Defense Notices

Software vulnerabilities, stemming from coding weaknesses and poor development practices, have become increasingly prevalent. These vulnerabilities could be exploited by attackers to pose risks to the confidentiality, integrity, and availability of software. To protect themselves, end-users of software may have an interest in knowing if the software they buy and use is secure from such attacks. Our work is motivated by this need to automatically assess and rate the security properties of binary software.

To increase user trust in third-party software, researchers have devised several techniques and tools to identify and mitigate coding weaknesses in binary software. Therefore, our first task in this work is to assess the current landscape and comprehend the capabilities and challenges faced by binary-level techniques aimed at detecting critical coding weaknesses in software binaries. We categorize the most important coding weaknesses in compiled programming languages, and conduct a comprehensive survey, exploration, and comparison of static techniques designed to locate these weaknesses in software binaries. Furthermore, we perform an independent assessments of the efficacy of open-source tools using standard benchmarks.

Next, we develop techniques to assess if secure coding principles were adopted during the generation of the software binary. Towards this goal, we first develop techniques to determine the high-level source language used to produce the binary. Then, we check the feasibility of detecting the use of secure coding best practices during code development. Finally, we check the feasibility of detecting the vulnerable regions of code in any binary executable. Our ultimate future goal is to employ all of our developed techniques to rate the security-quality of the given binary software.

With threat actors ever evolving, the need for secure communications continues to grow. By using non-traditional means as a way of a communication network, it is possible to securely communicate within a region using the bluetooth mesh protocol. The goal is to automatically place these mesh devices in a defined region in order to ensure the integrity and reliability of the network, while also ensuring the least number of devices are placed. By placing a provisioner node, the rest of the specified region populates with mesh nodes that act as relays, creating a network allowing users to communicate within. By utilizing Dijkstra’s algorithm, it is possible to calculate the Time to Live (TTL) between two given nodes in the network, which is an important metric as it directly affects how far apart two users can be within the region. When placing the nodes, a range for the nodes being used is specified and accounted for, which impacts the number of nodes needed within the region. Results show that when nodes are placed at coordinate points given by the generated map, users are able to communicate effectively across the specified region. In this project, a web interface is created in order to allow a user to specify the TTL, range, and the number of nodes to use, and proceeds to place each device within the region drawn by the user.

Large Language Models (LLMs) have become integral to natural language processing, involving initial broad pretraining on generic data followed by fine-tuning for specific tasks or domains. While advancements in Parameter Efficient Fine-Tuning (PEFT) techniques have made strides in reducing resource demands for LLM fine-tuning, they possess individual constraints. This project addresses the challenges posed by PEFT in the context of transformers architecture for sequence-to-sequence tasks, by integrating two pivotal techniques: Low-Rank Adaptation (LoRA) for computational efficiency and adaptive layers for task-specific customization. To overcome the limitations of LoRA, we introduce a simple yet effective hyper alignment adapter, that leverages a hypernetwork to generate decoder inputs based on encoder outputs, thereby serving as a crucial bridge to improve alignment between the encoder and the decoder. This fusion strikes a balance between the fine-tuning complexity and task performance, mitigating the individual drawbacks while improving the encoder-decoder alignment. As a result, we achieve more precise and contextually relevant sequence generation. The proposed solution improves the overall efficiency and effectiveness of LLMs in sequence-to-sequence tasks, leading to better alignment and more accurate output generation.

Having control over nano- and micro-sized objects' position inside a suspension is crucial in many applications such as: trapping and manipulating microscopic objects, sorting particles and living microorganisms, and building microscopic size 3D crystal structures and lattices. This control can be achieved by judiciously engineering optical forces and light-matter interactions inside colloidal suspensions that result in optical trapping. However, in the current techniques, to confine and transport particles in 3D, the use of high NA (Numerical Aperture) optics is a must. This in turn leads to several disadvantages such as alignment complications, narrow field of view, low stability values, and undesirable thermal effects. Hence, here we study a novel optical trapping method that we named asymmetric counter-propagating beams where optical forces are engineered to overcome the aforementioned limitations of existing methods. This novel system is significantly easier to align due to its utilization of much lower NA optics in combination with engineered beams which create a very flexible manipulating system. This new approach allows the trapping and manipulation of different shape objects, sizing from tens of nanometers to hundreds of micrometers by exploiting asymmetrical optical fields with high stability. In addition, this technique also allows for significantly larger particle trapping volumes. As a result, we can apply this method to trapping much larger particles and microorganisms that have never been trapped optically before as well as building 3D lattices and crystal structures of microscopic-sized particles. Finally, this novel approach allows for the integration of a variety of spectroscopy and microscopy techniques, such as light-sheet fluorescence microscopy, to extract time-sensitive information and acquire images with detailed features from trapped entities.

We describe an autonomous driving system that uses reinforcement learning to train a car to drive without the need for collecting training input from human drivers.  We achieve this by using the Advantage Actor Critic reinforcement system that trains the car based on continuously adapting the model to minimize the penalty received by the car.  This penalty is determined if the car intersected the borders of the track on which it is driving.  We show the resilience of the proposed autonomously trained system to noisy sensor inputs and variations in the shape of the track.

The Center for Oldest Ice Exploration (COLDEX) is an NSF-funded multi-institution collaboration to explore Antarctica for the oldest possible continuous ice record. It comprises of exploration and modelling teams that are using instruments like radars, lidars, gravimeters, and magnetometers to select candidate locations to collect a continuous 1.5-million-year ice core. To assist in this search for old ice, the Center for Remote Sensing and Integrated Systems (CReSIS) at the University of Kansas developed a new airborne higher-power version of the 600-900 MHz Accumulation Radar with a much larger multichannel cross-track antenna array. The fuselage portion of the antenna array is a 64-element 0.9 m by 3.8 m array with 4 elements in along-track and 16 elements in cross-track. Each element is a dual-polarized microstrip antenna and each column of 4 elements is power combined into a single channel resulting in 16 cross-track channels. Power is transmitted across 4 cross-track channels on either side of the fuselage array alternatingly to produce a total peak power of 6.4 kW (before losses). Three additional antennas are integrated on each wing to lengthen the antenna aperture. A novel receiver concept is developed using limiters to compress the dynamic range to simultaneously capture the strong ice surface and weak ice bottom returns. This system was flown on a Basler aircraft at the South Pole during the 2022-2023 Austral Summer season and will be flown again during the upcoming 2023-2024 season for repeat interferometry. This work describes the current radar system design and proposes to develop improvements to the compact, high-power divider and large multichannel polarimetric array used by the radar. It then proposes to develop and implement a system engineering perspective on the calibration of this multi-pass imaging radar.

Even for a fixed time-bandwidth product there are infinite possible spectrally-shaped random FM (RFM) waveforms one could generate due to their being phase-continuous. Moreover, certain RFM classes rely on an imposed basis-like structure scaled by underlying parameters that can be optimized (e.g. gradient descent and greedy search have been demonstrated). Because these structures must include oversampling with respect to 3-dB bandwidth to account for sufficient spectral roll-off (necessary to be physically realizable in hardware), they are not true bases (i.e. not square). Therefore, any individual structure cannot represent all possible waveforms, with the waveforms generated by a given structure tending to possess similar attributes. Unless of course we consider over-coded polyphaser-coded FM (PCFM), which increases the number of elements in the parameter vector, while maintaining the relationship between waveform samples and the time-bandwidth product. Which presents the potential for a true bases, if there is a constraint either explicit or implicit that will constrain the spectrum. Here we examine waveforms possessing different attributes, as well as the potential for a true basis which may inform their selection for given radar applications.

During the car insurance claims process after an accident has occurred, a vehicle must be assessed by a claims adjuster manually. This process will take time and often results in inaccuracies between what a customer is paid and what the damages actually cost. Separately, companies like KBB and Carfax rely on previous claims records or untrustworthy user input to determine a car’s damage and valuation. Part of this process can be automated to determine where exterior vehicle damage exists on a vehicle. 

In this project, a deep-learning approach is taken using the MaskR-CNN model to train on a dataset for instance segmentation. The model can then outline and label instances on images where vehicles have dents, scratches, cracks, broken glass, broken lamps, and flat tires. The results have shown that broken glass, flat tires, and broken lamps are much easier to locate than the remaining categories, which tend to be smaller in size. These predictions have an end goal of being used as an input for damage cost prediction. 

During the car insurance claims process after an accident has occurred, a vehicle must be assessed by a claims adjuster manually. This process will take time and often results in inaccuracies between what a customer is paid and what the damages actually cost. Separately, companies like KBB and Carfax rely on previous claims records or untrustworthy user input to determine a car’s damage and valuation. Part of this process can be automated to determine where exterior vehicle damage exists on a vehicle. 

In this project, a deep-learning approach is taken using the MaskR-CNN model to train on a dataset for instance segmentation. The model can then outline and label instances on images where vehicles have dents, scratches, cracks, broken glass, broken lamps, and flat tires. The results have shown that broken glass, flat tires, and broken lamps are much easier to locate than the remaining categories, which tend to be smaller in size. These predictions have an end goal of being used as an input for damage cost prediction. 

During the car insurance claims process after an accident has occurred, a vehicle must be assessed by a claims adjuster manually. This process will take time and often results in inaccuracies between what a customer is paid and what the damages actually cost. Separately, companies like KBB and Carfax rely on previous claims records or untrustworthy user input to determine a car’s damage and valuation. Part of this process can be automated to determine where exterior vehicle damage exists on a vehicle. 

In this project, a deep-learning approach is taken using the MaskR-CNN model to train on a dataset for instance segmentation. The model can then outline and label instances on images where vehicles have dents, scratches, cracks, broken glass, broken lamps, and flat tires. The results have shown that broken glass, flat tires, and broken lamps are much easier to locate than the remaining categories, which tend to be smaller in size. These predictions have an end goal of being used as an input for damage cost prediction.