Computer Engineering Commons^™

Closing The Gap: Leveraging Aes-Ni To Balance Adversarial Advantage And Honest User Performance In Argon2i, Nicholas Harrell, Nathaniel Krakauer

CERIAS Technical Reports

The challenge of providing data privacy and integrity while maintaining efficient performance for honest users is a persistent concern in cryptography. Attackers exploit advances in parallel hardware and custom circuit hardware to gain an advantage over regular users. One such method is the use of Application-Specific Integrated Circuits (ASICs) to optimize key derivation function (KDF) algorithms, giving adversaries a significant advantage in password guessing and recovery attacks. Other examples include using graphical processing units (GPUs) and field programmable gate arrays (FPGAs). We propose a focused approach to close the gap between adversarial advantage and honest user performance by leveraging the …

Improving Developers' Understanding Of Regex Denial Of Service Tools Through Anti-Patterns And Fix Strategies, Sk Adnan Hassan, Zainab Aamir, Dongyoon Lee, James C. Davis, Francisco Servant

Department of Electrical and Computer Engineering Faculty Publications

Regular expressions are used for diverse purposes, including input validation and firewalls. Unfortunately, they can also lead to a security vulnerability called ReDoS (Regular Expression Denial of Service), caused by a super-linear worst-case execution time during regex matching. Due to the severity and prevalence of ReDoS, past work proposed automatic tools to detect and fix regexes. Although these tools were evaluated in automatic experiments, their usability has not yet been studied; usability has not been a focus of prior work. Our insight is that the usability of existing tools to detect and fix regexes will improve if we complement them …

An Empirical Study Of Pre-Trained Model Reuse In The Hugging Face Deep Learning Model Registry, Wenxin Jiang, Nicholas Synovic, Matt Hyatt, Taylor R. Schorlemmer, Rohan Sethi, Yung-Hsiang Lu, George K. Thiruvathukal, James C. Davis

Department of Electrical and Computer Engineering Faculty Publications

Deep Neural Networks (DNNs) are being adopted as components in software systems. Creating and specializing DNNs from scratch has grown increasingly difficult as state-of-the-art architectures grow more complex. Following the path of traditional software engineering, machine learning engineers have begun to reuse large-scale pre-trained models (PTMs) and fine-tune these models for downstream tasks. Prior works have studied reuse practices for traditional software packages to guide software engineers towards better package maintenance and dependency management. We lack a similar foundation of knowledge to guide behaviors in pre-trained model ecosystems.

In this work, we present the first empirical investigation of PTM reuse. …

Sok: Analysis Of Software Supply Chain Security By Establishing Secure Design Properties, Chinenye Okafor, Taylor R. Schorlemmer, Santiao Torres-Arias, James C. Davis

Department of Electrical and Computer Engineering Faculty Publications

This paper systematizes knowledge about secure software supply chain patterns. It identifies four stages of a software supply chain attack and proposes three security properties crucial for a secured supply chain: transparency, validity, and separation. The paper describes current security approaches and maps them to the proposed security properties, including research ideas and case studies of supply chains in practice. It discusses the strengths and weaknesses of current approaches relative to known attacks and details the various security frameworks put out to ensure the security of the software supply chain. Finally, the paper highlights potential gaps in actor and operation-centered …

Reflecting On Recurring Failures In Iot Development, Dharun Anandayuvaraj, James C. Davis

Department of Electrical and Computer Engineering Faculty Publications

As IoT systems are given more responsibility and autonomy, they offer greater benefits, but also carry greater risks. We believe this trend invigorates an old challenge of software engineering: how to develop high-risk software-intensive systems safely and securely under market pressures? As a first step, we conducted a systematic analysis of recent IoT failures to identify engineering challenges. We collected and analyzed 22 news reports and studied the sources, impacts, and repair strategies of failures in IoT systems. We observed failure trends both within and across application domains. We also observed that failure themes have persisted over time. To alleviate …

Exploiting Input Sanitization For Regex Denial Of Service, Efe Barlas, Xin Du, James C. Davis

Department of Electrical and Computer Engineering Faculty Publications

Web services use server-side input sanitization to guard against harmful input. Some web services publish their sanitization logic to make their client interface more usable, e.g., allowing clients to debug invalid requests locally. However, this usability practice poses a security risk. Specifically, services may share the regexes they use to sanitize input strings — and regex-based denial of service (ReDoS) is an emerging threat. Although prominent service outages caused by ReDoS have spurred interest in this topic, we know little about the degree to which live web services are vulnerable to ReDoS.

In this paper, we conduct the first black-box …

Discrepancies Among Pre-Trained Deep Neural Networks: A New Threat To Model Zoo Reliability, Diego Montes, Pongpatapee Peerapatanapokin, Jeff Schultz, Chengjun Guo, Wenxin Jiang, James C. Davis

Department of Electrical and Computer Engineering Faculty Publications

Training deep neural networks (DNNs) takes significant time and resources. A practice for expedited deployment is to use pre-trained deep neural networks (PTNNs), often from model zoos.collections of PTNNs; yet, the reliability of model zoos remains unexamined. In the absence of an industry standard for the implementation and performance of PTNNs, engineers cannot confidently incorporate them into production systems. As a first step, discovering potential discrepancies between PTNNs across model zoos would reveal a threat to model zoo reliability. Prior works indicated existing variances in deep learning systems in terms of accuracy. However, broader measures of reliability for PTNNs from …

An Empirical Study On The Impact Of Deep Parameters On Mobile App Energy Usage, Qiang Xu, James C. Davis, Y Charlie Hu, Abhilash Jindal

Department of Electrical and Computer Engineering Faculty Publications

Improving software performance through configuration parameter tuning is a common activity during software maintenance. Beyond traditional performance metrics like latency, mobile app developers are interested in reducing app energy usage. Some mobile apps have centralized locations for parameter tuning, similar to databases and operating systems, but it is common for mobile apps to have hundreds of parameters scattered around the source code. The correlation between these "deep" parameters and app energy usage is unclear. Researchers have studied the energy effects of deep parameters in specific modules, but we lack a systematic understanding of the energy impact of mobile deep parameters. …

Reflections On Software Failure Analysis, Paschal C. Amusuo, Aishwarya Sharma, Siddharth R. Rao, Abbey Vincent, James C. Davis

Department of Electrical and Computer Engineering Faculty Publications

Failure studies are important in revealing the root causes, behaviors, and life cycle of defects in software systems. These studies either focus on understanding the characteristics of defects in specific classes of systems or the characteristics of a specific type of defect in the systems it manifests in. Failure studies have influenced various software engineering research directions, especially in the area of software evolution, defect detection, and program repair.

In this paper, we reflect on the conduct of failure studies in software engineering. We reviewed a sample of 52 failure study papers. We identified several recurring problems in these studies, …

A Statistical Impulse Response Model Based On Empirical Characterization Of Wireless Underground Channel, Abdul Salam, Mehmet C. Vuran, Suat Irmak

Faculty Publications

Wireless underground sensor networks (WUSNs) are becoming ubiquitous in many areas. The design of robust systems requires extensive understanding of the underground (UG) channel characteristics. In this paper, an UG channel impulse response is modeled and validated via extensive experiments in indoor and field testbed settings. The three distinct types of soils are selected with sand and clay contents ranging from $13\%$ to $86\%$ and $3\%$ to $32\%$, respectively. The impacts of changes in soil texture and soil moisture are investigated with more than $1,200$ measurements in a novel UG testbed that allows flexibility in soil moisture control. Moreover, the …

Wireless Underground Communications In Sewer And Stormwater Overflow Monitoring: Radio Waves Through Soil And Asphalt Medium, Usman Raza, Abdul Salam

Faculty Publications

Storm drains and sanitary sewers are prone to backups and overflows due to extra amount wastewater entering the pipes. To prevent that, it is imperative to efficiently monitor the urban underground infrastructure. The combination of sensors system and wireless underground communication system can be used to realize urban underground IoT applications, e.g., storm water and wastewater overflow monitoring systems. The aim of this article is to establish a feasibility of the use of wireless underground communications techniques, and wave propagation through the subsurface soil and asphalt layers, in an underground pavement system for storm water and sewer overflow monitoring application. …

Urban Underground Infrastructure Monitoring Iot: The Path Loss Analysis, Abdul Salam, Syed Shah

Faculty Publications

The extra quantities of wastewater entering the pipes can cause backups that result in sanitary sewer overflows. Urban underground infrastructure monitoring is important for controlling the flow of extraneous water into the pipelines. By combining the wireless underground communications and sensor solutions, the urban underground IoT applications such as real time wastewater and storm water overflow monitoring can be developed. In this paper, the path loss analysis of wireless underground communications in urban underground IoT for wastewater monitoring has been presented. It has been shown that the communication range of up to 4 kilometers can be achieved from an underground …

An Underground Radio Wave Propagation Prediction Model For Digital Agriculture, Abdul Salam

Faculty Publications

Underground sensing and propagation of Signals in the Soil (SitS) medium is an electromagnetic issue. The path loss prediction with higher accuracy is an open research subject in digital agriculture monitoring applications for sensing and communications. The statistical data are predominantly derived from site-specific empirical measurements, which is considered an impediment to universal application. Nevertheless, in the existing literature, statistical approaches have been applied to the SitS channel modeling, where impulse response analysis and the Friis open space transmission formula are employed as the channel modeling tool in different soil types under varying soil moisture conditions at diverse communication distances …

Underground Environment Aware Mimo Design Using Transmit And Receive Beamforming In Internet Of Underground Things, Abdul Salam

Faculty Publications

In underground (UG) multiple-input and multiple-output (MIMO), the transmit beamforming is used to focus energy in the desired direction. There are three different paths in the underground soil medium through which the waves propagates to reach at the receiver. When the UG receiver receives a desired data stream only from the desired path, then the UG MIMO channel becomes three path (lateral, direct, and reflected) interference channel. Accordingly, the capacity region of the UG MIMO three path interference channel and degrees of freedom (multiplexing gain of this MIMO channel requires careful modeling). Therefore, expressions are required derived the degrees of …

A Cost-Benefit Analysis Of A Campus Computing Grid, Preston M. Smith

Purdue Polytechnic Masters Theses

Any major research institution has a substantial number of computer systems on its campus, often in the scale of tens of thousands. Given that a large amount of scientific computing is appropriate for execution in an opportunistic environment, a campus grid is an inexpensive way to build a powerful computational resource. What is missing, though, is a model for making an informed decision on the cost-effectives of a campus grid. In this thesis, the author describes a model for measuring the costs and benefits of building a campus computing resource based on the institution’s existing investment in computing hardware.

For …