Understanding Database Reconstruction Attacks on Public Data

In 2020 the U.S. Census Bureau will conduct the Constitutionally mandated decennial Census of Population and Housing. Because a census involves collecting large amounts of private data under the promise of confidentiality, traditionally statistics are published only at high levels of aggregation. Published statistical tables are vulnerable to DRAs (database reconstruction attacks), in which the underlying microdata is recovered merely by finding a set of microdata that is consistent with the published statistical tabulations. A DRA can be performed by using the tables to create a set of mathematical constraints and then solving the resulting set of simultaneous equations. This article shows how such an attack can be addressed by adding noise to the published tabulations, so that the reconstruction no longer results in the original data

Providing cryptographic security and evidentiary chain-of-custody with the advanced forensic format, library, and tools

This paper presents improvements in the Advanced Forensics Format Library version 3 that provide for digital signatures and other cryptographic protections for digital evidence, allowing an investigator to establish a reliable chain-of-custody for electronic evidence from the crime scene to the court room. No other system for handling and storing electronic evidence currently provides such capabilities. This paper discusses implementation details, user level commands, and the AFFLIB programmer's API.Approved for public release; distribution is unlimited

Operations with Degraded Security

Modern systems aren't designed to support some ongoing operations after their security is compromised. Using the ResiliNets model, the authors discuss five strategies for operating in a degraded security environment

Carving contiguous and fragmented files with fast object validation

http://dx.doi.org/10.1016/j.dlin.2007.06.017"File carving" reconstructs files based on their content, rather than using metadata that points to the content. Carving is widely used for forensics and data recovery, but no file carvers can automatically reassemble fragmented files. We survey files from more than 300 hard drives acquired on the secondary market and show that the ability to reassemble fragmented files is an important requirement for forensic work. Next we analyze the file carving problem, arguing that rapid, accurate carving is best performed by a multi-tier decision problem that seeks to quickly validate or discard candidate byte strings -- "object" -- from the media to be carved. Validators for the JPEG, Microsoft OLE (MSOLE) and ZIP file formats are discussed. Finally, we show how high speed validators can be used to reassemble fragmented files

Digital Forensics Overview

Digital Evaluation and Exploitation (DEEP): Research in "trusted" systems and exploitation

IRBs and Security Research: Myths, Facts and Mission Creep

Having decided to focus attention on the “weak link” of human fallibility, a growing number of security researchers are discovering the US Government’s regulations that govern human subject research. This paper discusses those regulations, their application to research on security and usability, and presents strategies for negotiating the Institutional Review Board (IRB) approval process. It argues that a strict interpretation of regulations has the potential to stymie security research

Detecting threatening insiders with lightweight media forensics

This research uses machine learning and outlier analysis to detect potentially hostile insiders through the automated analysis of stored data on cell phones, laptops, and desktop computers belonging to members of an organization. Whereas other systems look for specific signatures associated with hostile insider activity, our system is based on the creation of a “storage profile” for each user and then an automated analysis of all the storage profiles in the organization, with the purpose of finding storage outliers. Our hypothesis is that malicious insiders will have specific data and concentrations of data that differ from their colleagues and coworkers. By exploiting these differences, we can identify potentially hostile insiders. Our system is based on a combination of existing open source computer forensic tools and datamining algorithms. We modify these tools to perform a “lightweight” analysis based on statistical sampling over time. In this, our approach is both efficient and privacy sensitive. As a result, we can detect not just individuals that differ from their co-workers, but also insiders that differ from their historic norms. Accordingly, we should be able to detect insiders that have been “turned” by events or outside organizations. We should also be able to detect insider accounts that have been taken over by outsiders. Our project, now in its first year, is a three-year project funded by the Department of Homeland Security, Science and Technology Directorate, Cyber Security Division. In this paper we describe the underlying approach and demonstrate how the storage profile is created and collected using specially modified open source tools. We also present the results of running these tools on a 500GB corpus of simulated insider threat data created by the Naval Postgraduate School in 2008 under grant from the National Science Foundation

4D STEM: high efficiency phase contrast imaging using a fast pixelated detector

Phase contrast imaging is widely used for imaging beam sensitive and weak phase objects in electron microscopy. In this work we demonstrate the achievement of high efficient phase contrast imaging in STEM using the pnCCD, a fast direct electron pixelated detector, which records the diffraction patterns at every probe position with a speed of 1000 to 4000 frames per second, forming a 4D STEM dataset simultaneously with the incoherent Z-contrast imaging. Ptychographic phase reconstruction has been applied and the obtained complex transmission function reveals the phase of the specimen. The results using GaN and Ti, Nd- doped BiFeO3 show that this imaging mode is especially powerful for imaging light elements in the presence of much heavier elements

An Effective Membrane Model of the Immunological Synapse

The immunological synapse is a patterned collection of different types of receptors and ligands that forms in the intercellular junction between T Cells and antigen presenting cells (APCs) during recognition. The synapse is implicated in information transfer between cells, and is characterized by different spatial patterns of receptors at different stages in the life cycle of T cells. We obtain a minimalist model that captures this experimentally observed phenomenology. A functional RG analysis provides further insights.Comment: 6 pages, 3 figures, submitted for publicatio

Rupture of multiple parallel molecular bonds under dynamic loading

Biological adhesion often involves several pairs of specific receptor-ligand molecules. Using rate equations, we study theoretically the rupture of such multiple parallel bonds under dynamic loading assisted by thermal activation. For a simple generic type of cooperativity, both the rupture time and force exhibit several different scaling regimes. The dependence of the rupture force on the number of bonds is predicted to be either linear, like a square root or logarithmic.Comment: 8 pages, 2 figure