Publications

Finding Sensitive Accounts on Twitter: An Automated Approach Based on Follower Anonymity

March 31, 2016

Sai Teja Peddinti, Keith W. Ross, and Justin Cappos

We explore the feasibility of automatically finding accounts that publish sensitive content on Twitter, by examining the percentage of anonymous and identifiable followers the accounts have. We first designed a machine learning classifier to automatically determine if a Twitter account is anonymous or identifiable. We then classified an account as potentially sensitive based on the percentages of anonymous and identifiable followers the account has. We applied our approach to approximately 100,000 accounts with 404 million active followers. The approach uncovered accounts that were sensitive for a diverse number of reasons.

Diplomat: Using Delegations to Protect Community Repositories

March 16, 2016

Trishank Karthik Kuppusamy, Santiago Torres-Arias, Vladimir Diaz, and Justin Cappos

The authors demonstrate that community repositories can offer compromise-resilience and real-time project registration by employing mechanisms that disambiguate trust delegations.

Dynamic Privacy For Distributed Machine Learning Over Network

March 9, 2016

Tao Zhang and Quanyan Zhu

Privacy-preserving distributed machine learning becomes increasingly important due to the recent rapid growth of data. This paper focuses on a class of regularized empirical risk minimization (ERM) machine learning problems, and develops two methods to provide differential privacy to distributed learning algorithms over a network.

Characterizing user behaviors in location-based find-and-flirt services: Anonymity and demographics

February 26, 2016

Minhui Xue, Limin Yang, 
Keith W. Ross, and Haifeng Qian

In this paper, we explore: (i) if one gender tends to use the People Nearby service more than another; (ii) if users of People Nearby are more anonymous than ordinary WeChat users; (iii) if ordinary WeChat users are more anonymous than Twitter users. We also take an in-depth examination of the user anonymity and demographics in a combined fashion and examine: (iv) if ordinary WeChat females are more anonymous than ordinary males; (v) if People Nearby females are more anonymous than People Nearby males.

Interdependent Network Formation Games

February 24, 2016

Juntao Chen and Quanyan Zhu

Designing optimal interdependent networks is important for the robustness and efficiency of national critical infrastructures. Here, we establish a two-person game-theoretic model in which two network designers choose to maximize the global connectivity independently. This framework enables decentralized network design by using iterative algorithms.

Do You See What I See? Differential Treatment of Anonymous Users

February 23, 2016

Sheharbano Khattak, David Fifield, Sadia Afroz, Mobin Javed, Srikanth Sundaresan, Vern Paxson, Steven J. Murdoch, and Damon McCoy

The utility of anonymous communication is undermined by a growing number of websites treating users of such services in a degraded fashion…We conduct the first study to methodically enumerate and characterize the treatment of anonymous users as second-class Web citizens in the context of Tor.

 

Understanding Craigslist Rental Scams

February 22, 2016

Youngsam Park, Damon McCoy, and Elaine Shi

Fraudulently posted online rental listings, rental scams, have been frequently reported by users. However, our understanding of the structure of rental scams is limited. In this paper, we conduct the first systematic empirical study of online rental scams on Craigslist. This study is enabled by a suite of techniques that allowed us to identify scam campaigns and our automated system that is able to collect additional information by conversing with scammers.

 

Systems, Processes and Computer-Accessible Medium for Providing Logic Encryption Utilizing Fault Analysis

February 18, 2016

Ozgur Sinanoglu, Youngok Pino, Jeyavijayan Rajendran, and Ramesh Karri

Exemplary systems, methods and computer-accessible mediums can encrypting a circuit by determining at least one location to insert at least one gate in the circuit using a fault analysis, and inserting the at least one gate in at least one section of the at least one location. The determination can include an iterative procedure that can be a greedy iterative procedure. The determination can be based on an effect of the particular location on a maximum number of outputs of the circuit.

Law Enforcement Online: Innovative Doesn’t Mean Illegal

February 16, 2016

Just-Security-CCS

Judith H. Germano

Criminal actors have an increasing ability to commit serious crimes remotely via computers, while concealing their identity and location through the use of various means, including Tor hidden service protocols. To effectively identify and apprehend these criminals, law enforcement must be nimble and technologically savvy, and must employ regularly updated investigative tools.

Test access system, method and computer-accessible medium for chips with spare identical cores

February 16, 2016

Ozgur Sinanoglu

Exemplary system, method and computer-accessible medium for testing a multi-core chip can be provided which can have and/or utilize a plurality of identical cores. This can be performed by comparing each core with as many as at least the number of spare cores plus 1 using a comparator; the number of comparators can equal the total number of cores multiplied by one-half the number of spare cores plus 1.

 

A Comprehensive Design-for-Test Infrastructure in the Context of Security-Critical Applications

February 11, 2016

Samah Mohamed Saeed and Ozgur Sinanoglu

Testability is a perennial concern that requires ever-improved solutions; however, potentially resultant security vulnerabilities need to be considered as well. This article provides a compact look at a body of DfT work from lead practitioners in the field. The DfT strategies address predicting and data Potential impacts DfT controlling test volume and reducing power. of to security are considered, along with strategies for providing testability without sacrificing security.

System, Method And Computer-Accessible Medium For Facilitating Logic Encryption

February 4, 2016

Jeyavijayan Rajendran, Youngok Pino, Ozgur Sinanoglu, and Ramesh Karri

Exemplary systems, methods and computer-accessible mediums for encrypting at least one integrated circuit (IC) can include determining, using an interference graph, at least one location for a proposed insertion of at least one gate in or at the at least one IC, and inserting the gate(s) into the IC(s) at the location(s). The interference graph can be constructed based at least in part on an effect of the location(s) on at least one further location of the IC(s).

Thwarting location privacy protection in location‐based social discovery services

February 4, 2016

Minhui Xue, Yong Liu, Keith W. Ross, and Haifeng Qian

In this paper, we investigate the user location privacy leakage problem in LBSD services reporting distances in discrete bands. Using number theory, we analytically show that by strategically placing multiple virtual probes with fake Global Positioning System locations, one can nevertheless localize user locations in band-based LBSD.

System, Method and Computer-Accessible Medium for Providing Secure Split Manufacturing

February 4, 2016

Jeyavijayan Rajendran, Ozgur Sinanoglu, and Ramesh Karri 
Exemplary systems, methods and computer-accessible mediums can secure split manufacturing of an integrated circuit by modifying a previous location of at least one pin to a further location of the at least one pin based on a fault analysis procedure. A determination of the further location can include an iterative procedure that can be a greedy iterative procedure. The modification of the location of the at least one partition pin can be performed by swapping at least one further partition pin with the at least one partition pin.

Optimal De-Anonymization in Random Graphs with Community Structure

February 3, 2016

Efe Onaran, Siddharth Garg, and Elza Erkip

Anonymized social network graphs published for academic or advertisement purposes are subject to de-anonymization attacks by leveraging side information in the form of a second, public social network graph correlated with the anonymized graph. This is because the two are from the same underlying graph of true social relationships. In this paper, we (i) characterize the maximum a posteriori (MAP) estimates of user identities for the anonymized graph and (ii) provide sufficient conditions for successful de-anonymization for underlying graphs with community structure. Our results generalize prior work that assumed underlying graphs of Erd\H{o}s-R\’enyi type, in addition to proving the optimality of the attack strategy adopted in the prior work.

Adapting to Varying Distribution of Unknown Response Bits

January 28, 2016

Chandra K. H. Suresh, Ozgur Sinanoglu, and Sule Ozev

In this article, we present several adaptive strategies to enable adaptive unknown bit masking for faster-than-at-speed testing so as to ensure no yield loss while attaining the maximum test quality based on tester memory constraints. We also develop a tester-enabled compression scheme that helps alleviate memory constraints further, shifting the tradeoff space favorably to improve test quality.

Providing a fast, remote security service using hashlists of approved web objects

January 26, 2016

Justin Cappos, Nasir Memon, Sai Teja Peddinti, and Keith Ross

A security system and service, which improves the performance of SECaaS services, is described. A security server system tracks the content that has successfully passed through its security modules and distributes this information to the end user client devices as hashlist information. The remote client devices can then safely bypass the cloud for a significant fraction of Web object requests by using information on a locally stored hashlist to validate Web objects.

Bullet-Proof Credit Card Processing

January 25, 2016

Damon McCoy

In this talk, I will first describe the process of disrupting counterfeit credit card processing which involves placing a test purchase with an online counterfeit website to trace the merchant account accepting payments and then filing a complaint with the card holder association, such as Visa or MasterCard.