Ruby B. Lee

Ruby B. Lee
Princeton University | PU · Department of Electrical Engineering

Ph.D.

About

264
Publications
74,785
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
9,447
Citations
Citations since 2017
37 Research Items
4176 Citations
20172018201920202021202220230200400600
20172018201920202021202220230200400600
20172018201920202021202220230200400600
20172018201920202021202220230200400600
Additional affiliations
September 2012 - September 2017
Imperial College London
Position
  • Visiting Professor
October 1998 - present
Princeton University
Position
  • Forrest G. Hamrick Professor in Engineering
September 1981 - October 1986
HP Inc.
Position
  • Computer Architect
Description
  • Designed the PA-RISC architecture for HP unifying 3 computer product lines. Technical lead of the first CMOS single-chip PA-RISC microprocessor. Both done with very small teams at HP Labs,
Education
September 1975 - June 1980
Stanford University
Field of study
  • Electrical Engineering

Publications

Publications (264)
Article
Full-text available
We propose a software-hardware architecture, DataSafe, that realizes the concept of self-protecting data: data that is pro-tected by a given policy whenever it is accessed by any ap-plication – including unvetted third-party applications. Our architecture provides dynamic instantiations of secure data compartments (SDCs), with hardware monitoring o...
Conference Paper
Full-text available
Caches ideally should have low miss rates and short access times, and should be power efficient at the same time. Such design goals are often contradictory in practice. Recent findings on efficient attacks based on information leakage in caches have also brought the security issue up front. Design for security introduces even more restrictions and...
Preprint
Full-text available
Speculative execution attacks leverage the speculative and out-of-order execution features in modern computer processors to access secret data or execute code that should not be executed. Secret information can then be leaked through a covert channel. While software patches can be installed for mitigation on existing hardware, these solutions can i...
Preprint
Full-text available
In cloud computing, it is desirable if suspicious activities can be detected by automatic anomaly detection systems. Although anomaly detection has been investigated in the past, it remains unsolved in cloud computing. Challenges are: characterizing the normal behavior of a cloud server, distinguishing between benign and malicious anomalies (attack...
Article
As mobile devices are becoming ubiquitous, regularly interacting with a variety of user interfaces (UIs) is a common aspect of daily life for many people. To improve the accessibility of these devices and to enable their usage in a variety of settings, building models that can assist users and accomplish tasks through the UI is vitally important. H...
Preprint
Full-text available
Impostors are attackers who take over a smartphone and gain access to the legitimate user's confidential and private information. This paper proposes a defense-in-depth mechanism to detect impostors quickly with simple Deep Learning algorithms, which can achieve better detection accuracy than the best prior work which used Machine Learning algorith...
Preprint
Full-text available
As mobile devices are becoming ubiquitous, regularly interacting with a variety of user interfaces (UIs) is a common aspect of daily life for many people. To improve the accessibility of these devices and to enable their usage in a variety of settings, building models that can assist users and accomplish tasks through the UI is vitally important. H...
Preprint
Full-text available
Spectre and Meltdown attacks and their variants exploit performance optimization features to cause security breaches. Secret information is accessed and leaked through micro-architectural covert channels. New attack variants keep appearing and we do not have a systematic way to capture the critical characteristics of these attacks and evaluate why...
Article
Full-text available
Benefiting from the advance of Deep Learning technology, IoT devices and systems are becoming more intelligent and multi-functional. They are expected to run various Deep Learning inference tasks with high efficiency and performance. This requirement is challenged by the mismatch between the limited computing capability of edge devices and large-sc...
Preprint
Full-text available
In this paper, we show that sensor-based impostor detection with deep learning can achieve excellent impostor detection accuracy at lower hardware cost compared to past work on sensor-based user authentication (the inverse problem) which used more conventional machine learning algorithms. While these methods use other smartphone users' sensor data...
Conference Paper
The prevalence of deep learning has drawn attention to the privacy protection of sensitive data. Various privacy threats have been presented, where an adversary can steal model owners' private data. Meanwhile, countermeasures have also been introduced to achieve privacy-preserving deep learning. However, most studies only focused on data privacy du...
Conference Paper
Cache side-channel attacks aim to breach the confidentiality of a computer system and extract sensitive secrets through CPU caches. In the past years, different types of side-channel attacks targeting a variety of cache architectures have been demonstrated. Meanwhile, different defense methods and systems have also been designed to mitigate these a...
Preprint
Deep learning has become popular, and numerous cloud-based services are provided to help customers develop and deploy deep learning applications. Meanwhile, various attack techniques have also been discovered to stealthily compromise the model's integrity. When a cloud customer deploys a deep learning model in the cloud and serves it to end-users,...
Preprint
We present a new and practical framework for security verification of secure architectures. Specifically, we break the verification task into external verification and internal verification. External verification considers the external protocols, i.e. interactions between users, compute servers, network entities, etc. Meanwhile, internal verificati...
Preprint
Full-text available
Attacks against the control processor of a power-grid system, especially zero-day attacks, can be catastrophic. Earlier detection of the attacks can prevent further damage. However, detecting zero-day attacks can be challenging because they have no known code and have unknown behavior. In order to address the zero-day attack problem, we propose a d...
Chapter
An increasing amount of data are becoming publicly available over the Internet. These data are released after applying some anonymization techniques. Recently, researchers have paid significant attention to analyzing the risks of publishing privacy-sensitive data. Even if data anonymization techniques were applied to protect privacy-sensitive data,...
Conference Paper
A program's use of CPU caches may reveal its memory access pattern and thus leak sensitive information when the program performs secret-dependent memory accesses. In recent studies, it has been demonstrated that cache side-channel attacks that extract secrets by observing the victim program's cache uses can be conducted under a variety of scenarios...
Article
Full-text available
Internet of things (IoT) applications have become increasingly popular in recent years, with applications ranging from building energy monitoring to personal health tracking and activity recognition. In order to leverage these data, automatic knowledge extraction - whereby we map from observations to interpretable states and transitions - must be d...
Article
Full-text available
It is important to study the risks of publishing privacy-sensitive data. Even if sensitive identities (e.g., name, social security number) were removed and advanced data perturbation techniques were applied, several de-anonymization attacks have been proposed to re-identify individuals. However, existing attacks have some limitations: 1) they are l...
Article
Cloud customers need assurances regarding the security of their virtual machines (VMs), operating within an Infrastructure as a Service (IaaS) cloud system. This is complicated by the customer not knowing where his VM is executing, and on the semantic gap between what the customer wants to know versus what can be measured in the cloud. We present C...
Conference Paper
It is important to study the risks of publishing privacy-sensitive data. Even if sensitive identities (e.g., name, social security number) were removed and advanced data perturbation techniques were applied, several de-anonymization attacks have been proposed to re-identify individuals. However, existing attacks have some limitations: 1) they are l...
Conference Paper
Security-critical data can leak through very unexpected side channels, making side-channel attacks very dangerous threats to information security. Of these, cache-based side-channel attacks are some of the most problematic. This is because caches are essential for the performance of modern computers, but an intrinsic property of all caches - the di...
Article
We propose Secure Pick Up (SPU), a convenient, lightweight, in-device, non-intrusive and automatic-learning system for smartphone user authentication. Operating in the background, our system implicitly observes users' phone pick-up movements, the way they bend their arms when they pick up a smartphone to interact with the device, to authenticate th...
Article
Authentication of smartphone users is important because a lot of sensitive data is stored in the smartphone and the smartphone is also used to access various cloud data and services. However, smartphones are easily stolen or co-opted by an attacker. Beyond the initial login, it is highly desirable to re-authenticate end-users who are continuing to...
Conference Paper
We explore host-based DoS attacks, which exploit the shared computing resources in a multi-tenant cloud server to compromise the server's resource availability. We first present a set of attack techniques targeting different types of resources. We show such attacks can significantly affect the performance of co-located VMs, as well as the cloud pro...
Conference Paper
We propose Secure Pick Up (SPU), a convenient, lightweight, in-device, non-intrusive and automatic-learning system for smartphone user authentication. Operating in the background, our system implicitly observes users' phone pick-up movements, the way they bend their arms when they pick up a smartphone to interact with the device, to authenticate th...
Conference Paper
In cloud computing, network Denial of Service (DoS) attacks are well studied and defenses have been implemented, but severe DoS attacks on a victim's working memory by a single hostile VM are not well understood. Memory DoS attacks are Denial of Service (or Degradation of Service) attacks caused by contention for hardware memory resources on a clou...
Conference Paper
Full-text available
The risks of publishing privacy-sensitive data have received considerable attention recently. Several de-anonymization attacks have been proposed to re-identify individuals even if data anonymization techniques were applied. However, there is no theoretical quantification for relating the data utility that is preserved by the anonymization techniqu...
Conference Paper
To access sensitive information, some recent advanced attacks have been successful in exploiting implicit flows in a program in which sensitive data affects the control path and in turn affects other data. To track the sensitive data through implicit flows, several software and hardware based approaches have been proposed, but they suffer from the...
Conference Paper
We present CloudRadar, a system to detect, and hence mitigate, cache-based side-channel attacks in multi-tenant cloud systems. CloudRadar operates by correlating two events: first, it exploits signature-based detection to identify when the protected virtual machine (VM) executes a cryptographic application; at the same time, it uses anomaly-based d...
Article
Newcache is a secure cache that can thwart cache side-channel attacks to prevent the leakage of secret information. All caches today are susceptible to cache side-channel attacks, despite software isolation of memory pages in virtual address spaces or virtual machines. These cache attacks can leak secret encryption keys or private identity keys, nu...
Article
Cloud customers need assurances regarding the security of their virtual machines (VMs) operating within an infrastructure-as-a-service cloud system. This is complicated by the customer not knowing where the VM is executing and by the semantic gap between what the customer wants to know versus what can be measured in the cloud. In this article, the...
Article
Adding new hardware features to a cloud computing server requires testing both the functionality and the performance of the new hardware mechanisms. However, commonly used cloud computing server workloads are not well-represented by the SPEC integer and floating-point benchmark and Parsec suites typically used by the computer architecture community...
Conference Paper
Smartphones are now frequently used by end-users as the portals to cloud-based services, and smartphones are easily stolen or co-opted by an attacker. Beyond the initial login mechanism, it is highly desirable to re-authenticate end-users who are continuing to access security-critical services and data, whether in the cloud or in the smartphone. Bu...
Conference Paper
Smartphones are now frequently used by end-users as the portals to cloud-based services, and smartphones are easily stolen or co-opted by an attacker. Beyond the initial log-in mechanism, it is highly desirable to re-authenticate end-users who are continuing to access security-critical services and data, whether in the cloud or in the smartphone. B...
Article
Full-text available
Memory DoS attacks are Denial of Service (or Degradation of Service) attacks caused by contention for hardware memory resources. In cloud computing, these availability breaches are serious security threats that occur despite the strong memory isolation techniques for Virtual Machines (VMs), enforced by the software virtualization layer. The underly...
Article
Full-text available
Adding new hardware features to a cloud computing server requires testing both the functionalities and the performance of the new hardware mechanisms. However, commonly used cloud computing server workloads are not well-represented by the SPEC integer and floating-point benchmark and Parsec suites typically used by the computer architecture communi...
Conference Paper
Cache side channel attacks are serious threats to multi-tenant public cloud platforms. Past work showed how secret information in one virtual machine (VM) can be extracted by another co-resident VM using such attacks. Recent research demonstrated the feasibility of high-bandwidth, low-noise side channel attacks on the last-level cache (LLC), which...
Article
We present an effective implementation of the Prime Probe side-channel attack against the last-level cache. We measure the capacity of the covert channel the attack creates and demonstrate a cross-core, cross-VM attack on multiple versions of GnuPG. Our technique achieves a high attack resolution without relying on weaknesses in the OS or virtual m...
Conference Paper
Full-text available
Information leakage through cache side channels is a serious threat in computer systems. The leak of secret cryptographic keys voids the protections provided by strong cryptography and software virtualization. Past cache side channel defenses focused almost entirely on data caches. Recently, instruction cache based side-channel attacks have been de...
Article
Full-text available
Cloud customers need guarantees regarding the security of their virtual machines (VMs), operating within an Infrastructure as a Service (IaaS) cloud system. This is complicated by the customer not knowing where his VM is executing, and on the semantic gap between what the customer wants to know versus what can be measured in the cloud. We present a...
Conference Paper
Full-text available
Caches are integral parts in modern computers; they leverage the memory access patterns of a program to mitigate the gap between the fast processors and slow memory components. Unfortunately, the behavior of caches can be exploited by attackers to infer the program's memory access patterns, by carrying out cache-based side-channel attacks, which ca...
Article
Full-text available
Cyberattacks are growing at an alarming rate, even as our dependence on cyberspace transactions increases. Our software security solutions may no longer be sufficient. It is time to rethink computer design from the foundations. Can hardware security be enlisted to improve cybersecurity? The author discusses two classes of hardware security: hardwar...
Conference Paper
Full-text available
The widespread use of smartphones gives rise to new security and privacy concerns. Smartphone thefts account for the largest percentage of thefts in recent crime statistics. Using a victim's smartphone, the attacker can launch impersonation attacks, which threaten the security of the victim and other users in the network. Our threat model includes...
Conference Paper
Common authentication methods based on passwords, or fingerprints in smartphones, depend on user participation. They do not protect against the threat of an attacker getting hold of the phone after the user has been authenticated. Using a victim’s smartphone, the attacker can launch impersonation attacks, which threaten the data that can be accesse...
Patent
Full-text available
A functional unit is provided which allows for fast, parallel data read, write, and manipulation operations. The functional unit includes first and second source registers for receiving first and second data items to be processed by the functional unit, a plurality of memory tables, a combinational logic circuit, and a decoder. Each of the tables i...
Article
Correctly functioning caches have been shown to leak critical secrets like encryption keys, through various types of cache side-channel attacks. This nullifies the security provided by strong encryption and allows confidentiality breaches, impersonation attacks and fake services. Hence, future cache designs must consider security, ideally without d...
Technical Report
Full-text available
Modern Intel processors use an undisclosed hash function to map memory lines into last-level cache slices. In this work we develop a technique for reverse-engineering the hash function. We apply the technique to a 6-core Intel processor and demonstrate that knowledge of this hash function can facilitate cache-based side channel attacks, reducing th...
Conference Paper
Full-text available
Side-channel attacks try to breach confidentiality and retrieve critical secrets through the side channels. Cache memories are a potential source of information leakage through side-channel attacks, many of which have been proposed. Meanwhile, different cache architectures have also been proposed to defend against these attacks. However, there are...
Conference Paper
Summary form only given. The complete presentation was not made available for publication as part of the conference proceedings. Cyber Security is becoming increasing important, as our daily lives, financial compeFFveness and naFonal security all depend on cyberspace interacFons. Software-only security soluFons oJen insufficient to stem aNacks, or...
Conference Paper
Conference Paper
This article consists of a collection of slides from the author's conference presentation on hardware security. Some of the specific topics discussed include: examples of using Moving Target Defense for Secure Hardware design (DHS/AFRL project); system performance evaluations; network security considerations; secure processors; dynamic information...
Conference Paper
Full-text available
In cloud computing, most of the computations and data in the data center do not belong to the cloud provider. This leaves owners of applications and data concerned about cyber and physical attacks which may compromise the confidentiality, integrity or availability of their applications or data. While much work has looked at protection from software...
Patent
Full-text available
A system and method for processor-based security is provided, for on-chip security and trusted computing services for software applications. A processor is provided having a processor core, a cache memory, a plurality of registers for storing at least one hash value and at least one encryption key, a memory interface, and at least one on-chip instr...
Conference Paper
Full-text available
In this paper we present our vision for Security on Demand in cloud computing: a system where cloud providers can offer customized security for customers' code and data throughout the term of contract. Security on demand enables security-focussed competitive service differentiation and pricing, based on a threat model that matches the customer's se...
Conference Paper
Full-text available
In this paper we present our vision for Security on Demand in cloud computing: a system where cloud providers can offer customized security for customers' code and data throughout the term of contract. Security on demand enables security-focussed competitive service differentiation and pricing, based on a threat model that matches the customer's se...
Article
Cloud computing has ushered in an era where cloud customers are able to rapidly access on-demand computing resources made available by third party cloud providers. The cloud providers who maintain these computing resources and lease them out to customers leverage economies of scale and sharing of resources to be able to provide these resources to c...
Patent
Full-text available
A cache memory having enhanced performance and security feature is provided. The cache memory includes a data array storing a plurality of data elements, a tag array storing a plurality of tags corresponding to the plurality of data elements, and an address decoder which permits dynamic memory-to-cache mapping to provide enhanced security of the da...
Book
Design for security is an essential aspect of the design of future computers. However, security is not well understood by the computer architecture community. Many important security aspects have evolved over the last several decades in the cryptography, operating systems, and networking communities. This book attempts to introduce the computer arc...
Conference Paper
Full-text available
Cache side channel attacks are attacks that leak secret information through physical implementation of cryptographic operations, nullifying cryptographic protection. Recently, these attacks have received great interest. Previous research found that software countermeasures alone are not enough to defend against cache side channel attacks. Secure ca...
Conference Paper
Full-text available
Side-channels enable attackers to break a cipher by exploiting observable information from the cipher program's execution to infer its secret key. While some defenses have been proposed to protect information leakage due to certain side channels, the effectiveness of these defenses have mostly been given only qualitative analysis by their authors....
Conference Paper
Full-text available
The rise of the Cloud Computing paradigm has led to security concerns, taking into account that resources are shared and mediated by a Hypervisor which may be targeted by rogue guest VMs and remote attackers. In order to better define the threats to which a cloud server's Hypervisor is exposed, we conducted a thorough analysis of the codebase of tw...
Conference Paper
Full-text available
Dependability in cloud computing applications can be negatively affected by various attacks or service abuses. To come ahead of this threat, we propose an economic measure to deter attacks and various service abuses in cloud computing applications. Our proposed defense is based on requiring a service user to pay a small deposit, using digital curre...
Article
This chapter discusses some promising game-changing strategies for improving cyber security: enabling tailored trustworthy spaces, thwarting attackers with proactive moving target strategies, and rewarding responsible behavior in cyberspace with economic or other incentives. It provides some concrete examples to show that these strategies can be us...
Chapter
Security Policies, discussed in the previous chapter, are enforced to control access to protected information. Access control consists of two parts: Authentication and Authorization. Authentication mechanisms identify who the subject is. Authorization mechanisms determine what access the subject is allowed to the object.
Chapter
Security policies in the real world can be very complex. They are often developed by committees representing the interests of the various stake-holders, and/or by executives of a company. Security policies are not technical issues decided by engineers. Rather, engineers design the security mechanisms that enforce the security policies.
Chapter
Public-key cryptography is used for establishing longer-term identities in cyberspace. It is used for authentication of users, programs, devices or systems. It can provide non-repudiation, and is used in digital signatures. Non-repudiation and digital signatures will be defined in later sections.
Chapter
Computers have been designed to improve functionality, performance, cost, power utilization, area and usability. With our increased dependence on computers today, coupled with the rise of cyber attackers on our digital information systems, it is imperative that we also design computers to improve security. Design for Security assumes that attackers...
Chapter
Security Protocols are perhaps the most essential and subtle aspects of security architectures. They describe the interactions between different players (or principals) in a distributed computing environment. They can also be used to describe the interactions between components within a single computer.
Chapter
Cryptography provides us with excellent tools to enhance the confidentiality and integrity of information in computer architectures. It can be used to provide information security during transmission, computing and storage. In this and the next chapter, we discuss three basic cryptographic methods: • symmetric-key ciphers for confidentiality protec...
Conference Paper
Full-text available
Hardware-software security architectures can significantly improve the security provided to computer users. However, we are lacking a security verification methodology that can provide design-time verification of the security properties provided by such architectures. While verification of an entire hardware-software security architecture is very d...
Conference Paper
Full-text available
Welcome to the 2012 Workshop on Hardware and Architectural Support for Security and Privacy, HASP 2012, in conjunction with MICRO 45. This is the first workshop of HASP. It is intended to bring together researchers, developers, and practitioners from academia and industry, to share practical implementations/experiences related to hardware/architect...
Conference Paper
Many software functions are not efficiently executed by standard microprocessors. This happens when the operation granularity and data wordlength are different with respect to those of the microprocessor's architecture. Important improvements in speed and power can be obtained by integrating hardware accelerators in standard microprocessor architec...
Chapter
The paper discusses evolution of civil disobedience in cyberspace and real world. The result of comparison of both brings author to the conclusion of high impact of the deteriorating economic situation on the civil disobedience in both, cyberspace and real world, supporting each other. There is expectation of professionalization of movements in cyb...