HOTSOS

The last decade has seen an influx of digital connectivity, operation automation, and remote sensing and control mechanisms in the railway domain. The management of the railway operations through the use of distributed sensors and controllers and with ...

In this work, we study the vulnerabilities of protection systems that can detect cyber-attacks in power grid systems. We show that machine learning-based discriminators are not resilient against Denial-of-Service (DoS) attacks. In particular, we ...

Industrial Control Systems (ICS) collect information from a variety of sensors throughout the process, and then use that information to control some physical components. Control engineers usually have to pick which measurements they are going to use and ...

In 2016, the Cyber Grand Challenge (CGC) provided key foundations and motivations for navigating towards an autonomous cybersecurity approach. Since that time, novel strides have been made in the areas of static analysis, vulnerability discovery, ...

The need to develop actionable intelligence that is proactive is very critical to current security controls and systems. Hackers and hacking techniques continue to grow and become more sophisticated. As such Security teams start to adopt proactive and ...

Port scanning is a commonly applied technique in the discovery phase of cyber attacks. As such, defending against them has long been the subject of many research and modeling efforts. Though modeling efforts can search large parameter spaces to find ...

Daily horror stories related to software vulnerabilities necessitates the understanding of how vulnerabilities are discovered. Identification of data sources that can be leveraged to understand how vulnerabilities are discovered could aid cybersecurity ...

Advances in AI are powering increasingly precise and widespread computational propaganda, posing serious threats to national security. The military and intelligence communities are starting to discuss ways to engage in this space, but the path forward ...

In this paper, we propose a new approach to neutralize attacks that tamper with critical program data. Our technique uses a sequence of instructions as a trap against the illicit modification of the critical data. In a nutshell, we set up a dependency ...

Spectre attacks have drawn much attention since their announcement. Speculative execution creates so-called transient instructions, those whose results are ephemeral and not committed architecturally. However, various side-channels exist to extract ...

Applying machine learning techniques to solve real-world problems is a highly iterative process. The process from idea to code and then to experiment may require up to thousands of iterations to find the optimum set of hyper-parameters. Also, it is hard ...

The rapid increase in the number of IoT devices in recent years indicates how much financial investment and efforts the tech-industries and the device manufacturers have put in. Unfortunately, this aggressive competition can give rise to poor quality ...

Scientific software is defined as software that is used to explore and analyze data to investigate unanswered research questions in the scientific community [6]. The domain of scientific software includes software needed to construct a research pipeline ...

Software fuzzing is a testing technique, which generates erroneous and random input to a software so that the software of interest can be monitored for exceptions such as crashes [1]. Both in the open source software (OSS) and proprietary domain, ...

Scientists and the military require inconspicuous means to monitor wildlife. In this poster, we progress the ability for a Raspberry Pi sensor network to be used for wildlife detection and monitoring. Eliminating the need for expensive commercial camera ...

Blockchain is an open, verifiable, and distributed consensus of transactions among different parties, relying on P2P technology for connectivity between nodes. However, the long time of block propagation limits inceptions of another consensus. We ...

Experience shows that even with a well-intentioned user at the keyboard, a motivated attacker can compromise a computer system at a layer below or adjacent to the shallow forms of authentication that are now accepted as commonplace[3]. Therefore, rather ...

When computer systems communicate sensitive information, it is often desirable, if not imperative, that one party know certain properties about the other. This may be as simple as confirming the external party's identity, e.g. by checking a signature ...

We proposed a novel risk assessment approach for quantifying the security risk of lateral movement attacks, in which the attack propagation is modeled as an uncertain graph and the attack impact is a function of the set of compromised devices. We ...

As the Army modernizes, its weapon systems are becoming increasingly more cyber dependent. This increased connectivity provides incredible opportunities, but also introduces new risks. This paper introduces the Armament Cyber Assessment Framework (ACAF),...

The ever-changing digital landscape remains more vulnerable than ever with cybersecurity becoming increasingly important to the success of the digital economy and its stakeholders. With models including cloud computing, mobility and IoT systems, ...

This work proposes a set of security, privacy, and usability design requirements for the backup and recovery systems of apps implementing the Time-based One-Time Password (TOTP) algorithm, a widely deployed method of two-factor authentication (2FA). We ...

Configuration Management Tools (CMT) help developers manage the system and installed application in an automated and efficient manner. However, misconfiguration in these tools can make a system vulnerable to compromises. Whether the usage of these tools ...

In this paper, we propose memory-aware cache DoS attacks that can induce more effective cache blocking by taking advantage of information of the underlying memory hardware. Like prior cache DoS attacks, our new attacks also generate lots of cache misses ...

In this work, we propose an encoding/decoding algorithm for program executable steganography. Some salient features of our approach is that unlike previous work it does not require the introduction of new instructions, which may be detectable. ...

The proliferation of the Internet of Things continues to be a critical issue today. The current landscape provides security with minimal oversight and is furthermore inadequate due to unaccounted human behavior in the design flow and management of ...

We consider the problem of networked agents cooperating together to perform a task of optimizing the parameters of a global cost function. Agents receive linearly correlated noisy streaming data that can be used to learn the target parameters via Least-...

The time-critical nature of medical emergencies, the requirements for system availability, and for real-time communication all make it exceedingly challenging to consistently enforce least-privilege access during medical emergencies (Break the Glass ...

As part of a computing network, the human factor is a key component with high cognitive responsiveness to their environment. Cognitive responsiveness manifests as psycho-physiological signal change. With the proliferation of devices that measure and ...

Containers have become increasingly popular in distributed computing environments. However, recent studies have shown that containerized applications are susceptible to various security attacks. Traditional pre-scheduled software update approaches not ...