Abstract: Systems, methods, and computer-readable media for managing underwater acoustic communications. An automatic network slicing method specifically designed for handling underwater acoustic communications is implemented to enable admission control, routing, and dynamic resource allocation based on service level agreement requirements.

Abstract: According to various embodiments, a method for detecting security vulnerabilities in at least one of cyber-physical systems (CPSs) and Internet of Things (IoT) devices is disclosed. The method includes constructing an attack directed acyclic graph (DAG) from a plurality of regular expressions, where each regular expression corresponds to control-data flow for a known CPS/IoT attack. The method further includes performing a linear search on the attack DAG to determine unexploited CPS/IoT attack vectors, where a path in the attack DAG that does not represent a known CPS/IoT attack vector represents an unexploited CPS/IoT attack vector. The method also includes applying a trained machine learning module to the attack DAG to predict new CPS/IoT vulnerability exploits. The method further includes constructing a defense DAG configured to protect against the known CPS/IoT attacks, the unexploited CPS/IoT attacks, and the new CPS/IoT vulnerability exploits.

Abstract: Systems, methods, and computer-readable media for managing underwater acoustic communications. An automatic network slicing method specifically designed for handling underwater acoustic communications is implemented to enable admission control, routing, and dynamic resource allocation based on service level agreement requirements.

Abstract: A software-defined modem includes a multi-mode head and a baseband unit. The multi-mode head includes a plurality of mode frontends including, but not limited to acoustic, magnetic induction, radio frequency and optical. Each mode frontend of the plurality of mode frontends is configured to transmit and/or receive communications according to a preset communication mode. The baseband unit is configured to control operation of the multi-mode head. The multi-mode head is configured to simultaneously use one or more communication modes.

Abstract: According to various embodiments, a method for detecting security vulnerabilities in a fifth generation core network (5GCN) is disclosed. The method includes constructing an attack graph from a plurality of regular expressions. Each regular expression corresponds to a sequence of system level operations for a known 5GCN attack. The method further includes performing a linear search on the attack graph to determine unexploited 5GCN attack vectors where path in the attack graph that does not represent a known 5GCN attack vector represents an unexploited 5GCN attack vector. The method also includes applying a trained machine learning module to the attack graph to predict new 5GCN attacks. The trained machine learning module is configured to determine a feasibility of linking unconnected nodes in the attack graph to create a new branch representing a new 5GCN vulnerability exploit.

Abstract: Systems, methods, and computer-readable media for managing underwater acoustic communications. An automatic network slicing method specifically designed for handling underwater acoustic communications is implemented to enable admission control, routing, and dynamic resource allocation based on service level agreement requirements.

Abstract: Systems, methods, and computer-readable media for managing underwater acoustic communications. An automatic network slicing method specifically designed for handling underwater acoustic communications is implemented to enable admission control, routing, and dynamic resource allocation based on service level agreement requirements.

Abstract: According to various embodiments, a method for detecting security vulnerabilities in at least one of cyber-physical systems (CPSs) and Internet of Things (IoT) devices is disclosed. The method includes constructing an attack directed acyclic graph (DAG) from a plurality of regular expressions, where each regular expression corresponds to control-data flow for a known CPS/IoT attack. The method further includes performing a linear search on the attack DAG to determine unexploited CPS/IoT attack vectors, where a path in the attack DAG that does not represent a known CPS/IoT attack vector represents an unexploited CPS/IoT attack vector. The method also includes applying a trained machine learning module to the attack DAG to predict new CPS/IoT vulnerability exploits. The method further includes constructing a defense DAG configured to protect against the known CPS/IoT attacks, the unexploited CPS/IoT attacks, and the new CPS/IoT vulnerability exploits.

Abstract: Systems, methods, and computer-readable media for protecting distributed data are provided. The data is distributed according to a time-based shard distribution scheme that splits data into multiple pieces to prevent an attacker who successfully breaches a terminal device from reassembling the pieces.

Abstract: Systems, methods, and computer-readable media for protecting distributed data are provided. The data is distributed according to a time-based shard distribution scheme that splits data into multiple pieces to prevent an attacker who successfully breaches a terminal device from reassembling the pieces.

Abstract: Systems, methods, and computer-readable media for protecting cryptographic keys are provided. Each cryptographic key is divided into multiple shares for storage at remote locations and for storage on a local device.

Abstract: Systems, methods, and computer-readable media for protecting distributed data are provided. The data is distributed according to a time-based shard distribution scheme that splits data into multiple pieces to prevent an attacker who successfully breaches a terminal device from reassembling the pieces.

Abstract: A system, method and computer program product for verifying integrity of a running application program on a computing device. The method comprises: determining entry points into an application programs processing space that impact proper execution impact program integrity; mapping data elements reachable from the determined entry points into a memory space of a host system where the application to verify is running; run-time monitoring, in the memory space, potential modification of the data elements in a manner potentially breaching program integrity; and initiating a response to the potential modification. The run-time monitoring detects when a data transaction, e.g., a write event, reaches a malicious agent's entry point, a corresponding memory hook is triggered and control is passed to a security agent running outside the monitored system.

Abstract: A system, method and computer program product for verifying integrity of a running application program on a computing device. The method comprises: determining entry points into an application programs processing space that impact proper execution impact program integrity; mapping data elements reachable from the determined entry points into a memory space of a host system where the application to verify is running; run-time monitoring, in the memory space, potential modification of the data elements in a manner potentially breaching program integrity; and initiating a response to the potential modification. The run-time monitoring detects when a data transaction, e.g., a write event, reaches a malicious agent's entry point, a corresponding memory hook is triggered and control is passed to a security agent running outside the monitored system.