Aron Laszka
Projects
Publications Teaching CV
Projects
Ongoing projects
Bug-bounty programs
Ratio of valid vulnerability reports can be very low, even on bug-bounty platforms.

Despite significant progress in software-engineering practices, most software products remain insecure. At the same time, the consumer and business information handled by these software products is growing in importance and monetization potential, which triggers significant privacy and security concerns. In response to these challenges, companies are increasingly harvesting the effort and knowledge of external (ethical) security researchers through bug-bounty programs. These programs allow security researchers, so-called white hats, to evaluate the security of a software or service within a set of predefined rules. White hats are encouraged to submit reports of potential vulnerabilities, which will be rewarded by the company after validation. The benefits of these programs are at least twofold. First, the companies’ products are examined by the large and diverse population of white hats, which would be prohibitively expensive to employ directly. Second, the public nature of the majority of these programs can signal to third parties that the company is committed towards continual security improvements.

However, this public nature also poses a challenge since virtually anyone can participate, and companies may be overwhelmed by myriads of low-value reports. In fact, bug-bounty platforms acknowledge that the key challenge “companies face in running a public program at scale is managing noise, or the proportion of low-value reports they receive.” These low-value reports include both invalid reports (i.e., non-existing or out-of-scope vulnerabilities) and duplicates (i.e., vulnerabilities that have already been reported), and they often stem from misaligned incentives and misallocation of effort.

Our goal is to improve the efficiency of bug-bounty programs. In this project,

  • we study the incentives of white hats and companies, and introduce novel policies that reduce noise and increase the number of valid reports;
  • we analyze the rulesets of existing programs, identify which elements have contributed to the programs' success, and develop guidelines for creating successful programs;
  • we study bug-bounty programs as a form of crowdsourced vulnerability discovery, and introduce novel policies for better allocation of the white hats' effort;
  • based on vulnerability-report datasets from public programs, we analyze the vulnerability discovery process followed by white hats, studying the role of human behavior and error.
Blockchains for transactive energy
Power grids are undergoing major changes due to rapid growth in renewable energy resources, such as wind and solar power.

Due to rapid growth in renewable energy resources and improvements in battery technology, power grids are undergoing major changes, which create significant management and control challenges. To tackle these challenges, decentralized solutions are needed, which can support the evolution of electrical power distribution systems. Transactive energy is a decentralized solution for dynamically balancing demand and supply, in which consumers, prosumers (i.e., consumers with energy storage or generation capabilities), providers, etc. can trade energy in an open market.

However, transactive energy solutions must also satisfy security, safety, and privacy requirements, which often seem to contradict each other. For example, to provide safety, detailed energy consumption and production information might need to be disseminated, but this threatens the privacy of prosumers. As another example, the complex and computationally expensive solutions required to provide security might not abide the real-time constraints of power systems.

In this project, we create a transactive energy system based on blockchain technology, using the distributed ledger provided by a blockchain to implement an energy trading platform. We develop protocols, smart contracts, middleware, and control algorithms to provide security, safety, and privacy for transactive energy.

Resilient cyber-physical systems
The 2015 and 2016 cyberattacks against the Ukrainian power grid have demonstrated that remote attackers can cause significant physical impact.

As cyber-physical systems become more prevalent, ensuring that they are resilient to cyber-attacks becomes a critical issue. For instance, cyber-physical attacks against smart water and transportation networks can pose a serious threat to public health and safety. Owing to the severity of these threats, a variety of techniques have been proposed for improving the resilience of a cyber-physical system, such as deploying redundant components and intrusion detection systems.

In this project, we explore a synergistic approach that combines multiple techniques in order to provide resilience against cyber-attacks. We study and model how the impact and feasibility of cyber-attacks depend on both the physical and cyber aspects of a system. Based on these models, we provide novel results on how to combine multiple techniques for improving resilience, considering static, dynamic, and adaptive defenses.

Security of transportation networks
Modern transportation networks may be susceptible to cyber-attacks.

The evolution of traffic control from standalone hardware devices to complex networked systems has provided society with many benefits, such as reducing wasted time and environmental impact. However, it has also exposed transportation networks to cyber-attacks. While traditional hardware systems were susceptible only to attacks based on direct physical access, modern systems are vulnerable to attacks through wireless interfaces or even to remote attacks through the Internet.

In this project,

  • we study the vulnerability of transportation networks to cyber-attacks, and provide methods for identifying the critical elements of a network;
  • we introduce physical anomaly based detection against stealthy cyber-attacks, and evaluate its performance based on realistic simulations of attacks;
  • we study approaches for mitigating ongoing attacks, and introduce algorithms for finding optimal mitigation plans.
Cyber-insurance