CyberByte - Fall 2024

Page 1


It’s Fall 2024 at the NYU Center for Cybersecurity, and with the launch of a new semester comes a new crop of students and a change in the Center’s leadership structure. It’s time to wish continued success to the 2023-2024 Ph.D. graduates who have moved out into the world, while acknowledging the new partnerships and opportunities awaiting CCS researchers in the year ahead, and to mark the appointment of a new co-director. As the leaves fall and the planet spins us into cooler days, CCS stands ready to turn the page for the next evolution of secure practices and products.

CENTER FOR CYBERSECURITY

Photos from top left to right: NYU NanoFab Lab, 2024 Ph.D. graduate Marina Moore with her advisor Dr. Justin Cappos, IIT Kanpur/NYU agreement

A NOTE FROM THE EDITOR-IN-CHIEF

Over the past few issues of CyberByte, we have highlighted the diverse number of research topics currently under investigation by the faculty and students of the Center for Cybersecurity. To date, we have spotlighted research initiatives to protect sensitive data, supply chains, critical infrastructure, the Internet of Things, and, most recently—in a look at deepfakes and disinformation—truth itself.

The problem in compiling stories for these topical sections is that the lines distinguishing areas of inquiry are often not very clear. Indeed, as the field of cybersecurity evolves, it increasingly involves deploying multidisciplinary strategies that criss-cross established lines of research. Thus, when we label our research focus for these issues, the stories we run may seem to seriously stretch the traditional definition of that topic.

This issue’s featured Research Topic is “Hardware Security,” but, as you will see, the work reported here reaches beyond designing more efficient computer chips, or more sophisticated system architectures. For instance, Ph.D. student Jianqiao “Cambridge” Mo is enhancing privacy-preserving computation work using a hardware-software co-design accelerator. Developed in the Brooklyn Application, Architecture, and Hardware Lab (BAAHL), under the direction of CCS faculty member Dr. Brandon Reagen, the accelerator known as HAAC maximizes performance while maintaining programmability.

Another example featured here comes through CCS’ long-running interdisciplinary initiative with the Mechanical and Aerospace Engineering Department at Tandon. Professor Nikhil Gupta, working with Priyanka Nama, a visiting scholar from the Department of Education, Government of Rajasthan in India, introduces a new initiative that boosts security in smart homes by precisely targeting potential physical defects and vulnerabilities. As Gupta and Nama described in a recent issue of IEEE Transmitter, these enhanced systems monitor factors that can predict cracks, foundation settling or shrinkage, water damage, and other issues that can threaten the structural integrity of smart buildings.

There’s a lot more to discover in this issue of CyberByte. We chat with Ph.D. student Caleb Beckwith, who just received a grant from the American Society for Nondestructive Testing (see Ph.D. Profile), and say farewell to our 2024 CCSaffiliated Ph.D. graduates. We also highlight CCS participation in two significant government-funded projects, one in infrastructure protection and the other in chip security, and learn about the first research collaborations to be undertaken under a newly signed agreement between NYU and the Indian Institute of TechnologyKanpur. Lastly, we congratulate CCS research faculty member Dr. Damon McCoy, who has taken the reins as our new Center Co-Director (See Hello/Goodbye article, starting on pg. 4). Enjoy!

HELLO, GOODBYE – CHARTING CHANGES IN CCS FOR 2024-2025

HELLO: CCS WELCOMES A NEW CO-DIRECTOR

On July 9, NYU officially named Dr. Damon McCoy, Professor of Computer Science and Engineering and a researcher with the Center for Cybersecurity (photo left) as the new CCS co-director. McCoy takes over the reins from Dr. Ramesh Karri, who is stepping down in order to assume the chairmanship of the Tandon Electrical and Computer Engineering Department. Karri, a co-founder of the Center who has served as co-director since 2009, will remain part of the CCS faculty.

According to an announcement released by NYU on July 9, 2024, McCoy, along with Randal Milch, Professor of Practice at NYU Law, will co-direct the center’s curriculum and research, while also “pursuing industry partnerships that add to the existing relationships CCS has developed in the past few years.” Those partnerships include affiliations with American International Group, Inc. (AIG), a leading global insurance organization; DTCC, the premier post-trade market infrastructure for the global financial services industry; and Google.

McCoy has been affiliated with CCS since his arrival at Tandon in 2015, and he has led a number of significant research initiatives on the economics of cybercrime, privacy-enhancing technologies, and censorship resistance. Among his major contributions to the Center is co-founding Cybersecurity for Democracy (C4D) (https:// cybersecurityfordemocracy.org/), a “multi-university nonpartisan research project dedicated to exposing disinformation and other online threats.” Most recently, C4D released a study that looked at harassment of election officials on Twitter, while previous studies have investigated political ad-spending, and the influence of social media platforms on teens.

In announcing the appointment, Linda Boyle, NYU Tandon Vice Dean for Research, observed that “cybersecurity is a cornerstone of NYU Tandon’s academic priorities, and CCS plays a vital role in advancing both critical research and professional development in this field. Damon’s remarkable work with CCS and C4D has expanded the frontiers of cybersecurity, safeguarding not just individuals and organizations, but also the integrity of democratic

https://www.csaw.io/ for the latest updates.

institutions and processes that are essential to civic life. His commitment to research with enormous social impact makes him a stellar choice to head CCS.”

“Damon is, and will continue to be, a champion of this NYU collaboration that includes Tandon and the Law School,” said Milch. “I’m thrilled to work with him in guiding the Center to continued success.”

In other CCS personnel news, Dr. Brendan Dolan-Gavitt, associate professor of computer science and engineering at Tandon, will be taking a leave of absence from the university through August 15, 2025. He will be working on the AI team at XBOW which, as he explained, will involve “building an AI-based system for automating offensive security tasks, such as finding and exploiting vulnerabilities in web applications so that they can be fixed before the software is released.” In a recent note to CyberByte, he cited some highlights of his work at XBOW to date:

• We showed that we could solve around 75% of web security challenges from sources like PentesterLab, PortSwigger, and our own custom benchmark suite: https://xbow.com/blog/introducing-xbow/.

• We held a “Man vs Machine” competition, where we asked five professional pentesters (one with 20 years of experience) to solve the challenges in our benchmark, and compared their performance to XBOW’s AI system. XBOW managed to beat four of the humans and tied with the fifth (both solved 88/104 challenges, or 85%), and it did so much faster, taking just 28 minutes, compared to 40 hours for the humans: https://xbow. com/blog/xbow-vs-humans/

CCS wishes Dolan-Gavitt much success in this new endeavor.

The 21st edition of CSAW is coming to Brooklyn and four other global sites from November 6 to 9. Go to

GOODBYE:

SAYING A FOND FAREWELL TO OUR MOST RECENT PH.D. GRADS

The NYU Center for Cybersecurity is proud to recognize its latest crop of Ph.D. graduates. In addition to those who completed their journey in the spring of 2024, the list below also incorporates those who graduated at the end of 2023 or who completed their work over the summer of 2024. Congratulations to the Center’s newest doctors.

YUNFEI GE

(ADVISOR: DR. QUANYAN ZHU)

PH.D. ELECTRICAL ENGINEERING

During Yunfei’s time at NYU Tandon, she conducted research in game theory and multi-agent decision-making, and authored or co-authored a total of 10 academic papers and book chapters that have enhanced the field of strategic cybersecurity. Her honors include the David C. and Cecilia M. Chang Education Award in 2021 for graduate teaching excellence in Electrical and Computer Engineering, and a Li Publication Award in 2024 for a paper that appeared in the top publication venue IEEE Transactions on Information Forensics and Security. Her dissertation explores “The Symbiosis of Trust and AI: Scientific Foundations for Strategic Network Security, Autonomous Resilience, and Prescriptive Governance.” Upon graduation, Yunfei began work as a software engineer for platform architecture at Ridge Security Technology in Milpitas, CA.

TAO LI

(ADVISOR: DR. QUANYAN ZHU)

PH.D. ELECTRICAL ENGINEERING

Tao’s research aims to discover a gametheoretic resilient learning and control paradigm for next-generation cyber-physical systems (CPS) —such as multi-domain networks, intelligent transportation, and distributed AI systems. The paradigm would utilize decentralized proactive intelligence to provide adaptive resilience to dynamic

and possibly adversarial environments. His dissertation advances novel methodologies and frameworks in predictive learning, non-equilibrium analysis, and meta-learning control for resilient CPS design, defense, and management. During his tenure at NYU, Tao published more than 15 papers that strongly advocated for game-theoretic resilient learning. In 2024, Tao also initiated an IEEE student task force under the Security and Privacy Technical Committee to create more student activities, as well as opportunities for students and early career researchers to promote their work and build connections at the organization’s flagship conferences. His continued enthusiasm and efforts won him a 2024 NYU Dante Youla Award for Research Excellence, and several travel awards from professional organizations, such as SIAM and IEEE.

SHUTIAN LIU

(ADVISOR: DR. QUANYAN ZHU)

PH.D. ELECTRICAL ENGINEERING

Shutian, who came to NYU after completing a master’s degree at Columbia University in New York City, and a bachelor’s degree at Tsinghua University in Beijing, China, has co-authored works that have appeared in top-tier mathematical optimization and dynamic game journals. He has also given presentations at the American Control

Conference, the IEEE Conference on Communications and Network Security, the Society for Industrial and Applied Mathematics, and other venues. Shutian’s dissertation focuses on the theoretical underpinnings of holonic risks in socio-cyber-physical systems. Pointing out the multidisciplinary nature of the field, his research bridges decision theory with network science, operations research, behavioral economics, mathematical finance, and epidemiology. The result are three classes of methods that leverage human cognitive vulnerabilities to approach holonic risk design, including individual incentive design, crowd preference maneuvering, and informational cognitive herding.

MARINA MOORE

(ADVISOR: DR. JUSTIN CAPPOS)

PH.D. COMPUTER SCIENCE

Marina Moore’s work as a Ph.D. candidate at NYU was focused on supply chain security, and strategies for the provision of secure software updates. Working with her advisor, Dr. Justin Cappos, she made important contributions to two NYU Secure

DEEPRAJ SONI

(ADVISORS: DR. RAMESH KARRI AND DR. MICHAIL MANIATAKOS)

PH.D. ELECTRICAL ENGINEERING

Deepraj came to the Ph.D. program at Tandon after completing his M.Tech in Electrical Engineering at the Indian Institute of Technology in Bombay (IIT-B), and working as a design engineer in the semiconductor division of Samsung and SanDisk. His Ph.D. research initiatives focused on hardware

implementation, and evaluation and security of post-quantum cryptographic algorithms. A particular milestone was being part of an NYU team that fabricated the first fully homomorphic encryption acceleration chip, which can serve as a co-processor for fully homomorphic encryption execution (CoFHEE).

The author of nine papers presented in peer-reviewed conferences, and co-author of one journal paper, Deepraj served as first author on a book, Hardware Architectures for PostQuantum Digital Signature Schemes, which was published by Springer in 2021. He recently accepted a job as a Hardware Engineer at Apple.

KEJSI TAKE

(ADVISOR: DR. RACHEL GREENSTADT)

PH.D. COMPUTER SCIENCE

A native of Tirana, Albania, Kejsi came to Tandon after completing her undergraduate work at the American University of Bulgaria. Her research efforts have focused on understanding the affordances of online harassment, or the elements that make it possible for these actions to occur. More precisely, her dissertation pursued two

main lines of inquiry: an analysis of an online hate forum to understand how networked harassment campaigns are coordinated, and a study of the People Search Websites that provide easier access to personal identifiable information. As she observed, “Both these areas of study can improve security and privacy advice for targets of online harassment, as well as outline recommendations for legislators and online platforms.” Kejsi has served internships with Microsoft and X (formerly Twitter) and published papers at the ACM Conference on Computer-Supported Cooperative Work and Social Computing, the Privacy Enhancing Technologies Symposium,the ACM Web Conference, and the ACM Internet Measurement Conference (IMC). Upon graduation, Kejsi will start work as a security engineer at Meta.

Systems Laboratory projects, The Update Framework (TUF) and Uptane. Her research accomplishments include the publication of three papers at Escar 2020, ACSAC 2023, and VehicleSec 2024. The ACSAC paper was honored with a Best Paper with Artifacts Award. Marina’s design work has been standardized in TUF and Uptane, as well as adopted by companies and open source projects of

Toradex, Sigstore, and Python. A B.S. graduate from California Polytechnic State University-San Luis Obispo, Marina held internships with Apple, GoDaddy, and Chainguard. Her dissertation looked at “Extending the Scalability, Flexibility, and Responsiveness of Secure Software Update Systems.” Marina currently serves as a cochair of the Cloud Native Security Technical Advisory Group (TAG).

YUHAN ZHAO

(ADVISOR: DR. QUANYAN ZHU)

PH.D. ELECTRICAL ENGINEERING

Yuhan—who came to Tandon after completing his undergraduate work at the Beijing Institute of Technology, and his Master’s degree at the University of Pennsylvania—has authored or coauthored 16 academic papers in the field of game theory and robotics. These papers have been published at distinguished conferences in the field, including the International Conference on Robotics and Automation (ICRA) and the International Conference on Intelligent Robots and Systems (IROS). In his own words, his research efforts have focused on resolving ”two key problems: how to organize multiple robots to collaboratively achieve various multirobot tasks, and how to understand the role of game theory in facilitating multirobot coordination.” His dissertation on “Learning and Game-Theoretic Paradigms for Strategic Coordination of Multi-Agent Autonomous Systems,” makes a number of contributions to the field, including the development of learning-based methods to tackle hierarchical coordination when model-based approaches are not feasible.

Also graduating in this time frame:

ANIMESH BASAK CHOWDHURY

(ADVISORS: DR. SIDDHARTH GARG AND DR. RAMESH KARRI)

PH.D. ELECTRICAL ENGINEERING

BRIAN TIMMERMAN

(ADVISOR: DR. RACHEL GREENSTADT) PH.D. COMPUTER SCIENCE

CHAU TRAN

(ADVISOR: DR. RACHEL GREENSTADT)

PH.D. COMPUTER SCIENCE

RESEARCH FOCUS:

CREATING, BUILDING, AND PROTECTING STRONGER AND SMARTER HARDWARE

Though previous issues have explored contributions of CCS faculty and students to strengthening the security of hardware, we are circling back to this topic to examine it from a broader perspective. Both in the summaries below, and in work highlighted later in these pages, this issue looks at changing approaches to hardware security, including new methods that blend traditional security strategies with new methods borrowed from other disciplines. Here are brief summaries of a few such projects in development in CCS labs.

MAKING SMART HOMES “SMARTER”

Research summary submitted by Dr. Nikhil Gupta, Professor of Mechanical and Aerospace Engineering, NYU Tandon

Smart homes incorporate a variety of sensors and devices that enable automatic functioning for comfort and convenience. However, they often lack the necessary technology to monitor the health of a building’s critical systems, such as electrical, plumbing, and heating and ventilation. A potential solution could lie in the Structural Health Monitoring (SHM) systems already used to monitor infrastructure—such as bridges, dams and pipelines. In an article published on May 9 in IEEE Transmitter, Priyanka Nama, a visiting scholar from the Department of Education, Government of Rajasthan in India, and myself suggest such systems could be used to assess the health of critical systems in homes in real-time. SHM systems can monitor load, vibrations, displacement, strain, moisture and other factors using piezoelectric materials, accelerometers, ultrasound, strain gauges and fiber optics. In doing so, sensors can identify and address structural integrity issues in smart homes—including cracks in foundations, walls and ceilings, and roofs, and hidden leaks leading to water damage and potential mold growth—before they escalate. Furthermore, SHM systems can be adapted to consider their integration with smart home networks, wireless connectivity, simplified installation, user-friendly interfaces, customizable monitoring parameters, costeffectiveness and scalability

By aggregating data from several houses in a neighborhood, SHM sensors can provide crucial information about a broader range of issues, such as soil quality change over time. Future work in adapting SHM systems should explore the best methods for sharing the data for beneficial use, and protecting it from malicious use.

You can read more about the project at https://transmitter.ieee.org/smart-homes-are-getting-smarter/

Illustration of Jianqiao’s efforts to apply privacy-preserving computation on private inference. Used courtesy of his website at https://jqmo.top/

OVERCOMING PERFORMANCE LIMITATIONS IN PRIVACY-PRESERVING HARDWARE

Research summary submitted by Jianqiao

According to Wikipedia, a garbled circuit (GC) is “a cryptographic protocol that enables two mistrusting parties to jointly evaluate a function over their private inputs without the presence of a trusted third party.” Use of these privacy preserving circuits can offer both confidential computing and control over data usage. However, GCs typically suffer from substantial performance overheads.

To resolve this issue, the Brooklyn Application, Architecture, and Hardware Lab at NYU, led by CCS-affiliated assistant professor Dr. Brandon Reagen, introduced HAAC, a new hardware-software codesign accelerator for GCs. HAAC integrates a custom compiler with a streamlined hardware architecture and a novel data management scheme. Since GCs are data-oblivious, the compiler can have a deep understanding of program structure, which allows it to optimize instruction scheduling, data layout, and off-chip events. These optimizations can, in turn, lead to significant speedups and efficiency gains.

As described in a paper I co-authored with Dr. Reagen and Jayanth Gopinath, a master’s student in our lab, a key innovation in HAAC is its efficient memory management strategy. In GCs, memory access pattern and program execution are independent of input

data, a characteristic known as data-oblivious. Thus, we designed a specialized Slide-Wire-Window (SWW) scratchpad memory that effectively manages memory without the need for costly caches. In addition, the compiler can help push data from off-chip memory in advance to the Out-of-Range Queue (OoRQ). This collaboration effectively separates data movement from execution.

The architecture leverages the data-oblivious state to streamline data access and eliminate unnecessary off-chip communication. Evaluations using the VIP-Bench benchmark suite show that HAAC achieves an average speed up to 589× DDR4, and 2,627× HBM2, all within a compact 4.3mm² area. This co-design approach not only advances GCs, but also holds potential for other data-oblivious workloads, which could broaden HAAC’s impact in the realm of secure and efficient computing.

You can read more about this research in the paper “HAAC: A Hardware-Software Co-Design to Accelerate Garbled Circuits” (see https://doi.org/10.1145/3579371.3589045), which was presented at the International Symposium on Computer Architecture in June of 2023.

“Cambridge” Mo, Ph.D. Student

IMPROVING SECURITY OF 3D-PRINTED PARTS THROUGH ENHANCED COMMUNICATION

Tandon research initiatives in hardware security have also benefited over the years from strategic partnerships with industry, government agencies, and other academic institutions. Recently, a government-funded initiative to better protect 3-D printed parts was launched, and two CCS-affiliated Professors, Nikhil Gupta and Ramesh Karri, plus Dr. Nektarios Tsoutsos, a Tandon Ph.D. graduate who is now an Assistant Professor at the University of Delaware, are part of the team.

The team will be tackling a significant hardware security challenge. As demand for computer-designed 3D-printed parts in industries like aerospace and automobiles has grown, so has the likelihood of attackers introducing malicious instructions into the process. Even unintended human error can expose security-critical operations, and induce dire consequences.

Under a three-year grant from the National Science Foundation, the team will be led by Dr. Narasimha Reddy, a professor in the Department of Electrical and Computer Engineering at Texas A&M University. According to Dr. Reddy, the goal of this project is to “get the people from the cybersecurity side and people from the

Illustration of how defects can be detected in 3D printed products. From “In-situ monitoring of sub-surface and internal defects in additive manufacturing: A review” https://doi.org/10.1016/j.matdes.2022.111063

manufacturing side to talk to each other to create a community that’s going to be interested in solving the problems.” The community he envisions building will try to “bring people of similar interests together through workshops, conferences and student design competitions. The intent is to create several activities that spark interest in this space.” The project will also create a website to “open the lines of communication between manufacturers and researchers.”

In addition to the individuals mentioned above, team participants will include Dr. Satish Bukkapatnam, co-principal investigator and Texas A&M industrial engineering professor, Dr. Sidi Berri from The City University of New York, and Dr. Annamalai Annamalai from Prairie View A&M.

PH.D. PROFILE

CALEB BECKWITH

DETECTING MATERIAL WEAKNESSES VIA STRONGER INTERDISCIPLINARY APPROACHES

Caleb Beckwith joined the Ph.D. program in mechanical engineering at Tandon in 2022, following completion of his undergraduate degree at CUNY’s New York City College of Technology. Working under the direction of Professor Nikhil Gupta, he has carried out research initiatives in additive manufacturing and the development of new workflows and countermeasures to mitigate the effects of cyber attacks. Recently, Caleb, who is of Cherokee descent, was one of five recipients of a Fellowship Grant from the American Society for Nondestructive Testing (ASNT). Previous research experience has included work in a NASA and NSF sponsored program where he worked with various additive manufacturing machines, and taught high school students how to use the Autodesk Fusion 360 Computer Aided Design Software.

CyberByte: I’d like to start with your backstory. I understand from the profile NYU published about the ASNT award that you grew up in Columbus, OH, and completed your bachelor’s degree at CUNY CityTech. What brought you to NYC and to CUNY?

Beckwith: My personal history is a bit complicated. I was born in Columbus and lived there for some time before moving to Daytona, Florida, and then to Rock Hill, South Carolina between 2005 and 2014. This was mostly due to poor economic conditions. Rather than being stuck in a single town where the jobs were limited and wages were low, my mother and father took the pragmatic approach of moving us to wherever they could have a better job. This ensured my sisters and I could have the best opportunities for our education. During my last year of high school, my mother and I moved to Brooklyn. She is still here, working as a paralegal. I was accepted into Hofstra University in Hempstead, and attended classes there for four semesters. But, at the time my mother’s health was in steady decline and I was not comfortable commuting from Long Island to take care of her while attending school full-time. So, I transferred to the City University of New York’s New York City College of Technology in Brooklyn. Our situation was a lot better then as I was only 15 minutes away from her. CityTech also afforded me many opportunities I was not able to have at Hofstra, such as leading the school’s mechanical engineering undergraduate research club, as well as tutoring and mentoring other students.

CyberByte: In your work with Dr. Gupta, you are contributing to a rather unique technical discipline that fuses cybersecurity and traditional mechanical engineering principles and practices. What drew you to this type of research? How do you feel it is actually stretching the boundaries that define both mechanical engineering and cybersecurity?

Beckwith: The work I started with Professor Gupta originated with my curiosity at looking deeper into the files employed in manufacturing, such as the STL (object files), and Gcode (toolpath files), used in machining. These files leave malicious attackers a lot of room for manipulation by simply changing a few numbers at the ends of the lines of code. Such manipulation can prove disastrous to the overall quality of a part. The paper we published early on in our work together, “Needle in a Haystack: Detecting Subtle Malicious Edits to Additive Manufacturing G-code Files” (available at https:// arxiv.org/pdf/2111.12746) served to highlight this exact problem. We employed three different machine learning based strategies to a dataset of several hundred files, and no method was able to extract all of the defects introduced into the provided tool paths. This type of work highlights the importance of collaboration between mechanical engineering and computer science, as each discipline on its own is limited in its ability to process and manipulate data. By blending two sets of requirements from each discipline, we were able to construct a robust data set that is useful to both groups.

CyberByte: The American Society for Nondestructive Testing grant carries with it a $20,000 stipend. Under its terms, what are you expected to produce?

Beckwith: For the ASNT grant our expected outcomes are a series of papers that will demonstrate the link between the vibrational and thermal properties in metamaterials and various available nondestructive testing (NDT) techniques. Metamaterials are architected materials with properties not typically found in nature, and are often designed for the purpose of cloaking and shielding against heat, vibrations, electromagnetic waves, and mechanical forces. Nondestructive testing utilizes these forces in order to detect flaws or damage in manufactured parts. In essence, we seek to go deeper into these methods to see how they can be used to gather material properties which we might not be able to ascertain through destructive methods. In particular, we will be observing the relationship between ultrasonic testing and the vibration properties of a material. Ultrasonic testing uses a transducer to send high frequency sound waves into a material and, as these waves are reflected, an image is generated showing where the material might have a flaw. Vibration testing excites the material, and the frequency of the excitation and the motion of the sample tells us the natural frequency and stiffness of the material. Unfortunately, vibration testing fatigues the material and degrades its life span. We believe there is a link between these ultrasonic waves and the vibrations in the material that will enable us to gather the natural frequency and stiffness of the material without subjecting it to the harshness of vibration testing.

CyberByte: The NYU article mentioned your work with metamaterials, which you described a bit above. Can you elaborate a bit more on how these materials work and their primary applications?

Beckwith : Metamaterials exhibit properties not typically found in nature. One of the earliest examples of these materials is the “invisibility cloak” proposed by the Russian mathematician Victor Vesselago, who outlined the feasibility of creating a material with a negative refractive index. Sir John Pendry proposed a design based on Vesselago’s proposal, and in the early 2000s, researchers at Duke University used Pendry’s specifications to fabricate a material around which electromagnetic waves can be bent and then ultimately returned to the original path of propagation. This was the first metamaterial but, since then, four categories of these materials have been developed: mechanical, thermal, electromagnetic, and acoustic.

Each of these metamaterials shows promise for applications in military stealth, robotics manipulators and sensors, biomedical imaging, automotive and aerospace energy absorption, and more. My area of interest aligns with the mechanical metamaterial. Yet, since heat and vibrations are important aspects of material characterization and development, my research into NDT strategies also employ thermal and ultrasonic testing.

CyberByte: I know that you have traveled to the National Institute of Technology in Karnataka, India, for the past two summers as part of the National Science Foundation (NSF) International Research Experience for Students (IRES) program directed by Dr. Gupta. What was that experience like? What was your role in the program? And, what takeaways about India or about the way research is conducted overseas did you receive from the program?

Beckwith: Last year’s IRES program was a fantastic opportunity to live among the people of a remote region of India in the foothills of the Himalayas. Their culture is very different from the US, so I believe all of the students, myself included, gathered a deep appreciation for that way of life. My role was to work with the other undergraduate students to develop their research skills and progress. An important takeaway for me was the difference between my preferred way of conducting research and theirs. Personally, I am a very hands-on person and prefer running simulations and conducting experiments on the materials I develop and comparing them to the theoretical performance. In India, there was a greater focus on developing the theory behind the materials. To this end we were able to discuss the theory and development of experiments useful for the research in a more collaborative sense than the individual approach would permit.

CyberByte: You were actively involved in the Hack3D competition last year. Had you participated in any competitions of this nature in the past? And, can you give me a preview of any changes to this fall’s competition?

Beckwith: I have been an active participant in, and now an organizer of, Hack3D for a few years now. While I was an undergraduate, I participated in one of the summer Hack3D challenges. As I transitioned to the Ph.D. program, I worked with a previous student developing and organizing the competitions, and since he has graduated, I have taken over that role.

As far as a preview into the competition this year, I can say that typically I try to align the qualifier challenge with my own research. For example, if I am doing a large amount of ultrasonic testing, the challenge might utilize an artificial data set gathered from that mode of testing. Last year the challenge was to take manipulated microCT images and reconstruct the original object file from them. For the final challenge, we tend to use something more relatable, such as a household object or a board game. I can’t say anything for certain but, for this year’s qualifier challenge, I would request more computer science and ECE students take a look, as it will be very data focused. I look forward to seeing how they will approach the type of challenge I have in mind.

CCS NEWS

NYU ENGINEERING CELEBRATES ITS CYBERSECURITY PAST AND FUTURE

Throughout 2024, NYU has been celebrating the blended 170 year engineering heritage of both the NYU School of Engineering, and Polytechnic University with which it merged in 2014. When it comes to cybersecurity, that heritage is a rich one indeed, with accomplishments that include the establishment of one of the first-ever master’s degree programs specializing in cybersecurity, and the most comprehensive student-run cyber event now known as CSAW. Thus, it’s not surprising that the field of cybersecurity is one of the areas which the university has chosen to spotlight during this celebration. This summer, NYU released a lengthy news feature highlighting the school’s unique role in advancing this fast-evolving and increasingly critical discipline.

In documenting the school’s track record in this field, the feature points to the leadership role of Dr. Nasir Memon in initiating or guiding many of the programs cited above. Currently Interim Dean of Computer Science, Data Science, and Engineering at NYU Shanghai, Memon is honored in the article as a true “cyber pioneer.” The feature also pays tribute to NYU’s ability to “evolve education faster than threats,” and points to the significant role the school will play moving forward in training the next generation of cyber professionals. In quoting why NYU has excelled in this area, Memon observes, “You need credentials that can be obtained quickly and get you up to speed to become a useful member in the cybersecurity workforce.” NYUs programs produce cyber professionals who not only “understand the basic tools and techniques,” but also “understand the processes and are able to audit and then check for compliance and implement processes,” and “know what’s going on under the hood. That’s what it takes to create tomorrow’s protection mechanisms when technology and the threat landscape change so rapidly.”

To read the full article, go to https://engineering.nyu.edu/170-years-of-engineering/ educating-cybersecurity-professionals-world-needs

TANDON RESEARCHERS

TAKE ACTIVE ROLES IN GOVERNMENT-FUNDED, MULTIPARTNER INITIATIVES IN CRITICAL INFRASTRUCTURE AND CHIP SUPPLY

Over the past year, Tandon faculty have taken major roles in two significant collaborative efforts with U.S. government agencies.

Announced in March, 2024, a grant from the U.S. Department of Energy will fund an initiative to protect critical infrastructure from cyber attacks. And, late last year, the opening of Tandon’s Nanofabrication (NanoFab) Cleanroom, a specialized research environment in which scientists and engineers can fabricate cutting-

edge semiconductor chips, will facilitate the school’s contributions to the Northeast Regional Defense Technology Hub (NORDTech). Representing the collective effort of 56 high-tech companies and educational institutions—and funded by a grant of more than $40 million from the Department of Defense’s Microelectronic Commons Program—NORDTech is one of eight regionally located hubs designed to fulfill the promise of the bipartisan 2022 CHIPS and Science Act. These hubs support research and development and workforce cultivation for chips manufacturing. (Read the full story on page 16)

(see the CHIPS Act fact sheet at https://www.whitehouse.gov/briefing-room/statements-releases/2022/08/09/fact-sheet-chips-and-scienceact-will-lower-costs-create-jobs-strengthen-supply-chains-and-counter-china/).

DISCOVER

According to a news story released by NYU in March 2024, the DOE-funded project known as the Digital Twin for Security and Code Verification, or DISCOVER, is charged with creating “a virtual simulation of real-world operational technology systems used within the energy industry, such as industrial control systems and programmable logic controllers.” Led by Principal Investigator Farshad Khorrami, a professor in NYU Tandon’s Electrical and Computer Engineering (ECE) department, DISCOVER will be an important new tool in defending energy systems.

As Khorrami explains, “Current cyber defenses can’t necessarily catch stealthy malware in critical systems before deployment, potentially leaving a window open for bad actors to access our energy infrastructure. Our digital twin approach aims to shut that window. Because DISCOVER tests code virtually first, we can know about advanced threats, like ransomware, before they do damage.”

Other NYU-affiliated team members on the DISCOVER research team include Dr. Ramesh Karri, Chair of Tandon’s ECE Department and co-founder of the NYU Center for Cybersecurity, and Prashanth Krishnamurthy, an NYU Tandon ECE research scientist. Rounding out the team are Dinghao Wu, Dewey Walker Professor in the College of Information Sciences and Technology at Pennsylvania State University, and Jian Huang, assistant professor

and Y.T. Lo Faculty Fellow in Electrical and Computer Engineering at the University of Illinois, Urbana-Champaign. DISCOVER will also benefit from its industry partners, including a team of researchers from Con Edison led by Chief Information Security Officer Mikhail Falkovich, and from Narf Industries, a self-described, “small group of reverse engineers, vulnerability researchers, tool developers and overall good human beings that specialize in tailored solutions for government and large enterprises.” These companies will also play an integral part by “defining a market transition path” for DISCOVER. Michael Locasto, Narf’s Chief Technology Officer, will focus on refining the DISCOVER technology and “delivering it as part of Narf’s CySER suite of OT Security services, and making it available to a broad set of utilities and asset owners with a wide variety of constraints and use cases.”

The DISCOVER grant, which comes with $4.8 million in total funding—$3.34 million in federal funds, with the rest provided by participating institutions—was one of 16 grants awarded by DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER), in support of President Biden’s Investing in America initiative (see https://www.whitehouse.gov/invest/?utm_ source=invest.gov). You can read more about the DISCOVER program by going to https://engineering.nyu.edu/news/nyu-tandontapped-us-department-energy-fortify-critical-infrastructure

NANOFAB AND NORDTECH

In October, 2023, NYU officially opened its Nanofabrication (NanoFab) Cleanroom. Described in a news story at the time of its opening (see https://engineering.nyu.edu/ news/chips-and-science-act-spurs-nanofab-cleanroom-ribbon-cutting-nyu-tandon-schoolengineering) as “a specialized research environment in which scientists and engineers can fabricate cutting-edge semiconductor chips,” the facility will accelerate advanced research on “quantum science and engineering, precision medicine, neurotechnologies, next-generation communications technology and secure computing.” In addition to its potential as a research facility with broad real-world applications, a larger goal for NanoFab is to “help fulfill the promise of the bipartisan CHIPS and Science Act signed into law by President Biden in 2022.” The lab will facilitate these efforts through its role as a key contributor to the research and development programs of NORDTech.

This grant is one of the first major awards from the CHIPS & Science Act. It establishes the infrastructure of the hub by allowing partners—including NY CREATES, the University at Albany College of Nanotechnology, Science, and Engineering, Cornell University, Rensselaer Polytechnic Institute and IBM—to bolster workforce training programs for the semiconductor industry, and add new state-of-the-art microelectronics equipment.

At NYU Tandon alone, NanoFab will align with existing Centers such as NYU WIRELESS and the Center for Cybersecurity. It will continue to drive university leadership in quantum computing, artificial intelligence, and robotics.

In summarizing the significance of NanoFab, NYU President Linda G. Mills observes, “NYU Tandon’s new NanoFab cleanroom in Brooklyn will be a state-of-the-art laboratory where our world-class scientists, scholars and students—as well as our partners and collaborators from around the city—can harness their ingenuity and innovative prowess to advance scientific discoveries while boosting both New York’s economy and burgeoning tech sector.”

GREENSTADT JOINS CCC BOARD

Rachel Greenstadt, Professor of Computer Science and Engineering and Center for Cybersecurity faculty member at NYU Tandon, is one of six new members joining the Council of the Computing Community Consortium (CCC). The NSF-funded initiative aims to enable, “the pursuit of innovative, high-impact computing research that aligns with pressing national and global challenges.”

Greenstadt began a three-year term on the council on July 1,

TANDON ANNOUNCES FIRST ROUND OF COLLABORATIVE RESEARCH PARTNERSHIPS WITH IIT KANPUR

In September 2023, NYU Tandon signed its second formal partnership with a distinguished engineering institution overseas, the Indian Institute of Technology-Kanpur. This summer, that collaboration took a step forward when the two schools announced the first seven research projects to be conducted under the agreement. Each of these new initiatives will address topics of global concern, including cybersecurity, biotechnology, artificial intelligence, robotics, and wireless communications,

and be jointly led by researchers from both institutions.

Two of the seven shared projects will be co-led by CCS faculty. The first is a study of “Unconventional Physically Unclonable Functions for Micro-fluidics and Supply Chain Fingerprinting Researchers,” to be led by Dr. Ramesh Karri of NYU Tandon and post-doctoral researcher Navajit Singh Baban of NYU Abu Dhabi, along with Dr. Urbi Chatterjee of IIT Kanpur.

The initiative aims to develop physically unclonable functions, or PUFs, capable of authenticating microfluidic biochips and supply chain products. Through robust, machine learning-enhanced PUF designs, the research team aims to improve security and authentication in

medical diagnostics and supply chain management.

The second project, which examines, “Programmable Cryptographic Processing Units to Enable Secure, Private, and Quantum-Proof Computing,” will be co-led by Dr. Brandon Reagen of NYU Tandon, and Angshuman Karmakar of IIT Kanpur. This research team will be developing advanced cryptographic techniques to ensure secure and private computation, even in the face of future quantum computing threats.

To read more about the projects, go to https://engineering.nyu.edu/news/nyutandon-school-engineering-and-indianinstitute-technology-kanpur-announceseven-joint.

MAKING SOFTWARE UNDERSTANDABLE— AND A BIT CUDDLY AS WELL

The Update Framework, a secure method for delivering software updates, has a new avatar. Tai, a juggling elephant, is one of several cloud native applications that now appear as characters in a book called “Phippy’s AI Friend.” Published by the Cloud Native Computing Foundation, a branch of the Linux Foundation, the book offers a unique way to make the worlds of artificial intelligence and cloud native applications understandable on the broadest possible level.

The basic premise of the book is that everyone has a unique purpose or function. Phippy, a simple PHP application in the form of a giraffe, is inviting friends to a birthday party in Paris. He befriends an AI generated robot named Kimani, who eventually figures out that they could detect invasive entities that did not belong at the party.

The characters in “Phippy” have appeared in eight books to date. All of these characters have been “donated” to the series by the open source developers of CNCF software projects. This book marks the first appearance of Tai, the elephant embodiment of the The Update Framework, in the series. TUF, which was developed In the early 2010s by CCS researcher Dr. Justin Cappos, is an open-source technology that secures software system updates and is now used by companies including Microsoft, Google and Amazon.

Along with the story, the book contains an activity that families can do together. By scanning a QR code or going to phippyai.com, readers can download a Scratch template that will enable them to train Kimani to scan for the invasive characters called Creepers to prevent them from coming to the party.

Written by Cassandra Yuting Chin and illustrated by Romain Thérenty, the book can be purchased directly from CNCF at https://www.cncf.io/ phippy/, or through Amazon.com at https://www.amazon.com/Phippys-AI-Friend-Workshop-Parents/dp/B0CWYF8JT6

EVENTS

CCS HOSTS TOP-LEVEL DELEGATION FROM

THE CZECH REPUBLIC

On June 14, the Center for Cybersecurity welcomed to the campus a group of government officials and industry leaders from the Czech Republic. The 30-member delegation, led by Ivan Bartos, Deputy Prime Minister for Digitisation, and Miloslav Stasek, the ambassador of the Czech Republic to the United States, spent several hours meeting with CCS faculty, sharing information on critical new technologies and discussing possible points of collaboration. The visiting delegation, which also included representatives of companies that are members of the Confederation of Industry of the Czech Republic, also met with New York City Cyber Command and the Office of New York City Mayor.

The visit was one of the first high-profile events hosted by new CCS co-director Dr. Damon McCoy, Professor of Computer Science and Engineering at Tandon. Along with the Center’s Senior Director Joel Caminer, McCoy highlighted the primary activities and research priorities of CCS, as well as potential avenues of cooperation with Czech partners on such topics as disinformation and the applications of artificial intelligence.

MS CRS PROGRAM CELEBRATES FIRST REUNION

To celebrate the five-year anniversary of the NYU Law/NYU Tandon MS in Cybersecurity Risk and Strategy program, its community of alumni, faculty, and staff held its inaugural reunion on June 14 and 15, 2024. Program alumni worldwide returned to NYU’s campus for this very special occasion, and it was wonderful to see the ways in which they have made significant impacts on the cybersecurity world.

The festivities opened on Friday evening with welcome remarks from School of Law Dean Troy McKenzie, followed by a talk by Kelly Shortridge, Senior Director of Portfolio Product Management at Fastly and the lead author of the textbook Security Chaos Engineering: Sustaining Resilience in Software and Systems. Kelly discussed biological and natural world principles that can be adapted to further one’s understanding of complex cybersecurity ideas.

The following day, Professor of Law Samuel Rascoff moderated a faculty panel discussion featuring Judi Germano, Distinguished Fellow at the NYU Center for Cybersecurity (CCS) and Senior Fellow at the Reiss Center on Law and Security; Dr. Edward Amoroso, Distinguished Research Professor of Computer Science and Engineering at NYU Tandon; and CCS Co-Director & School of Law Professor of Practice Randal Milch.

The faculty panel shared their thoughts on the most impactful cybersecurity events and developments and the future of the cybersecurity landscape. Ellen Nakashima, national security reporter for The Washington Post, then discussed her experiences as a cybersecurity journalist, particularly in regard to the relationship between cyber sources and reporters and its impact on incident response.

The community also heard from a panel of alumni consisting of Stephanie Brody (’20), Vice President, Core Engineering and Cyber Audit at Goldman Sachs; James Rotherham (’19), Director, Security & Resilience Services - APAC at Google; Michael Salas (’22), Chief Information & Digital Officer at BAE Systems Australia; and Alex Scherer (’23), Founder of Enta Insurance. The alumni discussed the value of the MS CRS program in its interdisciplinary approach to cybersecurity, as well as the diverse backgrounds of

TANDON RESEARCH EXPO SPOTLIGHTS TWO INNOVATIVE CYBERSECURITY PROJECTS

As one of the school’s seven designated areas of excellence, cybersecurity research projects are a regular feature at the Tandon Research Excellence Exhibit, held each year on the Brooklyn Promenade outside the school’s Dibner Library. According to Tandon, the exhibit “features student and faculty projects illustrating the scope of engineering, the applied sciences, and their potential for improving the world.”

CyberByte checked in with the researchers behind the two designated cybersecurity projects at the 2024 Exhibit. Here are descriptions of the projects in their own words:

the students and faculty members. They each commented with their own takeaways from the program and some of the biggest cybersecurity challenges that they have seen in their respective industries. The weekend wrapped up with an interactive Capstone Project and a Closing Reception.

Many thanks to all our alumni and students for creating and uplifting the MS CRS community. We are grateful to and proud of each and every one of you!

CovSBOM: Enhancing Software Bill of Materials with Integrated Code Coverage Analysis

Summarized by Yuchen “Dennis” Zhang, Post-Doctoral Researcher (at right in photo above)

“The project titled ‘CovSBOM: Enhancing Software Bill of Materials with Integrated Code Coverage Analysis’ presents a novel tool designed to improve the accuracy of Software Bills of Materials (SBOMs) by integrating code coverage analysis. SBOMs are critical for managing software vulnerabilities, but they often lack detailed insights into which parts of the code are actually being used, leading to inefficiencies and false positives in vulnerability detection. CovSBOM addresses this by analyzing the specific code coverage of thirdparty dependencies within Java applications and integrating these results back into the SBOM. The tool has been evaluated on 23 large-scale applications, showing a significant reduction in false positives and enhancing the precision of vulnerability detection by approximately 72%. The project highlights CovSBOM’s scalability, usability, and its potential to improve the management of software vulnerabilities in diverse programming environments.”

Also involved in the project are Dr. Justin Cappos, Associate Professor of Computer Science and Engineering; Joel Caminer, Senior Director in the NYU Center for Cybersecurity (CCS); and Yunze “Fred” Zhao, a master’s student in computer engineering at Tandon who has just began Ph.D. studies at the University of Maryland. The project is underwritten by the Depository Trust and Clearing Corporation (DTCC), under a partnership agreement between the company and NYU signed in 2022.

gittuf: The Security Layer for Git Summarized by Patrick Zielinski, Ph.D. student (at center in photo above)

“gittuf is a security layer for Git repositories that enables owners of these repositories to distribute (and revoke) contributor signing keys, and define policies about which contributors can make changes to particular namespaces within the repository. This extra layer of protection is built on several key properties of The Update Framework (TUF), such as delegations, secure key distribution, key revocation, trust rotation, read / write access control, and namespaces. In addition to TUF, gittuf also builds on the Reference State Log design (described in an academic paper), which also enables protection against reference state attacks. Finally, gittuf can be used as a foundation to build other desirable features, such as cryptographic algorithm agility, the ability to store secrets and in-toto attestations pertaining to the repository, and more.”

Also involved in the project are Aditya Sirish A Yelgundhalli, Ph.D. Candidate, and Dr. Justin Cappos, Associate Professor of Computer Science and Engineering.

NYU HOSTS COMPUTER ARCHITECTURE

DAY

In April, NYU welcomed more than 80 students, researchers, and industry experts — including representatives from Columbia University, Cornell and Cornell Tech, the New Jersey Institute of Technology, Northeastern University, Princeton University, the University of Rochester, the University of Pennsylvania, the University of Virginia, and Yale University—to the Tandon campus for Computer Architecture Day. A gathering of computer scientists drawn largely from the Northeastern seaboard, the event also attracted industry representatives from D.E. Shaw Research, Google Deepmind, IBM Research, Lucata, and Qualcomm Labs, all eager to exchange ideas with fellow computer architects.

Under the direction of Dr. Brandon Reagen, Assistant Professor of Electrical and Computer Engineering and Computer Science and Engineering, the conference provided a forum for 17 students to present their research, which ranged from unique defenses against DNN attacks, to methods to speed up Large Language Models to improve image encoding in virtual reality, to a method for creating a hardware “kill-switch” for AIs. A highlight of the program was a keynote speech by Brannon Batson of D.E. Shaw Research. Batson discussed the company’s supercomputer, known as Anton 3, and its ability to surpass supercomputers by at least 100 times in simulating various biomolecular systems. In particular, Batson pointed to the intricate interplay between hardware, software, and algorithms that enabled the computer to achieve such remarkable speedups.

The event was organized by NYU Tandon students Karthik Garimella, Jianqiao Mo, Negar Neda, Austin Ebel, Nandan Jha, and Alhad Daftardar, with support from Raquel Thompson from ECE.

AWARDS AND HONORS

PH.D. STUDENT GARIMELLA RECOGNIZED FOR AI RESEARCH

Karthik Garimella, a Ph.D. student in the Department of Electrical and Computer Engineering was recently named a “Rising Star” by MLCommons (see https://mlcommons.org/), an AI consortium dedicated to “encouraging open collaboration and improving the accuracy, safety, speed and efficiency of AI technologies.” The “Rising Star” designation honors young researchers working at the intersection of machine learning and systems, and supports their development through access to workshops, networking opportunities, and other resources. According to Vijay Janapa Reddi, MLCommons VP and Research Chair and steering committee member of the Rising Stars program, “by nurturing and supporting the next generation of researchers, both domestically and globally, we aim to foster an inclusive environment where these individuals can make groundbreaking contributions that will shape the future of ML and systems research.”

Garimella, who came to Brooklyn for his doctoral studies after earning a bachelor’s degree in physics from Hendrix College and a master’s degree in computer engineering from Washington University in St. Louis, earned the honor for his investigative work in protecting the privacy and security of machine-learning technologies. Now working under the guidance of Assistant Professor Brandon Reagen, a faculty member of NYU’s Center for Cybersecurity, Garimella is particularly focused on closing a “privacy loophole” created in the use of cloud-based applications, including social media. As he explained to NYU News, this loophole is created by the way AI shares information. “You type in a prompt, and it gets sent to the cloud, and although it’s secured during transmission, at the end of the day, the company still has access to it. This is concerning, especially if it contains sensitive or personal information.” To address this loophole, Garimella is using a number of technologies, including multi-party computation, where differing parties can pool data for computing tasks and access the resulting output without revealing information from any individual party, and homomorphic encryption, a technique that enables mathematical operations to be performed on encrypted data without affecting the encryption.

His advisor was unsurprised that Garimella, who is currently interning at NVIDIA, was chosen for the competitive program.”He is a fantastic student whose academic talent, rigor, and creativity exemplify everything we hope for in a Tandon doctoral candidate,” Dr. Reagen comments. “ I predict that his work will make a major impact.”

In addition to his “Rising Star” designation, Garimella was also the recipient of a Li Publication Award, given by the NYU Tandon Department of Electrical and Computing Engineering last Spring.

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.