Category: Publications

P. Moore, J. Cappos, P. Frankl, and T. Wies Won Best Paper at the 30th IEEE International Symposium on Software Reliability Engineering A common problem for developers is applications exhibiting new bugs after deployment. Many of these bugs can be traced to unexpected network, operating system, and file system differences that cause program executions that...

Y. Zhuang, A. Rafetseder, R. Weiss, and J. Cappos Sensibility Testbed is a framework for developing sensor-based applications that can run on user-provided smartphones, and is easy to program. Over the past four years, we have been organizing hackathons at SAS in order to perform semi-controlled experiments with this platform. Any smartphone user can install...

Interdisciplinary Cyber Security Education by Randal Milch and Nasir Memon NIST’s National Initiative for Cybersecurity Education (NICE) is a crucial step toward remedying the Nation’s undeniable shortage of “people with the knowledge, skills, and abilities to perform the tasks required for cybersecurity work.” Such a workforce will include “technical and nontechnical roles that are staffed with...

Dan Gopstein , Hongwei Zhou , Phyllis Frankl and Justin Cappos Prior work has shown that extremely small code patterns, such as the conditional operator and implicit type conversion, can cause considerable misunderstanding in programmers. Until now, the real world impact of these patterns ś known as ‘atoms of confusion’ ś was only speculative. This work uses a corpus of 14...

Rui Zhang and Quanyan Zhu With the recent growing number of cyber-attacks and the constant lack of effective and state-of-art defense methods, cyber risks become ubiquitous in enterprise networks, manufacturing plants, and government computer systems. Cyber-insurance has become one of the major ways to mitigate the risks as it can transfer the cyber-risks to insurance...

Minhui Xue, Alexandru Grigoras, Heather Lee and Keith Ross Many countries today have “country-centric mobile apps” which are mobile apps that are primarily used by residents of a specific country. Many of these country-centric apps also include a location-based service which takes advantage of the smartphone’s API access to the smartphone’s current GPS location. In this paper, we investigate...

Muhammad Junaid Farooq and Quanyan Zhu Spectrum reservation is emerging as one of the potential solutions to cater for the communication needs of massive number of wireless Internet of Things (IoT) devices with reliability constraints particularly in mission-critical scenarios. In most mission-critical systems, the true utility of a reservation may not be completely known ahead...

Satwik Patnaik , Mohammed Ashraf  , Johann Knechtel , and Ozgur Sinanoglu Ensuring the trustworthiness and security of electronics has become an urgent challenge in recent years. Among various concerns, the protection of design intellectual property (IP) is to be addressed, due to outsourcing trends for the manufacturing supply chain and malicious end-user. In other...

Abhrajit Sengupta, Muhammad Yasin, Mohammed Nabeel, Mohammed Ashraf, Jeyavijayan Rajendran and Ozgur Sinanoglu With the globalization of integrated circuit (IC) supply chain, the semi-conductor industry is facing a number of security threats, such as Intellectual Property (IP) piracy, hardware Trojans, and counterfeiting. To defend against such threats at the hardware level, logic locking was proposed as...

Quanyan Zhu and Stefan Rass Advanced persistent threats (APT) are considered as a significant security threat today. Despite their diversity in nature and details, a common skeleton and sequence of phases can be identified that these attacks follow (in similar ways), which admits a game-theoretic description and analysis. This paper describes a general framework that...