Raghudeep Kannavara

Is This Thing On?: Crowdsourcing Privacy Indicators for Ubiquitous Sensing Platforms

We are approaching an environment where ubiquitous computing devices will constantly accept input via audio and video channels: kiosks that determine demographic information of passersby, gesture controlled home entertainment systems and audio controlled wearable devices are just a few examples. To enforce the principle of least privilege, recent proposals have suggested technical approaches to limit third-party applications to receiving only the data they need, rather than entire audio or video streams. For users to make informed privacy decisions, applications will still need to communicate what data they are accessing and indicators will be needed to communicate this information. We performed several crowdsourcing experiments to examine how potential users might conceptualize and understand privacy indicators on ubiquitous sensing platforms.

Challenges and opportunities with concolic testing

Although concolic testing is increasingly being explored as a viable software verification technique, its adoption in mainstream software development and testing in the industry is not yet extensive. In this paper, we discuss challenges to widespread adoption of concolic testing in an industrial setting and highlight further opportunities where concolic testing can find renewed applicability.

HCI in Business: A Collaboration with Academia in IoT Privacy

The Internet of Things (IoT) integrates communication capabilities into physical objects to create a ubiquitous and multi-modal network of information and computing resources. The promise and pervasiveness of IoT ecosystems has lured many companies, including Intel, to devote resources and engineers to participate in the future of IoT. This paper describes a joint effort from Intel and two collaborators from academia to address the problem of IoT privacy.

Topics in Biometric Human-Machine Interaction Security

Biometrics is the science and technology of measuring and statistically analyzing biological data. As applied to computing and human-machine interaction (HMI), biometric applications deal with recognizing the individual or deciphering the individuals conversation (e.g., in the form of voice commands or gestures) or collecting and analyzing data regarding the individuals health and emotional status.These applications inherently deal with personally identifiable information (PII), which ultimately has to be stored somewhere, retrieved at some point of time, processed, and probably stored again, perhaps over a wireless channel.

Towards a unified framework for pre-silicon validation

One of the major problems seen in the pre-silicon validation realm today is the lack of a unified framework for all pre-silicon validation efforts including security validation. Lack of a unified framework for pre-silicon validation presents a “communication” challenge among different validation tool teams. While each team maintains and enhances a particular tool depending on the project they support and while these projects shift geographies to keep up with the product development life cycle, keeping the tools up to date, addressing specific tool changes and communicating the tool changes among project teams and dependent tool teams is emaciating. With this perspective, this paper seeks to highlight this issue and present a high-level solution space to address this problem. Further, the paper highlights outstanding issues that need to be resolved to enable such a unified pre-silicon validation framework to be successful.

Assessing the Threat Landscape for Software Libraries

Libraries are a collection of implementations of behavior written in a computer programming language providing a well-defined interface by which the behavior can be invoked. Although a majority of the code in numerous applications comes from libraries, the risk of security vulnerabilities that comes with these libraries is often overlooked. In this regard, we seek to assess the threat landscape associated with software libraries and discuss mitigation strategies via Security Development Lifecycle (SDL).

CRETE: A Versatile Binary-Level Concolic Testing Framework

In this paper, we present crete, a versatile binary-level concolic testing framework, which features an open and highly extensible architecture allowing easy integration of concrete execution frontends and symbolic execution engine backends. crete’s extensibility is rooted in its modular design where concrete and symbolic execution is loosely coupled only through standardized execution traces and test cases. The standardized execution traces are llvm-based, self-contained, and composable, providing succinct and sufficient information for symbolic execution engines to reproduce the concrete executions. We have implemented crete with klee as the symbolic execution engine and multiple concrete execution frontends such as qemu and 8051 Emulator. We have evaluated the effectiveness of crete on GNU Coreutils programs and TianoCore utility programs for UEFI BIOS. The evaluation of Coreutils programs shows that crete achieved comparable code coverage as klee directly analyzing the source code of Coreutils and generally outperformed angr. The evaluation of TianoCore utility programs found numerous exploitable bugs that were previously unreported.

A Machine Learning Approach to SDL

Security Risk Assessments (SRA) play a key role in the Security Development Lifecycle (SDL). At an early stage of the project, the SRA helps allocate security resources and identifies SDL requirements and activities. In this paper, we present key findings from a machine learning approach toward the SRA that seeks to learn from a database of previous product security risk assessments and associated requirements and activities. This approach has been implemented and adopted by product teams across our organization.

Design and Performance Evaluation of the SCAN Secure Processor

This paper presents the design, performance analysis, security evaluation and the extended instruction set architecture ISA of the SCAN secure processor SCAN-SP. The SCAN-SP is security enhanced SparcV8 processor architecture with an extended ISA to interface with an off-chip FPGA co-processor to handle lossless image compression, encryption and information hiding based on SCAN methodology. Additionally, SCAN-SP offers a SCAN methodology based secure computing feature capable of executing an encrypted instruction stream. Thus the proposed secure processor architecture enables tamper resistant code execution along with cryptographic and general computing capabilities.

A Perceptual Computing based Gesture Controlled Quadcopter for Visual Tracking and Transportation

One of the fundamental challenges faced by an inexperienced user in portable unmanned aerial vehicle UAV such as quadcopters is flight control, often leading to crashes. Addressing this challenge, and leveraging upon the technological advancement in perceptual computing and computer vision, this research presents a modular system that allows for hand gesture based flight control of UAV, alongside a transport mechanism for portable objects. In addition to ascertain smooth flight control by avoiding obstacles in navigation path, real-time video feedback is relayed from the UAV to user, thus allowing him/her to take appropriate actions. This paper presents the design implementation by discussing the various sub-systems involved, inter system communication, and field tests to ascertain operation. As presented from testing results, the proposed system provides efficient communication between the subsystems for smooth flight control, while allowing for safe transport of portable objects.