Case Studies

Chair: Randy Smith

08:30-09:00: A security researcher, a safety engineer, and a regulator walk into a bar: Lessons learned from 9 months of institutional anthropology at the FDA  SLIDES
Dr. Eugene Vasserman, Kansas State University
Medical cyber-physical systems (mCPS) occupy a fairly unique sub-area of CPS -- the number and diversity of stakeholders and technologies is truly massive. All stakeholders have an interest in improving the security of mCPS, so why has there has been little progress in the area? My recent experience at the FDA sheds some light on this mystery. In this talk, targeted at researchers and practitioners alike, I discuss the diversity of stakeholders and the effect on progress in the field, the lack of trained personnel and the reasons behind it, as well as one of the most fundamental problems -- the ineffectiveness of inter-stakeholder communication. I touch on the particular hardware and software engineering challenges of mCPS, where devices range from those which must run for a decade on a tiny non-replaceable battery, to mains-powered workstations and even mini-clusters. Finally, I talk about the difficulty of moving academic research into practice (and the reasons behind this phenomenon), and also cover some myths about FDA's regulation of medical devices, especially security and software updates.

 
09:00-09:30: Semi-supervised Classification for Dynamic Android Malware Detection
Li Chen, Intel Labs
A growing number of threats to Android phones creates challenges for malware detection. Manually labeling the samples into benign or different malicious families requires tremendous human efforts, while it is comparably easy and cheap to obtain a large amount of unlabeled APKs from various sources. Moreover, the fast-paced evolution of Android malware continuously generates derivative malware families. These families often contain new signatures, which can escape detection when using static analysis. These practical challenges can also cause traditional supervised machine learning algorithms to degrade in performance. In our case study, we propose a framework that uses model-based semi-supervised (MBSS) classification scheme on the dynamic Android API call logs. The semi-supervised approach efficiently uses the labeled and unlabeled APKs to estimate a finite mixture model of Gaussian distributions via conditional expectation-maximization and efficiently detects malwares during out-of-sample testing. We compare MBSS with the popular malware detection classifiers such as support vector machine (SVM), $k$-nearest neighbor (kNN) and linear discriminant analysis (LDA). Under the ideal classification setting, MBSS has competitive performance with 98% accuracy and very low false positive rate for in-sample classification. For out-of-sample testing, the out-of-sample test data exhibit similar behavior of retrieving phone information and sending to the network, compared with in-sample training set. When this similarity is strong, MBSS and SVM with linear kernel maintain 90% detection rate while kNN and LDA suffer great performance degradation. When this similarity is slightly weaker, all classifiers degrade in performance, but MBSS still performs significantly better than other classifiers.

09:30-10:00: Impact of the Physical Web and BLE Beacons   SLIDES
Dr. Debasis Bhattacharya, University of Hawaii Maui College
The Physical Web is a project announced by Google’s Chrome team that essentially provides a framework to discover “smart” physical objects (e.g. vending machines, classroom, conference room, cafeteria, bus stop etc.) and interact with specific, contextual content without having to resort to downloading a specific app. A common app such as the open source and freely available Physical Web app on the Google Play Store or the BKON Browser on the Apple App Store, can access nearby beacons.  A current work-in-progress at the University of Maui College is developing a campus-wide prototype of beacon technology using the Eddystone-URL protocol and beacons from various beacon vendors. The project is also incorporating security issues using the new and emerging Eddystone Ephemeral-ID (EID) protocol from Google.