NCSU SoS Lablet Quarterly Executive Summary

A. Fundamental Research
High level report of result or partial result that helped move security science forward-- In most cases it should point to a "hard problem". These are the most important research accomplishments of the Lablet in the previous quarter.

The three funded projects continued to produce science of security outcomes. The following are their major contributions.

• Collected vulnerability detection results based on established unsupervised machine learning tools, including the autoencoder neural network as a baseline.
• Analyzed recent open-source implementations of cryptographic primitives for IoT devices and discovering that semantic flaws in several implementations permit forging signatures without breaking the RSA algorithm.
• Produced a dataset from a national collegiate penetration testing competition that includes 99 virtual machine images and logs of penetration attempts, alerts generated, and vulnerabilities discovered. This dataset will enable research into metrics characterizing difficulty to compromise systems.

B. Community Engagement(s)
Research interaction in the community including workshops, seminars, competitions, etc.

Two members of the NC State Lablet participated in the quarterly meeting at CMU.

We brought up the Science of Security in a variety of fora, including

• Presentations at and discussions with colleagues at academic conferences
• Interactions with industry organization, such as the GSM Association

C. Educational Advances
Impact to courses or curriculum at your school or elsewhere that indicates an increased training or rigor in security research.

We are continuing to include Science of Security materials in our courses, including on attack surfaces and policy, and social computing. We interacted with a high-school student in West Lafayette to involve the student in our research. We participated in regional and national collegiate penetration testing competitions.