Defense Notices

The Internet of Things platforms have been widely developed to better assist users to design, control, and monitor their smart home system. These platforms provide a programming interface and allows users to install a variety of IoT apps that published by third-party. As users could obtain the IoT apps from unvetted sources, a malicious app could be installed to perform unexpected behaviors that violating users’ security and safety, such as open the door when no motion detected. Additionally, prior research shows that due to the lack of access control mechanisms, even the benign IoT apps can cause severe security and safety risks by interact with each other in unanticipated ways. To address such threats, an improved access control system is needed to detect and monitor unexpected behaviors from IoT apps. In this paper, we provide a dynamic policy enforcement system for IoT that detects IoT behaviors and defines policies based on users’ expectation. The system relies on code analysis to identify single app behaviors and discover all potential cross-app interactions with configured devices. Discovered behaviors are displayed to users through app user interface and allow users to specify policy rules to restrict unwanted behaviors. Code instrumentation will be applied to guard apps actions and collect apps information at runtime. A policy enforcement module in the system will collect and enforce users specified policies at runtime by block actions that violate the policy. We implement the system with benign and malicious apps on SmartThings platform and shows that our system can effectively identify cross-app interactions and correctly enforce policy violations.

Auctioning of frequency bands to support growing demand for high bandwidth 5G communications is driving research into spectral cohabitation strategies for next generation radar systems. The loss of radio frequency (RF) spectrum once designated for radar operation is forcing radar systems to either learn how to coexist in these frequency spectrum bands, without causing mutual interference, or move to other bands of the spectrum, the latter being the more undesirable choice. Two methods of spectral cohabitation are proposed and presented in this work, each taking advantage of recent developments in random FM (RFM) waveforms, which have the advantage of never repeating. RFM waveforms are optimized to have favorable radar waveform properties while also readily incorporating agile spectral notches. The first method of spectral cohabitation uses these spectral notches to avoid narrow-band RF interference (RFI) in the form of other spectrum users residing in the same band as the radar system, allowing both to operate while minimizing mutual interference. The second method of spectral cohabitation uses spectral notches, along with an optimization procedure, to embed a communications signal into a dual-purpose radar/communications emission, allowing one waveform to serve both functions simultaneously. Preliminary simulation and open-air experimental results are shown which attest to the efficacy of these two methods of spectral cohabitation. Improvements are proposed to extend the capabilities of each method such that they can provide further utility to both radar and communications functions while minimizing any mutually included performance degradation.

The growth of IoT apps poses increasing concerns on sensitive data leaks. While privacy policies are required to describe how IoT apps use private user data (i.e., data practice), problems such as missing, inaccurate, and inconsistent policies have been repeatedly reported. Therefore, it is important to assess the actual data practice in IoT apps and identify the potential gaps between the actual data usage and the declared usages in the apps' privacy policies. In this work, we propose a framework called IoTPrivComp, which applies automated privacy policy and app code analysis of the IoT apps, to study the compliance gaps in IoT app practices and app privacy policies. We have collected 1,737 IoT apps from Play Store, and found that only 1,323 of them have English privacy policies available. We used IoTPrivComp to examine 411 apps that contain sensitive external data flows, and found compliance gaps in 312 (75.9%) of them. In addition, there are apps that do not have a privacy policy at all, while there is a significant number of apps that have undisclosed, inaccurately disclosed, and contradictorily disclosed data leaks. Out of the 43 data flows that involve health and wellness data, 34 (79.1%) flows were inconsistent with the disclosed practices in the app privacy policies.

Spectrum sensing and transmit waveform frequency notching is a form of cognitive radar that seeks to reduce mutual interference with other spectrum users in the same band. With the reality of increasing radio frequency (RF) spectral congestion, radar systems capable of dynamic spectrum sharing are needed. The cognitive sense-and-notch (SAN) emission strategy has recently been experimentally demonstrated as an effective way in which to reduce the interference a spectrum-sharing radar causes to other in-band users. The case of modifying transmit waveform frequency notch locations when another spectrum user moves in frequency during the radar's coherent processing interval is considered here. The physical radar emission is based on a recent random FM waveform possessing attributes that are inherently robust to sidelobes that otherwise arise for spectral notching. To contend with dynamic interference the transmit notch may be required to move during the coherent processing interval (CPI), which introduces a nonstationarity effect that results in increased residual clutter after cancellation. Here a new approach to compensate for this nonstationarity is proposed that borrows the missing portion of the clutter (due to notching) from another pulsed response for which the notch is in a different location.

Packets are transferred between nodes within a network. However, a packet can be dropped while trying to join the queue of a node it was routed to. In networking, this is referred to as packet loss. It can be caused by buffer scarcity in a congested network. Such phenomenon results in a reduced data rate and a delay increase due to packet retransmissions.

In this work, we propose an algorithm to perform load balancing on a network of queues via SDN to prevent packet loss. It implements a parameter K, based on the queues occupancy and traffic flow, to control an iterative packet redistribution process. In different experiments conducted on network models in which the queues varied in number, size and occupancy, our algorithm outperformed a load balancer using the Round-Robin technique.

Unmanned aerial vehicles (UAVs) and autonomous vehicles are becoming more ubiquitous than ever before. From medical to delivery drones, to space exploration rovers and self-driving taxi services, these vehicles are starting to play a prominent role in society as well as in our day to day lives.

 Efficient computation and communication strategies are paramount to the effective functioning of these vehicles. Mobile Edge Computing (MEC) is an innovative network technology that enables resource-constrained devices - such as UAVs and autonomous vehicles - to offload computationally intensive tasks to a nearby MEC server. Moreover, vehicles such as self-driving cars must reliably and securely relay and receive latency-sensitive information to improve traffic safety. Extensive research performed on vehicle to vehicle (V2V) and vehicle to everything (V2X) communication indicates that they will both be further enhanced by the widespread usage of 5G technology.

 We consider two relevant problems in mobile edge computing for unmanned vehicles. The first problem was to satisfy resource-constrained UAV's need for a resource-efficient offloading policy. To that end, we implemented both a computation and an energy consumption model and trained a DQN agent that seeks to maximize task completion and minimize energy consumption. The second problem was establishing communication between two autonomous vehicles and between an autonomous vehicle and an MEC server. To accomplish this goal, we experimented by leveraging an autonomous vehicle's server to send and receive custom messages in real time. These experiments will serve as a stepping stone towards enabling mobile edge computing and device-to-device communication and computation.

Binary analysis is difficult, as most of semantic and syntactic information available at source-level gets lost during the compilation process. If the binary is stripped and/ or optimized, then it negatively affects the efficacy of binary analysis frameworks. Moreover, handwritten assembly, obfuscation, excessive indirect calls or jumps, etc. further degrade their accuracy. Thus, it is important to investigate and assess the challenges to improve the binary analysis. One way of doing that is by studying security techniques implemented at binary-level.

In this dissertation we propose to implement existing compiler-level techniques for binary executables and thereby evaluate how does the loss of information at binary-level affect the performance of existing compiler-level techniques in terms of both efficiency and effectiveness.

With the increased adoption of machine learning algorithms across many different fields, powerful computing platforms have become necessary to meet their computational needs. Multicore platforms are a popular choice due to their ability to provide greater computing capabilities and still meet the different size, weight, and power (SWaP) constraints. As a result, multicore systems are also being employed at an increasing rate. However, contention for hardware resources between the multiple cores is a significant challenge as it can lead to interference and unpredictable timing behaviors. Furthermore, this contention can be intentionally induced by malicious actors with the specific goals of inhibiting system performance and increasing the execution time of safety-critical tasks. This is done by performing Denial-of-Service (DoS) attacks that target shared resources in order to prevent other cores from accessing them. When done properly, these DoS attacks can have significant impacts to performance and can threaten system safety. For example, we find that DoS attacks can cause >300X slowdown on the popular Raspberry Pi 3 embedded platform. Due to the inherent risks, it is vital that we discover and understand the mechanisms through which shared resource contention can occur and develop solutions that mitigate or prevent the potential impacts.

In this work, we investigate and evaluate shared resource contention on multicore platforms and the impacts it can have on the performance of real-time tasks. Leveraging this contention, we propose various Denial-of-Service attacks that each target different shared resources in the memory hierarchy with the goal of causing as much slowdown as possible. We show that each attack can inflict significant temporal slowdowns to victim tasks on target platforms by exploiting different hardware and software mechanisms. We then develop and analyze techniques for providing shared resource isolation and temporal performance guarantees for safety-critical tasks running on multicore platforms. In particular, we find that bandwidth throttling mechanisms are effective solutions against many DoS attacks and can protect the performance of real-time victim tasks.

One of the biggest challenges in nutrient management in corn (Zea mays) production is determining the amount of plant-available nitrogen (N) that will be supplied to the crop by the soil. Measuring a soil’s N-supplying power is quite difficult and approximations are often used in-lieu of intensive soil testing. This can lead to under/over-fertilization of crops, and in turn increased risk of crop N-deficiencies or environmental degradation. In this paper, we propose a deep learning algorithm to predict the inorganic-N content of the soil on a given day of the growing season. Since the historic data for inorganic nitrogen (IN) is scarce, deep learning has not yet been implemented in predicting fertilizer content. To overcome this hurdle, Generative Adversarial Network (GAN) is used to produce synthetic IN data and is trained using offline simulation data from the Decision Support System for Agrotechnology Transfer (DSSAT). Additionally, the time-series prediction problem is solved using long-short term memory (LSTM) neural networks. This model proves to be economical as it gives an estimate without the need for comprehensive soil testing, overcomes the issue of limited available data, and the accuracy makes it reliable for use.

Convolutional Neural Networks (CNNs) have significantly improved the performance on various computer vision tasks such as image recognition and segmentation based on their rich representation power. To enhance the performance of CNN, a self-attention module is embedded after each layer in the network. Recently proposed Transformer-based models achieve outstanding performance by employing a multi-head self-attention module as the main building block. However, several challenges still need to be addressed, such as (1) focusing only on class-specified limited channels in CNN; (2) limited respective field in the local transformer; and (3) addition of redundant features and lack of multi-scale features in U-Net type segmentation architecture.

In our work, we propose new strategies to address these issues. First, we propose a novel channel-based self-attention module to diversify the focus more on the discriminative and significant channels, and the module can be embedded at the end of any backbone network for image classification. Second, to limit the noise added by the shallow layers of an encoder in U-Net type architecture, we replaced the skip connections with the Adaptive Global Context Module (AGCM). In addition, we introduced the Semantic Feature Enhancement Module (SFEM) for multi-scale feature enhancement in polyp segmentation. Third, we propose a Multi-scaled Overlapped Attention (MOA) mechanism in the local transformer-based network for image classification to establish the long-range dependencies and initiate the neighborhood window communication.