Poster

Data-centric architectures are a candidate for in-vehicle communication. They add naming standardization, data provenance, security, and improve interoperability between different ECUs and networks. In this demo, We demonstrate the feasibility and advantages of data-centric architectures through named Data Networking (NDN). We deploy a bench-top testbed using Raspberry PIs to demonstrate NDNs value in a segmented network. We replay real CAN data over a CAN hat to NDN gateways and demonstrate how that data can be forwarded between segments using NDN.

The Dark Web is infamous for abetting criminal activity by providing some level of anonymity for its users through the use of the Tor Network. The sale of banned substances, weapons, and illegal services is frequent on the dark web, creating a significant problem for law enforcement at every level. To combat this issue, we have developed DREAD: a Dark Web search engine designed to identify banned substances, weapons, and illicit activity on the Dark Web.

Cloud systems have been widely adopted in many real world production applications. Thus, security vulnerabilities in those cloud systems can cause serious widespread impact. Although previous intrusion detection systems can detect security attacks, understanding the underlying software defects that cause those security vulnerabilities is little studied. In this work, we conduct a systematic study over 109 software security vulnerabilities in 13 popular cloud server systems.

Modern software makes extensive use of third-party open source packages and libraries, referred to as dependencies ^[12]. However, the use of open source has opened up new attack vectors, as malicious or vulnerable code can sneak into a software through these third-party dependencies ^[11]. Further, practitioners recommend keeping dependencies up to date with the latest version ^[1], resulting in developers to keep pulling in new code through frequent dependency updates ^[4], often automatically and without a security review ^[10].

The development of a science is an iterative and systematic process that requires rigor and validity both in the conduct of the research and the reporting of the research. Using input from the SoSL community, we developed a set of guidelines describing the information a research report should contain to maximize the contribution of the work and to facilitate the development of a science of security. Then, to gather feedback on the usability of the guidelines, we hosted a workshop at the SoSL Fall quarterly meeting where participants applied the guidelines to their own papers.