Category: Publications

Home / Publications
Post

Charting a Course Through Uncertain Environments: SEA Uses Past Problems to Avoid Future Failures

P. Moore, J. Cappos, P. Frankl, and T. Wies Won Best Paper at the 30th IEEE International Symposium on Software Reliability Engineering A common problem for developers is applications exhibiting new bugs after deployment. Many of these bugs can be traced to unexpected network, operating system, and file system differences that cause program executions that...

Post

Four Years Experience: Making Sensibility Testbed Work for SAS

Y. Zhuang, A. Rafetseder, R. Weiss, and J. Cappos Sensibility Testbed is a framework for developing sensor-based applications that can run on user-provided smartphones, and is easy to program. Over the past four years, we have been organizing hackathons at SAS in order to perform semi-controlled experiments with this platform. Any smartphone user can install...

Post

Interdisciplinary Cyber Security Education

Interdisciplinary Cyber Security Education by Randal Milch and Nasir Memon NIST’s National Initiative for Cybersecurity Education (NICE) is a crucial step toward remedying the Nation’s undeniable shortage of “people with the knowledge, skills, and abilities to perform the tasks required for cybersecurity work.” Such a workforce will include “technical and nontechnical roles that are staffed with...

Post

Prevalence of Confusing Code in Software Projects

Dan Gopstein , Hongwei Zhou , Phyllis Frankl and Justin Cappos Prior work has shown that extremely small code patterns, such as the conditional operator and implicit type conversion, can cause considerable misunderstanding in programmers. Until now, the real world impact of these patterns ś known as ‘atoms of confusion’ ś was only speculative. This work uses a corpus of 14...

Post

Optimal Cyber Insurance Policy Design for Dynamic Risk Management and Mitigation

Rui Zhang and Quanyan Zhu With the recent growing number of cyber-attacks and the constant lack of effective and state-of-art defense methods, cyber risks become ubiquitous in enterprise networks, manufacturing plants, and government computer systems. Cyber-insurance has become one of the major ways to mitigate the risks as it can transfer the cyber-risks to insurance...

Post

Sensing the Chinese Diaspora: How Mobile Apps Can Provide Insights into Global Migration Flows

Minhui Xue, Alexandru Grigoras, Heather Lee and Keith Ross Many countries today have “country-centric mobile apps” which are mobile apps that are primarily used by residents of a specific country. Many of these country-centric apps also include a location-based service which takes advantage of the smartphone’s API access to the smartphone’s current GPS location. In this paper, we investigate...

Post

Optimal Dynamic Contract for Spectrum Reservation in Mission-Critical UNB-IoT Systems

Muhammad Junaid Farooq and Quanyan Zhu Spectrum reservation is emerging as one of the potential solutions to cater for the communication needs of massive number of wireless Internet of Things (IoT) devices with reliability constraints particularly in mission-critical scenarios. In most mission-critical systems, the true utility of a reservation may not be completely known ahead...

Post

Efficient Protection of Design IP: Disguising the Interconnects

Satwik Patnaik , Mohammed Ashraf  , Johann Knechtel , and Ozgur Sinanoglu Ensuring the trustworthiness and security of electronics has become an urgent challenge in recent years. Among various concerns, the protection of design intellectual property (IP) is to be addressed, due to outsourcing trends for the manufacturing supply chain and malicious end-user. In other...

Post

Hardening the Hardware: A Reverse-engineering Resilient Secure Chip

Abhrajit Sengupta, Muhammad Yasin, Mohammed Nabeel, Mohammed Ashraf, Jeyavijayan Rajendran and Ozgur Sinanoglu With the globalization of integrated circuit (IC) supply chain, the semi-conductor industry is facing a number of security threats, such as Intellectual Property (IP) piracy, hardware Trojans, and counterfeiting. To defend against such threats at the hardware level, logic locking was proposed as...

Post

On Multi-Phase and Multi-Stage Game-Theoretic Modeling of Advanced Persistent Threats

Quanyan Zhu and Stefan Rass Advanced persistent threats (APT) are considered as a significant security threat today. Despite their diversity in nature and details, a common skeleton and sequence of phases can be identified that these attacks follow (in similar ways), which admits a game-theoretic description and analysis. This paper describes a general framework that...