Todd R. Andel

Intellectual Property Protection in Additive Layer Manufacturing: Requirements for Secure Outsourcing

Additive Layer Manufacturing (ALM) is a new technology to produce 3D objects adding layer by layer. Agencies and companies like NASA, ESA, and SpaceX are exploring a broad range of application areas of ALM, which includes printing of device components, replacement parts, houses, and even food. They expect that this technology will greatly reduce production costs, manufacturing time, and necessary storage space. The broad variety of application areas and the high grade of computerization of this manufacturing process will inevitably make ALM an attractive target of various attacks. This research examines the problem of Intellectual Property (IP) protection in the case of outsourcing the ALM manufacturing process. We discuss the existing process and introduce a new model for the outsourcing of ALM-based production. For the proposed outsourcing model, focusing on IP protection, we present a risk assessment, specify requirements addressing mitigation of the identified risks, and outline approaches to implement the specified requirements. The fulfillment of the specified requirements will enable secure outsourcing of ALM production.

Automated Evaluation of Secure Route Discovery in MANET Protocols

Evaluation techniques to analyze security properties in ad hoc routing protocols generally rely on manual, non-exhaustive approaches. Non-exhaustive analysis techniques may conclude a protocol is secure, while in reality the protocol may contain an unapparent or subtle flaw. Using formalized exhaustive evaluation techniques to analyze security properties increases protocol confidence. In this paper, we offer an automated evaluation process to analyze security properties in the route discovery phase for on-demand source routing protocols. Using our automated security evaluation process, we are able to produce and analyze all topologies for a given network size. The individual network topologies are fed into the SPIN model checker to exhaustively evaluate protocol abstractions against an attacker attempting to corrupt the route discovery process.

Trust Management and Security in the Future Communication-Based "Smart" Electric Power Grid

New standards and initiatives in the U.S. electric power grid are moving in the direction of a smarter grid. Media attention has focused prominently on smart meters in distribution systems, but big changes are also occurring in the domains of protection, control, and Supervisory Control and Data Acquisition (SCADA) systems. These changes promise to enhance the reliability of the electric power grid and to allow it to safely operate closer to its limits, but there is also a real danger concerning the introduction of network communication vulnerabilities to so-called cyber attacks. This article advocates the use of a reputation-based trust management system as one method to mitigate such attacks. A simulated demonstration of the potential for such systems is illustrated in the domain of backup protection systems. The simulation results show the promise of this proposed technique.

A Trust-Management Toolkit for Smart-Grid Protection Systems

This paper discusses the trust-management toolkit, which is a robust and configurable protection system augmentation, which can successfully function in the presence of an untrusted (malfunctioning) smart grid (i.e., communication-based, protection system nodes). The trust-management toolkit combines reputation-based trust with network-flow algorithms to identify and mitigate faulty smart-grid protection nodes. The toolkit assigns trust values to all protection nodes. Faulty nodes, attributed to component or communication system malfunctions (either intentional or unintentional), are assigned a lower trust value, which indicates a higher risk of failure to mitigate detected faults. The utility of the toolkit is demonstrated through simulations comparing “enhanced” backup and special protection systems to original “unenhanced” systems via an analysis of variance analysis. The results show promise for the toolkit in the smart-grid protection system.

The invisible node attack revisited

Route security is vital to MANET operation and reliability. If a malicious host can inject itself into the routing path or alter the routing path, route security has failed. In this paper we focus on the invisible node attack (INA), an important, unsolved wireless network attack. We provide an INA formal definition and show why proposed solutions throughout the literature have not eliminated this critical attack. Since there is no existing INA solution, we provide a discussion on its potential impacts on ad hoc routing protocols.

In-Vehicle Networks: Attacks, Vulnerabilities, and Proposed Solutions

Vehicles made within the past years have gradually become more and more complex. As a result, the embedded computer systems that monitor and control these systems have also grown in size and complexity. Unfortunately, the technology that protects them from external attackers has not improved at a similar rate. In this paper we discuss the vulnerabilities of modern in-vehicle networks, focusing on the Controller Area Network (CAN) communications protocol as a primary attack vector. We discuss the vulnerabilities of CAN, the types of attacks that can be used against it, and some of the solutions that have been proposed to overcome these attacks.

Legal Aspects of Protecting Intellectual Property in Additive Manufacturing

Additive manufacturing has emerged as a transformative technology that will play a significant role in the future. Also broadly known as 3D printing, additive manufacturing creates 3D objects by incrementally adding successive layers of materials. Whereas traditional manufacturing requires materials and customized components, molds and machinery, additive manufacturing merely requires materials and a 3D printer. Without the need for expensive customization, the entrance barriers for additive manufacturing are drastically lower than those for conventional manufacturing; overhead and maintenance costs are reduced, allowing for smaller, flexible and competitive business models. The decentralized market for production is also a decentralized market for piracy. In traditional manufacturing, the copying of a design can be readily traced to a source because an infringer would require an infrastructure for fabrication and a marketing platform for sales. However, in the decentralized additive manufacturing environment, there is neither a need for a specific infrastructure nor a marketing platform. This chapter focuses on legal solutions available to intellectual property owners in the United States for blueprints, objects and processes used in additive manufacturing. Also, it establishes a baseline for the current federal protection environment and outlines the principal issues encountered in protecting intellectual property.

Software Security and Randomization through Program Partitioning and Circuit Variation

The commodity status of Field Programmable Gate Arrays (FPGAs) has allowed computationally intensive algorithms, such as cryptographic protocols, to take advantage of faster hardware speed while simultaneously leveraging the reconfigurability and lower cost of software. Numerous security applications have been transitioned into FPGA implementations allowing security applications to operate at real-time speeds, such as firewall and packet scanning on high speed networks. However, the utilization of FPGAs to directly secure software vulnerabilities is seemingly non-existent. Protecting program integrity and confidentiality is crucial as malicious attacks through injected code are becoming increasingly prevalent. This paper lays the foundation of continuing research in how to protect software by partitioning critical sections using reconfigurable hardware. This approach is similar to a traditional coprocessor approach to scheduling opcodes for execution on specialized hardware as opposed to running on the native processor. However, the partitioned program model enables the programmer the ability to split portions of an application to reconfigurable hardware at compile time. The fundamental underlying hypothesis is that synthesizing portions of programs onto hardware can mitigate potential software vulnerabilities. Further, this approach provides an avenue for randomization or diversity for software layout and circuit variation.

Probing the Limits of Virtualized Software Protection

Virtualization is becoming a prominent field of research not only in distributed systems, but also in software protection and obfuscation. Software virtualization has given rise to advanced techniques that may provide intellectual property protection and anti-cloning resilience. We present results of an empirical study that answers whether integrity of execution can be preserved for process-level virtualization protection schemes in the face of adversarial analysis. Our particular approach considers exploits that target the virtual execution environment itself and how it interacts with the underlying host operating system and hardware. We give initial results that indicate such protection mechanisms may be vulnerable at the level where the virtualized code interacts with the underlying operating system. The resolution of whether such attacks can undermine security will help create better detection and analysis methods for malware that also employ software virtualization. Our findings help frame research for additional mitigation techniques using hardware-based integration or hybrid virtualization techniques that can better defend legitimate uses of virtualized software protection.

A Systems Approach to Cyber Assurance Education

The demand for cybersecurity professions faces continual shortages. Real-world cyber threats continue to drive this demand as we face a daily barrage of attacks on our critical infrastructure, national, and private industry assets. To meet this demand, many cybersecurity and information assurance educational programs have emerged. These programs range from specialized tracks within traditional academic programs to specialized degree titles developed solely for the purpose of producing cyber capable graduates. In this paper we document curriculum development that focuses on a systems level approach to cyber assurance education. This program incorporates both hardware and software aspects to ensure cyber security graduates are produced that can address adversaries that target complete system implementations.