Visible to the public SoS Quarterly Summary Report - UIUC - Jul to Sep 2014 - October 2014

Lablet Summary Report
Purpose: To highlight progress. Information is generally at a higher level which is accessible to the interested public.

A). Fundamental Research

[Xie, Blythe, Koppel, Smith] PIs Smith and Koppel and their research groups met for a face-to-face workshop in July and discussed the ongoing DASH simulation work, the survey work, the corpora of workarounds and other IT mismatches (now up to about 300), and the analysis of that based on the semiotic framework that the team used in the earlier JAMIA paper. One consequence of that meeting was the decision to move the corpora into a qualitative research tool (NVivo). Migration and initial coding is now complete; the team is now planning a follow-on to the JAMIA paper focusing on this analysis.

[Godfrey, Caesar, Nicol, Sanders, Jin] Began work on developing a database model of network behavior. This database system allows us to dynamically create views of a network which represent abstracted properties like reachability or data isolation. The goal is that in its later stages, this system may provide a convenient system for interactively testing hypotheses.

[Iyer, Kalbarczyk] Focused on broadening our knowledge-base on attacks. Our investigation is based on data-driven methodologies to create models and metrics used for monitoring, with the goal of recognizing, mitigating, and containing attacks, it is essential to create representative data set on security attacks. Specifically, we concentrated on the timing side-channels that leak information about the hypervisor (that supports virtualized environment) to an external observer.

[Mitra, Dullerud, Chaudhuri] We have formulated the general problem of controller synthesis in the presence of resource constrained adversaries; namely, given an adversary of a certain classification, parametrized according to the resources available to the adversary, we are creating a methodology to assess the performance degradation from this threat class. We have developed a sound and complete algorithm for solving this problem for a special case: linear systems with L2-norm bounded adversaries. Software tool implementing this approach is being implemented.

B). Community Interaction

[Xie, Blythe, Koppel, Smith] Ross Koppel presented "Software Loved by its Vendors and Disliked by 70% of its Users: Two Trillion Dollars of Healthcare Information Technology's Promises and Disappointments", Keynote talk at the 2014 USENIX Summit on Health Information Technologies in August 2014.

[Godfrey, Caesar, Nicol, Sanders, Jin] Soudeh Ghorbani and Brighten Godfrey presented and won best paper award for, "Towards Correct Network Virtualization", at the ACM Workshop on Hot Topics in Software Defined Networks (HotSDN) in August 2014.

[Mitra, Dullerud, Chaudhuri] Sayan Mitra and Geir Dullerud with research students, Yu Wang and Zhenqi Huang presented to UIUC SoS Lablet on "Entropy-minimizing Mechanism for Differential Privacy of Discrete-time Linear Feedback Systems" and "Verification from Simulations and Modular Annotations" in September 2014.

Sayan Mitra and Geir Dullerud are scheduled present at the NSA SoS Community Meeting at the end of October.

C. Educational

[Xie, Blythe, Koppel, Smith] Ross Koppel is developing a course on the ethnography of organizational workflow and cyber workarounds. That course will involve approximately 20 students interviewing workers about password circumvention and ways of accessing information that is not part of official policy. These findings will help to continue our work of discovering ways well-indented workers create vulnerabilities in cyber security.

The educational and curricular plans for the UIUC SoS Lablet are starting to take shape:
* The final proposal for the Spring 2015 SoS graduate seminar has been submitted for approval to the University.
* Plans for the UIUC SoS Summer School are in the early organizational stages.
* A call for summer undergraduate internships has been written and will be advertised within the next month.