Cyber Systems: Their Science, Engineering, and Security
Permanent URI for this collection
Browse
Recent Submissions
Item Mitigating Autonomous Vehicle GPS Spoofing Attacks through Scene Text Observations(2023-01-03) Troja, Erald; Debello, Joan; Yadav, Nikhil; Aliasgari, Mehrdad; Truong, Laura M.; Worden, JamesThis paper investigates both from an empirical and a systems-based perspective, how surrounding textual information can be leveraged towards the mitigation of Autonomous Vehicle (AV) and self-driving cars Global Positioning System (GPS) signal spoofing attacks. The paper presents and proposes methods of how AVs and self-driving cars can extract, as they travel along a trajectory, surrounding textual information through machine-learning based Scene Text Recognition (STR). The paper researches and proposes geospatial models which can be applied to the extracted textual information in order to build a text-based geolocation system for the purposes of validating the received GPS signal. The ultimate contribution of the paper is to lay the groundwork towards enhancing the Cybersecurity of the current and future Autonomous Vehicle and self-driving car ecosystem by addressing its Achilles heel, namely insecure and inaccurate geolocation due to GPS spoofing attacks.Item Verification of a Distributed Ledger Protocol for Distributed Autonomous Systems Using Monterey Phoenix(2023-01-03) Carter, Nickolas; Davis, Duane; Irvine, Cynthia; Pommer, PeterAutonomous multi-vehicle systems are becoming increasingly relevant in military operations and have demonstrated potential applicability in civilian environments as well. A problem emerges, however, when logging data within these systems. In particular, potential loss of individual vehicles and inherently lossy and noisy communications environments can result in the loss of important mission data. This paper describes a novel distributed ledger protocol that can be used to ensure that the data in such a system survives and documents verification of the behavioral correctness of this protocol using informal verification methods and tools provided by the Monterey Phoenix project.Item Introduction to the Minitrack on Cyber Systems: Their Science, Engineering, and Security(2023-01-03) Hale, Britta; Scrofani, James; Bollmann, ChadItem Defensive Cyber Maneuvers to Disrupt Cyber Attackers(2023-01-03) Mckneely, Jennifer; Sell, Tara; Straub, Kathleen; Thomas, Danielerimeter based defenses are limited in deterring and defeating cyberattacks. Multi-layered approaches are needed to provide robust cybersecurity and defend against Advanced Persistent Threats. Proactive defensive cyber actions can provide positional or temporal advantages over an adversary in the cognitive, technical, and physical domains. These actions comprise cyber maneuvers, which are implemented reconfigurations to a network that aim to make attackers more visible and detectable, impede attacker progress, and reduce attackers’ chances of mission success. Technical actions and response are the primary focus of most current cyber defense frameworks with little attention on adversary behavioral and cognitive effects. We describe the enhanced cyber maneuver framework which addresses cognitive and behavioral responses to cyber effects. We present experimental results that demonstrate the framework and a testing approach to collect supporting findings on the effects of cyber maneuvers.Item ODSS: A Ghidra-based Static Analysis Tool for Detecting Stack-Based Buffer Overflows(2023-01-03) Wikman, Eric; Nguyen, Thuy; Irvine, CynthiaTo reduce code exploitabilty, techniques for analyzing binaries for potential buffer overflow vulnerabilities are needed. One method is static analysis, which involves inspection of disassembled binaries to identify exploitable weaknesses in the program. Buffer overflows can occur in libc functions. Such functions can be referred to as vulnerable sinks. We present Overflow Detection from Sinks and Sources (ODSS), a script written for the Ghidra API to search for vulnerable sinks in a binary and to find the source of all the parameters used in each sink. We conduct static analysis of ten common libc functions using ODSS, and show that it is possible to both find overflow vulnerabilities associated with functions using stack-allocated strings and to determine the feasibility of a buffer overflow exploitation.