Visible to the public SoS Quarterly Summary Report - July 2016Conflict Detection Enabled

Lablet Summary Report
Purpose: To highlight progress. Information is generally at a higher level which is accessible to the interested public.

A). Fundamental Research
High level report of result or partial result that helped move security science foward-- In most cases it should point to a "hard problem".

[Sanders, Bashir, Nicol and Van Moorsel] We also continue extending the work submitted in John Mace's PhD thesis looked at providing tools and techniques to analyze the impact of information security policies. Of particular interest is the impact on workflow resiliency, the likelihood of a workflow executed by users with probabilistic availability being completed whilst satisfying all security constraints. We investigate the notion of power that users hold over the completion of a workflow in terms of expected power and actual power and show that the latter may be greater in some cases. This work incorporates parameterized models and would provide a useful case study for our data collection support tool prototype.

[Xie, Blythe, Koppel, Smith] PI Jim Blythe, Dartmouth PhD student Vijay Kothari, and Dartmouth undergraduate Bruno Korbar, as well as PIs Ross Koppel and Sean Smith, have been working on building a new iteration of DASH in Python that is nearing completion. In addition to the previous functionality of the Prolog/Java-based version of DASH, we are working on providing functionality to model space and time, and more robust multi-agent functionality. We are also working toward recreating the password simulation in this Python version of DASH.

[Godfrey, Caesar, Nicol, Sanders, Jin] We are investigating effective evaluation methodologies designed scale to large and complex systems via the marriage of emulation and simulation. We developed a hybrid platform with the goal of realizing the network models and the evaluating the verification algorithms we developed earlier. The research outcomes so far include a paper published in ACM SIGSIM-PADS 2016, which was nominated for the best paper award (3 out of 27) and a poster presented at IIT Research Day 2016, which won the best poster award. (news article:

[Iyer, Kalbarczyk] This quarter we extended our effort to study applications of probabilistic graphical models, specifically Factor Graphs, in other application domains (a cloud virtualization environment) and new large enterprise environment (Blue Waters supercomputer at NCSA).

[Mitra, Dullerud, Chaudhuri] Our simulation-based formal analysis approaches have gained momentum. The IEEE Design and Test paper mentioned above shows that this approach can be used to analyze models of medical devices like pacemakers together with relevant abstractions of physiology. In another related paper, we show that the approaches can handle challenge problems coming from the automotive industry. That paper received the Robert Bosch sponsored best verification result award at the ARCH workshop of CPSWeek.

[Viswanath] The UIUC Lablet added a new project, Anonymous Messaging. Anonymity is a basic right and a core aspect of Internet. Recently, there has been tremendous interest in anonymity and privacy in social networks, motivated by the natural desire to share one's opinions without the fear of judgment or personal reprisal (by parents, authorities, and the public). We propose to study the fundamental questions associated with building such a semi-distributed, anonymous messaging platform, which aims to keep anonymous the identity of the source who initially posted a message as well as the identity of the relays who approved and propagated the message.

B). Community Interaction
Work to explain or extend scientific rigor in the community/culture. Workshops, Seminars, Competitions, etc.

  • Patrick Traynor, University of Florida, "Who Do I Think You Are? Challenges and Opportunities in Telephony Authentication", Science of Security Speaker Series, April 12, 2016.
  • Tao Xie, "Text Analytics for Security", tutorial, Symposium and Bootcamp on the Science of Security (HotSoS 2016), Pittsburgh, PA, April 19-21, 2016.
  • Zhenqi Huang and Yu Wang, "Static-Dynamic Analysis of Security Metrics for Cyber-Physical Systems", Joint Trust and Security/Science of Security Seminar, April 26, 2016.
  • Phoung Cao, "Preemptive Intrusion Detection - Practical Experience and Detection Framework", Joint Trust and Security/Science of Security Seminar, May 3, 2016.
  • Tao Xie, "Measuring Code Behavioral Similarity for Programing and Software Engineering Education", 38th International Conference on Software Engineering (ICSE 2016), Austin, TX, May 14-22, 2016.
  • Tao Xie, "User Expectations in Mobile App Security", invited speaker, Department of Computer Science, University of Central Florida, Orlando, FL, June 2016.
  • Geir Dullerud, "Lyapunoy Constructions, Formal Proof Frameworks, and Computation-Based Verification for Complex Systems", Europpean Control Conference (ECC), Aalborg, Denmark, June 2016.

Other Community Interaction

[UIUC SoS Lablet] Patrick Traynor from the University of Florida gave the last invited talk of the semester on April 12 for the SoS Speaker Series. The series is heavily advertised throughout the University and we have had an excellent turn out.

[Mitra, Dullerud, Chaudhuri] Our workshop entitled "Science of Security for Cyber-Physical Systems" (SoSCYPS) was held as part of the CPS Week 2016 to be held April 11, 2016. The goal of the workshop is to advance the Science of Security and cyber-physical systems. Leaders of the two communities engaged in a full day workshop of invited talks and a panel discussion. The workshop agenda and a list of speakers and topics can be found at the SoSCYPS webpage:

[Godfrey, Caesar, Nicol, Sanders Jin] Science of Security through Software-Defined Networking Workshop (SoSSDN) was held at the Illinois Institute of Technology (IIT) in Chicago, IL on June 16-17. The goal of the workshop was to 'identify opportunities and challenges in using SDNs to advance the 'science of security'. We have brought together leaders from academia, industry, national labs and government agencies in the areas of SDN and Security in this two-day workshop. The workshop consists of 11 invited talks (2 keynotes), a poster session (10 accepted posters) and a panel on "How to Make Security for SDN a Science?" Covered topics include SDN principles that support formal and experimental analysis of security, metrics for SDN security, identifying hard open problems for academic research in SDN security, SDN-based testbeds and cyber-infrastructures in security research, success and failures in designing for resilient and secure networks, identifying tools and techniques that can advance networks/systems security research.

C. Educational
Any changes to curriculum at your school or elsewhere that indicates an increased training or rigor in security research.

[Godfrey, Caesar, Nicol, Sanders Jin] Preparations have begun for the next iteration of our Coursera online course on Cloud Networking. When this was taught last fall, roughly 30,000 students enrolled. This course included a segment on network security for the cloud, particularly with respect to network virtualization.

[UIUC SoS Lablet] Five students have started research projects as SoS summer interns on June 6. The students are from Tennessee State University, North Texas University, and the University of Illinois at Urbana-Champaign. They also attend seminars on other educational topics during the summer in conjunction with other internship programs within the UIUC College of Engineering. The program will conclude with a poster session on July 29.