Search For:

Displaying 1-24 out of 24 total
Why Do Street-Smart People Do Stupid Things Online?
Found in: IEEE Security and Privacy
By Sergey Bratus, Chris Masone, Sean W. Smith
Issue Date:May 2008
pp. 71-74
The current epidemic of poor trust decisions by users online is largely due to flaws in GUIs that train the users away from using real-world security intuitions. The authors propose a principle for GUI designers that will help them avoid such design mistak...
Hacker Curriculum : How Hackers Learn Networking
Found in: IEEE Distributed Systems Online
By Sergey Bratus
Issue Date:October 2007
pp. 2
This two-part article discusses the factors distinguishing the hacker culture from the IT industry and traditional academia, using networking examples. This first part describes the starting points of the hackers' approach to layered computer systems.
Hacker Curriculum: How We Can Use It in Teaching
Found in: IEEE Distributed Systems Online
By Sergey Bratus, Christopher Masone
Issue Date:November 2007
pp. 2
This month's essay examines how to use elements of hacking experience in the regular computer science curriculum. The authors describe an architecture for a simulated computer network on which students can safely perform assignments.
Beyond Planted Bugs in "Trusting Trust": The Input-Processing Frontier
Found in: IEEE Security & Privacy
By Sergey Bratus,Trey Darley,Michael Locasto,Meredith L. Patterson,Rebecca bx Shapiro,Anna Shubina
Issue Date:January 2014
pp. 83-87
Big data is changing the landscape of security tools for network monitoring, security information and event management, and forensics; however, in the eternal arms race of attack and defense, security researchers must keep exploring novel ways to mitigate ...
A Patch for Postel's Robustness Principle
Found in: IEEE Security and Privacy
By Len Sassaman,Meredith L. Patterson,Sergey Bratus
Issue Date:March 2012
pp. 87-91
Jon Postel's Robustness Principle played a fundamental role in how Internet protocols were designed and implemented. Its influence went far beyond direct application by Internet Engineering Task Force (IETF) designers, as generations of programmers learned...
Api-do: Tools for Exploring the Wireless Attack Surface in Smart Meters
Found in: Hawaii International Conference on System Sciences
By Travis Goodspeed,Sergey Bratus,Ricky Melgares,Ryan Speers,Sean W. Smith
Issue Date:January 2012
pp. 2133-2140
Security will be critical for the wireless interface offered by soon-to-be-ubiquitous smart meters -- since if not secure, this technology will provide an remotely accessible attack surface distributed throughout many homes and businesses. However, history...
On Tuning the Knobs of Distribution-Based Methods for Detecting VoIP Covert Channels
Found in: Hawaii International Conference on System Sciences
By Chrisil Arackaparambil,Guanhua Yan,Sergey Bratus,Alper Caglayan
Issue Date:January 2012
pp. 2431-2440
We study the parameters (knobs) of distribution-based anomaly detection methods, and how their tuning affects the quality of detection. Specifically, we analyze the popular entropy-based anomaly detection in detecting covert channels in Voice over IP (VoIP...
Distributed monitoring of conditional entropy for anomaly detection in streams
Found in: Parallel and Distributed Processing Workshops and PhD Forum, 2011 IEEE International Symposium on
By Chrisil Arackaparambil,Sergey Bratus,Joshua Brody,Anna Shubina
Issue Date:April 2010
pp. 1-8
In this work we consider the problem of monitoring information streams for anomalies in a scalable and efficient manner. We study the problem in the context of network streams where the problem has received significant attention.
Bickering In-Depth: Rethinking the Composition of Competing Security Systems
Found in: IEEE Security and Privacy
By Michael E. Locasto, Sergey Bratus, Brian Schulte
Issue Date:November 2009
pp. 77-81
A wide variety of security software competes for control of desktops, servers, and handhelds. Competition for control over a system's security posture can leave systems mired in a performance tar pit and subvert the very security they were meant to provide...
The Kerf Toolkit for Intrusion Analysis
Found in: IEEE Security and Privacy
By Javed Aslam, Sergey Bratus, David Kotz, Ron Peterson, Brett Tofel, Daniela Rus
Issue Date:November 2004
pp. 42-52
To aid system administrators with post-attack intrusion analysis, the Kerf toolkit provides an integrated front end and powerful correlation and data-representation tools, all in one package.
From MAP to DIST: The Evolution of a Large-Scale WLAN Monitoring System
Found in: IEEE Transactions on Mobile Computing
By Keren Tan,Chris McDonald,Bennet Vance,Chrisil Arackaparambil,Sergey Bratus,David Kotz
Issue Date:January 2014
pp. 216-229
The edge of the Internet is increasingly becoming wireless. Therefore, monitoring the wireless edge is important to understanding the security and performance aspects of the Internet experience. We designed and implemented a large-scale WLAN monitoring sys...
Avoiding a War on Unauthorized Computation
Found in: IEEE Security & Privacy
By Sergey Bratus,Anna Shubina
Issue Date:March 2013
pp. 83-88
Any attempt to regulate—or, indeed, legally define—exploits will cause irreparable harm to both coder freedoms and consumer systems' trustworthiness. It will reduce the sum of our knowledge about how systems can and cannot behave&...
Katana: A Hot Patching Framework for ELF Executables
Found in: Availability, Reliability and Security, International Conference on
By Ashwin Ramaswamy, Sergey Bratus, Sean W. Smith, Michael E. Locasto
Issue Date:February 2010
pp. 507-512
Despite advances in software modularity, security, and reliability,offline patching remains the predominant form of updating or protecting commodity software. Unfortunately, the mechanics of hot patching (the process of upgrading a program while it execute...
Pastures: Towards Usable Security Policy Engineering
Found in: Availability, Reliability and Security, International Conference on
By Sergey Bratus, Alex Ferguson, Doug McIlroy, Sean Smith
Issue Date:April 2007
pp. 1052-1059
Whether a particular computing installation meets its security goals depends on whether the administrators can create a policy that expresses these goals?security in practice requires effective policy engineering. We have found that the reigning SELinux mo...
Semi-supervised Data Organization for Interactive Anomaly Analysis.
Found in: Machine Learning and Applications, Fourth International Conference on
By Javed Aslam, Sergey Bratus, Virgil Pavlu
Issue Date:December 2006
pp. 55-62
We consider the problem of interactive iterative analysis of datasets that consist of a large number of records represented as feature vectors. The record set is known to contain a number of anomalous records that the analyst desires to locate and describe...
The diversity of TPMs and its effects on development: a case study of integrating the TPM into OpenSolaris
Found in: Proceedings of the fifth ACM workshop on Scalable trusted computing (STC '10)
By Anna Shubina, Sean W. Smith, Sergey Bratus, Wyllys Ingersol
Issue Date:October 2010
pp. 85-90
Broad adoption of secure programming primitives such as the TPM can be hurt by programmer confusion regarding the nature and representation of failures when using a primitive. Conversely, a clear understanding of the primitive's failure modes is essential ...
VM-based security overkill: a lament for applied systems security research
Found in: Proceedings of the 2010 workshop on New security paradigms (NSPW '10)
By Ashwin Ramaswamy, Michael E. Locasto, Sean W. Smith, Sergey Bratus
Issue Date:September 2010
pp. 51-60
Virtualization has seen a rebirth for a wide variety of uses; in our field, systems security researchers routinely use it as a standard tool for providing isolation and introspection. Researchers' use of virtual machines has reached a level of orthodoxy th...
On the reliability of wireless fingerprinting using clock skews
Found in: Proceedings of the third ACM conference on Wireless network security (WiSec '10)
By Anna Shubina, Chrisil Arackaparambil, David Kotz, Sergey Bratus
Issue Date:March 2010
pp. 169-174
Determining whether a client station should trust an access point is a known problem in wireless security. Traditional approaches to solving this problem resort to cryptography. But cryptographic exchange protocols are complex and therefore induce potentia...
Teaching the principles of the hacker curriculum to undergraduates
Found in: Proceedings of the 41st ACM technical symposium on Computer science education (SIGCSE '10)
By Anna Shubina, Michael E. Locasto, Sergey Bratus
Issue Date:March 2010
pp. 122-126
The "Hacker Curriculum" exists as a mostly undocumented set of principles and methods for learning about information security. Hacking, in our view, is defined by the ability to question the trust assumptions in the design and implementation of computer sy...
The cake is a lie: privilege rings as a policy resource
Found in: Proceedings of the 1st ACM workshop on Virtual machine security (VMSec '09)
By Ashwin Ramaswamy, Michael E. Locasto, Peter C. Johnson, Sean W. Smith, Sergey Bratus
Issue Date:November 2009
pp. 33-38
Components of commodity OS kernels typically execute at the same privilege level. Consequently, the compromise of even a single component undermines the trustworthiness of the entire kernel and its ability to enforce separation between user-level processes...
Using domain knowledge for ontology-guided entity extraction from noisy, unstructured text data
Found in: Proceedings of The Third Workshop on Analytics for Noisy Unstructured Text Data (AND '09)
By Anna Rumshisky, Paul Thompson, Rajendra Magar, Sergey Bratus
Issue Date:July 2009
pp. 1-32
Domain-specific knowledge is often recorded by experts in the form of unstructured text. For example, in the medical domain, clinical notes from electronic health records contain a wealth of information. Similar practices are found in other domains. The ch...
Traps, events, emulation, and enforcement: managing the yin and yang of virtualization-based security
Found in: Proceedings of the 1st ACM workshop on Virtual machine security (VMSec '08)
By Ashwin Ramaswamy, Michael E. Locasto, Sean W. Smith, Sergey Bratus
Issue Date:October 2008
pp. 53-62
We question current trends that attempt to leverage virtualization techniques to achieve security goals. We suggest that the security role of a virtual machine centers on being a policy interpreter rather than a resource provider. These two roles (security...
Active behavioral fingerprinting of wireless devices
Found in: Proceedings of the first ACM conference on Wireless network security (WiSec '08)
By Cory Cornelius, Daniel Peebles, David Kotz, Sergey Bratus
Issue Date:March 2008
pp. 1-1
We propose a simple active method for discovering facts about the chipset, the firmware or the driver of an 802.11 wireless device by observing its responses (or lack thereof) to a series of crafted non-standard or malformed 802.11 frames. We demonstrate t...
On sampling generating sets of finite groups and product replacement algorithm: extended abstract
Found in: Proceedings of the 1999 international symposium on Symbolic and algebraic computation (ISSAC '99)
By Igor Pak, Sergey Bratus
Issue Date:July 1999
pp. 91-96
This paper defines and presents a method of inheritance for structures that are defined by rewrite rules. This method is natural in the sense that it can be easily and cleanly implemented in rewrite rules themselves. This framework of inheritance is not th...