The CEDAR lab is proud to announce the 2022 Poster Symposium. We are excited to share
our research with you and we hope you will share your work with us! We encourage all
interested presenters to check out our Call for Submissions below. Presentations will
be open to the public, alongside light refreshments and snacks.
* This event is free and open to the public. While reservations are not required, we we ask that you please take a short moment to let us know that you're coming by filling out our simple RSVP Form.
Authors: Alicia Thoney, Allyson Hays, Calvin VanWormer, Francis Korsah, Jenna Goodrich, Marc
Wodahl, Shawna Wolf, William Frost Project Lead: Alicia Thoney Advisor: Dr. Mike Borowczak Abstract: Due to the staggering cost of cyber-crime, industry professionals that fail to monitor
and understand their infrastructure risk millions of dollars and gamble the future
of their company. Our team researched cyber threat intelligence (CTI) data feeds and
data visualization techniques to build a web application that compiles and displays
vulnerabilities associated with a specific software configuration. Our initial functionality
utilizes the Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited
Vulnerability database to graphically display CTI. This display leverages Structured
Threat Information Expression (STIX), a ubiquitous and digestible CTI language (which
encourages relevance to a wide range of researchers). Future research aims to enrich
STIX graphs and provide a personalized experience based on an organization's infrastructure.
TIA: Threat Information for your Most Severe Vulnerabilities
Authors: Rafer Cooley, Taylor McCampbell Project Lead: Rafer Cooley Advisor: Dr. Mike Borowczak Abstract: New malware programs have been known to evade defenses for some period of time until
some event causes the malware to be evaluated and indexed by antivirus programs. After
this event malware authors often use standard evasion techniques such as binary packing,
encryption, null-string addition or control flow manipulation. The goal of this project
is to evaluate the initial variant of a malware program then generate a library of
indicators that will be able to detect any future versions of the malware sample.Predicting and Detecting Future Malware Variants
Group Members: Shawna Wolf, Dr. Mike Borowczak, Alicia Thoney, Andey Robins, Natasha Miller, Francis Korsah, Kellen
Mentock, Marc Wodahl Project Lead: Shawna Wolf Advisor: Mike Borowczak Abstract: Every summer since 2015, The University of Wyoming has hosted a week-long cross-collaborative
science/art summer camp for 80 upcoming 5th and 6th graders called The Artful Craft
of Science (TACoS). Throughout each day of camp, attendees rotate through a variety
of STEM-themed sections, including a 5-day introduction to computer science. Adaptations
to course content delivery were necessary in 2020 and 2021 due to COVID-19. During
those years, TACoS was moved to a fully virtual, asynchronous format. In 2022, the
camp was still available asynchronously, but attendees were able to attend person.
Over these past three summers, attention was given to improving video quality. In
2020, lessons were presented in five long, single-shot videos, showing the instructor
going through course content and explaining concepts. In 2021, graphics and music
were added to videos to present concepts in a visual way, and to break up long sections
of explaining concepts. Improvement in video content between 2020 and 2021 could have
encouraged more participation, increased retention, and higher student engagement
throughout the 2021 camp. Videos in 2022 maintained higher quality video standards.
Additionally, rather than having one long video per day, each day was divided into
multiple 2- to 3-minute videos. Qualitative analysis for 2022 videos is in progress.
Improving CS Outreach Events in the A/synchronous Era
Authors: Clay Carper, Andey Robins, Dr. Mike Borowczak Project Lead: Clay Carper Advisor: Dr. Mike Borowczak Abstract: Modern embedded systems are ever present within our daily lives. Such devices remain
vulnerable to Differential Power Analysis via side-channel attacks, which provide
a powerful and flexible framework for exfiltrating valuable information. This work
applies these principles with respect to determining properties of the underlying
finite state machine dictating code execution on a STM32F030 microcontroller. A K-nearest
neighbors classification model is used to determine the order of state transitions
within the finite state machine with a maximum accuracy of 81% over 256 different
classes. A second experiment was performed to evaluate the effect of dimensionality
on the classification accuracy and found an ability to classify with an accuracy over
95% in classes with 32 elements and perfectly classify between only two classes. Results
validate the need for protections against power-based side-channel attacks when sensitive
information is handled by FSM-controlled components.Transition Recovery Attack on Embedded State Machines Using Power Analysis
Authors: Clay Carper, Melanie Griffith Project Lead: Clay Carper Advisor: Dr. Mike Borowczak Abstract: This poster goes over the hardware implementations that were done over the summer.
It explains how buttons and a segmented display were driven using a target board and
how those components went into making a pin checking functionality. First this poster
will provide some background information about the project and then states the challenges
of integrating the hardware components. Next it goes over how including the buttons
and display was first tested on other boards and then sent via JTAG to the target
board. Finally, the poster presents the results and goes over work and challenges
that will be addressed in the future.Hermes: Side-Channel Attacks on Hardware Wallets
Authors: Clay Carper, Melanie Griffith, Caylie Charlton Project Lead: Clay Carper Advisor: Dr. Mike Borowczak Abstract: This poster goes over the goals for what we would like to achieve over this academic
year. The poster starts with a brief background statement about why the reader should
be interested in this project and why it is important. Then it goes on to talk about
the current setup of the xyz bed and the downfalls of such a setup. Next, the poster
goes on to identify the problem statement and what we would like to change about the
setup. The proposed method of how the digital control system will work is listed out
and explained. Finally, the project goes over the work that we will need to put in
over the upcoming months.Hermes: Locating a Target Chip Using Digital Controls
Authors: Jarek Brown Project Lead: Jarek Brown Mentors: Clay Carper, Shaya Wolf, Rafer Cooley Advisor: Dr. Mike Borowczak Abstract: The Secure, Heterogeneous, Autonomous, and Rotational Knowledge for Swarms (SHARKS)
protocol investigates distributed algorithms for swarm movement patterns. The drones
in any given swarm have restrained compute resources and little memory, so developing
efficient behaviors is necessary for the agents to work within these restrictions.
In addition to positioning behaviors, this project investigates safety protocols to
protect the swarm from adversarial swarms and environmental obstacles. Current research
aims to implement the protocol in physical hardware. This next step will begin with
two wheeled drones operating in 2-D, with aerial drones being the desired end goal. Secure, Heterogeneous, Autonomous, and Rotational Knowledge for Swarms (SHARKS)
Authors: Kegan McIlwaine, Stone Olguin, James Caldwell Project Lead: Kegan McIlwaine Advisor: Dr. James Caldwell Abstract: Faustus is a formally verified extension of the smart contract programming language
Marlowe. Marlowe itself is implemented in Haskell as a deeply embedded Domain Specific
Language (DSL). Parameterized contracts provided in Faustus extend the language features
in Marlowe to provide the means to compactly represent a large class of Marlowe contracts,
and make Marlowe contracts more readable by eliminating duplicated code. We have developed
the syntax, typing rules, and formal small-step semantics for Faustus. We have also
implemented a compiler mapping Faustus programs to Marlowe programs, and proved the
compiler correct with respect to the semantics of the two languages.The Faustus Programming Language
EEG-2FA: One Step, Seamless Two Factor Authentication using Concealable EEG Signals
Secret-Agent: Behavioral-Biometric Continuous Authentication
Authors: Dr. Hui Hu, Jessa Gegax-Randazzo, Clay Carper Project Lead: Dr. Hui Hu Advisor: Dr. Mike Borowczak Abstract: Recent studies have shown the internal structure of a deep neural network is easily
inferred via side-channel power attacks in the training process. To address this pressing
privacy issue, we propose TP-NET, a novel solution for training privacy-preserving
deep neural networks under side-channel power attacks. The main idea of TP-NET is
to introduce randomness into the internal structure of a deep neural network and the
training process.TP-Net: Training Privacy-Preserving Deep Neural Networks Under Side-Channel Power
Attacks
Authors: Taylor McCampbell, Will Brant Project Lead: Taylor McCampbell and Will Brant Advisor: N/A Abstract: The Machine Learning and Artificial Intelligence Pipeline is utilized more each day.
However, its broad acceptance poses risks provided that an attacker can find vulnerabilities.
The team will focus on testing and modeling the vulnerabilities of CUDA (Compute Unified
Device Architecture) on Nvidia Jetson NanosTM. If the Nanos are proven vulnerable
through CUDA privilege escalation, any GPU using CUDA will therefore be proven vulnerable.
Additionally, the researchers will also analyze pipelines like Hugging Face and TensorFlow
for exploitable opportunities. The team will focus on developing reproducible methods
of privilege escalation. Tactics utilized will include fuzzing input data for segmentation
faults and designing models that make segmentation faults controllable.
Red Teaming Artificial Intelligence
Authors: Shaya Wolf Project Leadership: Mike Borowczak, Rita Foster, Jed Haile Abstract: Machine learning applications, while ubiquitous, integrate vulnerabilities into various
systems that rely on pattern detection tactics. Securing such systems requires intimate
knowledge of the data flows and the models. This work includes four projects, two
focused on machine learning attacks using academic-centric data, and two focused on
securing machine learning models in industry settings. These projects rely on data
typing, specified data sources, efficient data management, and thorough data validation,
known as four of the nine machine learning pillars developed by Idaho National Laboratory.
Securing Machine Learning Models for Trustworthiness
Authors: Clay Carper, Stone Olguin Project Lead: Clay Carper Advisor: Dr. Mike Borowczak Abstract: Statistical analysis methods for side-channel attacks are fairly limited. Testing
side channel is through Test Vector Leakage Assessment (TVLA). The importance of TVLA
is to show whether side channel attacks can get data from the cryptographic device
in question. The three major methods used currently are the Pearson Chi-square test,
Pearson's correlation coefficient and Welch's t-test for testing differences of means.
We aim to generate data for validating current statistical methods and to explore
alternate methods for testing statistical hypotheses.Finding Statistical Differences in Devices Through Leakage
Authors: Clay Carper, Andey Robins Project Lead: Clay Carper Advisor: Dr. Mike Borowczak Abstract: Kraken, a cyrptocurrency exchange, sponsored a 16-hour camp for middle school aged
students to learn about blockchain and cryptocurrency. We designed and executed a
camp structured around game-based learning strategies that taught students about encryption,
consensus, trust, simple blockchain elements, and other similar concepts. The camp
concluded with a multi-stage puzzle game called "Blockchain Murder Mystery".Middle School Students Learn Basic Blockchain Concepts
Group Members: INL Team of Experts, A Boise State University Senior-to-Master Student Project Leadership: Shaya Wolf, Rita Foster, Jed Haile Advisor: Mike Borowczak Abstract: New-age industrial architectures for systems and processes require new-age security
solutions. While advancements have been made in maintaining networks without inherently
trusting agents, zero-trust architectures have yet to permeate industrial internet
of things (IIoT) devices. This project is looking for a senior looking to master in
cybersecurity and would provide funding for them to explore zero-trust IIoT systems
while partnering with Idaho National Laboratory. This multidisciplinary project will
give such a student the opportunity to work with experts in the field, collaborate
with students from Boise State University, and work with CEDAR alumni.
Zero Trust Industrial Internet of Things Applications
This year's CEDAR Symposium is open to all presenters affiliated with UW. Presentations should have something to do with cybersecurity; this can be cybersecurity research, policy, educational outreach, etc. Attendees are encouraged to present either full posters (standard 4x3 size), or half posters for works in progress (2x3 size). Poster templates will be provided; we will print posters for presenters that use these templates.
The Symposium will also include a digital component, so presenters should be prepared to submit a video of their presentation, which will be made available for online viewing. More details will be provided.
Those interested in presenting at the symposium should fill out the Poster Presentation Call for Submissions form by midnight on October 10, 2022.
Submit Poster Presentation Call for Submissions Form by October 10, 2022
Rolling acceptance notifications starting October 5, 2022
Final posters and video materials due by October 19, 2022