Publications
Exploiting temporal vulnerabilities for unauthorized access in intent-based networking
October 14, 2024
Conference Paper
R&D group:
Summary
Intent-based networking (IBN) enables network administrators to express high-level goals and network policies without needing to specify low-level forwarding configurations, topologies, or protocols. Administrators can define intents that capture the overall behavior they want from the network, and an IBN controller compiles such intents into low-level configurations that get installed in the network and implement the desired behavior. We discovered that current IBN specifications and implementations do not specify that flow rule installation orderings should be enforced, which leads to temporal vulnerabilities where, for a limited time, attackers can exploit indeterminate connectivity behavior to gain unauthorized network access. In this paper, we analyze the causes of such temporal vulnerabilities and their security impacts with a representative case study via the ONOS IBN implementation. We devise the Phantom Link attack and demonstrate a working exploit to highlight the security impacts. To defend against such attacks, we propose Spotlight, a detection method that can alert a system administrator of risky intent updates prone to exploitable temporal vulnerabilities. Spotlight is effective in identifying risky updates using realistic network topologies and policies. We show that Spotlight can detect risky updates in a mean time of 0.65 seconds for topologies of over 1,300 nodes.
Summary
Intent-based networking (IBN) enables network administrators to express high-level goals and network policies without needing to specify low-level forwarding configurations, topologies, or protocols. Administrators can define intents that capture the overall behavior they want from the network, and an IBN controller compiles such intents into low-level configurations that get installed...
READ MORE
Manipulative interference attacks
October 14, 2024
Conference Paper
Topic:
R&D group:
Summary
A μ-kernel is an operating system (OS) paradigm that facilitates a strong cybersecurity posture for embedded systems. Unlike a monolithic OS such as Linux, a μ-kernel reduces overall system privilege by deploying most OS functionality within isolated, userspace protection domains. Moreover, a μ-kernel ensures confidentiality and integrity between protection domains (i.e., spatial isolation), and offers timing predictability for real-time tasks in mixed-criticality systems (i.e., temporal isolation). One popular μ-kernel is seL4 which offers extensive formal guarantees of implementation correctness and flexible temporal budgeting mechanisms. However, we show that an untrusted protection domain on a μ-kernel can abuse service requests to other protection domains in order to corrode system availability. We generalize this denial-of-service (DoS) attack strategy as Manipulative Interference Attacks (MIAs) and introduce techniques to efficiently identify instances of MIAs within a configured system. Specifically, we propose a novel hybrid approach that first leverages static analysis to identify software components with influenceable execution times, and second, uses an automatically generated model-based analysis to determine which compromised protection domains can manipulate the influenceable components and trigger MIAs. We investigate the risk of MIAs in several representative system examples including the seL4 Microkit, as well as a case study of seL4 software artifacts from the DARPA Cyber Assured Systems Engineering (CASE) program. In particular, we demonstrate that our analysis is efficient enough to discover practical instances of MIAs in real-world systems.
Summary
A μ-kernel is an operating system (OS) paradigm that facilitates a strong cybersecurity posture for embedded systems. Unlike a monolithic OS such as Linux, a μ-kernel reduces overall system privilege by deploying most OS functionality within isolated, userspace protection domains. Moreover, a μ-kernel ensures confidentiality and integrity between protection domains...
READ MORE
ECP 0857P final report for the NEXRAD ROC: Modified VCP 35
September 18, 2024
Project Report
Published in:
MIT Lincoln Laboratory Report ATC-456
Topic:
R&D group:
Summary
This report responds to a request by the NEXRAD ROC through the FAA to close out ECP0857P in their records. It details the motivation for the modification to the radar coverage pattern called VCP 35, its deployment, and use coordinated with nearby in situ ICICLE flight missions or independent of those. Recommendations are included for future considerations to modify VCP 35.
Summary
This report responds to a request by the NEXRAD ROC through the FAA to close out ECP0857P in their records. It details the motivation for the modification to the radar coverage pattern called VCP 35, its deployment, and use coordinated with nearby in situ ICICLE flight missions or independent of...
READ MORE
Variability of speech timing features across repeated recordings: a comparison of open-source extraction techniques
September 1, 2024
Conference Paper
Published in:
Proc. Interspeech 2024, 2015-2019, doi: 10.21437/Interspeech.2024-1074
Topic:
R&D area:
R&D group:
Summary
Variations in speech timing features have been reliably linked to symptoms of various health conditions, demonstrating clinical potential. However, replication challenges hinder their
translation; extracted speech features are susceptible to methodological variations in the recording and processing pipeline. Investigating this, we compared exemplar timing features extracted via three different techniques from recordings of healthy speech. Our results show that features extracted via an intensity-based method differ from those produced by forced alignment. Different extraction methods also led to differing estimates of within-speaker feature variability over time in an analysis of recordings repeated systematically over three sessions in one day (n=26) and in one week (n=28). Our findings highlight the importance of feature extraction in study design and interpretation, and the need for consistent, accurate extraction techniques for clinical research.
translation; extracted speech features are susceptible to methodological variations in the recording and processing pipeline. Investigating this, we compared exemplar timing features extracted via three different techniques from recordings of healthy speech. Our results show that features extracted via an intensity-based method differ from those produced by forced alignment. Different extraction methods also led to differing estimates of within-speaker feature variability over time in an analysis of recordings repeated systematically over three sessions in one day (n=26) and in one week (n=28). Our findings highlight the importance of feature extraction in study design and interpretation, and the need for consistent, accurate extraction techniques for clinical research.
Summary
Variations in speech timing features have been reliably linked to symptoms of various health conditions, demonstrating clinical potential. However, replication challenges hinder their
translation; extracted speech features are susceptible to methodological variations in the recording and processing pipeline. Investigating this, we compared exemplar timing features extracted via three different techniques...
READ MORE
VulSim: Leveraging similarity of multi-dimensional neighbor embeddings for vulnerability detection
August 14, 2024
Conference Paper
Topic:
R&D group:
Summary
Despite decades of research in vulnerability detection, vulnerabilities in source code remain a growing problem, and more effective techniques are needed in this domain. To enhance software vulnerability detection, in this paper, we first show that various vulnerability classes in the C programming language share common characteristics, encompassing semantic, contextual, and syntactic properties. We then leverage this knowledge to enhance the learning process of Deep Learning (DL) models for vulnerability detection when only sparse data is available. To achieve this, we extract multiple dimensions of information from the available, albeit limited, data. We then consolidate this information into a unified space, allowing for the identification of similarities among vulnerabilities through nearest-neighbor embeddings. The combination of these steps allows us to improve the effectiveness and efficiency of vulnerability detection using DL models. Evaluation results demonstrate that our approach surpasses existing State-of-the-art (SOTA) models and exhibits strong performance on unseen data, thereby enhancing generalizability.
Summary
Despite decades of research in vulnerability detection, vulnerabilities in source code remain a growing problem, and more effective techniques are needed in this domain. To enhance software vulnerability detection, in this paper, we first show that various vulnerability classes in the C programming language share common characteristics, encompassing semantic, contextual...
READ MORE
Building digital twins for cardiovascular health: From principles to clinical impact
August 1, 2024
Journal Article
Published in:
J. Am. Heart Assoc., online ahead of print, 1 August 2024.
Topic:
R&D area:
R&D group:
Summary
The past several decades have seen rapid advances in diagnosis and treatment of cardiovascular diseases and stroke, enabled by technological breakthroughs in imaging, genomics, and physiological monitoring, coupled with therapeutic interventions. We now face the challenge of how to (1) rapidly process large, complex multimodal and multiscale medical measurements; (2) map all available data streams to the trajectories of disease states over the patient's lifetime; and (3) apply this information for optimal clinical interventions and outcomes. Here we review new advances that may address these challenges using digital twin technology to fulfill the promise of personalized cardiovascular medical practice. Rooted in engineering mechanics and manufacturing, the digital twin is a virtual representation engineered to model and simulate its physical counterpart. Recent breakthroughs in scientific computation, artificial intelligence, and sensor technology have enabled rapid bidirectional interactions between the virtual-physical counterparts with measurements of the physical twin that inform and improve its virtual twin, which in turn provide updated virtual projections of disease trajectories and anticipated clinical outcomes. Verification, validation, and uncertainty quantification builds confidence and trust by clinicians and patients in the digital twin and establishes boundaries for the use of simulations in cardiovascular medicine. Mechanistic physiological models form the fundamental building blocks of the personalized digital twin that continuously forecast optimal management of cardiovascular health using individualized data streams. We present exemplars from the existing body of literature pertaining to mechanistic model development for cardiovascular dynamics and summarize existing technical challenges and opportunities pertaining to the foundation of a digital twin.
Summary
The past several decades have seen rapid advances in diagnosis and treatment of cardiovascular diseases and stroke, enabled by technological breakthroughs in imaging, genomics, and physiological monitoring, coupled with therapeutic interventions. We now face the challenge of how to (1) rapidly process large, complex multimodal and multiscale medical measurements; (2)...
READ MORE
Impacts of WSR-88D SAILS and MRLE VCP options on severe weather warning performance
July 31, 2024
Project Report
Published in:
MIT Lincoln Laboratory Report NOAA-36
Topic:
R&D area:
Summary
The impacts of supplemental adaptive intra-volume low-level scan (SAILS) and mid-volume rescan of low-level elevations (MRLE) usage on the Weather Surveillance Radar 1988-Doppler (WSR-88D) with respect to severe weather warning performance were evaluated. This is an update and expansion of an earlier study by Cho et al. (2022). Statistical methods applied to historical data from 2014–2022 yielded the following major results. Severe thunderstorm (SVR) warning performance metrics are shown in the figure below, where the vertical bars represent 95% confidence intervals and the numbers at the bottom correspond to the sample sizes. The results are divided according to the scanning option that is estimated to have been used at the time the decision to issue (or not issue) a warning was made. The first point to note is that probability of detection (POD), false alarm ratio (FAR), and mean lead time (MLT) improvements were associated with the usage of supplemental adaptive intra-volume low-level scan (SAILS or MRLE) in a statistically meaningful manner. As for the different sub-modes of SAILS, the multiple elevation scan option (MESO), i.e., SAILSx2 and SAILSx3, appeared to give more benefit than SAILSx1. However, the fact that the fastest base-scan update rates provided by SAILSx3 hardly yielded more benefit than SAILSx2 may indicate that the slowdown in volume scan update rates counteracted the more frequent base scans when going from SAILSx2 to SAILSx3. For POD and FAR, MRLE+4 significantly outperformed MESO-SAILS, which may also indicate that more frequent updates of elevations angle scans higher than the lowest tilt are needed by forecasters to make accurate SVR warning decisions.
Summary
The impacts of supplemental adaptive intra-volume low-level scan (SAILS) and mid-volume rescan of low-level elevations (MRLE) usage on the Weather Surveillance Radar 1988-Doppler (WSR-88D) with respect to severe weather warning performance were evaluated. This is an update and expansion of an earlier study by Cho et al. (2022). Statistical methods...
READ MORE
Security challenges of intent-based networking
July 1, 2024
Journal Article
Published in:
Communications of the ACM, Vol. 67, No. 7, July 2024, pp. 56-65.
Topic:
R&D area:
R&D group:
Summary
Intent-based networking (IBN) offers advantages and opportunities compared with SDN, but IBN also poses new and unique security challenges that must be overcome.
Summary
Intent-based networking (IBN) offers advantages and opportunities compared with SDN, but IBN also poses new and unique security challenges that must be overcome.
READ MORE
Microbubble contrast agents improve detection of active hemorrhage
June 18, 2024
Journal Article
Published in:
IEEE Open Journal of Engineering in Medicine and Biology, doi: 10.1109/OJEMB.2024.3414974
Topic:
R&D area:
R&D group:
Summary
Assessment of trauma-induced hemorrhage with ultrasound is particularly challenging outside of the clinic, where its detection is crucial. The current clinical standard for hematoma detection – the focused assessment with sonography of trauma (FAST) exam – does not aim to detect ongoing blood loss, and thus is unable to detect injuries of increasing severity. To enhance detection of active bleeding, we propose the use of ultrasound contrast agents (UCAs), together with a novel flow phantom and contrast-sensitive processing techniques, to facilitate efficient, practical characterization of internal bleeding. Within a the custom phantom, UCAs and processing techniques enabled a significant enhancement of the hemorrhage visualization (mean increase in generalized contrast-to-noise ratio of 17 %) compared to the contrast-free case over a range of flow rates up to 40 ml/min. Moreover, we have shown that the use of UCAs improves the probability of detection: the area under the receiver operating characteristic curve for a flow rate of 40 ml/min was 0.99, compared to 0.72 without contrast. We also demonstrate how additional processing of the spatial and temporal information further localizes the bleeding site. UCAs also enhanced Doppler signals over the non-contrast case. These results show that specialized nonlinear processing (NLP) pipelines together with UCAs may offer an efficient means to improve substantially the detection of slower hemorrhages and increase survival rates for trauma-induced injury in pre-hospital settings.
Summary
Assessment of trauma-induced hemorrhage with ultrasound is particularly challenging outside of the clinic, where its detection is crucial. The current clinical standard for hematoma detection – the focused assessment with sonography of trauma (FAST) exam – does not aim to detect ongoing blood loss, and thus is unable to detect...
READ MORE
Satellite remote sensing in disaster relief: FY23 HADR Technical Investment Program(9.12 MB)
June 13, 2024
Project Report
Published in:
MIT Lincoln Laboratory Report MIT-LIN-TIP-197
Summary
Disasters annually cost the U.S. billions of dollars in direct costs and economic loss. In particular, the increasing frequency and intensity of natural hazard incidents, such as hurricanes, tornadoes, floods, and wildfires, strains the nation's emergency management enterprise. Knowing that the current approach to emergency management is unsustainable, practitioners and policy makers look to use new tools and technologies to mitigate, prepare for, respond to, and recover from disasters. One of those technologies is satellite remote sensing. As persistent assets with a wide area collection ability and a variety of viable sensing modalities, satellites seem positioned to shed light on the nature of disaster impacts and support decisions made in the first 24 hours after disasters happen. Satellites are particularly promising for providing information on incidents that occur slowly and in rural areas. However, satellite imagery supports early response decisions and operations for only the most severe incidents in the U.S. This report explores reasons satellite imagery is under-utilized in domestic disaster response and proposes ideas toward solutions. Through systems engineering, combined with quantitative modeling and prototyping, this report offers the following. 1. An analysis of stakeholder decisions and use cases for satellite remote sensing in disasters 2. An evaluation of requirements for imagery and derived data products to support decisions 3. A description and demonstration of a concept of operations and high-level system architecture.
Summary
Disasters annually cost the U.S. billions of dollars in direct costs and economic loss. In particular, the increasing frequency and intensity of natural hazard incidents, such as hurricanes, tornadoes, floods, and wildfires, strains the nation's emergency management enterprise. Knowing that the current approach to emergency management is unsustainable, practitioners and...
READ MORE