Defense Notices

In the light of rapid advancement of global connectivity and the increasing reliance on multilingual communication, speech-based Machine Translation (MT) systems have emerged as essential technologies for facilitating seamless cross-lingual interaction. These systems enable individuals and organizations to overcome linguistic boundaries by automatically translating spoken language in real time. However, despite their growing ubiquity in various applications such as virtual assistants, international conferencing, and accessibility services, the security and robustness of speech-based MT systems remain underexplored. In particular, limited attention has been given to understanding their vulnerabilities under adversarial conditions, where malicious actors intentionally craft or manipulate speech inputs to mislead or degrade translation performance.

This thesis presents a comprehensive investigation into the security landscape of speech-based machine translation systems from an adversarial perspective. We systematically categorize and analyze potential attack vectors, evaluate their success rates across diverse system architectures and environmental settings, and explore the practical implications of such attacks. Furthermore, through a series of controlled experiments and human-subject evaluations, we demonstrate that adversarial manipulations can significantly distort translation outputs in realistic use cases, thereby posing tangible risks to communication reliability and user trust.

Our findings reveal critical weaknesses in current MT models and underscore the urgent need for developing more resilient defense strategies. We also discuss open research challenges and propose directions for building secure, trustworthy, and ethically responsible speech translation technologies. Ultimately, this work contributes to a deeper understanding of adversarial robustness in multimodal language systems and provides a foundation for advancing the security of next-generation machine translation frameworks.

As high-performance computing (HPC) systems achieve exascale capabilities, traditional single-objective schedulers that optimize solely for performance prove inadequate for environments requiring simultaneous optimization of energy efficiency and system resilience. Current scheduling approaches result in suboptimal resource utilization, excessive energy consumption, and reduced fault tolerance in the demanding requirements of large-scale scientific applications. This dissertation proposes a novel multi-objective optimization framework that integrates graph neural networks (GNNs) with reinforcement learning (RL) to jointly optimize performance, energy efficiency, and system resilience in HPC workload scheduling. The central hypothesis posits that graph-structured representations of workloads and system states, combined with adaptive learning policies, can significantly outperform traditional scheduling methods in complex, dynamic HPC environments. The proposed framework comprises three integrated components: (1) GNN-RL, which combines graph neural networks with reinforcement learning for adaptive policy development; (2) EA-GATSched, an energy-aware scheduler leveraging Graph Attention Networks; and (3) HARMONIC (Holistic Adaptive Resource Management for Optimized Next-generation Interconnected Computing), a probabilistic model for workload uncertainty quantification. The proposed methodology encompasses novel uncertainty modeling techniques, scalable GNN-based scheduling algorithms, and comprehensive empirical evaluation using production supercomputing workload traces. Preliminary results demonstrate 10-19% improvements in energy efficiency while maintaining comparable performance metrics. The framework will be evaluated across makespan reduction, energy consumption, resource utilization efficiency, and fault tolerance in various operational scenarios. This research advances sustainable and resilient HPC resource management, providing critical infrastructure support for next-generation scientific computing applications.

Remote attestation is a process of obtaining verifiable evidence from a remote party to establish trust. A relying party makes a request of a remote target that responds by executing an attestation protocol producing evidence reflecting the target's system state and meta-evidence reflecting the evidence’s integrity and provenance. This process occurs in the presence of adversaries intent on misleading the relying party to trust a target they should not. This research introduces a robust approach for evaluating and comparing attestation protocols based on their relative resilience against such adversaries. I develop a Rocq-based, formally-verified mathematical model aimed at describing the difficulty for an active adversary to successfully compromise the attestation. The model supports systematically ranking attestation protocols by the level of adversary effort required to produce evidence that does not accurately reflect the target’s state. My work aims to facilitate the selection of a protocol resilient to adversarial attack.

Ice-penetrating radar systems are critical tools in glaciology and climate research, supporting scientific missions such as that of the Center for Oldest Ice Exploration (COLDEX). A primary challenge for these radars is achieving sufficient dynamic range to capture both strong, shallow reflections from the ice surface without saturating the radar's analog to digital converter (ADC), and extremely weak signals from the deep bedrock. This thesis presents a non-conventional analog receiver architecture and signal processing methodology designed to enhance the dynamic range of a radar system by utilizing characterized signal compression. The core of this approach relies on the non-linear properties of a set of RF power limiters to compress high-power received signals.

A complete receiver module was designed, simulated, implemented on a 4-layer printed circuit board for operation in the 600-900 MHz band, with the design being adaptable to other frequency ranges (e.g. 140-215 MHz). Multiple modules based on this design were manufactured for three different multichannel radar systems. Characterization of the manufactured receiver blocks demonstrates reproducible performance, confirming the well-defined non-linear input and output power relationship, which is essential for this technique.

To recover the original signal from the compressed data, this work approaches the inversion problem using a machine learning technique. A 3-layer neural network was trained on a test data set generated from an exponentially-varying, single-tone waveform, mapping the compressed receiver output back to the original input envelope. The trained model was then validated using a distinct, triangular-amplitude-modulated test signal. The results show that the neural network can accurately predict and reconstruct the original, uncompressed waveform envelope from the compressed receiver output for discrete frequencies within the band of operation. This work serves as a successful proof-of-concept for a decompression-based analog receiver, offering an alternate and effective pathway to enhancing the dynamic range of ice-sounding radar systems.

The used car market is characterized by significant pricing variability, making it challenging for buyers and sellers to determine fair vehicle values. To address this, the project applies a machine learning–driven approach to predict used car prices based on real market data extracted from Cars.com. Following extensive data cleaning, feature engineering, and exploratory analysis, several predictive models were developed and evaluated. Among these, the Stacking Regressor demonstrated superior performance, effectively capturing non-linear pricing patterns and achieving the highest accuracy with the lowest prediction error. Key insights indicate that vehicle age and mileage are the primary drivers of price depreciation, while brand and vehicle category exert notable secondary influence. The resulting pricing model provides a data-backed, transparent framework that supports more informed decision-making and promotes fairness and consistency within the used car marketplace.

Querying information from relational databases often requires proficiency in SQL, creating a steep learning curve for users who lack programming or database management experience. Text-to-SQL systems aim to bridge this gap by automatically converting natural language questions into executable SQL statements. In recent years, multi-agent frameworks have gained traction for this task, as they enable complex query generation to be decomposed into specialized subtasks such as schema selection based on user intent, SQL synthesis, and refinement of SQL queries through execution-based error correction. This work explores the integration of a human feedback component within a multi-agent Text-to-SQL framework. Human input is introduced after the selector agent identifies relevant schemas and tables, offering targeted guidance before SQL generation. The objective is to examine how such feedback can improve the system’s accuracy and contextual understanding of queries. The implementation leverages OpenAI’s GPT-4.1 mini and GPT-4.1 nano models as the underlying language components. The evaluation is carried out using a standard Text-to-SQL benchmark dataset, focusing on key performance metrics such as execution accuracy and validity efficiency scores.

Software vulnerabilities are widespread, often resulting from coding weaknesses and poor development practices. These vulnerabilities can be exploited by attackers, posing risks to confidentiality, integrity, and availability. To protect themselves, end-users of software may have an interest in knowing whether the software they purchase, and use is secure from potential attacks. Our work is motivated by this need to automatically assess and rate the security properties of binary software.

While many researchers focus on developing techniques and tools to detect and mitigate vulnerabilities in binaries, our approach is different. We aim to determine whether the software has been developed with proper care. Our hypothesis is that software created with meticulous attention to security is less likely to contain exploitable vulnerabilities. As a first step, we examined the current landscape of binary-level vulnerability detection. We categorized critical coding weaknesses in compiled programming languages and conducted a detailed survey comparing static analysis techniques and tools designed to detect these weaknesses. Additionally, we evaluated the effectiveness of open-source CWE detection tools and analyzed their challenges. To further understand their efficacy, we conducted independent assessments using standard benchmarks.

To determine whether software is carefully and securely developed, we propose several techniques. So far, we have used machine learning and deep learning methods to identify the programming language of a binary at the functional level, enabling us to handle complex cases like mixed-language binaries and we assess whether vulnerable regions in the binary are protected with appropriate security mechanisms. Additionally, we explored the feasibility of detecting secure coding practices by examining adherence to SonarQube’s security-related coding conventions.

Next, we investigate whether compiler warnings generated during binary creation are properly addressed. Furthermore, we also aim to optimize the array bounds detection in the program binary. This enhanced array bounds detection will also increase the effectiveness of detecting secure coding conventions that are related to memory safety and buffer overflow vulnerabilities.

Our ultimate goal is to combine these techniques to rate the overall security quality of a given binary software.

Fully digital arrays enable realization of dual-function radar-communications systems which generate multiple simultaneous transmit beams with different modulation structures in different spatial directions. These spatially diverse transmissions are produced by designing the individual wave forms transmitted at each antenna element that combine in the far-field to synthesize the desired modulations at the specified directions. This thesis derives a look-up table (LUT) implementation of the existing Far-Field Radiated Emissions Design (FFRED) optimization framework. This LUT implementation requires a single optimization routine for a set of desired signals, rather than the previous implementation which required pulse-to-pulse optimization, making the LUT approach more efficient. The LUT is generated by representing the waveforms transmitted by each element in the array as a sequence of beamformers, where the LUT contains beamformers based on the phase difference between the desired signal modulations. The globally optimal beamformers, in terms of power efficiency, can be realized via the Lagrange dual problem for most beam locations and powers. The Phase-Attached Radar-Communications (PARC) waveform is selected for the communications waveform alongside a Linear Frequency Modulated (LFM) waveform for the radar signal. A set of FFRED LUTs are then used to simulate a radar transmission to verify the utility of the radar system. The same LUTs are then used to estimate the communications performance of a system with varying levels of the array knowledge uncertainty.

Trust is a fundamental issue in computer security. Frequently, systems implicitly trust in other

systems, especially if configured by the same administrator. This fallacious reasoning stems from the belief

that systems starting from a known, presumably good, state can be trusted. However, this statement only

holds for boot-time behavior; most non-trivial systems change state over time, and thus runtime behavior is

an important, oft-overlooked aspect of implicit trust in system security.

    To address this, attestation was developed, allowing a system to provide evidence of its runtime behavior to a

verifier. This evidence allows a verifier to make an explicit informed decision about the system’s trustworthiness.

As systems grow more complex, scalable attestation mechanisms become increasingly important. To apply

attestation to non-trivial systems, layered attestation was introduced, allowing attestation of individual

components or layers, combined into a unified report about overall system behavior. This approach enables

more granular trust assessments and facilitates attestation in complex, multi-layered architectures. With the

complexity of layered attestation, discerning whether a given protocol is sufficiently measuring a system, is

executable, or if all measurements are properly reported, becomes increasingly challenging.

    In this work, we will develop a framework for the static analysis and synthesis of layered attestation protocols,

enabling more robust and adaptable attestation mechanisms for dynamic systems. A key focus will be the

static verification of protocol correctness, ensuring the protocol behaves as intended and provides reliable

evidence of the underlying system state. A type system will be added to the Copland layered attestation

protocol description language to allow basic static checks, and extended static analysis techniques will be

developed to verify more complex properties of protocols for a specific target system. Further, protocol

synthesis will be explored, enabling the automatic generation of correct-by-construction protocols tailored to

system requirements.

In high dynamic-range environments, matched-filter radar performance is often sidelobe-limited with correlation error being fundamentally constrained by the TB of the collective emission. To contend with the regulatory necessity of spectral containment, the gradient-based complementary-FM framework was developed to produce complementary sidelobe cancellation (CSC) after coherently combining responses from distinct pulses from within a pulse-agile emission. In contrast to most complementary subsets, which were discovered via brute force under the notion of phase-coding, these comp-FM waveform subsets achieve CSC while preserving hardware compatibility since they are FM. Although comp-FM addressed a primary limitation of complementary signals (i.e., hardware distortion), CSC hinges on the exact reconstruction of autocorrelation terms to suppress sidelobes, from which optimality is broken for Doppler shifted signals. This work introduces a Doppler-generalized comp-FM (DG-comp-FM) framework that extends the cancellation condition to account for the anticipated unambiguous Doppler span after post-summing. While this framework is developed for use within a combine-before-Doppler processing manner, it can likewise be employed to design an entire coherent processing interval (CPI) to minimize range-sidelobe modulation (RSM) within the radar point-spread-function (PSF), thereby introducing the potential for cognitive operation if sufficient scattering knowledge is available a-priori. 

Some radar systems operate with multiple emitters, as in the case of Multiple-input-multiple-output (MIMO) radar. Whereas a single emitter must contend with the self-inflicted autocorrelation sidelobes, MIMO systems must likewise contend with the cross-correlation with coincident (in time and spectrum) emissions from other emitters. As such, the determination of "orthogonal waveforms" comprises a large portion of research within the MIMO space, with a small majority now recognizing that true orthogonality is not possible for band-limited signals (albeit, with the exclusion of TDMA). The notion of complementary-FM is proposed for exploration within a MIMO context, whereby coherently combining responses can achieve CSC as well as cross-correlation cancellation for a wide Doppler space. By effectively minimizing cross-correlation terms, this enables improved channel separation on receive as well as improved estimation capability due to reduced correlation error. Proposal items include further exploration/characterization of the space, incorporating an explicit spectral