Visible to the public Biblio

Found 12055 results

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 
Kuo, J., Lal, A..  2017.  Wideband material detection for spoof resistance in GHz ultrasonic fingerprint sensing. 2017 IEEE International Ultrasonics Symposium (IUS). :1–1.
One of the primary motivations for using ultrasound reflectometry for fingerprint imaging is the promise of increased spoof resistance over conventional optical or capacitive sensing approaches due to the ability for ultrasound to determine the elastic impedance of the imaged material. A fake 3D printed plastic finger can therefore be easily distinguished from a real finger. However, ultrasonic sensors are still vulnerable to materials that are similar in impedance to tissue, such as water or rubber. Previously we demonstrated an ultrasonic fingerprint reader operating with 1.3GHz ultrasound based on pulse echo impedance imaging on the backside silicon interface. In this work, we utilize the large bandwidth of these sensors to differentiate between a finger and materials with similar impedances using the frequency response of elastic impedance obtained by transducer excitation with a wideband RF chirp signal. The reflected signal is a strong function of impedance mismatch and absorption [Hoople 2015].
Kang, Lei, Feeney, Andrew, Somerset, Will, Dixon, Steve.  2019.  Wideband Electromagnetic Dynamic Acoustic Transducer as a Standard Acoustic Source for Air-coupled Ultrasonic Sensors. 2019 IEEE International Ultrasonics Symposium (IUS). :2481–2484.
To experimentally study the characteristics of ultrasonic sensors, a wideband air-coupled ultrasonic transducer, wideband electromagnetic dynamic acoustic transducer (WEMDAT), is designed and fabricated. Characterisation methods, including electrical impedance analysis, laser Doppler vibrometry and pressure-field microphone measurement, are used to examine the performance of the WEMDAT, which have shown that the transducer has a wide bandwidth ranging approximately from 47 kHz to 145 kHz and a good directivity with a beam angle of around 20˚ with no evident side lobes. A 40 kHz commercial flexural ultrasonic transducer (FUT) is then taken as an example to receive ultrasonic waves in a pitch-catch configuration to evaluate the performance of the WEMDAT as an acoustic source. Experiment results have demonstrated that the WEMDAT can maintain the most of the frequency content of a 5 cycle 40 kHz tone burst electric signal and convert it into an ultrasonic wave for studying the dynamic characteristic and the directivity pattern of the ultrasonic receiver. A comparison of the dynamic characteristics between the transmitting and the receiving processes of the same FUT reveals that the FUT has a wider bandwidth when operating as an ultrasonic receiver than operating as a transmitter, which indicates that it is necessary to quantitatively investigate the receiving process of an ultrasonic transducer, demonstrating a huge potential of the WEMDAT serving as a standard acoustic source for ultrasonic sensors for various air-coupled ultrasonic applications.
Yogarathinam, A., Chaudhuri, N. R..  2019.  Wide-Area Damping Control Using Multiple DFIG-Based Wind Farms Under Stochastic Data Packet Dropouts. 2019 IEEE Power Energy Society General Meeting (PESGM). :1—1.
Data dropouts in communication network can have a significant impact on wide-area oscillation damping control of a smart power grid with large-scale deployment of distributed and networked phasor measurement units and wind energy resources. Remote feedback signals sent through communication channels encounter data dropout, which is represented by the Gilbert-Elliott model. An observer-driven reduced copy (ORC) approach is presented, which uses the knowledge of the nominal system dynamics during data dropouts to improve the damping performance where conventional feedback would suffer. An expression for the expectation of the bound on the error norm between the actual and the estimated states relating uncertainties in the cyber system due to data dropout and physical system due to change in operating conditions is also derived. The key contribution comes from the analytical derivation of the impact of coupling between the cyber and the physical layer on ORC performance. Monte Carlo simulation is performed to calculate the dispersion of the error bound. Nonlinear time-domain simulations demonstrate that the ORC produces significantly better performance compared to conventional feedback under higher data drop situations.
Grubbs, Paul, Ristenpart, Thomas, Shmatikov, Vitaly.  2017.  Why Your Encrypted Database Is Not Secure. Proceedings of the 16th Workshop on Hot Topics in Operating Systems. :162–168.
Encrypted databases, a popular approach to protecting data from compromised database management systems (DBMS's), use abstract threat models that capture neither realistic databases, nor realistic attack scenarios. In particular, the "snapshot attacker" model used to support the security claims for many encrypted databases does not reflect the information about past queries available in any snapshot attack on an actual DBMS. We demonstrate how this gap between theory and reality causes encrypted databases to fail to achieve their "provable security" guarantees.
Robert Zager, John Zager.  2016.  Why We Will Continue to Lose the Cyber War. Mad Scientist Conference 2016.

The United States is losing the cyberwar. We are losing the cyberwar because cyber defenses apply the wrong philosophy to the wrong operating environment. In order to be effective, future cyber defenses must be viewed in the context of an engagement between human adversaries.

Sarah Pearman, Shikun Zhang, Lujo Bauer, Nicolas Christin, Lorrie Cranor.  2019.  Why people (don't) use password managers effectively. Fifteenth USENIX Conference on Usable Privacy and Security SOUPS'19 . :319-338.

Security experts often recommend using password-management tools that both store passwords and generate random passwords. However, research indicates that only a small fraction of users use password managers with password generators. Past studies have explored factors in the adoption of password managers using surveys and online store reviews. Here we describe a semi-structured interview study with 30 participants that allows us to provide a more comprehensive picture of the mindsets underlying adoption and effective use of password managers and password-generation features. Our participants include users who use no password-specific tools at all, those who use password managers built into browsers or operating systems, and those who use separately installed password managers. Furthermore, past field data has indicated that users of built-in, browser-based password managers more often use weak and reused passwords than users of separate password managers that have password generation available by default. Our interviews suggest that users of built-in password managers may be driven more by convenience, while users of separately installed tools appear more driven by security. We advocate tailored designs for these two mentalities and provide actionable suggestions to induce effective password manager usage.

Koh, John S., Bellovin, Steven M., Nieh, Jason.  2019.  Why Joanie Can Encrypt: Easy Email Encryption with Easy Key Management. Proceedings of the Fourteenth EuroSys Conference 2019. :1–16.

Email privacy is of crucial importance. Existing email encryption approaches are comprehensive but seldom used due to their complexity and inconvenience. We take a new approach to simplify email encryption and improve its usability by implementing receiver-controlled encryption: newly received messages are transparently downloaded and encrypted to a locally-generated key; the original message is then replaced. To avoid the problem of moving a single private key between devices, we implement per-device key pairs: only public keys need be synchronized via a simple verification step. Compromising an email account or server only provides access to encrypted emails. We implemented this scheme on several platforms, showing it works with PGP and S/MIME, is compatible with widely used mail clients and email services including Gmail, has acceptable overhead, and that users consider it intuitive and easy to use.

Samira Tasharofi, University of Illinois at Urbana-Champaign, Peter Dinges, University of Illinois at Urbana-Champaign, Ralph E. Johnson, University of Illinois at Urbana-Champaign.  2013.  Why Do Scala Developers Mix the Actor Model with other Concurrency Models?

Mixing the actor model with other concurrency models in a single program can break the actor abstraction. This increases the chance of creating deadlocks and data races—two mistakes that are hard to make with actors. Furthermore, it prevents the use of many advanced testing, modeling, and verification tools for actors, as these require pure actor programs. This study is the first to point out the phenomenon of mixing concurrency models by Scala developers and to systematically identify the factors leading to it. We studied 15 large, mature, and actively maintained actor programs written in Scala and found that 80% of them mix the actor model with another concurrency model. Consequently, a large part of real-world actor programs does not use actors to their fullest advantage. Inspection of the programs and discussion with the developers reveal two reasons for mixing that can be influenced by researchers and library-builders: weaknesses in the actor library implementations, and shortcomings of the actor model itself.

Naiakshina, Alena, Danilova, Anastasia, Tiefenau, Christian, Herzog, Marco, Dechand, Sergej, Smith, Matthew.  2017.  Why Do Developers Get Password Storage Wrong?: A Qualitative Usability Study Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. :311–328.

Passwords are still a mainstay of various security systems, as well as the cause of many usability issues. For end-users, many of these issues have been studied extensively, highlighting problems and informing design decisions for better policies and motivating research into alternatives. However, end-users are not the only ones who have usability problems with passwords! Developers who are tasked with writing the code by which passwords are stored must do so securely. Yet history has shown that this complex task often fails due to human error with catastrophic results. While an end-user who selects a bad password can have dire consequences, the consequences of a developer who forgets to hash and salt a password database can lead to far larger problems. In this paper we present a first qualitative usability study with 20 computer science students to discover how developers deal with password storage and to inform research into aiding developers in the creation of secure password systems.

Shu, Junliang, Zhang, Yuanyuan, Li, Juanru, Li, Bodong, Gu, Dawu.  2017.  Why Data Deletion Fails? A Study on Deletion Flaws and Data Remanence in Android Systems ACM Trans. Embed. Comput. Syst.. 16:61:1–61:22.

Smart mobile devices are becoming the main vessel of personal privacy information. While they carry valuable information, data erasure is somehow much more vulnerable than was predicted. The security mechanisms provided by the Android system are not flexible enough to thoroughly delete sensitive data. In addition to the weakness among several provided data-erasing and file-deleting mechanisms, we also target the Android OS design flaws in data erasure, and unveil that the design of the Android OS contradicts some secure data-erasure demands. We present the data-erasure flaws in three typical scenarios on mainstream Android devices, such as the data clearing flaw, application uninstallation flaw, and factory reset flaw. Some of these flaws are inherited data-deleting security issues from the Linux kernel, and some are new vulnerabilities in the Android system. Those scenarios reveal the data leak points in Android systems. Moreover, we reveal that the data remanence on the disk is rarely affected by the user’s daily operation, such as file deletion and app installation and uninstallation, by a real-world data deletion latency experiment. After one volunteer used the Android phone for 2 months, the data remanence amount was still considerable. Then, we proposed DataRaider for file recovering from disk fragments. It adopts a file-carving technique and is implemented as an automated sensitive information recovering framework. DataRaider is able to extract private data in a raw disk image without any file system information, and the recovery rate is considerably high in the four test Android phones. We propose some mitigation for data remanence issues, and give the users some suggestions on data protection in Android systems.

Pratanwanich, N., Lio, P..  2014.  Who Wrote This? Textual Modeling with Authorship Attribution in Big Data Data Mining Workshop (ICDMW), 2014 IEEE International Conference on. :645-652.

By representing large corpora with concise and meaningful elements, topic-based generative models aim to reduce the dimension and understand the content of documents. Those techniques originally analyze on words in the documents, but their extensions currently accommodate meta-data such as authorship information, which has been proved useful for textual modeling. The importance of learning authorship is to extract author interests and assign authors to anonymous texts. Author-Topic (AT) model, an unsupervised learning technique, successfully exploits authorship information to model both documents and author interests using topic representations. However, the AT model simplifies that each author has equal contribution on multiple-author documents. To overcome this limitation, we assumes that authors give different degrees of contributions on a document by using a Dirichlet distribution. This automatically transforms the unsupervised AT model to Supervised Author-Topic (SAT) model, which brings a novelty of authorship prediction on anonymous texts. The SAT model outperforms the AT model for identifying authors of documents written by either single authors or multiple authors with a better Receiver Operating Characteristic (ROC) curve and a significantly higher Area Under Curve (AUC). The SAT model not only achieves competitive performance to state-of-the-art techniques e.g. Random forests but also maintains the characteristics of the unsupervised models for information discovery i.e. Word distributions of topics, author interests, and author contributions.

Peck, Sarah Marie, Khan, Mohammad Maifi Hasan, Fahim, Md Abdullah Al, Coman, Emil N, Jensen, Theodore, Albayram, Yusuf.  2020.  Who Would Bob Blame? Factors in Blame Attribution in Cyberattacks Among the Non-Adopting Population in the Context of 2FA 2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC). :778–789.
This study focuses on identifying the factors contributing to a sense of personal responsibility that could improve understanding of insecure cybersecurity behavior and guide research toward more effective messaging targeting non-adopting populations. Towards that, we ran a 2(account type) x2(usage scenario) x2(message type) between-group study with 237 United States adult participants on Amazon MTurk, and investigated how the non-adopting population allocates blame, and under what circumstances they blame the end user among the parties who hold responsibility: the software companies holding data, the attackers exposing data, and others. We find users primarily hold service providers accountable for breaches but they feel the same companies should not enforce stronger security policies on users. Results indicate that people do hold end users accountable for their behavior in the event of a breach, especially when the users' behavior affects others. Implications of our findings in risk communication is discussed in the paper.
Sima, Mihai, Brisson, André.  2017.  Whitenoise encryption implementation with increased robustness to side-channel attacks. 2017 IEEE SmartWorld, Ubiquitous Intelligence Computing, Advanced Trusted Computed, Scalable Computing Communications, Cloud Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI). :1–4.
Two design techniques improve the robustness of Whitenoise encryption algorithm implementation to side-channel attacks based on dynamic and/or static power consumption. The first technique conceals the power consumption and has linear cost. The second technique randomizes the power consumption and has quadratic cost. These techniques are not mutually exclusive; their synergy provides a good robustness to power analysis attacks. Other circuit-level protection can be applied on top of the proposed techniques, opening the avenue for generating very robust implementations.
Kamilin, M. H. B., Yamaguchi, S..  2020.  White-Hat Worm Launcher Based on Deep Learning in Botnet Defense System. 2020 IEEE International Conference on Consumer Electronics - Asia (ICCE-Asia). :1—2.

This paper proposes a deep learning-based white-hat worm launcher in Botnet Defense System (BDS). BDS uses white-hat botnets to defend an IoT system against malicious botnets. White-hat worm launcher literally launches white-hat worms to create white-hat botnets according to the strategy decided by BDS. The proposed launcher learns with deep learning where is the white-hat worms' right place to successfully drive out malicious botnets. Given a system situation invaded by malicious botnets, it predicts a worms' placement by the learning result and launches them. We confirmed the effect of the proposed launcher through simulating evaluation.

Komargodski, Ilan, Naor, Moni, Yogev, Eylon.  2017.  White-Box vs. Black-Box Complexity of Search Problems: Ramsey and Graph Property Testing. 2017 IEEE 58th Annual Symposium on Foundations of Computer Science (FOCS). :622–632.
Ramsey theory assures us that in any graph there is a clique or independent set of a certain size, roughly logarithmic in the graph size. But how difficult is it to find the clique or independent set? If the graph is given explicitly, then it is possible to do so while examining a linear number of edges. If the graph is given by a black-box, where to figure out whether a certain edge exists the box should be queried, then a large number of queries must be issued. But what if one is given a program or circuit for computing the existence of an edge? This problem was raised by Buss and Goldberg and Papadimitriou in the context of TFNP, search problems with a guaranteed solution. We examine the relationship between black-box complexity and white-box complexity for search problems with guaranteed solution such as the above Ramsey problem. We show that under the assumption that collision resistant hash function exist (which follows from the hardness of problems such as factoring, discrete-log and learning with errors) the white-box Ramsey problem is hard and this is true even if one is looking for a much smaller clique or independent set than the theorem guarantees. In general, one cannot hope to translate all black-box hardness for TFNP into white-box hardness: we show this by adapting results concerning the random oracle methodology and the impossibility of instantiating it. Another model we consider is the succinct black-box, where there is a known upper bound on the size of the black-box (but no limit on the computation time). In this case we show that for all TFNP problems there is an upper bound on the number of queries proportional to the description size of the box times the solution size. On the other hand, for promise problems this is not the case. Finally, we consider the complexity of graph property testing in the white-box model. We show a property which is hard to test even when one is given the program for computing the graph. The hard property is whether the graph is a two-source extractor.
Liu, Zechao, Wang, Xuan, Cui, Lei, Jiang, Zoe L., Zhang, Chunkai.  2017.  White-box traceable dynamic attribute based encryption. 2017 International Conference on Security, Pattern Analysis, and Cybernetics (SPAC). :526–530.
Ciphertext policy attribute-based encryption (CP-ABE) is a promising technology that offers fine-grained access control over encrypted data. In a CP-ABE scheme, any user can decrypt the ciphertext using his secret key if his attributes satisfy the access policy embedded in the ciphertext. Since the same ciphertext can be decrypted by multiple users with their own keys, the malicious users may intentionally leak their decryption keys for financial profits. So how to trace the malicious users becomes an important issue in a CP-ABE scheme. In addition, from the practical point of view, users may leave the system due to resignation or dismissal. So user revocation is another hot issue that should be solved. In this paper, we propose a practical CP-ABE scheme. On the one hand, our scheme has the properties of traceability and large universe. On the other hand, our scheme can solve the dynamic issue of user revocation. The proposed scheme is proved selectively secure in the standard model.
Ning, Jianting, Cao, Zhenfu, Dong, Xiaolei, Wei, Lifei.  2018.  White-Box Traceable CP-ABE for Cloud Storage Service: How to Catch People Leaking Their Access Credentials Effectively. IEEE Transactions on Dependable and Secure Computing. 15:883–897.
Ciphertext-policy attribute-based encryption (CP-ABE) has been proposed to enable fine-grained access control on encrypted data for cloud storage service. In the context of CP-ABE, since the decryption privilege is shared by multiple users who have the same attributes, it is difficult to identify the original key owner when given an exposed key. This leaves the malicious cloud users a chance to leak their access credentials to outsourced data in clouds for profits without the risk of being caught, which severely damages data security. To address this problem, we add the property of traceability to the conventional CP-ABE. To catch people leaking their access credentials to outsourced data in clouds for profits effectively, in this paper, we first propose two kinds of non-interactive commitments for traitor tracing. Then we present a fully secure traceable CP-ABE system for cloud storage service from the proposed commitment. Our proposed commitments for traitor tracing may be of independent interest, as they are both pairing-friendly and homomorphic. We also provide extensive experimental results to confirm the feasibility and efficiency of the proposed solution.
Saha, Arunima, Srinivasan, Chungath.  2019.  White-Box Cryptography Based Data Encryption-Decryption Scheme for IoT Environment. 2019 5th International Conference on Advanced Computing Communication Systems (ICACCS). :637–641.

The economic progress of the Internet of Things (IoT) is phenomenal. Applications range from checking the alignment of some components during a manufacturing process, monitoring of transportation and pedestrian levels to enhance driving and walking path, remotely observing terminally ill patients by means of medical devices such as implanted devices and infusion pumps, and so on. To provide security, encrypting the data becomes an indispensable requirement, and symmetric encryptions algorithms are becoming a crucial implementation in the resource constrained environments. Typical symmetric encryption algorithms like Advanced Encryption Standard (AES) showcases an assumption that end points of communications are secured and that the encryption key being securely stored. However, devices might be physically unprotected, and attackers may have access to the memory while the data is still encrypted. It is essential to reserve the key in such a way that an attacker finds it hard to extract it. At present, techniques like White-Box cryptography has been utilized in these circumstances. But it has been reported that applying White-Box cryptography in IoT devices have resulted in other security issues like the adversary having access to the intermediate values, and the practical implementations leading to Code lifting attacks and differential attacks. In this paper, a solution is presented to overcome these problems by demonstrating the need of White-Box Cryptography to enhance the security by utilizing the cipher block chaining (CBC) mode.

Gotsman, Alexey, Lefort, Anatole, Chockler, Gregory.  2019.  White-Box Atomic Multicast. 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). :176–187.

Atomic multicast is a communication primitive that delivers messages to multiple groups of processes according to some total order, with each group receiving the projection of the total order onto messages addressed to it. To be scalable, atomic multicast needs to be genuine, meaning that only the destination processes of a message should participate in ordering it. In this paper we propose a novel genuine atomic multicast protocol that in the absence of failures takes as low as 3 message delays to deliver a message when no other messages are multicast concurrently to its destination groups, and 5 message delays in the presence of concurrency. This improves the latencies of both the fault-tolerant version of classical Skeen's multicast protocol (6 or 12 message delays, depending on concurrency) and its recent improvement by Coelho et al. (4 or 8 message delays). To achieve such low latencies, we depart from the typical way of guaranteeing fault-tolerance by replicating each group with Paxos. Instead, we weave Paxos and Skeen's protocol together into a single coherent protocol, exploiting opportunities for white-box optimisations. We experimentally demonstrate that the superior theoretical characteristics of our protocol are reflected in practical performance pay-offs.

Yu, Bong-yeol, Yang, Gyeongsik, Jin, Heesang, Yoo, Chuck.  2019.  White Visor: Support of White-Box Switch in SDN-Based Network Hypervisor. 2019 International Conference on Information Networking (ICOIN). :242–247.

Network virtualization is a fundamental technology for datacenters and upcoming wireless communications (e.g., 5G). It takes advantage of software-defined networking (SDN) that provides efficient network management by converting networking fabrics into SDN-capable devices. Moreover, white-box switches, which provide flexible and fast packet processing, are broadly deployed in commercial datacenters. A white-box switch requires a specific and restricted packet processing pipeline; however, to date, there has been no SDN-based network hypervisor that can support the pipeline of white-box switches. Therefore, in this paper, we propose WhiteVisor: a network hypervisor which can support the physical network composed of white-box switches. WhiteVisor converts a flow rule from the virtual network into a packet processing pipeline compatible with the white-box switch. We implement the prototype herein and show its feasibility and effectiveness with pipeline conversion and overhead.

Park, Shinjo, Shaik, Altaf, Borgaonkar, Ravishankar, Seifert, Jean-Pierre.  2016.  White Rabbit in Mobile: Effect of Unsecured Clock Source in Smartphones. Proceedings of the 6th Workshop on Security and Privacy in Smartphones and Mobile Devices. :13–21.

With its high penetration rate and relatively good clock accuracy, smartphones are replacing watches in several market segments. Modern smartphones have more than one clock source to complement each other: NITZ (Network Identity and Time Zone), NTP (Network Time Protocol), and GNSS (Global Navigation Satellite System) including GPS. NITZ information is delivered by the cellular core network, indicating the network name and clock information. NTP provides a facility to synchronize the clock with a time server. Among these clock sources, only NITZ and NTP are updated without user interaction, as location services require manual activation. In this paper, we analyze security aspects of these clock sources and their impact on security features of modern smartphones. In particular, we investigate NITZ and NTP procedures over cellular networks (2G, 3G and 4G) and Wi-Fi communication respectively. Furthermore, we analyze several European, Asian, and American cellular networks from NITZ perspective. We identify three classes of vulnerabilities: specification issues in a cellular protocol, configurational issues in cellular network deployments, and implementation issues in different mobile OS's. We demonstrate how an attacker with low cost setup can spoof NITZ and NTP messages to cause Denial of Service attacks. Finally, we propose methods for securely synchronizing the clock on smartphones.

Khorsandroo, Sajad, Tosun, Ali Saman.  2019.  White Box Analysis at the Service of Low Rate Saturation Attacks on Virtual SDN Data Plane. 2019 IEEE 44th LCN Symposium on Emerging Topics in Networking (LCN Symposium). :100—107.

Today's virtual switches not only support legacy network protocols and standard network management interfaces, but also become adapted to OpenFlow as a prevailing communication protocol. This makes them a core networking component of today's virtualized infrastructures which are able to handle sophisticated networking scenarios in a flexible and software-defined manner. At the same time, these virtual SDN data planes become high-value targets because a compromised switch is hard to detect while it affects all components of a virtualized/SDN-based environment.Most of the well known programmable virtual switches in the market are open source which makes them cost-effective and yet highly configurable options in any network infrastructure deployment. However, this comes at a cost which needs to be addressed. Accordingly, this paper raises an alarm on how attackers may leverage white box analysis of software switch functionalities to lunch effective low profile attacks against it. In particular, we practically present how attackers can systematically take advantage of static and dynamic code analysis techniques to lunch a low rate saturation attack on virtual SDN data plane in a cloud data center.

Baden, Mathis, Ferreira Torres, Christof, Fiz Pontiveros, Beltran Borja, State, Radu.  2019.  Whispering Botnet Command and Control Instructions. 2019 Crypto Valley Conference on Blockchain Technology (CVCBT). :77—81.
Botnets are responsible for many large scale attacks happening on the Internet. Their weak point, which is usually targeted to take down a botnet, is the command and control infrastructure: the foundation for the diffusion of the botmaster's instructions. Hence, botmasters employ stealthy communication methods to remain hidden and retain control of the botnet. Recent research has shown that blockchains can be leveraged for under the radar communication with bots, however these methods incur fees for transaction broadcasting. This paper discusses the use of a novel technology, Whisper, for command and control instruction dissemination. Whisper allows a botmaster to control bots at virtually zero cost, while providing a peer-to-peer communication infrastructure, as well as privacy and encryption as part of its dark communication strategy. It is therefore well suited for bidirectional botnet command and control operations, and creating a botnet that is very difficult to take down.
Rahman, Akond, Partho, Asif, Meder, David, Williams, Laurie.  2017.  Which Factors Influence Practitioners' Usage of Build Automation Tools? Proceedings of the 3rd International Workshop on Rapid Continuous Software Engineering. :20–26.

Even though build automation tools help to reduce errors and rapid releases of software changes, use of build automation tools is not widespread amongst software practitioners. Software practitioners perceive build automation tools as complex, which can hinder the adoption of these tools. How well founded such perception is, can be determined by systematic exploration of adoption factors that influence usage of build automation tools. The goal of this paper is to aid software practitioners in increasing their usage of build automation tools by identifying the adoption factors that influence usage of these tools. We conducted a survey to empirically identify the adoption factors that influence usage of build automation tools. We obtained survey responses from 268 software professionals who work at NestedApps, Red Hat, as well as contribute to open source software. We observe that adoption factors related to complexity do not have the strongest influence on usage of build automation tools. Instead, we observe compatibility-related adoption factors, such as adjustment with existing tools, and adjustment with practitioner's existing workflow, to have influence on usage of build automation tools with greater importance. Findings from our paper suggest that usage of build automation tools might increase if: build automation tools fit well with practitioners' existing workflow and tool usage; and usage of build automation tools are made more visible among practitioners' peers.

Mou, W., Ruocco, M., Zanatto, D., Cangelosi, A..  2020.  When Would You Trust a Robot? A Study on Trust and Theory of Mind in Human-Robot Interactions 2020 29th IEEE International Conference on Robot and Human Interactive Communication (RO-MAN). :956—962.

Trust is a critical issue in human-robot interactions (HRI) as it is the core of human desire to accept and use a non-human agent. Theory of Mind (ToM) has been defined as the ability to understand the beliefs and intentions of others that may differ from one's own. Evidences in psychology and HRI suggest that trust and ToM are interconnected and interdependent concepts, as the decision to trust another agent must depend on our own representation of this entity's actions, beliefs and intentions. However, very few works take ToM of the robot into consideration while studying trust in HRI. In this paper, we investigated whether the exposure to the ToM abilities of a robot could affect humans' trust towards the robot. To this end, participants played a Price Game with a humanoid robot (Pepper) that was presented having either low-level ToM or high-level ToM. Specifically, the participants were asked to accept the price evaluations on common objects presented by the robot. The willingness of the participants to change their own price judgement of the objects (i.e., accept the price the robot suggested) was used as the main measurement of the trust towards the robot. Our experimental results showed that robots possessing a high-level of ToM abilities were trusted more than the robots presented with low-level ToM skills.