Constraining Attacker Capabilities Through Actuator Saturation

For LTI control systems, we provide mathematical tools - in terms of Linear Matrix Inequalities - for computing outer ellipsoidal bounds on the reachable sets that attacks can induce in the system when they are subject to the physical limits of the actuators. Next, for a given set of dangerous states, states that (if reached) compromise the integrity or safe operation of the system, we provide tools for designing new artificial limits on the actuators (smaller than their physical bounds) such that the new ellipsoidal bounds (and thus the new reachable sets) are as large as possible (in terms of volume) while guaranteeing that the dangerous states are not reachable. This guarantees that the new bounds cut as little as possible from the original reachable set to minimize the loss of system performance. Computer simulations using a platoon of vehicles are presented to illustrate the performance of our tools

Research as community-building: Perspectives on the scholarship of engagement

If research were a form of community-building, what would it be? This article addresses this question, as well as some of the personal, professional and institutional issues that it raises for me, as a community worker and university professor. It draws upon a program in a metropolitan area that is simultaneously segregated and diverse, and examines ways of defining the problem, gathering the information and using the results – all the while working with community partners, without whom the work would not be.Keywords: Research, community-building, university-community collaboratio

A Real-Time Remote IDS Testbed for Connected Vehicles

Connected vehicles are becoming commonplace. A constant connection between vehicles and a central server enables new features and services. This added connectivity raises the likelihood of exposure to attackers and risks unauthorized access. A possible countermeasure to this issue are intrusion detection systems (IDS), which aim at detecting these intrusions during or after their occurrence. The problem with IDS is the large variety of possible approaches with no sensible option for comparing them. Our contribution to this problem comprises the conceptualization and implementation of a testbed for an automotive real-world scenario. That amounts to a server-side IDS detecting intrusions into vehicles remotely. To verify the validity of our approach, we evaluate the testbed from multiple perspectives, including its fitness for purpose and the quality of the data it generates. Our evaluation shows that the testbed makes the effective assessment of various IDS possible. It solves multiple problems of existing approaches, including class imbalance. Additionally, it enables reproducibility and generating data of varying detection difficulties. This allows for comprehensive evaluation of real-time, remote IDS.Comment: Peer-reviewed version accepted for publication in the proceedings of the 34th ACM/SIGAPP Symposium On Applied Computing (SAC'19

Estimating Counterfactual Risk Under Hypothetical Interventions in the Presence of Competing Events: Crystalline Silica Exposure and Mortality From 2 Causes of Death.

Exposure to silica has been linked to excess risk of lung cancer and nonmalignant respiratory disease mortality. In this study we estimated risk for both these outcomes in relation to occupational silica exposure as well as the reduction in risk that would result from hypothetical interventions on exposure in a cohort of exposed workers. Analyses were carried out using data from an all-male study population consisting of 2,342 California diatomaceous earth workers regularly exposed to crystalline silica and followed between 1942 and 2011. We estimated subdistribution risk for each event under the natural course and interventions of interest using the parametric g-formula to adjust for healthy-worker survivor bias. The risk ratio for lung cancer mortality, comparing an intervention in which a theoretical maximum exposure limit was set at 0.05 mg/m3 (the current US regulatory limit) with the observed exposure concentrations, was 0.86 (95% confidence interval: 0.63, 1.22). The corresponding risk ratio for nonmalignant respiratory disease mortality was 0.69 (95% confidence interval: 0.52, 0.93). Our findings suggest that risks from both outcomes would have been considerably lower if historical silica exposures in this cohort had not exceeded current regulatory limits

Exposure-Lag-Response in Longitudinal Studies: Application of Distributed-Lag Nonlinear Models in an Occupational Cohort.

Prolonged exposures can have complex relationships with health outcomes, as timing, duration, and intensity of exposure are all potentially relevant. Summary measures such as cumulative exposure or average intensity of exposure may not fully capture these relationships. We applied penalized and unpenalized distributed-lag nonlinear models (DLNMs) with flexible exposure-response and lag-response functions in order to examine the association between crystalline silica exposure and mortality from lung cancer and nonmalignant respiratory disease in a cohort study of 2,342 California diatomaceous earth workers followed during 1942-2011. We also assessed associations using simple measures of cumulative exposure assuming linear exposure-response and constant lag-response. Measures of association from DLNMs were generally higher than those from simpler models. Rate ratios from penalized DLNMs corresponding to average daily exposures of 0.4 mg/m3 during lag years 31-50 prior to the age of observed cases were 1.47 (95% confidence interval (CI): 0.92, 2.35) for lung cancer mortality and 1.80 (95% CI: 1.14, 2.85) for nonmalignant respiratory disease mortality. Rate ratios from the simpler models for the same exposure scenario were 1.15 (95% CI: 0.89, 1.48) and 1.23 (95% CI: 1.03, 1.46), respectively. Longitudinal cohort studies of prolonged exposures and chronic health outcomes should explore methods allowing for flexibility and nonlinearities in the exposure-lag-response

Verified Correctness and Security of mbedTLS HMAC-DRBG

We have formalized the functional specification of HMAC-DRBG (NIST 800-90A), and we have proved its cryptographic security--that its output is pseudorandom--using a hybrid game-based proof. We have also proved that the mbedTLS implementation (C program) correctly implements this functional specification. That proof composes with an existing C compiler correctness proof to guarantee, end-to-end, that the machine language program gives strong pseudorandomness. All proofs (hybrid games, C program verification, compiler, and their composition) are machine-checked in the Coq proof assistant. Our proofs are modular: the hybrid game proof holds on any implementation of HMAC-DRBG that satisfies our functional specification. Therefore, our functional specification can serve as a high-assurance reference.Comment: Appearing in CCS '1

New Perspectives on Planning Practice: An Introduction

Peer Reviewedhttp://deepblue.lib.umich.edu/bitstream/2027.42/68495/2/10.1177_0739456X8300300101.pd

Combining Service and Learning On Campus and in the Community

Student workshops are valuable resources for combining service and learning. The challenge, Mr. Checkoway points out, is to recognize their limitations, integrate them with other courses in the curriculum, and find ways to improve their quality

Adults as Allies

Young people are creating community change! They are tutoring in the schools, working in health clinics, and serving meals in soup kitchens. They are cleaning up the environment, rehabilitating houses for the homeless, and formulating strategies for neighborhood revitalization. They are solving problems, planning programs, and involving people in decisions at the community level