Publications
Analyzing Mission Impacts of Cyber Actions (AMICA)
June 15, 2015
Conference Paper
Published in:
Proc. NATO S&T Workshop on Cyber Attack, Detection, Forensics and Attribution for Assessment of Mission Impact, 15 June 2015.
Topic:
R&D area:
R&D group:
Summary
This paper describes AMICA (Analyzing Mission Impacts of Cyber Actions), an integrated approach for understanding mission impacts of cyber attacks. AMICA combines process modeling, discrete-event simulation, graph-based dependency modeling, and dynamic visualizations. This is a novel convergence of two lines of research: process modeling/simulation and attack graphs. AMICA captures process flows for mission tasks as well as cyber attacker and defender tactics, techniques, and procedures (TTPs). Vulnerability dependency graphs map network attack paths, and mission-dependency graphs define the hierarchy of high-to-low-level mission requirements mapped to cyber assets. Through simulation of the resulting integrated model, we quantify impacts in terms of mission-based measures, for various mission and threat scenarios. Dynamic visualization of simulation runs provides deeper understanding of cyber warfare dynamics, for situational awareness in the context of simulated conflicts. We demonstrate our approach through a prototype tool that combines operational and systems views for rapid analysis.
Summary
This paper describes AMICA (Analyzing Mission Impacts of Cyber Actions), an integrated approach for understanding mission impacts of cyber attacks. AMICA combines process modeling, discrete-event simulation, graph-based dependency modeling, and dynamic visualizations. This is a novel convergence of two lines of research: process modeling/simulation and attack graphs. AMICA captures process...
READ MORE
Aircraft in situ validation of hydrometeors and icing conditions inferred by ground-based NEXRAD polarimetric radar
June 15, 2015
Conference Paper
Published in:
SAE Int. Conf. on Icing of Aircraft, Engines, and Structures, ICE 2015, 15 June 2015.
Summary
MIT Lincoln Laboratory is tasked by the U.S. Federal Aviation Administration to investigate the use of the NEXRAD polarimetric radars for the remote sensing of icing conditions hazardous to aircraft. A critical aspect of the investigation concerns validation that has relied upon commercial airline icing pilot reports and a dedicated campaign of in situ flights in winter storms. During the month of February in 2012 and 2013, the Convair-580 aircraft operated by the National Research Council of Canada was used for in situ validation of snowstorm characteristics under simultaneous observation by NEXRAD radars in Cleveland, Ohio and Buffalo, New York. The most anisotropic and easily distinguished winter targets to dual pol radar are ice crystals. Accordingly, laboratory diffusion chamber measurements in a tightly-controlled parameter space of temperature and humidity provide the linkage between shape and the expectation for the presence/absence of water saturation conditions necessary for icing hazard in situ. In agreement with the laboratory measurements pertaining to dendritic and hexagonal flat plate crystals, the aircraft measurements have verified the presence of supercooled water in mainly low concentrations coincident with regions showing layered anomalies of positive differential reflectivity (ZDR) by ground-based radar, otherwise known as +ZDR 'bright bands'. Extreme values of ZDR (up to +8 dB) have also been found to be coincident with hexagonal flat plate crystals and intermittent supercooled water, also consistent with laboratory measurements. The icing conditions found with the anisotropic description are considered non-classical (condensation/collision-coalescence) and require the ascent of air and availability of ice nuclei. A modest ascent rate (
Summary
MIT Lincoln Laboratory is tasked by the U.S. Federal Aviation Administration to investigate the use of the NEXRAD polarimetric radars for the remote sensing of icing conditions hazardous to aircraft. A critical aspect of the investigation concerns validation that has relied upon commercial airline icing pilot reports and a dedicated...
READ MORE
Sensitive detection and identification of isovanillin aerosol particles at the pg/cm^3 mass concentration level using Raman spectroscopy
June 8, 2015
Journal Article
Published in:
Aerosol Sci. Technol., Vol. 49, No. 9, 2015, pp. 753-6.
Topic:
R&D area:
Summary
A compact Raman spectroscopy system with high sensitivity to chemical aerosols has been developed. This system has been used to detect isovanillin aerosols with mass concentration of 12 pg/cm3 in a 15 s signal integration period with a signal-to-noise ratio of 32. We believe this represents the lowest chemical aerosol concentration and signal integration period product ever reported for a Raman spectroscopy system. The Raman system includes (i) a 10 W, 532-nm cw laser, (ii) an aerosol flow cell, (iii) a 60x aerosol concentrator, (iv) an f/1.8 Raman spectrometer with a spectral range of 400-1400 cm^-1 and a resolution of 4 cm^-1, and (v) a low-noise CCD camera (1340 x 400 pixels). The collection efficiency of the Raman system has been determined to be 2.8%. Except for the laser cooling subsystem, the Raman system fits in a 0.61 m x 0.61 m x 0.61 m box.
Summary
A compact Raman spectroscopy system with high sensitivity to chemical aerosols has been developed. This system has been used to detect isovanillin aerosols with mass concentration of 12 pg/cm3 in a 15 s signal integration period with a signal-to-noise ratio of 32. We believe this represents the lowest chemical aerosol...
READ MORE
Snapshot on-chip HDR ROIC architectures
June 7, 2015
Conference Paper
Published in:
Computational Optical Sensing and Imaging, 7-11 June 2015.
Summary
We describe novel digital readout integrated circuits (DROICs) that achieve snapshot on-chip high dynamic range imaging where most commercial systems require a multiple exposure acquisition.
Summary
We describe novel digital readout integrated circuits (DROICs) that achieve snapshot on-chip high dynamic range imaging where most commercial systems require a multiple exposure acquisition.
READ MORE
In situ microfluidic SERS assay for monitoring enzymatic breakdown of organophosphates
June 3, 2015
Journal Article
Published in:
Nanoscale, Vol. 7, No. 25, 2015, 11013-23.
Topic:
R&D area:
Summary
In this paper, we report on a method to probe the breakdown of the organophosphate (OP) simulants o, s-diethyl methyl phosphonothioate (OSDMP) and demeton S by the enzyme organophosphorous hydrolase (OPH) in a microfluidic device by surface enhanced Raman spectroscopy (SERS). SERS hotspots were formed on-demand inside the microfluidic device by laser-induced aggregation of injected Ag NPs suspensions. The Ag NP clusters, covering micron-sized areas, were formed within minutes using a conventional confocal Raman laser microscope. These Ag NP clusters were used to enhance the Raman spectra of the thiol products of OP breakdown in the microfluidic device: ethanethiol (EtSH) and (ethylsulfanyl) ethane-1-thiol (2-EET). When the OPH enzyme and its substrates OSDMP and demeton S were introduced, the thiolated breakdown products were generated, resulting in changes in the SERS spectra. With the ability to analyze reaction volumes as low as 20 nL, our approach demonstrates great potential for miniaturization of SERS analytical protocols.
Summary
In this paper, we report on a method to probe the breakdown of the organophosphate (OP) simulants o, s-diethyl methyl phosphonothioate (OSDMP) and demeton S by the enzyme organophosphorous hydrolase (OPH) in a microfluidic device by surface enhanced Raman spectroscopy (SERS). SERS hotspots were formed on-demand inside the microfluidic device...
READ MORE
Fabrication process and properties of fully planarized deep-submicron Nb/Al-AlOx/Nb Josephson junctions for VLSI circuits
June 1, 2015
Journal Article
Published in:
IEEE Trans. Appl. Supercond., Vol. 25, No. 3, June 2015, 1101312.
Topic:
R&D area:
Summary
A fabrication process for Nb/Al-AlOx/Nb Josephson junctions (JJs) with sizes down to 200 nm has been developed on a 200-mm-wafer tool set typical for CMOS foundry. This process is the core of several nodes of a roadmap for fully-planarized fabrication processes for superconductor integrated circuits with 4, 8, and 10 niobium layers developed at MIT Lincoln Laboratory. The process utilizes 248 nm photolithography, anodization, high-density plasma etching, and chemical mechanical polishing (CMP) for planarization of SiO2 interlayer dielectric. JJ electric properties and statistics such as on-chip and wafer spreads of critical current, Ic, normal-state conductance, GN, and run-to-run reproducibility have been measured on 200-mm wafers over a broad range of JJ diameters from 200 nm to 1500 nm and critical current densities, Jc, from 10 kA/cm^2 to 50 kA/cm^2 where the JJs become self-shunted. Diffraction-limited photolithography of JJs is discussed. A relationship between JJ mask size, JJ size on wafer, and the minimum printable size for coherent and partially coherent illumination has been worked out. The GN and Ic spreads obtained have been found to be mainly caused by variations of the JJ areas and agree with the model accounting for an enhancement of mask errors near the diffraction-limited minimum printable size of JJs. Ic and GN spreads from 0.8% to 3% have been obtained for JJs with sizes form 1500 nm down to 500 nm. The spreads increase to about 8% for 200-nm JJs. Prospects for circuit densities > 10^6 JJ/cm^2 and 193-nm photolithography for JJ definition are discussed.
Summary
A fabrication process for Nb/Al-AlOx/Nb Josephson junctions (JJs) with sizes down to 200 nm has been developed on a 200-mm-wafer tool set typical for CMOS foundry. This process is the core of several nodes of a roadmap for fully-planarized fabrication processes for superconductor integrated circuits with 4, 8, and 10...
READ MORE
Inductance of circuit structures for MIT LL superconductor electronics fabrication process with 8 niobium layers
June 1, 2015
Journal Article
Published in:
IEEE Trans. Appl. Supercond., Vol. 25, No. 3, 1 June 2015, 1100905.
Topic:
R&D area:
Summary
Inductance of superconducting thin-film inductors and structures with linewidth down to 250 nm has been experimentally evaluated. The inductors include various striplines and microstrips, their 90 degree bends and meanders, interlayer vias, etc., typically used in superconducting digital circuits. The circuits have been fabricated by a fully planarized process with 8 niobium layers, developed at MIT Lincoln Laboratory for very-large-scale superconducting integrated circuits. Excellent run-to-run reproducibility and inductance uniformity of better than 1% across 200-mm wafers have been found. It has been found that the inductance per unit length of stripline and microstrip line inductors continues to grow as the inductor linewidth is reduced deep into the submicron range to the widths comparable to the film thickness and magnetic field penetration depth. It is shown that the linewidth reduction does not lead to widening of the parameter spread due to diminishing sensitivity of the inductance to the linewidth and dielectric thickness. The experimental results were compared with numeric inductance extraction using commercial software and freeware, and a good agreement was found for 3-D inductance extractors. Methods of further miniaturization of circuit inductors for achieving circuit densities >10^6 Josephson junctions per cm^2 are discussed.
Summary
Inductance of superconducting thin-film inductors and structures with linewidth down to 250 nm has been experimentally evaluated. The inductors include various striplines and microstrips, their 90 degree bends and meanders, interlayer vias, etc., typically used in superconducting digital circuits. The circuits have been fabricated by a fully planarized process with...
READ MORE
Silicon Geiger-mode avalanche photodiode arrays for photon-starved imaging
May 28, 2015
Conference Paper
Published in:
SPIE, Vol. 9492, Advanced Photon Counting Techniques IX, 28 May 2015.
Summary
Geiger-mode avalanche photodiodes (GMAPDs) are capable of detecting single photons. They can be operated to directly trigger all-digital circuits, so that detection events are digitally counted or time stamped in each pixel. An imager based on an array of GMAPDs therefore has zero readout noise, enabling quantum-limited sensitivity for photon-starved imaging applications. In this review, we discuss devices developed for 3D imaging, wavefront sensing, and passive imaging.
Summary
Geiger-mode avalanche photodiodes (GMAPDs) are capable of detecting single photons. They can be operated to directly trigger all-digital circuits, so that detection events are digitally counted or time stamped in each pixel. An imager based on an array of GMAPDs therefore has zero readout noise, enabling quantum-limited sensitivity for photon-starved...
READ MORE
Revised multifunction phased array radar (MPAR) network siting analysis
May 26, 2015
Project Report
Published in:
MIT Lincoln Laboratory Report ATC-425
Summary
As part of the NextGen Surveillance and Weather Radar Capability (NSWRC) program, the Federal Aviation Administration (FAA) is currently developing the solution for aircraft and meteorological surveillance in the future National Airspace System (NAS). A potential solution is a multifunction phased array radar (MPAR) that would replace some or all of the single-purpose radar types used in the NAS today. One attractive aspect of MPAR is that the number of radars deployed would decrease, because redundancy in coverage by single-mission sensors would be reduced with a multifunction system. The lower radar count might then result in overall life cycle cost savings, but in order to estimate costs, a reliable estimate of the number of MPARs is needed. Thus this report addresses the question, "If today's weather and aircraft surveillance radars are replaced by a single class of multimission radars, how many would be needed to replicate the current air space coverage over the United States and its territories?" Various replacement scenarios must be considered, since it is not yet determined which of the organizations that own today's radars (the FAA, the National Weather Service (NWS), the different branches of the U.S. military) would join in an MPAR program. It updates a previous study using a revised set of legacy systems, including 81 additional military airbase radars. Six replacement scenarios were considered, depending on the radar mission categories. Scenario 1 would replace terminal radars only, i.e., the Airport Surveillance Radars (ASRs) and the Terminal Doppler Weather Radar (TDWR). Scenario 2 would include the Scenario 1 radars plus the long-range weather radar, commonly known as NEXRAD. Scenario 3 would add the long-range aircraft surveillance radars, i.e., the Air Route Surveillance Radars (ARSRs), to the Scenario 2 radars. To each of these three scenarios, we then add the military's Ground Position Navigation (GPN) airbase radars for Scenarios 1G, 2G, and 3G. We assumed that the new multimission radar would be available in two sizes--a full-size MPAR and a scaled-down terminal MPAR (TMPAR). Furthermore, we assumed that the new radar antennas would have four sides that could be populated by one, two, three, or four phased array faces, such that the azimuthal coverage provided could be scaled from 90 degrees to 360 degrees. Radars in the 50 United States, Guam, Puerto Rico, U.S. Virgin Islands, Guantanamo Bay (Cuba), and Kwajalein (Marshall Islands) were included in the study.
Summary
As part of the NextGen Surveillance and Weather Radar Capability (NSWRC) program, the Federal Aviation Administration (FAA) is currently developing the solution for aircraft and meteorological surveillance in the future National Airspace System (NAS). A potential solution is a multifunction phased array radar (MPAR) that would replace some or all...
READ MORE
Missing the point(er): on the effectiveness of code pointer integrity
May 18, 2015
Conference Paper
Published in:
2015 IEEE Symp. on Security and Privacy, 18-20 May 2015.
Topic:
R&D area:
R&D group:
Summary
Memory corruption attacks continue to be a major vector of attack for compromising modern systems. Numerous defenses have been proposed against memory corruption attacks, but they all have their limitations and weaknesses. Stronger defenses such as complete memory safety for legacy languages (C/C++) incur a large overhead, while weaker ones such as practical control flow integrity have been shown to be ineffective. A recent technique called code pointer integrity (CPI) promises to balance security and performance by focusing memory safety on code pointers thus preventing most control-hijacking attacks while maintaining low overhead. CPI protects access to code pointers by storing them in a safe region that is protected by instruction level isolation. On x86-32, this isolation is enforced by hardware; on x86-64 and ARM, isolation is enforced by information hiding. We show that, for architectures that do not support segmentation in which CPI relies on information hiding, CPI's safe region can be leaked and then maliciously modified by using data pointer overwrites. We implement a proof-of-concept exploit against Nginx and successfully bypass CPI implementations that rely on information hiding in 6 seconds with 13 observed crashes. We also present an attack that generates no crashes and is able to bypass CPI in 98 hours. Our attack demonstrates the importance of adequately protecting secrets in security mechanisms and the dangers of relying on difficulty of guessing without guaranteeing the absence of memory leaks.
Summary
Memory corruption attacks continue to be a major vector of attack for compromising modern systems. Numerous defenses have been proposed against memory corruption attacks, but they all have their limitations and weaknesses. Stronger defenses such as complete memory safety for legacy languages (C/C++) incur a large overhead, while weaker ones...
READ MORE