Visible to the public Biblio

Found 1186 results

Filters: First Letter Of Last Name is S  [Clear All Filters]
A B C D E F G H I J K L M N O P Q R [S] T U V W X Y Z   [Show ALL]
Schneider, Tobias, Moradi, Amir, Güneysu, Tim.  2016.  ParTI: Towards Combined Hardware Countermeasures Against Side-Channeland Fault-Injection Attacks. Proceedings of the 2016 ACM Workshop on Theory of Implementation Security. :39–39.

Side-channel analysis and fault-injection attacks are known as major threats to any cryptographic implementation. Protecting cryptographic implementations with suitable countermeasures is thus essential before they are deployed in the wild. However, countermeasures for both threats are of completely different nature: Side-channel analysis is mitigated by techniques that hide or mask key-dependent information while resistance against fault-injection attacks can be achieved by redundancy in the computation for immediate error detection. Since already the integration of any single countermeasure in cryptographic hardware comes with significant costs in terms of performance and area, a combination of multiple countermeasures is expensive and often associated with undesired side effects. In this work, we introduce a countermeasure for cryptographic hardware implementations that combines the concept of a provably-secure masking scheme (i.e., threshold implementation) with an error detecting approach against fault injection. As a case study, we apply our generic construction to the lightweight LED cipher. Our LED instance achieves first-order resistance against side-channel attacks combined with a fault detection capability that is superior to that of simple duplication for most error distributions at an increased area demand of 4.3%.

Schnepf, N., Badonnel, R., Lahmadi, A., Merz, S..  2017.  Automated Verification of Security Chains in Software-Defined Networks with Synaptic. 2017 IEEE Conference on Network Softwarization (NetSoft). :1–9.
Software-defined networks provide new facilities for deploying security mechanisms dynamically. In particular, it is possible to build and adjust security chains to protect the infrastructures, by combining different security functions, such as firewalls, intrusion detection systems and services for preventing data leakage. It is important to ensure that these security chains, in view of their complexity and dynamics, are consistent and do not include security violations. We propose in this paper an automated strategy for supporting the verification of security chains in software-defined networks. It relies on an architecture integrating formal verification methods for checking both the control and data planes of these chains, before their deployment. We describe algorithms for translating specifications of security chains into formal models that can then be verified by SMT1 solving or model checking. Our solution is prototyped as a package, named Synaptic, built as an extension of the Frenetic family of SDN programming languages. The performances of our approach are evaluated through extensive experimentations based on the CVC4, veriT, and nuXmv checkers.
Schnepf, N., Badonnel, R., Lahmadi, A., Merz, S..  2017.  Automated Verification of Security Chains in Software-Defined Networks with Synaptic. 2017 IEEE Conference on Network Softwarization (NetSoft). :1–9.

Software-defined networks provide new facilities for deploying security mechanisms dynamically. In particular, it is possible to build and adjust security chains to protect the infrastructures, by combining different security functions, such as firewalls, intrusion detection systems and services for preventing data leakage. It is important to ensure that these security chains, in view of their complexity and dynamics, are consistent and do not include security violations. We propose in this paper an automated strategy for supporting the verification of security chains in software-defined networks. It relies on an architecture integrating formal verification methods for checking both the control and data planes of these chains, before their deployment. We describe algorithms for translating specifications of security chains into formal models that can then be verified by SMT1 solving or model checking. Our solution is prototyped as a package, named Synaptic, built as an extension of the Frenetic family of SDN programming languages. The performances of our approach are evaluated through extensive experimentations based on the CVC4, veriT, and nuXmv checkers.

Schoenebeck, Grant, Snook, Aaron, Yu, Fang-Yi.  2016.  Sybil Detection Using Latent Network Structure. Proceedings of the 2016 ACM Conference on Economics and Computation. :739–756.

Sybil attacks, in which an adversary creates a large number of identities, present a formidable problem for the robustness of recommendation systems. One promising method of sybil detection is to use data from social network ties to implicitly infer trust. Previous work along this dimension typically a) assumes that it is difficult/costly for an adversary to create edges to honest nodes in the network; and b) limits the amount of damage done per such edge, using conductance-based methods. However, these methods fail to detect a simple class of sybil attacks which have been identified in online systems. Indeed, conductance-based methods seem inherently unable to do so, as they are based on the assumption that creating many edges to honest nodes is difficult, which seems to fail in real-world settings. We create a sybil defense system that accounts for the adversary's ability to launch such attacks yet provably withstands them by: Notassuminganyrestrictiononthenumberofedgesanadversarycanform,butinsteadmakingamuch weaker assumption that creating edges from sybils to most honest nodes is difficult, yet allowing that the remaining nodes can be freely connected to. Relaxing the goal from classifying all nodes as honest or sybil to the goal of classifying the "core" nodes of the network as honest; and classifying no sybil nodes as honest. Exploiting a new, for sybil detection, social network property, namely, that nodes can be embedded in low-dimensional spaces.

Schonherr, L., Zeiler, S., Kolossa, D..  2017.  Spoofing detection via simultaneous verification of audio-visual synchronicity and transcription. 2017 IEEE Automatic Speech Recognition and Understanding Workshop (ASRU). :591–598.

Acoustic speaker recognition systems are very vulnerable to spoofing attacks via replayed or synthesized utterances. One possible countermeasure is audio-visual speaker recognition. Nevertheless, the addition of the visual stream alone does not prevent spoofing attacks completely and only provides further information to assess the authenticity of the utterance. Many systems consider audio and video modalities independently and can easily be spoofed by imitating only a single modality or by a bimodal replay attack with a victim's photograph or video. Therefore, we propose the simultaneous verification of the data synchronicity and the transcription in a challenge-response setup. We use coupled hidden Markov models (CHMMs) for a text-dependent spoofing detection and introduce new features that provide information about the transcriptions of the utterance and the synchronicity of both streams. We evaluate the features for various spoofing scenarios and show that the combination of the features leads to a more robust recognition, also in comparison to the baseline method. Additionally, by evaluating the data on unseen speakers, we show the spoofing detection to be applicable in speaker-independent use-cases.

Schordan, Markus, Oppelstrup, Tomas, Jefferson, David, Barnes, Jr., Peter D., Quinlan, Dan.  2016.  Automatic Generation of Reversible C++ Code and Its Performance in a Scalable Kinetic Monte-Carlo Application. Proceedings of the 2016 Annual ACM Conference on SIGSIM Principles of Advanced Discrete Simulation. :111–122.

The fully automatic generation of code that establishes the reversibility of arbitrary C/C++ code has been a target of research and engineering for more than a decade as reverse computation has become a central notion in large scale parallel discrete event simulation (PDES). The simulation models that are implemented for PDES are of increasing complexity and size and require various language features to support abstraction, encapsulation, and composition when building a simulation model. In this paper we focus on parallel simulation models that are written in C++ and present an approach and an evaluation for a fully automatically generated reversible code for a kinetic Monte-Carlo application implemented in C++. Although a significant runtime overhead is introduced with our technique, the assurance that the reverse code is generated automatically and correctly, is an enormous win that allows simulation model developers to write forward event code using the entire C++ language, and have that code automatically transformed into reversible code to enable parallel execution with the Rensselaer's Optimistic Simulation System (ROSS).

Schrenk, B., Pacher, C..  2018.  1 Gb/s All-LED Visible Light Communication System. 2018 Optical Fiber Communications Conference and Exposition (OFC). :1–3.
We evaluate the use of LEDs intended for illumination as low-cost filtered optical detectors. An optical wireless system that is exclusively based on commercial off-the-shelf 5-mm R/G/B LEDs is experimentally demonstrated for Gb/s close-proximity transmission.
Schroeder, Bianca.  2016.  Case Studies from the Real World: The Importance of Measurement and Analysis in Building Better Systems. Proceedings of the 7th ACM/SPEC on International Conference on Performance Engineering. :1–1.

At the core of the "Big Data" revolution lie frameworks and systems that allow for the massively parallel processing of large amounts of data. Ironically, while they have been designed for processing large amounts of data, these systems are at the same time major producers of data: to support the administration and management of these huge-scale systems, they are configured to generate detailed log and monitoring data, periodically capturing the system state across all nodes, components and jobs in the system. While such logging information is used routinely by sysadmins for ad-hoc trouble-shooting and problem diagnosis, we point out that there is a tremendous value in analyzing such data from a research point of view. In this talk, we will go over several case studies that demonstrate how measuring and analyzing measurement data from production systems can provide new insights into how systems work and fail, and how these new insights can help in designing better systems.

Schroeder, Jan, Berger, Christian, Staron, Miroslaw, Herpel, Thomas, Knauss, Alessia.  2016.  Unveiling Anomalies and Their Impact on Software Quality in Model-based Automotive Software Revisions with Software Metrics and Domain Experts. Proceedings of the 25th International Symposium on Software Testing and Analysis. :154–164.

The validation of simulation models (e.g., of electronic control units for vehicles) in industry is becoming increasingly challenging due to their growing complexity. To systematically assess the quality of such models, software metrics seem to be promising. In this paper we explore the use of software metrics and outlier analysis as a means to assess the quality of model-based software. More specifically, we investigate how results from regression analysis applied to measurement data received from size and complexity metrics can be mapped to software quality. Using the moving averages approach, models were fit to data received from over 65,000 software revisions for 71 simulation models that represent different electronic control units of real premium vehicles. Consecutive investigations using studentized deleted residuals and Cook’s Distance revealed outliers among the measurements. From these outliers we identified a subset, which provides meaningful information (anomalies) by comparing outlier scores with expert opinions. Eight engineers were interviewed separately for outlier impact on software quality. Findings were validated in consecutive workshops. The results show correlations between outliers and their impact on four of the considered quality characteristics. They also demonstrate the applicability of this approach in industry.

Schroeder, Jill M., Manz, David O., Amaya, Jodi P., McMakin, Andrea H., Bays, Ryan M..  2018.  Understanding Past, Current and Future Communication and Situational Awareness Technologies for First Responders. Proceedings of the Fifth Cybersecurity Symposium. :2:1-2:14.
This study builds a foundation for improving research for first responder communication and situational awareness technology in the future. In an online survey, we elicited the opinions of 250 U.S. first responders about effectiveness, security, and reliability of past, current, and future Internet of Things technology. The most desired features respondents identified were connectivity, reliability, interoperability, and affordability. The top barriers to technology adoption and use included restricted budgets/costs, interoperability, insufficient training resources, and insufficient interagency collaboration and communication. First responders in all job types indicated that technology has made first responder equipment more useful, and technology that supports situational awareness is particularly valued. As such, future Internet of Things capabilities, such as tapping into smart device data in residences and piggybacking onto alternative communication channels, could be valuable for future first responders. Potential areas for future investigation are suggested for technology development and research.
Schroeter, Ronald, Steinberger, Fabius.  2016.  PokÉMon DRIVE: Towards Increased Situational Awareness in Semi-automated Driving. Proceedings of the 28th Australian Conference on Computer-Human Interaction. :25–29.

Recent advances in vehicle automation have led to excitement and discourse in academia, industry, the media, and the public. Human factors such as trust and user experience are critical in terms of safety and customer acceptance. One of the main challenges in partial and conditional automation is related to drivers' situational awareness, or a lack thereof. In this paper, we critically analyse state of the art implementations in this arena and present a proactive approach to increasing situational awareness. We propose to make use of augmented reality to carefully design applications aimed at constructs such as amplification and voluntary attention. Finally, we showcase an example application, Pokémon DRIVE, that illustrates the utility of our proposed approach.

Schubotz, Moritz, Grigorev, Alexey, Leich, Marcus, Cohl, Howard S., Meuschke, Norman, Gipp, Bela, Youssef, Abdou S., Markl, Volker.  2016.  Semantification of Identifiers in Mathematics for Better Math Information Retrieval. Proceedings of the 39th International ACM SIGIR Conference on Research and Development in Information Retrieval. :135–144.

Mathematical formulae are essential in science, but face challenges of ambiguity, due to the use of a small number of identifiers to represent an immense number of concepts. Corresponding to word sense disambiguation in Natural Language Processing, we disambiguate mathematical identifiers. By regarding formulae and natural text as one monolithic information source, we are able to extract the semantics of identifiers in a process we term Mathematical Language Processing (MLP). As scientific communities tend to establish standard (identifier) notations, we use the document domain to infer the actual meaning of an identifier. Therefore, we adapt the software development concept of namespaces to mathematical notation. Thus, we learn namespace definitions by clustering the MLP results and mapping those clusters to subject classification schemata. In addition, this gives fundamental insights into the usage of mathematical notations in science, technology, engineering and mathematics. Our gold standard based evaluation shows that MLP extracts relevant identifier-definitions. Moreover, we discover that identifier namespaces improve the performance of automated identifier-definition extraction, and elevate it to a level that cannot be achieved within the document context alone.

Schuette, J., Brost, G. S..  2018.  LUCON: Data Flow Control for Message-Based IoT Systems. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :289-299.

Today's emerging Industrial Internet of Things (IIoT) scenarios are characterized by the exchange of data between services across enterprises. Traditional access and usage control mechanisms are only able to determine if data may be used by a subject, but lack an understanding of how it may be used. The ability to control the way how data is processed is however crucial for enterprises to guarantee (and provide evidence of) compliant processing of critical data, as well as for users who need to control if their private data may be analyzed or linked with additional information - a major concern in IoT applications processing personal information. In this paper, we introduce LUCON, a data-centric security policy framework for distributed systems that considers data flows by controlling how messages may be routed across services and how they are combined and processed. LUCON policies prevent information leaks, bind data usage to obligations, and enforce data flows across services. Policy enforcement is based on a dynamic taint analysis at runtime and an upfront static verification of message routes against policies. We discuss the semantics of these two complementing enforcement models and illustrate how LUCON policies are compiled from a simple policy language into a first-order logic representation. We demonstrate the practical application of LUCON in a real-world IoT middleware and discuss its integration into Apache Camel. Finally, we evaluate the runtime impact of LUCON and discuss performance and scalability aspects.

Schuldt, Jacob C.N., Shinagawa, Kazumasa.  2017.  On the Robustness of RSA-OAEP Encryption and RSA-PSS Signatures Against (Malicious) Randomness Failures. Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. :241–252.

It has recently become apparent that both accidental and maliciously caused randomness failures pose a real and serious threat to the security of cryptographic primitives, and in response, researchers have begone the development of primitives that provide robustness against these. In this paper, however, we focus on standardized, widely available primitives. Specifically, we analyze the RSA-OAEP encryption scheme and RSA-PSS signature schemes, specified in PKCS \#1, using the related randomness security notion introduced by Paterson et al. (PKC 2014) and its extension to signature schemes. We show that, under the RSA and $\Phi$-hiding assumptions, RSA-OAEP encryption is related randomness secure for a large class of related randomness functions in the random oracle model, as long as the recipient is honest, and remains secure even when additionally considering malicious recipients, as long as the related randomness functions does not allow the malicious recipients to efficiently compute the randomness used for the honest recipient. We furthermore show that, under the RSA assumption, the RSA-PSS signature scheme is secure for any class of related randomness functions, although with a non-tight security reduction. However, under additional, albeit somewhat restrictive assumptions on the related randomness functions and the adversary, a tight reduction can be recovered. Our results provides some reassurance regarding the use of RSA-OAEP and RSA-PSS in environments where randomness failures might be a concern. Lastly, we note that, unlike RSA-OAEP and RSA-PSS, several other schemes, including RSA-KEM, part of ISO 18033-2, and DHIES, part of IEEE P1363a, are not secure under simple repeated randomness attacks.

Schulz, A., Kotson, M., Meiners, C., Meunier, T., O’Gwynn, D., Trepagnier, P., Weller-Fahy, D..  2017.  Active Dependency Mapping: A Data-Driven Approach to Mapping Dependencies in Distributed Systems. 2017 IEEE International Conference on Information Reuse and Integration (IRI). :84–91.

We introduce Active Dependency Mapping (ADM), a method for establishing dependency relations among a set of interdependent services. The approach is to artificially degrade network performance to infer which assets on the network support a particular process. Artificial degradation of the network environment could be transparent to users; run continuously it could identify dependencies that are rare or occur only at certain timescales. A useful byproduct of this dependency analysis is a quantitative assessment of the resilience and robustness of the system. This technique is intriguing for hardening both enterprise networks and cyber physical systems. We present a proof-of-concept experiment executed on a real-world set of interrelated software services. We assess the efficacy of the approach, discuss current limitations, and suggest options for future development of ADM.

Schulz, Lukas, Schulz, Dirk.  2018.  Numerical Analysis of the Transient Behavior of the Non-Equilibrium Quantum Liouville Equation. IEEE Transactions on Nanotechnology. 17:1197—1205.

The numerical analysis of transient quantum effects in heterostructure devices with conventional numerical methods tends to pose problems. To overcome these limitations, a novel numerical scheme for the transient non-equilibrium solution of the quantum Liouville equation utilizing a finite volume discretization technique is proposed. Additionally, the solution with regard to the stationary regime, which can serve as a reference solution, is inherently included within the discretization scheme for the transient regime. Resulting in a highly oscillating interference pattern of the statistical density matrix as well in the stationary as in the transient regime, the reflecting nature of the conventional boundary conditions can be an additional source of error. Avoiding these non-physical reflections, the concept of a complex absorbing potential used for the Schrödinger equation is utilized to redefine the drift operator in order to render open boundary conditions for quantum transport equations. Furthermore, the method allows the application of the commonly used concept of inflow boundary conditions.

Schulz, Matthias, Klapper, Patrick, Hollick, Matthias, Tews, Erik, Katzenbeisser, Stefan.  2016.  Trust The Wire, They Always Told Me!: On Practical Non-Destructive Wire-Tap Attacks Against Ethernet. Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks. :43–48.

Ethernet technology dominates enterprise and home network installations and is present in datacenters as well as parts of the backbone of the Internet. Due to its wireline nature, Ethernet networks are often assumed to intrinsically protect the exchanged data against attacks carried out by eavesdroppers and malicious attackers that do not have physical access to network devices, patch panels and network outlets. In this work, we practically evaluate the possibility of wireless attacks against wired Ethernet installations with respect to resistance against eavesdropping by using off-the-shelf software-defined radio platforms. Our results clearly indicate that twisted-pair network cables radiate enough electromagnetic waves to reconstruct transmitted frames with negligible bit error rates, even when the cables are not damaged at all. Since this allows an attacker to stay undetected, it urges the need for link layer encryption or physical layer security to protect confidentiality.

Schulz, Matthias, Loch, Adrian, Hollick, Matthias.  2016.  DEMO: Demonstrating Practical Known-Plaintext Attacks Against Physical Layer Security in Wireless MIMO Systems. Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks. :201–203.

After being widely studied in theory, physical layer security schemes are getting closer to enter the consumer market. Still, a thorough practical analysis of their resilience against attacks is missing. In this work, we use software-defined radios to implement such a physical layer security scheme, namely, orthogonal blinding. To this end, we use orthogonal frequency-division multiplexing (OFDM) as a physical layer, similarly to WiFi. In orthogonal blinding, a multi-antenna transmitter overlays the data it transmits with noise in such a way that every node except the intended receiver is disturbed by the noise. Still, our known-plaintext attack can extract the data signal at an eavesdropper by means of an adaptive filter trained using a few known data symbols. Our demonstrator illustrates the iterative training process at the symbol level, thus showing the practicability of the attack.

Schulz, T., Golatowski, F., Timmermann, D..  2017.  Evaluation of a Formalized Encryption Library for Safety-Critical Embedded Systems. 2017 IEEE International Conference on Industrial Technology (ICIT). :1153–1158.

Complex safety-critical devices require dependable communication. Dependability includes confidentiality and integrity as much as safety. Encrypting gateways with demilitarized zones, Multiple Independent Levels of Security architectures and the infamous Air Gap are diverse integration patterns for safety-critical infrastructure. Though resource restricted embedded safety devices still lack simple, certifiable, and efficient cryptography implementations. Following the recommended formal methods approach for safety-critical devices, we have implemented proven cryptography algorithms in the qualified model based language Scade as the Safety Leveraged Implementation of Data Encryption (SLIDE) library. Optimization for the synchronous dataflow language is discussed in the paper. The implementation for public-key based encryption and authentication is evaluated for real-world performance. The feasibility is shown by execution time benchmarks on an industrial safety microcontroller platform running a train control safety application.

Schürmann, D., Zengen, G. V., Priedigkeit, M., Wolf, L..  2017.  \#x003BC;DTNSec: A Security Layer for Disruption-Tolerant Networks on Microcontrollers. 2017 16th Annual Mediterranean Ad Hoc Networking Workshop (Med-Hoc-Net). :1–7.

We introduce $μ$DTNSec, the first fully-implemented security layer for Delay/Disruption-Tolerant Networks (DTN) on microcontrollers. It provides protection against eavesdropping and Man-in-the-Middle attacks that are especially easy in these networks. Following the Store-Carry-Forward principle of DTNs, an attacker can simply place itself on the route between source and destination. Our design consists of asymmetric encryption and signatures with Elliptic Curve Cryptography and hardware-backed symmetric encryption with the Advanced Encryption Standard. $μ$DTNSec has been fully implemented as an extension to $μ$DTN on Contiki OS and is based on the Bundle Protocol specification. Our performance evaluation shows that the choice of the curve (secp128r1, secp192r1, secp256r1) dominates the influence of the payload size. We also provide energy measurements for all operations to show the feasibility of our security layer on energy-constrained devices.

Schüssler, Fabian, Nasirifard, Pezhman, Jacobsen, Hans-Arno.  2018.  Attack and Vulnerability Simulation Framework for Bitcoin-like Blockchain Technologies. Proceedings of the 19th International Middleware Conference (Posters). :5–6.
Despite the very high volatility of the cryptocurrency markets, the interest in the development and adaptation of existing cryptocurrencies such as Bitcoin as well as new distributed ledger technologies is increasing. Therefore, understanding the security and vulnerability issues of such blockchain systems plays a critical role. In this work, we propose a configurable distributed simulation framework for analyzing Bitcoin-like blockchain systems which are based on Proof-of-Work protocols. The simulator facilitates investigating security properties of blockchain systems by enabling users to configure several characteristics of the blockchain network and executing different attack scenarios, such as double-spending attacks and flood attacks and observing the effects of the attacks on the blockchain network.
Schuster, Roei, Shmatikov, Vitaly, Tromer, Eran.  2018.  Situational Access Control in the Internet of Things. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. :1056–1073.

Access control in the Internet of Things (IoT) often depends on a situation — for example, "the user is at home” — that can only be tracked using multiple devices. In contrast to the (well-studied) smartphone frameworks, enforcement of situational constraints in the IoT poses new challenges because access control is fundamentally decentralized. It takes place in multiple independent frameworks, subjects are often external to the enforcement system, and situation tracking requires cross-framework interaction and permissioning. Existing IoT frameworks entangle access-control enforcement and situation tracking. This results in overprivileged, redundant, inconsistent, and inflexible implementations. We design and implement a new approach to IoT access control. Our key innovation is to introduce "environmental situation oracles” (ESOs) as first-class objects in the IoT ecosystem. An ESO encapsulates the implementation of how a situation is sensed, inferred, or actuated. IoT access-control frameworks can use ESOs to enforce situational constraints, but ESOs and frameworks remain oblivious to each other's implementation details. A single ESO can be used by multiple access-control frameworks across the ecosystem. This reduces inefficiency, supports consistent enforcement of common policies, and — because ESOs encapsulate sensitive device-access rights — reduces overprivileging. ESOs can be deployed at any layer of the IoT software stack where access control is applied. We implemented prototype ESOs for the IoT resource layer, based on the IoTivity framework, and for the IoT Web services, based on the Passport middleware.

Schwab, Stephen, Kline, Erik.  2019.  Cybersecurity Experimentation at Program Scale: Guidelines and Principles for Future Testbeds. 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS PW). :94–102.
Cybersecurity Experimentation is often viewed narrowly in terms of a single technology or experiment. This paper reviews the experimentation life-cycle for two large scale research efforts that span multiple technologies. We identify salient aspects of each cybersecurity program, and capture guidelines based on eight years of experience. Extrapolating, we identify four principles for building future experimental infrastructure: 1) Reduce the cognitive burden on experimenters when designing and operating experiments. 2) Allow experimenters to encode their goals and constraints. 3) Provide flexibility in experimental design. 4) Provide multifaceted guidance to help experimenters produce high-quality experiments. By following these principles, future cybersecurity testbeds can enable significantly higher-quality experiments.
Schwartz, E.J., Avgerinos, T., Brumley, D..  2010.  All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask). Security and Privacy (SP), 2010 IEEE Symposium on. :317-331.

Dynamic taint analysis and forward symbolic execution are quickly becoming staple techniques in security analyses. Example applications of dynamic taint analysis and forward symbolic execution include malware analysis, input filter generation, test case generation, and vulnerability discovery. Despite the widespread usage of these two techniques, there has been little effort to formally define the algorithms and summarize the critical issues that arise when these techniques are used in typical security contexts. The contributions of this paper are two-fold. First, we precisely describe the algorithms for dynamic taint analysis and forward symbolic execution as extensions to the run-time semantics of a general language. Second, we highlight important implementation choices, common pitfalls, and considerations when using these techniques in a security context.

Schwartz, Edward J., Cohen, Cory F., Duggan, Michael, Gennari, Jeffrey, Havrilla, Jeffrey S., Hines, Charles.  2018.  Using Logic Programming to Recover C++ Classes and Methods from Compiled Executables. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. :426–441.
High-level C++ source code abstractions such as classes and methods greatly assist human analysts and automated algorithms alike when analyzing C++ programs. Unfortunately, these abstractions are lost when compiling C++ source code, which impedes the understanding of C++ executables. In this paper, we propose a system, OOAnalyzer, that uses an innovative new design to statically recover detailed C++ abstractions from executables in a scalable manner. OOAnalyzer's design is motivated by the observation that many human analysts reason about C++ programs by recognizing simple patterns in binary code and then combining these findings using logical inference, domain knowledge, and intuition. We codify this approach by combining a lightweight symbolic analysis with a flexible Prolog-based reasoning system. Unlike most existing work, OOAnalyzer is able to recover both polymorphic and non-polymorphic C++ classes. We show in our evaluation that OOAnalyzer assigns over 78% of methods to the correct class on our test corpus, which includes both malware and real-world software such as Firefox and MySQL. These recovered abstractions can help analysts understand the behavior of C++ malware and cleanware, and can also improve the precision of program analyses on C++ executables.