Defense Notices

Soft errors are frequent occurrences within extensive computing platforms, primarily attributed to the growing size and intricacy of high-performance computing (HPC) systems. To safeguard scientific applications against such errors, diverse resilience approaches have been introduced, encompassing techniques like checkpointing, Algorithm-Based Fault Tolerance (ABFT), and replication, each operating at distinct tiers of defense. Notably, system-level replication often necessitates the duplication or triplication of the entire computational process, yielding substantial resilience-associated costs. This project introduces a method for dynamic selective safeguarding of sparse iterative solvers, with a focus on the Preconditioned Conjugate Gradient (PCG) solver, aiming to mitigate system level resilience overhead. For this method, we leverage machine learning (ML) to predict the impact of soft errors that strike different elements of a key computation (i.e., sparse matrix-vector multiplication) at different iterations of the solver. Based on the result of the prediction, we design a dynamic strategy to selectively protect those elements that would result in a large performance degradation if struck by soft errors. Experimental assessment validates the efficacy of our dynamic protection strategy in curbing resilience overhead in contrast to prevailing algorithms.

The last century has seen incredible growth in the field of quantum computing. Quantum computation offers the opportunity to find efficient solutions to certain computational problems which are intractable on classical computers. One class of problems that seems to benefit from quantum computing is the Hidden Subgroup Problem (HSP). The HSP includes, as special cases, the problems of integer factoring, discrete logarithm, shortest vector, and subset sum - making the HSP incredibly important in various fields of research.                               

The presented research examines the HSP for Dihedral groups with order 2^n and proves a quantum polynomial-time reduction to the so-called Codomain Fiber Intersection Problem (CFIP). The usual approach to the HSP relies on harmonic analysis in the domain of the problem and the best-known algorithm using this approach is sub-exponential, but still super-polynomial. The algorithm we will present deviates from the usual approach by focusing on the structure encoded in the codomain and uses this structure to direct a “walk” down the subgroup lattice terminating at the hidden subgroup.                               

Though the algorithm presented here is specifically designed for the DHSP, it has potential applications to many other types of the HSP. It is hypothesized that any group with a sufficiently structured subgroup lattice could benefit from the analysis developed here. As this approach diverges from the standard approach to the HSP it could be a promising step in finding an efficient solution to this problem.

Information theory provides methods for quantifying the information content of observed signals and has found application in the radar sensing space for many years. Here, we examine a type of information derived from Fisher information known as Marginal Fisher Information (MFI) and investigate its use to design pulse-agile waveforms. By maximizing this form of information, the expected error covariance about an estimation parameter space may be minimized. First, a novel method for designing MFI optimal waveforms given an arbitrary waveform model is proposed and analyzed. Next, a transformed domain approach is proposed in which the estimation problem is redefined such that information is maximized about a linear transform of the original estimation parameters. Finally, informationally optimal waveform design is paired with informationally optimal estimation (receive processing) and are combined into a cognitive radar concept. Initial experimental results are shown and a proposal for continued research is presented.

In uniform pulse-Doppler radar, there is a well known trade-off between unambiguous Doppler and unambiguous range. Pulse repetition interval (PRI) staggering, a technique that involves modulating the interpulse times, addresses this trade-space allowing for expansion of the unambiguous Doppler domain with little range swath incursion. Random PRI staggering provides additional diversity, but comes at the cost of increased Doppler sidelobes. Thus, careful PRI sequence design is required to avoid spurious sidelobe peaks that could result in false alarms.

In this thesis, two random PRI stagger models are defined and compared, and sidelobe peak mitigation is discussed. First, the co-array concept (borrowed from the intuitively related field of sparse array design in the spatial domain) is utilized to examine the effect of redundancy on sidelobe peaks for random PRI sequences. Then, a sidelobe peak suppression technique is introduced that involves a gradient-based optimization of the random PRI sequences, producing pseudo-random sequences that are shown to significantly reduce spurious Doppler sidelobes in both simulation and experimentally.

Electrostriction in an optical fiber is introduced by the interaction between the forward propagated optical signal and the acoustic standing waves in the radial direction resonating between the center of the core and the cladding circumference of the fiber. The response of electrostriction is dependent on fiber parameters, especially the mode field radius. A novel technique is demonstrated to characterize fiber properties by means of measuring their electrostriction response under intensity modulation. As the spectral envelope of electrostriction-induced propagation loss is anti-symmetrical, the signal-to-noise ratio can be significantly increased by subtracting the measured spectrum from its complex conjugate. It is shown that if the transversal field distribution of the fiber propagation mode is Gaussian, the envelope of the electrostriction-induced loss spectrum closely follows a Maxwellian distribution whose shape can be specified by a single parameter determined by the mode field radius. 

Machine learning (ML) has transformed numerous domains, demonstrating exceptional per-

performance in autonomous driving, medical diagnosis, and decision-making tasks. Nevertheless, ensuring the trustworthiness of ML models remains a persistent challenge, particularly with the emergence of new applications. The primary challenges in this context are the selection of an appropriate solution from a multitude of options, mitigating adversarial attacks, and advancing towards a unified solution that can be applied universally.

The thesis comprises three interconnected parts, all contributing to the overarching goal of improving trustworthiness in machine learning. Firstly, it introduces an automated machine learning (AutoML) framework that streamlines the training process, achieving optimum performance, and incorporating existing solutions for handling trustworthiness concerns. Secondly, it focuses on enhancing the robustness of machine learning models, particularly against adversarial attacks. A robust detector named "Argos" is introduced as a defense mechanism, leveraging the concept of two "souls" within adversarial instances to ensure robustness against unknown attacks. It incorporates the visually unchanged content representing the true label and the added invisible perturbation corresponding to the misclassified label. Thirdly, the thesis explores the realm of causal ML, which plays a fundamental role in assisting decision-makers and addressing challenges such as interpretability and fairness in traditional ML. By overcoming the difficulties posed by selective confounding in real-world scenarios, the proposed scheme utilizes dual-treatment samples and two-step procedures with counterfactual predictors to learn causal relationships from observed data. The effectiveness of the proposed scheme is supported by theoretical error bounds and empirical evidence using synthetic and real-world child placement data. By reducing the requirement for observed confounders, the applicability of causal ML is enhanced, contributing to the overall trustworthiness of machine learning systems.

Today’s smartphone platforms have millions of applications, which not only access users’ private data but also information from the connected external services and IoT/CPS devices. Mobile application security involves protecting sensitive information and securing communication between the application and external services or devices. We focus on these two key aspects of mobile application security.

In the first part of this dissertation, we aim to ensure the security of user information collected by mobile apps. Mobile apps seek consent from users to approve various permissions to access sensitive information such as location and personal information. However, users often blindly accept permission requests and apps start to abuse this mechanism. As long as a permission is requested, the state-of-the-art security mechanisms will treat it as legitimate. We ask the question whether the permission requests are valid? We attempt to validate permission requests using statistical analysis on permission sets extracted from groups of functionally similar apps. We detected mobile applications with abusive permission access and measure the risk of information leaks through each mobile application.

Second, we propose to investigate the security of auto companion apps. Auto companion apps are mobile apps designed to remotely connect with cars to provide features such as diagnostics, navigation, entertainment, and safety alerts. However, this can lead to several security threats, for instance, onboard information of vehicles can be tracked or altered through a malicious app. We design a comprehensive security analysis framework on automotive companion apps all stages of communication and collaboration between vehicles and companion apps such as connection establishment, authentication, encryption, information storage, and Vehicle diagnostic and control command access. By conducting static and network traffic analysis of Android OBD apps, we identify a series of vulnerability scenarios. We further evaluate these vulnerabilities with vehicle-based testing and identify potential security threats associated with auto companion apps

Layered attestation is a process by which one can establish trust in a remote party. It is a special case of attestation in which different layers of the attesting system are handled distinctly. This type of trust is desirable because a vast and growing number of people depend on networked devices to go about their daily lives. Current architectures for remote attestation are lacking in process isolation, which is evidenced by the existence of virtual machine escape exploits. This implies a deficiency of trustworthy ways to determine whether a networked Linux system has been exploited. The seL4 microkernel, uniquely in the world, has machine-checked proofs concerning process confidentiality and integrity. The seL4 microkernel is leveraged here to provide a verified level of software-based process isolation. When complemented with a comprehensive collection of measurements, this architecture can be trusted to report its own corruption. The architecture is described, implemented, and tested against a variety of exploits, which are detected using introspective measurement techniques.

Multimedia networking is the area of study associated with the delivery of heterogeneous data including, but not limited to, imagery, video, audio, and interactive content. Multimedia and communication network researchers have continually struggled to devise solutions for addressing the three core challenges in multimedia delivery: security, reliability, and performance. Solutions to these challenges typically exist in a spectrum of compromises achieving gains in one aspect at the cost of one or more of the others. Networked videogames represent the pinnacle of multimedia presented in a real-time interactive format. Continual improvements to multimedia delivery have led to tools such as buffering, redundant coupling of low-resolution alternative data streams, congestion avoidance, and forced in-order delivery of best-effort service; however, videogames cannot afford to pay the latency tax of these solutions in their current state.

I developed the Secure Multi-Channel Internet Memory Information Control (S-MIMIC) protocol as a novel solution to address these challenges. The S-MIMIC protocol leverages recent developments in blockchain and distributed ledger technology, coupled with creative enhancements to data representation and a novel data model. The S-MIMIC protocol also implements various novel algorithms for create, read, update, and delete (CRUD) interactions with distributed ledger and blockchain technologies. For validation, the S-MIMIC protocol was integrated with an open source open source First-Person Shooter (FPS) videogame to demonstrate its ability to transfer complex data structures under extreme network latency demands. The S-MIMIC protocol demonstrated improvements in confidentiality, integrity, availability and data read operations under all test conditions. Data write performance of S-MIMIC is slightly below traditional TCP-based networking in unconstrained networks, but matches performance in networks exhibiting 150 milliseconds of delay or more.

Though the S-MIMIC protocol was evaluated for use in networked videogames, its potential uses are far reaching with promising applicability to medical information, legal documents, financial transactions, information security threat feeds and many other use cases that require security, reliability and performance guarantees.

The deep neural network (DNN) models are the core components of the machine learning solutions. However, their wide adoption in real-world applications raises increasing security concerns. Various attacks have been proposed against DNN models, such as the evasion and backdoor attacks. Attackers utilize adversarially altered samples, which are supposed to be stealthy and imperceptible to human eyes, to fool the targeted model into misbehaviors. This could result in severe consequences, such as self-driving cars ignoring traffic signs or colliding with pedestrians.

In this work, we aim to investigate the security and robustness of deep learning systems against stealthy attacks. To do this, we start by reevaluating the stealthiness assumptions made by the start-of-the-art attacks through a comprehensive study. We implement 20 representative attacks on six benchmark datasets. We evaluate the visual stealthiness of the attack samples using 24 metrics for image similarity or quality and over 30,000 annotations in a user study. Our results show that the majority of the existing attacks introduce non-negligible perturbations that are not stealthy. Next, we propose a novel model-poisoning neural Trojan, namely LoneNeuron, which introduces only minimum modification to the host neural network with a single neuron after the first convolution layer. LoneNeuron responds to feature-domain patterns that transform into invisible, sample-specific, and polymorphic pixel-domain watermarks. With high attack specificity, LoneNeuron achieves a 100% attack success rate and does not compromise the primary task performance. Additionally, its unique watermark polymorphism further improves watermark randomness, stealth, and resistance to Trojan detection.