Visible to the public NCSU SoS Lablet Quarterly Executive SummaryConflict Detection Enabled

Submitted by najmeri on Tue, 06/25/2019 - 10:57pm

A. Fundamental Research
High level report of result or partial result that helped move security science forward-- In most cases it should point to a "hard problem". These are the most important research accomplishments of the Lablet in the previous quarter.

We continued to produce science of security outcomes. The following are the major contributions from Lablet projects.

  • We experimentally showed that aggregated learning yields gains over individual behavior learning in terms of accuracy and detection lead time in 70% of tested container exploits.
  • We expanded our datasets and analysis of security smells in Infrastructure as Code scripts to accommodate two additional languages (Ansible and Chef) and developed a tool (Security Linter for Infrastructure as Code) for identifying security smells to help practitioners discover and eliminate such smells.
  • We analyzed the ZigBee specification to extract a finite state machine of the interactions between an end-device, controller, and router, and identified several potential design vulnerabilities and corresponding exploits in ZigBee.
  • We studied the Payment Card Industry Data Security Standard (PCI-DSS) for credit card processing and identified six restrictions and coded the associated  static program analysis checks in a prototype tool that identifies misuses in Android applications that ask users for credit card information.

B. Community Engagement(s)
Research interaction in the community including workshops, seminars, competitions, etc.

Five members of the NC State Lablet attended HotSoS in Nashville.

We brought up the Science of Security in a variety of fora, including

  • Presentations at and discussions with colleagues at academic conferences.
  • A summit held at NC State on Cybersecurity for Manufacturing.
  • Review meeting of TU Darmstadt's CROSSING project, whose advisory board we serve on.

C. Educational Advances
Impact to courses or curriculum at your school or elsewhere that indicates an increased training or rigor in security research.

We participated in regional and national collegiate penetration testing competitions.

Groups: