Visible to the public Biblio

Found 9989 results

Website
Robert Zager, John Zager.  2013.  Combat Identification in Cyberspace.

This article discusses how a system of Identification: Friend or Foe (IFF) can be implemented in email to make users less susceptible to phishing attacks.

Unpublished
Pradeep Murukannaiah, Jessica Staddon, Heather Lipford, Bart Knijnenburg.  2016.  PrIncipedia: A Privacy Incidents Encyclopedia. Privacy Law Scholars Conference.

A thorough understanding of society’s privacy incidents is of paramount importance for technical solutions, training/education, social research, and legal scholarship in privacy. The goal of the PrIncipedia project is to provide this understanding by developing the first comprehensive database of privacy incidents, enabling the exploration of a variety of privacy-related research questions. We provide a working definition of “privacy incident” and evidence that it meets end-user perceptions of privacy. We also provide semi-automated support for building the database through a learned classifier that detects news articles about privacy incidents.

[Anonymous].  2016.  PrIncipedia: A Privacy Incidents Encyclopedia. Privacy Law Scholars Conference.

A thorough understanding of society's privacy incidents  is of paramount importance for technical solutions, training/education, social research, and legal scholarship in privacy. The goal of the PrIncipedia project is to provide this understanding by developing the first comprehensive database of privacy incidents, enabling the exploration of a variety of privacy-related research questions. We provide a working definition of ``privacy incident'' and evidence that it meets end-user perceptions of privacy. We also provide semi-automated support for building the database through a learned classifier that detects news articles about privacy incidents.

Thesis
Wijesekera, Primal.  2018.  Contextual permission models for better privacy protection. Electronic Theses and Dissertations (ETDs) 2008+.

Despite corporate cyber intrusions attracting all the attention, privacy breaches that we, as ordinary users, should be worried about occur every day without any scrutiny. Smartphones, a household item, have inadvertently become a major enabler of privacy breaches. Smartphone platforms use permission systems to regulate access to sensitive resources. These permission systems, however, lack the ability to understand users’ privacy expectations leaving a significant gap between how permission models behave and how users would want the platform to protect their sensitive data. This dissertation provides an in-depth analysis of how users make privacy decisions in the context of Smartphones and how platforms can accommodate user’s privacy requirements systematically. We first performed a 36-person field study to quantify how often applications access protected resources when users are not expecting it. We found that when the application requesting the permission is running invisibly to the user, they are more likely to deny applications access to protected resources. At least 80% of our participants would have preferred to prevent at least one permission request. To explore the feasibility of predicting user’s privacy decisions based on their past decisions, we performed a longitudinal 131-person field study. Based on the data, we built a classifier to make privacy decisions on the user’s behalf by detecting when the context has changed and inferring privacy preferences based on the user’s past decisions. We showed that our approach can accurately predict users’ privacy decisions 96.8% of the time, which is an 80% reduction in error rate compared to current systems. Based on these findings, we developed a custom Android version with a contextually aware permission model. The new model guards resources based on user’s past decisions under similar contextual circumstances. We performed a 38-person field study to measure the efficiency and usability of the new permission model. Based on exit interviews and 5M data points, we found that the new system is effective in reducing the potential violations by 75%. Despite being significantly more restrictive over the default permission systems, participants did not find the new model to cause any usability issues in terms of application functionality.

Phuong Cao, University of Illinois at Urbana-Champaign.  2015.  An Experiement Using Factor Graph for Early Attack Detection. Computer Science.

This paper presents a factor graph based framework (namely AttackTagger) for high accuracy and preemptive detection of attacks. We use security logs on real-incidents that occurred over a six-year period at the National Center for Supercomputing Applications (NCSA) at the University of Illinois at Urbana-Champaign to evaluate AttackTagger. Our data consist of attacks that led directly to the target system being compromised, i.e., not detected in advance, either by the security analysts or by intrusion detection systems. AttackTagger detected 74 percent of attacks, a vast majority of them were detected before the system misuse. AttackTagger uncovered six hidden attacks that were not detected by security analysts.

Phuong Cao, University of Illinois at Urbana-Champaign.  2015.  An Experiment Using Factor Graph for Early Attack Detection. Computer Science.

This paper presents a factor graph based framework (namely AttackTagger)
for high accuracy and preemptive detection of attacks. We use security logs
on real-incidents that occurred over a six-year period at the National Cen-
ter for Supercomputing Applications (NCSA) at the University of Illinois at
Urbana-Champaign to evaluate AttackTagger. Our data consist of attacks
that led directly to the target system being compromised, i.e., not detected
in advance, either by the security analysts or by intrusion detection sys-
tems. AttackTagger detected 74 percent of attacks, a vast majority of them
were detected before the system misuse. AttackTagger uncovered six hidden
attacks that were not detected by security analysts.

Craig Buchanan, University of Illinois at Urbana-Champaign.  2014.  Simulation Debugging and Visualization in the Mobius Modeling Framework. Department of Electrical and Computer Engineering. M.S.

Large and complex models can be difficult to analyze using static analysis results from current tools, including the M¨obius modeling framework, which provides a powerful, formalism- independent, discrete-event simulator that outputs static results such as execution traces. The M¨obius Simulation Debugger and Visualization (MSDV) feature adds user interaction to running simulations to provide a more transparent view into the dynamics of the models under consideration. This thesis discusses the details of the design and implementation of this feature in the M¨obius modeling environment. Also, a case study is presented to demonstrate the new capabilities provided by the feature.

Report
Victor Heorhiadi, Michael K. Reiter, Vyas Sekar.  2015.  Accelerating the Development of Software-Defined Network Optimization Applications Using SOL.

Software-defined networking (SDN) can enable diverse network management applications such as traffic engineering, service chaining, network function outsourcing, and topology reconfiguration. Realizing the benefits of SDN for these applications, however, entails addressing complex network optimizations that are central to these problems. Unfortunately, such optimization problems require significant manual effort and expertise to express and non-trivial computation and/or carefully crafted heuristics to solve. Our vision is to simplify the deployment of SDN applications using general high-level abstractions for capturing optimization requirements from which we can efficiently generate optimal solutions. To this end, we present SOL, a framework that demonstrates that it is indeed possible to simultaneously achieve generality and efficiency. The insight underlying SOL is that SDN applications can be recast within a unifying path-based optimization abstraction, from which it efficiently generates near-optimal solutions, and device configurations to implement those solutions. We illustrate the generality of SOL by prototyping diverse and new applications. We show that SOL simplifies the development of SDN-based network optimization applications and provides comparable or better scalability than custom optimization solutions.

Nuthan Munaiah, Andrew Meneely, Benjamin Short, Ryan Wilson, Jordan Tice.  2016.  Are Intrusion Detection Studies Evaluated Consistently? A Systematic Literature Review :18.

Cyberinfrastructure is increasingly becoming target of a wide spectrum of attacks from Denial of
Service to large-scale defacement of the digital presence of an organization. Intrusion Detection System
(IDSs) provide administrators a defensive edge over intruders lodging such malicious attacks. However,
with the sheer number of different IDSs available, one has to objectively assess the capabilities of different
IDSs to select an IDS that meets specific organizational requirements. A prerequisite to enable such
an objective assessment is the implicit comparability of IDS literature. In this study, we review IDS
literature to understand the implicit comparability of IDS literature from the perspective of metrics
used in the empirical evaluation of the IDS. We identified 22 metrics commonly used in the empirical
evaluation of IDS and constructed search terms to retrieve papers that mention the metric. We manually
reviewed a sample of 495 papers and found 159 of them to be relevant. We then estimated the number
of relevant papers in the entire set of papers retrieved from IEEE. We found that, in the evaluation
of IDSs, multiple different metrics are used and the trade-off between metrics is rarely considered. In
a retrospective analysis of the IDS literature, we found the the evaluation criteria has been improving
over time, albeit marginally. The inconsistencies in the use of evaluation metrics may not enable direct
comparison of one IDS to another.

Zhenqi Huang, University of Illinois at Urbana-Champaign, Yu Wang, University of Illinois at Urbana-Champaign, Sayan Mitra, University of Illinois at Urbana-Champaign, Geir Dullerud, University of Illinois at Urbana-Champaign.  2015.  Controller Synthesis for Linear Time-varying Systems with Adversaries.

We present a controller synthesis algorithm for a discrete time reach-avoid problem in the presence of adversaries. Our model of the adversary captures typical malicious attacks en- visioned on cyber-physical systems such as sensor spoofing, controller corruption, and actuator intrusion. After formu- lating the problem in a general setting, we present a sound and complete algorithm for the case with linear dynamics and an adversary with a budget on the total L2-norm of its actions. The algorithm relies on a result from linear control theory that enables us to decompose and precisely compute the reachable states of the system in terms of a symbolic simulation of the adversary-free dynamics and the total uncertainty induced by the adversary. With this de- composition, the synthesis problem eliminates the universal quantifier on the adversary’s choices and the symbolic con- troller actions can be effectively solved using an SMT solver. The constraints induced by the adversary are computed by solving second-order cone programmings. The algorithm is later extended to synthesize state-dependent controller and to generate attacks for the adversary. We present prelimi- nary experimental results that show the effectiveness of this approach on several example problems.

Sean Smith, Dartmouth College, Ross Koppel, University of Pennsylvania, Jim Blythe, University of Southern California, Vijay Kothari, Dartmouth College.  2015.  Mismorphism: A Semiotic Model of Computer Security Circumvention.

In real world domains, from healthcare to power to finance, we deploy computer systems intended to streamline and improve the activities of human agents in the corresponding non-cyber worlds. However, talking to actual users (instead of just computer security experts) reveals endemic circumvention of the computer-embedded rules. Good-intentioned users, trying to get their jobs done, systematically work around security and other controls embedded in their IT systems.

This paper reports on our work compiling a large corpus of such incidents and developing a model based on semiotic triads to examine security circumvention. This model suggests that mismorphisms— mappings that fail to preserve structure—lie at the heart of circumvention scenarios; differential percep- tions and needs explain users’ actions. We support this claim with empirical data from the corpus.

Peter Dinges, University of Illinois at Urbana-Champaign, Gul Agha, University of Illinois at Urbana-Champaign.  2014.  Targeted Test Input Generation Using Symbolic-Concrete Backward Execution.

Knowing inputs that cover a specific branch or statement in a program is useful for debugging and regression testing. Symbolic backward execution (SBE) is a natural approach to find such targeted inputs. However, SBE struggles with complicated arithmetic, external method calls, and data-dependent loops that occur in many real-world programs. We propose symcretic execution, a novel combination of SBE and concrete forward execution that can efficiently find targeted inputs despite these challenges. An evaluation of our approach on a range of test cases shows that symcretic execution finds inputs in more cases than concolic testing tools while exploring fewer path segments. Integration of our approach will allow test generation tools to fill coverage gaps and static bug detectors to verify candidate bugs with concrete test cases. This is the full version of an extended abstract that was presented at the 29th IEEE/ACM International Conference on Automated Software Engineering (ASE 2014), September 15–19, 2014, Västerås, Sweden.

Nathan Malkin, Primal Wijesekera, Serge Egelman, David Wagner.  2018.  Use Case: Passively Listening Personal Assistants. Symposium on Applications of Contextual Integrity. :26-27.
Presentation
Mohammad Noureddine, University of Illinois at Urbana-Champaign, Masooda Bashir, University of Illinois at Urbana-Champaign, Ken Keefe, University of Illinois at Urbana-Champaign, Andrew Marturano, University of Illinois at Urbana-Champaign, William H. Sanders, University of Illinois at Urbana-Champaign.  2015.  Accounting for User Behavior in Predictive Cyber Security Models.

The human factor is often regarded as the weakest link in cybersecurity systems. The investigation of several security breaches reveals an important impact of human errors in exhibiting security vulnerabilities. Although security researchers have long observed the impact of human behavior, few improvements have been made in designing secure systems that are resilient to the uncertainties of the human element.

In this talk, we discuss several psychological theories that attempt to understand and influence the human behavior in the cyber world. Our goal is to use such theories in order to build predictive cyber security models that include the behavior of typical users, as well as system administrators. We then illustrate the importance of our approach by presenting a case study that incorporates models of human users. We analyze our preliminary results and discuss their challenges and our approaches to address them in the future.

Presented at the ITI Joint Trust and Security/Science of Security Seminar, October 20, 2016.

Giulia Fanti, University of Illinois at Urbana-Champaign.  2017.  Anonymity in the Bitcoin Peer-to-Peer Network.

Presented at NSA SoS Quarterly Meeting, February 2, 2017

[Anonymous].  2017.  Anonymity in the Bitcoin Peer-to-Peer Network.

Presented at ITI Joint Trust and Security/Science of Security Seminar, February 21, 2017.

Phuong Cao, University of Illinois at Urbana-Champaign.  2016.  Automated Generation of Attack Signatures in Attack Graphs.

In this talk, we investigate applications of Factor Graphs to automatically generate attack signatures from security logs and domain expert knowledge. We demonstrate advantages of Factor Graphs over traditional probabilistic graphical models such as Bayesian Networks and Markov Random Fields in modeling security attacks. We illustrate Factor Graphs models using case studies of real attacks observed in the wild and at the National Center for Supercomputing Applications. Finally, we investigate how factor functions, a core component of Factor Graphs, can be constructed automatically to potentially improve detection accuracy and allow generalization of trained Factor Graph models in a variety of systems.

Presentation for Information Trust Institute Joint Trust and Security/Science of Security Seminar at the University of Illinois at Urbana-Champaign on November 1, 2016.