Publications

Intent-based networking (IBN) enables network administrators to express high-level goals and network policies without needing to specify low-level forwarding configurations, topologies, or protocols. Administrators can define intents that capture the overall behavior they want from the network, and an IBN controller compiles such intents into low-level configurations that get installed...

Intent-based networking (IBN) offers advantages and opportunities compared with SDN, but IBN also poses new and unique security challenges that must be overcome.

MIT Lincoln Laboratory and the Space Cyber-Resiliency group at Air Force Research Laboratory-Space Vehicles Directorate have prototyped a practical, operationally capable and secure-by-design spaceflight software platform called Cyber-Hardened Satellite Software (CHSS) for building space mission applications with security, recoverability and performance as first-class system design priorities. Following a successful evaluation...

Private Automated Contact Tracing (PACT) was a collaborative team and effort formed during the beginning of the Coronavirus Disease 2019 (COVID-19) pandemic. PACT's mission was to enhance contact tracing in pandemic response by designing exposure-detection functions in personal digital communication devices that have maximal public health utility while preserving privacy...

As the complexity of DoD systems increases exponentially, the DoD continues to struggle with understanding and improving the resilience of its mission software. The Applied Resilience for Mission Systems (ARMS) Testbed is an environment that enables resilience improvement by experimentation and assessment of different mission system architectures and approaches. This...

Randomization is one of the main strategies in providing security in moving-target-defense (MTD) systems. However, randomization has an associated cost and estimating this cost and its impact on the overall system is crucial to ensure adoption of the MTD strategy. In this paper we discuss our experience in attempting to...

Secure message transmission (SMT) systems provide information theoretic security for point-to-point message transmission in networks that are partially controlled by an adversary. This is the story of a research project that aimed to implement a flavour of SMT protocols that uses "path hopping" with the goal of quantifying the real-life...

Embedded and real-time systems are increasingly attached to networks. This enables broader coordination beyond the physical system, but also opens the system to attacks. The increasingly complex workloads of these systems include software of varying assurance levels, including that which might be susceptible to compromise by remote attackers. To limit...

Memory corruption attacks against unsafe programming languages like C/C++ have been a major threat to computer systems for multiple decades. Various sanitizers and runtime exploit mitigation techniques have been shown to only provide partial protection at best. Recently developed ‘safe’ programming languages such as Rust and Go hold the promise...

Commodity operating system kernels remain monolithic for practical and historical reasons. All kernel code shares a single address space, executes with elevated processor privileges, and has largely unhindered access to all data, including data irrelevant to the completion of a specific task. Applying the principle of least privilege, which limits...