Biblio

Rapid inspection and assessment of critical infrastructure after man-made and natural disasters is a matter of homeland security. The primary aim of this paper is to demonstrate the potential of leveraging small Unmanned Aircraft System (sUAS) in support of the rapid recovery of critical infrastructure in the aftermath of catastrophic events. We propose our data collection, detection and assessment system, using a sUAS equipped with a Lidar and a camera. This method provides a solution in fast post-disaster response and assists human responders in damage investigation.

Almost all commodity IT devices include firmware and software components from non-US suppliers, potentially introducing grave vulnerabilities to homeland security by enabling cyber-attacks via flaws injected into these devices through the supply chain. However, determining that a given device is free of any and all implementation flaws is computationally infeasible in the general case; hence a critical part of any vetting process is prioritizing what kinds of flaws are likely to enable potential adversary goals. We present Theseus, a four-year research project sponsored by the DARPA VET program. Theseus will provide technology to automatically map and explore the firmware/software (FW/SW) architecture of a commodity IT device and then generate attack scenarios for the device. From these device attack scenarios, Theseus then creates a prioritized checklist of FW/SW components to check for potential vulnerabilities. Theseus combines static program analysis, attack graph generation algorithms, and a Boolean satisfiability solver to automate the checklist generation workflow. We describe how Theseus exploits analogies between the commodity IT device problem and attack graph generation for networks. We also present a novel approach called Component Interaction Mapping to recover a formal model of a device's FW/SW architecture from which attack scenarios can be generated.