David Andrews

HybridThreads Project

Security properties for embedded systems are currently specified and proven using mathematically sound formal models of the system. Unfortunately, there is not automated tools that can turn the model into an integrated hardware/software platform. This research is focused on developing new methods for extending security properties into hardware modules.

Our approach is to enable the generation of hardware description languages (HDL's) from the higher level security model. This will bring new capabilities in generating application specific circuits with verifiable security attributes. This work builds upon the HybridThreads project, http://hthreads.csce.uark.edu/, a hardware/software co-design platform for field-programmable gate arrays (FPGAs).

Jia Di

Delay-Insensitive Asynchronous 8051-Compliant Microcontroller Design for Extreme Temperatures

Ultra-wide temperature (-180 °C to +130 °C) and low temperature (-230 °C) electronics will reduce size and weight of current systems while at the same time improving the reliability and efficiency of those systems by reducing the need for thermal control and shielding. Since the physical parameters of transistors change dramatically when subjected to ultra-wide temperature swings, it significantly affects the transistors’ behavior, including their switching speed. As a result, the timing characteristics of different circuit blocks within a digital system vary widely with temperature, causing timing constraints violations and clock skews in synchronous circuits. Developing microcontrollers based on asynchronous logic will significantly improve wide temperature performance. Delay-insensitive asynchronous circuits remove the concept of a global clock by incorporating handshaking protocols to control the circuit. Theoretically, as long as the transistors can switch properly, the asynchronous circuits will always function correctly. Another important advantage of asynchronous circuits is their potential for low power consumption: these circuits are able to operate correctly under a much lower supply voltage under low temperatures without worrying about resulted timing variations, which may cause synchronous circuits to malfunction.

Towards Trustable Embedded Systems: Hardware Threat Modeling for Integrated Circuits

The impact of software viruses has been felt by the entire computerized world. Hardware, especially integrated circuits, was considered safe and attack-free, in contrast to its software counterpart. However, as technologies advance and markets expand, hardware is becoming vulnerable like software. Malicious logic, similar to a software virus, could be inserted into a circuit like a Trojan horse such that it lies dormant and is very difficult to detect until activated, but then cannot be effectively defeated. These days most complex digital systems are not designed from scratch; instead they use many 3rd party Intellectual Property (IP) blocks. Hence, one or more 3rd party IP blocks could contain malicious logic that may affect the entire system. Furthermore, all non-trivial digital designs rely heavily on Computer-Aided Design (CAD) tools. These CAD tools themselves may be contaminated or malevolently configured, causing them to insert malicious logic into circuits. The goal of this research is to develop a prototype automated hardware threat modeling algorithm/tool to model potential hardware threats/attacks of digital integrated circuits in embedded systems, and analyze their trustability.

Mitigating Side-Channel Attacks to Digital ICs

As part of the anti-counterfeiting RFID tags project, this research is to mitigate power- and timing-based side-channel attacks. In contrast to invasive attacks to digital ICs, side-channel attacks do not require the target to be physically de-packaged. Instead, attackers can monitor the fluctuations of certain external parameters such as power consumption and timing delay caused by different data being processed. The recorded data will be analyzed to calculate the desired information. This project is to develop a power-/timing-attack mitigation technique by designing digital ICs using Dual-spacer Dual-rail Delay-insensitive asynchronous Logic (D3L) to balance the power consumption and obfuscate the timing delays among different data patterns, thus rendering these attacks useless. Three versions of the Advanced Encryption Standard (AES) core, namely, synchronous, traditional delay-insensitive asynchronous (NULL Convention Logic), and D3L, will be designed, attacked, and compared. The results will be analyzed for the effectiveness and efficiency of the mitigation.

Asynchronous Cell Matrix for Nanocomputing

One exciting anticipated outcome of nanotechnology is the ability to construct systems with many orders of magnitude more components. This truly remarkable expansion of physical hardware must be met by innovation in computing architecture. The question is how to effectively and efficiently integrate, configure, and utilize these trillion×trillion components available. Cell Matrix, developed by Cell Matrix Corp., is a construction of physically homogeneous, reconfigurable hardware components, which are connected in a regular structure topology and configured to implement a desired digital circuit. This architecture could be used to implement dynamic, massively parallel, self-modifying/-repairing/-healing circuits. However, the current synchronous Cell Matrix requires clocks, which are not feasible for extremely large systems. The goal of this research is to develop a dynamically fault-tolerant asynchronous Cell Matrix that communicates using delay-insensitive handshaking in lieu of clocks and is able to modify itself to mitigate faults, autonomously moving functionality from faulty cells and rerouting to retain complete system operability.

Susan Gauch

Next Generation CiteSeer

CiteSeer is a scientific literature digital library and search engine which automatically crawls and indexes scientific documents in the field of computer and information science. It has over 730,000 documents with over 8 million citations. The Next Generation CiteSeer or CiteSeerX initiative aims at enhancing the existing search engine by redesigning the architecture for increased utility and reliability and expanding the breadth and depth of the collection. This joint effort between the Penn State University and the University of Arkansas is primarily funded by the National Science Foundation. The efforts here at the University of Arkansas focus on designing and developing new personalization features for CiteSeer based on conceptual user profiles.

Semi-Automated Construction of an Ontology for Amphibian Morphology

The integration of information across remote systems is becoming more and more important. This is the core exchange problem addressed by the Semantic Web. Because they can be used either by software agents or by humans, these technologies commonly exploit ontologies as the vehicle for information exchange. Currently, the use of ontologies requires large amounts of manual effort. We believe that the Semantic Web will be more widely available once we are able to handle ontologies more easily. In this joint project with the Missouri University of Science and Technology, we are constructing a system that reduces the amount of human effort required by semi-automatically creating an ontology. We will demonstrate this approach in the domain of vertebrate morphology. If successful, this approach could be applied to other domains, increasing the adoption of concept based applications.

Wing-Ning Li

 Domain Specific Modeling Language

This reseach considers a data processing problem, where data are usually stored in multiple files provided by clients. How a data file is processed depends on the business needs of a client for a particular file, and in general varies from one client to another cleint and from one file to another file of the same client. To process a data file, one has to understand the business requirements. Once this is done and in an over simplified view, one could write a customized program in some high level programming language to process the file on the one extreme, or simply click a button of a software system on the other extreme, or in our case in the middle of the two extremes, build a workflow by using the existing isolated operators (programs) and connecting them together. When existing operators are insufficient to build a workflow, custom operators (developed in focal) are introduced.

As can be seem from the above, this could be viewed as a general programming problem and has diferent level of specifications and mode of “programmings”. In general, it is a very hard problem to solve. However, over the years our sponsor was able to process the files successfully by smart associates who are experts in the business domains and technological gurus. The challenges to the current appraoch are highlighted in our research papers and presentations. The question remains whether we could make the problem simplier to solve by using domain knowledge to develop models and intent language, and by transforming the models to workflows by software, which is the objective of this research effort.

A key observation is the vertical separation of intent specification hierarchy into three levels: client intent, technical specification, and workflow, where client intent is the top level and workflow is the bottom level (grid layer is omitted). The three-level view decouples what a client wants (top level) from what Acxiom can do (middle level). The top and middle levels make some general assumption of what information is in a data file where as the workflow level needs specific information of fields within a file such as results from layout inference.

The horizontal modeling process is based on the abstraction of filed categories. For CDI domain, they are mainly “name” and “address”. Client intent is codified through the analysis of what “transformation” or “operations” are possible to change the “states” or “properties” of the field categories, and what information may be derived from such processing. The client intent is then maps to the middle level in terms of which operators or products to use and what options to select. A GUI prototype has been built as a proof of concept. We believe that the vertical modeling process still under study, which is based on client industry classification (retail, publishing, insurance, etc.), could further narrow down the possible intents and actions for CDI processing for each industry or clients within an industry. By making the specification explicit at each level, workflow maintenance and reformulation, due to client’s goal change overtime or variations in input files, might be handled more efficiently or automatically. Work is needed to extract the expert knowledge and codify the domains and models so that terms and concepts are clearly defined and a modeling framework may be built to facilitate an intent specification and the translation of which to a workflow specification by software systems.

Layout Inference: A statistical and Combinatorial Approach based on Content Oracles

Abstract: The objective of this research effort is to automatically infer the layout of an arbitrary text file composed of fields of information organized as records in some consistent positional layout of field types. By consistent positional layout we mean that the layout of each record (except for error records) follows the exact same pattern.

Field types are also called content types which include first name, last name, full name, address line one, city, state, phone number, and so on.

The program that automatically determines the file layout is called layout inference engine. For a given input text file, the layout inference engine determines the file encoding (ASCII or EBCDIC), the file type (delimited, or fixed, or hybrid) and related information (delimiter used, field length, record length), and the location of each content type.

Based on the notion of a content type oracle and the application of statistical and combinatorial analysis, an algorithmic framework has been proposed, is being developed and a prototype engine is being built. The figure below shows the basic control flow of the system.

Brajendra Panda

Detection of Insider Threats at Application Levels

Craig Thompson

"Everything is Alive"

Second Life (SL) is a popular online 3D multi-player virtual world where the limits of creating objects and scripting interactions among objects and avatars are based on the player's imagination and scripting skill. Real life, by comparison, is often limited by current technology more than creativity. This project models the complex domain of healthcare logistics in the SL virtual world. We are investigating ubiquitous computing, location aware systems, RFID, massive use of sensors, smart devices, using natural language to talk to devices, workflows, ways of merging reality and virtual reality, and other technology ideas. The potential impact of testing these technologies in a simulated world before deploying in the real world could lower costs and accelerate the pace of technology change. Plus, its fun. http://vw.ddns.uark.edu/

Dale R. Thompson

RFID INFOSEC for Nation-wide Engineering Education
http://rfidsecurity.uark.edu/

Radio frequency identification (RFID) information systems provide information to users about objects with RFID tags. RFID systems require the application of information systems security (INFOSEC) to protect the information from tampering, unauthorized information disclosure, and denial of service to authorized users. Typically, students experience only narrowly focused layers of a RFID system such as the tag, air interface, reader, network, middleware, or applications in separate courses instead of a system-wide approach. The goal of this project is to improve the quality of education nation-wide in RFID INFOSEC by creating new learning materials and teaching strategies that address security at the tag, air interface, reader, network, middleware, and application layers. The principal investigators are Drs. Dale R. Thompson (d.r.thompson@ieee.org) and Jia Di (jdi@uark.edu). Senior investigators are Drs. Michael K. Daugherty and Craig W. Thompson. This work is supported by the National Science Foundation Division of Undergraduate Education under the Course, Curriculum and Laboratory Improvement (CCLI) program, contract DUE-0736741.

Steganography in IPv6

Honors Student: Barret Miller

Abstract – Steganography is the process of hiding a secret message within another message such that it is difficult to detect the presence of the secret message. In other words, the existence of the secret message is hidden. A covert channel refers to the actual medium that is used to communicate the information such as a message, image, or file. This honors thesis uses steganography within the source address fields of Internet Protocol Version 6 (IPv6) packets to create a covert channel through which clandestine messages are passed from one party to another. A fully functional computer program was designed and written that transparently embeds messages into the source address fields of packets and decodes embedded messages from these packets across IPv6 networks. This demonstrates the possibility of a covert channel within a protocol that will eventually be the default Internet protocol. This channel could be used for a malicious purpose such as stealing encryption keys, passwords, or other secrets from remote hosts in a manner not easily detectable, but it could also be used for a noble cause such as passing messages secretly under the watchful eyes of an oppressive regime. The demonstration of the covert channel in itself increases the overall information security of society by bringing awareness to the existence of such a steganographic medium. This work is supported by a University of Arkansas Honors College Undergraduate Research Grant.