Visible to the public NCSU SoS Lablet Quarterly Executive SummaryConflict Detection Enabled

Submitted by najmeri on Wed, 09/25/2019 - 2:28pm

A. Fundamental Research
High level report of result or partial result that helped move security science forward-- In most cases it should point to a "hard problem". These are the most important research accomplishments of the Lablet in the previous quarter.

We continued to produce science of security outcomes. The following are the major contributions from Lablet projects.

  • We refined our approaches for aggregated learning and application classification and now can achieve over 96% accuracy. We experimentally found that our attack type classification achieves 100% classification accuracy for all the attack types, tackling over 50 applications.
  • We completed analysis of the CPTC 2018 data set, logging over 400 events with 79 vulnerabilities. We classified each event logged with respect to the MITRE ATT&CK framework.
  • We identified weaknesses in the 4G and 5G cellular paging protocols and developed an enhanced protocol that can prevent attacks without incurring substantial overhead. In our analysis of Zigbee, we identified three security and privacy vulnerabilities in both protocol design and implementation, exploiting which an adversary can inject, modify, drop, and eavesdrop any Zigbee packet.
  • We completed the development of Cardpliance, our prototype tool, using which we identified 17 Android applications which misuse credit card information. We also developed a method based on analyzing app review text to identify deviations of an application from user expectations.
  • We conducted a workshop at the 2019 International Software Engineering Research Network (ISERN) meeting to gather feedback on the version 2 of the paper review rubric and started reaching out to potential interviewees to gauge interest in the rubric. 

B. Community Engagement(s)
Research interaction in the community including workshops, seminars, competitions, etc.

We brought up the Science of Security in a variety of fora, including

  • Presentations at and discussions with colleagues at academic conferences.
  • A workshop at the 2019 International Software Engineering Research Network (ISERN) meeting.

C. Educational Advances
Impact to courses or curriculum at your school or elsewhere that indicates an increased training or rigor in security research.

 

Groups: