Search for: All records

A significant portion of organizations and applications host client facing servers on cloud-based systems. As the first line of access into a system’s services, these clientfacing servers have a significant attack surface from network adversaries. Once compromised, these systems may be used to send spam, mine crypto, launch DDoS attacks, or used for other nefarious purposes. We propose an adaptive moving target defense that uses game theory to optimize the security and cost to the cloud system. This system leverages the fault-tolerant capabilities of cloud systems with large numbers of client facing servers and the virtualization of these client facing servers by strategically crashing random systems. As a result, an attacker who has compromised a system loses access to it and incurs the cost of having to re-compromise the system once they notice it has been lost. This approach drastically limits the amount of time that an attacker can utilize compromised systems and raises the overall investment required for that time. We have demonstrated via simulation a 90% reduction in the amount of time that an attacker has control over a compromised system for realistic scenarios based on previous data collection of live systems. This approach is agnostic to the method of compromise, so it is even effective against zero-day attacks. 

In the growing era of smart cities, data-driven decision-making is pivotal for urban planners and policymakers. Crowd-sourced data is a cost-effective means to collect this information, enabling more efficient urban management. However, ensuring data accuracy and establishing trustworthy “Ground Truth” in smart city sensor data presents unique challenges.Our study contributes by documenting the intricacies and obstacles associated with overcoming MAC randomization, sensor unpredictability, unreliable signal strength, and Wi-Fi probing inconsistencies in smart city data cleaning.We establish a framework for three different types of experiments: Counting, Proximity, and Sensor Range. Our novel approach incorporates the spatial layout of the city, an aspect often overlooked. We propose a database structure and metrics to enhance reproducibility and trust in the system.By presenting our findings, we aim to facilitate a deeper understanding of the nuances involved in handling sensor data, ultimately paving the way for more accurate and meaningful data-driven decision-making in smart cities. 

Background : Affirmative action programs (AAPs) aim to increase the representation of people from historically underrepresented groups (HUGs) in the workforce, but can unintentionally signal that a person from a HUG was selected for their identity rather than their merit. We call this signal the diversity-hire narrative. Prior work has found that women hear the diversity-hire narrative during their computer science (CS) internships, but women and non-binary students' experiences surrounding the narrative are important to understand and have not been thoroughly explored. Objectives: We seek to understand the (1) sources and (2) impacts of this narrative, as well as (3) how students respond to it. Methods: We conducted and qualitatively analyzed 23 semi-structured interviews with undergraduate CS students in the gender minority (i.e., students who identify as women or non-binary). Results : Participants reported hearing the diversity-hire narrative from family and peers. They reported feeling self-doubt and a double standard where their success was not attributed to their intelligence, but their peers' success was. Participants responded to the diversity-hire narrative by (1) ignoring it, (2) attempting to prove themselves, (3) stating that their peers are jealous, (4) explaining that AAPs address inequity, and (5) explaining that everyone is held to a high standard. Implications: These results expand our understanding of the experiences that likely impact undergraduate CS students in the gender minority. This is important for broadening participation in computing because results indicate that students in the gender minority often encounter the diversity-hire narrative, which deprives them of recognition by invalidating their hard work. 

Artificial intelligence (AI) and cybersecurity are in-demand skills, but little is known about what factors influence computer science (CS) undergraduate students' decisions on whether to specialize in AI or cybersecurity and how these factors may differ between populations. In this study, we interviewed undergraduate CS majors about their perceptions of AI and cybersecurity. Qualitative analyses of these interviews show that students have narrow beliefs about what kind of work AI and cybersecurity entail, the kinds of people who work in these fields, and the potential societal impact AI and cybersecurity may have. Specifically, students tended to believe that all work in AI requires math and training models, while cybersecurity consists of low-level programming; that innately smart people work in both fields; that working in AI comes with ethical concerns; and that cybersecurity skills are important in contemporary society. Some of these perceptions reinforce existing stereotypes about computing and may disproportionately affect the participation of students from groups historically underrepresented in computing. Our key contribution is identifying beliefs that students expressed about AI and cybersecurity that may affect their interest in pursuing the two fields and may, therefore, inform efforts to expand students' views of AI and cybersecurity. Expanding student perceptions of AI and cybersecurity may help correct misconceptions and challenge narrow definitions, which in turn can encourage participation in these fields from all students.