NCSU SoS Lablet Quarterly Executive Summary
A. Fundamental Research
High level report of result or partial result that helped move security science forward-- In most cases it should point to a "hard problem". These are the most important research accomplishments of the Lablet in the previous quarter.
We continued to produce science of security outcomes. The following are the major contributions from Lablet projects.
- We designed and implemented runtime targeted patching techniques by extracting exploit signatures for different vulnerabilities and performing targeted patching for the detected vulnerabilties. Results show that we can timely detect and classify 78% of the attacks before they succeed in exploiting the tested vulnerabitiies.
- We have collected 9 terabytes and over a billion events from CPTC 2019 Regionals and CPTC 2019 Nationals. Having been more involved with the instrumentation this time, we have an even better look at what attackers are doing in a controlled, competition environment. We are currently adapting our CPTC 2018 observations to queries so that we can extract timelines even faster for the 2019 data set.
- We designed an enhanced bootstrapping protocol that prevents a wide range of attacks. Our investigation has uncovered a number of critical security and privacy issues in the connection establishment (also known as the 'joining') procedure of Zigbee protocol. To mitigate these issues, we have designed and implemented an enhanced connection establishment procedure. In this solution, we leverage the existing installation code mechanism to use it as public-key cryptography and combine it with the Elliptic-Curve Diffie-Hellman (ECDH) mechanism to ensure better security and privacy guarantees.
- Through manual collection and examination of app reviews that describe spying activities with apps, we have determined the necessity of considering app reviews for identifying apps that can aid spying, either explicitly or through misuses. Based on this understanding, we began developing a computational framework for spotting such apps, in which we first identify apps that can potentially be misused for spying based on their metadata (e.g., their descriptions and permissions), collect their reviews, and determine their spying capability based on user-reported stories.
B. Community Engagement(s)
Research interaction in the community including workshops, seminars, competitions, etc.
We brought up the Science of Security in a variety of fora, including
- Presentations at and discussions with colleagues at academic conferences.
C. Educational Advances
Impact to courses or curriculum at your school or elsewhere that indicates an increased training or rigor in security research.
Groups:
- Approved by NSA
- NCSU
- Coordinated Machine Learning-Based Vulnerability & Security Patching for Resilient Virtual Computing Infrastructure
- Development of Methodology Guidelines for Security Research
- Predicting the Difficulty of Compromise through How Attackers Discover Vulnerabilities
- Principles of Secure BootStrapping for IoT
- Reasoning about Accidental and Malicious Misuse via Formal Methods
- 2020: January