January 25, 2016
In this talk, I will first describe the process of disrupting counterfeit credit card processing which involves placing a test purchase with an online counterfeit website to trace the merchant account accepting payments and then filing a complaint with the card holder association, such as Visa or MasterCard.
BRAIN: BehavioR Based Adaptive Intrusion Detection in Networks: Using Hardware Performance Counters to Detect DDoS Attacks
January 8, 2016
Vinayaka Jyothi, Xueyang Wang, Sateesh K. Addepalli, Ramesh Karri
This work proposes a host based DDoS detection framework called BRAIN: BehavioR based Adaptive Intrusion detection in Networks.
January 6, 2016
Rick McGeer, Joe Mambretti, Paul Mueller, Chris Matthews, Chris Pearson, Yvonne Coady, Jim Chen, Fei Yeh, Andy Bavier, Marco Yuen, Jessica Blaine, Alvin AuYoung, Alex Snoeren, and Justin Cappos
This general problem: large, heterogeneous data, spread over a distributed computing infrastructure with varying connectivity and no common administrative interface – is ubiquitous through the natural, social, and engineering sciences. We are designing and implementing a computing infrastructure which addresses the distributed data management and query problem, and deploy it in a live service.
January 4, 2016
Jeyavijayan Rajendran, Arunshankar Muruga Dhandayuthapany, Vivekananda Vedula, and Ramesh Karri
Globalization of the system-on-chip (SoC) design flow has created opportunities for rogue intellectual property (IP) vendors to insert malicious circuits (a.k.a. hardware Trojans) into their IPs. We propose to formally verify third party IPs (3PIPs) for unauthorized information leakage. We validate our technique using Trojan benchmarks from the Trust-Hub.
December 17, 2015
Sk Subidh Ali, Mohamed Ibrahim, Ozgur Sinanoglu, Krishnendu Chakrabarty, and Ramesh Karri
A digital microfluidic biochip (DMFB) is an emerging technology that enables miniaturized analysis systems for point-of-care clinical diagnostics, DNA sequencing, and environmental monitoring. A DMFB reduces the rate of sample and reagent consumption, and automates the analysis of assays. In this paper, we provide the first assessment of the security vulnerabilities of DMFBs.
December 8, 2015
Brendan Dolan-Gavitt, Josh Hodosh, Patrick Hulin, Tim Leek, and Ryan Whelan
We present PANDA, an open-source tool that has been purpose-built to support whole system reverse engineering. It is built upon the QEMU whole system emulator, and so analyses have access to all code executing in the guest and all data. PANDA adds the ability to record and replay executions, enabling iterative, deep, whole system analyses. Further, the replay log files are compact and shareable, allowing for repeatable experiments.
November 2, 2015
Zachary K. Goldman, Ramesh Karri
Insider threats rightly occupy a significant portion of the public discussion (and private debate inside corporations and government agencies) about cybersecurity.
September 17, 2015
Subidh Ali, Xiaofei Guo, Ramesh Karri, and Debdeep Mukhopadhyay
Fault Attacks exploit malicious or accidental faults injected during the computation of a cryptographic algorithm. Combining the seminal idea by Boneh, DeMillo and Lipton with Differential Cryptanalysis, a new field of Differential Fault Attacks (DFA) has emerged. DFA has shown that several ciphers can be compromised if the faults can be suitably controlled. DFA is not restricted to old ciphers, but can be a powerful attack vector even for modern ciphers, like the Advanced Encryption Standard (AES).
August 28, 2015
Xueyang Wang and Ramesh Karri
Kernel rootkits are formidable threats to computer systems. They are stealthy and can have unrestricted access to system resources. This paper presents NumChecker, a new virtual machine (VM) monitor based framework to detect and identify control-flow modifying kernel rootkits in a guest VM. NumChecker detects and identifies malicious modifications to a system call in the guest VM by measuring the number of certain hardware events that occur during the system call’s execution. To automatically count these events, NumChecker leverages the hardware performance counters (HPCs), which exist in modern processors.
August 3, 2015
Zachary K. Goldman and Jerome A. Cohen
China and the US both talk about “cybersecurity”, but mean different things. In Washington, cybersecurity is fundamentally about preventing unauthorised access to digital systems and, notwithstanding massive foreign hacking of US government databases, mainly focuses on protecting private-sector data as well as critical infrastructure.
June 1, 2015
Florian Kriebel, Muhammad Shafique, Semeen Rehman, Jörg Henkel and Siddharth Garg
Ability to supply more transistors per chip is outpacing improvements in cooling and power delivery. The result is operation that selectively powers on or off subsets of transistors. This paper suggests innovate ways to take advantage of the consequent “dark” silicon to meet a pair of additional emerging challenges-reliability and tolerance of variability.
May 26, 2015
Judith H. Germano
Do companies and their legal advisors trust the government enough to reach out for help in the event of a breach, and do they perceive sufficient benefits from doing so? One major stumbling block in that assessment is the dichotomous role of government toward corporate data breach victims on the cybersecurity stage: that as protector, and as enforcer. A number of executives remain wary about reaching out to the government for help in a cybersecurity breach (when not legally compelled to do so), recognizing that the same government with whom they will share data will investigate and potentially bring an enforcement action against the company for deficiencies in how they prepared for or responded to the incident. The government took a small but meaningful step toward addressing that concern last week.
May 19, 2015
Zachary K. Goldman
Deterrence is fundamentally about manipulating an adversary’s cost/benefit calculations to dissuade him from doing something you want to prevent. Over the last several years, strategists have struggled to adapt venerable Cold War concepts like deterrence to the information age. But deterring financially-motivated cyber criminals—the kinds of people that attacked Target, Anthem Health, and many others—requires an approach tailored to hackers that seek to steal sensitive information that can be monetized quickly.
April 17, 2015
Zachary K. Goldman
Discourse around cyber security and cyber terrorism is changing. It is evolving, slowly but perceptibly, from anxiety about a single catastrophic event—a “cyber Pearl Harbor”—to a conversation about how to manage a digital threat landscape that includes a large number of smaller incidents directed against a wide range of targets. Some of these episodes, to be sure, may prove catastrophic to individual victims. The strategic impact of proliferating cyber challenges, however, is more likely to be felt in their accumulated effect on our economic interests over time than in a single catastrophic event targeting American infrastructure.
February 20, 2015
Judith H. Germano
On Feb. 13, 2015, President Barack Obama signed an executive order to encourage more companies and industries to engage in active information sharing, by setting up hubs for transmitting intelligence on attacks and threats. The executive order also called for common standards so government and industry can share threat information more easily. The White House also announced last week that it is creating a Cyber Threat Intelligence Integration Center, and has called for legislation to promote increased information sharing.
January 16, 2015
Zachary K. Goldman
In the last two decades, and in particular after the 9/11 attacks, the United States and its allies have had a near-monopoly on the use of coercive economic measures (sanctions, trade controls, investment restrictions, etc.) to achieve foreign policy objectives. This dominance has been grounded in the central role that the U.S. financial system, capital markets, and the U.S. dollar play in international trade and commerce.But the most novel aspect of the recent cyberattack against Sony Pictures is that it demonstrates the proliferation of the weapons of economic warfare.
October 1, 2014
Judith H. Germano
It is generally understood that the public and private sectors need to collaborate to address the nation’s cybersecurity challenges, yet there remain significant questions regarding the circumstances, nature, and scope of those relationships. Legal, strategic, and pragmatic obstacles often impede effective public-private sector cooperation, which are compounded by regulatory and civil liability risks. Different government agencies have competing roles and interests, with the government serving dual roles as both partner and enforcer, influencing how companies facing cyberthreats view public authority. These domestic cybersecurity challenges are complicated further by crossborder issues, including inconsistent laws and perspectives regarding, in particular, privacy norms and restrictions, data transferability, and divergent political interests in combatting cyberthreats.
June 1, 2014
Judith H. Germano and Zachary K. Goldman
Cybersecurity’s evolving regulatory and liability landscape compounds the challenges that companies face from cyber attacks, and further complicates the ability of corporate executives and their advisors to understand and effectively manage cyber risk. Companies must prepare for and respond to a potential cyberattack’s direct damage, including financial and data loss, system and service interruptions, reputational harm and compromised security.