Interrogating Virtual Agents: In Quest of Security Vulnerabilities

BACKGROUND Cybersecurity risks in healthcare systems have traditionally been measured in data breaches of protected health information but compromised medical devices and critical medical infrastructure raises questions about the risks of disrupted patient care. The increasing prevalence of these connected medical devices and systems implies that these risks are growing. OBJECTIVE This paper details the development and execution of three novel high fidelity clinical simulations designed to teach clinicians to recognize, treat, and prevent patient harm from vulnerable medical devices. METHODS Clinical simulations were developed which incorporated patient care scenarios with hacked medical devices based on previously researched security vulnerabilities. RESULTS Clinician participants universally failed to recognize the etiology of their patient’s pathology as being the result of a compromised device. CONCLUSIONS Simulation can be a useful tool in educating clinicians in this new, critically important patient safety space.

Download Full-text

Hardware Information Flow Tracking

ACM Computing Surveys ◽

10.1145/3447867 ◽

2021 ◽

Vol 54 (4) ◽

pp. 1-39

Author(s):

Wei Hu ◽

Armaiti Ardeshiricham ◽

Ryan Kastner

Keyword(s):

Access Control ◽

Computer Security ◽

Information Flow ◽

Hardware Security ◽

Computing System ◽

Security Vulnerabilities ◽

Information Flow Tracking ◽

Side Channels ◽

Security Properties ◽

Tools And Techniques

Information flow tracking (IFT) is a fundamental computer security technique used to understand how information moves through a computing system. Hardware IFT techniques specifically target security vulnerabilities related to the design, verification, testing, manufacturing, and deployment of hardware circuits. Hardware IFT can detect unintentional design flaws, malicious circuit modifications, timing side channels, access control violations, and other insecure hardware behaviors. This article surveys the area of hardware IFT. We start with a discussion on the basics of IFT, whose foundations were introduced by Denning in the 1970s. Building upon this, we develop a taxonomy for hardware IFT. We use this to classify and differentiate hardware IFT tools and techniques. Finally, we discuss the challenges yet to be resolved. The survey shows that hardware IFT provides a powerful technique for identifying hardware security vulnerabilities, as well as verifying and enforcing hardware security properties.

Download Full-text

Security Threat Analyses and Attack Models for Approximate Computing Systems

ACM Transactions on Design Automation of Electronic Systems ◽

10.1145/3442380 ◽

2021 ◽

Vol 26 (4) ◽

pp. 1-31

Author(s):

Pruthvy Yellu ◽

Landon Buell ◽

Miguel Mark ◽

Michel A. Kinsy ◽

Dongpeng Xu ◽

...

Keyword(s):

Error Resilience ◽

Security Threats ◽

Approximate Computing ◽

Security Threat ◽

Security Vulnerabilities ◽

Computing Systems ◽

Quantitative Analyses ◽

Resilience Mechanisms ◽

The Impact ◽

Attack Models

Approximate computing (AC) represents a paradigm shift from conventional precise processing to inexact computation but still satisfying the system requirement on accuracy. The rapid progress on the development of diverse AC techniques allows us to apply approximate computing to many computation-intensive applications. However, the utilization of AC techniques could bring in new unique security threats to computing systems. This work does a survey on existing circuit-, architecture-, and compiler-level approximate mechanisms/algorithms, with special emphasis on potential security vulnerabilities. Qualitative and quantitative analyses are performed to assess the impact of the new security threats on AC systems. Moreover, this work proposes four unique visionary attack models, which systematically cover the attacks that build covert channels, compensate approximation errors, terminate normal error resilience mechanisms, and propagate additional errors. To thwart those attacks, this work further offers the guideline of countermeasure designs. Several case studies are provided to illustrate the implementation of the suggested countermeasures.

Download Full-text

Investigating Trust in Interaction with Inconsistent Embodied Virtual Agents

International Journal of Social Robotics ◽

10.1007/s12369-021-00747-z ◽

2021 ◽

Author(s):

Reza Moradinezhad ◽

Erin T. Solovey

Keyword(s):

Virtual Agents

Download Full-text

The Matter of Chance: Auditing Web Search Results Related to the 2020 U.S. Presidential Primary Elections Across Six Search Engines

Social Science Computer Review ◽

10.1177/08944393211006863 ◽

2021 ◽

pp. 089443932110068

Author(s):

Aleksandra Urman ◽

Mykola Makhortykh ◽

Roberto Ulloa

Keyword(s):

Search Engine ◽

Search Engines ◽

Large Scale ◽

Web Search ◽

Primary Elections ◽

Virtual Agents ◽

Search Results ◽

Presidential Primary ◽

Large Scale Analysis ◽

Algorithmic Information

We examine how six search engines filter and rank information in relation to the queries on the U.S. 2020 presidential primary elections under the default—that is nonpersonalized—conditions. For that, we utilize an algorithmic auditing methodology that uses virtual agents to conduct large-scale analysis of algorithmic information curation in a controlled environment. Specifically, we look at the text search results for “us elections,” “donald trump,” “joe biden,” “bernie sanders” queries on Google, Baidu, Bing, DuckDuckGo, Yahoo, and Yandex, during the 2020 primaries. Our findings indicate substantial differences in the search results between search engines and multiple discrepancies within the results generated for different agents using the same search engine. It highlights that whether users see certain information is decided by chance due to the inherent randomization of search results. We also find that some search engines prioritize different categories of information sources with respect to specific candidates. These observations demonstrate that algorithmic curation of political information can create information inequalities between the search engine users even under nonpersonalized conditions. Such inequalities are particularly troubling considering that search results are highly trusted by the public and can shift the opinions of undecided voters as demonstrated by previous research.

Download Full-text

Automatic Vulnerability Detection in Embedded Devices and Firmware

ACM Computing Surveys ◽

10.1145/3432893 ◽

2021 ◽

Vol 54 (2) ◽

pp. 1-42

Author(s):

Abdullah Qasem ◽

Paria Shirani ◽

Mourad Debbabi ◽

Lingyu Wang ◽

Bernard Lebel ◽

...

Keyword(s):

Embedded Systems ◽

Symbolic Execution ◽

Vital Role ◽

Security And Privacy ◽

Embedded Devices ◽

Security Vulnerabilities ◽

Future Directions ◽

Hybrid Approaches ◽

Wide Range ◽

The Internet Of Things

In the era of the internet of things (IoT), software-enabled inter-connected devices are of paramount importance. The embedded systems are very frequently used in both security and privacy-sensitive applications. However, the underlying software (a.k.a. firmware) very often suffers from a wide range of security vulnerabilities, mainly due to their outdated systems or reusing existing vulnerable libraries; which is evident by the surprising rise in the number of attacks against embedded systems. Therefore, to protect those embedded systems, detecting the presence of vulnerabilities in the large pool of embedded devices and their firmware plays a vital role. To this end, there exist several approaches to identify and trigger potential vulnerabilities within deployed embedded systems firmware. In this survey, we provide a comprehensive review of the state-of-the-art proposals, which detect vulnerabilities in embedded systems and firmware images by employing various analysis techniques, including static analysis, dynamic analysis, symbolic execution, and hybrid approaches. Furthermore, we perform both quantitative and qualitative comparisons among the surveyed approaches. Moreover, we devise taxonomies based on the applications of those approaches, the features used in the literature, and the type of the analysis. Finally, we identify the unresolved challenges and discuss possible future directions in this field of research.

Download Full-text

A Robot Operating System Framework for Secure UAV Communications

Sensors ◽

10.3390/s21041369 ◽

2021 ◽

Vol 21 (4) ◽

pp. 1369

Author(s):

Hyojun Lee ◽

Jiyoung Yoon ◽

Min-Seong Jang ◽

Kyung-Joon Park

Keyword(s):

Operating System ◽

Unmanned Aerial Vehicles ◽

Ground Control ◽

Unmanned Aerial System ◽

Security Framework ◽

Security Vulnerabilities ◽

Robot Operating System ◽

Security Issues ◽

Aerial Vehicles ◽

Ground Control Station

To perform advanced operations with unmanned aerial vehicles (UAVs), it is crucial that components other than the existing ones such as flight controller, network devices, and ground control station (GCS) are also used. The inevitable addition of hardware and software to accomplish UAV operations may lead to security vulnerabilities through various vectors. Hence, we propose a security framework in this study to improve the security of an unmanned aerial system (UAS). The proposed framework operates in the robot operating system (ROS) and is designed to focus on several perspectives, such as overhead arising from additional security elements and security issues essential for flight missions. The UAS is operated in a nonnative and native ROS environment. The performance of the proposed framework in both environments is verified through experiments.

Download Full-text

Identifying Security Vulnerabilities Early in the ECU Software Development Lifecycle

10.4271/2017-01-1657 ◽

2017 ◽

Cited By ~ 1

Author(s):

Jesse Edwards ◽

Ameer Kashani

Keyword(s):

Software Development ◽

Security Vulnerabilities ◽

Development Lifecycle ◽

Software Development Lifecycle

Download Full-text