Visible to the public Biblio

Filters: Keyword is attack surface  [Clear All Filters]
2021-05-13
Plappert, Christian, Zelle, Daniel, Gadacz, Henry, Rieke, Roland, Scheuermann, Dirk, Krauß, Christoph.  2021.  Attack Surface Assessment for Cybersecurity Engineering in the Automotive Domain. 2021 29th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP). :266–275.
Connected smart cars enable new attacks that may have serious consequences. Thus, the development of new cars must follow a cybersecurity engineering process as defined for example in ISO/SAE 21434. A central part of such a process is the threat and risk assessment including an attack feasibility rating. In this paper, we present an attack surface assessment with focus on the attack feasibility rating compliant to ISO/SAE 21434. We introduce a reference architecture with assets constituting the attack surface, the attack feasibility rating for these assets, and the application of this rating on typical use cases. The attack feasibility rating assigns attacks and assets to an evaluation of the attacker dimensions such as the required knowledge and the feasibility of attacks derived from it. Our application of sample use cases shows how this rating can be used to assess the feasibility of an entire attack path. The attack feasibility rating can be used as a building block in a threat and risk assessment according to ISO/SAE 21434.
Niu, Yingjiao, Lei, Lingguang, Wang, Yuewu, Chang, Jiang, Jia, Shijie, Kou, Chunjing.  2020.  SASAK: Shrinking the Attack Surface for Android Kernel with Stricter “seccomp” Restrictions. 2020 16th International Conference on Mobility, Sensing and Networking (MSN). :387–394.
The increasing vulnerabilities in Android kernel make it an attractive target to the attackers. Most kernel-targeted attacks are initiated through system calls. For security purpose, Google has introduced a Linux kernel security mechanism named “seccomp” since Android O to constrain the system calls accessible to the Android apps. Unfortunately, existing Android seccomp mechanism provides a fairly coarse-grained restriction by enforcing a unified seccomp policy containing more than 250 system calls for Android apps, which greatly reduces the effectiveness of seccomp. Also, it lacks an approach to profile the unnecessary system calls for a given Android app. In this paper we present a two-level control scheme named SASAK, which can shrink the attack surface of Android kernel by strictly constraining the system calls available to the Android apps with seccomp mechanism. First, instead of leveraging a unified seccomp policy for all Android apps, SASAK introduces an architecture- dedicated system call constraining by enforcing two separate and refined seccomp policies for the 32-bit Android apps and 64-bit Android apps, respectively. Second, we provide a tool to profile the necessary system calls for a given Android app and enforce an app-dedicated seccomp policy to further reduce the allowed system calls for the apps selected by the users. The app-dedicated control could dynamically change the seccomp policy for an app according to its actual needs. We implement a prototype of SASAK and the experiment results show that the architecture-dedicated constraining reduces 39.6% system calls for the 64-bit apps and 42.5% system calls for the 32-bit apps. 33% of the removed system calls for the 64-bit apps are vulnerable, and the number for the 32-bit apps is 18.8%. The app-dedicated restriction reduces about 66.9% and 62.5% system calls on average for the 64-bit apps and 32-bit apps, respectively. In addition, SASAK introduces negligible performance overhead.
Bradbury, Matthew, Maple, Carsten, Yuan, Hu, Atmaca, Ugur Ilker, Cannizzaro, Sara.  2020.  Identifying Attack Surfaces in the Evolving Space Industry Using Reference Architectures. 2020 IEEE Aerospace Conference. :1–20.
The space environment is currently undergoing a substantial change and many new entrants to the market are deploying devices, satellites and systems in space; this evolution has been termed as NewSpace. The change is complicated by technological developments such as deploying machine learning based autonomous space systems and the Internet of Space Things (IoST). In the IoST, space systems will rely on satellite-to-x communication and interactions with wider aspects of the ground segment to a greater degree than existing systems. Such developments will inevitably lead to a change in the cyber security threat landscape of space systems. Inevitably, there will be a greater number of attack vectors for adversaries to exploit, and previously infeasible threats can be realised, and thus require mitigation. In this paper, we present a reference architecture (RA) that can be used to abstractly model in situ applications of this new space landscape. The RA specifies high-level system components and their interactions. By instantiating the RA for two scenarios we demonstrate how to analyse the attack surface using attack trees.
Luo, Yukui, Gongye, Cheng, Ren, Shaolei, Fei, Yunsi, Xu, Xiaolin.  2020.  Stealthy-Shutdown: Practical Remote Power Attacks in Multi - Tenant FPGAs. 2020 IEEE 38th International Conference on Computer Design (ICCD). :545–552.
With the deployment of artificial intelligent (AI) algorithms in a large variety of applications, there creates an increasing need for high-performance computing capabilities. As a result, different hardware platforms have been utilized for acceleration purposes. Among these hardware-based accelerators, the field-programmable gate arrays (FPGAs) have gained a lot of attention due to their re-programmable characteristics, which provide customized control logic and computing operators. For example, FPGAs have recently been adopted for on-demand cloud services by the leading cloud providers like Amazon and Microsoft, providing acceleration for various compute-intensive tasks. While the co-residency of multiple tenants on a cloud FPGA chip increases the efficiency of resource utilization, it also creates unique attack surfaces that are under-explored. In this paper, we exploit the vulnerability associated with the shared power distribution network on cloud FPGAs. We present a stealthy power attack that can be remotely launched by a malicious tenant, shutting down the entire chip and resulting in denial-of-service for other co-located benign tenants. Specifically, we propose stealthy-shutdown: a well-timed power attack that can be implemented in two steps: (1) an attacker monitors the realtime FPGA power-consumption detected by ring-oscillator-based voltage sensors, and (2) when capturing high power-consuming moments, i.e., the power consumption by other tenants is above a certain threshold, she/he injects a well-timed power load to shut down the FPGA system. Note that in the proposed attack strategy, the power load injected by the attacker only accounts for a small portion of the overall power consumption; therefore, such attack strategy remains stealthy to the cloud FPGA operator. We successfully implement and validate the proposed attack on three FPGA evaluation kits with running real-world applications. The proposed attack results in a stealthy-shutdown, demonstrating severe security concerns of co-tenancy on cloud FPGAs. We also offer two countermeasures that can mitigate such power attacks.
Liu, Xinghua, Bai, Dandan, Jiang, Rui.  2020.  Load Frequency Control of Multi-area Power Systems under Deception Attacks*. 2020 Chinese Automation Congress (CAC). :3851–3856.
This paper investigated the sliding mode load frequency control (LFC) for an multi-area power system (MPS) under deception attacks (DA). A Luenberger observer is designed to obtain the state estimate of MPS. By using the Lyapunov-Krasovskii method, a sliding mode surface (SMS) is designed to ensure the stability. Then the accessibility analysis ensures that the trajectory of the MPS can reach the specified SMS. Finally, the serviceability of the method is explained by providing a case study.
Zhang, Yaqin, Ma, Duohe, Sun, Xiaoyan, Chen, Kai, Liu, Feng.  2020.  WGT: Thwarting Web Attacks Through Web Gene Tree-based Moving Target Defense. 2020 IEEE International Conference on Web Services (ICWS). :364–371.
Moving target defense (MTD) suggests a game-changing way of enhancing web security by increasing uncertainty and complexity for attackers. A good number of web MTD techniques have been investigated to counter various types of web attacks. However, in most MTD techniques, only fixed attributes of the attack surface are shifted, leaving the rest exploitable by the attackers. Currently, there are few mechanisms to support the whole attack surface movement and solve the partial coverage problem, where only a fraction of the possible attributes shift in the whole attack surface. To address this issue, this paper proposes a Web Gene Tree (WGT) based MTD mechanism. The key point is to extract all potential exploitable key attributes related to vulnerabilities as web genes, and mutate them using various MTD techniques to withstand various attacks. Experimental results indicate that, by randomly shifting web genes and diversely inserting deceptive ones, the proposed WGT mechanism outperforms other existing schemes and can significantly improve the security of web applications.
Nie, Guanglai, Zhang, Zheng, Zhao, Yufeng.  2020.  The Executors Scheduling Algorithm for the Web Server Based on the Attack Surface. 2020 IEEE International Conference on Advances in Electrical Engineering and Computer Applications( AEECA). :281–287.
In the existing scheduling algorithms of mimicry structure, the random algorithm cannot solve the problem of large vulnerability window in the process of random scheduling. Based on known vulnerabilities, the algorithm with diversity and complexity as scheduling indicators can not only fail to meet the characteristic requirements of mimic's endogenous security for defense, but also cannot analyze the unknown vulnerabilities and measure the continuous differences in time of mimic Executive Entity. In this paper, from the Angle of attack surface is put forward based on mimicry attack the mimic Executive Entity scheduling algorithm, its resources to measure analysis method and mimic security has intrinsic consistency, avoids the random algorithm to vulnerability and modeling using known vulnerabilities targeted, on time at the same time can ensure the diversity of the Executive body, to mimic the attack surface web server scheduling system in continuous time is less, and able to form a continuous differences. Experiments show that the minimum symbiotic resource scheduling algorithm based on time continuity is more secure than the random scheduling algorithm.
Lit, Yanyan, Kim, Sara, Sy, Eric.  2021.  A Survey on Amazon Alexa Attack Surfaces. 2021 IEEE 18th Annual Consumer Communications Networking Conference (CCNC). :1–7.
Since being launched in 2014, Alexa, Amazon's versatile cloud-based voice service, is now active in over 100 million households worldwide [1]. Alexa's user-friendly, personalized vocal experience offers customers a more natural way of interacting with cutting-edge technology by allowing the ability to directly dictate commands to the assistant. Now in the present year, the Alexa service is more accessible than ever, available on hundreds of millions of devices from not only Amazon but third-party device manufacturers. Unfortunately, that success has also been the source of concern and controversy. The success of Alexa is based on its effortless usability, but in turn, that has led to a lack of sufficient security. This paper surveys various attacks against Amazon Alexa ecosystem including attacks against the frontend voice capturing and the cloud backend voice command recognition and processing. Overall, we have identified six attack surfaces covering the lifecycle of Alexa voice interaction that spans several stages including voice data collection, transmission, processing and storage. We also discuss the potential mitigation solutions for each attack surface to better improve Alexa or other voice assistants in terms of security and privacy.
Liu, Xinlin, Huang, Jianhua, Luo, Weifeng, Chen, Qingming, Ye, Peishan, Wang, Dingbo.  2020.  Research on Attack Mechanism using Attack Surface. 2020 IEEE International Conference on Artificial Intelligence and Computer Applications (ICAICA). :137–141.
A approach to research on the attack mechanism designs through attack surface technology due to the complexity of the attack mechanism. The attack mechanism of a mimic architecture is analyzed in a relative way using attack surface metrics to indicate whether mimic architectures are safer than non-mimic architectures. The definition of the architectures attack surface in terms of the mimic brackets along three abstract dimensions referenced the system attack surface. The larger the attack surface, the more likely the architecture will be attacked.
Everson, Douglas, Cheng, Long.  2020.  Network Attack Surface Simplification for Red and Blue Teams. 2020 IEEE Secure Development (SecDev). :74–80.
Network port scans are a key first step to developing a true understanding of a network-facing attack surface. However in large-scale networks, the data resulting from such scans can be too numerous for Red Teams to process for manual and semiautomatic testing. Indiscriminate port scans can also compromise a Red Team seeking to quickly gain a foothold on a network. A large attack surface can even complicate Blue Team activities like threat hunting. In this paper we provide a cluster analysis methodology designed to group similar hosts to reduce security team workload and Red Team observability. We also measure the Internet-facing network attack surface of 13 organizations by clustering their hosts based on similarity. Through a case study we demonstrate how the output of our clustering technique provides new insight to both Red and Blue Teams, allowing them to quickly identify potential high-interest points on the attack surface.
2021-03-29
Lakhdhar, Y., Rekhis, S., Sabir, E..  2020.  A Game Theoretic Approach For Deploying Forensic Ready Systems. 2020 International Conference on Software, Telecommunications and Computer Networks (SoftCOM). :1–6.
Cyber incidents are occurring every day using various attack strategies. Deploying security solutions with strong configurations will reduce the attack surface and improve the forensic readiness, but will increase the security overhead and cost. In contrast, using moderate or low security configurations will reduce that overhead, but will inevitably decrease the investigation readiness. To avoid the use of cost-prohibitive approaches in developing forensic-ready systems, we present in this paper a game theoretic approach for deploying an investigation-ready infrastructure. The proposed game is a non-cooperative two-player game between an adaptive cyber defender that uses a cognitive security solution to increase the investigation readiness and reduce the attackers' untraceability, and a cyber attacker that wants to execute non-provable attacks with a low cost. The cognitive security solution takes its strategic decision, mainly based on its ability to make forensic experts able to differentiate between provable identifiable, provable non-identifiable, and non-provable attack scenarios, starting from the expected evidences to be generated. We study the behavior of the two strategic players, looking for a mixed Nash equilibrium during competition and computing the probabilities of attacking and defending. A simulation is conducted to prove the efficiency of the proposed model in terms of the mean percentage of gained security cost, the number of stepping stones that an attacker creates and the rate of defender false decisions compared to two different approaches.
2021-03-17
Haseeb, J., Mansoori, M., Welch, I..  2020.  A Measurement Study of IoT-Based Attacks Using IoT Kill Chain. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :557—567.

Manufacturing limitations, configuration and maintenance flaws associated with the Internet of Things (IoT) devices have resulted in an ever-expanding attack surface. Attackers exploit IoT devices to steal private information, take part in botnets, perform Denial of Service (DoS) attacks and use their resources for the mining of cryptocurrency. In this paper, we experimentally evaluate a hypothesis that attacks on IoT devices follow the generalised Cyber Kill Chain (CKC) model. We used a medium-interaction honeypot to capture and analyse more than 30,000 attacks targeting IoT devices. We classified the steps taken by the attackers using the CKC model and extended CKC to an IoT Kill Chain (IoTKC) model. The IoTKC provides details about IoT-specific attack characteristics and attackers' activities in the exploitation of IoT devices.

2021-03-15
Chowdhuryy, M. H. Islam, Liu, H., Yao, F..  2020.  BranchSpec: Information Leakage Attacks Exploiting Speculative Branch Instruction Executions. 2020 IEEE 38th International Conference on Computer Design (ICCD). :529–536.
Recent studies on attacks exploiting processor hardware vulnerabilities have raised significant concern for information security. Particularly, transient execution attacks such as Spectre augment microarchitectural side channels with speculative executions that lead to exfiltration of secretive data not intended to be accessed. Many prior works have demonstrated the manipulation of branch predictors for triggering speculative executions, and thereafter leaking sensitive information through processor microarchitectural components. In this paper, we present a new class of microarchitectural attack, called BranchSpec, that performs information leakage by exploiting state changes of branch predictors in speculative path. Our key observation is that, branch instruction executions in speculative path alter the states of branch pattern history, which are not restored even after the speculatively executed branches are eventually squashed. Unfortunately, this enables adversaries to harness branch predictors as the transmitting medium in transient execution attacks. More importantly, as compared to existing speculative attacks (e.g., Spectre), BranchSpec can take advantage of much simpler code patterns in victim's code base, making the impact of such exploitation potentially even more severe. To demonstrate this security vulnerability, we have implemented two variants of BranchSpec attacks: a side channel where a malicious spy process infers cross-boundary secrets via victim's speculatively executed nested branches, and a covert channel that communicates secrets through intentionally perturbing the branch pattern history structure via speculative branch executions. Our evaluation on Intel Skylake- and Coffee Lake-based processors reveals that these information leakage attacks are highly accurate and successful. To the best of our knowledge, this is the first work to reveal the information leakage threat due to speculative state update in branch predictor. Our studies further broaden the attack surface of processor microarchitecture, and highlight the needs for branch prediction mechanisms that are secure in transient executions.
2021-01-25
Yoon, S., Cho, J.-H., Kim, D. S., Moore, T. J., Free-Nelson, F., Lim, H..  2020.  Attack Graph-Based Moving Target Defense in Software-Defined Networks. IEEE Transactions on Network and Service Management. 17:1653–1668.
Moving target defense (MTD) has emerged as a proactive defense mechanism aiming to thwart a potential attacker. The key underlying idea of MTD is to increase uncertainty and confusion for attackers by changing the attack surface (i.e., system or network configurations) that can invalidate the intelligence collected by the attackers and interrupt attack execution; ultimately leading to attack failure. Recently, the significant advance of software-defined networking (SDN) technology has enabled several complex system operations to be highly flexible and robust; particularly in terms of programmability and controllability with the help of SDN controllers. Accordingly, many security operations have utilized this capability to be optimally deployed in a complex network using the SDN functionalities. In this paper, by leveraging the advanced SDN technology, we developed an attack graph-based MTD technique that shuffles a host's network configurations (e.g., MAC/IP/port addresses) based on its criticality, which is highly exploitable by attackers when the host is on the attack path(s). To this end, we developed a hierarchical attack graph model that provides a network's vulnerability and network topology, which can be utilized for the MTD shuffling decisions in selecting highly exploitable hosts in a given network, and determining the frequency of shuffling the hosts' network configurations. The MTD shuffling with a high priority on more exploitable, critical hosts contributes to providing adaptive, proactive, and affordable defense services aiming to minimize attack success probability with minimum MTD cost. We validated the out performance of the proposed MTD in attack success probability and MTD cost via both simulation and real SDN testbed experiments.
2020-11-23
Kumari, K. A., Sadasivam, G. S., Gowri, S. S., Akash, S. A., Radhika, E. G..  2018.  An Approach for End-to-End (E2E) Security of 5G Applications. 2018 IEEE 4th International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing, (HPSC) and IEEE International Conference on Intelligent Data and Security (IDS). :133–138.
As 5G transitions from an industrial vision to a tangible, next-generation mobile technology, security remains key business driver. Heterogeneous environment, new networking paradigms and novel use cases makes 5G vulnerable to new security threats. This in turn necessitates a flexible and dependable security mechanism. End-to-End (E2E) data protection provides better security, avoids repeated security operations like encryption/decryption and provides differentiated security based on the services. E2E security deals with authentication, integrity, key management and confidentiality. The attack surface of a 5G system is larger as 5G aims for a heterogeneous networked society. Hence attack resistance needs to be a design consideration when defining new 5G protocols. This framework has been designed for accessing the manifold applications with high security and trust by offering E2E security for various services. The proposed framework is evaluated based on computation complexity, communication complexity, attack resistance rate and security defensive rate. The protocol is also evaluated for correctness, and resistance against passive, active and dictionary attacks using random oracle model and Automated Validation of Internet Security Protocols and Applications (AVISPA) tool.
2020-08-28
Brewer, John N., Dimitoglou, George.  2019.  Evaluation of Attack Vectors and Risks in Automobiles and Road Infrastructure. 2019 International Conference on Computational Science and Computational Intelligence (CSCI). :84—89.

The evolution of smart automobiles and vehicles within the Internet of Things (IoT) - particularly as that evolution leads toward a proliferation of completely autonomous vehicles - has sparked considerable interest in the subject of vehicle/automotive security. While the attack surface is wide, there are patterns of exploitable vulnerabilities. In this study we reviewed, classified according to their attack surface and evaluated some of the common vehicle and infrastructure attack vectors identified in the literature. To remediate these attack vectors, specific technical recommendations have been provided as a way towards secure deployments of smart automobiles and transportation infrastructures.

Molesky, Mason J., Cameron, Elizabeth A..  2019.  Internet of Things: An Analysis and Proposal of White Worm Technology. 2019 IEEE International Conference on Consumer Electronics (ICCE). :1—4.

The quantity of Internet of Things (IoT) devices in the marketplace and lack of security is staggering. The interconnectedness of IoT devices has increased the attack surface for hackers. "White Worm" technology has the potential to combat infiltrating malware. Before white worm technology becomes viable, its capabilities must be constrained to specific devices and limited to non-harmful actions. This paper addresses the current problem, international research, and the conflicting interest of individuals, businesses, and governments regarding white worm technology. Proposed is a new perspective on utilizing white worm technology to protect the vulnerability of IoT devices, while overcoming its challenges.

Iqbal, Shahrear, Haque, Anwar, Zulkernine, Mohammad.  2019.  Towards a Security Architecture for Protecting Connected Vehicles from Malware. 2019 IEEE 89th Vehicular Technology Conference (VTC2019-Spring). :1—5.

Vehicles are becoming increasingly connected to the outside world. We can connect our devices to the vehicle's infotainment system and internet is being added as a functionality. Therefore, security is a major concern as the attack surface has become much larger than before. Consequently, attackers are creating malware that can infect vehicles and perform life-threatening activities. For example, a malware can compromise vehicle ECUs and cause unexpected consequences. Hence, ensuring the security of connected vehicle software and networks is extremely important to gain consumer confidence and foster the growth of this emerging market. In this paper, we propose a characterization of vehicle malware and a security architecture to protect vehicle from these malware. The architecture uses multiple computational platforms and makes use of the virtualization technique to limit the attack surface. There is a real-time operating system to control critical vehicle functionalities and multiple other operating systems for non-critical functionalities (infotainment, telematics, etc.). The security architecture also describes groups of components for the operating systems to prevent malicious activities and perform policing (monitor, detect, and control). We believe this work will help automakers guard their systems against malware and provide a clear guideline for future research.

Sguigna, Alan.  2019.  Mitigating JTAG as an Attack Surface. 2019 IEEE AUTOTESTCON. :1—7.

The Joint Test Action Group (JTAG) standards define test and debug architectures that are ingrained within much of today's commercial silicon. In particular, the IEEE Std. 1149.1 (Standard Test Access Port and Boundary Scan Architecture) forms the foundation of on-chip embedded instrumentation that is used extensively for everything from prototype board bring-up to firmware triage to field and depot system repair. More recently, JTAG is being used in-system as a hardware/firmware mechanism for Built-In Test (BIT), addressing No Fault Found (NFF) and materiel availability issues. Its power and efficacy are a direct outcome of being a ubiquitously available, embedded on-die instrument that is inherent in most electronic devices. While JTAG is indispensable for all aspects of test and debug, it suffers from a lack of inherent security. Unprotected, it can represent a security weakness, exposing a back-door vulnerability through which hackers can reverse engineer, extract sensitive data from, or disrupt systems. More explicitly, JTAG can be used to: - Read and write from system memory - Pause execution of firmware (by setting breakpoints) - Patch instructions or data in memory - Inject instructions directly into the pipeline of a target chip (without modifying memory) - Extract firmware (for reverse engineering/vulnerability research) - Execute private instructions to activate other engines within the chip As a low-level means of access to a powerful set of capabilities, the JTAG interface must be safeguarded against unauthorized intrusions and attacks. One method used to protect platforms against such attacks is to physically fuse off the JTAG Test Access Ports, either at the integrated circuit or the board level. But, given JTAG's utility, alternative approaches that allow for both security and debug have become available, especially if there is a hardware root of trust on the platform. These options include chip lock and key registers, challenge-response mechanisms, secure key systems, TDI/TDO encryption, and other authentication/authorization techniques. This paper reviews the options for safe access to JTAG-based debug and test embedded instrumentation.

Chen, Chien-An.  2019.  With Great Abstraction Comes Great Responsibility: Sealing the Microservices Attack Surface. 2019 IEEE Cybersecurity Development (SecDev). :144—144.

While the IT industry is embracing the cloud-native technologies, migrating from monolithic architecture to service-oriented architecture is not a trivial process. It involves a lot of dissection and abstraction. The layer of abstraction designed for simplifying the development quickly becomes the barrier of visibility and the source of misconfigurations. The complexity may give microservices a larger attack surface compared to monolithic applications. This talk presents a microservices threat modeling that uncovers the attack vectors hidden in each abstraction layer. Scenarios of security breaches in microservices platforms are discussed, followed by the countermeasures to close these attack vectors. Finally, a decision-making process for architecting secure microservices is presented.

Yee, George O.M..  2019.  Modeling and Reducing the Attack Surface in Software Systems. 2019 IEEE/ACM 11th International Workshop on Modelling in Software Engineering (MiSE). :55—62.

In today's world, software is ubiquitous and relied upon to perform many important and critical functions. Unfortunately, software is riddled with security vulnerabilities that invite exploitation. Attackers are particularly attracted to software systems that hold sensitive data with the goal of compromising the data. For such systems, this paper proposes a modeling method applied at design time to identify and reduce the attack surface, which arises due to the locations containing sensitive data within the software system and the accessibility of those locations to attackers. The method reduces the attack surface by changing the design so that the number of such locations is reduced. The method performs these changes on a graphical model of the software system. The changes are then considered for application to the design of the actual system to improve its security.

Yee, George O. M..  2019.  Attack Surface Identification and Reduction Model Applied in Scrum. 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security). :1—8.

Today's software is full of security vulnerabilities that invite attack. Attackers are especially drawn to software systems containing sensitive data. For such systems, this paper presents a modeling approach especially suited for Serum or other forms of agile development to identify and reduce the attack surface. The latter arises due to the locations containing sensitive data within the software system that are reachable by attackers. The approach reduces the attack surface by changing the design so that the number of such locations is reduced. The approach performs these changes on a visual model of the software system. The changes are then considered for application to the actual system to improve its security.

2020-08-24
Noor, Joseph, Ali-Eldin, Ahmed, Garcia, Luis, Rao, Chirag, Dasari, Venkat R., Ganesan, Deepak, Jalaian, Brian, Shenoy, Prashant, Srivastava, Mani.  2019.  The Case for Robust Adaptation: Autonomic Resource Management is a Vulnerability. MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM). :821–826.
Autonomic resource management for distributed edge computing systems provides an effective means of enabling dynamic placement and adaptation in the face of network changes, load dynamics, and failures. However, adaptation in-and-of-itself offers a side channel by which malicious entities can extract valuable information. An attacker can take advantage of autonomic resource management techniques to fool a system into misallocating resources and crippling applications. Using a few scenarios, we outline how attacks can be launched using partial knowledge of the resource management substrate - with as little as a single compromised node. We argue that any system that provides adaptation must consider resource management as an attack surface. As such, we propose ADAPT2, a framework that incorporates concepts taken from Moving-Target Defense and state estimation techniques to ensure correctness and obfuscate resource management, thereby protecting valuable system and application information from leaking.
Ulrich, Jacob J., Vaagensmith, Bjorn C., Rieger, Craig G., Welch, Justin J..  2019.  Software Defined Cyber-Physical Testbed for Analysis of Automated Cyber Responses for Power System Security. 2019 Resilience Week (RWS). 1:47–54.

As the power grid becomes more interconnected the attack surface increases and determining the causes of anomalies becomes more complex. Automated responses are a mechanism which can provide resilience in a power system by responding to anomalies. An automated response system can make intelligent decisions when paired with an automated health assessment system which includes a human in the loop for making critical decisions. Effective responses can be determined by developing a matrix which considers the likely impacts on resilience if a response is taken. A testbed assists to analyze these responses and determine their effects on system resilience.

2020-08-07
Davenport, Amanda, Shetty, Sachin.  2019.  Modeling Threat of Leaking Private Keys from Air-Gapped Blockchain Wallets. 2019 IEEE International Smart Cities Conference (ISC2). :9—13.

In this paper we consider the threat surface and security of air gapped wallet schemes for permissioned blockchains as preparation for a Markov based mathematical model, and quantify the risk associated with private key leakage. We identify existing threats to the wallet scheme and existing work done to both attack and secure the scheme. We provide an overview the proposed model and outline justification for our methods. We follow with next steps in our remaining work and the overarching goals and motivation for our methods.