More Like this

1. Are p -values under attack? Contribution to the discussion of ‘A critical evaluation of the current “ p -value controversy” ’: Are p -value under attack?

   https://doi.org/10.1002/bimj.201700031  

   Piegorsch, Walter W. ( September 2017 , Biometrical Journal)
2. Charting the Attack Surface of Trigger-Action IoT Platforms

   https://doi.org/10.1145/3319535.3345662  

   Wang, Qi ; Datta, Pubali ; Yang, Wei ; Liu, Si ; Bates, Adam ; Gunter, Carl A. ( November 2019 , 2019 ACM SIGSAC Conference on Computer and Communications Security)

   Internet of Things (IoT) deployments are becoming increasingly automated and vastly more complex. Facilitated by programming abstractions such as trigger-action rules, end-users can now easily create new functionalities by interconnecting their devices and other online services. However, when multiple rules are simultaneously enabled, complex system behaviors arise that are difficult to understand or diagnose. While history tells us that such conditions are ripe for exploitation, at present the security states of trigger-action IoT deployments are largely unknown. In this work, we conduct a comprehensive analysis of the interactions between trigger-action rules in order to identify their security risks. Using IFTTT as an exemplar platform, we first enumerate the space of inter-rule vulnerabilities that exist within trigger-action platforms. To aid users in the identification of these dangers, we go on to present iRuler, a system that performs Satisfiability Modulo Theories (SMT) solving and model checking to discover inter-rule vulnerabilities within IoT deployments. iRuler operates over an abstracted information flow model that represents the attack surface of an IoT deployment, but we discover in practice that such models are difficult to obtain given the closed nature of IoT platforms. To address this, we develop methods that assist in inferring trigger-action information flowsmore »based on Natural Language Processing. We develop a novel evaluative methodology for approximating plausible real-world IoT deployments based on the installation counts of 315,393 IFTTT applets, determining that 66% of the synthetic deployments in the IFTTT ecosystem exhibit the potential for inter-rule vulnerabilities. Combined, these efforts provide the insight into the real-world dangers of IoT deployment misconfigurations.« less
3. Plug-N-Pwned: Comprehensive Vulnerability Analysis of OBD-II Dongles as A New Over-the-Air Attack Surface in Automotive IoT

   Wen, Haohuang ; Chen, Qi Alfred ; Lin, Zhiqiang ( January 2020 , USENIX Security Symposium)

   With the growing trend of the Internet of Things, a large number of wireless OBD-II dongles are developed, which can be simply plugged into vehicles to enable remote functions such as sophisticated vehicle control and status monitoring. However, since these dongles are directly connected with in-vehicle networks, they may open a new over-the-air attack surface for vehicles. In this paper, we conduct the first comprehensive security analysis on all wireless OBD-II dongles available on Amazon in the US in February 2019, which were 77 in total. To systematically perform the analysis, we design and implement an automated tool DONGLESCOPE that dynamically tests these dongles from all possible attack stages on a real automobile. With DONGLESCOPE, we have identified 5 different types of vulnerabilities, with 4 being newly discovered. Our results reveal that each of the 77 dongles exposes at least two types of these vulnerabilities, which indicates a widespread vulnerability exposure among wireless OBD-II dongles on the market today. To demonstrate the severity, we further construct 4 classes of concrete attacks with a variety of practical implications such as privacy leakage, property theft, and even safety threat. We also discuss the root causes and feasible countermeasures, and have made correspondingmore »responsible disclosure.« less
4. Temporal System Call Specialization for Attack Surface Reduction

   Ghavamnia, Seyedhamed ; Palit, Tapti ; Mishra, Shachee ; Polychronakis, Michalis ( January 2020 , USENIX Security Symposium)
5. Confine: Automated System Call Policy Generation for Container Attack Surface Reduction

   Ghavamnia, Seyedhamed ; Palit, Tapti ; Benameur, Azzedine ; Polychronakis, Michalis ( January 2020 , International Symposium on Research in Attacks, Intrusions and Defenses (RAID))