BZPEERReading, trust and collaboration for research
Menu

Discover

GraphFollow connections around a paper, topic or saved view.

Workspaces

HomePick up where your research flow left off.InboxHandle requests, replies and notifications from one place.CollectionsCurate reading lists, evidence sets and shareable dossiers.ResearchSee your private provenance graph, trail and imports.CollaborationMove from discovery into focused discussion rooms.PublishDraft, preview and publish full-text research articles.

Network

ExpertsFind specialists worth following or asking for help.CommunitiesJoin research circles organized around shared work.PartnersSee external organizations active around the same topics.

Opportunities

ListingsBrowse roles, calls and collaborations with clearer fit signals.

Account

Log inReturn to your reading and collaboration workspace.Create accountStart saving work, following people and joining teams.
Log inCreate account

Researcher profile

Matthew Hicks

Matthew Hicks contributes to research discovery and scholarly infrastructure.

ResearcherAffiliation not importedOpen to collaborate
Cryptography and Securityastro-ph.IMphysics.ins-detHardware ArchitectureSoftware Engineering

Trust snapshot

Quick read

Trust 19 - UnverifiedVerification L1Unclaimed author
5works
0followers
5topics
4close collaborators

Actions

Decide how to stay connected

Follow researcher0

Identity and collaboration

How to connect with this researcher

Claiming links this public author record to a researcher profile and unlocks direct collaboration workflows.

Log in to claim

Direct collaboration

Open a focused conversation when the fit is right

Claim this author entity first to unlock direct invitations.

Research graph

See the researcher in context

Open full explorer

Inspect adjacent work, topics, institutions and collaborators without jumping out to a separate graph page.

Building this graph slice

BZPEER is loading the nearby papers, people, topics and institutions for this page.

Published work

5 published item(s)

preprint2022arXiv

First tests of a 1 megapixel near-infrared avalanche photodiode array for ultra-low background space astronomy

Spectroscopy of Earth-like exoplanets and ultra-faint galaxies are priority science cases for the coming decades. Here, broadband source flux rates are measured in photons per square meter per hour, imposing extreme demands on detector performance, including dark currents lower than 1 e-/pixel/kilosecond, read noise less than 1 e-/pixel/frame, and large formats. There are currently no infrared detectors that meet these requirements. The University of Hawaii and industrial partners are developing one promising technology, linear mode avalanche photodiodes (LmAPDs), using fine control over the HgCdTe bandgap structure to enable noise-free charge amplification and minimal glow. Here we report first results of a prototype megapixel format LmAPD operated in our cryogenic testbed. At 50 Kelvin, we measure a dark current of about 3 e-/pixel/kilosecond, which is due to an intrinsic dark current consistent with zero (best estimate of 0.1 e-/pixel/kilosecond) and a ROIC glow of 0.08 e-/pixel/frame. The read noise of these devices is about 10 e-/pixel/frame at 3 volts, and decreases by 30% with each additional volt of bias, reaching 2 e- at 8 volts. Upcoming science-grade devices are expected to substantially improve upon these figures, and address other issues uncovered during testing.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

Same Coverage, Less Bloat: Accelerating Binary-only Fuzzing with Coverage-preserving Coverage-guided Tracing

Coverage-guided fuzzing's aggressive, high-volume testing has helped reveal tens of thousands of software security flaws. While executing billions of test cases mandates fast code coverage tracing, the nature of binary-only targets leads to reduced tracing performance. A recent advancement in binary fuzzing performance is Coverage-guided Tracing (CGT), which brings orders-of-magnitude gains in throughput by restricting the expense of coverage tracing to only when new coverage is guaranteed. Unfortunately, CGT suits only a basic block coverage granularity -- yet most fuzzers require finer-grain coverage metrics: edge coverage and hit counts. It is this limitation which prohibits nearly all of today's state-of-the-art fuzzers from attaining the performance benefits of CGT. This paper tackles the challenges of adapting CGT to fuzzing's most ubiquitous coverage metrics. We introduce and implement a suite of enhancements that expand CGT's introspection to fuzzing's most common code coverage metrics, while maintaining its orders-of-magnitude speedup over conventional always-on coverage tracing. We evaluate their trade-offs with respect to fuzzing performance and effectiveness across 12 diverse real-world binaries (8 open- and 4 closed-source). On average, our coverage-preserving CGT attains near-identical speed to the present block-coverage-only CGT, UnTracer; and outperforms leading binary- and source-level coverage tracers QEMU, Dyninst, RetroWrite, and AFL-Clang by 2-24x, finding more bugs in less time.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

Sub-electron noise infrared camera development using Leonardo large format 2Kx2K SWIR LmAPD array

There have been no significant breakthroughs in infrared imagery since the hybridization of III-V or II-VI narrow-bandgap semiconductors on complementary metal-oxide semiconductor (CMOS) read-out integrated circuits (ROICs). The development of third-generation, linear-mode avalanche photodiode arrays (LmAPDs) using mercury cadmium telluride (MCT) has resulted in a significant sensitivity improvement for short-wave infrared (SWIR) imaging. The first dedicated LmAPD device, called SAPHIRA (320x256/24 microns), was designed by Leonardo UK Ltd specifically for SWIR astronomical applications. In the past decade there has been a significant development effort to make larger LmAPD arrays for low-background astronomy. Larger LmAPD formats for ultra-low noise/flux SWIR imaging, currently under development at Leonardo include a 512 x 512 LmAPD array funded by ESO, MPE and NRC Herzberg, a 1k x 1k array funded by NASA and a 2K x 2K device funded by ESA for general scientific imaging applications. The 2048x2048 pixel ROIC has a pitch of 15 microns, 4/8/16 outputs and a maximum frame rate of 10 Hz. The ROIC characterization is scheduled in the third quarter of 2022, while the first arrays will be fabricated by end-2022. The hybridized arrays will be characterized during end-2022. At this time, First Light Imaging will start the development of an autonomous camera integrating this 2Kx2K LmAPD array, based on the unique experience from the C-RED One camera, the only commercial camera integrating the SAPHIRA SWIR LmAPD array.The detector will be embedded in a compact high vacuum cryostat cooled with low vibration pulse at 50-80K which does not require external pumping. Sub-electron readout noise is expected to be achieved with high multiplication gain. Custom cold filters and beam aperture cold baffling will be integrated in the camera.

0 citations0 reviewsNo code linkedOpen access
preprint2021arXiv

Fuzzing Hardware Like Software

Hardware flaws are permanent and potent: hardware cannot be patched once fabricated, and any flaws may undermine any software executing on top. Consequently, verification time dominates implementation time. The gold standard in hardware Design Verification (DV) is concentrated at two extremes: random dynamic verification and formal verification. Both struggle to root out the subtle flaws in complex hardware that often manifest as security vulnerabilities. The root problem with random verification is its undirected nature, making it inefficient, while formal verification is constrained by the state-space explosion problem, making it infeasible against complex designs. What is needed is a solution that is directed, yet under-constrained. Instead of making incremental improvements to existing DV approaches, we leverage the observation that existing software fuzzers already provide such a solution, and adapt them for hardware DV. Specifically, we translate RTL hardware to a software model and fuzz that model. The central challenge we address is how best to mitigate the differences between the hardware execution model and software execution model. This includes: 1) how to represent test cases, 2) what is the hardware equivalent of a crash, 3) what is an appropriate coverage metric, and 4) how to create a general-purpose fuzzing harness for hardware. To evaluate our approach, we fuzz four IP blocks from Google's OpenTitan SoC. Our experiments reveal a two orders-of-magnitude reduction in run time to achieve Finite State Machine (FSM) coverage over traditional dynamic verification schemes. Moreover, with our design-agnostic harness, we achieve over 88% HDL line coverage in three out of four of our designs -- even without any initial seeds.

0 citations0 reviewsNo code linkedOpen access
preprint2020arXiv

Silicon Dating

In order to service an ever-growing base of legacy electronics, both government and industry customers must turn to third-party brokers for components in short supply or discontinued by the original manufacturer. Sourcing equipment from a third party creates an opportunity for unscrupulous gray market suppliers to insert counterfeit devices: failed, knock-off, or otherwise inferior to the original product. This increases the supplier's profits at the expense of reduced performance/reliability of the customer's system. The most challenging class of counterfeit devices to detect is recycled counterfeits: recovered genuine devices which are re-sold as new. Such devices are difficult to detect because they typically pass performance and parametric tests but fail prematurely due to age-related wear. To address the challenge of detecting recycled devices pre-deployment, we develop Silicon Dating: a low-overhead classifier for detecting recycled integrated circuits using Static Random-Access Memory (SRAM) power-on states. Silicon Dating targets devices with no known-new record or purpose-built anti-recycling hardware. We observe that over time, software running on a device imprints its unique data patterns into SRAM through analog-domain changes; we measure the level and direction of this change through SRAM power-on state statistics. In contrast to highly symmetric power-on states produced by variation during SRAM fabrication, we show that embedded software data is generally highly asymmetric and that the degree of power-on state asymmetry imprinted by software reveals device use. Using empirical results from embedded benchmarks running on several microcontrollers, we show that Silicon Dating identifies recycled devices with 84.1% accuracy with no software-specific knowledge and with 92.0% accuracy by incorporating software knowledge---without prior device enrollment or modification.

0 citations0 reviewsNo code linkedOpen access