Visible to the public Reasoning about Accidental and Malicious Misuse via Formal MethodsConflict Detection Enabled

Submitted by najmeri on Tue, 09/15/2020 - 12:51pm

PI(s), Co-PI(s), Researchers:

PI: Munindar Singh; Co-PIs: William Enck, Laurie Williams; Researchers: Hui Guo, Samin Yaseer Mahmud, Md Rayhanur Rahman, Vaibhav Garg

HARD PROBLEM(S) ADDRESSED
This refers to Hard Problems, released November 2012.

  • Policy

This project seeks to aid security analysts in identifying and protecting against accidental and malicious actions by users or software through automated reasoning on unified representations of user expectations and software implementations to identify misuses sensitive to usage and machine context.

PUBLICATIONS

Md Rayhanur Rahman, Rezvan Mahdavi-Hezaveh, and Laurie Williams, "A Literature Review on Mining Cyberthreat Intelligence from Unstructured Texts", Proc. 1st IEEE ICDM Workshop on Deep Learning for Cyber Threat Intelligence (DL-CTI), November, 2020, pages 1--10.

KEY HIGHLIGHTS

Each effort should submit one or two specific highlights. Each item should include a paragraph or two along with a citation if available. Write as if for the general reader of IEEE S&P.
The purpose of the highlights is to give our immediate sponsors a body of evidence that the funding they are providing (in the framework of the SoS lablet model) is delivering results that "more than justify" the investment they are making.

  • We continued our analysis of Payment Service Provider (PSP) application programming interfaces (APIs), developing models for analyzing the security of code in Software Development Toolkits (SDKs).

  • We completed a systematic literature review of research works on mining threat intelligence from unstructured textual data. Our literature review paper is accepted at the Deep Learning Cybrethreat Intelligence workshop at the International Conference on Data Mining.

  • We extended our scope from spying to unexpected information gathering (UIG) in mobile apps, and identified 124 UIG-enabling apps from our current dataset of apps. We identified an additional 131 UIG-enabling apps in a snowball fashion.

  • Healthcare professionals use mobile apps to store patient information and communicate with their patients, but not all such apps are HIPAA compliant. We started investigating HIPAA compliance of medical mobile apps on the Apple App Store. In a preliminary investigation, we identified 899 medical apps that were potentially relevant but did not mention HIPAA compliance in their descriptions. We are investigating these 899 medical apps further to determine their compliance with HIPAA.

COMMUNITY ENGAGEMENTS

EDUCATIONAL ADVANCES:

Groups: