Defense Notices

During remote attestation, a relying party prompts a target to perform some stateful measurement which can be appraised to determine trust in the target's system. In this current framework, requested measurement operations must be provisioned by a knowledgeable system user who may fail to consider situational demands which potentially impact the desired measurement. To solve this problem, we introduce negotiation: a framework that allows the target and relying party to mutually determine an attestation protocol that satisfies both the target's need to protect sensitive information and the relying party's desire for a comprehensive measurement. We designed and verified this negotiation procedure such that for all negotiations, we can provably produce an executable protocol that satisfies the targets privacy standards. With the remainder of this work, we aim to realize and instantiate protocol orderings ensuring negotiation produces a protocol sufficient for the relying party. All progress is towards our ultimate goal of producing a working, fully verified negotiation scheme which will be integrated into our current attestation framework for flexible, end-to-end attestations.

Information retrieval system plays an important role in the modern era in retrieving relevant information from a large collection of data, such as documents, webpages, and other multimedia content. Having an information retrieval system in any domain allows users to collect relevant information. Unfortunately, navigating a modern-day recipe website presents the audience with numerous recipes in a colorful user interface but with very little capability to search and narrow down your content based on your specific interests. The goal of the project is to develop a search engine for recipes using standard TF-IDF weighting and to improve the performance of the standard IR by implementing term proximity. The approach used to calculate term proximity in this project is a hybrid approach, a combination of span-based and pair-based approaches. The project architecture includes a crawler, a database, an API, a service responsible for TF-IDF weighting and term proximity calculation, and a web application to present the search results. 

The control-flow graph (CFG) is a graphical representation of the program and holds information that is critical to the correct application of many other program analysis, performance optimization, and software security algorithms and techniques. While CFG generation is an ordinary task for source-level tools, like the compiler, the loss of high-level program information makes accurate CFG recovery a challenging issue for binary-level software reverse engineering (SRE) tools. Earlier research has shown that while advanced SRE tools can precisely reconstruct most of the CFG for the programs, important gaps and inaccuracies remain that may hamper critical tasks, from vulnerability and malicious code detection to adequately securing software binaries.

In this paper, we study three reverse engineering tools - angr, radare2 and Ghidra and perform an in-depth analysis of control-flow graphs generated by these tools. We develop a unique methodology using manual analysis and automated scripting to understand and categorize the CFG errors over a large benchmark set. Of the several interesting observations revealed by this work, one that is particularly unexpected is that most errors in the reconstructed CFGs appear to not be intrinsic limitations of the binary-level algorithms, as currently believed, and may be simply eliminated by more robust implementations. We expect our work to lead to more accurate CFG reconstruction in SRE tools and improved precision for other algorithms that employ CFGs.

Security Operations Centers (SOCs) are central components of modern enterprise networks. Organizations in industry, government, and academia deploy SOCs to manage their networks, defend against cyber threats, and maintain regulatory compliance. For reporting, SOC leadership typically use metrics such as “number of security incidents”, “mean time to remediation/ticket closure”, and “risk analysis” to name a few. However, these commonly leveraged metrics may not necessarily reflect the effectiveness of a SOC and its supporting tools.

To better understand these environments, we employ ethnographic approaches (e.g., participant observation) and embed a graduate student (a.k.a., field worker) in a real-world SOC. As the field worker worked in-person, alongside SOC employees and recorded observations on technological tools, employees and culture, COVID-19's work-from-home (WFH) phenomena occurred. In response, this dissertation traces and analyzes the SOC's effort to adapt and reprioritize. By intersecting historical analysis (starting in the 1970s) and ethnographic field notes (analyzed 352 field notes across 1,000+ hours in a SOC over 34 months) whilst complementing with quantitative interviews (covering 7 other SOCs), we find additional causal forces that, for decades, have pushed SOC network management toward endpoints.

Although endpoint management is not a novel concept to SOCs, COVID-19's WFH phenomena highlighted the need for flexible, supportive, and customizable metrics. As such, we develop a sociotechnical metrics framework with these qualities in mind and limit the scope to a core SOC function: alert handling. With a similar ethnographic approach (participant observation paired with semi-structured interviews covering 15 SOC employees across 10 SOCs), we develop the framework's foundation by analyzing and capturing the alert handling process (a.k.a., alert triage). This process demonstrates the significance of not only technical expertise (e.g., data exfiltration, command and control, etc.) but also the social characteristics (e.g., collaboration, communication, etc.). In fact, we point out the underlying presence and importance of expert judgment during alert triaging particularly during conclusion development.

In addition to the aforementioned qualities, our alert handling sociotechnical metrics framework aims to capture current gaps during the alert triage process that, if improved, could help SOC employees' effectiveness. With the focus upon this process and the uncovered limitations SOCs usually face today during alert handling, we validate not only this flexibility of our framework but also the accuracy in a real-world SOC

Vertical velocity is the rate at which ice moves vertically within an ice sheet, usually measured in meters per year. This movement can occur due to various factors, including accumulation, ice deformation, basal sliding, and subglacial melting. The measurement of vertical velocities within the ice sheet can assist in determining the age of the ice and assessing the rheology of the ice, thereby mitigating uncertainties due to analytical approximations of ice flow models.

We apply differential interferometric synthetic aperture radar (DInSAR) techniques to data from the Multichannel Coherent Radar Depth Sounder (MCoRDS) to measure the vertical displacement of englacial layers within an ice sheet. DInSAR’s accuracy is usually on the order of a small fraction of the wavelength (e.g., millimeter to centimeter precision is typical) in monitoring displacement along the radar line of sight (LOS). Ground-based Autonomous phase-sensitive Radio-Echo Sounder (ApRES) units have demonstrated the ability to precisely measure the relative vertical velocity by taking multiple measurements from the same location on the ice. Airborne systems can make a similar measurement but can suffer from spatial baseline errors since it is generally impossible to fly over the same stretch of ice on each pass with enough precision to ignore the spatial baseline. In this work, we compensate for spatial baseline errors using precise trajectory information and estimates of the cross-track layer slope using direction of arrival estimation. The current DInSAR algorithm is applied to airborne radar depth sounder data to produce results for flights near Summit camp and the EGIG (Expéditions Glaciologiques Internationales au Groenland) line in Greenland using the CReSIS toolbox. The current approach estimates the baseline error in multiple steps. Each step has dependencies on all the values to be estimated. To overcome this drawback, we have implemented a maximum likelihood estimator that jointly estimates the vertical velocity, the cross-track internal layer slope, and the unknown baseline error due to GPS and INS (Inertial Navigation System) errors. We incorporate the Lliboutry parametric model for vertical velocity into the maximum likelihood estimator framework.

To improve the direction of arrival estimation, we explore the use of focusing matrices against other wideband direction of arrival methods, such as wideband MLE, wideband MUSIC, and wideband MVDR, by comparing the mean squared error of the DOA estimates.

Shifting trends in modern software engineering and cloud computing have pushed system designs to leverage containerization and develop their systems into microservice architectures. While microservice architectures emphasize scalability and ease-of-development, the issue of microservice explosion has emerged, stressing hosting environments and generating new challenges within this domain.  Service meshes, the latest in a series of developments, are being adopted to meet these needs. Service meshes provide separation of concerns between microservice development and the operational concerns of microservice deployments, such as service discovery and networking. However, despite the benefits provided by service meshes, the security demands of this domain are unmet by the current state-of-art offerings.

Through a series of experimental trials in a service mesh testbed, we demonstrate a need for improved security mechanisms in the state-of-art offerings of service meshes.  After deriving a series of domain-conscious recommendations to improve the longevity and flexibility of service meshes, we design and implement our proof-of-concept service mesh system ServiceWatch.  By leveraging a novel verification-in-the-loop scheme, we provide the capability for service meshes to provide holistic monitoring and management of the microservice deployments they host. Further, through frequent, automated rotations of security artifacts (keys, certificates, and tokens), we allow the service mesh to automatically isolate and remove microservices that violate the defined network policies of the service mesh, requiring no system administrator intervention. Extending this proof-of-concept environment, we design and implement a prototype workflow called CloudCover.  CloudCover incorporates our verification-in-the-loop scheme and leverages existing tools, allowing easy adoption of these novel security mechanisms into modern systems.  Under a realistic and relevant threat model, we show how our design choices and improvements are both necessary and beneficial to real-world deployments. By examining network packet captures, we provide a theoretical analysis of the scalability of these solutions in real-world networks.  We further extend these trials experimentally using an independently managed and operated cloud environment to demonstrate the practical scalability of our proposed designs to large-scale software systems. Our results indicate that the overhead introduced by ServiceWatch and CloudCover are acceptable for real-world deployments. Additionally, the security capabilities provided effectively mitigate threats present within these environments.

Although the Center for Remote Sensing of Ice Sheets (CReSIS) performs several radar calibration steps to produce Operation IceBridge (OIB) radar depth sounder data products, these datasets are not radiometrically calibrated and the swath array processing uses ideal (rather than measured [calibrated]) steering vectors. Any errors in the steering vectors, which describe the response of the radar as a function of arrival angle, will lead to errors in positioning and backscatter that subsequently affect estimates of basal conditions, ice thickness, and radar attenuation. Scientific applications that estimate physical characteristics of surface and subsurface targets from the backscatter are limited with the current data because it is not absolutely calibrated. Moreover, changes in instrument hardware and processing methods for OIB over the last decade affect the quality of inter-seasonal comparisons. Recent methods which interpret basal conditions and calculate radar attenuation using CReSIS OIB 2D radar depth sounder echograms are forced to use relative scattering power, rather than absolute methods.

As an active target calibration is not possible for past field seasons, a method that uses natural targets will be developed. Unsaturated natural target returns from smooth sea-ice leads or lakes are imaged in many datasets and have known scattering responses. The proposed method forms a system of linear equations with the recorded scattering signatures from these known targets, scattering signatures from crossing flight paths, and the radiometric correction terms. A least squares solution to optimize the radiometric correction terms is calculated, which minimizes the error function representing the mismatch in expected and measured scattering. The new correction terms will be used to correct the remaining mission data. The radar depth sounder data from all OIB campaigns can be reprocessed to produce absolutely calibrated echograms for the Arctic and Antarctic. A software simulator will be developed to study calibration errors and verify the calibration software. The software for processing natural targets will be made available in CReSIS’s open-source polar radar software toolbox. The OIB data will be reprocessed with new calibration terms, providing to the data user community a complete set of radiometrically calibrated radar echograms for the CReSIS OIB radar depth sounder for the first time.

The surface electromagnetic waves that propagate along a metal-dielectric or a metal-air interface are called surface plasmon polaritons (SPPs). However, as the tangential wavevector component is larger than what is permitted for the homogenous plane wave in the dielectric medium this poses a phase-matching issue. In other words, the available spatial vector in the dielectric at a given frequency is smaller than what is required by SPP to be excited. The most commonly known technique to bypass this problem is by using the Otto and Kretschmann configurations. A glass prism is used to increase the available spatial vector in dielectric/air. Other methods are evanescent field directional coupling and optical grating. Even with all these methods, it is still challenging to couple the SPPs having a large propagation constant.  

A novel way to efficiently inject the power into SPPs is via temporal modulation of the dielectric adhered to the metal. The dielectric constant is modulated in time using an incident pump field. As a result of the induced changes in the dielectric constant, spatial vector shortage is eliminated. In other words, there is enough spatial vector in the dielectric to excite SPPs. As SPPs applicability is widely studied in numerous applications, this method gives a new way of evoking SPPs. Hence, this technique opens new possibilities in the surface plasmon polariton study. One of the applications that we discuss in details is the optical limiting.  

Waveform diversity desires to optimize the Radar waveform given the constraints and objectives of a particular task or scenario. Recent advances in electronics have significantly expanded the design space of waveforms. The resulting waveforms of various waveform diverse approaches possess complex structures which have temporal, spectral, and spatial extents. The utilization of optimization in many of these approaches results in complex signal structures that are not imagined a priori, but are instead the product of algorithms. Traditional waveform analysis using the frequency spectrum, autocorrelation, and beampatterns of waveforms provide the majority of metrics of interest. But as these new waveforms’ structure increases in complexity, and the constraints of their use tighten, further aspects of the waveform’s structure must be considered, especially the true occupancy of the waveforms in the transmission hyperspace. Time-Frequency analysis can be applied to these waveforms to better understand their behavior and to inform future design. These tools are especially useful for spectrally shaped random FM waveforms as well as spatially shaped spatial beams. Both linear and quadratic transforms are used to study the emissions in time, frequency, and space dimensions. Insight on waveform generation is observed and future design opportunities are identified.

The Center for Remote Sensing and Integrated Systems (CReSIS) has enabled the development of several radars for measuring ice and snow depth. One of these systems is the Ultra-Wideband (UWB) Snow Radar, which operates in microwave range and can provide measurements with cm-scale vertical resolution. To date, renditions of this system demand medium to high size, weight and power (SWaP) characteristics. To facilitate a more flexible and mobile measurement setup with these systems, it became necessary to reduce the SWaP of the radar electronics. This thesis focuses on the design of several compact RF and microwave modules enabling integration of a full UWB radar system weighing < 5 lbs and consuming < 30 W of DC power. This system is suitable for operation over either 12-18 GHz or 2-8 GHz in platforms with low SWaP requirements, such as unmanned aerial systems (UAS). The modules developed as a part of this work include a VCO-based chirp generation module, downconverter modules, and a set of modules for a receiver front end, each implemented on a low-cost laminate substrate. The chirp generator uses a Phase Locked Loop (PLL) based on an architecture previously developed at CReSIS and offers a small form factor with a frequency non-linearity of 0.0013% across the operating bandwidth (12-18 GHz) using sub-millisecond pulse durations. The down-conversion modules were created to allow for system operation in the S/C frequency band (2-8 GHz) as well as the default Ku band (12-18 GHz). Additionally, an RF receiver front end was designed, which includes a microwave receiver module for de-chirping and an IF module for signal conditioning before digitization. The compactness of the receiver modules enabled the demonstration of multi-channel data acquisition without multiplexing from two different aircraft. A radar test-bed largely based on this compact system was demonstrated in the laboratory and used as part of a dual-frequency instrument for a surface-based experiment in Antarctica. The laboratory performance of the miniaturized radar is comparable to the legacy 2-8 GHz snow radar and 12-18 GHz Ku-band radar systems. The 2-8 GHz system is currently being integrated into a class-I UAS.