Posts by Collection




Cyber-attacks and Mitigation in Blockchain based Transactive Energy Systems

Published in 2020 IEEE Conference on Industrial Cyberphysical Systems (ICPS), 2020

Power grids are undergoing major changes due to the rapid adoption of intermittent renewable energy resources and the increased availability of energy storage devices. These trends drive smart-grid operators to envision a future where peer-to-peer energy trading occurs within microgrids, leading to the development of Transactive Energy Systems. Blockchains have garnered significant interest from both academia and industry for their potential application in decentralized TES, in large part due to their high level of resilience. In this paper, we introduce a novel class of attacks against blockchain based TES, which target the gateways that connect market participants to the system. We introduce a general model of blockchain based TES and study multiple threat models and attack strategies. We also demonstrate the impact of these attacks using a testbed based on GridLAB-D and a private Ethereum network. Finally, we study how to mitigate these attack.

Recommended citation: C. Barreto, T. Eghtesad, S. Eisele, A. Laszka, A. Dubey and X. Koutsoukos, "Cyber-Attacks and Mitigation in Blockchain Based Transactive Energy Systems," 2020 IEEE Conference on Industrial Cyberphysical Systems (ICPS), Tampere, Finland, 2020, pp. 129-136, doi: 10.1109/ICPS48405.2020.9274708.

Mechanisms for Outsourcing Computation via a Decentralized market

Published in 14th ACM International Conference on Distributed and Event-Based Systems (DEBS 2020), 2020

As the number of personal computing and IoT devices grows rapidly, so does the amount of computational power that is available at the edge. Many of these devices are often idle and constitute an untapped resource which could be used for outsourcing computation. Existing solutions for harnessing this power, such as volunteer computing (e.g., BOINC), are centralized platforms in which a single organization or company can control participation and pricing. By contrast, an open market of computational resources, where resource owners and resource users trade directly with each other, could lead to greater participation and more competitive pricing. To provide an open market, we introduce MODiCuM, a decentralized system for outsourcing computation. MODiCuM deters participants from misbehaving—which is a key problem in decentralized systems—by resolving disputes via dedicated mediators and by imposing enforceable fines. However, unlike other decentralized outsourcing solutions, MODiCuM minimizes computational overhead since it does not require global trust in mediation results. We provide analytical results proving that MODiCuM can deter misbehavior, and we evaluate the overhead of MODiCuM using experimental results based on an implementation of our platform.

Recommended citation: Scott Eisele, Taha Eghtesad, Nicholas Troutman, Aron Laszka, and Abhishek Dubey. 2020. Mechanisms for outsourcing computation via a decentralized market. In Proceedings of the 14th ACM International Conference on Distributed and Event-based Systems (DEBS '20). Association for Computing Machinery, New York, NY, USA, 61–72. DOI:

Blockchains for Transactive Energy Systems: Opportunities, Challenges, and Approaches

Published in IEEE Computer, 2020

The emergence of blockchains and smart contracts has renewed interest in electrical cyberphysical systems, especially transactive energy systems. To address the associated challenges, we present TRANSAX, a blockchain-based transactive energy system that provides an efficient, safe, and privacy-preserving market built on smart contracts.

Recommended citation: S. Eisele et al., "Blockchains for Transactive Energy Systems: Opportunities, Challenges, and Approaches," in Computer, vol. 53, no. 9, pp. 66-76, Sept. 2020, doi: 10.1109/MC.2020.3002997.

The Hackers’ Viewpoint: Exploring Challenges and Benefits of Bug-Bounty Programs

Published in 6th Workshop on Security Information Workers, 2020

In recent years, bug-bounty programs have garnered popularity and became a significant part of the security culture of many organizations. Bug-bounty programs enable these organizations to improve their security posture by harnessing the outside perspective of a diverse crowd of security experts (bug hunters). However, bug-bounty programs also suffer from inefficiencies, such as duplicate and invalid bug reports, which are resource consuming for organizations and bug hunters alike. To address these issues, it is crucial to understand how bug hunters make decisions, what motivates them, and what challenges they face. We present the results of an initial survey conducted among bug hunters to address these questions. We recruited 56 security experts who participate in bug-bounty programs to answer open-ended questions regarding various aspects of their participation in bug-bounty programs. Their responses provide a detailed overview of the motivations of security experts and the challenges that they face.

Recommended citation: Akgul, O., Eghtesad, T., Elazari, A., Gnawali, O., Grossklags, J., Votipka, D., & Laszka, A. The Hackers’ Viewpoint: Exploring Challenges and Benefits of Bug-Bounty Programs.

Deep Reinforcement Learning based Adaptive Moving Target Defense

Published in 2020 Conference on Decision and Game Theory for Security, 2020

Moving target defense (MTD) is a proactive defense approach that aims to thwart attacks by continuously changing the attack surface of a system (e.g., changing host or network configurations), thereby increasing the adversary’s uncertainty and attack cost. To maximize the impact of MTD, a defender must strategically choose when and what changes to make, taking into account both the characteristics of its system as well as the adversary’s observed activities. Finding an optimal strategy for MTD presents a significant challenge, especially when facing a resourceful and determined adversary who may respond to the defender’s actions. In this paper, we propose a multi-agent partially-observable Markov Decision Process model of MTD and formulate a two-player general-sum game between the adversary and the defender. To solve this game, we propose a multi-agent reinforcement learning framework based on the double oracle algorithm. Finally, we provide experimental results to demonstrate the effectiveness of our framework in finding optimal policies.

Recommended citation: Eghtesad T., Vorobeychik Y., Laszka A. (2020) Adversarial Deep Reinforcement Learning Based Adaptive Moving Target Defense. In: Zhu Q., Baras J.S., Poovendran R., Chen J. (eds) Decision and Game Theory for Security. GameSec 2020. Lecture Notes in Computer Science, vol 12513. Springer, Cham.

Safe and Private Forward-Trading Platform for Transactive microgrids

Published in ACM Transactions on Cyber-Physical Systems, 2020

Power grids are evolving at an unprecedented pace due to the rapid growth of distributed energy resources (DER) in communities. These resources are very different from traditional power sources, as they are located closer to loads and thus can significantly reduce transmission losses and carbon emissions. However, their intermittent and variable nature often results in spikes in the overall demand on distribution system operators (DSO). To manage these challenges, there has been a surge of interest in building decentralized control schemes, where a pool of DERs combined with energy storage devices can exchange energy locally to smooth fluctuations in net demand. Building a decentralized market for transactive microgrids is challenging, because even though a decentralized system provides resilience, it also must satisfy requirements such as privacy, efficiency, safety, and security, which are often in conflict with each other. As such, existing implementations of decentralized markets often focus on resilience and safety but compromise on privacy. In this article, we describe our platform, called TRANSAX, which enables participants to trade in an energy futures market, which improves efficiency by finding feasible matches for energy trades, enabling DSOs to plan their energy needs better. TRANSAX provides privacy to participants by anonymizing their trading activity using a distributed mixing service, while also enforcing constraints that limit trading activity based on safety requirements, such as keeping planned energy flow below line capacity. We show that TRANSAX can satisfy the seemingly conflicting requirements of efficiency, safety, and privacy. We also provide an analysis of how much trading efficiency is lost. Trading efficiency is improved through the problem formulation, which accounts for temporal flexibility, and system efficiency is improved using a hybrid-solver architecture. Finally, we describe a testbed to run experiments and demonstrate its performance using simulation results.

Recommended citation: Scott Eisele, Taha Eghtesad, Keegan Campanelli, Prakhar Agrawal, Aron Laszka, and Abhishek Dubey. 2021. Safe and Private Forward-trading Platform for Transactive Microgrids. ACM Trans. Cyber-Phys. Syst. 5, 1, Article 8 (January 2021), 29 pages. DOI:

Decentralized Computation Market for Stream Processing Applications

Published in 10th IEEE International Conference on Cloud Engineering (IC2E), 2022

While cloud computing is the current standard for outsourcing computation, it can be prohibitively expensive for cities and infrastructure operators to deploy services, especially for streaming applications. At the same time, there are underutilized computing resources within cities and local edgecomputing deployments. Using these slack resources may enable significantly lower pricing than comparable cloud computing; such resources would incur minimal marginal expenditure since their deployment and operation are mostly sunk costs. However, there are challenges associated with using these resources. First, they are not effectively aggregated or provisioned. Second, there is a lack of trust between customers and suppliers of computing resources, given that they are distinct stakeholders and behave according to their own interests. Third, delays in processing inputs may diminish the value of the streaming applications. To resolve these challenges, we introduce an architecture, combining a distributed trusted computing base, such as a blockchain, with an efficient messaging system like Apache Pulsar. Using this architecture, we design a decentralized computation market where customers and suppliers make offers to deploy and host streaming applications. The proposed architecture is independent of any particular blockchain implementation—as long as it supports smart contracts—and ensures that the market is robust to failures, while incurring the latency intrinsic in blockchain solutions only on deployment, rather than every output. We evaluate the market protocol using game-theoretic analysis to show that deviation from the protocol is discouraged. Finally, we evaluate the performance of a prototype implementation based on experiments with a streaming computer-vision application.

Recommended citation: .



Teaching experience 1

Undergraduate course, University 1, Department, 2014

This is a description of a teaching experience. You can use markdown like any other post.

Teaching experience 2

Workshop, University 1, Department, 2015

This is a description of a teaching experience. You can use markdown like any other post.