Cybersecurity

Bug Hunters’ Perspectives on the Challenges and Benefits of the Bug Bounty Ecosystem

Although researchers have characterized the bug-bounty ecosystem from the point of view of platforms and programs, minimal effort has been made to understand the perspectives of the main workers: bug hunters. To improve bug bounties, it is important …

Correct-by-Design Interacting Smart Contracts and a Systematic Approach for Verifying ERC20 and ERC721 Contracts with VeriSolid

Blockchain-based smart contracts enable the creation of decentralized applications, which often handle assets of considerable value. While the underlying platforms guarantee the correctness of smart-contract execution, they cannot ensure that the …

Survey and Taxonomy of Adversarial Reconnaissance Techniques

Adversaries are often able to penetrate networks and compromise systems by exploiting vulnerabilities in people and systems. The key to the success of these attacks is information that adversaries collect throughout the phases of the cyber kill …

The Benefits of Vulnerability Discovery and Bug Bounty Programs: Case Studies of Chromium and Firefox

Recently, bug-bounty programs have gained popularity and become a significant part of the security culture of many organizations. Bug-bounty programs enable organizations to enhance their security posture by harnessing the diverse expertise of crowds …

Bayesian Models for Node-Based Inference Techniques

Cyber attackers often use passive reconnaissance to collect information about target networks. This technique can be used to identify systems and plan attacks, making it an increasingly challenging task for security analysts to detect. Adversaries …

Principled Data-Driven Decision Support for Cyber-Forensic Investigations

In the wake of a cybersecurity incident, it is crucial to promptly discover how the threat actors breached security in order to assess the impact of the incident and to develop and deploy countermeasures that can protect against further attacks. To …

Strategic Cyber Camouflage

One of the most fundamental tasks for an AICA agent will be to manipulate information that an adversary can observe, either about a network or the AICA agent itself. This includes taking actions to conceal or camouflage the agent or specific network …

Strategic Remote Attestation: Testbed for Internet-of-Things Devices and Stackelberg Security Game for Optimal Strategies

Internet of Things (IoT) devices and applications can have significant vulnerabilities, which may be exploited by adversaries to cause considerable harm. An important approach for mitigating this threat is remote attestation, which enables the …

DeimosBC: A Blockchain-based System for Crowdsensing after Natural Disasters

For first responders entering into a post-disaster situation, there is usually a severe lack of up-to-date ground truth. The initial period of time has multiple sources of conflicting information coming in and creating confusion about the situation. …

Selfish Mining Attacks Exacerbated by Elastic Hash Supply

Several attacks have been proposed against Proof-of-Work blockchains, which may increase the attacker’s share of mining rewards (e.g., selfish mining, block withholding). A further impact of such attacks, which has not been considered in prior work, …