BZPEERReading, trust and collaboration for research
Menu

Discover

GraphFollow connections around a paper, topic or saved view.

Workspaces

HomePick up where your research flow left off.InboxHandle requests, replies and notifications from one place.CollectionsCurate reading lists, evidence sets and shareable dossiers.ResearchSee your private provenance graph, trail and imports.CollaborationMove from discovery into focused discussion rooms.PublishDraft, preview and publish full-text research articles.

Network

ExpertsFind specialists worth following or asking for help.CommunitiesJoin research circles organized around shared work.PartnersSee external organizations active around the same topics.

Opportunities

ListingsBrowse roles, calls and collaborations with clearer fit signals.

Account

Log inReturn to your reading and collaboration workspace.Create accountStart saving work, following people and joining teams.
Log inCreate account

Researcher profile

David Barrera

David Barrera contributes to research discovery and scholarly infrastructure.

ResearcherAffiliation not importedOpen to collaborate
Cryptography and SecurityMachine Learningmath.PRmath.STOperating SystemsStatistics Theory

Trust snapshot

Quick read

Trust 19 - UnverifiedVerification L1Unclaimed author
5works
0followers
6topics
4close collaborators

Actions

Decide how to stay connected

Follow researcher0

Identity and collaboration

How to connect with this researcher

Claiming links this public author record to a researcher profile and unlocks direct collaboration workflows.

Log in to claim

Direct collaboration

Open a focused conversation when the fit is right

Claim this author entity first to unlock direct invitations.

Research graph

See the researcher in context

Open full explorer

Inspect adjacent work, topics, institutions and collaborators without jumping out to a separate graph page.

Building this graph slice

BZPEER is loading the nearby papers, people, topics and institutions for this page.

Published work

5 published item(s)

preprint2022arXiv

Confidence intervals for nonparametric regression

We demonstrate and discuss nonasymptotic bounds in probability for the cost of a regression scheme with a general loss function from the perspective of the Rademacher theory, and for the optimality with respect to the average $L^{2}$-distance to the underlying conditional expectations of least squares regression outcomes from the perspective of the Vapnik-Chervonenkis theory. The results follow from an analysis involving independent but possibly nonstationary training samples and can be extended, in a manner that we explain and illustrate, to relevant cases in which the training sample exhibits dependence.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

Ontology-Based Anomaly Detection for Air Traffic Control Systems

The Automatic Dependent Surveillance-Broadcast (ADS-B) protocol is increasingly being adopted by the aviation industry as a method for aircraft to relay their position to Air Traffic Control (ATC) monitoring systems. ADS-B provides greater precision compared to traditional radar-based technologies, however, it was designed without any encryption or authentication mechanisms and has been shown to be susceptible to spoofing attacks. A capable attacker can transmit falsified ADS-B messages with the intent of causing false information to be shown on ATC displays and threaten the safety of air traffic. Updating the ADS-B protocol will be a lengthy process, therefore, there is a need for systems to detect anomalous ADS-B communications. This paper presents ATC-Sense, an ADS-B anomaly detection system based on ontologies. An ATC ontology is used to model entities in a simulated controlled airspace and is used to detect falsified ADS-B messages by verifying that the entities conform to aviation constraints related to aircraft flight tracks, radar readings, and flight reports. We evaluate the computational performance of the proposed constraints-based detection approach with several ADS-B attack scenarios in a simulated ATC environment. We demonstrate how ontologies can be used for anomaly detection in a real-time environment and call for future work to investigate ways to improve the computational performance of such an approach.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

Security Best Practices: A Critical Analysis Using IoT as a Case Study

Academic research has highlighted the failure of many Internet of Things (IoT) product manufacturers to follow accepted practices, while IoT security best practices have recently attracted considerable attention worldwide from industry and governments. Given current examples of security advice, confusion is evident from guidelines that conflate desired outcomes with security practices to achieve those outcomes. We explore a surprising lack of clarity, and void in the literature, on what (generically) best practice means, independent of identifying specific individual practices or highlighting failure to follow best practices. We consider categories of security advice, and analyze how they apply over the lifecycle of IoT devices. For concreteness in discussion, we use iterative inductive coding to code and systematically analyze a set of 1013 IoT security best practices, recommendations, and guidelines collated from industrial, government, and academic sources. Among our findings, of all analyzed items, 68% fail to meet our definition of an (actionable) practice, and 73% of all actionable advice relates to the software development lifecycle phase, highlighting the critical position of manufacturers and developers. We hope that our work provides a basis for the community to better understand best practices, identify and reach consensus on specific practices, and find ways to motivate relevant stakeholders to follow them.

0 citations0 reviewsNo code linkedOpen access
preprint2021arXiv

BPFContain: Fixing the Soft Underbelly of Container Security

Linux containers currently provide limited isolation guarantees. While containers separate namespaces and partition resources, the patchwork of mechanisms used to ensure separation cannot guarantee consistent security semantics. Even worse, attempts to ensure complete coverage results in a mishmash of policies that are difficult to understand or audit. Here we present BPFContain, a new container confinement mechanism designed to integrate with existing container management systems. BPFContain combines a simple yet flexible policy language with an eBPF-based implementation that allows for deployment on virtually any Linux system running a recent kernel. In this paper, we present BPFContain's policy language, describe its current implementation as integrated into docker, and present benchmarks comparing it with current container confinement technologies.

0 citations0 reviewsNo code linkedOpen access
preprint2020arXiv

SERENIoT: Collaborative Network Security Policy Management and Enforcement for Smart Homes

Network traffic whitelisting has emerged as a dominant approach for securing consumer IoT devices. However, determining what the whitelisted behavior of an IoT device should be remains an open challenge. Proposals to date have relied on manufacturers and trusted parties to provide whitelists, but these proposals require manufacturer involvement or placing trust in an additional stakeholder. Alternatively, locally monitoring devices can allow building whitelists of observed behavior, but devices may not exhaust their functionality set during the observation period, or the behavior may change following a software update which requires re-training. This paper proposes a blockchain-based system for determining whether an IoT device is behaving like other devices of the same type. Our system (SERENIoT, pronounced Serenity) overcomes the challenge of initially determining the correct behavior for a device. Nodes in the SERENIoT public blockchain submit summaries of the network behavior observed for connected IoT devices and build whitelists of behavior observed by the majority of nodes. Changes in behavior through software updates are automatically whitelisted once the update is broadly deployed. Through a proof-of-concept implementation of SERENIoT on a small Raspberry Pi IoT network and a large-scale Amazon EC2 simulation, we evaluate the security, scalability, and performance of our system.

0 citations0 reviewsNo code linkedOpen access