skip to main content

Search for: All records

Creators/Authors contains: "Zhang, F."

Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).
What is a DOI Number?

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

  1. Processors nowadays are consistently equipped with debugging features to facilitate the program analysis. Specifically, the ARM debugging architecture involves a series of CoreSight components and debug registers to aid the system debugging, and a group of debug authentication signals are designed to restrict the usage of these components and registers. Meantime, the security of the debugging features is under-examined since it normally requires physical access to use these features in the traditional debugging model. However, ARM introduces a new debugging model that requires no physical access since ARMv7, which exacerbates our concern on the security of the debugging features. Inmore »this paper, we perform a comprehensive security analysis of the ARM debugging features, and summarize the security and vulnerability implications. To understand the impact of the implications, we also investigate a series of ARM-based platforms in different product domains (i.e., development boards, IoT devices, cloud servers, and mobile devices). We consider the analysis and investigation expose a new attacking surface that universally exists in ARM-based platforms. To verify our concern, we further craft Nailgun attack, which obtains sensitive information (e.g., AES encryption key and fingerprint image) and achieves arbitrary payload execution in a high-privilege mode from a low-privilege mode via misusing the debugging features. This attack does not rely on software bugs, and our experiments show that almost all the platforms we investigated are vulnerable to the attack. The potential mitigations are discussed from different perspectives in the ARM ecosystem.« less
  2. With the proliferation of using smart and connected devices in the transportation domain, these systems inevitably face security threats from the real world. In this work, we analyze the security of the existing traffic signal systems and summarize the security implications exposed in our analysis. Our research shows that the deployed traffic signal systems can be easily manipulated with physical/remote access and are vulnerable to an array of real-world attacks such as a diversionary tactic. By setting up a standard traffic signal system locally in our lab and partnering with a municipality, we demonstrate that not only can traffic intersectionsmore »be manipulated to show deadly traffic patterns such as all-direction green lights, but traffic control systems are also susceptible to ransomware and disruption attacks. Through testing and studying these attacks, we provide our security recommendations and mitigations to these threats.« less
  3. Abstract The prediction of reactor antineutrino spectra will play a crucial role as reactor experiments enter the precision era. The positron energy spectrum of 3.5 million antineutrino inverse beta decay reactions observed by the Daya Bay experiment, in combination with the fission rates of fissile isotopes in the reactor, is used to extract the positron energy spectra resulting from the fission of specific isotopes. This information can be used to produce a precise, data-based prediction of the antineutrino energy spectrum in other reactor antineutrino experiments with different fission fractions than Daya Bay. The positron energy spectra are unfolded to obtainmore »the antineutrino energy spectra by removing the contribution from detector response with the Wiener-SVD unfolding method. Consistent results are obtained with other unfolding methods. A technique to construct a data-based prediction of the reactor antineutrino energy spectrum is proposed and investigated. Given the reactor fission fractions, the technique can predict the energy spectrum to a 2% precision. In addition, we illustrate how to perform a rigorous comparison between the unfolded antineutrino spectrum and a theoretical model prediction that avoids the input model bias of the unfolding method.« less
    Free, publicly-accessible full text available July 1, 2022
  4. Free, publicly-accessible full text available March 1, 2023