as aerospace, nuclear power, and national defense. More specifically, in this paper we present our research on software frameworks to aid security analysts in the development of assurance cases. We describe how our research prototype, ACBuilder, can be used to model hardware architectures, apply existing analysis patterns, develop analysis rules, and generate assurance cases. We then apply the methodology to an illustrative example for evaluation, and discuss avenues for developing the software framework further. This includes opportunities for automation and enabling community-based approaches for developing reusable patterns.

Assurance Cases as a Didactic Tool for Information Security

Secure systems are fiercely difficult to obtain - technical, procedural, human, and managerial aspects must be contemplated in a deep, yet holistic approach, which is a complex task even for experienced information security practitioners. Emerging information security “Assurance Cases” methodologies, such as the military NATO AEP-67, promise (time) effective practices for obtaining secure systems, making it a more reproducible process. In this paper we are the first to report the effectiveness of the Assurance Case methodology as a framework for teaching information security to both individuals and teams.