@conference { , title = {A 32kB Secure Cache Memory with Dynamic Replacement Mapping in 65nm bulk CMOS}, year = {2015}, month = {November 2015}, address = {Xiamen, China}, author = {Burak Erbagci and Fangfei Liu and Cagla Cakir and Nail Etkin Can Akkaya and Ruby B. Lee, and Ken Mai} } @phdthesis { , title = {Architectures for Secure Cloud Computing Servers}, year = {2013}, school = {Princeton University}, type = {PhD Thesis}, address = {Princeton, NJ}, author = {Jakub Szefer} } @conference { , title = {A Framework for Realizing Security on Demand in Cloud Computing}, year = {2013}, month = {December 2013}, address = {Bristol, UK}, author = {Pramod Jamkhedkar;Jakub Szefer;Diego Perez-Botero;Tianwei Zhang;Gina Triolo;Ruby.B. Lee} } @conference { , title = {Architectural Support for Hypervisor-Secure Virtualization}, year = {2012}, month = {March 3?7, 2012}, abstract = {Virtualization has become a standard part of many computer systems. A key part of virtualization is the all-powerful hypervisor which manages the physical platform and can access all of its resources, including memory assigned to the guest virtual machines (VMs). Continuing releases of bug reports and exploits in the virtualization software show that defending the hypervisor against attacks is very difficult. In this work, we present hypervisor-secure virtualization ? a new research direction with the goal of protecting the guest VMs from an untrusted hypervisor. We also present the Hy- perWall architecture which achieves hypervisor-secure virtualization, using hardware to provide the protections. HyperWall allows a hypervisor to freely manage the memory, processor cores and other resources of a platform. Yet once VMs are created, our new Confidentiality and Integrity Protection (CIP) tables protect the memory of the guest VMs from accesses by the hypervisor or by DMA, depending on the customer?s specification. If a hypervisor does become compromised, e.g. by an attack from a malicious VM, it cannot be used in turn to attack other VMs. The protections are enabled through minimal modifications to the micropro- cessor and memory management units. Whereas much of the previous work concentrates on protecting the hypervisor from attacks by guest VMs, we tackle the problem of protecting the guest VMs from the hypervisor.}, author = {Jakub Szefer and Ruby B. Lee} } @conference { , title = {A Software-Hardware Architecture for Self-Protecting Data}, year = {2012}, month = {October 16-18}, address = {Raleigh, NC, USA}, abstract = {We propose a software-hardware architecture, DataSafe, that realizes the concept of self-protecting data: data that is protected by a given policy whenever it is accessed by any application ? including unvetted third-party applications. Our architecture provides dynamic instantiations of secure data compartments (SDCs), with hardware monitoring of the information flows from the compartment using hardware policy tags associated with the data at runtime. Unbypassable hardware output control prevents confidential information from being leaked out. Unlike previous hardware information flow tracking systems, DataSafe software architecture bridges the semantic gap by supporting flexible, high-level software policies for the data, seamlessly translating these policies to efficient hardware tags at runtime. Applications need not be modified to interface to these software-hardware mechanisms. DataSafe architecture is designed to prevent illegitimate secondary dissemination of protected plaintext data by authorized recipients, to track and protect data derived from sensitive data, and to provide lifetime enforcement of the confidentiality policies associated with the sensitive data.}, keywords = {information flow tracking, self-protecting data, architecture}, author = {Yu-Yuan Chen and Pramod A. Jamkhedkar and Ruby B. Lee} } @phdthesis { , title = {Architecture for Data-Centric Security}, year = {2012}, pages = {130}, school = {Princeton University}, type = {PhD Thesis}, address = {Princeton, NJ}, abstract = {In today?s computing environment, we use various applications on our various computing devices to process our data. However, we can only implicitly trust that the applications do not do anything harmful or violate our desired confidentiality policy for the data, especially when those applications are run on today?s feature-rich and monolithic commodity operating systems. In this thesis, we present two approaches ? with and without modifying the applications ? that aim to provide data confidentiality protection after the data is given to an authorized recipient ? a problem which we refer to as illegal secondary dissemination. We also aim for the protection of the data throughout its lifetime. The first approach follows the school of thought of providing a secure execution compartment for the security-critical part of an application. We propose to use the hardware to directly protect a trusted component of an application, which in turn controls access to the protected data, on top of an untrusted operating system. We devise a methodology for trust-partitioning an existing application into the trusted component, leaving the rest of the application untrusted. The trusted component can be used to implement the desired confidentiality policy for our sensitive data and guarantee that the policy is enforced for the lifetime of the data. We demonstrate this first approach by showing how the difficult-to-achieve originator-controlled (ORCON) access control policy can be enforced with the real-world vi editor. Our first approach essentially ties the protected data with the trusted part of the application that is protected by the hardware. However, this results in the inconvenience of having to use only a particular application to access the protected data, limiting the portability and availability of the data. Therefore, my second approach removes the applications from the trust chain and provides an application-independent secure data compartment that tracks and protects the data in the hardware, no matter which untrusted application or authorized recipient is given access to the data. We use the flexibility of software to interpret and translate high-level policies to low-level semantics that the hardware understands, and we use the hardware to persistently track the usage of the sensitive data and to control the output of the sensitive data from the machine. We have prototyped the architecture on the OpenSPARC processor platform and show how unmodified third-party applications can be run while various data-specific high-level policies can be enforced on the sensitive data. My second approach leverages a technique called Dynamic Information Flow Tracking (DIFT), which has been shown to be a powerful technique for computer security, covering both integrity and confidentiality applications. However, the falsepositives and false-negatives of DIFT techniques have hindered its practical adoption and usability. We take a deeper look at the practicality and usability issues of DIFT and explore various techniques to address the false positives and false negatives, arising from the undecidability of conditional branches, which is a type of implicit information flow that is particularly hard to solve dynamically. We propose various micro-architectural and hybrid software-hardware solutions using only the application binaries and show how the combination of these solutions help build a practical and usable DIFT system.}, author = {Yu-Yuan Chen} } @conference { , title = {A Case for Hardware Protection of Guest VMs from Compromised Hypervisors in Cloud Computing}, year = {2011}, month = {June 20-24, 2011}, abstract = {Cloud computing, enabled by virtualization technologies, is becoming a mainstream computing model. Many companies are starting to utilize the infrastructure-as-a-service (IaaS) cloud computing model, leasing guest virtual machines (VMs) from the infrastructure providers for economic reasons: to reduce their operating costs and to increase the flexibility of their own infrastructures. Yet, many companies may be hesitant to move to cloud computing due to security concerns. An integral part of any virtualization technology is the all-powerful hypervisor. A hypervisor is a system management software layer which can access all resources of the platform. Much research has been done on using hypervisors to monitor guest VMs for malicious code and on hardening hypervisors to make them more secure. There is, however, another threat which has not been addressed by researchers ? that of compromised or malicious hypervisors that can extract sensitive or confidential data from guest VMs. Consequently, we propose that a new research direction needs to be undertaken to tackle this threat. We further propose that new hardware mechanisms in the multicore microprocessors are a viable way of providing protections for the guest VMs from the hypervisor, while still allowing the hypervisor to flexibly manage the resources of the physical platform.}, author = {Jakub Szefer and Ruby B. Lee} } @conference { , title = {A Domain Specific Language for Usage Management}, year = {2011}, month = {October 21, 2011}, author = {Christopher C. Lamb and Pramod A. Jamkhedkar and Matthew Bonsack and Vishwanath Nandina and Gregory L. Heileman} } @article { , title = {Adaptive and Dynamic Network Provisioning with Network Forensics Devices}, journal = {Princeton University Department of Electrical Engineering Technical Report CE-L2011-005}, year = {2011}, month = {Sept. 15, 2011}, author = {Fangfei Liu and Ashutosh Dutta and Ruby B. Lee} } @conference { , title = {A Framework for Testing Hardware-Software Security Architectures}, year = {2010}, month = {December 6 2010}, address = {Austin, Texas USA}, abstract = {New security architectures are dif?cult to prototype and test at the design stage. Fine-grained monitoring of the interactions between hardware, the operating system, and applications is required. We have designed and prototyped a testing framework, using virtualization, that can emulate the behavior of new hardware mechanisms in the virtual CPU and can perform a wide range of hardware and software attacks on the system under test. Our testing framework provides APIs for monitoring hardware and software events in the system under test, launching attacks, and observing their effects. We demonstrate its use by testing the security properties of the Secret Protection (SP) architecture using a suite of attacks. We show two important lessons learned from the testing of the SP architecture that affect the design and implementation of the architecture. Our framework enables extensive testing of hardware-software security architectures, in a realistic and ?exible environment, with good performance provided by virtualization.}, author = {Jeffrey S. Dwoskin and Mahadevan Gomathisankaran and Yu-Yuan Chen and Ruby B. Lee} } @article { , title = {A New Basis for Shifters in General-Purpose Processors for Existing and Advanced Bit Manipulations}, journal = {IEEE Transactions on Computing}, volume = {58}, year = {2009}, note = {Available online since November 2008.}, month = {August 2009}, abstract = {This paper describes a new basis for the implementation of the shifter functional unit in microprocessors that can implement new advanced bit manipulations as well as standard shifter operations. Our design is based on the inverse butterfly and butterfly datapath circuits, rather than the barrel shifter or log-shifter designs currently used. We show how this new shifter can implement the standard shift and rotate operations, as well as more advanced extract, deposit and mix operations found in some processors. Furthermore, it can perform important new classes of even more advanced bit manipulation instructions like arbitrary bit permutations, bit gather (or parallel extract) and bit scatter (or parallel deposit) instructions. Thus, our new functional unit performs the functionality of three functional units ? the basic shifter, the multimedia-mix unit and the advanced bit manipulation functional unit, while having a latency only slightly longer than that of the log-shifter.}, author = {Hilewitz, Yedidya and Lee, Ruby B.} } @conference { , title = {Accountability in Hosted Virtual Networks}, year = {2009}, month = {August 2009}, address = {Barcelona, Spain}, author = {Eric Keller and Ruby B. Lee and Jennifer Rexford} } @article { , title = {A Framework for Testing Hardware-Software Security Architectures}, journal = {Princeton University Department of Electrical Engineering Technical Report CE-L2009-001}, year = {2009}, note = {Updated June 2009}, month = {February 2009}, URL = {http://palms.ee.princeton.edu/PALMSopen/Dwoskin200906_TestingFramework.pdf}, author = {Jeffrey Dwoskin;Mahadevan Gomathisankaran;Ruby B. Lee} } @conference { , title = {Accelerating the Whirlpool Hash Function Using Parallel Table Lookup and Fast Cyclical Permutation}, year = {2008}, month = {February 2008}, address = {Lausanne, Switzerland}, abstract = {Hash functions are an important building block in almost all security applications. In the past few years, there have been major advances in the cryptanalysis of hash functions, especially the MDx family, and it has become important to select new hash functions for next-generation security applications. One of the potential candidates is Whirlpool, an AES-based hash function. Whirlpool adopts a very different design approach from MDx, and hence it has withstood all the latest attacks. However, its slow software performance has made it less attractive for practical use. In this paper, we present a new software implementation of Whirlpool that is significantly faster than previous ones. Our optimization leverages new ISA extensions, in particularly Parallel Table Lookup (PTLU), which has previously been proposed to accelerate block ciphers like AES and DES, multimedia and other applications. We also show a novel cyclical permutation algorithm that can concurrently convert rows of a matrix to diagonals. We obtain a speedup of 8.8x and 13.9x over a basic RISC architecture using 64-bit and 128-bit PTLU modules, respectively. This is equivalent to rates of 11.4 and 7.2 cycles/byte, respectively, which makes our Whirlpool implementation faster than the fastest published rate of 12 cycles/byte for SHA-2 in software.}, author = {Hilewitz, Yedidya and Yin, Yiqun Lisa and Lee, Ruby B.} } @phdthesis { , title = {Advanced Bit Manipulation Instructions: Architecture, Implementation and Applications}, year = {2008}, school = {Princeton University}, type = {PhD Thesis}, abstract = {Advanced bit manipulation operations are not efficiently supported by commodity word-oriented microprocessors. Programming tricks are typically devised to shorten the long sequence of instructions needed to emulate these complicated operations. As these bit manipulation operations are relevant to applications that are becoming increasingly important, we propose direct support for them in microprocessors. In particular, we propose fast bit gather (or parallel extract), bit scatter (or parallel deposit) and bit matrix multiply instructions, building on previous work which focused solely on instructions for accelerating general bit permutations.

We show that the bit gather and bit scatter instructions can be implemented efficiently using the fast butterfly and inverse butterfly network datapaths. We define static, dynamic and loop-invariant versions of the instructions, with static versions utilizing a much simpler functional unit than dynamic or loop-invariant versions. We show how a hardware decoder can be implemented for the dynamic and loop-invariant versions to generate, dynamically, the control signals for the butterfly and inverse butterfly datapaths. We propose a new advanced bit manipulation functional unit to support bit gather, bit scatter and bit permutation instructions and then show how this functional unit can be extended to subsume the functionality of the standard shifter unit. This new unit represents an evolution in the design of shifters.

We also consider the bit matrix multiply instruction. This instruction multiplies two n x n bit matrices and can be used to accelerate parity computation and is a powerful bit manipulation primitive. Bit matrix multiply is currently only supported by supercomputers and we investigate simpler bmm primitive instructions suitable for implementation in a commodity processor. We consider smaller units that perform submatrix multiplication and the use of the Parallel Table Lookup module to speed up bmm.

Additionally, we perform an analysis of a variety of different application kernels taken from domains including binary compression, image manipulation, communications, random number generation, bioinformatics, integer compression and cryptology. We show that usage of our proposed instructions yields significant speedups over a basic RISC architecture ? parallel extract and parallel deposit speed up applications 2.4x on average, while applications that benefit from bmm instructions are accelerated up to 4.0x on average for the various bmm solutions.}, author = {Hilewitz, Yedidya} } @conference { , title = {A Novel Cache Architecture with Enhanced Performance and Security}, year = {2008}, month = {December 2008}, pages = {88-93}, author = {Zhenghong Wang and Ruby B. Lee} } @conference { , title = {A security architecture for transient trust}, year = {2008}, month = {October 31}, pages = {1-8}, address = {Alexandria, Virginia}, abstract = {In extraordinary situations, certain individuals may require access to information for which they are not normally authorized. For example, to facilitate rescue of people trapped inside of a burning building, firefighters may need its detailed floor plan - information that may not typically be accessible to emergency responders. Thus, it is necessary to provide transient trust so that such sensitive information is available to selected individuals only during the emergency. The architecture presented here is designed to support transient trust. It encompasses pre-positioned, updateable domains for use exclusively during emergencies along with a set of "normal" domains with different sensitivity levels. Allocated to partitions, these domains are entered via a high integrity trusted path service located in a separate trusted partition. Interaction among subjects in different partitions is controlled by a high assurance separation kernel, and efficient use of devices is achieved through the application of a three-part device model. The resulting architecture enforces mandatory security policies, yet ensures secure and revocable access to a class of information during declared emergencies.}, author = {Cynthia E. Irvine and Timothy E. Levin and Paul C. Clark and Thuy D. Nguyen} } @article { , title = {Alternative application-specific processor architectures for fast arbitrary bit permutations}, journal = {International Journal of Embedded Systems}, volume = {3}, year = {2008}, pages = {219-228}, author = {Zhijie Jerry Shi and Xiao Yang and Ruby B. Lee} } @article { , title = {A Secure yet High Performance Cache Architecture}, year = {2007}, month = {November 2007}, address = {Princeton University Department of Electrical Engineering Technical Report CE-L2007-012}, author = {Wang, Zhenghong and Lee, Ruby B.} } @article { , title = {A New Basis for Shifters in General-Purpose Processors for Existing and Advanced Bit Manipulations}, year = {2007}, month = {July 2007}, address = {Princeton University Department of Electrical Engineering Technical Report CE-L2007-004}, author = {Hilewitz, Yedidya and Lee, Ruby B.} } @article { , title = {Accelerating the Whirlpool Hash Function using On-Chip Lookup Tables}, year = {2007}, month = {February 2007}, address = {Princeton University Department of Electrical Engineering Technical Report CE-L2007-001}, author = {Hilewitz, Yedidya and Lee, Ruby B.} } @article { , title = {Achieving Very Fast Bit Matrix Multiplication in Commodity Microprocessors}, year = {2007}, month = {August 2007}, address = {Princeton University Department of Electrical Engineering Technical Report CE-L2007-006}, author = {Hilewitz, Yedidya and Lee, Ruby B.} } @article { , title = {Aiding Side-channel Attacks on Cryptographic Software with Satisfiability-based Analysis}, journal = {IEEE Transactions on VLSI}, volume = {15}, year = {2007}, month = {April 2007}, pages = {465-470}, author = {Potlapally, Nachiketh and Raghunathan, Anand and Sriavths Ravi and Jha, Niraj and Lee, Ruby B.} } @conference { , title = {Architecture for a Non-Copyable Disk (NCdisk) Using a Secret-Protection (SP) SoC Solution}, year = {2007}, month = {11/04/2007}, pages = {1999-2003}, address = {Pacific Grove, CA, USA}, abstract = {Piracy of copyrighted digital contents, such as movies and music is rampant in cyberspace. A piece of digital material may be repeatedly copied and proliferated throughout the Internet with ease. We examined both software and hardware vulnerabilities in existing digital copy-protection methods. As a result, we propose a non-copyable disk (NCdisk) that makes it significantly harder for digital contents to be copied. Any digital content written onto the NCdisk can only be read through a predefined set of outputs of the NCdisk, and the original plaintext digital form may never be read out of the NCdisk. We add a minimal set of components based on the secret-protection (SP) architecture to the existing disk's SoC chipset to attribute the disk with the non-copyable property. We further present the security protocol to be used along with the NCdisk to provide a copy-protected digital movie download scenario.}, keywords = {copyright, data privacy, system-on-chip}, URL = {http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4487587}, author = {Wang, Michael and Lee, Ruby B.} } @conference { , title = {A refined look at Bernstein's AES side-channel analysis}, year = {2006}, month = {March 2006}, pages = {369}, publisher = {ACM}, address = {Taipei, Taiwan}, keywords = {AES, cache-state analysis, computer security, information leakage, s-box tables, side-channel analysis, timing analysis}, URL = {http://palms.ee.princeton.edu/PALMSopen/neve06refined.pdf}, author = {Neve, Michael and Seifert, Jean-Pierre and Wang, Zhenghong} } @article { , title = {A Study of the Energy Consumption Characteristics of Cryptographic Algorithms and Security Protocols}, journal = {IEEE Transactions in Mobile Computing}, volume = {5}, year = {2006}, month = {February 2006}, pages = {128-143}, URL = {http://palms.ee.princeton.edu/PALMSopen/potlapally06study.pdf}, author = {Potlapally, Nachiketh and Ravi, Srivaths and Raghunathan, Anand and Jha, Niraj} } @conference { , title = {A Traitor Tracing Scheme Based on RSA for Fast Decryption}, volume = {3531}, year = {2005}, month = {June 7-10, 2005}, pages = {56-74}, publisher = {Springer-Verlag}, address = {New York, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/mcgregor05traitortracing_springer.pdf}, author = {McGregor, John Patrick and Yin, Yiqun Lisa and Lee, Ruby B.} } @conference { , title = {Architecture for Protecting Critical Secrets in Microprocessors}, year = {2005}, month = {June 4-8, 2005}, pages = {2-13}, address = {Madison, Wisconsin, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/lee05architecture_w_cit.pdf}, author = {Lee, Ruby B. and Kwan, Peter and McGregor, John Patrick and Dwoskin, Jeffrey and Wang, Zhenghong} } @conference { , title = {Architectural Enhancements for Secure Embedded Processing}, year = {2005}, month = {Aug. 2005}, address = {Patras, Greeece}, URL = {http://palms.ee.princeton.edu/PALMSopen/arora05architectural.pdf}, author = {Arora, Divya and Ravi, Srivaths and Raghunathan, Anand and Jha, Niraj} } @article { , title = {Architectural Techniques for Accelerating Subword Permutations with Repetitions}, journal = {IEEE Transactions on Very Large Scale Integration Systems}, volume = {11}, year = {2003}, month = {June 2003}, pages = {325-335}, keywords = {Cryptography, encryption, instruction set architecture, permutation, permutation instruction, processor architecture, subword parallelism, subword permutation}, URL = {http://palms.ee.princeton.edu/PALMSopen/mcgregor03architectural.pdf}, author = {McGregor, John Patrick and Lee, Ruby B.} } @conference { , title = {Arbitrary Bit Permutations in One or Two Cycles}, year = {2003}, month = {June 2003}, pages = {237-247}, address = {The Hague, The Netherlands}, URL = {http://palms.ee.princeton.edu/PALMSopen/shi03arbitrary.pdf}, author = {Shi, Zhijie and Yang, Xiao and Lee, Ruby B.} } @conference { , title = {A Processor Architecture Defense against Buffer Overflow Attacks}, year = {2003}, note = {Best Student Paper Award}, month = {Aug. 2003}, pages = {243-250}, address = {Newark, New Jersey, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/mcgregor03processor.pdf}, author = {McGregor, John Patrick and Karig, David and Shi, Zhijie and Lee, Ruby B.} } @conference { , title = {Adding 3D Graphics Support for PLX}, year = {2003}, month = {Aug. 2003}, pages = {40-44}, address = {Newark, New Jersey, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/yang03adding.pdf}, author = {Xiao Yang, Ruby Lee} } @conference { , title = {Analyzing the Energy Consumption of Security Protocols}, year = {2003}, month = {Aug. 2003}, pages = {30-35}, address = {Seoul, Korea}, URL = {http://palms.ee.princeton.edu/PALMSopen/potlapally03analyzing.pdf}, author = {Potlapally, Nachiketh and Ravi, Srivaths and Raghunathan, Anand and Jha, Niraj} } @conference { , title = {Algorithm Exploration for Efficient Public-Key Security Processing on Wireless Handsets}, year = {2002}, month = {March, 2002}, pages = {42-46}, address = {Le Palais des Congres, Paris, France}, URL = {http://palms.ee.princeton.edu/PALMSopen/potlapally02algorithm.pdf}, author = {Potlapally, Nachiketh and Ravi, Srivaths and Raghunathan, Anand and Lakshminarayana, Ganesh} } @conference { , title = {Architectural Enhancements for Fast Subword Permutations with Repetitions in Cryptographic Applications}, year = {2001}, month = {Sept. 2001}, pages = {453-461}, address = {Austin, Texas, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/mcgregor01architectural.pdf}, author = {McGregor, John Patrick and Lee, Ruby B.} } @conference { , title = {Accurate Power Macro-modeling Techniques for Complex RTL Circuits}, year = {2001}, month = {Jan. 2001}, pages = {235-241}, address = {Bangalore, India}, URL = {http://palms.ee.princeton.edu/PALMSopen/potlapally01accurate.pdf}, author = {Potlapally, Nachiketh and Raghunathan, Anand and Lakshminarayana, Ganesh and Hsiao, Michael and Chakradhar, Srimat} } @conference { , title = {BitDeposit: Deterring Attacks and Abuses of Cloud Computing Services Through Economic Measures}, year = {2013}, month = {May 2013}, author = {Jakub Szefer and Ruby B. Lee} } @conference { , title = {Butterfly and inverse Butterfly nets integration on Altera NioS-ii embedded processor}, year = {2010}, month = {November 2010}, address = {Pacific Grove, California, USA}, author = {Gian Carlo Cardarilli and Luca Di Nunzio and Rocco Fazzolari and Ruby B. Lee and Marco Re} } @conference { , title = {Bit Matrix Multiplication in Commodity Processors}, year = {2008}, month = {July 2008}, author = {Yedidya Hilewitz and CÚdric Lauradoux and Ruby B. Lee} } @conference { , title = {Bit Permutation Instructions for Accelerating Software Cryptography}, year = {2000}, month = {July 2000}, pages = {138-148}, address = {Boston, Massachusetts, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/shi00bit.pdf}, author = {Shi, Zhijie and Lee, Ruby B.} } @conference { , title = {CATalyst: Defeating Last-Level Cache Side Channel Attacks in Cloud Computing}, year = {2016}, month = {March 2016}, address = {Barcelona, Spain}, author = {Fangfei Liu;Qian Ge;Yuval Yarom;Frank Mckeen;Carlos Rozas;Gernot Heiser;Ruby Lee} } @article { , title = {Cloud Server Benchmark Suite for Evaluating New Hardware Architectures}, journal = {IEEE Computer Architecture Letters}, year = {2016}, month = {July-Dec 2016}, abstract = {Adding new hardware features to a cloud computing server requires testing both the functionality and the performance of the new hardware mechanisms. However, commonly used cloud computing server workloads are not well-represented by the SPEC integer and floating-point benchmark and Parsec suites typically used by the computer architecture community. Existing cloud benchmark suites for scale-out or scale-up computing are not representative of the most common cloud usage, and are very difficult to run on a cycle-accurate simulator that can accurately model new hardware, like gem5. In this paper, we present PALMScloud, a suite of cloud computing benchmarks for performance evaluation of cloud servers, that is ready to run on the gem5 cycle-accurate simulator. We conduct a behavior characterization and analysis of the benchmarks. We hope that these cloud benchmarks, ready to run on a dual-machine gem5 simulator or on real machines, can be useful to other researchers interested in improving hardware micro-architecture and cloud server performance}, author = {Hao Wu and Fangfei Liu and Ruby B. Lee} } @conference { , title = {CloudRadar: A Real-time Side-channel Attack Detection System in Clouds}, year = {2016}, month = {September 2016}, abstract = {We present CloudRadar, a system to detect, and hence mitigate, cache-based side-channel attacks in multi-tenant cloud systems. CloudRadar operates by correlating two events: first, it exploits signature- based detection to identify when the protected virtual machine (VM) executes a cryptographic application; at the same time, it uses anomaly-based detection techniques to monitor the co-located VMs to identify ab- normal cache behaviors that are typical during cache-based side-channel attacks. We show that correlation in the occurrence of these two events o?er strong evidence of side-channel attacks. Compared to other work on side-channel defenses, CloudRadar has the following advantages: first, CloudRadar focuses on the root causes of cache-based side-channel at- tacks and hence is hard to evade using metamorphic attack code, while maintaining a low false positive rate. Second, CloudRadar is designed as a lightweight patch to existing cloud systems, which does not require new hardware support, or any hypervisor, operating system, application modifications. Third, CloudRadar provides real-time protection and can detect side-channel attacks within the order of milliseconds. We demonstrate a prototype implementation of CloudRadar in the OpenStack cloud framework. Our evaluation suggests CloudRadar achieves negligible performance overhead with high detection accuracy.}, author = {Tianwei Zhang and Yinqian Zhang and Ruby B. Lee} } @conference { , title = {CloudMonatt: an Architecture for Security Health Monitoring and Attestation of Virtual Machines in Cloud Computing}, year = {2015}, month = {June 2015}, pages = {362-274}, address = {Portland}, author = {Tianwei Zhang;Ruby B. Lee} } @conference { , title = {Can randomized mapping secure instruction caches from side-channel attacks?}, year = {2015}, month = {June 13, 2015}, address = {Portland}, author = {Fangfei Liu;Hao Wu;Ruby B. Lee} } @conference { , title = {Cyber Defenses for Physical Attacks and Insider Threats in Cloud}, year = {2014}, month = {June 2014}, author = {Jakub Szefer;Pramod Jamkhedkar;Diego Perez-Botero;Ruby B. Lee} } @conference { , title = {Characterizing Hypervisor Vulnerabilities in Cloud Computing Servers}, year = {2013}, month = {May 2013}, author = {Diego Perez-Botero and Jakub Szefer and Ruby B. Lee} } @article { , title = {Checking Integrity of Untrusted Data with Few Queries}, year = {2007}, month = {September 2007}, address = {Princeton University Department of Electrical Engineering Technical Report CE-L2007-008}, author = {Potlapally, Nachiketh and Lee, Ruby B.} } @conference { , title = {Covert and Side Channels due to Processor Architecture}, year = {2006}, month = {December 2006}, pages = {473-482}, abstract = {Information leakage through covert channels and side channels is becoming a serious problem, especially when these are enhanced by modern processor architecture features. We show how processor architecture features such as simultaneous multithreading, control speculation and shared caches can inadvertently accelerate such covert channels or enable new covert channels and side channels. We first illustrate the reality and severity of this problem by describing concrete attacks. We identify two new covert channels. We show orders of magnitude increases in covert channel capacities. We then present two solutions, Selective Partitioning and the novel Random Permutation Cache (RPCache). The RPCache can thwart most cache-based software side channel attacks, with minimal hardware costs and negligible performance impact.}, keywords = {side channel attack, covert channel, cache, processor architecture}, URL = {http://www.acsac.org/2006/papers/127.pdf}, author = {Wang, Zhenghong and Lee, Ruby B.} } @conference { , title = {Capacity Estimation of Non-Synchronous Covert Channels}, year = {2005}, month = {June 6-9, 2005}, pages = {170-176}, address = {Columbus, OH, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/SDCS05_w_cit.pdf}, author = {Wang, Zhenghong and Lee, Ruby B.} } @conference { , title = {Comparing Fast Implementations of Bit Permutation Instructions}, year = {2004}, month = {Nov. 2004}, pages = {1856-1863}, address = {Pacific Grove, California, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/hilewitz04comparing_with_cit.pdf}, author = {Hilewitz, Yedidya and Shi, Zhijie Jerry and Lee, and Ruby B.} } @conference { , title = {Cost-Effective Multiplication with Enhanced Adders for Multimedia Applications}, volume = {1}, year = {2000}, month = {May 2000}, pages = {651-654}, address = {Geneva Switzerland}, URL = {http://palms.ee.princeton.edu/PALMSopen/luo00cost-effective.pdf}, author = {Luo, Zhen and Lee, Ruby B.} } @conference { , title = {Disruptive Prefetching: Impact on Side-Channel Attacks and Cache Designs}, year = {2015}, month = {May 2015}, address = {Haifa, Israel}, author = {Adi Fuchs;Ruby B. Lee} } @article { , title = {DataMoat: Architectural Support for Self-Protecting Data}, journal = {Princeton University Department of Electrical Engineering Technical Report CE-L2011-002 (updated June 1, 2011)}, year = {2011}, month = {Feb. 10, 2011}, author = {Yu-Yuan Chen and Ruby B. Lee} } @article { , title = {Design of Short Ring Oscillator-Based True Random Number Generator on FPGA Platform}, journal = {Princeton University Department of Electrical Engineering Technical Report CE-L2011-006 (updated Dec. 8, 2011)}, year = {2011}, month = {Sept. 20, 2011}, author = {Wei Zhang and Jakub M. Szefer and Yu-Yuan Chen and Chiwai Yu and Will X.Y. Li and Ray C.C. Cheung and Ruby B. Lee} } @article { , title = {Dynamic Integrity Trees for Deployable Memory Authentication}, year = {2007}, month = {November 2007}, address = {Department of Electrical Engineering Technical Report CE-L2007-013}, author = {Champagne, David and Elbaz, Reouven and Lee, Ruby B.} } @article { , title = {Decimation Tools Set}, year = {2007}, month = {November 2007}, address = {Princeton University Department of Electrical Engineering Technical Report CE-L2007-014}, author = {Lauradoux, Cedric and Lee, Ruby B.} } @conference { , title = {Design and Analysis of Password-Based Key Derivation Functions}, volume = {3376}, year = {2005}, month = {Feb. 2005}, pages = {245-261}, address = {San Francisco, California, USA}, keywords = {cryptography, iterative methods}, URL = {http://palms.ee.princeton.edu/PALMSopen/yao05design.pdf}, author = {Yao, Frances and Yin, Yiqun Lisa} } @conference { , title = {Distributed Denial of Service: Taxonomies of Attacks, Tools, and Countermeasures}, year = {2004}, month = {Sept. 2004}, pages = {543-550}, address = {San Francisco, California, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/DDoS%20Final%20PDCS%20Paper.pdf}, author = {Specht, Stephen and Lee, Ruby B.} } @conference { , title = {Eliminating the Hypervisor Attack Surface for a More Secure Cloud}, year = {2011}, month = {Oct. 17-21, 2011}, abstract = {Cloud computing is quickly becoming the platform of choice for many web services. Virtualization is the key underlying technology enabling cloud providers to host services for a large number of customers. Unfortunately, virtualization software is large, complex, and has a considerable attack surface. As such, it is prone to bugs and vulnerabilities that a malicious virtual machine (VM) can exploit to attack or obstruct other VMs ? a major concern for organizations wishing to move ?to the cloud.? In contrast to previous work on hardening or minimizing the virtualization software, we eliminate the hypervisor attack surface by enabling the guest VMs to run natively on the underlying hardware while maintaining the ability to run multiple VMs concurrently. Our NoHype system embodies four key ideas: (i) pre-allocation of processor cores and memory resources, (ii) use of virtual- ized I/O devices, (iii) minor modifications to the guest OS to perform all system discovery during bootup, and (iv) avoid- ing indirection by bringing the guest virtual machine in more direct contact with the underlying hardware. Hence, no hy- pervisor is needed to allocate resources dynamically, emulate I/O devices, support system discovery after bootup, or map interrupts and other identifiers. NoHype capitalizes on the unique use model in cloud computing, where customers specify resource requirements ahead of time and providers offer a suite of guest OS kernels. Our system supports multiple tenants and capabilities commonly found in hosted cloud infrastructures. Our prototype utilizes Xen 4.0 to prepare the environment for guest VMs, and a slightly modified version of Linux 2.6 for the guest OS. Our evaluation with both SPEC and Apache benchmarks shows a roughly 1% performance gain when running applications on NoHype compared to running them on top of Xen 4.0. Our security analysis shows that, while there are some minor limitations with cur- rent commodity hardware, NoHype is a significant advance in the security of cloud computing.}, author = {Jakub Szefer and Eric Keller and Ruby B. Lee and Jennifer Rexford} } @article { , title = {Evaluation of OpenSPARC FPGA Platform as a Security and Performance Research Platform}, journal = {Princeton University Department of Electrical Engineering Technical Report CE-L2010-002}, year = {2010}, month = {Sept. 6, 2010}, author = {Jakub Szefer and Yu-Yuan Chen and Ray Cheung and Ruby B. Lee.} } @article { , title = {Efficient Randomness Generation Techniques for Embedded Systems}, year = {2007}, month = {December 2007}, address = {Princeton University Department of Electrical Engineering Technical Report CE-L2007-015}, author = {Potlapally, Nachiketh and Lee, Ruby B.} } @conference { , title = {Enhancing Security through Hardware-assisted Run-time Validation of Program Data Properties}, year = {2005}, month = {Sept. 2005}, pages = {190-195}, address = {New York, USA}, keywords = {Data tagging, run-time checks, secure architectures}, URL = {http://palms.ee.princeton.edu/PALMSopen/arora05enhancing.pdf}, author = {Arora, Divya and Raghunathan, Anand and Ravi, Srivaths and Jha, Niraj} } @conference { , title = {Evaluating Instruction Set Extensions for Fast Arithmetic on Binary Finite Fields}, year = {2004}, month = {Sept. 2004}, pages = {125-136}, address = {Galveston, Texas, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/fiskiran04evaluating_with_citation.pdf}, author = {Fiskiran, Murat and Lee, Ruby B.} } @conference { , title = {Exploration and Evaluation of PLX Floating-point Instructions and Implementations for 3D Graphics}, year = {2004}, month = {Nov. 2004}, pages = {1873-1878}, address = {Pacific Grove, California, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/asilomar2004-final-with-ref.pdf}, author = {Yang, Xiao and Valia, Shamik and Schulte, Michael and Lee, Ruby B.} } @conference { , title = {Enlisting Hardware Architecture to Thwart Malicious Code Injection}, year = {2003}, month = {March 2003}, pages = {237-252}, address = {Boppard, Germany}, URL = {http://palms.ee.princeton.edu/PALMSopen/lee03enlisting.pdf}, author = {Lee, Ruby B. and Karig, David and McGregor, John Patrick and Shi, Zhijie} } @article { , title = {Efficient Permutation Instructions for Fast Software Cryptography}, journal = {IEEE Micro}, volume = {21}, year = {2001}, month = {Dec. 2001}, pages = {56-69}, URL = {http://palms.ee.princeton.edu/PALMSopen/lee01efficient.pdf}, author = {Lee, Ruby B. and Shi, Zhijie and Yang, Xiao} } @conference { , title = {Efficiency of MicroSIMD Architectures and Index-Mapped Data for Media Processors}, year = {1999}, month = {Jan. 1999}, pages = {34-46}, address = {San Jose, California}, URL = {http://palms.ee.princeton.edu/PALMSopen/lee99efficiency.pdf}, author = {Lee, Ruby B.} } @article { , title = {Fast Bit Gather, Bit Scatter and Bit Permutation Instructions for Commodity Microprocessors}, journal = {Journal of Signal Processing Systems}, volume = {53}, year = {2008}, month = {11/2008}, pages = {145-169}, publisher = {Springer New York}, author = {Yedidya Hilewitz and Ruby B. Lee} } @conference { , title = {Forward-Secure Content Distribution to Reconfigurable Hardware}, year = {2008}, month = {December 2008}, author = {David Champagne and Reouven Elbaz and Ruby B. Lee} } @article { , title = {Framework for Design Validation of Security Architectures}, journal = {Princeton University Department of Electrical Engineering Technical Report CE-L2008-013}, year = {2008}, month = {November 2008}, URL = {http://palms.ee.princeton.edu/PALMSopen/techreports/Dwoskin2008TestingFramework.pdf}, author = {Jeffrey S. Dwoskin and Mahadevan Gomathisankaran and Ruby B. Lee} } @article { , title = {Fast Bit Matrix Multiplication in Commodity Microprocessors}, year = {2007}, month = {November 2007}, address = {Princeton University Department of Electrical Engineering Technical Report CE-L2007-011}, author = {Hilewitz, Yedidya and Lauradoux, Cedric and Lee, Ruby B.} } @conference { , title = {Fast Bit Compression and Expansion with Parallel Extract and Parallel Deposit Instructions}, year = {2006}, note = {(Best Paper Award)}, month = {11/09/2006}, pages = {65-72}, abstract = {Current microprocessor instruction set architectures are word oriented, with some subword support. Many important applications, however, can realize substantial performance benefits from bitoriented instructions. We propose the parallel extract (pex) and parallel deposit (pdep) instructions to accelerate compressing and expanding selections of bits. We show that these instructions can be implemented by the fast inverse butterfly and butterfly network circuits. We evaluate latency and area costs of alternative functional units for implementing subsets of advanced bit manipulation instructions. We show applications exhibiting significant speedup, 3.41}, URL = {http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=04019493}, author = {Hilewitz, Yedidya and Lee, Ruby B.} } @conference { , title = {Fast Parallel Table Lookups to Accelerate Symmetric-Key Cryptography}, year = {2005}, month = {April 4-6, 2005}, pages = {526-531}, address = {Las Vegas, Nevada, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/fiskiran05fast_with_citation.pdf}, author = {Fiskiran, Murat and Lee, Ruby B.} } @conference { , title = {Fast Software-Based Attacks on Secure ID}, year = {2004}, month = {Feb. 2004}, pages = {454-471}, address = {Delhi, India}, URL = {http://palms.ee.princeton.edu/PALMSopen/contini04fast.pdf}, author = {Contini, Scott and Yin, Yiqun Lisa} } @conference { , title = {Fast Subword Permutation Instructions Using Omega and Flip Network Stages}, year = {2000}, month = {Sept. 2000}, pages = {15-22}, address = {Austin, Texas, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/yang00fast-2.pdf}, author = {Yang, Xiao and Lee, Ruby B.} } @conference { , title = {Fast Subword Permutation Instructions Based on Butterfly Networks}, year = {2000}, month = {Jan. 2000}, pages = {80-86}, address = {San Jose, California}, URL = {http://palms.ee.princeton.edu/PALMSopen/yang00fast.pdf}, author = {Yang, Xiao and Vachharajani, Manish and Lee, Ruby B.} } @conference { , title = {General-purpose FPGA Platform for Efficient Encryption and Hashing}, year = {2010}, month = {July 7-9, 2010}, abstract = {Many applications require protection of secret or sensitive information, from sensor nodes and embedded applications to large distributed systems. The confidentiality of data can be protected by encryption using symmetric-key ciphers, and the integrity of the data can be ensured by using a cryptographic hash function to calculate a ?digital fingerprint.? In this paper, we propose reconfigurable FPGA hardware components that enable rapid deployment of cryptographic and other algorithms. The novelty of our hardware components is in their general-purpose design which enables easy mappings to allow customizations of data protection for different usage scenarios. Since we utilize only a small part of an FPGA chip, our design can be readily integrated with other processing needs of a mobile device, a sensor node or a System-on-Chip. In addition to being able to implement established algorithms, our analysis shows that the new hash algorithms proposed for the National Institute of Standards and Technology (NIST) competition for Advanced Hash Algorithms (AHS) also map well onto our general-purpose components. Our solution facilitates easy hardware implementation of customizable encryption and hashing solutions, with area and speed performance comparable to custom FPGA implementations targeted at a specific cipher or hash algorithm. Furthermore, the components that we have proposed can be used for many other applications - not just for implementing block ciphers and cryptographic hash functions.}, author = {Jakub Szefer;Yu-Yuan Chen;Ruby B. Lee} } @inbook { , title = {Hardware-Enhanced Security for Cloud}, booktitle = {Secure Cloud Computing }, year = {2014}, pages = {57-76}, publisher = {Springer}, address = {Berlin}, URL = {http://link.springer.com/chapter/10.1007%2F978-1-4614-9278-8_3}, author = {Jakub Szefer and Ruby B. Lee} } @conference { , title = {Hardware-Assisted Application-Level Access Control}, year = {2009}, month = {September 2009}, address = {Pisa, Italy}, abstract = {Applications typically rely on the operating system to en- force access control policies such as MAC, DAC, or other policies. How- ever, in the face of a compromised operating system, such protection mechanisms may be ine ective. Since security-sensitive applications are most motivated to maintain access control to their secret or sensitive in- formation, and have no control over the operating system, it is desirable to provide mechanisms to enable applications to protect information with application-speci c policies, in spite of a compromised operating system. In this paper, we enable application-level access control and information sharing with direct hardware support and protection, bypassing the de- pendency on the operating system. We analyze an originator-controlled information sharing policy (ORCON), where the content creator speci- es who has access to the le created and maintains this control after the le has been distributed. We show that this policy can be enforced by the software-hardware mechanisms provided by the Secret Protection (SP) architecture, where a Trusted Software Module (TSM) is directly protected by SP's hardware features. We develop a proof-of-concept text editor application which contains such a TSM. This TSM can imple- ment many di erent policies, not just the originator-controlled policy that we have de ned. We also propose a general methodology for trust- partitioning an application into security-critical and non-critical parts.}, author = {Chen, Yu-Yuan and Lee, Ruby B.} } @article { , title = {Hardware Mechanisms for Memory Authentication: A Survey of Existing Techniques and Engines}, journal = {Transactions on Computational Science IV, Lecture Notes in Computer Science (LNCS)}, year = {2009}, month = {March 2009}, pages = {1-22}, abstract = {Trusted computing platforms aim to provide trust in computations performed by sensitive applications. Verifying the integrity of memory contents is a crucial security service that these platforms must provide since an adversary able to corrupt the memory space can affect the computations performed by the platform. After a description of the active attacks that threaten memory integrity, this paper surveys existing cryptographic techniques ? namely integrity trees ? allowing for memory authentication. The strategies proposed in the literature for implementing such trees on general-purpose computing platforms are presented, along with their complexity. This paper also discusses the effect of a potentially compromised Operating System (OS) on computing platforms requiring memory authentication and describes an architecture recently proposed to provide this security service despite an untrusted OS. Existing techniques for memory authentication that are not based on trees are described and their performance/security trade-off is discussed. While this paper focuses on memory authentication for uniprocessor platforms, we also discuss the security issues that arise when considering data authentication in symmetric multiprocessor (shared memory) systems.}, author = {Reouven Elbaz and David Champagne and Catherine Gebotys and Ruby B. Lee and Nachiketh Potlapally and Lionel Torres} } @conference { , title = {How Bad is Suboptimal Rate Allocation?}, year = {2008}, month = {April 13-18 2008}, pages = {951-959}, author = {Tian Lan and Xiaojun Lin and Mung Chiang and Ruby B. Lee} } @conference { , title = {Hardware-rooted Trust for Secure Key Management and Transient Trust}, year = {2007}, month = {October 2007}, pages = {389-400}, address = {Alexandria, VA}, abstract = {

We propose minimalist new hardware additions to a microprocessor chip that protect cryptographic keys in portable computing devices which are used in the field but owned by a central authority. Our authority-mode architecture has trust rooted in two critical secrets: a Device Root Key and a Storage Root Hash, initialized in the device by the trusted authority. Our architecture protects trusted software, bound to the device, which can use the root secrets to protect other sensitive information for many different usage scenarios. We describe a detailed usage scenario for crisis response, where first responders are given transient access to third-party sensitive information which can be securely accessed during a crisis and reliably revoked after the crisis is over.

We leverage the Concealed Execution Mode of our earlier user-mode SP (Secret-Protecting) architecture to protect trusted code and its execution [1]. We call our new architecture authority-mode SP since it shares the same architectural lineage and the goal of minimalist hardware roots of trust. However, we completely change the key management hardware and software to enable new remote trust mechanisms that user-mode SP cannot support. In our new architecture, trust is built on top of the shared root key which binds together the secrets, policy and trusted software on the device. As a result, the authority-mode SP architecture can be used to provide significant new functionality including transient access to secrets with reliable revocation mechanisms, controlled transitive support for policy-controlled secrets belonging to different organizations, and remote attestation and secure communications with the authority.}, author = {Dwoskin, Jeffrey and Lee, Ruby B.} } @conference { , title = {How a Processor can Permute n bits in O(1) cycles}, year = {2002}, month = {Aug. 2002}, address = {Stanford University, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/lee02how-presentation.pdf}, author = {Lee, Ruby B. and Shi, Zhijie and Yang, Xiao} } @article { , title = {Hewlett-Packard Precision Architecture: the Processor}, journal = {HP Journal}, volume = {37}, year = {1986}, month = {08/1986}, pages = {19}, chapter = {4}, author = {Michael Mahon and Ruby B. Lee and Terrence Miller and Jerome Huck and William Bryg} } @article { , title = {Implicit Authentication for Smartphone Security}, journal = {Information Systems Security and Privacy}, volume = {576}, year = {2016}, month = {01/2016}, pages = {160-176}, publisher = {Springer}, abstract = {Common authentication methods based on passwords, or fingerprints in smartphones, depend on user participation. They do not protect against the threat of an attacker getting hold of the phone after the user has been authenticated. Using a victim?s smartphone, the attacker can launch impersonation attacks, which threaten the data that can be accessed from the smartphone and also the security of other users in the network. In this paper, we propose an implicit authentication method using the sensors already built into smartphones. We utilize machine learning algorithms for smartphones to continuously and implicitly authenticate the current user. We compare two typical machine learning methods, SVM and KRR, for authenticating the user. We show that our method achieves high performance (more than 90 % authentication accuracy) and high efficiency. Our method needs less than 10 s to train the model and 20 s to detect an abnormal user. We also show that the combination of more sensors provides better accuracy. Furthermore, our method enables adjusting the security level by changing the sampling rate.}, author = {Wei-Han Lee;Ruby B. Lee} } @conference { , title = {Implicit Sensor-based Authentication of Smartphone Users with Smartwatch}, year = {2016}, month = {June 2016}, abstract = {Smartphones are now frequently used by end-users as the portals to cloud-based services, and smartphones are easily stolen or co-opted by an attacker. Beyond the initial log- in mechanism, it is highly desirable to re-authenticate end- users who are continuing to access security-critical services and data, whether in the cloud or in the smartphone. But attackers who have gained access to a logged-in smartphone have no incentive to re-authenticate, so this must be done in an automatic, non-bypassable way. Hence, this paper proposes a novel authentication system, iAuth, for implicit, continuous authentication of the end-user based on his or her behavioral characteristics, by leveraging the sensors already ubiquitously built into smartphones. We design a system that gives accurate authentication using machine learning and sensor data from multiple mobile devices. Our system can achieve 92.1% authentication accuracy with negligible system overhead and less than 2% battery consumption.}, author = {Wei-Han Lee and Ruby B. Lee} } @inbook { , title = {Improving Cyber Security}, booktitle = {Advances in Cyber Security: Technology, Operations and Experiences}, editor = {Frank Hsu and Dorothy Marinucci}, year = {2013}, pages = {37-59}, publisher = {Fordham University Press}, ISBN = {978-0-8232-4457-7}, author = {Ruby B. Lee} } @phdthesis { , title = {Information Leakage Due to Cache and Processor Architectures}, year = {2012}, pages = {135}, school = {Princeton University}, type = {PhD Thesis}, address = {Princeton, NJ}, abstract = {When users share resources, interference between users often reflects their activities and thus leaks out information of a user to others. Microprocessors, and their associated cache memories, are typically one of the most shared resources in a computer system. Compared with traditional software-based and system-level information leakage channels, the ones in microprocessors are often much faster and more reliable ? and hence more dangerous. They can also bypass existing software-based protection and isolation mechanisms, and can nullify any confidentiality or integrity protections provided by strong cryptography. Because of the ubiquitous deployment of microprocessors and the fact that the attacks are effective on essentially all modern processors, such microprocessor-level information leakage exists in almost all computing systems and has become a serious security threat to a wide spectrum of platforms and users. Motivated by the increasing importance of the processor and cache information leakage problem, this dissertation aims to investigate the information leakage problem in microprocessors in a more generalized manner. The goal is to first understand the fundamental, rather than attack-specific, mechanisms that enable information leakage, and then propose countermeasures that attack the root causes and thus are generally effective. The dissertation also attempts to develop a theoretical model of information leakage channels, which can help analyze existing channels, identify new channels, evaluate their severity, and avoid such channels in future designs. The dissertation starts with concrete practical issues that are of high importance. It first analyzes the recent cache-based software side-channel attacks, revealing their common root cause, then proposing novel cache designs that can effectively defend against all attacks in this category without compromising performance, power efficiency and cost. The proposed Newcache design can even improve performance over traditional cache architectures. The dissertation also analyzes existing processor architectures, identifies several new covert channels that are much faster than traditional channels, and discusses alternative countermeasures. The dissertation then generalizes the problem of covert channels with abstract modeling and analysis, which clarify the ambiguity in traditional classifications of covert storage versus timing channels, help identify new channels and reveal limitations of existing covert channel identification methods. The dissertation also recognizes that asynchronism is an inherent characteristic of covert channels that should be properly captured in channel capacity estimation. Quantitative results are presented.}, author = {Zhenghong Wang} } @conference { , title = {Impact of Dynamic Binary Translators on Security}, year = {2008}, month = {21/06/2008}, address = {Beijing, China}, abstract = {Dynamic Binary Translators (DBTs) allow programs written for a specific platform to be run on other platforms without the need for recompilation. They allow legacy software to be run on newer hardware architectures, they can perform dynamic optimization of software, and virtualization. Other benefits include providing enhanced security by dynamically adding checking code around possible software security vulnerabilities. However, before this is even considered, there are two aspects of DBTs that must first be addressed. First, are software protections provided by the application preserved under the runtime translation and optimizations done by a DBT? Will they be optimized out? We study a range of software protection techniques including Stackshield, Propolice and Stackguard, Libsafe, address space randomization, checksumming, watermarking, system call sandboxing, authenticated system calls, code obsfucation and morphing, anti-debugging, instruction-set randomization, and proof carrying code. Second, how is the DBT itself protected? How is its code cache protected? Without adequate protection, a DBT can be exploited by an attacker to cause disastrous system consequences. We propose three solutions. One solution adds a small set of hardware features to the microprocessor, as defined by the Secret Protection (SP) architecture, to protect the DBT and its code cache.}, author = {Chen, Yu-Yuan and Wu, Youfeng and Hu, Shiliang and Lee, Ruby B.} } @conference { , title = {Impact of Configurability and Extensibility on IPSec Protocol Execution on Embedded Processors}, year = {2006}, month = {January 2006}, pages = {299-304}, publisher = {IEEE Computer Society}, address = {Hyderabad, India}, keywords = {Configurability, Embedded Processors, Embedded Security, Embedded Systems, Extensibility, IPSec, Performance, Security Protocols}, URL = {http://palms.ee.princeton.edu/PALMSopen/potlapally06impact.pdf}, author = {Potlapally, Nachiketh and Ravi, Srivaths and Raghunathan, Anand and Lee, Ruby B. and Jha, Niraj} } @conference { , title = {Implementation Complexity of Bit Permutation Instructions}, year = {2003}, note = {Nominated for Best Student Paper Award}, month = {Nov. 2003}, pages = {879-886}, address = {Pacific Grove, California, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/shi03implementation.pdf}, author = {Shi, Zhijie Jerry and Lee, Ruby B.} } @inbook { , title = {Instruction Set Architecture for Multimedia Signal Processing}, booktitle = {Book Chapter in Vojin G. Oklobdzija ed., The Computer Engineering Handbook}, editor = {Vojin G. Oklobdzija}, year = {2001}, pages = {39-1 to 39-38}, publisher = {CRC Press, ISBN: 0-8493-0885-2, Invited Chapter}, URL = {http://palms.ee.princeton.edu/PALMSopen/Lee_Instruction_Set_Architecture_for_Multimedia_Signal_Processing.pdf}, author = {Lee, Ruby B.} } @inbook { , title = {Key management in wireless ad hoc networks}, booktitle = {Theoretical Aspects of Distributed Computing in Sensor Networks}, year = {2010}, abstract = {Full citation: D. Xu, J. Dwoskin, J. Huang, T. Lan, R. B. Lee, and M. Chiang, ?Key management in wireless ad hoc networks?, Theoretical Aspects of Distributed Computing in Sensor Networks, Ed., S. Nikoletseas and J. Rolim, Springer, November 2010.}, author = {D. Xu and J. Dwoskin and J. Huang and T. Lan and R. B. Lee and and M. Chiang} } @conference { , title = {Last-Level Cache Side-Channel Attacks are Practical}, year = {2015}, month = {May 2015}, pages = {605-622}, address = {San Jose}, author = {Fangfei Liu;Yuval Yarom;Qian Ge;Gernot Heiser;Ruby B. Lee} } @article { , title = {Monitoring and Attestation of Virtual Machine Security Health in Cloud Computing}, journal = {IEEE Micro Special Issues on Security}, volume = {36}, year = {2016}, month = {Sept/Oct 2016}, abstract = {Abstract: Cloud customers need assurances regarding the security of their virtual machines (VMs) operating within an infrastructure-as-a-service cloud system. This is complicated by the customer not knowing where the VM is executing and by the semantic gap between what the customer wants to know versus what can be measured in the cloud. In this article, the authors present an architecture for monitoring a VM's security health. Their architecture can communicate this to the customer in an unforgeable manner. The authors show a concrete implementation of property-based attestation and a full prototype based on the OpenStack open source cloud software.}, author = {Tianwei Zhang and Ruby B. Lee} } @conference { , title = {Multi-sensor authentication to improve smartphone security}, year = {2015}, month = {February 2015}, abstract = {The widespread use of smartphones gives rise to new security and privacy concerns. Smartphone thefts account for the largest percentage of thefts in recent crime statistics. Using a victim?s smartphone, the attacker can launch impersonation attacks, which threaten the security of the victim and other users in the network. Our threat model includes the attacker taking over the phone after the user has logged on with his password or pin. Our goal is to design a mechanism for smartphones to better authenticate the current user, continuously and implicitly, and raise alerts when necessary. In this paper, we propose a multi-sensors-based system to achieve continuous and implicit authentication for smartphone users. The system continuously learns the owner?s behavior patterns and environment characteristics, and then authenticates the current user without interrupting user-smartphone interactions. Our method can adaptively update a user?s model considering the temporal change of user?s patterns. Experimental results show that our method is efficient, requiring less than 10 seconds to train the model and 20 seconds to detect the abnormal user, while achieving high accuracy (more than 90%). Also the combination of more sensors provide better accuracy. Furthermore, our method enables adjusting the security level by changing the sampling rate.}, author = {Wei-Han Lee;Ruby B. Lee} } @conference { , title = {Mapping the Intel Last-Level Cache}, year = {2015}, author = {Yuval Yarom;Qian Ge;Fangfei Liu;Ruby B. Lee;Gernot Heiser} } @conference { , title = {Managed Control of Composite Cloud Systems}, year = {2011}, month = {June 27-30, 2011}, author = {Christopher C. Lamb and Pramod A. Jamkhedkar and Gregory L. Heileman and Chaouki T.Abdallah} } @conference { , title = {Maya: A Novel Block Encryption Function}, year = {2009}, month = {May 2009}, address = {Ullensvang, Norway}, author = {Mahadevan Gomathisankaran and Ruby B. Lee} } @conference { , title = {Multi-path Key Establishment Against REM Attacks in Wireless Ad Hoc Networks}, year = {2009}, note = {Best Paper Award}, month = {Nov/Dec 2009}, address = {Honolulu, Hawaii, USA}, abstract = {Secure communications in wireless ad hoc networks require setting up end-to-end secret keys for communicating node pairs. Due to physical limitations and scalability requirements, full key-connectivity can not be achieved by key pre-distribution. In this paper, we develop an analytical framework for the on-demand key establishment approach. We propose a novel security metric, called REM resilience vector to quantify the resilience of any key establishment schemes against Revealing, Erasure, and Modification (REM) attacks. Our analysis shows that previous key establishment schemes are vulnerable under REM attacks. Relying on the new security metric, we prove a universal bound on achievable REM resilience vectors for any ondemand key establishment scheme. This bound that characterizes the optimal security performance analytically is shown to be tight, as we propose a REM-resilient key establishment scheme which achieves any vector within this bound. In addition, we develop a class of low complexity key establishment schemes which achieve nearly-optimal REM-attack resilience.}, author = {Tian Lan and Ruby B. Lee and Mung Chiang} } @article { , title = {Making Security Validation as Easy as Performance Evaluation}, journal = {Princeton University Department of Electrical Engineering Technical Report CE-L2009-005}, year = {2009}, month = {November 2009}, author = {Yu-Yuan Chen and Jeffrey S. Dwoskin and Mahadevan Gomathisankaran and Ruby B. Lee} } @article { , title = {Multi-path Key Establishment under Byzantine Attacks in Wireless Ad Hoc Networks}, year = {2008}, note = {Princeton University Department of Electrical Engineering Technical Report CE-L2008-018}, author = {Tian Lan and Ruby B. Lee and Mung Chiang} } @conference { , title = {Mutual Anonymous Communications: A New Covert Channel Based on Splitting Tree MAC}, year = {2007}, month = {May 6-12, 2007}, pages = {2531-2535}, abstract = {Known covert channel based on splitting algorithms in Medium Access Control (MAC) protocols requires the receiver?s knowledge of the sender?s identity. In this paper we present a new covert channel that does not have this restriction. In such a channel, multiple senders may operate independently without knowing each other, and the receiver can learn the transmitted information without knowing the identity of any covert sender a priori. These properties make the channel robust to malfunctioning senders, and more importantly help protect the secrecy of senders? identity which is essential for covert communications. We also analyze the capacity of our proposed covert channel.}, author = {Wang, Zhenghong and Deng, Jing and Lee, Ruby B.} } @article { , title = {Memory Integrity for Secure Computing Platforms}, year = {2007}, month = {June 2007}, address = {Princeton University Department of Electrical Engineering Technical Report CE-L2007-003}, author = {Champagne, David and Lee, Ruby B.} } @conference { , title = {Micro-Architecture Issues of Predicated Execution}, year = {2003}, month = {Nov. 2003}, pages = {349-354}, address = {Pacific Grove, California, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/withRef.pdf}, author = {Wang, Zhenghong and Lee, Ruby B.} } @inbook { , title = {Multimedia Instructions in Microprocessors for Native Signal Processing}, booktitle = {Book Chapter in Yu Hen Hu, ed., Programmable Digital Signal Processors: Architecture: Programming, and Applications}, editor = {Yu Hen Hu}, year = {2001}, pages = {91-145}, publisher = {Marcel Dekker, Inc., ISBN: 0-8247-0647-1}, address = {New York}, URL = {http://palms.ee.princeton.edu/PALMSopen/Lee_Multimedia_Instructions_in_Microprocessors_for_Native_Signal_Processing.pdf}, author = {Lee, Ruby B. and Fiskiran, Murat} } @conference { , title = {Multimedia Instructions in IA-64}, year = {2001}, pages = {281-284}, publisher = {Aug. 2001}, address = {Tokyo, Japan}, URL = {http://palms.ee.princeton.edu/PALMSopen/lee01multimedia-from-proceedings.pdf}, author = {Lee, Ruby B. and Fiskiran, Murat and Bubshait, Abdulla} } @article { , title = {Newcache: secure cache architecture thwarting cache side channel attacks}, journal = {IEEE Micro Special Issues on Security}, volume = {36}, year = {2016}, month = {Sept/Oct 2016}, abstract = {Newcache is a secure cache that can thwart cache side-channel attacks to prevent the leakage of secret information. All caches today are susceptible to cache side-channel attacks, despite software isolation of memory pages in virtual address spaces or virtual machines. These cache attacks can leak secret encryption keys or private identity keys, nullifying any protection provided by strong cryptography. Newcache uses a novel dynamic, randomized memory-to-cache mapping to thwart contention-based side-channel attacks, rather than the static mapping used by conventional set-associative caches. In this article, the authors present an improved design of Newcache, in terms of security, circuit design and simplicity. They show Newcache's security against a suite of cache side-channel attacks. They evaluate Newcache's system performance for cloud computing, smartphone, and SPEC benchmarks and find that Newcache performs as well as conventional set-associative caches, and sometimes better. They also designed a VLSI test chip with a 32-Kbyte Newcache and a 32-Kbyte, eight-way, set-associative cache and verified that the access latency, power, and area of the two caches are comparable. These results show that Newcache can be used as L1 data and instruction caches to improve security without impacting performance.}, author = {Fangfei Liu and Hao Wu and Kenneth Mai and Ruby B. Lee} } @conference { , title = {New Models of Cache Architectures Characterizing Information Leakage from Cache Side}, year = {2014}, pages = {96-105}, address = {December 2014}, author = {Tianwei Zhang;Ruby B. Lee} } @conference { , title = {NoHype: Virtualized cloud infrastructure without the virtualization}, year = {2010}, month = {June 19-23 2010}, abstract = {Cloud computing is a disruptive trend that is changing the way we use computers. The key underlying technology in cloud infrastructures is virtualization ? so much so that many consider virtualization to be one of the key features rather than simply an implementation detail. Unfortunately, the use of virtualization is the source of a significant security concern. Because multiple virtual machines run on the same server and since the virtualization layer plays a considerable role in the operation of a virtual machine, a malicious party has the opportunity to attack the virtualization layer. A successful attack would give the malicious party control over the all-powerful virtualization layer, potentially compromising the confidentiality and integrity of the software and data of any virtual machine. In this paper we propose removing the virtualization layer, while retaining the key features enabled by virtualization. Our NoHype architecture, named to indicate the removal of the hypervisor, addresses each of the key roles of the virtualization layer: arbitrating access to CPU, memory, and I/O devices, acting as a network device (e.g., Ethernet switch), and managing the starting and stopping of guest virtual machines. Additionally, we show that our NoHype architecture may indeed be ?no hype? since nearly all of the needed features to realize the NoHype architecture are currently available as hardware extensions to processors and I/O devices.}, author = {Eric Keller;Jakub Szefer;Jennifer Rexford and Ruby B. Lee} } @conference { , title = {New Cache Designs for Thwarting Software Cache-based Side Channel Attacks}, year = {2007}, month = {June 2007}, pages = {494 - 505}, address = {San Diego, CA}, abstract = {Software cache-based side channel attacks are a serious new class of threats for computers. Unlike physical side channel attacks that mostly target embedded cryptographic devices, cache-based side channel attacks can also undermine general purpose systems. The attacks are easy to perform, effective on most platforms, and do not require special instruments or excessive computation power. In recently demonstrated attacks on software implementations of ciphers like AES and RSA, the full key can be recovered by an unprivileged user program performing simple timing measurements based on cache misses.

We first analyze these attacks, identifying cache interference as the root cause of these attacks. We identify two basic mitigation approaches: the partition-based approach eliminates cache interference whereas the randomization-based approach randomizes cache interference so that zero information can be inferred. We present new security-aware cache designs, the Partition-Locked cache (PLcache) and Random Permutation cache (RPcache), analyze and prove their security, and evaluate their performance. Our results show that our new cache designs with built-in security can defend against cache-based side channel attacks in general ? rather than only specific attacks on a given cryptographic algorithm ? with very little performance degradation and hardware cost.}, author = {Wang, Zhenghong and Lee, Ruby B.} } @conference { , title = {New Constructive Approach to Covert Channel Modeling and Channel Capacity Estimation}, year = {2005}, month = {September 2005}, pages = {498-505}, address = {Singapore}, URL = {http://palms.ee.princeton.edu/PALMSopen/ISC05_w_cit.pdf}, author = {Wang, Zhenghong and Lee, Ruby B.} } @conference { , title = {Overshadow: A Virtualization-Based Approach to Retrofitting Protection in Commodity Operating Systems}, year = {2008}, month = {March 2008}, URL = {http://www.vmware.com/files/pdf/partners/academic/overshadow.pdf}, author = {Xiaoxin Chen and Tal Garfinkel and E. Christopher Lewis and Pratap Subrahmanyam and Carl A. Waldspurger and Dan Boneh and Jeffrey S. Dwoskin and Dan R. K. Ports} } @conference { , title = {On-Chip Lookup Tables for Fast Symmetric-Key Encryption}, year = {2005}, month = {July 23-25, 2005}, pages = {356-363}, address = {Samos, Greece}, keywords = {combinational circuits, cryptography, reduced instruction set computing, table lookup}, URL = {http://palms.ee.princeton.edu/PALMSopen/fiskiran05on-chip_cit.pdf}, author = {Fiskiran, Murat and Lee, Ruby B.} } @conference { , title = {On Permutation Operations in Cipher Design}, year = {2004}, month = {April 5-7, 2004}, pages = {569-577}, address = {Las Vegas, Nevada, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/lee04permutation.pdf}, author = {Lee, Ruby B. and Rivest, R L and Robshaw, M J B and Shi, Z J and Yin, Y L} } @conference { , title = {Optimizing Public-Key Encryption for Wireless Clients}, year = {2002}, month = {28/04/2002}, pages = {1050-1056}, address = {New York City, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/potlapally02optimizing.pdf}, author = {Potlapally, Nachiketh and Ravi, Srivaths and Raghunathan, Anand and Lakshminarayana, Ganesh} } @phdthesis { , title = {Performance Measurement and Security Testing of a Secure Cache Design}, year = {2015}, school = {Princeton University}, type = {MSE Thesis}, address = {Princeton}, author = {Hao Wu} } @phdthesis { , title = {Pwnetizer: Improving Availability in Cloud Computing Through Fast Cloning and I/O Randomization}, year = {2013}, school = {Princeton University}, type = {MSE Thesis}, address = {Princeton, NJ}, author = {Degio Perez-Botero} } @conference { , title = {Physical Attack Protection with Human-Secure Virtualization in Data Centers}, year = {2012}, month = {June 25, 2012}, author = {Jakub Szefer and Pramod Jamkhedkar and Yu-Yuan Chen and Ruby B. Lee} } @conference { , title = {Processor Accelerator for AES}, year = {2010}, month = {June 13-14 2010}, pages = {71-76}, address = {Anaheim, CA, USA}, abstract = {Software AES cipher performance is not fast enough for encryption to be incorporated ubiquitously for all computing needs. Furthermore, fast software implementations of AES that use table lookups are susceptible to software cache-based side channel attacks, leaking the secret encryption key. To bridge the gap between software and hardware AES implementations, several Instruction Set Architecture (ISA) extensions have been proposed to provide speedup for software AES programs, most notably the recent introduction of six AES-specific instructions for Intel microprocessors. However, algorithm-specific instructions are less desirable than general-purpose ones for microprocessors. In this paper, we propose an enhanced parallel table lookup instruction that can achieve the fastest reported software AES encryption and decryption of 1.38 cycles/byte for generalpurpose microprocessors, a 1.45X speedup from the fastest prior work reported. Also, security is improved where cache-based side-channel attacks are thwarted, since all table lookups take the same amount of time. Furthermore, the new instructions can also be used to accelerate any functions that can be accelerated through table lookup operations of one or multiple small tables.}, author = {Ruby B. Lee and Yu-Yuan Chen} } @conference { , title = {Processor-based Tailored Attestation}, year = {2010}, author = {David Champagne and Ruby B. Lee} } @article { , title = {PAX: A Cryptographic Processor with Parallel Table Lookup and Wordsize Scalability}, year = {2007}, month = {November 2007}, address = {Princeton University Department of Electrical Engineering Technical Report CE-L2007-010}, author = {Lee, Ruby B. and Fiskiran, Murat and Wang, Michael and Hilewitz, Yedidya and Chen, Yu-Yuan} } @conference { , title = {Performing Advanced Bit Manipulations Efficiently in General-Purpose Processors}, year = {2007}, month = {June 2007}, pages = {251-260}, address = {Montpellier, France}, abstract = {This paper describes a new basis for the implementation of a shifter functional unit. We present a design based on the inverse butterfly and butterfly datapath circuits that performs the standard shift and rotate operations, as well as more advanced extract, deposit and mix operations found in some processors. Additionally, it also supports important new classes of even more advanced bit manipulation instructions recently proposed: these include arbitrary bit permutations, bit scatter and bit gather instructions. The new functional unit?s datapath is comparable in latency to that of the classic barrel shifter. It replaces two existing functional units - shifter and mix - with a much more powerful one.}, keywords = {shifter, rotations, permutations, bit manipulations, arithmetic, processor}, author = {Hilewitz, Yedidya and Lee, Ruby B.} } @conference { , title = {Protecting Cryptographic Keys and Computations via Virtual Secure Coprocessing}, year = {2005}, month = {Oct. 9-13, 2004}, address = {Boston, Massachusetts, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/mcgregor04protecting.pdf}, author = {McGregor, John Patrick and Lee, Ruby B.} } @article { , title = {PLX: An Instruction Set Architecture and Testbed for Multimedia Information Processing}, journal = {Journal of VLSI Signal Processing}, volume = {40}, year = {2005}, pages = {85-108}, keywords = {multimedia, instruction set architecture, ISA, processor architecture, media processing}, URL = {http://palms.ee.princeton.edu/PALMSopen/lee05plx.pdf}, author = {Lee, Ruby B. and Fiskiran, Murat} } @conference { , title = {Performance Scaling of Cryptography Operations in Servers and Mobile Clients}, year = {2004}, month = {Oct. 2004}, address = {Boston, Massachusetts, USA}, keywords = {network security, algorithms, cryptography, public key}, URL = {http://palms.ee.princeton.edu/PALMSopen/fiskiran04performance_with_citation.pdf}, author = {Fiskiran, Murat and Lee, Ruby B.} } @conference { , title = {PLX FP: An Efficient Floating-Point Instruction Set for 3D Graphics}, year = {2004}, month = {June 2004}, pages = {137-140}, address = {Taipei, Taiwan}, URL = {http://palms.ee.princeton.edu/PALMSopen/yang04plx.pdf}, author = {Yang, Xiao and Lee, Ruby B.} } @inbook { , title = {PAX: A Datapath-Scalable Minimalist Cryptographic Processor for Mobile Devices}, booktitle = {Book chapter in Nadia Nedjah and Luiza de Macedo Mourelle eds., Embedded Cryptographic Hardware: Design and Security}, editor = {Nadia Nedjah; Luiza de Macedo Mourelle}, year = {2004}, pages = {19-34}, publisher = {Nova Science Publisher, ISBN: 1-59454-145-0, Chapter 2}, address = {New York}, URL = {https://www.novapublishers.com/catalog/product_info.php?products_id=270}, author = {Fiskiran, Murat and Lee, Ruby B.} } @inbook { , title = {Permutation Operations in Block Ciphers}, booktitle = {Book chapter in Nadia Nedjah and Luiza de Macedo Mourelle eds., Embedded Cryptographic Hardware: Design and Security}, editor = {Nadia Nedjah; Luiza de Macedo Mourelle}, year = {2004}, note = {http://books.google.com/books?id=1Npt_Gj7nJIC&pg=PA19&lpg=PA19&dq=PAX:+A+Datapath-Scalable+Minimalist+Cryptographic+Processor+for&source=bl&ots=At_exM0b76&sig=Kkvh1BvA3mfnbwpU4_kuEgAqjR0&hl=en&sa=X&oi=book_result&resnum=1&ct=result#PPR9,M1}, pages = {219-236}, publisher = {Nova Science Publisher, ISBN: 1-59454-145-0, Chapter 13}, address = {New York}, URL = {http://palms.ee.princeton.edu/PALMSopen/lee04permutation_book.pdf}, author = {Lee, R B and Rivest, R L and Robshaw, M J B and Shi, Z J and Yin, Y L} } @conference { , title = {PLX: A Fully Subword-Parallel Instruction Set Architecture for Fast Scalable Multimedia Processing}, year = {2002}, month = {Aug. 2002}, pages = {117-120}, address = {Lusanne, Switzerland}, URL = {http://palms.ee.princeton.edu/PALMSopen/lee02plx-from-proceedings.pdf}, author = {Lee, Ruby B. and Fiskiran, Murat} } @conference { , title = {Performance Impact of Addressing Modes on Encryption Algorithms}, year = {2001}, month = {Sept. 2001}, pages = {542-545}, address = {Austin, Texas, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/fiskiran01performance-from-proceedings.pdf}, author = {Fiskiran, Murat and Lee, Ruby B.} } @conference { , title = {Performance Impact of Data Compression on Virtual Private Network Transactions}, year = {2000}, month = {Nov. 2000}, pages = {500-510}, address = {Tampa, Florida, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/mcgregor00performance.pdf}, author = {McGregor, John Patrick and Lee, Ruby B.} } @article { , title = {Precision Architecture}, journal = {IEEE computer}, volume = {22}, year = {1989}, month = {01/1989}, pages = {14}, chapter = {78}, author = {Ruby B. Lee} } @conference { , title = {Quantification of De-anonymization Risks in Social Networks}, year = {2017}, month = {19/02/2017}, address = {Porto}, abstract = {The risks of publishing privacy-sensitive data have received considerable attention recently. Several deanonymization attacks have been proposed to re-identify individuals even if data anonymization techniques were applied. However, there is no theoretical quantification for relating the data utility that is preserved by the anonymization techniques and the data vulnerability against de-anonymization attacks. In this paper, we theoretically analyze the de-anonymization attacks and provide conditions on the utility of the anonymized data (denoted by anonymized utility) to achieve successful de-anonymization. To the best of our knowledge, this is the first work on quantifying the relationships between anonymized utility and de-anonymization capability. Unlike previous work, our quantification analysis requires no assumptions about the graph model, thus providing a general theoretical guide for developing practical deanonymization/anonymization techniques. Furthermore, we evaluate state-of-the-art de-anonymization attacks on a real-world Facebook dataset to show the limitations of previous work. By comparing these experimental results and the theoretically achievable de-anonymization capability derived in our analysis, we further demonstrate the ineffectiveness of previous de-anonymization attacks and the potential of more powerful de-anonymization attacks in the future. }, keywords = {Structure-based de-anonymization attacks; anonymization utility; de-anonymization capability; theoretical bounds}, author = {Wei-Han Lee and Changchang Liu and Shouling Ji and Prateek Mittal and Ruby Lee} } @conference { , title = {Random Fill Cache Architecture}, year = {2014}, month = {December 2014}, pages = {203-215}, address = {Cambridge}, author = {Fangfei Liu;Ruby B. Lee} } @conference { , title = {Rapid Single-Chip Secure Processor Prototyping on OpenSPARC FPGA Platform}, year = {2011}, month = {May 24-27, 2011}, abstract = {Secure processors have become increasingly important for trustworthy computing as security breaches escalate. By providing hardware-level protection, a secure processor ensures a safe computing environment where confidential data and applications can be protected against both hardware and software attacks. In this paper, we present a single-chip secure processor model and demonstrate rapid prototyping of the secure processor on the OpenSPARC FPGA platform. OpenSPARC T1 is an industry-grade, open-source, FPGA-synthesizable general- purpose microprocessor originally developed by Sun Microsystems, now acquired by Oracle. It is a multi-core, multi-threaded 64-bit processor with open-source hardware, including the microprocessor core, as well as system software that can be freely modified by researchers. We modify the OpenSPARC T1 processor by adding security modules: an AES engine, a TRNG and a memory integrity tree. These enhancements enable security features like memory encryption and memory integrity verification. By prototyping this single-chip secure processor on the FPGA platform, we find that the OpenSPARC T1 FPGA platform has many advantages for secure processor research. Our prototyping demonstrates that additional modules can be added quickly and easily and they add little resource overhead to the base OpenSPARC processor.}, author = {Jakub Szefer and Wei Zhang and Yu-Yuan Chen and David Champagne and King Chan and Will Li and Ray Cheung and Ruby B. Lee} } @article { , title = {Running Untrusted Applications on Sensitive Data}, journal = {Princeton University Department of Electrical Engineering Technical Report CE-L2011-007}, year = {2011}, month = {Nov. 16, 2011}, author = {Yu-Yuan Chen and Pramod Jamkhedkar and Ruby B. Lee} } @article { , title = {Reliable and Secure Distributed Storage of Critical Information}, year = {2008}, note = {Princeton University Department of Electrical Engineering Technical Report CE-L2008-017,}, author = {Tian Lan and Ruby B. Lee and Mung Chiang} } @conference { , title = {Re-examining Probabilistic Versus Deterministic Key Management}, year = {2007}, month = {June 2007}, pages = {2586-2590}, address = {Nice, France}, abstract = {It is widely believed that although being more complex, a probabilistic key predistribution scheme is much more resilient against node capture than a deterministic one in lightweight wireless ad hoc networks. Backed up by the surprisingly large successful attack probabilities computed in this paper, we show that the probabilistic approaches have only limited performance advantages over deterministic approaches. We first consider a static network scenario as originally considered in the seminal paper by Eschenauer and Gligor [1], where any node capture happens after the establishment of all pairwise links, and show that the deterministic approach can achieve a performance as good as the probabilistic one. Furthermore in a mobile network, the probabilistic key management as described in [1] can lead to a successful attack probability of one order of magnitude larger than the one in a static network.}, author = {Xu, Dahai and Huang, Jianwei and Dwoskin, Jeffrey and Chiang, Mung and Lee, Ruby B.} } @article { , title = {Resolving Encoding Issues in Combining PAX and PLX Instruction Sets}, year = {2007}, month = {August 2007}, address = {Princeton University Department of Electrical Engineering Technical Report CE-L2007-007}, author = {Lee, Ruby B. and Wang, Michael} } @conference { , title = {Runtime Execution Monitoring (REM) to Detect and Prevent Malicious Code Execution}, year = {2004}, month = {Oct. 11-13, 2004}, pages = {452-457}, address = {San Jose, California, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/fiskiran04runtime.pdf}, author = {Fiskiran, Murat and Lee, Ruby B.} } @conference { , title = {Refining Instruction Set Architecture for High-Performance Multimedia Processing in Constrained Environments}, year = {2002}, month = {July 2002}, pages = {253-264}, address = {San Jose, California}, URL = {http://palms.ee.princeton.edu/PALMSopen/lee02refining-from-proceedings.pdf}, author = {Lee, Ruby B. and Fiskiran, Murat and Shi, Zhijie and Yang, Xiao} } @conference { , title = {Security Testing of a Secure Cache Design}, year = {2013}, month = {June 24, 2013}, author = {Fangfei Liu and Ruby B. Lee} } @conference { , title = {Side Channel Vulnerability Metrics: the Promise and the Pitfalls}, year = {2013}, month = {June 24, 2013}, author = {Tianwei Zhang and Si Chen and Fangfei Liu and Ruby B. Lee} } @conference { , title = {Security Verification of Hardware-enabled Attestation Protocols}, year = {2012}, month = {December 2012}, author = {Tianwei Zhang and Jakub Szefer and Ruby B. Lee} } @conference { , title = {SMASHUP: secure mashup for defense transformation and net-centric systems}, year = {2011}, month = {April 27, 2011}, author = {Mark D. Heileman and Mike Gilger and Gregory L. Heileman and Pramod A. Jamkhedkar and Matthew P. Shaver} } @article { , title = {Stability and benefits of suboptimal utility maximization}, journal = {IEEE/ACM Transactions on Networking}, volume = {19}, year = {2011}, abstract = {Network utility maximization has been widely used to model resource allocation and network architectures. However, in practice, often it cannot be solved optimally due to complexity reasons. Thus motivated, we address the following two questions in this paper: 1) Can suboptimal utility maximization maintain queue stability? 2) Can underoptimization of utility objective function in fact benefit other network design objectives? We quantify the following intuition: A resource allocation that is suboptimal with respect to a utility maximization formulation maintains maximum flow-level stability when the utility gap is sufficiently small and information delay is bounded, and it can still provide a guaranteed size of stability region otherwise. Utility-suboptimal rate allocation can also enhance other network performance metrics, e.g., it may reduce link saturation. These results provide a theoretical support for turning attention from optimal but complex solutions of network optimization to those that are simple even though suboptimal.}, author = {Tian Lan and Xiaojun Lin and Mung Chiang and Ruby B. Lee} } @conference { , title = {Scalable Architectural Support for Trusted Software}, year = {2010}, note = {Nominated for Best Paper Award.}, month = {Jan 9-14 2010}, address = {Bangalore, India}, abstract = {We present Bastion, a new hardware-software architecture for protecting security-critical software modules in an untrusted software stack. Our architecture is composed of enhanced microprocessor hardware and enhanced hypervisor software. Each trusted software module is provided with a secure, fine-grained memory compartment and its own secure persistent storage area. Bastion is the first architecture to provide direct hardware protection of the hypervisor from both software and physical attacks, before employing the hypervisor to provide the same protection to security-critical OS and application modules. Our implementation demonstrates the feasibility of bypassing an untrusted commodity OS to provide application security and shows better security with higher performance when compared to the Trusted Platform Module (TPM), the current industry state-of-the-art security chip. We provide a proof-of- concept implementation on the OpenSPARC platform. }, author = {David Champagne and Ruby B. Lee} } @phdthesis { , title = {Scalable Security Architecture for Trusted Software}, year = {2010}, pages = {231}, school = {Princeton University}, type = {PhD Thesis}, address = {Princeton, NJ}, abstract = {Security-critical tasks executing on general-purpose computers require protection against software and hardware attacks to achieve their security objectives. Security services providing this protection can be offered by mechanisms rooted in processor hardware, since its storage and computing elements are typically outside the reach of attackers. This thesis presents the Bastion architecture, a hardware-software security architecture for providing protection scalable to a large number of security-critical tasks. Protection is enabled by three sets of new mechanisms: for protecting a trusted hypervisor, for fine-grained protection of modules in application or operating system space, and for securing the input and output of Bastion-protected software modules. This thesis also presents an implementation and evaluation of Bastion, and explores alternatives for one of its core security functions: memory authentication. The hypervisor, a layer of software dedicated to the virtualization of machine resources, is increasingly being involved in security solutions. We use it in Bastion as a manager of security-critical tasks. While past solutions protect the hypervisor from runtime software attacks, Bastion also protects the hypervisor from physical attacks, protects it from offline attacks, and provides it with a secure launch mechanism. Within this protected Bastion hypervisor, we design a second set of mechanisms that provide separate execution compartments for each security-critical task running in the virtual machines hosted by the hypervisor. These compartments are protected against both hardware attacks and software attacks originating from a potentially compromised operating system. To enable security-critical tasks to communicate with the outside world, we provide a third set of mechanisms for secure input and output to and from Bastion-protected compartments. We implement and evaluate a Bastion prototype by modifying the source code of the OpenSPARC processor and hypervisor systems. Addionally, we survey the design space of alternatives to the Bastion memory authentication mechanism, which is central to protecting critical software execution in Bastion. These contributions can improve security in the digital world by informing the design of the next generation of general-purpose computing platforms.}, author = {David Champagne} } @phdthesis { , title = {Securing the Use of Sensitive Data on Remote Devices Using a Hardware-Software Architecture}, year = {2010}, pages = {294}, school = {Princeton University}, type = {PhD Thesis}, address = {Princeton, NJ}, abstract = {Many corporations, private organizations, and government agencies maintain sensitive data that must be accessed remotely by their employees using portable devices. The organizations have a responsibility to secure the data to ensure that it does not get used inappropriately or get disseminated beyond these trusted users. We have designed a computer architecture for these devices, combining new hardware and software, that allows trust to be placed in the devices even when they are not under the organization's physical control. We have designed, implemented, and tested the Authority-mode Secret-Protection Architecture, which places roots of trust in hardware in the processor chip. It provides new hardware mechanisms based on these roots of trust to protect the execution of trusted software and to provide that software with master secrets. The software uses the master secrets to secure the sensitive data and to communicate securely over the network. The user interacts with this software, which enforces security policies while giving access to data. The organization designates a central authority that will manage the software on the devices, set security policies, communicate with the devices, and control access to data. Our new hardware mechanisms bind together the device's on-chip roots of trust with the authority's data and trusted software, such that the authority can be assured that the security policies will always be enforced. To show how our design can be adapted to other platforms, we provide a modi ed architecture for embedded devices. We additionally demonstrate how the full archi- tecture can be integrated with trustworthy system software in a mandatory access control system. Finally, we have built a testing framework that can help designers validate new security architectures like ours. The framework allows new architectures to be mod- eled in a virtualization environment, where a separate testing system has complete controllability and observability over hardware and software. It is used to test the e ects of various security attacks and to assist in the development of trusted software for the new architecture. We use the framework to test the prototype hardware and software of our architecture.}, URL = {https://docs.google.com/viewer?url=http%3A%2F%2Fpalms.ee.princeton.edu%2FPALMSopen%2Fdissertations%2FDwoskinThesis-20100429-v2.0-doublespace.pdf}, author = {Jeffrey S. Dwoskin} } @conference { , title = {Securing the Dissemination of Emergency Response Data with an Integrated Hardware-Software Architecture}, year = {2009}, month = {April 2009}, pages = {133-156}, address = {Oxford, U.K.}, abstract = {During many crises, access to sensitive emergency-support information is required to save lives and property. For example, for effective evacuations first responders need the names and addresses of non-ambulatory residents. Yet, currently, access to such information may not be possible because government policy makers and third-party data providers lack confidence that today?s IT systems will protect their data. Our approach to the management of emergency information provides first responders with temporary, transient access to sensitive information, and ensures that the information is revoked after the emergency. The following contributions are presented: a systematic analysis of the basic forms of trusted communication supported by the architecture; a comprehensive method for secure, distributed emergency state management; a method to allow a userspace application to securely display data; a multifaceted system analysis of the confinement of emergency information and the secure and complete revocation of access to that information at the closure of an emergency.}, author = {Timothy Levin and Jeffrey Dwoskin and Ganesha Bhaskara and Thuy Nguyen and Paul Clark and Ruby B. Lee and Cynthia Irvine and Terry Benzel} } @article { , title = {SP Reference Manual Addendum -- Secure Stacks for TSMs and Emulation of SP Interrupt Protection}, journal = {Princeton University Department of Electrical Engineering Technical Report CE-L2009-006}, year = {2009}, month = {August 2009}, URL = {http://palms.ee.princeton.edu/PALMSopen/techreports/Dwoskin2009SecureStacks.pdf}, author = {Jeffrey S. Dwoskin and Mahadevan Gomathisankaran and David Champagne and Ruby B. Lee} } @article { , title = {Stability and Benefits of Suboptimal Utility Maximization}, journal = {submitted to IEEE Transactions on Networking}, year = {2008}, month = {Nov. 4}, author = {Tian Lan and Xiaojun Lin and Mung Chiang and Ruby B. Lee} } @article { , title = {SecureCore Prototype/Demo Manual}, journal = {Princeton University Department of Electrical Engineering Technical Report CE-L2008-009}, year = {2008}, note = {Updated August 25 2009}, month = {August 2008}, URL = {http://palms.ee.princeton.edu/PALMSopen/techreports/Dwoskin2009SecureCoreDemo1.1v1.pdf}, author = {Jeffrey S. Dwoskin and Ganesha Bhaskara and Thuy D. Nguyen and Ruby B. Lee} } @article { , title = {SP Processor Architecture Reference Manual}, journal = {Princeton University Department of Electrical Engineering Technical Report CE-L2008-008}, year = {2008}, month = {August 2008}, URL = {http://palms.ee.princeton.edu/PALMSopen/techreports/Dwoskin2008SP_Reference1.0.pdf}, author = {Jeffrey S. Dwoskin and Ruby B. Lee} } @article { , title = {SP-PAX: Hardware implementation of SP module with PAX cryptoprocessor}, journal = {Princeton University Department of Electrical Engineering Technical Report CE-L2008-006}, year = {2008}, month = {April 2008}, URL = {http://palms.princeton.edu/system/files/SP-PAX_1.8.pdf}, author = {Yu-Yuan Chen and Ruby B. Lee} } @conference { , title = {Secure Key Management Architecture Against Sensor-node Fabrication Attacks}, year = {2007}, month = {November 2007}, address = {Washington, DC}, abstract = {Abstract?In lightweight mobile ad hoc networks, both probabilistic and deterministic key management schemes are fragile to node fabrication attacks. Our simulation results show that the Successful Attack Probability (SAP) can be as high as 42.6% with the fabrication of only 6 copies from captured nodes comprising only 3% of all nodes. In this paper, we propose two low-cost secure-architecture-based techniques to improve the security against such node fabrication attacks. Our new architectures, speci?cally targeted at the sensor-node platform, protect long-term keys using a root of trust embedded in the hardware System-on-a-Chip (SoC). This prevents an adversary from extracting these protected long-term keys from a captured node to fabricate new nodes. The extensive simulation results show that the proposed architecture can signi?cantly decrease the SAP and increase the security level of key management for mobile ad hoc networks.}, author = {Dwoskin, Jeffrey and Xu, Dahai and Huang, Jianwei and Chiang, Mung and Lee, Ruby B.} } @article { , title = {SP Processor Architecture Reference Manual}, year = {2007}, note = {Version 0.7}, month = {11/21/2007}, address = {Princeton University Department of Electrical Engineering Technical Report CE-L2007-009}, author = {Dwoskin, Jeff and Lee, Ruby B.} } @conference { , title = {Scope of DDoS Countermeasures: Taxonomy of Proposed Solutions and Design Goals for Real-World Deployment}, year = {2006}, month = {November 2006}, abstract = {Distributed Denial of Service (DDoS) attacks have been plaguing the Internet for several years. They cause economic losses due to the unavailability of services and potentially serious security problems due to incapacitation of critical infrastructures. Such severe implications lead the research community to strive to find DDoS countermeasures. In spite of all the ideas that have been developed, a practical and comprehensive defense system has yet to be deployed Internetwide. Through a novel taxonomy, this paper classifies and describes DDoS countermeasures developed by industry and academia. To our knowledge, our taxonomy is the first to unify such a large body of work into a single, detailed classification. Based on the analysis of these ideas, we then introduce design goals and principles that can guide the development of a practical DDoS solution.}, keywords = {DDoS Countermeasures, Design Goals, Distributed Denial of Service (DDoS), Taxonomy.}, URL = {http://palms.ee.princeton.edu/PALMSopen/champagne06DDoS.pdf}, author = {Champagne, David and Lee, Ruby B.} } @conference { , title = {Satisfiability-based Framework for Enabling Side-channel Attacks on Cryptographic Software}, year = {2006}, month = {March 2006}, pages = {18-23}, address = {Munich, Germany}, URL = {http://palms.ee.princeton.edu/PALMSopen/potlapally06satisfiability.pdf}, author = {Potlapally, Nachiketh and Raghunathan, Anand and Ravi, Srivaths and Jha, Niraj and Lee, Ruby B.} } @article { , title = {Single-Cycle Bit Permutations with MOMR Execution}, journal = {Journal of Computer Science and Technology}, volume = {20}, year = {2005}, month = {September 2005}, pages = {577-585}, keywords = {permutation, bit permutations, cryptography, cryptographic acceleration, security, multi-word operation, datarich execution, MOMR, instruction set architecture, ISA, processor, high performance secure computing}, URL = {http://palms.ee.princeton.edu/PALMSopen/lee05single-cycle.pdf}, author = {Lee, Ruby B. and Yang, Xiao and Shi, Zhijie Jerry} } @conference { , title = {Security as a New Dimension in Embedded System Design}, year = {2004}, month = {June 2004}, pages = {753-760}, address = {San Diego, California, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/Lee-41stDAC_46_1.pdf}, author = {Kocher, Paul and Lee, Ruby B. and McGraw, Gary and Raghunathan, Anand and Ravi, Srivaths} } @conference { , title = {Scoping Security Issues for Interactive Grids}, year = {2003}, month = {Nov. 2003}, pages = {367-373}, address = {Pacific Grove, California, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/dwoskin03scoping.pdf}, author = {Dwoskin, Jeffrey and Basu, Sujoy and Talwar, Vanish and Kumar, Raj and Kitson, Fred and Lee, Ruby B.} } @conference { , title = {Subword Sorting with Versatile Permutation Instructions}, year = {2002}, month = {Sept. 2002}, pages = {234-241}, address = {Freiburg, Germany}, URL = {http://palms.ee.princeton.edu/PALMSopen/shi02subword.pdf}, author = {Shi, Zhijie and Lee, Ruby B.} } @conference { , title = {Securing Wireless Data: System Architecture Challenges}, year = {2002}, month = {Oct. 2002}, pages = {195-200}, address = {Kyoto, Japan}, URL = {http://palms.ee.princeton.edu/PALMSopen/ravi02securing.pdf}, author = {Ravi, Srivaths and Raghunathan, Anand and Potlapally, Nachiketh} } @conference { , title = {System Design Methodologies for a Wireless Security Processing Platform}, year = {2002}, month = {June 2002}, pages = {777-782}, address = {New Orleans, Louisiana, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/ravi02system-level.pdf}, author = {Ravi, Srivaths and Raghunathan, Anand and Potlapally, Nachiketh and Shankardass, Murugan} } @conference { , title = {Subword Permutation Instructions for Two-Dimensional Multimedia Processing in MicroSIMD Architectures}, year = {2000}, month = {July 2000}, pages = {3-14}, address = {Boston, Massachusetts, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/lee00subword.pdf}, author = {Lee, Ruby B.} } @article { , title = {Trust but Verify: Trust Evidence for Hypervisor-Secure Virtualization}, journal = {Princeton University Department of Electrical Engineering Technical Report CE-L2011-008}, year = {2011}, month = {Nov. 16, 2011}, author = {Jakub Szefer and Jason Bau and John C. Mitchell and Ruby B. Lee} } @conference { , title = {Tuning Instruction Customisation for Reconfigurable System-on-Chip}, year = {2009}, month = {Sept. 9-11, 2009}, abstract = {This paper describes four techniques for tuning instruction customisation for reconfigurable SoC devices. The proposed approach has been used in deriving custom instructions for advanced bit manipulation applications for the Xilinx MicroBlaze processor. We show that for a transfer coding application, a custom instruction with an increase of 13% in area can result in performance improvement of over 33 times.}, author = {Chun Hok Ho and Wayne Luk and Jakub M. Szefer and Ruby B. Lee} } @conference { , title = {The Reduced Address Space for Application Memory Authentication}, year = {2008}, month = {September 2008}, author = {David Champagne and Reouven Elbaz and Ruby B. Lee} } @conference { , title = {TEC-Tree: A Low Cost, Parallelizable Tree for Efficient Defense against Memory Replay Attacks}, year = {2007}, note = {Lecture Notes in Computer Science (LNCS) Volume 4727}, month = {September 2007}, pages = {289-302}, address = {Vienna, Austria}, abstract = {Replay attacks are often the most costly attacks to thwart when dealing with off-chip memory integrity. With a trusted System-on-Chip, the existing countermeasures against replay require a large amount of on-chip memory to provide tamper-proof storage for metadata such as hash values or nonces. Tree-based strategies can be deployed to reduce this unacceptable overhead; for example, the well-known Merkle tree technique decreases this overhead to a single hash value. However, it comes at the cost of performance-killing characteristics for embedded systems ? e.g. non-parallelizable hash computations on tree updates. In this paper, we propose an alternative solution: the Tamper-Evident Counter Tree (TEC-Tree). It allows for tamper-evident off-chip storage of the nonces involved in a replay countermeasure; TEC-Tree parallelizes the computations involved in both the authentication and tree update processes. Moreover, because our tree relies on block encryption, it provides data confidentiality at no extra cost. TEC-Tree is a deployable solution for memory integrity, with low performance hit and hardware cost.}, author = {Elbaz, Reouven and Champagne, David and Lee, Ruby B. and Torres, Lionel and Sassatelli, Gilles and Guillemin, Pierre} } @article { , title = {TEC-Tree: A Low Cost and Parallelizable Tree for Efficient Defense against Memory Replay Attacks}, year = {2007}, month = {March 2007}, address = {Princeton University Department of Electrical Engineering Technical Report CE-L2007-002}, author = {Elbaz, Reouven and Champagne, David and Lee, Ruby B.} } @conference { , title = {Using Moving Target Defense for Secure Hardware Design}, year = {2016}, author = {Ruby B. Lee} } @conference { , title = {Usage Management in Cloud Computing}, year = {2011}, month = {July 4-9, 2011}, author = {Pramod A. Jamkhedkar and Christopher C. Lamb and Gregory L. Heileman} } @article { , title = {Virtualization of a Processor-based Crypto-Protection Mechanism and Integration within a Separation Kernel Architecture}, journal = {Princeton University Department of Electrical Engineering Technical Report CE-L2006-006}, year = {2006}, month = {November 2006}, URL = {http://palms.ee.princeton.edu/PALMSopen/techreports/bhaskara06virtualization.pdf}, author = {Ganesha Bhaskara and Timothy E. Levin and Thuy D. Nguyen and Cynthia E. Irvine and Terry V. Benzel and Jeffrey S. Dwoskin and Ruby B. Lee} } @conference { , title = {Validating Word-oriented Processors for Bit and Multi-Word Operations}, year = {2004}, month = {Sept. 2004}, pages = {473-488}, address = {Beijing, China}, URL = {http://palms.ee.princeton.edu/PALMSopen/lee04validating.pdf}, author = {Lee, Ruby B. and Yang, Xiao and Shi, Zhijie Jerry} } @conference { , title = {Workload Characterization of Elliptic Curve Cryptography and other Network Security Algorithms for Constrained Environments}, year = {2002}, month = {Nov. 2002}, pages = {127-137}, address = {Austin, Texas, USA}, URL = {http://palms.ee.princeton.edu/PALMSopen/fiskiran02workload-presentation-with-reference.pdf}, author = {Fiskiran, Murat and Lee, Ruby B.} }