A FRAMEWORK FOR THE SOFTWARE SECURITY ANALYSIS OF MOBILEPOWER SYSTEMS

Yung Han Yoon (10732161)

05 May 2021

Mobile devices have become increasingly ubiquitous as they serve many important functions in our daily lives. However, there is not much research on remote threats to the battery and power systems of these mobile devices. The consequences of a successful attack on the power system of a mobile device can range from being a general nuisance, financial harm, to loss of life if emergency communications were interrupted. Despite the relative abundance of work on implementing chemical and physical safety systems for battery cells and power systems, remote cyber threats against a mobile battery system have not been as well studied. This work created a framework aimed at auditing the power systems of mobile devices and validated the framework by implementing it in a case study on an Android device. The framework applied software auditing techniques to both the power system and operating system of a mobile device in a case study to discover possible vulnerabilities which could be used to exploit the power system. Lessons learned from the case study are then used to improve, revise, and discuss the limitations of the framework when put in practice. The effectiveness of the proposed framework was discovered to be limited by the availability of appropriate tools to conduct vulnerability assessments.<br>

Computer System Security

software audit

mobile battery system

vulnerability analysis approach

framework

Android Security

A Machine Learning Approach for Uniform Intrusion Detection

Saurabh Devulapalli (11167824)

23 July 2021

Intrusion Detection Systems are vital for computer networks as they protect against attacks that lead to privacy breaches and data leaks. Over the years, researchers have formulated intrusion detection systems (IDS) using machine learning and/or deep learning to detect network anomalies and identify four main attacks namely, Denial of Service (DoS), Probe, Remote to Local (R2L) and User to Root (U2R). However, the existing models are efficient in detecting just few of the aforementioned attacks while having inadequate detection rates for the rest. This deficiency makes it difficult to choose an appropriate IDS model when a user does not know what attacks to expect. Thus, there is a need for an IDS model that can detect, with uniform efficiency, all the four main classes of network intrusions. This research is aimed at exploring a machine learning approach to an intrusion detection model that can detect DoS, Probe, R2L and U2R attack classes with uniform and high efficiency. A multilayer perceptron was trained in an ensemble with J48 decision tree. The resultant ensemble learning model achieved over 85% detection rates for each of DoS, probe, R2L, and U2R attacks.

Pattern Recognition and Data Mining

Computer System Security

Machine Learning

Intrusion Detection

Modeling Rational Adversaries: Predicting Behavior and Developing Deterrents

Benjamin D Harsha (11186139)

26 July 2021

In the field of cybersecurity, it is often not possible to construct systems that are resistant to all attacks. For example, even a well-designed password authentication system will be vulnerable to password cracking attacks because users tend to select low-entropy passwords. In the field of cryptography, we often model attackers as powerful and malicious and say that a system is broken if any such attacker can violate the desired security properties. While this approach is useful in some settings, such a high bar is unachievable in many security applications e.g., password authentication. However, even when the system is imperfectly secure, it may be possible to deter a rational attacker who seeks to maximize their utility. In particular, if a rational adversary finds that the cost of running an attack is higher than their expected rewards, they will not run that particular attack. In this dissertation we argue in support of the following statement: Modeling adversaries as rational actors can be used to better model the security of imperfect systems and develop stronger defenses. We present several results in support of this thesis. First, we develop models for the behavior of rational adversaries in the context of password cracking and quantum key-recovery attacks. These models allow us to quantify the damage caused by password breaches, quantify the damage caused by (widespread) password length leakage, and identify imperfectly secure settings where a rational adversary is unlikely to run any attacks i.e. quantum key-recovery attacks. Second, we develop several tools to deter rational attackers by ensuring the utility-optimizing attack is either less severe or nonexistent. Specifically, we develop tools that increase the cost of offline password cracking attacks by strengthening password hashing algorithms, strategically signaling user password strength, and using dedicated Application-Specific Integrated Circuits (ASICs) to store passwords.

Computation Theory and Mathematics

Computer System Security

rational adversary

cryptography

passwords

password security

password cracking

USER ATTRIBUTION IN DIGITAL FORENSICS THROUGH MODELING KEYSTROKE AND MOUSE USAGE DATA USING XGBOOST

Shruti Gupta (12112488)

20 April 2022

<p>The increase in the use of digital devices, has vastly increased the amount of data used and consequently, has increased the availability and relevance of digital evidence. Typically, digital evidence helps to establish the identity of an offender by identifying the username or the user account logged into the device at the time of offense. Investigating officers need to establish the link between that user and an actual person. This is difficult in the case of computers that are shared or compromised. Also, the increasing amount of data in digital investigations necessitates the use of advanced data analysis approaches like machine learning, while keeping pace with the constantly evolving techniques. It also requires reporting on known error rates for these advanced techniques. There have been several research studies exploring the use of behavioral biometrics to support this user attribution in digital forensics. However, the use of the state-of-the-art XGBoost algorithm, hasn’t been explored yet. This study builds on previously conducted research by modeling user interaction using the XGBoost algorithm, based on features related to keystroke and mouse usage, and verifying the performance for user attribution. With an F1 score and Area Under the Receiver Operating Curve (AUROC) of .95, the algorithm successfully attributes the user event to the right user. The XGBoost model also outperforms other classifiers based on algorithms such as Support Vector Machines (SVM), Boosted SVM and Random Forest.</p>

Computer System Security

Computer-Human Interaction

digital forensics

user attribution

behavioral biometrics

USING TEMPORAL NETWORKS TO FIND THE INFLUENCER NODE OF THE BUGGY SITES IN THE CODE COMMUNITIES

Kanwardeep Singh Walia (12091133)

14 April 2022

<p>The cyber-attacks have increased, and with everything going digital, data theft has become a significant issue. This raises an alarm on the security of the source code. Sometimes, to release products early, the security of the code is compromised. Static analysis tools can help in finding possible security issues. Identifying and fixing the security issues may overwhelm the software developers. This process of "fixing" the errors or securing the code may take a lot of time, and the product may be released before all the errors are fixed. But these vulnerabilities in the source code may cost millions of dollars in case of a data breach. It is important to fix the security issues in the source code before releasing the product. This leads to the question of how to fix errors quickly so products can be rolled out with fewer security issues? A possible solution is to use temporal networks to find the influencer nodes in the source code. If these influencer variables are fixed, the connected security issues depending on the influencer in the community (functions) will also get fixed. The research question of the study: Can we identify the influencer node of the buggy site in the source code using temporal networks (K-tool) if the buggy sites present in the source code are identified using static analysis? The study also aims to know if it is faster to find the influencer node using the K-tool than the betweenness centrality algorithm. This research is an "Applied research" and will target the code written in C programming language. Possible vulnerabilities that can be fixed include "Integer Overflow", "Out of bounds", and "Buffer overflow." In the future, we plan to extend to other errors such as "Improper input validation." In this research, we will discuss how we can find the influencer node of the vulnerability (buggy site) in the source code after running the static analysis. Fixing this influencer node will fix the remaining errors pointed out by the static analysis. This will help in reducing the number of fixes to be done in the source code so that the product can be rolled out faster with less security issues.</p> <p><br></p>

Computer System Security

static analysis

influencers

nodes

C language

betweenness centrality

bugs

security

important nodes

INVESTIGATING ESCAPE VULNERABILITIES IN CONTAINER RUNTIMES

Michael J Reeves (10797462)

14 May 2021

Container adoption has exploded in recent years with over 92% of companies using containers as part of their cloud infrastructure. This explosion is partly due to the easy orchestration and lightweight operations of containers compared to traditional virtual machines. As container adoption increases, servers hosting containers become more attractive targets for adversaries looking to gain control of a container to steal trade secrets, exfiltrate customer data, or hijack hardware for cryptocurrency mining. To control a container host, an adversary can exploit a vulnerability that enables them to escape from the container onto the host. This kind of attack is termed a “container escape” because the adversary is able to execute code on the host from within the isolated container. The vulnerabilities which allow container escape exploits originate from three main sources: (1) container profile misconfiguration, (2) the host’s Linux kernel, and (3) the container runtime. While the first two cases have been studied in the literature, to the best of the author’s knowledge, there is, at present, no work that investigates the impact of container runtime vulnerabilities. To fill this gap, a survey over container runtime vulnerabilities was conducted investigating 59 CVEs for 11 different container runtimes. As CVE data alone would limit the investigation analysis, the investigation focused on the 28 CVEs with publicly available proof of concept (PoC) exploits. To facilitate this analysis, each exploit was broken down into a series of high-level commands executed by the adversary called “steps”. Using the steps of each CVE’s corresponding exploit, a seven-class taxonomy of these 28 vulnerabilities was constructed revealing that 46% of the CVEs had a PoC exploit which enabled a container escape. Since container escapes were the most frequently occurring category, the nine corresponding PoC exploits were further analyzed to reveal that the underlying cause of these container escapes was a host component leaking into the container. This survey provides new insight into system vulnerabilities exposed by container runtimes thereby informing the direction of future research.

Applied Computer Science

Computer System Security

containers

Container Runtime,

Security

vulnerability survey

CVE survey

Blockchain-Based Security Framework for the Internet of Things and Home Networks

Diego Miguel Mendez Mena (10711719)

27 April 2021

During recent years, attacks on Internet of Things (IoT) devices have grown significantly. Cyber criminals have been using compromised IoT machines to attack others, which include critical internet infrastructure systems. Latest attacks increase the urgency for the information security research community to develop new strategies and tools to safeguard vulnerable devices at any level. Millions of intelligent things are now part of home-based networks that are usually disregarded by solutions platforms, but not by malicious entities.<br>Therefore, the following document presents a comprehensive framework that aims to secure home-based networks, but also corporate and service provider ones. The proposed solution utilizes first-hand information from different actors from different levels to create a decentralized privacy-aware Cyber Threat Information (CTI) sharing network, capable of automate network responses by relying on the secure properties of the blockchain powered by the Ethereum algorithms.

Computer System Security

Internet of Things security

blockchain algorithm

network security technologies

network security system

Ethereum blockchain

Leveraging PLC Ladder Logic for Signature Based IDS Rule Generation

Richey, Drew Jackson

12 August 2016

Industrial Control Systems (ICS) play a critical part in our world’s economy, supply chain and critical infrastructure. Securing the various types of ICS is of the utmost importance and has been a focus of much research for the last several years. At the heart of many defense in depth strategies is the signature based intrusion detection system (IDS). The signatures that define an IDS determine the effectiveness of the system. Existing methods for IDS signature creation do not leverage the information contained within the PLC ladder logic file. The ladder logic file is a rich source of information about the PLC control system. This thesis describes a method for parsing PLC ladder logic to extract address register information, data types and usage that can be used to better define the normal operation of the control system which will allow for rules to be created to detect abnormal activity.

industrial control system security

intrusion detection system

signature based

ids

ladder logic

The DVL in the Details: Assessing Differences in Decoy, Victim, and Law Enforcement Chats with Online Sexual Predators

Tatiana Renae Ringenberg (11203656)

29 July 2021

Online sexual solicitors are individuals who deceptively earn the trust of minors online with the goal of eventual sexual gratification. Despite the prevalence of online solicitation, conversations in the domain are difficult to acquire due to the sensitive nature of the data. As a result, researchers studying online solicitors often study conversations between solicitors and decoys which are publicly available online. However, researchers have begun to believe such conversations are not representative of solicitor-victim conversations. Decoys and law enforcement are restricted in that they are unable to initiate contact, suggest meeting, or begin sexual conversations with an offender. Additionally decoys and law enforcement officers both have a goal of gathering evidence which means they often respond positively in contexts which would normally be considered awkward or inappropriate. Multiple researchers have suggested differences may exist between offender-victim and offender-decoy conversations and yet little research has sought to identify the differences and similarities between those talking to solicitors. In this study, the author identifies differences between decoys, officers, and victims within the manipulative process used by online solicitors to entrap victims which is known as grooming. The author looks at differences which occur within grooming stages and strategies within the grooming stages. The research in this study has implications for the data choices of future researchers in this domain. Additionally, this research may be used to inform the training process of officers who will engage in online sex stings.

Information Systems

Natural Language Processing

Computer System Security

Online grooming

Child exploitation

Annotation

A Vulnerability Assessment of the East Tennessee State University Administrative Computer Network.

Ashe, James Patrick

01 May 2004

A three phase audit of East Tennessee State University's administrative computer network was conducted during Fall 2001, Spring 2002, and January 2004. Nmap and Nessus were used to collect the vulnerability data. Analysis discovered an average of 3.065 critical vulnerabilities per host with a low of 2.377 in Spring 2001 to a high of 3.694 in Fall 2001. The number of unpatched Windows operating system vulnerabilities, which accounted for over 75% of these critical vulnerabilities, strongly argues for the need of an automated patch deployment system for the approximately 3,000 Windows-based systems at ETSU.

network security

system security

security audit

nmap

nessus

Computer Sciences

Physical Sciences and Mathematics