34 research outputs found
Making Mountains out of Molehills: Challenges for Implementation of Cross-Disciplinary Research in the Big Data Era
We present a “Researcher’s Hierarchy of Needs” (loosely based on Maslow’s Hierarchy of Needs) in the context of interdisciplinary research in a “big data” era. We discuss multiple tensions and difficulties that researchers face in today’s environment, some current efforts and suggested policy changes to address these shortcomings and present our vision of a future interdisciplinary ecosystem
Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin
In the Bitcoin system, participants are rewarded for solving cryptographic
puzzles. In order to receive more consistent rewards over time, some
participants organize mining pools and split the rewards from the pool in
proportion to each participant's contribution. However, several attacks
threaten the ability to participate in pools. The block withholding (BWH)
attack makes the pool reward system unfair by letting malicious participants
receive unearned wages while only pretending to contribute work. When two pools
launch BWH attacks against each other, they encounter the miner's dilemma: in a
Nash equilibrium, the revenue of both pools is diminished. In another attack
called selfish mining, an attacker can unfairly earn extra rewards by
deliberately generating forks. In this paper, we propose a novel attack called
a fork after withholding (FAW) attack. FAW is not just another attack. The
reward for an FAW attacker is always equal to or greater than that for a BWH
attacker, and it is usable up to four times more often per pool than in BWH
attack. When considering multiple pools - the current state of the Bitcoin
network - the extra reward for an FAW attack is about 56% more than that for a
BWH attack. Furthermore, when two pools execute FAW attacks on each other, the
miner's dilemma may not hold: under certain circumstances, the larger pool can
consistently win. More importantly, an FAW attack, while using intentional
forks, does not suffer from practicality issues, unlike selfish mining. We also
discuss partial countermeasures against the FAW attack, but finding a cheap and
efficient countermeasure remains an open problem. As a result, we expect to see
FAW attacks among mining pools.Comment: This paper is an extended version of a paper accepted to ACM CCS 201
Security and Interoperable Medical Device Systems, Part 2: Failures, Consequences and Classifications
Interoperable medical devices (IMDs) face threats due to the increased attack surface presented by interoperability and the corresponding infrastructure. Introducing networking and coordination functionalities fundamentally alters medical systems\u27 security properties. Understanding the threats is an important first step in eventually designing security solutions for such systems. Part 2 of this two-part article defines a failure model, or the specific ways in which IMD environments might fail when attacked. An attack-consequences model expresses the combination of failures experienced by IMD environments for each attack vector. This analysis leads to interesting conclusions about regulatory classes of medical devices in IMD environments subject to attacks
Functional Alarms for Systems of Interoperable Medical Devices
Alarms are essential for medical systems in order to ensure patient safety during deteriorating clinical situations and inevitable device malfunction. As medical devices are connected together to become interoperable, alarms become crucial part in making them high-assurance, in nature. Traditional alarm systems for interoperable medical devices have been patient-centric. In this paper, we introduce the need for an alarm system that focuses on the correct functionality of the interoperability architecture itself, along with several considerations and design challenges in enabling them
An Extended Survey on Vehicle Security
The advanced electronic units with wireless capabilities inside modern
vehicles have, enhanced the driving experience, but also introduced a myriad of
security problems due to the inherent limitations of the internal communication
protocol. In the last two decades, a number of security threats have been
identified and accordingly, security measures have been proposed. In this
paper, we provide a comprehensive review of security threats and
countermeasures for the ubiquitous CAN bus communication protocol. Our review
of the existing literature leads us to a observation of an overlooked simple,
cost-effective, and incrementally deployable solution. Essentially, a reverse
firewall, referred to in this paper as an icewall, can be an effective defense
against a major class of packet-injection attacks and many denial of service
attacks. We cover the fundamentals of the icewall in this paper. Further, by
introducing the notion of human-in-the-loop, we discuss the subtle implications
to its security when a human driver is accounted for
Security and Interoperable Medical Device Systems: Part 1
Interoperable medical devices (IMDs) face threats due to the increased attack surface presented by interoperability and the corresponding infrastructure. Introducing networking and coordination functionalities fundamentally alters medical systems\u27 security properties. Understanding the threats is an important first step in eventually designing security solutions for such systems. Part 1 of this two-part article provides an overview of the IMD environment and the attacks that can be mounted on it
Requirement Engineering for Functional Alarm System for Interoperable Medical Devices
This paper addresses the problem of high-assurance operation for medical cyber-physical systems built from interoperable medical devices. Such systems are diferent from most cyber-physical systems due to their plug-and-play nature: they are assembled as needed at a patient\u27s bedside according to a specification that captures the clinical scenario and required device types. We need to ensure that such a system is assembled correctly and operates according to its specification. In this regard, we aim to develop an alarm system that would signal interoperability failures. We study how plug-and-play interoperable medical devices and systems can fail by means of hazard analysis that identify hazardous situations that are unique to interoperable systems. The requirements for the alarm system are formulated as the need to detect these hazardous situations. We instantiate the alarm requirement generation process through a case-study involving an interoperable medical device setup for airway-laser surgery
Rationale and Architecture Principles for Medical Application Platforms
The concept of “system of systems” architecture is increasingly prevalent in many critical domains. Such systems allow information to be pulled from a variety of sources, analyzed to discover correlations and trends, stored to enable realtime and post-hoc assessment, mined to better inform decisionmaking, and leveraged to automate control of system units. In contrast, medical devices typically have been developed as monolithic stand-alone units. However, a vision is emerging of a notion of a medical application platform (MAP) that would provide device and health information systems (HIS) interoperability, safety critical network middleware, and an execution environment for clinical applications (“apps”) that offer numerous advantages for safety and effectiveness in health care delivery.
In this paper, we present the clinical safety/effectiveness and economic motivations for MAPs, and describe key characteristics of MAPs that are guiding the search for appropriate technology, regulatory, and ecosystem solutions. We give an overview of the Integrated Clinical Environment (ICE) – one particular achitecture for MAPs, and the Medical Device Coordination Framework – a prototype implementation of the ICE architecture
Hypersparse Traffic Matrix Construction using GraphBLAS on a DPU
Low-power small form factor data processing units (DPUs) enable offloading
and acceleration of a broad range of networking and security services. DPUs
have accelerated the transition to programmable networking by enabling the
replacement of FPGAs/ASICs in a wide range of network oriented devices. The
GraphBLAS sparse matrix graph open standard math library is well-suited for
constructing anonymized hypersparse traffic matrices of network traffic which
can enable a wide range of network analytics. This paper measures the
performance of the GraphBLAS on an ARM based NVIDIA DPU (BlueField 2) and, to
the best of our knowledge, represents the first reported GraphBLAS results on a
DPU and/or ARM based system. Anonymized hypersparse traffic matrices were
constructed at a rate of over 18 million packets per second