Category: Publications

Peter Waszecki, Philipp Mundhenk, Sebastian Steinhorst, Martin Lukasiewycz, Ramesh Karri, and Samarjit Chakraborty Due to the growing interconnectedness and complexity of in-vehicle networks, in addition to safety, security is becoming an increasingly important topic in the automotive domain. In this paper we study techniques for detecting security infringements in automotive Electrical and Electronic (E/E) architectures....

Sai Teja Peddinti, Keith W. Ross, and Justin Cappos We explore the feasibility of automatically finding accounts that publish sensitive content on Twitter. One natural approach to this problem is to first create a list of sensitive keywords, and then identify Twitter accounts that use these words in their tweets. But such an approach may...

Judith H. Germano Third parties are a significant source of cybersecurity vulnerabilities, yet there remains much work to be done in terms of how third-party risk is assessed and  controlled. This paper explains how properly understanding and addressing third-party cyber risk requires a proactive and comprehensive approach to enable parties on all sides to prevent...

Sk Subidh Ali- , Mohamed Ibrahim, Ozgur Sinanoglu, Krishnendu Chakrabarty, and Ramesh Karri Recent security analysis of digital micro-fluidic biochips (DMFBs) has revealed that the DMFB design flow is vulnerable to IP piracy, Trojan attacks, overproduction, and counterfeiting. An attacker can launch assay manipulation attacks against DMFBs that are used for clinical diagnostics in healthcare.

Ramesh Karri, Ozgur Sinanoglu and Jeyavijayan Rajendran On one hand, traditionally, secure systems rely on hardware to store the keys for cryptographic protocols. Such an approach is becoming increasingly insecure, due to hardware-intrinsic vulnerabilities. A physical unclonable function (PUF) is a security primitive that exploits inherent hardware properties to generate keys on the fly, instead...

Samet Taspinar, Manoranjan Mohanty, and Nasir Memon Although PRNU (Photo Response Non-Uniformity)-based methods have been proposed to verify the source camera of a non-stabilized video, these methods may not be adequate for stabilized videos. The use of video stabilization has been increasing in recent years with the development of novel stabilization software and the availability of stabilization...

Samah Mohamed Saeed, Sk Subidh Ali, and Ozgur Sinanoglu The increasing design complexity of modern Integrated Chips (IC) has reflected into exacerbated challenges in manufacturing testing. In this respect, scan is the most widely used design for testability (DfT) technique that overcomes the manufacturing test challenges by enhancing the access and thus, testability. However, scan can also open a back door to an...

Ryan J. Whelan, Timothy R. Leek, Joshua E. Hodosh, Patrick A. Hulin, and Brendan Dolan-Gavitt Many problems brought on by faulty or malicious software code can be diagnosed through a reverse engineering technique known as dynamic analysis, in which analysts study software as it executes. Researchers at Lincoln Laboratory developed the Platform for Architecture-Neutral Dynamic...

Trishank Karthik Kuppusamy, Santiago Torres-Arias, Vladimir Diaz, and Justin Cappos Community repositories, such as Docker Hub, PyPI, and RubyGems, are bustling marketplaces that distribute software. Even though these repositories use common software signing techniques (e.g., GPG and TLS), attackers can still publish malicious packages after a server compromise.