Publications

Decision and Game Theory for Security: 7th International Conference, GameSec 2016

November 4, 2016

Quanyan Zhu, Tansu Alpcan, Emmanouil Panaousis, Milind Tambe, and William Casey

This book constitutes the refereed proceedings of the 7th International Conference on Decision and Game Theory for Security, GameSec 2016, held in New York, NY, USA, in November 2016.

A Compact Implementation of Salsa20 and Its Power Analysis Vulnerabilities

November 1, 2016

Bodhisatwa Mazumdar, Sk. Subidh Ali, and Ozgur Sinanoglu

In this article, the authors present a compact implementation of the Salsa20 stream cipher that is targeted towards lightweight cryptographic devices such as radio-frequency identification (RFID) tags.

A Dual Perturbation Approach for Differential Private ADMM-Based Distributed Empirical Risk Minimization

October 28, 2016

Tao Zhang and Quanyan Zhu

In this paper, the authors develop a privacy-preserving method to a class of regularized empirical risk minimization (ERM) machine learning problems.

A Comparative Security Analysis of Current and Emerging Technologies

October 27, 2016

Chandra K.H. Suresh, Bodhisatwa Mazumdar, Sk Subidh Ali, and Ozgur Sinanoglu

In this article, the authors offer a security analysis of nanoelectromechanical systems (NEMS) and carbon nanotube (CNT). They highlight the key technology-specific features of these post-CMOS technologies that can inform the design of secure systems.

Power-side-channel analysis of carbon nanotube FET based design

October 24, 2016

Chandra K. H. Suresh, Bodhisatwa Mazumdar, Sk Subidh Ali and Ozgur Sinanoglu

Continuous scaling of CMOS technology beyond sub-nanometer region has aggravated short-channel effects, resulting in increased leakage current and high power densities. Furthermore, elevated leakage current and power density render CMOS based security-critical applications vulnerable to power-side-channel attacks. Carbon Nanotubes (CNT) is a promising alternative to CMOS technology.

Detecting malicious logins in enterprise networks using visualization

October 22, 2016

Hossein Siadati, Bahador Saket, Nasir Memon

The authors present APT-Hunter, a visualization tool that helps security analysts to explore login data for discovering patterns and detecting malicious logins

System, method and computer-accessible medium for security-centric electronic system design

October 20, 2016

Jeyavijayan Rajendran, Ramesh Karri, and Ozgur Sinanoglu

An exemplary system, method and computer-accessible medium can be provided which can include, for example, generating a super control dataflow graph(s) (CDFG) by applying a plurality of electronic system level ESL design constraints associated with an integrated circuit, determining an upper bound(s) number and a lower bound(s) number based on a number of CDFGs in the super CDFG(s)—with each number being one metric of a capability of the integrated circuit to resist reverse engineering attack—, and inserting a component(s) into a register transfer level netlist to effectuate a modification of the upper bound(s) and the lower bound(s).

GADAPT: A Sequential Game-Theoretic Framework for Designing Defense-in-Depth Strategies Against Advanced Persistent Threats

October 5, 2016

Stefan Rass and Quanyan Zhu

We present a dynamic game framework to model and design defense strategies for advanced persistent threats (APTs). The model is based on a sequence of nested finite two-person zero-sum games, in which the APT is modeled as the attempt to get through multiple protective shells of a system towards conquering the target located in the center of the infrastructure.

Optimal Contract Design Under Asymmetric Information for Cloud-Enabled Internet of Controlled Things

October 5, 2016

Juntao Chen and Quanyan Zhu

The development of advanced wireless communication technologies and smart embedded control devices makes everything connected, leading to an emerging paradigm of the Internet of Controlled Things (IoCT). IoCT consists of two layers of systems: cyber layer and physical layer. This work aims to establish a holistic framework that integrates the cyber-physical layers of the IoCT through the lens of contract theory.

Attack-Aware Cyber Insurance of Interdependent Computer Networks

October 3, 2016

Rui Zhang, Quanyan Zhu

The authors provide an integrative view of the cyber insurance through a bi-level game-theoretic model.

Can flexible, domain specific programmable logic prevent IP theft?

September 19, 2016

 Siddharth Garg, Ramesh Karri, Xiaotong Cui, Kaijie Wu

The authors propose a High Level Synthesis and Analysis (HLSA) approach that leverages embedded programmable logic (EPL) to hide sensitive parts of the IP from a rogue foundry or a rogue actor in a foundry.

A Stackelberg Game Perspective on the Conflict Between Machine Learning and Data Obfuscation

September 1, 2016

Jeffrey Pawlick and Quanyan Zhu

The authors address the strategic interaction between trackers who collect data and users when incentives to maintain privacy and improve accuracy are misaligned.

A Security Analysis of an In Vehicle Infotainment and App Platform

September 1, 2016

 Sahar Mazloom, Mohammad Rezaeirad, Aaron Hunter, and Damon McCoy

The authors discuss the security implications of the increasing trend in the automotive industry towards integrating trusted third-party apps with In-Vehicle-Infotainment systems (IVI) via smartphones.

Verifiable ASICs

August 18, 2016

Riad S. Wahby, Max Howald, Siddharth Garg, Abhi Shelat, and Michael Walfish

A manufacturer of custom hardware (ASICs) can undermine the intended execution of that hardware; high-assurance execution thus requires controlling the manufacturing chain. However, a trusted platform might be orders of magnitude worse in performance or price than an advanced, untrusted platform. This paper initiates exploration of an alternative: using verifiable computation (VC), an untrusted ASIC computes proofs of correct execution, which are verified by a trusted processor or ASIC.

LAVA: Large-Scale Automated Vulnerability Addition

August 18, 2016

Brendan Dolan-Gavitt, Patrick Hulin, Engin Kirda, Tim Leek, Andrea Mambretti, William K. Robertson, Frederick Ulrich, and Ryan Whelan

Work on automating vulnerability discovery has long been hampered by a shortage of ground-truth corpora with which to evaluate tools and techniques. This lack of ground truth prevents authors and users of tools alike from being able to measure such fundamental quantities as miss and false alarm rates. In this paper, we present LAVA, a novel dynamic taint analysis-based technique for producing ground-truth corpora by quickly and automatically injecting large numbers of realistic bugs into program source code.

Activation of logic encrypted chips: Pre-test or post-test?

August 16, 2016

Muhammad Yasin, Samah Mohamed Saeed, Jeyavijayan Rajendran, and Ozgur Sinanoglu

The authors assess and compare the pre-test and post-test activation models of logic encrypted chips.

Supply-Chain Security of Digital Microfluidic Biochips

August 15, 2016

Sk Subidh Ali, Mohamed Ibrahim, Jeyavijayan Rajendran, Ozgur Sinanoglu, and Krishnendu Chakrabarty

Digital microfluidic biochips (DMFBs) implement novel protocols for highly sensitive and specific biomolecular recognition. However, attackers can exploit supply-chain vulnerabilities to pirate DMFBs’ proprietary protocols or modify their results, with serious consequences for laboratory analysis, healthcare, and biotechnology innovation.

Securing pressure measurements using SensorPUFs

August 11, 2016

Jack Tang, Ramesh Karri, and Jeyavijayan Rajendran

We present a micro-electro-mechanical (MEM) relay based physical unclonable function (PUF) that is capable of sensing pressure while providing an assurance of authenticity. The unique properties of the SensorPUF arise from the pressure sensitivity of electrostatically actuated MEM relay structures.