Nasir Memon The use of biometric data—an individual’s measurable physical and behavioral characteristics—isn’t new. Government and law enforcement agencies have long used it. … Using biometric data to access our personal devices is increasing as a way to get around the limitations of the commonly used password-based mechanism: it’s easier, more convenient, and (theoretically) more...
Author: Emerald Knox (Emerald Knox)
Post
At Cybersecurity Camps, Teen Girls Learn About Protecting Nation, Breaking Barriers
Talk to the teenage girls studying cybersecurity at New York University [Tandon School of Engineering] this summer, and you’ll get an earful about their determination to protect their country, safeguard privacy, and conquer their fair share of a male-dominated field.The young women are attending one of a rising number of camps devoted to the niche...
Post
Lock-in-Pop: Securing Privileged Operating System Kernels by Keeping on the Beaten Path
Yiwen Li, Brendan Dolan-Gavitt, Sam Weber, and Justin Cappos Virtual machines (VMs) that try to isolate untrusted code are widely used in practice. However, it is often possible to trigger zero-day flaws in the host Operating System (OS) from inside of such virtualized systems. In this paper, we propose a new security metric showing strong...
Post
WhatsApp Now Allows You to Share Any File Type
WhatsApp is adding a brand new feature in its latest update: the ability to share any file type. …Damon McCoy, a Computer Science and Engineering professor at the NYU Tandon School of Engineering, said that “most cellphones unless you root them will only allow you to run apps if they’re from official stores.” In regions...
Post
Smartwatches Locking Methods: A Comparative Study
Toan Nguyen and Nasir Memon Smartwatches are rapidly emerging to be the next generation of personal devices from the smartphone era due to their novel form factor and broad applications. However, their emergence also poses new challenges to securing user information. An important challenge is preventing unauthorized access to private information stored on the watch,...
Post
New Me: Understanding Expert and Non-Expert Perceptions and Usage of the Tor Anonymity Network
Kevin Gallagher, Sameer Patil, Nasir Memon Proper use of an anonymity system requires adequate understanding of how it functions. Yet, there is surprisingly little research that looks into user understanding and usage of anonymity software. Improper use stemming from a lack of sufficient knowledge of the system has the potential to lead to deanonymization, which...
Post
Mercury: Bandwidth-Effective Prevention of Rollback Attacks Against Community Repositories
Trishank Karthik Kuppusamy, Vladimir Diaz and Justin Cappos A popular community repository such as Docker Hub, PyPI, or RubyGems distributes tens of thousands of software projects to millions of users. The large number of projects and users make these repositories attractive targets for exploitation. After a repository compromise, a malicious party can launch a number...
Post
America's Online Enemies
From election meddling and economic espionage to financial fraud and personal identity theft, it’s becoming clear that cybersecurity is increasingly central to every aspect of the way we live. Both state-sponsored cyber-spies and transnational organized crime groups pose urgent threats online to our nation’s critical infrastructure, our security, and our fundamental values in a democratic...
Post
Optimal impulse control of bi-virus SIR epidemics with application to heterogeneous Internet of Things
Vladislav Taynitskiy, Elena Gubar and Quanyan Zhu With the emerging Internet of Things (IoT) technologies, malware spreading over increasingly connected networks becomes a new security concern. To capture the heterogeneous nature of the IoT networks, we propose a continuous-time Susceptible-Infected-Recovered (SIR) epidemic model with two types of malware for heterogeneous populations over a large network...
Post
Strategic Trust in Cloud-Enabled Cyber-Physical Systems with an Application to Glucose Control
Jeffrey Pawlick and Quanyan Zhu Advances in computation, sensing, and networking have led to interest in the Internet of things (IoT) and cyberphysical systems (CPS). Developments concerning the IoT and CPS will improve critical infrastructure, vehicle networks, and personal health products. Unfortunately, these systems are vulnerable to attack. Advanced persistent threats (APTs) are a class...