Understanding and Exploiting Design Flaws of AMD Secure Encrypted Virtualization

Li, Mengyuan

29 September 2022

No description available.

Computer Science

Evaluation of a Generator Networked Control System in the Presence of Cyberattacks

Irwin, Robert

January 2017

With the advancement of technology, there has been a push to transition from the conventional electric grid to a smart grid. A smart grid is an electric delivery system that uses technology such as electronic sensors and digital communication networks to improve the reliability, resilience, and efficiency of the system. The transition toward a smart grid has increased the importance of networked control systems (NCS), which are the infrastructure that allows sensors, actuators and controllers to exchange information via a digital communication network. The research presents the development of an islanded generator NCS, and a grid connected NCS, and the investigation of the effects of cyberattacks on the NCS. This research considers two types of cyberattacks, such as Denial-of-Service (DoS) attack, and false data injection in the generator control loop. DoS attacks greatly increase the rate of packet loss and the duration of packet delay in a network. A high degree of packet drop and delay degrade the performance of the controller, which causes problems in the synchronization of the generator with the rest of the grid. False data injection in the sensors alters the generator terminal voltage and power output, and can cause the generator to lose synchronism. A mathematical model of the generator NCS systems is developed which includes the data acquisition and network characteristics, as well as the generator dynamics. The stability analysis of each NCS is performed which provides a mathematical approach to understanding the severity of cyberattacks that the system can tolerate before becoming unstable. The performance of the controllers, with respect to voltage control, is experimentally evaluated. / Educational Psychology

Electrical Engineering

Cyber-attacks

Microgrid

Networked Control Sytems

Denial of service detection using dynamic time warping

Diab, D.M., AsSadhan, B., Binsalleeh, H., Lambotharan, S., Kyriakopoulos, K.G., Ghafir, Ibrahim

18 April 2021

Yes / With the rapid growth of security threats in computer networks, the need for developing efficient security‐warning systems is substantially increasing. Distributed denial‐of‐service (DDoS) and DoS attacks are still among the most effective and dreadful attacks that require robust detection. In this work, we propose a new method to detect TCP DoS/DDoS attacks. Since analyzing network traffic is a promising approach, our proposed method utilizes network traffic by decomposing the TCP traffic into control and data planes and exploiting the dynamic time warping (DTW) algorithm for aligning these two planes with respect to the minimum Euclidean distance. By demonstrating that the distance between the control and data planes is considerably small for benign traffic, we exploit this characteristic for detecting attacks as outliers. An adaptive thresholding scheme is implemented by adjusting the value of the threshold in accordance with the local statistics of the median absolute deviation (MAD) of the distances between the two planes. We demonstrate the efficacy of the proposed method for detecting DoS/DDoS attacks by analyzing traffic data obtained from publicly available datasets. / The Deanship of Scientific Research, King Saud University. The Gulf Science, Innovation, and Knowledge Economy Programme of the U.K. Government

Denial of Service

Computer networks

DoS attacks

Dynamic time warping

Machine Learning for Botnet Detection: An Optimized Feature Selection Approach

Lefoane, Moemedi, Ghafir, Ibrahim, Kabir, Sohag, Awan, Irfan U.

05 April 2022

Yes / Technological advancements have been evolving for so long, particularly Internet of Things (IoT) technology that has seen an increase in the number of connected devices surpass non IoT connections. It has unlocked a lot of potential across different organisational settings from healthcare, transportation, smart cities etc. Unfortunately, these advancements also mean that cybercriminals are constantly seeking new ways of exploiting vulnerabilities for malicious and illegal activities. IoT is a technology that presents a golden opportunity for botnet attacks that take advantage of a large number of IoT devices and use them to launch more powerful and sophisticated attacks such as Distributed Denial of Service (DDoS) attacks. This calls for more research geared towards the detection and mitigation of botnet attacks in IoT systems. This paper proposes a feature selection approach that identifies and removes less influential features as part of botnet attack detection method. The feature selection is based on the frequency of occurrence of the value counts in each of the features with respect to total instances. The effectiveness of the proposed approach is tested and evaluated on a standard IoT dataset. The results reveal that the proposed feature selection approach has improved the performance of the botnet attack detection method, in terms of True Positive Rate (TPR) and False Positive Rate (FPR). The proposed methodology provides 100% TPR, 0% FPR and 99.9976% F-score.

Botnet detection

Machine learning

Cyber attacks

Internet of Things

Network security

Resilience In Arab American Couples in the Wake of the Terrorist Attacks on New York City: A Family Systems Perspective

Beitin, Ben K.

21 February 2003

This research explored how Arab American couples found the strength and resilience that empowered them to overcome the terrorist attacks of September 11th and the aftereffects that followed. Utilizing a family resiliency model grounded in systems theory and social constructionism, I interviewed 18 Arab American couples from the New York and New Jersey areas. I applied a phenomenological method of inquiry to gather the experiences of Arab American couples in order to understand the protective processes of resilience. Couples reported fear and caution because of incidents of threats and violence against Arabs in the United States. Some couples described incidents against them. Couples accessed a variety of resources to survive the aftereffect. These included coping skills developed during previous experiences of terror, American community support, determination, and religion. There were four major conclusions: resilient marriages, larger systems, process of identity, and religion: unify and identity. I discussed these conclusions in the context of the conceptual framework and made clinical and theoretical implications. / Ph. D.

resilience

terrorist attacks

Arab

September 11

couple

family therapy

Group treatment of nonclinical panic attacks in late adolescence: a comparison of education/support and cognitive-behavioral approaches

Mattis, Sara Golden

02 October 2007

Nonclinical panic attacks have been defined as "panic reported by individuals not seeking treatment" (Norton, Cox, & Malan, 1992). The purpose of this study was to assess the prevalence of nonclinical panic attacks and associated symptomatology in a university sample of 576 late adolescents (ages 18-19), and to compare the effectiveness of two group treatments [Education/Support (ES) and Cognitive-Behavioral (CBT)] and a self-monitoring Waitlist (WL) condition in reducing the frequency and severity of nonclinical panic attacks, daily anxiety, and associated symptomatology. Nonpanickers (71.4% of the sample) reported no history of panic on the Panic Attack Questionnaire (PAQ; Cox, Norton, & Swinson, 1992). Past Panickers (16.5%) reported at least one panic attack prior to the past month. Recent Panickers (12.2%) reported at least one panic attack in the past month. Recent Panickers evidenced higher levels of trait anxiety, state anxiety, and depression, with a trend toward higher levels of anxiety sensitivity and internal negative attributions, relative to both Past Panickers and Nonpanickers, who did not differ. Thirty-four Recent Panickers were randomly assigned to the WL, ES, or CBT conditions. The entire sample, regardless of condition, showed a reduction in frequency of panic attacks, as well as their associated symptoms and cognitions, severity of daily anxiety, and three measures of general psychopathology (Le., depression, trait anxiety, and state anxiety). However, both active treatment groups were superior to the waitlist in producing improvement in panic-related self-efficacy, avoidance, and anxiety sensitivity. There was evidence that ES was slightly more effective than CBT in improving panicrelated self-efficacy, while CBT was somewhat more effective in reducing avoidance. Finally, while both treatment conditions combined fared significantly better than the waidist in producing high endstate functioning, assessed via a constellation of variables conceptually related to panic (i.e., panic-free status, high panic-related self-efficacy, low avoidance, low anxiety sensitivity), ES appeared most effective in promoting high ends tate functioning at Post-Treatment and Follow-Up (two months following treatment). Implications of these findings for the treatment of nonclinical panic attacks in late adolescence are discussed. / Ph. D.

panic attacks

group treatment

late adolescence

LD5655.V856 1997.M388

A Qualitative Study on the Experiences of Therapists who Have Been Threatened with Harm or Attacked by a Client or a Relative of a Client During the Course of Treatment in a Non-Residential Setting

Wolverton, Katherine Gray

06 May 2015

This qualitative study used a phenomenological approach to understand the experience of six therapists who had been threatened with harm or attacked by a client or a relative of a client in an outpatient setting. Semi-structured interviews were employed to collect data which were then analyzed using thematic coding. While some of the results of this study are consistent with existing literature on attacks on clinicians in acute inpatient settings, many of the study findings suggest that the experiences of therapists working in an outpatient setting who are threatened by a client or a relative of client are unique to that setting. Clinical implications are discussed. / Master of Science

client threats

client violence

dangerous clients

client aggression

client attacks

Children's cognitive responses to the symptoms of panic

Mattis, Sara Golden

18 August 2009

The purpose of this study was to examine children's cognitive interpretations of the physiological symptoms of panic. Children from grades 3, 6, and 9 imagined experiencing the physical symptoms of panic and reported their attributions for these symptoms. Conceptions of common illnesses and panic attacks were assessed. It was hypothesized that girls would make more internal, catastrophic (I/C) attributions to the symptoms of panic than would boys, and that older children would make more I/C attributions relative to younger children. These hypotheses were based on the suggestion that notions of external causality characterize the cognitions of younger children (Nelles & Barlow, 1988), and that girls tend to report higher levels of anxiety and fear relative to boys (Ollendick, King, & Frary, 1989; Ollendick, Yule, & Ollier, 1991). It was also suggested that older children would display more mature conceptions of illness than younger children, and that girls would be more advanced in their understanding of illness than would boys. No differences were predicted between children's level of understanding common illnesses and panic attacks (Nelles & Barlow, 1988). Finally, the contribution of several individual factors to children's cognitive interpretations was investigated. No significant grade or gender differences were found for tendency to make I/C attributions. While no gender differences were evident, a significant main effect for grade was found for conceptions of illness, and understanding of panic attacks was more advanced relative to common illnesses. Finally, internal attributional style in response to negative outcomes and anxiety sensitivity were significant predictors of tendency to make I/C attributions. The relevance of these findings to understanding children's cognitive interpretations of panic symptomatology are discussed. / Master of Science

LD5655.V855 1993.M288

Child psychology

Cognition in children

Panic attacks

Program Anomaly Detection Against Data-Oriented Attacks

Cheng, Long

29 August 2018

Memory-corruption vulnerability is one of the most common attack vectors used to compromise computer systems. Such vulnerabilities could lead to serious security problems and would remain an unsolved problem for a long time. Existing memory corruption attacks can be broadly classified into two categories: i) control-flow attacks and ii) data-oriented attacks. Though data-oriented attacks are known for a long time, the threats have not been adequately addressed due to the fact that most previous defense mechanisms focus on preventing control-flow exploits. As launching a control-flow attack becomes increasingly difficult due to many deployed defenses against control-flow hijacking, data-oriented attacks are considered an appealing attack technique for system compromise, including the emerging embedded control systems. To counter data-oriented attacks, mitigation techniques such as memory safety enforcement and data randomization can be applied in different stages over the course of an attack. However, attacks are still possible because currently deployed defenses can be bypassed. This dissertation explores the possibility of defeating data-oriented attacks through external monitoring using program anomaly detection techniques. I start with a systematization of current knowledge about exploitation techniques of data-oriented attacks and the applicable defense mechanisms. Then, I address three research problems in program anomaly detection against data-oriented attacks. First, I address the problem of securing control programs in Cyber-Physical Systems (CPS) against data-oriented attacks. I describe a new security methodology that leverages the event-driven nature in characterizing CPS control program behaviors. By enforcing runtime cyber-physical execution semantics, our method detects data-oriented exploits when physical events are inconsistent with the runtime program behaviors. Second, I present a statistical program behavior modeling framework for frequency anomaly detection, where frequency anomaly is the direct consequence of many non-control-data attacks. Specifically, I describe two statistical program behavior models, sFSA and sCFT, at different granularities. Our method combines the local and long-range models to improve the robustness against data-oriented attacks and significantly increase the difficulties that an attack bypasses the anomaly detection system. Third, I focus on defending against data-oriented programming (DOP) attacks using Intel Processor Trace (PT). DOP is a recently proposed advanced technique to construct expressive non-control data exploits. I first demystify the DOP exploitation technique and show its complexity and rich expressiveness. Then, I design and implement the DeDOP anomaly detection system, and demonstrate its detection capability against the real-world ProFTPd DOP attack. / Ph. D. / Memory-corruption vulnerability is one of the most common attack vectors used to compromise computer systems. Such vulnerabilities could lead to serious security problems and would remain an unsolved problem for a long time. This is because low-level memory-unsafe languages (e.g., C/C++) are still in use today for interoperability and speed performance purposes, and remain common sources of security vulnerabilities. Existing memory corruption attacks can be broadly classified into two categories: i) control-flow attacks that corrupt control data (e.g., return address or code pointer) in the memory space to divert the program’s control-flow; and ii) data-oriented attacks that target at manipulating non-control data to alter a program’s benign behaviors without violating its control-flow integrity. Though data-oriented attacks are known for a long time, the threats have not been adequately addressed due to the fact that most previous defense mechanisms focus on preventing control-flow exploits. As launching a control-flow attack becomes increasingly difficult due to many deployed defenses against control-flow hijacking, data-oriented attacks are considered an appealing attack technique for system compromise, including the emerging embedded control systems. To counter data-oriented attacks, mitigation techniques such as memory safety enforcement and data randomization can be applied in different stages over the course of an attack. However, attacks are still possible because currently deployed defenses can be bypassed. This dissertation explores the possibility of defeating data-oriented attacks through external monitoring using program anomaly detection techniques. I start with a systematization of current knowledge about exploitation techniques of data-oriented attacks and the applicable defense mechanisms. Then, I address three research problems in program anomaly detection against data-oriented attacks. First, I address the problem of securing control programs in Cyber-Physical Systems (CPS) against data-oriented attacks. The key idea is to detect subtle data-oriented exploits in CPS when physical events are inconsistent with the runtime program behaviors. Second, I present a statistical program behavior modeling framework for frequency anomaly detection, where frequency anomaly is often consequences of many non-control-data attacks. Our method combines the local and long-range models to improve the robustness against data-oriented attacks and significantly increase the difficulties that an attack bypasses the anomaly detection system. Third, I focus on defending against data-oriented programming (DOP) attacks using Intel Processor Trace (PT). I design and implement the DEDOP anomaly detection system, and demonstrate its detection capability against the real-world DOP attack.

Program Anomaly Detection

Data-Oriented Attacks

Cyber-Physical Systems

Detecting Electromagnetic Injection Attack on FPGAs Using In Situ Timing Sensors

Gujar, Surabhi Satyajit

29 August 2018

Nowadays, security is one of the foremost concerns as the confidence in a system is mostly dependent on its ability to protect itself against any attack. The area of Electromagnetic Fault Injection (EMFI) wherein attackers can use electromagnetic (EM) pulses to induce faults has started garnering increasing attention. It became crucial to understand EM attacks and find the best countermeasures. In this race to find countermeasures, different researchers proposed their ideas regarding the generation of EM attacks and their detection. However, it is difficult to see a universal agreement on the nature of these attacks. In this work, we take a closer look at the analysis of the primary EMFI fault models suggested earlier. Initial studies had shown that EM glitches caused timing violations, but recently it was proposed that EM attacks can create bit sets and bit resets. We performed a detailed experimental evaluation of the existing detection schemes on two different FPGA platforms. We present their comparative design analysis concerning their accuracy, precision, and cost. We propose an in situ timing sensor to overcome the disadvantages of the previously proposed detection approaches. This sensor can successfully detect most of the electromagnetic injected faults with high precision. We observed that the EM attack behaves like a localized timing attack in FPGAs which can be identified using the in situ timing sensors. / MS / When computers are built only for a specific application, they are called embedded systems. Over the past decade, there has been an incredible increase in the number of embedded systems around us. Right from washing machines to electronic locks, we can see embedded systems in almost every aspect of our lives. There is an increasing integration of embedded systems in applications such as cars and buildings with the advent of smart technologies. Due to our heavy reliance on such devices, it is vital to protect them against intentional attacks. Apart from the software attacks, it is possible for an attacker to disrupt or control the functioning of a system by physically attacking its hardware using various techniques. We look at one such technique that uses electromagnetic pulses to create faults in a system. We experimentally evaluate two of the previously suggested methods to detect electromagnetic injection attacks. We present a new sensor for this detection which we believe is more effective than the previously discussed detection schemes.

Hardware Security

Field programmable gate arrays

Electromagnetic Injection

Fault Attacks