HotSoS 2017

file

Visible to the public Toward Effective Adoption of Security Practices

ABSTRACT

Security tools guide developers to identify potential vulnerabilities in their codes. However, use of security tool is not very common [2]. Sanctions are a way to enforce adoption of security practices. We address the research question of which sanctioning mechanism promotes adoption of security practices, and propose a simulation framework to explore sanctioning mechanisms [1] for greater adoption.

file

Visible to the public Semantic Similarity in Security Regulations

ABSTRACT

Security requirements for a product are often influenced by the federal, state, and local laws; organizational policies; and other regulations the product must comply with. Frequently, a single product must comply with multiple different regulatory documents which may or may not contain related statements. The goal of this research is to facilitate analysis of security regulations by automatically identifying relations between security regulations using natural language processing and machine learning.

file

Visible to the public Obsidian: A Safer Blockchain Programming Language

ABSTRACT

Blockchain platforms, such as Ethereum [1], promise to facilitate transactions on a decentralized computing platform among parties that have not established trust. Recognition of the unique challenges of blockchain programming has inspired developers to create domain-specific languages, such as Solidity [2], for programming blockchain systems. Unfortunately, bugs in Solidity programs have recently been exploited to steal money [3]. We propose a new programming language, Obsidian, that makes it easier for programmers to write correct programs.

file

Visible to the public No (Privacy) News is Good News: An Analysis of Privacy News in the U. S. and U. K. from 2010-2016

ABSTRACT

News is a popular and influential source

of privacy information, and so, an important information source to analyze towards understanding privacyrelated policy, product development and user perceptions.

We provide the first large-scale text mining of privacy news using nearly 1700 articles from the New York Times and the Guardian over the years 2010-2016.

Results of four independently-trained sentiment classifiers, show that New York Times privacy news is predominantly negative in sentiment, and more negative

file

Visible to the public Learning Factor Graphs for Preempting Multi-Stage Attacks in Cloud Infrastructure

ABSTRACT

for preempting multi-stage attacks in cloud infrastructure. We discuss methods for: i) learning parameters of multi-variate factor functions that capture relations among the events representing behavior of both a user and an attacker, and ii) construction of factor graphs to reason about an attack state with the purpose of preemptively detecting malicious activities. Our work is driven by real attacks reported in the wild.

file

Visible to the public Leading the Convoy: What Happens When They Know What They're Doing?

ABSTRACT

In an increasingly technological environment, security-critical and safety-critical situations often give a system operator information from both human and automated sources simultaneously.

This study was conducted to understand the personal characteristics and situational variables that affect reliance on human or automated decision aids, when the decision aids are in conflict.