Luis T. Garcia

A Cyber-Physical Modeling and Assessment Framework for Power Grid Infrastructures

The integration of cyber communications and control systems into the power grid infrastructure is widespread and has a profound impact on the operation, reliability, and efficiency of the grid. Cyber technologies allow for efficient management of the power system, but they may contain vulnerabilities that need to be managed. One important possible consequence is the introduction of cyber-induced or cyber-enabled disruptions of physical components. In this paper, we propose an online framework for assessing the operational reliability impacts due to threats to the cyber infrastructure. This framework is an important step toward addressing the critical challenge of understanding and analyzing complex cyber-physical systems at scale.

Perceptions of coercive sexual behavior by males and females

In this study male and female subjects were given six vignettes depicting heterosexual interactions between acquaintances. The vignettes described sexual advances representing different points along a coerciveness continuum. The gender of the aggressor and the victim were varied. The subjects were then asked to indicate their perception of the degree of coerciveness involved. In addition, they were asked to attribute both positive and negative feelings to the victim. The results indicated that male subjects perceived these sexual advances as slightly more coercive when the victim was a female, whereas females perceived the advances as slightly more coercive when the victim was a male. Also, there was a tendency to view the low-coercion activities as more coercive when the males were the victim, whereas the opposite was true for the vignettes rated high on coercion, especially the one describing physical coercion. The attributions of positive and negative feelings tended to parallel the coerciveness ratings. Typically, the more coercive activity was seen as, the less positive feelings and more negative feelings the subjects attributed to the victim. The results were discussed in terms of stereotypical beliefs regarding the sexuality of males and females and attribution theory.

SEXUAL INFERENCES ABOUT FEMALE TARGETS: THE USE OF SEXUAL EXPERIENCE CORRELATES

1971). In its most rigid form, this double standard prescribes that women, but not men, refrain from premarital sexual activity and those women who do not abide by this standard are then evaluated more negatively than women who abide by it. In a less rigid form, women may be expected to have premarital sex but only in the context of a loving or romantic relationship. This notion

Perception of sexual experience: The impact of nonverbal behavior

A study was conducted to determine if nonverbal displays of masculinity and femininity can lead subjects to make inferences about the sexual experience of a person. It was predicted that male and female stimulus persons who displayed nonverbal masculine expressions would be seen as more sexually experienced, and more sexual in general, than those who exhibited feminine expressions. The results strongly supported this prediction. It was also expected that the stimulus persons displaying sex-appropriate behaviors would be evaluated more positively. This prediction was supported only for male stimulus persons.

Don't Just BYOD, Bring-Your-Own-App Too! Protection via Virtual Micro Security Perimeters

Mobile devices are increasingly becoming a melting pot of different types of data ranging from sensitive corporate documents to commercial media to personal content produced and shared via online social networks. While it is desirable for such diverse content to be accessible from the same device via a unified user experience and through a rich plethora of mobile apps, ensuring that this data remains protected has become challenging. Even though different data types have very different security and privacy needs and accidental instances of data leakage are common, todays mobile operating systems include few, if any, facilities for fine-grained data protection and isolation. In this paper, we present SWIRLS, an Android-based mobile OS that provides a rich policy-based information-flow data protection abstraction for mobile apps to support BYOD (bring-your-own-device) use cases. SWIRLS allows security and privacy policies to be attached to individual pieces of data contained in signed and encrypted capsules, and enforces these policies as the data flows through the device. Unlike current BYOD solutions like VMs and containers that create duplication and cognitive overload, SWIRLS provides a single environment that allows users to access content belonging to different security contexts using the same applications without fear of inadverdant or malicious data leakage. SWIRLS also unburdens app developers from having to worry about security policies, and provides APIs through which they can create seamless multi-security-context user interfaces. To implement its abstractions, SWIRLS develops a cryptographically protected capsule distribution and installation scheme, enhances Taintdroid-based taint-tracking mechanisms to support efficient kernel and user-space security policy enforcement, implements techniques for persisting security context along with data, and provides transparent security-context switching mechanisms. Using our Android-based prototype (>25K LOC), we show a number of data protection use-cases such as isolation of personal and work data, limiting document sharing and preventing leakage based on document classification, and security policies based on geo-and time-fencing. Our experiments show that SWIRLS imposes a very minimal overhead in both battery consumption and performance.

Sexual evaluation of women with feminist attitudes

A study was conducted to investigate whether subjects make inferences about a females sexuality based on her attitudes toward feminist issues. Based on the idea that both attitudes toward feminist issues and toward sexual traits are components of prototypes about females, it was hypothesized that females who expressed nontraditional attitudes on various feminist issues would be rated higher on a number of sexual traits than females who expressed more traditional attitudes. Male and female subjects were given information about a 19-year-old, single, females attitudes on a number of issues related to womens occupational and domestic roles. The targets answers were manipulated so that in one condition she expressed traditional attitudes, and in a second condition she expressed nontraditional or feminist attitudes. The respondents were then asked to rate the target on traits reflecting a sexual and an evaluative dimension. As predicted, it was found that the female expressing nontraditional attitudes was rated higher in the sexual traits and was evaluated more negatively. The results were discussed in terms of the perceived incongruity between feminist attitudes and the traditional female prototype.

TMQ: Threat model quantification in Smart Grid critical infrastructures

For proper security risk management and effective deployment of security solutions in smart grid critical infrastructures, accurate identification and in-depth understanding of threats are crucial. Traditional descriptive threat models are often considered insufficient for accurate and mathematical numerical risk analyses of such critical infrastructures. In this paper, we propose TMQ, a novel and scalable threat model quantification method to create numerical models of various threat categories automatically. In particular, TMQ makes use of several sources of information to quantify the individual threat vectors. First, TMQ utilizes the smart grid network topology and global security access control policies to create a state-based security model for the smart grid using the Markov decision processes formalism. Then, TMQ utilizes traditional descriptive threat models, historical attack reports, intrusion detection logs as well as reports/interviews by/with hackers to quantify adversarial viewpoints of attackers from various threat categories against the smart grid. The result is an automatically generated model with specialized reward functions for each category of attackers. Our experimental results on a smart grid testbed network with several vulnerabilities show that TMQ can accurately quantify traditional descriptive threat models efficiently.

Detecting PLC control corruption via on-device runtime verification

With an increased emphasis on the cyber-physical security of safety-critical industrial control systems, programmable logic controllers have been targeted by both security researchers and attackers as critical assets. Security and verification solutions have been proposed and/or implemented either externally or with limited computational power. Online verification or intrusion detection solutions are typically difficult to implement within the control logic of the programmable logic controller due to the strict timing requirements and limited resources. Recently, there has been an increased advancement in open controller systems where programmable logic controllers are coupled with embedded hypervisors running operating systems with much more computational power. Development environments are provided that allow developers to directly integrate library function calls from the embedded hypervisor into the program scan cycle of the programmable logic controller. In this paper, we leverage these coupled environments to implement online cyber-physical verification solutions directly integrated into the program scan cycle as well as online intrusion detection systems within the embedded hypervisor. This novel approach allows advanced security and verification solutions to be directly enforced from within the programmable logic controller program scan cycle. We evaluate the proposed solutions on a commercial-off-the-shelf Siemens product.

Covert channel communication through physical interdependencies in cyber-physical infrastructures

Increasing efforts are being made in securing the communication infrastructure used in electric power systems. On the surface, this should greatly reduce the chances of successfully executing the type of coordinated and distributed cyber attacks necessary to cause large-scale failures. However, existing communications security schemes in power control systems only consider explicit communications. In this paper, we show that there is a rich set of covert communication channels available to attackers for use in coordinating large scale attacks against power grids. Specifically, we present PhyCo, a novel covert channel that leverages physical substrates, e.g., line loads, within a power system, to transmit information between compromised device controllers. Using PhyCo, two compromised controllers that are miles apart can coordinate their efforts by manipulating relays to modify the power networks topology. This can be done without requiring the use of any explicit communication channels, e.g., power line communications, and can evade intrusion detection sensors aimed at overt traffic. We have evaluated PhyCo using real-world programmable logic controllers on a realistic simulated power grid. Our results show that PhyCo can bypass existing intrusion detection sensors as well as physical inspections by carefully crafting covert communications to have minimal exterior consequences within normal operating thresholds.

Causal thinking in self-selected stories about self and others

Etude permettant de comparer aupres de 127 etudiants les attributions causales concernant soi-meme et les autres lorsque les evenements a evaluer sont choisis par les sujets eux-memes ou par le chercheur