Publications

1 10 11 12

Bullet-Proof Credit Card Processing

January 25, 2016

Damon McCoy

In this talk, I will first describe the process of disrupting counterfeit credit card processing which involves placing a test purchase with an online counterfeit website to trace the merchant account accepting payments and then filing a complaint with the card holder association, such as Visa or MasterCard.

BRAIN: BehavioR Based Adaptive Intrusion Detection in Networks: Using Hardware Performance Counters to Detect DDoS Attacks

January 8, 2016

Vinayaka Jyothi, Xueyang Wang, Sateesh K. Addepalli, Ramesh Karri

This work proposes a host based DDoS detection framework called BRAIN: BehavioR based Adaptive Intrusion detection in Networks.

TransCloud: a distributed environment based on dynamic networking

January 6, 2016

Rick McGeer, Joe Mambretti, Paul Mueller, Chris Matthews, Chris Pearson, Yvonne Coady, Jim Chen, Fei Yeh, Andy Bavier, Marco Yuen, Jessica Blaine, Alvin AuYoung, Alex Snoeren, and Justin Cappos 

This general problem: large, heterogeneous data, spread over a distributed computing infrastructure with varying connectivity and no common administrative interface – is ubiquitous through the natural, social, and engineering sciences. We are designing and implementing a computing infrastructure which addresses the distributed data management and query problem, and deploy it in a live service.

Formal Security Verification of Third Party Intellectual Property Cores for Information Leakage

January 4, 2016

Jeyavijayan Rajendran, Arunshankar Muruga Dhandayuthapany, Vivekananda Vedula, and Ramesh Karri

Globalization of the system-on-chip (SoC) design flow has created opportunities for rogue intellectual property (IP) vendors to insert malicious circuits (a.k.a. hardware Trojans) into their IPs. We propose to formally verify third party IPs (3PIPs) for unauthorized information leakage. We validate our technique using Trojan benchmarks from the Trust-Hub.

Security Assessment of Cyberphysical Digital Microfluidic Biochips

December 17, 2015

Sk Subidh Ali, Mohamed Ibrahim, Ozgur Sinanoglu, Krishnendu Chakrabarty, and Ramesh Karri

A digital microfluidic biochip (DMFB) is an emerging technology that enables miniaturized analysis systems for point-of-care clinical diagnostics, DNA sequencing, and environmental monitoring. A DMFB reduces the rate of sample and reagent consumption, and automates the analysis of assays. In this paper, we provide the first assessment of the security vulnerabilities of DMFBs.

Repeatable Reverse Engineering with PANDA

December 8, 2015

Brendan Dolan-Gavitt, Josh Hodosh, Patrick Hulin, Tim Leek, and Ryan Whelan

We present PANDA, an open-source tool that has been purpose-built to support whole system reverse engineering. It is built upon the QEMU whole system emulator, and so analyses have access to all code executing in the guest and all data. PANDA adds the ability to record and replay executions, enabling iterative, deep, whole system analyses. Further, the replay log files are compact and shareable, allowing for repeatable experiments.

Volkswagen and the Real Insider Threat

November 2, 2015

Lawfare-CCS

Zachary K. Goldman, Ramesh Karri

Insider threats rightly occupy a significant portion of the public discussion (and private debate inside corporations and government agencies) about cybersecurity.

Fault Attacks on AES and Their Countermeasures

September 17, 2015

Subidh Ali, Xiaofei Guo, Ramesh Karri, and Debdeep Mukhopadhyay

Fault Attacks exploit malicious or accidental faults injected during the computation of a cryptographic algorithm. Combining the seminal idea by Boneh, DeMillo and Lipton with Differential Cryptanalysis, a new field of Differential Fault Attacks (DFA) has emerged. DFA has shown that several ciphers can be compromised if the faults can be suitably controlled. DFA is not restricted to old ciphers, but can be a powerful attack vector even for modern ciphers, like the Advanced Encryption Standard (AES).

Reusing Hardware Performance Counters to Detect and Identify Kernel Control-Flow Modifying Rootkits

August 28, 2015

Xueyang Wang and Ramesh Karri

Kernel rootkits are formidable threats to computer systems. They are stealthy and can have unrestricted access to system resources. This paper presents NumChecker, a new virtual machine (VM) monitor based framework to detect and identify control-flow modifying kernel rootkits in a guest VM. NumChecker detects and identifies malicious modifications to a system call in the guest VM by measuring the number of certain hardware events that occur during the system call’s execution. To automatically count these events, NumChecker leverages the hardware performance counters (HPCs), which exist in modern processors.

Differing outlooks impede Sino-US cooperation to enhance cybersecurity

August 3, 2015

SCMP-CCS

Zachary K. Goldman and Jerome A. Cohen

China and the US both talk about “cybersecurity”, but mean different things. In Washington, cybersecurity is fundamentally about preventing unauthorised access to digital systems and, notwithstanding massive foreign hacking of US government databases, mainly focuses on protecting private-sector data  as well as critical infrastructure.

Variability and Reliability Awareness in the Age of Dark Silicon

June 1, 2015

Florian Kriebel, Muhammad Shafique, Semeen Rehman, Jörg Henkel and Siddharth Garg

Ability to supply more transistors per chip is outpacing improvements in cooling and power delivery. The result is operation that selectively powers on or off subsets of transistors. This paper suggests innovate ways to take advantage of the consequent “dark” silicon to meet a pair of additional emerging challenges-reliability and tolerance of variability.

One More Reason for Companies to Report Data Breaches

May 26, 2015

Just-Security-CCS

Judith H. Germano

Do companies and their legal advisors trust the government enough to reach out for help in the event of a breach, and do they perceive sufficient benefits from doing so? One major stumbling block in that assessment is the dichotomous role of government toward corporate data breach victims on the cybersecurity stage: that as protector, and as enforcer. A number of executives remain wary about reaching out to the government for help in a cybersecurity breach (when not legally compelled to do so), recognizing that the same government with whom they will share data will investigate and potentially bring an enforcement action against the company for deficiencies in how they prepared for or responded to the incident. The government took a small but meaningful step toward addressing that concern last week.

Sanctioning Cyber Crime: The New Face of Deterrence

May 19, 2015

CFR_Featured

Zachary K. Goldman

Deterrence is fundamentally about manipulating an adversary’s cost/benefit calculations to dissuade him from doing something you want to prevent. Over the last several years, strategists have struggled to adapt venerable Cold War concepts like deterrence to the information age. But deterring financially-motivated cyber criminals—the kinds of people that attacked Target, Anthem Health, and many others—requires an approach tailored to hackers that seek to steal sensitive information that can be monetized quickly.

Terrorism 2.0? New Challenges in Cyberspace

April 17, 2015

GJIA-CCS

Zachary K. Goldman

Discourse around cyber security and cyber terrorism is changing. It is evolving, slowly but perceptibly, from anxiety about a single catastrophic event—a “cyber Pearl Harbor”—to a conversation about how to manage a digital threat landscape that includes a large number of smaller incidents directed against a wide range of targets. Some of these episodes, to be sure, may prove catastrophic to individual victims. The strategic impact of proliferating cyber challenges, however, is more likely to be felt in their accumulated effect on our economic interests over time than in a single catastrophic event targeting American infrastructure.

Cyberthreat Spawns New Era Of Public-Private Collaboration

February 20, 2015

Law 360

Judith H. Germano

On Feb. 13, 2015, President Barack Obama signed an executive order to encourage more companies and industries to engage in active information sharing, by setting up hubs for transmitting intelligence on attacks and threats. The executive order also called for common standards so government and industry can share threat information more easily. The White House also announced last week that it is creating a Cyber Threat Intelligence Integration Center, and has called for legislation to promote increased information sharing.

Cybersecurity and a New Era of Asymmetric Economic Warfare

January 16, 2015

Just-Security-CCS

Zachary K. Goldman

In the last two decades, and in particular after the 9/11 attacks, the United States and its allies have had a near-monopoly on the use of coercive economic measures (sanctions, trade controls, investment restrictions, etc.) to achieve foreign policy objectives. This dominance has been grounded in the central role that the U.S. financial system, capital markets, and the U.S. dollar play in international trade and commerce.But the most novel aspect of the recent cyberattack against Sony Pictures is that it demonstrates the proliferation of the weapons of economic warfare.

Cybersecurity Partnerships: A New Era of Public-Private Collaboration

October 1, 2014

Judith H. Germano

It is generally understood that the public and private sectors need to collaborate to address the nation’s cybersecurity challenges, yet there remain significant questions regarding the circumstances, nature, and scope of those relationships. Legal, strategic, and pragmatic obstacles often impede effective public-private sector cooperation, which are compounded by regulatory and civil liability risks. Different government agencies have competing roles and interests, with the government serving dual roles as both partner and enforcer, influencing how companies facing cyberthreats view public authority. These domestic cybersecurity challenges are complicated further by crossborder issues, including inconsistent laws and perspectives regarding, in particular, privacy norms and restrictions, data transferability, and divergent political interests in combatting cyberthreats.

After the Breach: Cybersecurity Liability Risk

June 1, 2014

Judith H. Germano and Zachary K. Goldman

Cybersecurity’s evolving regulatory and liability landscape compounds the challenges that companies face from cyber attacks, and further complicates the ability of corporate executives and their advisors to understand and effectively manage cyber risk. Companies must prepare for and respond to a potential cyberattack’s direct damage, including financial and data loss, system and service interruptions, reputational harm and compromised security.