The National Security Agency Research Directorate began funding foundational research at Lablet institutions beginning in 2012 through the Science of Security (SoS) Initiative. The Lablets were funded in order to promote foundational cybersecurity science that is needed to mature the cybersecurity discipline and to underpin advances in cyberdefense. In 2014, the SURE project was founded to investigate cybersecurity in the cyber-physical systems realm. The Lablet and SURE projects are listed below.

Project Title PI Project Abstract All terms
A Human Information-Processing Analysis of Online Deception Detection rproctor Human interaction is an integral part of any system. Users have daily interactions with a system and make many decisions that affect the overall state of security. The fallibility of users has been shown but there is little research focused on the... A Human Information-Processing Analysis of Online Deception Detection, NCSU, NCSU
A Hypothesis Testing Framework for Network Security Brighten Godfrey This project develops a scientific approach to testing hypotheses about network security when those tests must consider layers of complex interacting policies within the network stack. The work is motivated by observation that the infrastructure of large... Policy-Governed Secure Collaboration, Resilient Architectures, Scalability and Composability, Security Metrics Driven Evaluation, Design, Development, and Deployment, UIUC
A Language and Framework for Development of Secure Mobile Applications JonathanAldrich Mobile applications are a critical emerging segment of the software industry, and security for web-based mobile applications is of increasing concern. We hypothesize that many of the most important security vulnerabilities in web-based mobile... A Language and Framework for Development of Secure Mobile Applications, A Language and Framework for Development of Secure Mobile Applications, CMU, CMU
A Monitoring, Fusion and Response Framework to Provide Cyber Resiliency William H. Sanders UIUC
Analytics for Cyber-Physical System Cybersecurity Nazli Choucri Mounting concerns about safety and security have resulted in an intricate ecosystem of guidelines, compliance measures, directives and policy reports for cybersecurity of all critical infrastructure. By definition, such guidelines and policies are written... Analytics for Cyber-Physical System Cybersecurity, Policy-Governed Secure Collaboration
Anonymous Messaging pramodviswanath Anonymity is a basic right and a core aspect of Internet. Recently, there has been tremendous interest in anonymity and privacy in social networks, motivated by the natural desire to share one's opinions without the fear of judgment or personal reprisal (... Scalability and Composability, UIUC
Attack Surface and Defense-in-Depth Metrics Attack Surface and Defense-in-Depth Metrics, NCSU, NCSU
Automated Synthesis of Resilient Architectures ealshaer NCSU, NCSU, Automated Synthesis of Resilient Architectures
Cloud-Assisted IoT Systems Privacy Fengjun Li The key to realizing the smart functionalities envisioned through the Internet of Things (IoT) is to securely and efficiently communicate, store, and make sense of the tremendous data generated by IoT devices. Therefore, integrating IoT with the cloud... Cloud-Assisted IoT Systems Privacy, Metrics, Resilient Architectures, Scalability and Composability
Data Driven Security Models and Analysis Ravi Iyer In security more than in other computing disciplines, professionals depend heavily on rapid analysis of voluminous streams of data gathered by a combination of network-, file-, and system-level monitors. The data are used both to maintain a constant vigil... Resilient Architectures, Security Metrics Driven Evaluation, Design, Development, and Deployment, Understanding and Accounting for Human Behavior, UIUC
Data-Driven Model-Based Decision-Making William H. Sanders The goal of this project is to develop quantitative, scientifically grounded, decision-making methodologies to guide information security investments in private or public organizations, combining human and technological concerns, to demonstrate their use... Security Metrics Driven Evaluation, Design, Development, and Deployment, Understanding and Accounting for Human Behavior, UIUC
Decentralization in Security: Consequences and Incentive Design Yevgeniy Vorobeychik In security, our concern is typically with securing a particular network, or eliminating security holes in a particular piece of software. These are important, but they miss the fact that being secure is fundamentally about security of all constituent... Resilient Architectures, Science of decentralized security, Vanderbilt
Does the Presence of Honest Users Affect Intruder Behavior? Michel Cukier More appropriate and efficient security solutions against system trespassing incidents can be developed once the attack threat is better understood. However, few empirical studies exist to assess the attack threat. Our proposed research applies "soft... UMD
Empirical Models for Vulnerabilities and Attacks tdumitra The security of deployed and actively used systems is a moving target, influenced by factors that are not captured in the existing security models and metrics. For example, estimating the number of vulnerabilities in source code does not account for the... UMD
Epistemic Models for Security rwh Noninterference defines a program to be secure if changes to high-security inputs cannot alter low-security outputs thereby indirectly stating the epistemic property that no low-security principal acquires knowledge of high-security data. We consider a... CMU, CMU, Epistemic Models for Security
Evaluation and Experimentation Peter Volgyesi This research thrust focuses on the design and development of a highly accessible and scalable testbed environment for supporting the evaluation and experimentation efforts across the entire SURE research portfolio. This work is based on our existing... Resilient Architectures, Testing, Control, Modeling, Vanderbilt, Evaluation and experimentation, Resilient Systems, Simulation
Formal Approaches to the Ontology & Epistemology of Resilience johnsymons Security Science requires reflection on its foundational concepts. Our contention is that in order to make informed decisions about trade-offs with respect to resilient properties of systems we must first precisely characterize the differences between the... Formal Approaches to the Ontology & Epistemology of Resilience, Resilient Architectures
Formal Specification and Analysis of Security-Critical Norms and Policies jondoyle Goal: To understand how security properties vary with norms and policies that govern the behavior of collaborators (users and organizations), to enable identification of norms and policies that achieve desired tradeoffs between security and user... NCSU, NCSU, Formal Specification and Analysis of Security-Critical Norms and Policies
Foundations for Cyber-Physical System Resilience Xenofon Koutsoukos The goals of this project are to develop the principles and methods for designing and analyzing resilient CPS architectures that deliver required service in the face of compromised components. A fundamental challenge is to understand the basic tenets of... Foundations of a CPS Resilience, Resilient Architectures
Geo-Temporal Characterization of Security Threats kathleen.carley Cyber security is a global phenomenon. For example, recent socially-engineered attacks that target CEOs of global corporations appear to be instigated by the Chinese group dubbed the "comment crew." In their 2011 survey Symantec found that the number... CMU, CMU, Geo-Temporal Characterization of Security Threats