Publications
The 2017 Buffalo Area Icing and Radar Study (BAIRS II)
May 14, 2020
Project Report
Published in:
MIT Lincoln Laboratory Report ATC-447
Summary
The second Buffalo Area Icing and Radar Study (BAIRS II) was conducted during the winter of 2017. The BAIRS II partnership between Massachusetts Institute of Technology (MIT) Lincoln Laboratory (LL), the National Research Council of Canada (NRC), and Environment and Climate Change Canada (ECCC) was sponsored by the Federal Aviation Administration (FAA). It is a follow-up to the similarly sponsored partnership of the original BAIRS conducted in the winter of 2013. The original BAIRS provided in situ verification and validation of icing and hydrometeors, respectively, within the radar domain in support of a hydrometeor-classification-based automated icing hazard algorithm. The BAIRS II motivation was to: --Collect additional in situ verification and validation data, --Probe further dual polarimetric radar features associated with icing hazard, --Provide foundations for additions to the icing hazard algorithm beyond hydrometeor classifications, and --Further characterize observable microphysical conditions in terms of S-band dual polarimetric radar data. With BAIRS II, the dual polarimetric capability is provided by multiple Next Generation Weather Radar (NEXRAD) S-band radars in New York State, and the verification of the icing hazard with microphysical and hydrometeor characterizations is provided by NRC's Convair-580 instrumented research plane during five icing missions covering about 21 mission hours. The ability to reliably interpret the NEXRAD dual polarization radar-sensed thermodynamic phase of the hydrometeors (solid, liquid, mix) in the context of cloud microphysics and precipitation physics makes it possible to assess the icing hazard potential to aviation. The challenges faced are the undetectable nature of supercooled cloud droplets (for Sband) and the isotropic nature of Supercooled Large Drops (SLD). The BAIRS II mission strategy pursued was to study and probe radar-identifiable, strongly anisotropic crystal targets (dendrites and needles) with which supercooled water (and water saturated conditions) are physically linked as a means for dual polarimetric detection of icing hazard. BAIRS II employed superior optical array probes along with state and microphysical instrumentation; and, using again NEXRAD-feature-guided flight paths, was able to make advances from the original BAIRS helpful to the icing algorithm development. The key findings that are given thorough treatment in this report are: --Identification of the radar-detectable "crystal sandwich" structure from two anisotropic crystal types stratified by in situ air temperature in association with varying levels of supercooled water --with layer thicknesses observed to 2 km, --over hundred-kilometer scales matched with the mesoscale surveillance of the NEXRAD radars, --Development and application of a multi-sensor cloud phase algorithm to distinguish between liquid phase, mixed phase, and glaciated (no icing) conditions for purposes of a "truth" database and improved analysis in BAIRS II, --Development of concatenated hydrometeor size distributions to examine the in situ growth of both liquid and solid hydrometeors over a broad size spectrum; used, in part, to demonstrate differences between maritime and continental conditions, and --The Icing Hazard Levels (IHL) algorithm’s verification in icing conditions is consistent with previous work and, new, is documented to perform well when indicating "glaciated" (no icing) conditions.
Summary
The second Buffalo Area Icing and Radar Study (BAIRS II) was conducted during the winter of 2017. The BAIRS II partnership between Massachusetts Institute of Technology (MIT) Lincoln Laboratory (LL), the National Research Council of Canada (NRC), and Environment and Climate Change Canada (ECCC) was sponsored by the Federal Aviation...
READ MORE
Automated discovery of cross-plane event-based vulnerabilities in software-defined networking
February 23, 2020
Conference Paper
Published in:
Network and Distributed Systems Security Symp., NDSS, 23-26 February 2020.
Summary
Software-defined networking (SDN) achieves a programmable control plane through the use of logically centralized, event-driven controllers and through network applications (apps) that extend the controllers' functionality. As control plane decisions are often based on the data plane, it is possible for carefully crafted malicious data plane inputs to direct the control plane towards unwanted states that bypass network security restrictions (i.e., cross-plane attacks). Unfortunately, because of the complex interplay among controllers, apps, and data plane inputs, at present it is difficult to systematically identify and analyze these cross-plane vulnerabilities. We present EVENTSCOPE, a vulnerability detection tool that automatically analyzes SDN control plane event usage, discovers candidate vulnerabilities based on missing event-handling routines, and validates vulnerabilities based on data plane effects. To accurately detect missing event handlers without ground truth or developer aid, we cluster apps according to similar event usage and mark inconsistencies as candidates. We create an event flow graph to observe a global view of events and control flows within the control plane and use it to validate vulnerabilities that affect the data plane. We applied EVENTSCOPE to the ONOS SDN controller and uncovered 14 new vulnerabilities.
Summary
Software-defined networking (SDN) achieves a programmable control plane through the use of logically centralized, event-driven controllers and through network applications (apps) that extend the controllers' functionality. As control plane decisions are often based on the data plane, it is possible for carefully crafted malicious data plane inputs to direct the...
READ MORE
Wind information requirements for NextGen applications phase 7 report
February 12, 2020
Project Report
Published in:
MIT Lincoln Laboratory Report ATC-444
Topic:
R&D area:
R&D group:
Summary
This report details the Required Time of Arrival (RTA) performance of B757 aircraft arriving at various meter fixes across a range of altitudes from 33,000' down to 3,000' above ground level (AGL). The system tested demonstrated less than ±10 second arrival error in at least 95% of flights at meter fixes down to 7,000' AGL regardless of the forecast quality provided. Below 7,000' AGL, RTA performance significantly degraded demonstrating around 80% compliance under the best forecast and operating conditions. This report also provides a comprehensive lexicon of aviation and air traffic control related "wind" terms.
Summary
This report details the Required Time of Arrival (RTA) performance of B757 aircraft arriving at various meter fixes across a range of altitudes from 33,000' down to 3,000' above ground level (AGL). The system tested demonstrated less than ±10 second arrival error in at least 95% of flights at meter...
READ MORE
FirmFuzz: automated IOT firmware introspection and analysis
November 15, 2019
Conference Paper
Published in:
2nd Workshop on the Internet of Things Security and Privacy, IoT S&P '19, 15 November 2019.
Topic:
R&D area:
R&D group:
Summary
While the number of IoT devices grows at an exhilarating pace their security remains stagnant. Imposing secure coding standards across all vendors is infeasible. Testing individual devices allows an analyst to evaluate their security post deployment. Any discovered vulnerabilities can then be disclosed to the vendors in order to assist them in securing their products. The search for vulnerabilities should ideally be automated for efficiency and furthermore be device-independent for scalability. We present FirmFuzz, an automated device-independent emulation and dynamic analysis framework for Linux-based firmware images. It employs a greybox-based generational fuzzing approach coupled with static analysis and system introspection to provide targeted and deterministic bug discovery within a firmware image. We evaluate FirmFuzz by emulating and dynamically analyzing 32 images (from 27 unique devices) with a network accessible from the host performing the emulation. During testing, FirmFuzz discovered seven previously undisclosed vulnerabilities across six different devices: two IP cameras and four routers. So far, 4 CVE's have been assigned.
Summary
While the number of IoT devices grows at an exhilarating pace their security remains stagnant. Imposing secure coding standards across all vendors is infeasible. Testing individual devices allows an analyst to evaluate their security post deployment. Any discovered vulnerabilities can then be disclosed to the vendors in order to assist...
READ MORE
Analog coupled oscillator based weighted Ising machine
October 15, 2019
Journal Article
Published in:
Sci. Rep., Vol. 9, No. 1, 15 October 2019, 14786.
Topic:
R&D area:
Summary
We report on an analog computing system with coupled non-linear oscillators which is capable of solving complex combinatorial optimization problems using the weighted Ising model. The circuit is composed of a fully-connected 4-node LC oscillator network with low-cost electronic components and compatible with traditional integrated circuit technologies. We present the theoretical modeling, experimental characterization, and statistical analysis our system, demonstrating single-run ground state accuracies of 98% on randomized MAX-CUT problem sets with binary weights and 84% with 5-bit weight resolutions. Solutions are obtained within 5 oscillator cycles, and the time-to-solution has been demonstrated to scale directly with oscillator frequency. We present scaling analysis which suggests that large coupled oscillator networks may be used to solve computationally intensive problems faster and more efficiently than conventional algorithms. The proof-of-concept system presented here provides the foundation for realizing such larger scale systems using existing hardware technologies and could pave the way towards an entirely novel computing paradigm.
Summary
We report on an analog computing system with coupled non-linear oscillators which is capable of solving complex combinatorial optimization problems using the weighted Ising model. The circuit is composed of a fully-connected 4-node LC oscillator network with low-cost electronic components and compatible with traditional integrated circuit technologies. We present the...
READ MORE
Design, simulation, and fabrication of three-dimensional microsystem components using grayscale photolithography
October 1, 2019
Journal Article
Published in:
J. Micro/Nanolith., Vol. 18, No. 4, October - December 2019, 043507.
Summary
Grayscale lithography is a widely known but underutilized microfabrication technique for creating three-dimensional (3-D) microstructures in photoresist. One of the hurdles for its widespread use is that developing the grayscale photolithography masks can be time-consuming and costly since it often requires an iterative process, especially for complex geometries. We discuss the use of PROLITH, a lithography simulation tool, to predict 3-D photoresist profiles from grayscale mask designs. Several examples of optical microsystems and microelectromechanical systems where PROLITH was used to validate the mask design prior to implementation in the microfabrication process are presented. In all examples, PROLITH was able to accurately and quantitatively predict resist profiles, which reduced both design time and the number of trial photomasks, effectively reducing the cost of component fabrication.
Summary
Grayscale lithography is a widely known but underutilized microfabrication technique for creating three-dimensional (3-D) microstructures in photoresist. One of the hurdles for its widespread use is that developing the grayscale photolithography masks can be time-consuming and costly since it often requires an iterative process, especially for complex geometries. We discuss...
READ MORE
Security Design of Mission-Critical Embedded Systems
September 24, 2019
Abstract
Published in:
HPEC 2019: IEEE Conf. on High Performance Extreme Computing, 22-24 September 2019.
Topic:
R&D area:
R&D group:
Summary
This tutorial explains a systematic approach of co-designing functionality and security into mission-criticalembedded systems. The tutorial starts by reviewing common issues in embedded applications to define mission objectives,threat models, and security/resilience goals. We then introduce an overview of security technologies toachieve goals of confidentiality, integrity, and availability given design criteria and a realistic threatmodel. The technologies range from practical cryptography and key management, protection of data atrest, data in transit, and data in use, and tamper resistance.A major portion of the tutorial is dedicated to exploring the mission critical embedded system solutionspace. We discuss the search for security vulnerabilities (red teaming) and the search for solutions (blueteaming). Besides the lecture, attendees, under instructor guidance, will perform realistic andmeaningful hands-on exercises of defining mission and security objectives, assessing principal issues,applying technologies, and understanding their interactions. The instructor will provide an exampleapplication (distributed sensing, communicating, and computing) to be used in these exercises.Attendees could also bring their own applications for the exercises.Attendees are encouraged to work collaboratively throughout the development process, thus creatingopportunities to learn from each other. During the exercise, attendees will consider the use of varioussecurity/resilience features, articulate and justify the use of resources, and assess the system’ssuitability for mission assurance. Attendees can expect to gain valuable insight and experience in thesubject after completing the lecture and exercises.The instructor, who is an expert and practitioner in the field, will offer insight, advice, and concreteexamples and discussions. The tutorial draws from the instructor’s decades of experience in secure,resilient systems and technology.
Summary
This tutorial explains a systematic approach of co-designing functionality and security into mission-criticalembedded systems. The tutorial starts by reviewing common issues in embedded applications to define mission objectives,threat models, and security/resilience goals. We then introduce an overview of security technologies toachieve goals of confidentiality, integrity, and availability given design criteria...
READ MORE
The leakage-resilience dilemma
September 15, 2019
Conference Paper
Published in:
Proc. European Symp. on Research in Computer Security, ESORICS 2019, pp. 87-106.
Summary
Many control-flow-hijacking attacks rely on information leakage to disclose the location of gadgets. To address this, several leakage-resilient defenses, have been proposed that fundamentally limit the power of information leakage. Examples of such defenses include address-space re-randomization, destructive code reads, and execute-only code memory. Underlying all of these defenses is some form of code randomization. In this paper, we illustrate that randomization at the granularity of a page or coarser is not secure, and can be exploited by generalizing the idea of partial pointer overwrites, which we call the Relative ROP (RelROP) attack. We then analyzed more that 1,300 common binaries and found that 94% of them contained sufficient gadgets for an attacker to spawn a shell. To demonstrate this concretely, we built a proof-of-concept exploit against PHP 7.0.0. Furthermore, randomization at a granularity finer than a memory page faces practicality challenges when applied to shared libraries. Our findings highlight the dilemma that faces randomization techniques: course-grained techniques are efficient but insecure and fine-grained techniques are secure but impractical.
Summary
Many control-flow-hijacking attacks rely on information leakage to disclose the location of gadgets. To address this, several leakage-resilient defenses, have been proposed that fundamentally limit the power of information leakage. Examples of such defenses include address-space re-randomization, destructive code reads, and execute-only code memory. Underlying all of these defenses is...
READ MORE
Monetized weather radar network benefits for tornado cost reduction
August 29, 2019
Project Report
Published in:
MIT Lincoln Laboratory Report NOAA-35
Summary
A monetized tornado benefit model is developed for arbitrary weather radar network configurations. Geospatial regression analyses indicate that improvement in two key radar coverage parameters--fraction of vertical space observed and cross-range horizontal resolution--lead to better tornado warning performance as characterized by tornado detection probability and false alarm ratio. Previous experimental results showing faster volume scan rates yielding greater warning performance, including increased lead times, are also incorporated into the model. Enhanced tornado warning performance, in turn, reduces casualty rates. In combination, then, it is clearly established that better and faster radar observations reduce tornado casualty rates. Furthermore, lower false alarm ratios save costs by cutting down on people's time lost when taking shelter.
Summary
A monetized tornado benefit model is developed for arbitrary weather radar network configurations. Geospatial regression analyses indicate that improvement in two key radar coverage parameters--fraction of vertical space observed and cross-range horizontal resolution--lead to better tornado warning performance as characterized by tornado detection probability and false alarm ratio. Previous experimental...
READ MORE
Guest editorial: special issue on hardware solutions for cyber security
August 22, 2019
Journal Article
Published in:
J. Hardw. Syst. Secur., Vol. 3, No. 199, 2019.
Topic:
R&D area:
R&D group:
Summary
A cyber system could be viewed as an architecture consisting of application software, system software, and system hardware. The hardware layer, being at the foundation of the overall architecture, must be secure itself and also provide effective security features to the software layers. In order to seamlessly integrate security hardware into a system with minimal performance compromises, designers must develop and understand tangible security specifications and metrics to trade between security, performance, and cost for an optimal solution. Hardware security components, libraries, and reference architecture are increasingly important in system design and security. This special issue includes four exciting manuscripts on several aspects of developing hardware-oriented security for systems.
Summary
A cyber system could be viewed as an architecture consisting of application software, system software, and system hardware. The hardware layer, being at the foundation of the overall architecture, must be secure itself and also provide effective security features to the software layers. In order to seamlessly integrate security hardware...
READ MORE