Category: Publications

Yiwen Li, Brendan Dolan-Gavitt, Sam Weber, and Justin Cappos Virtual machines (VMs) that try to isolate untrusted code are widely used in practice. However, it is often possible to trigger zero-day flaws in the host Operating System (OS) from inside of such virtualized systems. In this paper, we propose a new security metric showing strong...

Toan Nguyen and Nasir Memon Smartwatches are rapidly emerging to be the next generation of personal devices from the smartphone era due to their novel form factor and broad applications. However, their emergence also poses new challenges to securing user information. An important challenge is preventing unauthorized access to private information stored on the watch,...

Kevin Gallagher, Sameer Patil, Nasir Memon Proper use of an anonymity system requires adequate understanding of how it functions. Yet, there is surprisingly little research that looks into user understanding and usage of anonymity software. Improper use stemming from a lack of sufficient knowledge of the system has the potential to lead to deanonymization, which...

Trishank Karthik Kuppusamy, Vladimir Diaz and Justin Cappos A popular community repository such as Docker Hub, PyPI, or RubyGems distributes tens of thousands of software projects to millions of users. The large number of projects and users make these repositories attractive targets for exploitation. After a repository compromise, a malicious party can launch a number...

Vladislav Taynitskiy, Elena Gubar and Quanyan Zhu With the emerging Internet of Things (IoT) technologies, malware spreading over increasingly connected networks becomes a new security concern. To capture the heterogeneous nature of the IoT networks, we propose a continuous-time Susceptible-Infected-Recovered (SIR) epidemic model with two types of malware for heterogeneous populations over a large network...

Jeffrey Pawlick and Quanyan Zhu Advances in computation, sensing, and networking have led to interest in the Internet of things (IoT) and cyberphysical systems (CPS). Developments concerning the IoT and CPS will improve critical infrastructure, vehicle networks, and personal health products. Unfortunately, these systems are vulnerable to attack. Advanced persistent threats (APTs) are a class...

Nasir Memon Discusses the challenges that face biometric authentication in the areas of privacy and network security. The use of biometric data — an individual’s measurable physical and behavioral characteristics — isn’t new. Government and law enforcement agencies have long used it. The Federal Bureau of Investigation (FBI) has been building a biometric recognition database;...

Athanasios Papadopoulos, Toan Nguyen, Emre Durmus and Nasir Memon. We address the problem of shoulder-surfing attacks on authentication schemes by proposing IllusionPIN (IPIN), a PIN-based authentication method that operates on touchscreen devices. IPIN uses the technique of hybrid images to blend two keypads with different digit orderings in such a way, that the user who...

Jeffrey Pawlick and Quanyan Zhu While the Internet of things (IoT) promises to improve areas such as energy efficiency, health care, and transportation, it is highly vulnerable to cyberattacks. In particular, distributed denial-of-service (DDoS) attacks overload the bandwidth of a server. But many IoT devices form part of cyber-physical systems (CPS). Therefore, they can be...

Linan Huang, Juntao Chen and Quanyan Zhu Enhancing the security and resilience of interdependent infrastructures is crucial. In this paper, we establish a theoretical framework based on Markov decision processes(MDPs) to design optimal resiliency mechanisms for interdependent infrastructures. We use MDPs to capture the dynamics of the failure of constituent components of an infrastructure and...