Publications

Refine Results

(Filters Applied) Clear All

FirmFuzz: automated IOT firmware introspection and analysis

Published in:
2nd Workshop on the Internet of Things Security and Privacy, IoT S&P '19, 15 November 2019.

Summary

While the number of IoT devices grows at an exhilarating pace their security remains stagnant. Imposing secure coding standards across all vendors is infeasible. Testing individual devices allows an analyst to evaluate their security post deployment. Any discovered vulnerabilities can then be disclosed to the vendors in order to assist them in securing their products. The search for vulnerabilities should ideally be automated for efficiency and furthermore be device-independent for scalability. We present FirmFuzz, an automated device-independent emulation and dynamic analysis framework for Linux-based firmware images. It employs a greybox-based generational fuzzing approach coupled with static analysis and system introspection to provide targeted and deterministic bug discovery within a firmware image. We evaluate FirmFuzz by emulating and dynamically analyzing 32 images (from 27 unique devices) with a network accessible from the host performing the emulation. During testing, FirmFuzz discovered seven previously undisclosed vulnerabilities across six different devices: two IP cameras and four routers. So far, 4 CVE's have been assigned.
READ LESS

Summary

While the number of IoT devices grows at an exhilarating pace their security remains stagnant. Imposing secure coding standards across all vendors is infeasible. Testing individual devices allows an analyst to evaluate their security post deployment. Any discovered vulnerabilities can then be disclosed to the vendors in order to assist...

READ MORE

Dynamically correlating network terrain to organizational missions

Published in:
Proc. NATO IST-153/RWS-21 Workshop on Cyber Resilience, 23-25 October 2017.

Summary

A precondition for assessing mission resilience in a cyber context is identifying which cyber assets support the mission. However, determining the asset dependencies of a mission is typically a manual process that is time consuming, labor intensive and error-prone. Automating the process of mapping between network assets and organizational missions is highly desirable but technically challenging because it is difficult to find an appropriate proxy within available cyber data for an asset's mission utilization. In this paper we discuss strategies to automate the processes of both breaking an organization into its constituent mission areas, and mapping those mission areas onto network assets, using a data-driven approach. We have implemented these strategies to mine network data at MIT Lincoln Laboratory, and provide examples. We also discuss examples of how such mission mapping tools can help an analyst to identify patterns and develop contextual insight that would otherwise have been obscure.
READ LESS

Summary

A precondition for assessing mission resilience in a cyber context is identifying which cyber assets support the mission. However, determining the asset dependencies of a mission is typically a manual process that is time consuming, labor intensive and error-prone. Automating the process of mapping between network assets and organizational missions...

READ MORE

Safety analysis for advanced separatation concepts

Published in:
Air Traffic Control Q., Vol. 14, No. 1, 2006, pp. 5-24.

Summary

Advanced separation assurance concepts involving higher degrees of automation must meet the challenge of maintaining safety in the presence of inevitable subsystem faults, including the complete failure of the supporting automation infrastructure. This paper examines the types of design features and safeguards that might be used to preserve safety in a highly automated environment. The Advanced Airspace Concept (AAC) being developed by NASA is used as the basis for a fault-tree analysis. Multiple layers of protection, with carefully specified fault management strategies, appear to be important to achieving the desired level of safety.
READ LESS

Summary

Advanced separation assurance concepts involving higher degrees of automation must meet the challenge of maintaining safety in the presence of inevitable subsystem faults, including the complete failure of the supporting automation infrastructure. This paper examines the types of design features and safeguards that might be used to preserve safety in...

READ MORE

Automated forecasting of road conditions and recommended road treatments for winter storms

Published in:
19th Int. Conf. of Interactive Information Processing Systems for Meteorology, Oceanography and Hydrology, 9-13-February 2003.

Summary

Over the past decade there have been significant improvements in the availability, volume, and quality of the sensors and technology utilized to both capture the current state of the atmosphere and generate weather forecasts. New radar systems, automated surface observing systems, satellites and advanced numerical models have all contributed to these advances. However, the practical application of this new technology for transportation decision makers has been primarily limited to aviation. Surface transportation operators, like air traffic operators, require tailored weather products and alerts and guidance on recommended remedial action (e.g. applying chemicals or adjusting traffic flow). Recognizing this deficiency, the FHWA (Federal Highway Administration) has been working to define the weather related needs and operational requirements of the surface transportation community since October 1999. A primary focus of the FHWA baseline user needs and requirements has been winter road maintenance personnel (Pisano, 2001). A key finding of the requirements process was that state DOTs (Departments of Transportation) were in need of a weather forecast system that provided them both an integrated view of their weather, road and crew operations and advanced guidance on what course of action might be required to keep traffic flowing safely. As a result, the FHWA funded a small project (~$900K/year) involving a consortium of national laboratories to aggressively research and develop a prototype integrated Maintenance Decision Support System (MDSS). The prototype MDSS uses state-of-the-art weather and road condition forecast technology and integrates it with FHWA anti-icing guidelines to provide guidance to State DOTs in planning and managing winter storm events (Mahoney, 2003). The overall flow of the MDSS is shown in Figure 1. Basic meteorological data and advanced models are ingested into the Road Weather Forecast System (RWFS). The RWFS, developed by the National Center for Atmospheric Research (NCAR), dynamically weights the ingested model and station data to produce ambient weather forecasts (temperature, precipitation, wind, etc.). More details on the RWFS system can be found in (Myers, 2002). Next, the RCTM (Road Condition Treatment Module) ingests the forecasted weather conditions from the RWFS, calculates the predicted road conditions (snow depth, pavement temperature), Once a treatment plan has been determined, the recommendations are presented in map and table form through the MDSS display. The display also allows users to examine specific road and weather parameters, and to override the algorithm recommended treatments with a user-specified plan. A brief test of the MDSS system was performed in Minnesota during the spring of 2002. Further refinements were made and an initial version of the MDSS was released by the FHWA in September 2002. While this basic system is not yet complete, it does ingest all the necessary weather data and produce an integrated view of the road conditions and recommended treatments. This paper details the RCTM algorithm and its’ components, including the current and potential capabilities of the system.
READ LESS

Summary

Over the past decade there have been significant improvements in the availability, volume, and quality of the sensors and technology utilized to both capture the current state of the atmosphere and generate weather forecasts. New radar systems, automated surface observing systems, satellites and advanced numerical models have all contributed to...

READ MORE

Common CHI for en route ATC automation in FFP1 and beyond

Published in:
45th Annual Air Traffic Control Association Conf. Proc., 22-26 October 2000, pp. 237-241.

Summary

Unique computer-human interface (CHI) challenges are arising with the pending deployment of automation developed to assist air traffic controllers and managers. In the US, a set of Free Flight Phase 1 (FFPl) decision-support tools will provide computer generated scheduling and sequencing advice from Traffic Management Advisor (TMA) and conflict probing advice from User Request Evaluation Tool (URET). These tools were originally developed independently using their own CHIs. Recently, the air traffic community requested that future tools be implemented as an integrated functionality with a consistent look and feel modeled on Eurocontrol's innovative Operational Display and Input Development (ODID) IV. M.I.T. Lincoln Laboratory presented an initial comparative study of FAA and Eurocontrol tools that identified several key inconsistencies between the newly deployed Display System Replacement (DSR), the upcoming FFPl and the future ODID-like CHIs at ATCA 1999. This paper expands the survey to add the ETMS Traffic Situation Display (TSD) and to include a comparison of all look and feel aspects of each tool ranging from the purpose and system requirements to the display and coordination features. Excerpts from the completed survey are presented in Table 1, accompanied by preliminary descriptions of resulting human factors issues that need resolution to achieve a common CHI for future air traffic control and management. In support of the FAA, the Laboratory is now applying the findings from this effort and previous controller testing in collaboration with MITRE CAASD to identify and assess CHI features to be used for a demonstration of integrated operational concepts. This effort, along with continued CHI requirements testing, communication with FAA vendors and concept demonstrations conducted in coordination with the air traffic community will lead to a comprehensive list of prioritized issues regarding a common CHI.
READ LESS

Summary

Unique computer-human interface (CHI) challenges are arising with the pending deployment of automation developed to assist air traffic controllers and managers. In the US, a set of Free Flight Phase 1 (FFPl) decision-support tools will provide computer generated scheduling and sequencing advice from Traffic Management Advisor (TMA) and conflict probing...

READ MORE

Automated flight strip management system functional description

Published in:
MIT Lincoln Laboratory Report ATC-174

Summary

This document gives a high level functional overview of an automated flight strip management system. The current manual flight strip system at Boston's Logan Airport is reviewed and described in detail for both the Tower Cab and TRACON with emphasis on the information flow as an aircraft progresses through the system. The interfaces between the ATC elements, as they related to flight data, are explained. Finally, the system requirements are described including specific requirements for Tower Cab positions.
READ LESS

Summary

This document gives a high level functional overview of an automated flight strip management system. The current manual flight strip system at Boston's Logan Airport is reviewed and described in detail for both the Tower Cab and TRACON with emphasis on the information flow as an aircraft progresses through the...

READ MORE

Automated tracking for aircraft surveillance radar systems

Published in:
IEEE Trans. Aerosp. Electron. Syst., Vol. AES-15, No. 4, July 1979, pp. 508-517.

Summary

An improved moving target detector (MTD) (a digital signal processor) has been designed, constructed, and tested which successfully rejects all forms of radar clutter while providing reliable detection of all aircraft within the coverage of the radar. The MTD is being tested on both terminal and enroute surveillance radars for the FAA. This processor has been integrated with automatic tracking algorithms to give complete rejection of ground clutter, heavy precipitation, and angels (birds).
READ LESS

Summary

An improved moving target detector (MTD) (a digital signal processor) has been designed, constructed, and tested which successfully rejects all forms of radar clutter while providing reliable detection of all aircraft within the coverage of the radar. The MTD is being tested on both terminal and enroute surveillance radars for...

READ MORE

Automating radars for air traffic control

Published in:
Electronic Show and Convention, Electro, Boston, MA, 23-25 March 1978.

Summary

Developments in digital signal processing over the past few years have improved the detection and false alarm properties of air surveillance radars to such an extent that automatic radar tracking of all aircraft within the radar's coverage volume has become a reality. This paper derives the radar requirements to support tracking in a fully automated air traffic control system.
READ LESS

Summary

Developments in digital signal processing over the past few years have improved the detection and false alarm properties of air surveillance radars to such an extent that automatic radar tracking of all aircraft within the radar's coverage volume has become a reality. This paper derives the radar requirements to support...

READ MORE

Showing Results

1-8 of 8