Cybersecurity

Bug Hunters’ Perspectives on the Challenges and Benefits of the Bug Bounty Ecosystem

Although researchers have characterized the bug-bounty ecosystem from the point of view of platforms and programs, minimal effort has been made to understand the perspectives of the main workers: bug hunters. To improve bug bounties, it is important …

Survey and Taxonomy of Adversarial Reconnaissance Techniques

Adversaries are often able to penetrate networks and compromise systems by exploiting vulnerabilities in people and systems. The key to the success of these attacks is information that adversaries collect throughout the phases of the cyber kill …

The Benefits of Vulnerability Discovery and Bug Bounty Programs: Case Studies of Chromium and Firefox

Recently, bug-bounty programs have gained popularity and become a significant part of the security culture of many organizations. Bug-bounty programs enable these organizations to enhance their security posture by harnessing the diverse expertise and …

Principled Data-Driven Decision Support for Cyber-Forensic Investigations

In the wake of a cybersecurity incident, it is crucial to promptly discover how the threat actors breached security in order to assess the impact of the incident and to develop and deploy countermeasures that can protect against further attacks. To …

Correct-by-Design Interacting Smart Contracts and a Systematic Approach for Verifying ERC20 and ERC721 Contracts with VeriSolid

Blockchain-based smart contracts enable the creation of decentralized applications, which often handle assets of considerable value. While the underlying platforms guarantee the correctness of smart-contract execution, they cannot ensure that the …

Strategic Remote Attestation: Testbed for Internet-of-Things Devices and Stackelberg Security Game for Optimal Strategies

Internet of Things (IoT) devices and applications can have significant vulnerabilities, which may be exploited by adversaries to cause considerable harm. An important approach for mitigating this threat is remote attestation, which enables the …

DeimosBC: A Blockchain-based System for Crowdsensing after Natural Disasters

For first responders entering into a post-disaster situation, there is usually a severe lack of up-to-date ground truth. The initial period of time has multiple sources of conflicting information coming in and creating confusion about the situation. …

Selfish Mining Attacks Exacerbated by Elastic Hash Supply

Several attacks have been proposed against Proof-of-Work blockchains, which may increase the attacker’s share of mining rewards (e.g., selfish mining, block withholding). A further impact of such attacks, which has not been considered in prior work, …

Data-Driven Decision Support for Optimizing Cyber Forensic Investigations

Cyber attacks consisting of several attack actions can present considerable challenge to forensic investigations. Consider the case where a cybersecurity breach is suspected following the discovery of one attack action, for example by observing the …

Safe and Private Forward-Trading Platform for Transactive Microgrids

Power grids are evolving at an unprecedented pace due to the rapid growth of distributed energy resources (DER) in communities. These resources are very different from traditional power sources, as they are located closer to loads and thus can …