Visible to the public NCSU SoS Lablet Quarterly Executive SummaryConflict Detection Enabled

Submitted by najmeri on Wed, 03/20/2019 - 3:58pm

A. Fundamental Research
High level report of result or partial result that helped move security science forward-- In most cases it should point to a "hard problem". These are the most important research accomplishments of the Lablet in the previous quarter.

The three funded projects continued to produce science of security outcomes. The following are their major contributions.

  • We refined our dynamic container vulnerability exploit detection system (changing the algorithm from SOM to autoencoder) and collected results over a set of real world exploits. Our initial results using a limited set of exploits show that our exploit detection has 100% detection rate and lower than 1% false alarms.
  • For secure bootstrapping of IoT, we analyzed Zigbee Light Link (ZLL) and Zigbee Home Automation (ZHA) protocols and tested devices belonging to Philips and Samsung Smartthings systems. For this, we set up a testbed with a universal software-defined radio peripheral (USRP) and open source ZigBee stacks. We performed previously-explored attacks against smart light to realize the vulnerabilities and the corresponding root causes.
  • Produced a dataset from a national collegiate penetration testing competition that includes 99 virtual machine images and logs of penetration attempts, alerts generated, and vulnerabilities discovered. 54 vulnerabilities were reported and scored in the competition, and we are constructing a timeline of events for each vulnerability report. These timelines are constructed using the MITRE ATT&CK framework. This dataset will enable research into metrics characterizing difficulty to compromise systems.

B. Community Engagement(s)
Research interaction in the community including workshops, seminars, competitions, etc.

Two members of the NC State Lablet participated in the quarterly meeting at ICSI at Berkeley.

We brought up the Science of Security in a variety of fora, including

  • Presentations at and discussions with colleagues at academic conferences.
  • Keynote and panel participation by two lablet members at the Triangle Cybersecurity on the Plant Floor workshop.
  • Interactions with industry organization, such as the GSM Association.

C. Educational Advances
Impact to courses or curriculum at your school or elsewhere that indicates an increased training or rigor in security research.

We are continuing to include Science of Security materials in our courses, including on attack surfaces and policy, and social computing.  We participated in regional and national collegiate penetration testing competitions.

Groups: