Antonio Ken Iannillo

©978-1-4799-7899-1/15/$31.00 ©2015 IEEE Abstract—Network Function Virtualization (NFV) is an emerging solution that aims at improving the flexibility, the efficiency and the manageability of networks, by leveraging virtualization and cloud computing technologies to run network appliances in software. However, the “softwarization ” of network functions raises reliability concerns, as they will be exposed to faults in commodity hardware and software components. In this paper, we propose a methodology for the dependability evaluation and benchmarking of NFV Infrastructures (NFVIs), based on fault injection. We discuss the application of the methodology in the context of a virtualized IP Multimedia Subsystem (IMS), and the pitfalls in the design of a reliable NFVI.

The Domain Name System (DNS), a fundamental protocol that controls how users interact with the Internet, inadequately provides protection for user privacy. Recently, there have been advancements in the field of DNS privacy and security in the form of the DNS over TLS (DoT) and DNS over HTTPS (DoH) protocols. The advent of these protocols and recent advancements in large-scale data processing have drastically altered the threat model for DNS privacy. Users can no longer rely on traditional methods, and must instead take active steps to ensure their privacy. In this paper, we demonstrate how the extended Berkeley Packet Filter (eBPF) can assist users in maintaining their privacy by leveraging eBPF to provide privacy across standard DNS, DoH, and DoT communications. Further, we develop a method that allows users to enforce application-specific DNS servers. Our method provides users with control over their DNS network traffic and privacy without requiring changes to their applications w...

While Software Aging and Rejuvenation (SAR) research has been steadily increasing, the artifacts related to SAR studies (such as software aging measurements and bug datasets) are seldom made available to researchers and practitioners, thus limiting potential improvements of rejuvenation solutions and their practical adoption. We discuss in this paper the role of artifacts in SAR research, and present SARRY (the Software Aging and Rejuvenation RepositorY), an open-access support for the SAR community to share research artifacts (available at http://openscience.us/repo/software-aging/). We invite researchers to contribute to SARRY, in order to aid future SAR research and to improve the visibility and impact of their work. Keywords—Software Aging and Rejuvenation; Research Artifacts; Open Access; Data Repository

Smart contracts are Turing-complete programs that are executed across a blockchain network. Unlike traditional programs, once deployed they cannot be modified. As smart contracts become more popular and carry more value, they become more of an interesting target for attackers. In recent years, smart contracts suffered major exploits, costing millions of dollars, due to programming errors. As a result, a variety of tools for detecting bugs has been proposed. However, majority of these tools often yield many false positives due to over-approximation or poor code coverage due to complex path constraints. Fuzzing or fuzz testing is a popular and effective software testing technique. However, traditional fuzzers tend to be more effective towards finding shallow bugs and less effective in finding bugs that lie deeper in the execution. In this work, we present CONFUZZIUS, a hybrid fuzzer that combines evolutionary fuzzing with constraint solving in order to execute more code and find more ...

Mobile devices are significantly complex, featurerich, and heavily customized, thus they are prone to software reliability and performance issues. This paper considers the problem of software aging in Android mobile OS, which causes the device to gradually degrade in responsiveness, and to eventually fail. We present a methodology to identify factors (such as workloads and device configurations) and resource utilization metrics that are correlated with software aging. Moreover, we performed an empirical analysis of recent Android devices, finding that software aging actually affects them. The analysis pointed out processes and components of the Android OS affected by software aging, and metrics useful as indicators of software aging to schedule software rejuvenation actions.

Smart contracts are Turing-complete programs that are executed across a blockchain. Unlike traditional programs, once deployed, they cannot be modified. As smart contracts carry more value, they become more of an exciting target for attackers. Over the last years, they suffered from exploits costing millions of dollars due to simple programming mistakes. As a result, a variety of tools for detecting bugs have been proposed. Most of these tools rely on symbolic execution, which may yield false positives due to over-approximation. Recently, many fuzzers have been proposed to detect bugs in smart contracts. However, these tend to be more effective in finding shallow bugs and less effective in finding bugs that lie deep in the execution, therefore achieving low code coverage and many false negatives. An alternative that has proven to achieve good results in traditional programs is hybrid fuzzing, a combination of symbolic execution and fuzzing. In this work, we study hybrid fuzzing on smart contracts and present ConFuzzius, the first hybrid fuzzer for smart contracts. ConFuzzius uses evolutionary fuzzing to exercise shallow parts of a smart contract and constraint solving to generate inputs that satisfy complex conditions that prevent evolutionary fuzzing from exploring deeper parts. Moreover, ConFuzzius leverages dynamic data dependency analysis to efficiently generate sequences of transactions that are more likely to result in contract states in which bugs may be hidden. We evaluate the effectiveness of ConFuzzius by comparing it with state-of-the-art symbolic execution tools and fuzzers for smart contracts. Our evaluation on a curated dataset of 128 contracts and a dataset of 21K real-world contracts shows that our hybrid approach detects more bugs than state-of-the-art tools (up to 23%) and that it outperforms existing tools in terms of code coverage (up to 69%). We also demonstrate that data dependency analysis can boost bug detection up to 18%.

In this paper, we leverage the newly integrated extended Berkely Packet Filters (eBPF) and eXpress Data Path (XDP) to build ROS-FM, a high-performance inline network-monitoring framework for ROS. We extend the framework with a security policy enforcement tool and distributed data visualization tool for ROS1 and ROS2 systems. We compare the overhead of this framework against the generic ROS monitoring tools, and we test the policy enforcement against existing ROS penetration testing tools to evaluate their effectiveness. We find that the network monitoring framework and the associated visualization tools outperform the existing ROS monitoring tools for all robots with more than 10 running processes and that the monitoring tool uses only 4% of the overhead of the generic tools for robots with 80 processes. We further demonstrate the effectiveness of the security tool against common attacks in both ROS1 and ROS2.

In this brave new world of smartphone-dependent society, dependability is a strong requirement and needs to be addressed properly. Assessing the dependability of these mobile system is still an open issue, and companies should have the tools to improve their devices and beat the competition against other vendors. The main objective of this dissertation is to provide the methods to assess the dependability of mobile OS, fundamental for further improvements. Mobile OS are threatened mainly by traditional residual faults (when errors spread across components as failures), aging-related faults (when errors accumulate over time), and misuses by users and applications. This thesis faces these three aspects. First, it presents a qualitative method to define the fault model of a mobile OS, and an exhaustive fault model for Android. I designed and developed AndroFIT, a novel fault injection tool for Android smartphone, and performed an extensive fault injection campaign on three Android devi...

The Robotic Operating System (ROS) is the de-facto standardfor the development of modular robotic systems. However,ROS is notorious for the absence of security mechanisms,only partially covered by recent advancements. Indeed, anattacker can easily break into ROS-enabled systems and hijacksarbitrary messages. We propose an integrated solution,ROS-Immunity, with small overhead that allows ROS usersto harden their systems against attackers. The solution consistsof three components: robustness assessment, automaticrule generation, and distributed defense with a firewall. ROSImmunityis also able to detect on-going attacks that exploitnew vulnerabilities in ROS systems. We evaluated our solutionagainst four use-cases: a self-driving car, a swarm roboticsystem, a centralized assembly line, and a real-world decentralizedone. ROS-Immunity was found to have minimal overhead,with only an additional 7-18% extra system power perrobot required to operate it. Furthermore, ROS-Immunity wasable to p...

This paper presents a novel mechanism implemented in the SW to identify and authorize secure service call from the NW. While the current solution needs changes of the non-secure software (typically an RTOS), our solution exploits available hardware (i.e., the memory protection unit or MPU) to handle clients identification and authorization in a transparent way to non-secure software.