1 2 3 14

Four Years Experience: Making Sensibility Testbed Work for SAS

August 30, 2018

Y. Zhuang, A. Rafetseder, R. Weiss, and J. Cappos

Sensibility Testbed is a framework for developing sensor-based applications that can run on user-provided smartphones, and is easy to program. Over the past four years, we have been organizing hackathons at SAS in order to perform semi-controlled experiments with this platform. Any smartphone user can install Sensibility Testbed and develop a simple sensor application in less than a day. One of the problems with developing and testing such a framework is that there are many possible hardware platforms and system configurations. Hackathons provide an effective venue for observing the development of applications on a range of devices by users with no previous knowledge of the framework.

Interdisciplinary Cyber Security Education

July 11, 2018

Interdisciplinary Cyber Security Education by Randal Milch and Nasir Memon

NIST’s National Initiative for Cybersecurity Education (NICE) is a crucial step
toward remedying the Nation’s undeniable shortage of “people with the knowledge,
skills, and abilities to perform the tasks required for cybersecurity work.” Such a
workforce will include “technical and nontechnical roles that are staffed with
knowledgeable and experienced people.”

Prevalence of Confusing Code in Software Projects

May 29, 2018

Dan Gopstein , Hongwei Zhou , Phyllis Frankl and Justin Cappos

Prior work has shown that extremely small code patterns, such as the conditional operator and implicit type conversion, can cause considerable misunderstanding in programmers. Until now, the real world impact of these patterns ś known as ‘atoms of confusion’ ś was only speculative. This work uses a corpus of 14 of the most popular and inluential open source C and C++ projects to measure the prevalence and signiicance of these small confusing patterns. Our results show that the 15 known types of confusing micro patterns occur millions of times in programs like the Linux kernel and GCC, appearing on average once every 23 lines.

Optimal Cyber Insurance Policy Design for Dynamic Risk Management and Mitigation

April 10, 2018

Rui Zhang and Quanyan Zhu

With the recent growing number of cyber-attacks and the constant lack of effective and state-of-art defense methods, cyber risks become ubiquitous in enterprise networks, manufacturing plants, and government computer systems. Cyber-insurance has become one of the major ways to mitigate the risks as it can transfer the cyber-risks to insurance companies and improve the security status of the insured. The designation of effective cyber-insurance policies requires the considerations from both the insurance market and the dynamic properties of the cyber-risks.

Sensing the Chinese Diaspora: How Mobile Apps Can Provide Insights into Global Migration Flows

March 22, 2018

Minhui Xue, Alexandru Grigoras, Heather Lee and Keith Ross

Many countries today have “country-centric mobile apps” which are mobile apps that are primarily used by residents of a specific country. Many of these country-centric apps also include a location-based service which takes advantage of the smartphone’s API access to the smartphone’s current GPS location. In this paper, we investigate how such country-centric apps with location-based services can be employed to study the diaspora associated with ethnic and cultural groups. Our methodology combines GPS hacking, automated task tools for mobile phones, and OCR to generate migration statistics for diaspora.

Optimal Dynamic Contract for Spectrum Reservation in Mission-Critical UNB-IoT Systems

March 21, 2018

Muhammad Junaid Farooq and Quanyan Zhu

Spectrum reservation is emerging as one of the potential solutions to cater for the communication needs of massive number of wireless Internet of Things (IoT) devices with reliability constraints particularly in mission-critical scenarios. In most mission-critical systems, the true utility of a reservation may not be completely known ahead of time as the unforseen events might not be completely predictable. In this paper, we present a dynamic contract approach where an advance payment is made at the time of reservation based on partial information about spectrum reservation utility.

Efficient Protection of Design IP: Disguising the Interconnects

March 20, 2018

Satwik Patnaik , Mohammed Ashraf  , Johann Knechtel , and Ozgur Sinanoglu

Ensuring the trustworthiness and security of electronics has become an urgent challenge in recent years. Among various concerns, the protection of design intellectual property (IP) is to be addressed, due to outsourcing trends for the manufacturing supply chain and malicious end-user. In other words, adversaries either residing in the off-shore fab or in the field may want to obtain and pirate your design IP. As classical design tools do not consider such threats, there is clearly a need for security-aware EDA techniques.

Hardening the Hardware: A Reverse-engineering Resilient Secure Chip

March 20, 2018

Abhrajit Sengupta, Muhammad Yasin, Mohammed Nabeel, Mohammed Ashraf, Jeyavijayan Rajendran and Ozgur Sinanoglu

With the globalization of integrated circuit (IC) supply chain, the semi-conductor industry is facing a number of security threats, such as Intellectual Property (IP) piracy, hardware Trojans, and counterfeiting. To defend against such threats at the hardware level, logic locking was proposed as a promising countermeasure. Yet, several recent attacks have completely undermined its security by successfully retrieving the secret key. Here, we present stripped-functionality logic locking (SFLL), which resists all existing attacks by hiding a part of the functionality in the form of a secret key.

On Multi-Phase and Multi-Stage Game-Theoretic Modeling of Advanced Persistent Threats

March 12, 2018

Quanyan Zhu and Stefan Rass

Advanced persistent threats (APT) are considered as a significant security threat today. Despite their diversity in nature and details, a common skeleton and sequence of phases can be identified that these attacks follow (in similar ways), which admits a game-theoretic description and analysis. This paper describes a general framework that divides a general APT into three major temporal phases, and fits an individual game model to each phase, connecting the games at the transition points between the phases (similarly to “milestones” accomplished during the launch of an APT).

Adaptive and Resilient Revenue Maximizing Dynamic Resource Allocation and Pricing for Cloud-Enabled IoT Systems

March 3, 2018

Muhammad Junaid Farooq and Quanyan Zhu

Cloud computing is becoming an essential component in the emerging Internet of Things (IoT) paradigm. The available resources at the cloud such as computing nodes, storage, databases, etc. are often packaged in the form of virtual machines (VMs) to be used by remotely located IoT client applications for computational tasks. However, the cloud has a limited number of VMs available and hence, for massive IoT systems, the available resources must be efficiently utilized to increase productivity and subsequently maximize revenue of the cloud service provider (CSP).

ADMM-based Networked Stochastic Variational Inference

February 27, 2018

Hamza Anwar and Quanyan Zhu

Owing to the recent advances in “Big Data” modeling and prediction tasks, variational Bayesian estimation has gained popularity due to their ability to provide exact solutions to approximate posteriors. One key technique for approximate inference is stochastic variational inference (SVI) [1]. SVI poses variational inference as a stochastic optimization problem and solves it iteratively using noisy gradient estimates. It aims to handle massive data for predictive and classification tasks by applying complex Bayesian models that have observed as well as latent variables. This paper aims to decentralize it allowing parallel computation, secure learning and robustness benefits.

Concerted wire lifting: Enabling secure and cost-effective split manufacturing

February 22, 2018

Satwik Patnaik, Johann Knechtel, Mohammed Ashraf and Ozgur Sinanoglu

Here we advance the protection of split manufacturing (SM)-based layouts through the judicious and well-controlled handling of interconnects. Initially, we explore the cost-security trade-offs of SM, which are limiting its adoption. Aiming to resolve this issue, we propose effective and efficient strategies to lift nets to the BEOL. Towards this end, we design custom “elevating cells” which we also provide to the community. Further, we define and promote a new metric, Percentage of Netlist Recovery (PNR), which can quantify the resilience against gate-level theft of intellectual property (IP) in a manner more meaningful than established metrics.

Evolutionary Methods for Generating Synthetic MasterPrint Templates: Dictionary Attack in Fingerprint Recognition

February 21, 2018

Aditi Roy, Nasir Memon, Julian Togelius and Arun Ross

Recent research has demonstrated the possibility of generating “Masterprints” that can be used by an adversary to launch a dictionary attack against a fingerprint recognition system. Masterprints are fingerprint images that fortuitously match with a large number of other fingerprints thereby compromising the security of a fingerprint-based biometric system, especially those equipped with smallsized fingerprint sensors. This work presents new methods for creating a synthetic MasterPrint dictionary that sequentially maximizes the probability of matching a large number of target fingerprints.

Analyzing and Mitigating the Impact of Permanent Faults on a Systolic Array Based Neural Network Accelerator

February 17, 2018

Jeff (Jun) Zhang, Tianyu Gu, Kanad Basu and Siddharth Garg

Due to their growing popularity and computational cost, deep neural networks (DNNs) are being targeted for hardware acceleration. A popular architecture for DNN acceleration, adopted by the Google Tensor Processing Unit (TPU), utilizes a systolic array based matrix multiplication unit at its core. This paper deals with the design of faulttolerant, systolic array based DNN accelerators for high defect rate technologies. To this end, we empirically show that the classification accuracy of a baseline TPU drops significantly even at extremely low fault rates (as low as 0.006%).

Sensibility Testbed: Automated IRB Policy Enforcement in Mobile Research Apps

February 13, 2018

Yanyan Zhuang,Albert Rafetseder, Yu Hu, Yuan Tian and Justin Cappos

Due to their omnipresence, mobile devices such as smartphones could be tremendously valuable to researchers. However, since research projects can extract data about device owners that could be personal or sensitive, there are substantial privacy concerns. Currently, the only regulation to protect user privacy for research projects is through Institutional Review Boards (IRBs) from researchers’ institutions. However, there is no guarantee that researchers will follow the IRB protocol. Even worse, researchers without security expertise might build apps that are vulnerable to attacks.


February 12, 2018

Yiming Zhang , Quan Ho Vuong , Kenny Song , Xiao-Yue Gong and Keith W. Ross

This paper considers entropy bonus, which is used to encourage exploration in policy gradient. In the case of high-dimensional action spaces, calculating the entropy and its gradient requires enumerating all the actions in the action space and running forward and back-propagation for each action, which may be computationally infeasible. We develop several novel unbiased estimators for the entropy bonus and its gradient. We apply these estimators to several models for the parameterized policies, including Independent Sampling, CommNet, Autoregressive with Modified MDP, and Autoregressive with LSTM.

ThUnderVolt: Enabling Aggressive Voltage Underscaling and Timing Error Resilience for Energy Efficient Deep Neural Network Accelerators

February 11, 2018

Jeff Zhang, Kartheek Rangineni, Zahra Ghodsi,  and Siddharth Garg

Hardware accelerators are being increasingly deployed to boost the performance and energy efficiency of deep neural network (DNN) inference. In this paper we propose Thundervolt, a new framework that enables aggressive voltage underscaling of high-performance DNN accelerators without compromising classification accuracy even in the presence of high timing error rates. Using post-synthesis timing simulations of a DNN accelerator modeled on the Google TPU, we show that Thundervolt enables between 34%-57% energy savings on state-of-the-art speech and image recognition benchmarks with less than 1%loss in classification accuracy and no performance loss.

A Game-Theoretic Approach to Design Secure and Resilient Distributed Support Vector Machines

February 7, 2018

Rui Zhang and Quanyan Zhu

Distributed Support Vector Machines (DSVM) have been developed to solve large-scale classification problems in networked systems with a large number of sensors and control units. However, the systems become more vulnerable as detection and defense are increasingly difficult and expensive. This work aims to develop secure and resilient DSVM algorithms under adversarial environments in which an attacker can manipulate the training data to achieve his objective. We establish a game-theoretic framework to capture the conflicting interests between an adversary and a set of distributed data processing units.