Boyang Wang
Home
Biography
Research
Publications
Teaching
Services
Members
Sponsored Projects
NSF CNS-1947913
NSF REU Site RHEST
About RHEST
News
Mentors
2024 Projects
2023 Cohort
2022 Cohort

NSF REU Site: Research Experiences for Undergraduates in Hardware and Embedded Systems Security and Trust (RHEST)

alt text 

REU Projects 2023

In Summer 2023, RHEST will offer 7 REU projects.

  • Project 1: Robust Deep-learning-based Side-Channel Attacks

  • Project 2: Firmware Reverse Engineering for Trojan Detection on FPGAs

  • Project 3: Automatically Detecting Vulnerabilities in Source Code against Fault Injection Attacks

  • Project 4: System-on-Chip Emulation for Run-Time Security Validation

  • Project 5: Adversarial Examples in Machine-Learning Malware Detection

  • Project 6: Detection of Accelerated Aging Attacks on Integrated Circuits Using On-Chip Neuromorphic Computing

  • Project 7: Machine-Learning Functoin Boundary Detection over Stripped Binaries

The description of each project is listed below. Each project will require 1~2 students. Each applicant will need to indicate the top-3 research projects he/she is interested in the application.

Project 1: Robust Deep-learning-based Side-Channel Attacks

Project Advisors: Drs. Boyang Wang and John M Emmert

Background. A side-channel attack can infer the secret key on a device (e.g., a microcontroller) by analyzing power consumption or electromagnetic emission when the device runs encryption algorithms, such as Advanced Standard Encryption. While countermeasures (e.g., random delays, hiding, and masking) have been proposed to defend against traditional side-channel attacks, including Differential Power Analysis and Correlation Power Analysis, recent deep-learning-based side-channel attacks can defeat these existing countermeasures. Despite the promising results reported in recent studies, deep-learning-based side-channel attacks are not robust as they are sensitive to discrepancy between training data and test data due to different attack setups in the real world. For instance, a deep neural network trained by power traces generated by one defense (e.g., random delays) does not derive high accuracy in recovering a secret key when test power traces are produced by a different defense (e.g., masking).

Project Goal. The goal of this project is to build a deep neural network that is robust (i.e., achieving high accuracy) when training data and test data are significantly different. The students will (1) examine multiple deep neural network models, e.g., Convolutional Neural Networks and Recursive Neural Networks, in side-channel attacks and experimentally compare which neural network is more robust over different datasets; (2) leverage data augmentation methods to produce additional synthetic training data to mitigate the discrepancy between training data and test data.

Project 2: Firmware Reverse Engineering for Trojan Detection on FPGAs

Project Advisors: Dr. John M Emmert

Background. The designs of commercial Field Programmable Gate Arrays (FPGAs) often include third-party intellectual properties (IPs). These third-party IPs can be in the form of hard coded and obfuscated modules that are inserted into primary product code or firmware. It is possible for untrusted agents/entities to compromise the integrity of third-party IPs without end users’ knowledge by adding Trojan circuits. The hidden Trojan circuits can be utilized to leak sensitive information, degrade the capability of the application running on an FPGA, or turn off the application running on an FPGA.

Project Goal The goal of this project is to further develop a generalizable, target-independent, and standardized framework to reverse engineer FPGA bitstreams to detect Trojan circuits in third-party IPs. The student will leverage bitstream download and read-back capabilities available on FPGAs (IEEE Joint Test Action Group 1149.x compliant) to develop a technology-independent framework to load and extract programming data to and from FPGA bitstream files. Specifically, the student will enhance a logic-to-bitstream mapping flow to create an interconnected sea of Look Up Tables, which is correlated with the FPGA programming bit file. To map FPGA logic to bitstreams, the students will utilize binary patterns to systematically match portions of FPGA programmable logic fabric to the programming bit file. The students will also optimize the binary patterns to minimize the number of bitstream downloads required to reverse engineer key portions of FPGA logic.

Project 3: Automatically Detecting Vulnerabilities in Source Code against Fault Injection Attacks

Project Advisors: Drs. Nan Niu and Boyang Wang

Background. A fault injection attack (also referred to as glitch attack) is a physical attack on data and behavior of an embedded device by changing the voltage, temperature or electromagnetic radiation. For example, it takes one fault to change a Boolean value from 0 to 1 (or 1 to 0) to bypass secure boot, extract a secret key, or extract firmware from an embedded device. To mitigate fault injection attacks, one effective way at the software layer is to write secure code that is more robust against the attacks. For instance, Boolean values in an if statement (e.g., if (flag == 0)) can be easily modified by fault injection attacks while using non-trivial numerical values (e.g., if (flag == 0x3CA5)) can make the attacks more difficult.

Project Goal. The goal of this project is to develop an automatic method to detect lines in C code that are vulnerable under fault injection attacks. The students will (1) study secure code patterns; (2) leverage static program analysis (e.g., control flow graph) and tools (e.g., ANTLR and Joern) to automatically identify vulnerabilities.

Project 4: System-on-Chip Emulation for Run-Time Security Validation

Project Advisor: Dr. Ranga Vemuri

Background. Modern System-on-Chip (SoC) designs involve combining various intellectual property (IP) components with complex communication infrastructure and protocols. Due to economics of design, verification, fabrication, testing, and integration, SoC supply chain is distributed over multiple companies and even countries. Throughout the lifecycle of the design, various security vulnerabilities can be introduced into the design. These vulnerabilities result from design flaws in the IP cores or protocols, malicious add-ons in the third party IP cores, defects introduced during the manufacturing process, and malicious insertions at untrusted foundries. The security validation of SoCs is essential due to their adoptions in critical applications and devices. Information flow properties are essential to identify security vulnerabilities in SoC designs. However, verifying information flow properties, such as integrity and confidentiality, is challenging, as these properties cannot be handled directly using traditional assertion-based verification techniques.

Project Goal. The goal of this project is to develop an FPGA platform for SoC emulation with the specific objective of implementing and demonstrating run-time security monitors based on information flow tracking. The students will investigate two novel approaches, including a universal method and a property-driven method, to verify and monitor information flow properties. Both methods can be leveraged for formal verification, dynamic verification during simulation, post-fabrication validation, and run-time monitoring. In addition, the universal method can expedite implementing the information flow model. The property-driven method can reduce the overhead of the security model, which speeds up the verification process and creates an efficient run-time hardware monitor.

Project 5: Adversarial Examples in Machine-Learning Malware Detection

Project Advisors: Drs. Boyang Wang and Anca Ralescu

Background. End-to-end malware detection i.e., detecting malware by analyzing raw bytes of programs using deep neural networks, is considered as a new promising approach to simplify feature selection in static analysis while still provide accurate detection. However, recent research has shown that end-to-end malware detection is vulnerable under evasion attacks, where an adversary could modify raw bytes of a malware without affecting its functionality but force a neural network classifier predicting it as benign. A carefully modified malware that can bypass the malware detection is referred to as an adversarial example.

Project Goal. The goal of this project is to extend our existing research by (1) developing a new method that can detect these adversarial examples over PE (Portable Executable) files in end-to-end malware detection; (2) investigating new ways to generate practical adversarial examples over ELF (Executable and Linkable Format) files.

Project 6: Detection of Accelerated Aging Attacks on Integrated Circuits Using On-Chip Neuromorphic Computing

Project Advisor: Dr. Rashmi Jha

Background. Aging and reliability issues in microelectronics Integrated Circuits (ICs) based on advanced Complementary Metal Oxide Semiconductor (CMOS) technologies are becoming a topic of major concerns. The aging of ICs is dependent on the operating conditions which makes it very difficult to have a standard technique to predict. Additionally, the variabilities of ICs, temperature, and voltage make it difficult to predict the aging and remaining useful life of circuits accurately. Since aging introduces a major vulnerability, attackers can also exploit this vulnerability to cause accelerated aging. The existing techniques based on critical path delay monitoring, ring-oscillators, and Built-In Self-Test based monitoring introduce significant overheads. In addition, they are not able to distinguish differences between normal aging and accelerated aging introduced by Trojan insertions.

Project Goal. The goal of this project is to enable on-chip machine-learning-based analysis over data from aging sensors to distinguish normal aging (benign) from accelerated aging (malicious) introduced by Trojan insertions. Typically, the implementation of on-chip machine learning is a challenging task due to limited resources on chips. The students will address this challenge by implementing machine learning using Resistive Random Access Memory (RRAM) based neuromorphic hardware. Next, the students will integrate the hardware on pre-fabricated ICs leveraging heterogeneous integration techniques and utilize it to analyze remaining useful life of ICs based on data from aging sensors.

Project 7: Machine-Learning Function Boundary Detection over Stripped Binaries

Project Advisors: Drs. William Hawkins and Boyang Wang

Background. For binaries that are stripped of all their metadata (i.e., information that a compiler/linker may include in a program to make it easier to debug, identify function boundaries, etc.), it is very difficult to determine where functions start and end. As a result, it is often difficult for automated disassemblers (IDA Pro, Ghidra) to lift machine code to higher-level languages, even in a very crude way.

Project Goal. The goal of this project is to leverage machine learning, especially deep learning, to identify function boundaries in stripped binaries