NCSU SoS Lablet Quarterly Executive Summary
A. Fundamental Research
High level report of result or partial result that helped move security science forward-- In most cases it should point to a "hard problem". These are the most important research accomplishments of the Lablet in the previous quarter.
We continued to produce science of security outcomes. The following are the major contributions from Lablet projects.
-
We completed the creation of a tool that evaluates the Android SDKs for payment providers against OWASP's mobile application security verification standard (MASVS). Our study of 50 payment SDKs identified pervasive security weaknesses. We contacted the payment providers and submitted a paper to an academic conference for peer-review.
-
To improve the external validity and acceptance of our guidelines for scientific reporting, we began engaging with non-lablet researchers through interviews.
-
We redid our approach for mining app reviews to identify rogue apps; we relabeled the data to remove errors and retrained the models. Our revised model produces improved performance: 91.78% recall of rogue apps at an F1 score of 83.22%.
B. Community Engagement(s)
Research interaction in the community including workshops, seminars, competitions, etc.
We brought up the Science of Security in a variety of fora, including discussions with non-lablet colleagues locally and at other universities.
We interviewed seven cyber security experts (not part of the Science of Security community) for their views on scientific reporting of security research
C. Educational Advances
Impact to courses or curriculum at your school or elsewhere that indicates an increased training or rigor in security research.
We involved two female undergraduate students in our research.
- NCSU
- Coordinated Machine Learning-Based Vulnerability & Security Patching for Resilient Virtual Computing Infrastructure
- Development of Methodology Guidelines for Security Research
- Predicting the Difficulty of Compromise through How Attackers Discover Vulnerabilities
- Principles of Secure BootStrapping for IoT
- Reasoning about Accidental and Malicious Misuse via Formal Methods
- 2022: April