Cliff C. Zou

Edward L. Amoruso, Raghu Avula, Stephen P. Johnson et al.

In dealing with altered multimedia news content, also referred to as fake news, we present a ready-to-deploy scheme based on existing public key infrastructure as a new fake news defense paradigm. This scheme enables news organizations to certify/endorse a newsworthy multimedia news content and securely and conveniently pass this trust information to end users. A news organization can use our program to digitally sign the multimedia news content with its private key. By installing a browser extension, an end user can easily verify whether a news content has been endorsed and by which organization. It is totally up to the end user whether to trust the news or the endorsing news organization. The underlining principles of our scheme are that fake news will sooner or later be identified as fake by general population, and a news organization puts its long-term reputation on the line when endorsing a news content.

Lan Luo, Yue Zhang, Cliff C. Zou et al.

Internet of Things (IoT) devices have been increasingly integrated into our daily life. However, such smart devices suffer a broad attack surface. Particularly, attacks targeting the device software at runtime are challenging to defend against if IoT devices use resource-constrained microcontrollers (MCUs). TrustZone-M, a TrustZone extension for MCUs, is an emerging security technique fortifying MCU based IoT devices. This paper presents the first security analysis of potential software security issues in TrustZone-M enabled MCUs. We explore the stack-based buffer overflow (BOF) attack for code injection, return-oriented programming (ROP) attack, heap-based BOF attack, format string attack, and attacks against Non-secure Callable (NSC) functions in the context of TrustZone-M. We validate these attacks using the TrustZone-M enabled SAM L11 MCU. Strategies to mitigate these software attacks are also discussed.