Defense Notices

In the wake of the Facebook data breach scandal, users begin to realize how vulnerable their per-sonal data is and how blindly they trust the online social networks (OSNs) by giving them an inordinate amount of private data that touch on unlimited areas of their lives. In particular, stud-ies show that users sometimes reveal too much information or unintentionally release regretful messages, especially when they are careless, emotional, or unaware of privacy risks. Additionally, friends on social media platforms are also found to be adversarial and may leak one’s private in-formation. Threats from within users’ friend networks – insider threats by human or bots – may be more concerning because they are much less likely to be mitigated through existing solutions, e.g., the use of privacy settings. Therefore, we argue that the key component of privacy protection in social networks is protecting sensitive/private content, i.e. privacy as having the ability to control dissemination of information. A mechanism to automatically identify potentially sensitive/private posts and alert users before they are posted is urgently needed.

In this dissertation, we propose a context-aware, text-based quantitative model for private information assessment, namely PrivScore, which is expected to serve as the foundation of a privacy leakage alerting mechanism. We first solicit diverse opinions on the sensitiveness of private information from crowdsourcing workers, and examine the responses to discover a perceptual model behind the consensuses and disagreements. We then develop a computational scheme using deep neural networks to compute a context-free PrivScore (i.e., the “consensus” privacy score among average users). Finally, we integrate tweet histories, topic preferences and social contexts to generate a per-sonalized context-aware PrivScore. This privacy scoring mechanism could be employed to identify potentially-private messages and alert users to think again before posting them to OSNs. Such a mechanism could also benefit non-human users such as social media chatbots.​

The Internet of Things is a rapidly growing field that offers improved data collection, analysis and automation as solutions for everyday problems. A smart-city is one major example where these solutions can be applied to issues with urbanization. And while these solutions can help improve the quality of life of the citizens, there are always security & privacy risks. Data collected in a smart-city can infringe upon the privacy of users and reveal potentially harmful information. One example is a surveillance system in a smart city. Research shows that people are less likely to commit crimes if they are being watched. Video footage can also be used by law enforcement to track and stop criminals. But it can also be harmful if accessible to untrusted users. A malicious user who can gain access to a surveillance system can potentially use that information to harm others. There are researched methods that can be used to encrypt the video feed, but then it is only accessible to the system owner. Polls show that public opinion of surveillance systems is declining even if they provide increased security because of the lack of transparency in the system. Therefore, it is vital for the system to be able to do its intended purpose while also preserving privacy and holding malicious users accountable.  

To help resolve these issues with privacy & accountability and to allow for collaboration, we propose Corvus, an IoT surveillance system that targets smart communities. Corvus is a collaborative blockchain based surveillance system that uses context-based image captioning to anonymously describe events & people detected. These anonymous captions are stored on the immutable blockchain and are accessible by other users. If they find the description from another camera relevant to their own, they can request the raw video footage if necessary. This system supports collaboration between cameras from different networks, such as between two neighbors with their own private camera networks.  This paper will explore the design of this system and how it can be used as a privacy-preserving, but translucent & accountable approach to smart-city surveillance. Our contributions include exploring a novel approach to anonymizing detected events and designing the surveillance system to be privacy-preserving and collaborative.

Dynamic binary translation is the process of translating instruction code from one architecture to another while it executes, i.e., dynamically. As modern applications are becoming larger, more complex and more dynamic, the tools to manipulate these programs are also becoming increasingly complex. DynamoRIO is one such dynamic binary translation tool that targets the most common IA-32 (a.k.a. x86) architecture on the most popular operating systems - Windows and Linux. DynamoRIO includes applications ranging from program analysis and understanding to profiling, instrumentation, optimization, improving software security, and more. However, even considering all of these optimization techniques, DynamoRIO still has the limitations of performance and memory usage, which restrict deployment scalability. The goal of my thesis is to break down the various aspects which contribute to the overhead burden and evaluate which factors directly contribute to this overhead. This thesis will discuss all of these factors in further detail. If the process can be streamlined, this application will become more viable for widespread adoption in a variety of areas. We have used industry standard Mi benchmarks in order to evaluate in detail the amount and distribution of the overhead in DynamoRIO. Our statistics from the experiments show that DynamoRIO executes a large number of additional instructions when compared to the native execution of the application. Furthermore, these additional instructions are involved in building the basic blocks, linking, trace creation, and resolution of indirect branches, all of which in return contribute to the frequent exiting of the code cache. We will discuss in detail all of these overheads, show statistics of instructions for each overhead, and finally show the observations and analysis in this defense.

Optical sensors are increasingly prevalent devices whose costs tend to increase with their sensitivity. A hike in sensitivity is typically associated with fragility, rendering expensive devices vulnerable to threats of high intensity illumination. These potential costs and even security risks have generated interest in devices that maintain linear transparency under tolerable levels of illumination, but can quickly convert to opaque when a threshold is exceeded. Such a device is deemed an optical limiter. Copious amounts of research have been performed over the last few decades on optical nonlinearities and their efficacy in limiting. This work provides an overview of the existing literature and evaluates the applicability of known limiting materials to threats that vary in both temporal and spectral width. Additionally, we introduce the concept of plasmonic parametric resonance (PPR) and its potential for devising a new limiting material, the plasmonic parametric absorber (PPA). We show that this novel material exhibits a reverse saturable absorption behavior and promises to be an effective tool in the kit of optical limiter design.

The Internet of Things is been a rapidly growing field that offers improved data collection, analysis and automation as solutions for everyday problems. A smart-city is one major example where these solutions can be applied to issues with urbanization. And while these solutions can help improve the quality of live of the citizens, there are always security & privacy risks. Data collected in a smart-city can infringe upon the privacy of users and reveal potentially harmful information. One example is a surveillance system in a smart city. Research shows that people are less likely to commit crimes if they are being watched. Video footage can also be used by law enforcement to track and stop criminals. But it can also be harmful if accessible to untrusted users. A malicious user who can gain access to a surveillance system can potentially use that information to harm others. There are researched methods that can be used to encrypt the video feed, but then it is only accessible to the system owner. Polls show that public opinion of surveillance systems is declining even if they provide increased security because of the lack of transparency in the system. Therefore, it is vital for the system to be able to do its intended purpose while also preserving privacy and holding malicious users accountable. 

To help resolve these issues with privacy & accountability and to allow for collaboration, we propose Corvus, an IoT surveillance system that targets smart communities. Corvus is a collaborative blockchain based surveillance system that uses context-based image captioning to anonymously describe events & people detected. These anonymous captions are stored on the immutable blockchain and are accessible by other users. If they find the description from another camera relevant to their own, they can request the raw video footage if necessary. This system supports collaboration between cameras from different networks, such as between two neighbors with their own private camera networks. This paper will explore the design of this system and how it can be used as a privacy-preserving, but translucent & accountable approach to smart-city surveillance. Our contributions include exploring a novel approach to anonymizing detected events and designing the surveillance system to be privacy-preserving and collaborative.

Interference has been a subject of interest to radars for generations due to its ability to degrade performance. Commercial radars can experience radio frequency (RF) interference from a different RF service (such as radio broadcasting, television broadcasting, communications, satellites, etc.) if it operates simultaneously in the same spectrum. The RF spectrum is a finite asset that is regulated to mitigate interference and maximum resources. Recently, shared spectrum have been proposed to accommodate the growing commercial demand of communication systems.  Airborne radars, performing ground moving target indication (GMTI), encounter interference from clutter scattering that may mask slow-moving, low-power targets. Least-squares (LS) optimal and re-iterative minimum-mean square error (RMMSE) adaptive mismatch processing recent advancements are proposed for GMTI and shared spectrum. Each estimation technique reduces sidelobes, provides less signal-to-noise loss, and less resolution degradation than windowing. For GMTI, LS and RMMSE filters are considered with angle-Doppler filters and pre-existing interference cancellation techniques for better detection performance. Application specific reduce rank versions of the algorithms are also introduced for real-time operation. RMMSE is further considered to separate radar and mobile communication systems operating in the same RF band to mitigate interference and information loss.

Managed language virtual machines (VM) rely on dynamic or just-in-time (JIT) compilation to generate optimized native code at run-time to deliver high execution performance.  Many VMs and JIT compilers collect \emph{profile} data at run-time to enable profile-guided optimizations (PGO) that customize the generated native code to different program inputs.  PGOs are generally considered integral for VMs to produce high-quality and performant native code.  Likewise, many static, ahead-of-time (AOT) compilers employ PGOs to achieve peak performance, though they are less commonly employed in practice. 

We propose a study that analyzes and quantifies the performance benefits of PGOs in both AOT and JIT enviroments, understand the importance of profiling data quantity and quality/accuracy to effectively guide PGOs, and assess the impact of individual PGOs on performance.  Additionally, we propose an extension of PGOs found in AOT compiler based on specialization and seek to perform a feasibility study to determine its viability.

As the upcoming fifth-generation (5G) and future wireless network is envisioned in areas such as augmented and virtual reality, industrial control, automated driving or flying, robotics, etc, the requirement of supporting ultra-reliable low-latency communications (URLLC) is increasingly urgent than ever. From the channel coding perspective, URLLC requires codewords being transported in finite block-lengths. In this regards, we propose novel encoding algorithms and analyze their performance behaviors for the finite-length Luby transform (LT) codes. 

Luby transform (LT) codes, the first practical realization and the fundamental core of fountain codes, play a key role in the fountain codes family. Recently, researchers show that the performance of LT codes for finite block-lengths can be improved by adding memory into the encoder. However, this work only utilizes one memory, leaving the possibilities of exploiting and how to exploiting more memories an open problem. To explore this unknown, in this work we propose an entire family of memory based LT encoders, and analyze their performance behaviors thoroughly over binary erasure channels and AWGN channels. 

Data mining is an important part of the knowledge discovery process. Data mining helps in finding out patterns across large data sets and establishing relationship through data analysis to solve problems.

Input data sets are often incomplete, i.e., some attribute values are missing. The rough set theory offers mathematical tools to discover patterns hidden in inconsistent and incomplete data. Rough set theory handles inconsistent data by introducing probabilistic approximations. These approximations are combined with an additional parameter (or threshold) called alpha.

The main objective of this project is to compare global and saturated probabilistic approximations using characteristic sets in mining incomplete data. Eight different data sets with 35% missing values were used for experiments. Two different variations of missing values were used, namely, lost values and "do not care" conditions. For rule induction, we implemented the single local probabilistic approximation version of MLEM2. We implemented a rule checker system to verify the accuracy of our generated ruleset by computing the error rate. Along with the rule checker system, the k-fold cross-validation technique was implemented with a value of k as ten to validate the generated rule sets. Finally, a statistical analysis was done for all the approaches using the Friedman test.

Mobile application security concerns safeguarding mobile apps from threats, such as malware, password cracking, social engineering and other attacks. Application security is crucial for every enterprise, as the business can be developed only with the guarantee that the apps are secure from potential threats. Open Web Application Security Project(OWASP) has compiled a list of top 10 mobile risks, and has formulated a set of guidelines for app development and testing. The objective of my project is to analyze the security risks of android application, using the guidelines from OWASP top 10. With the help of suitable tools, analysis is done to identify the vulnerabilities and threats in android applications, on API 4.4.1. Numerous tools have been used as a part of this endeavor, all of them are open source and freely available. As a part of this project, I have also attempted to demonstrate each of the top 10 risks, using individual android applications. A detailed analysis was performed on each of the top 10 mobile risks, and suitable countermeasures for mitigation was provided. A detailed survey of 100 popular applications from the Google Play store was also performed and the risks were categorized into low, medium and high impact, depending on the level of threats.​