Abstract: Disclosed are systems and methods for a computerized framework that provides an improved, secure computational environment between trusted and untrusted devices (e.g., a Trusted Execution Environment (TEE) and graphics processing unit (GPU), respectively) for executing and offloading Convolutional Neural Network (CNN) computations and operations. The disclosed framework can operate to perform such secure offloading and processing not only during inference computations of the CNN, but also during training of the CNN. The disclosed framework operates to enable training and execution of CNN models, whereby the data used for such operations are held securely while they are in use, in transit (e.g., between the TEE and GPU) and while in storage.

Abstract: Methods and systems of leveraging multiple data-collection entities to protect personal data. Image data is captured via an image sensor of a vehicle. A classifier can partition the captured image data into personal data and non-personal data, and can assign a confidence score to the personal data. If the confidence score is below a threshold, the vehicle can broadcast a wireless signal to other data-collection entities such as other vehicles or road-side unit, wherein the wireless signal includes a request for the other data-collection entities to inform the vehicle if those data-collection entities have detected personal data at a time corresponding to when the image sensor of the vehicle captured the image data. If the other data-collection entities indeed detected such personal data at the time, the vehicle can perform various actions such as deleting the images, or the portions that include personal data.

Abstract: Methods and systems for securely managing personal data associated with image processing include an image sensor configured to capture an image, a local computer system local to the image sensor, and a backend computer system remote from the image sensor. The local computer system has a processor with a trusted execution environment (TEE) that detects anomalies in images from the image sensor, extracts personal data from the image, and encrypts the personal data. The local computer system then sends the extracted, encrypted personal data to the backend computer system, where a backend TEE decrypts the extracted, encrypted personal data, and performs data processing by comparing the decrypted personal data to other personal data that is stored in a backend database in the backend computer system.

Abstract: Performing semantic segmentation in an absence of labels for one or more semantic classes is provided. One or more weak predictors are utilized to obtain label proposals of novel classes for an original dataset for which at least a subset of sematic classes are unlabeled classes. The label proposals are merged with ground truth of the original dataset to generate a merged dataset, the ground truth defining labeled classes of portions of the original dataset. A machine learning model is trained using the merged dataset. The machine learning model is utilized for performing semantic segmentation on image data.

Abstract: A system includes a memory and a processor in communication with the memory. The processor is programmed to receive a runtime measurement from a sensor regarding the physical attribute of at least the separate processor during runtime; compare the runtime measurement of the physical attribute to a fingerprint that includes a baseline measurement of a physical attribute of at least a separate processor during an evaluation period of the system, and in response to the measurement exceeding a threshold, executing a countermeasure operation against software ran by the separate processor.

Abstract: A system and method are disclosed for processing data subject rights requests. The system and method advantageously enable data controllers to train machine learning models on unaltered data having PII, while maintaining the privacy of the unaltered data and enabling compliance with data subject rights requests with respect to the data. The system and method incorporate a biometric database that stores biometric data extracted from the unaltered data having PII. In order to identify data relating to a data subject rights request, biometric data is received from the data subject and is matched against the biometric data stored in the biometric database. Based on the matched biometric data, the original unaltered source data having PII can be identified for the purpose of exercising one or more data subject rights, such as erasure, access, and objection to processing.

Abstract: A system includes memory, a processor in communication with the memory. The processor is programmed to define a fingerprint that includes a baseline measurement of a physical attribute of at least a separate processor during an enrollment period of the system, wherein the enrollment period includes measuring the physical attribute of the processor prior to runtime operation, receiving a runtime measurement from a sensor regarding the physical attribute of at least the separate processor during runtime, comparing the runtime measurement of the physical attribute to the fingerprint, and outputting a multi-dimensional domain image in response to the runtime measurement.

Abstract: A vehicle system includes a first vehicle bus, wherein the first vehicle bus includes one or more electronic control units (ECUs) configured to operate, wherein the one or more ECUs are configured to communicate with a remote server, a second vehicle bus, wherein the second vehicle bus is configured to communicate to the one or more ECUs, wherein the second vehicle bus includes one or more vehicle driving ECUs configured to operate vehicle driving functionality, a gateway controller configured to control communication between the first vehicle bus and the second vehicle bus, and a honeypot configured to emulate vehicle data, wherein the honeypot is further configured to monitor activity from a remote attacker.

Abstract: Instruction classification and software intrusion detection is performed. Program instruction execution of a processor of a microcontroller unit (MCU) is monitored via side-channel signal analysis, the monitoring including capturing a signal trace of a physical property of the MCU that leaks information correlated with the program instruction execution of the MCU, the signal trace indicating a value of the physical property over time. From the signal trace, time domain features, frequency domain features, and Mel Frequency Cepstral Coefficients (MFCC) features are extracted. A model is utilized for instruction detection to identify an execution signature based on the time domain features, frequency domain features, and MFCC features. The execution signature is compared to one or more reference instruction signatures. A remedial action is performed responsive to the execution signature failing to match to the one or more reference instruction signatures.

Abstract: A system that includes memory and a microcontroller including an analog-to-digital converter (ADC) and in communication with the memory. The microcontroller is configured to define a fingerprint that includes a baseline measurement of side-channel traces of a side-channel retrieved from the ADC, during an enrollment period of the system, wherein the enrollment period includes measuring voltage prior to runtime operation, receive a runtime measurement from the ADC that includes voltage of at least the separate microcontroller during runtime, compare the runtime measurement to the fingerprint, and in response to the measurement exceeding a threshold, executing a countermeasure operation against software ran by the separate processor.

Abstract: A system includes memory, a processor in communication with the memory. The processor is programmed to define a fingerprint that includes a baseline measurement of a physical attribute of at least a separate processor during an enrollment period of the system, wherein the enrollment period includes measuring the physical attribute of the processor prior to runtime operation, receiving a runtime measurement from a sensor regarding the physical attribute of at least the separate processor during runtime, comparing the runtime measurement of the physical attribute to the fingerprint, and outputting a multi-dimensional domain image in response to the runtime measurement.

Abstract: Instruction classification and software intrusion detection is performed. Program instruction execution of a processor of a microcontroller unit (MCU) is monitored via side-channel signal analysis, the monitoring including capturing a signal trace of a physical property of the MCU that leaks information correlated with the program instruction execution of the MCU, the signal trace indicating a value of the physical property over time. From the signal trace, time domain features, frequency domain features, and Mel Frequency Cepstral Coefficients (MFCC) features are extracted. A model is utilized for instruction detection to identify an execution signature based on the time domain features, frequency domain features, and MFCC features. The execution signature is compared to one or more reference instruction signatures. A remedial action is performed responsive to the execution signature failing to match to the one or more reference instruction signatures.

Abstract: A system includes a memory and a processor in communication with the memory. The processor is programmed to receive a runtime measurement from a sensor regarding the physical attribute of at least the separate processor during runtime; compare the runtime measurement of the physical attribute to a fingerprint that includes a baseline measurement of a physical attribute of at least a separate processor during an evaluation period of the system, and in response to the measurement exceeding a threshold, executing a countermeasure operation against software ran by the separate processor.

Abstract: A system-on-chip includes a processing system, a memory connected to the processing system, and a programmable logic circuit connected to the memory, where the processing system is configured to store different circuit configurations in the memory according to a predefined netlist, and the system is configured to repeatedly adapt the circuit to the circuit configurations stored in the memory.

Abstract: A method for controlling an actuator. The method includes: mapping parameters of a trained machine learning system that have a magnitude from a first set of different possible magnitudes to a magnitude of at least one predefinable second set of different possible magnitudes; storing the converted parameters in a memory block in each case; ascertaining an output variable of the machine learning system as a function of an input variable and the stored parameters. The stored parameters are read out from the respective memory block with the aid of at least one mask. The actuated is actuated as a function of the ascertained output variable. A computer system, a computer program, and a machine-readable memory element in which the computer program is stored are also described.

Abstract: In a method for generating a cryptographic key in a system-on-a-chip having a hardware-programmable logic unit, a circuit region of the hardware-programmable logic unit is configured in such a way that a first physical unclonable function is executed in the circuit region in order to generate a first cryptographic key, and the circuit region is reconfigured in such a way that (i) a further physical unclonable function is executed in order to generate a further cryptographic key or (ii) another functionality that does not encompass a physical unclonable function is executed.

Abstract: A system-on-chip includes a processing system, a memory connected to the processing system, and a programmable logic circuit connected to the memory, where the processing system is configured to store different circuit configurations in the memory according to a predefined netlist, and the system is configured to repeatedly adapt the circuit to the circuit configurations stored in the memory.

Abstract: A method for safeguarding a system-on-a-chip includes a hardware-programmable logic unit. In the course of a programming process, a public PUF key and a private PUF key are generated in the hardware-programmable logic unit with the aid of a physical unclonable function, and the public PUF key is signed with the aid of a second private key. The public PUF key and its signature are stored in an external memory of the system-on-a-chip, a security module is signed with the aid of a third private key, the security module and its signature are stored in the external memory of the system-on-a-chip, and the security module includes software which is used for safeguarding the system-on-a-chip.

Abstract: In a method for generating a cryptographic key in a system-on-a-chip having a hardware-programmable logic unit, a circuit region of the hardware-programmable logic unit is configured in such a way that a first physical unclonable function is executed in the circuit region in order to generate a first cryptographic key, and the circuit region is reconfigured in such a way that (i) a further physical unclonable function is executed in order to generate a further cryptographic key or (ii) another functionality that does not encompass a physical unclonable function is executed.

Abstract: A method for safeguarding a system-on-a-chip includes a hardware-programmable logic unit. In the course of a programming process, a public PUF key and a private PUF key are generated in the hardware-programmable logic unit with the aid of a physical unclonable function, and the public PUF key is signed with the aid of a second private key. The public PUF key and its signature are stored in an external memory of the system-on-a-chip, a security module is signed with the aid of a third private key, the security module and its signature are stored in the external memory of the system-on-a-chip, and the security module includes software which is used for safeguarding the system-on-a-chip.