Internships

SpackNVD: A Vulnerability Audit Tool for Spack Packages May 2022 - August 2022

I, along with my partner, introduced the National Vulnerability Database (NVD) as a plug-in to the Spack package manager. Spack is able to query the NVD database for a list of known vulnerabilities in incoming package installations. Via 'spack info' and 'spack cve', JSON files are generated for a package and its dependencies of their CVE data. This in turn speeds up vulnerability lookup in the future and decreases communication overhead to the NVD database. Vulnerability scores within a certain range will display a warning message and list the vulnerabilities with links to them on the NVD website. Vulnerability scores exceeding a preset threshold will cause the installation of a package to be blocked completely. However, after a manual review process, if a vulnerability is deemed irrelevant for the packages use and current environment, it can be added to an allowlist within its respective Spack directory. This disables the blocking feature and allows a user to install the previously blocked package installation.

A paper for this project was accepted to the First Annual Workshop on Cyber Security in High Performance Computing at the 2022 International Conference for High Performance Computing, Networking, Storage, and Analysis.

Quantifying the Platypus Attack May 2021 - August 2021

A side-channel attack that reveals secret keys using a chosen plaintext and energy measurements.

I designed a C-library to generate random cryptographic keys based on inputted key-length, Hamming weight, and number of keys requested. I demonstrated the proportional relationship between Hamming weights and energy consumption (Hamming Weight Increase = Energy Consumption Increase) by graphing sorted runs in R that measured average energy consumed for a single key over the PKG_ENERGY_STATUS Model-Specific Register. This depicted run-to-run variation and showed that measuring average watts for a single cryptographic key does not expose the relationship of energy consumption for all cryptographic keys.

Programming and Manipulating Model-Specific Registers May 2019 - August 2019

I assisted in implementing a task-oriented command-line tool for reading, writing, and modifying Model-Specific Registers via the Lawrence Livermore National Laboratory MSR-Safe Kernel interface. This tool decreased the setup time for performance profiling of Model-Specific Registers by approximately 67%. Performance profiling visuals were created in R using data collected from FireStarter.

Investigation of Vulnerability Scanners May 2018 - August 2018

I compared vulnerability scanners, Tenable Nessus and OpenVAS, to identify which of the two generated the most useful and reliable data. Seeing that Tenable Nessus gave the most useful and reliable data, I modified a python script to convert the Nessus CSV data files into XML data files. These XML data files were properly formatted for integration into a network mapping system. This data allowed for the visualization of possible vulnerabilities within the laboratory network.

Cyber Resiliency Introduced by blockchain Processing for Secure Transmission (CRIPSeT) May 2020 - August 2020

I investigated networking protocols and executed attacks on internal systems using the Kali Linux Suite. I eventually categorized 66 vulnerabilities in a threat model of a simulated satellite mission from low to critical. I then investigated blockchain, its known vulnerabilities, and its ability to mitigate a Command Intrusion Attack. I theoretically proved using blockchain within a simulated satellite mission would completely mitigate a Command Intrusion Attack. I then successfully executed a ReEntrancy Attack on an internal sample blockchain using the Solidity IDE showing that a simulated satellite mission was still vulnerable to other attacks.

Utilizing QEMU for Model-Specific Register Analysis Based on an Architecture and Operating System Agnostic Approach January 2020 - April 2021

As my undergraduate thesis I investigated, along with Dr. Barry Rountree, capabilities of the Quick Emulator (QEMU) as it relates to Model-Specific Registers. We used an Equinix Metal server to host the experiment while setting up SSH keys and a firewall for further security precautions. A few scripts were created to setup a privileged user space, setup a non-privileged user space, copy SSH keys and an iso image, install an iso image, and run an iso image after a successful boot process at the installation phase. We proved capturing read call values from a non-privileged user space is possible from 21 of the 26 monitored MSR’s in the Ubuntu Operating System.

Analyzing Multiuser Power Allocation in Satellite Communications Using a Cooperative Game-Theoretic Approach September 2020 - May 2021 I was a student researcher under Dr. Wei Wan. We investigated optimal strategies in satellite communication systems to precisely allocate power among multiuser terminals who share a frequency-selective Gaussian interference channel. This project was funded by the National Science Foundation Research Initiation Award under Award Number 1900984.