Srinivas Devadas

Bio: Srinivas Devadas is an academic researcher from Massachusetts Institute of Technology. The author has contributed to research in topics: Sequential logic & Combinational logic. The author has an hindex of 88, co-authored 480 publications receiving 31897 citations. Previous affiliations of Srinivas Devadas include University of California, Berkeley & Cornell University.

Offline count-limited certificates

Abstract: In this paper, we present the idea of offline count-limited certificates (or clics for short), and show how these can be implemented using minimal trusted hardware functionality already widely available today. Offline count-limited certificates are digital certificates that: (1) specify usage conditions that depend on irreversible counters, and (2) are used in a protocol that guarantees that any attempt to use them in violation of these usage conditions will be detected even if the user of the certificate and the verifying party have no contact at all with the outside world at the time of the transaction. Such certificates enable many interesting applications not possible with traditional (unlimited use) certificates, including count-limited delegation and access, offline commerce and trading using cashlike migratable certificates, and others. We show how all these applications can be made possible by using only a simple trusted timestamping device (TTD), which can in turn be implemented using existing trusted hardware devices such as smartcards, and the Trusted Platform Module (TPM) chips embedded in PCs available today. Significantly, our solutions do not require trust in any other components in the host machines aside from the TTD itself; they remain tamper-evident as long as the TTD is not compromised, even if the entire host system, including the BIOS, CPU, OS and memory, is compromised. This not only provides better security by minimizing the required trusted computing base, but also makes implementation possible on present-day machines without requiring a particular kind of OS. We demonstrate all these ideas by implementing a prototype application that runs under both Linux and Windows, and presenting experimental performance results.

Power Estimation Using Probability Polynomials

Abstract: We describe a method of polynomial simulation to calculate switching activities in a general-delay logic circuit. This method is a generalization of the exact signal probability evaluation method due to Parker and McCluskey, which has been extended to handle temporal correlation and arbitrary transport delays. The method can target both combinational and sequential circuits. Our method is parameterized by a single parameter l, which determines the speed-accuracy tradeoff. l indicates the depth in terms of logic levels over which spatial signal correlation is taken into account. This is done by only taking into account reconvergent paths whose length is at most l. The rationale is that ignoring spatial correlation for signals that reconverge after many levels of logic introduces negligible error. When l = L, where L is the total number of levels of logic in the circuit, the method will produce the exact switching activity under a zero delay model, taking into account all internal correlation. We present results that show that the error in the switching activity and power estimates is very small even for small values of l. In fact, for most of the examples, power estimates with l = 0 are within 5% of the exact. However, this error can be higher than 20% for some examples. More robust estimates are obtained with l = 2, providing a good compromise between speed and accuracy.

Sequential Test Generation

Abstract: Test generation for sequential circuits has long been recognized as a difficult problem [16, 68, 91]. In particular, unstructured, random, sequential digital designs are very difficult to test. The test generation problem is difficult mainly because the input space that must be searched to obtain a test vector sequence is huge. Since most circuits have a large number of inputs, it is not possible to enumerate the input space explicitly. The structure of the circuit must be exploited to search the input space implicitly and reduce the complexity of the search process for the expected cases. Another difficulty in circuits without reset lines is the necessity of initializing the latches to a known value.

A synthesis-based test generation and compaction algorithm for multifaults

Abstract: Because of its inherent complexity, the problem of automatic test pattern generation for multiple stuck-at faults (multifaults) has been largely ignored. Recently, the observation that multifault testability is retained by algebraic factorization demonstrated that single fault (and therefore multifault) vector sets for two-level circuits could give complete multifault coverage for multilevel circuits constructed by algebraic factorization. Unfortunately, in using this method the vector set size can be much larger than what is really required to achieve multifault coverage, and the approach has some limitations in its applicability.

Atom: Scalable Anonymity Resistant to Traffic Analysis.

Abstract: Atom is an anonymity system that protects against traffic-analysis attacks and avoids the scalability bottlenecks of traditional mix-net- and DC-net-based anonymity systems. Atom consists of a distributed network of mix servers connected with a carefully structured link topology. Unlike many anonymous communication system with traffic-analysis protection, each Atom server touches only a small a fraction of the total messages routed through the network. As a result, the system's capacity scales near-linearly with the number of servers. At the same time, each Atom user benefits from "best possible" anonymity: each user's anonymity set consists of all honest users in the system, against an active adversary who controls the entire network, a constant fraction of the system's servers, and any number of malicious users. We evaluate Atom on a distributed network of 1,024 dual-core servers and demonstrate that the system can anonymize more than a million Tweet-length messages with less than 30 minutes of latency.

TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones

Abstract: Today’s smartphone operating systems frequently fail to provide users with visibility into how third-party applications collect and share their private data. We address these shortcomings with TaintDroid, an efficient, system-wide dynamic taint tracking and analysis system capable of simultaneously tracking multiple sources of sensitive data. TaintDroid enables realtime analysis by leveraging Android’s virtualized execution environment. TaintDroid incurs only 32p performance overhead on a CPU-bound microbenchmark and imposes negligible overhead on interactive third-party applications. Using TaintDroid to monitor the behavior of 30 popular third-party Android applications, in our 2010 study we found 20 applications potentially misused users’ private information; so did a similar fraction of the tested applications in our 2012 study. Monitoring the flow of privacy-sensitive data with TaintDroid provides valuable input for smartphone users and security service firms seeking to identify misbehaving applications.

TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones

Abstract: Today's smartphone operating systems frequently fail to provide users with adequate control over and visibility into how third-party applications use their private data. We address these shortcomings with TaintDroid, an efficient, system-wide dynamic taint tracking and analysis system capable of simultaneously tracking multiple sources of sensitive data. TaintDroid provides realtime analysis by leveraging Android's virtualized execution environment. TaintDroid incurs only 14% performance overhead on a CPU-bound micro-benchmark and imposes negligible overhead on interactive third-party applications. Using TaintDroid to monitor the behavior of 30 popular third-party Android applications, we found 68 instances of potential misuse of users' private information across 20 applications. Monitoring sensitive data with TaintDroid provides informed use of third-party applications for phone users and valuable input for smartphone security service firms seeking to identify misbehaving applications.

Symbolic Boolean manipulation with ordered binary-decision diagrams

Abstract: Ordered Binary-Decision Diagrams (OBDDs) represent Boolean functions as directed acyclic graphs. They form a canonical representation, making testing of functional properties such as satisfiability and equivalence straightforward. A number of operations on Boolean functions can be implemented as graph algorithms on OBDD data structures. Using OBDDs, a wide variety of problems can be solved through symbolic analysis. First, the possible variations in system parameters and operating conditions are encoded with Boolean variables. Then the system is evaluated for all variations by a sequence of OBDD operations. Researchers have thus solved a number of problems in digital-system design, finite-state system analysis, artificial intelligence, and mathematical logic. This paper describes the OBDD data structure and surveys a number of applications that have been solved by OBDD-based symbolic analysis.

Physical unclonable functions for device authentication and secret key generation

Abstract: Physical Unclonable Functions (PUFs) are innovative circuit primitives that extract secrets from physical characteristics of integrated circuits (ICs). We present PUF designs that exploit inherent delay characteristics of wires and transistors that differ from chip to chip, and describe how PUFs can enable low-cost authentication of individual ICs and generate volatile secret keys for cryptographic operations.