Visible to the public SoS Quarterly Summary Report - Oct to Dec 2014 - January 2015Conflict Detection Enabled

Lablet Summary Report
Purpose: To highlight progress. Information is generally at a higher level which is accessible to the interested public.

A). Fundamental Research
High level report of result or partial result that helped move security science foward-- In most cases it should point to a "hard problem".

[Sanders, Bashir, Nicol and Van Moorsel] This project task aims to facilitate the design of optimal data collection strategies for such models, looking especially at application in security decision-making. The main idea is to model the uncertainty of potential data collection, and determine its influence on output accuracy by using and solving the model. We provide a discussion of the factors affecting this data collection problem before further defining it as formal optimization problems. A number of methods for modeling data collection uncertainty will be presented and these methods provide the basis for solvable algorithms. These methods will be presented, tested, and evaluated with a number of efficiency improvements based upon importance sampling and Design of Experiment techniques.

[Xie, Blythe, Koppel, Smith] The team migrated the circumvention catalog from NVivo (a single-site tool) to DeDoose, which allows the entire team to access it. PI Xie led Ph.D. students Wei Yang and Sihan Li on developing tool support to extract contextual information of command-and-control behavior of a bot mobile app so that users of the mobile app can view more detailed information for determining whether the mobile app may be a malicious app or not.

[Godfrey, Caesar, Nicol, Sanders, Jin] We continued our work on modeling virtualized networks, with an emphasis on determining when virtual and physical networks may differ, and resolving these inconsistencies. Having previously published a workshop paper, we are now developing more rigorous models and beginning to design a system based on them.

[Iyer, Kalbarczyk] Focused on evaluating the effectiveness of applying factor graph (a probabilistic graphical model) to model and detect masquerade attacks (i.e., attacks that use stolen user credentials such as username/passwords or private keys to deliver attack payloads). Automatically collected data logs (e.g., network flows, syslogs, and IDS logs) corresponding to the attacks combined with human written incident reports were used to evaluate our approach. Specifically, each log entry is automatically mapped to a discrete event or events are manually extracted from the incident reports. Each event is associated with a user state (e.g., benign, suspicious, or malicious). Potentially malicious users can be detected by constructing and evaluating factor graph model in which observed/hidden variables/events are linked by factor functions representing functional relations among the variables/events.

[Mitra, Dullerud, Chaudhuri] We have formulated the general problem of controller synthesis in the presence of resource constrained adversaries; namely, given an adversary of a certain classification, parametrized according to the resources available to the adversary, we are creating a methodology to assess the performance degradation from this threat class. We have developed a sound and complete algorithm for solving this problem for a special case: linear systems with L2-norm bounded adversaries. Software tool implementing this approach is being implemented.

B). Community Interaction
Work to explain or extend scientific rigor in the community/culture. Workshops, Seminars, Competitions, etc.

NSA SoS Lablet Quarterly Meeting Presentations, October 2014

  • Ravi Iyer presented "Survey on Resilience"
  • Sayan Mitra presented "Static and Dynamic Analysis of Security Metrics for Cyber Physical Systems"

NSA SoS Lablet Bi-weekly Meeting Presentations

  • David Nicol lead the discussion, "Science of Security Hard Problems: A Lablet Perspective", October 2014.
  • Soudeh Ghorbani presented "Towards Correct Network Virtualization", at the UIUC

SoS Lablet Bi-weekly Meeting, October 2014.

  • Ravi Iyer lead the discussion, "Resiliency Survey: Challenges Going Forward", November 2014.
  • Ken Keefe presented "Making Sound Security Decisions Using Quantitative Security Metrics", December 2014.
  • Brighten Godfrey and Ravi Iyer are scheduled present at the NSA SoS Quarterly Meeting at the end of January.

C. Educational
Any changes to curriculum at your school or elsewhere that indicates an increased training or rigor in security research.

[Godfrey, Caesar, Nicol, Sanders, and Jin] David Nicol's graduate seminar course ECE 598, the Science of Computer Security is will begin at the University of Illinois at Urbana-Champaign in January 2015. The security of computers, communications, and data is of great concern to our society. Decades of research have produced solutions to a variety isolated problems, some of which have been produced using techniques that are recognizable as "scientific", others of which appear to be ad-hoc. There is a growing sentiment in the community that research in security should be conducted when possible on a scientific or engineering basis. This course examines the questions of what might constitute a science of security, framing the questions around five "hard areas" proposed by the NSA: Composition, Policy, Metrics, Resiliency, and Human Factors. The students will read and present papers from the literature that exemplify a scientific approach to security, and write essays on the questions raised by the course. The course is intended for graduate students interested in trustworthy systems research.

[Xie, Blythe, Koppel, and Smith] Tao Xie is designing teaching materials on Code Hunt ( released by Microsoft Research for teaching and training students on software security. The teaching materials incorporate educational gamification to teach students on improving their software security skills.

[Godfrey, Caesar, Nicol, Sanders, and Jin] Kevin Jin is developing a new graduate-level course, CS558 Advanced Computer Security at the Illinois Institute of Technology. A key topic in this course is network security, which will cover some of the research results of this project.

The educational and curricular plans for the UIUC SoS Lablet are starting to take shape:

  • Plans for the UIUC SoS Summer School are in the early organizational stages.
  • A call for summer undergraduate internships has been written and will be advertised within the next month.