Visible to the public SoS Quarterly Summary Report - January 2017Conflict Detection Enabled

Lablet Summary Report
Purpose: To highlight progress. Information is generally at a higher level which is accessible to the interested public.

A). Fundamental Research
High level report of result or partial result that helped move security science foward-- In most cases it should point to a "hard problem".

[Sanders, Bashir, Nicol and Van Moorsel] We started a new effort on a different approach for human behavior modeling. The aim is to create an easy to use, powerful, and flexible modeling formalism that would allow a security modeler to model multiple defenders and users in a system as well as the attacker. An engineer using the modeling formalism could make more informed design decisions to improve the security of cyber systems. We started exploring the existing literature, developing the theory behind the new modeling formalism, and laying the groundwork for a case study which will exercise both established and novel modeling formalisms.

[Xie, Blythe, Koppel, Smith] We have begun collaboration with researchers at University of Pennsylvania who specialize in simulating and checking Markov chain models. The goal is to blend these Markov-based models with our DASH model to tackle security problems.

[Godfrey, Caesar, Nicol, Sanders, Jin] We continue to investigate effective evaluation methodologies designed scale to large and complex systems via the marriage of emulation and simulation. We developed a hybrid platform, named DSSnet, with the goal of realizing the network models and the evaluating the verification algorithms we developed earlier. We are currently in the process of open-sourcing the DSSNet software. We also refined the existing virtual time mechanism for better synchronization between the two systems to achieve better fidelity. The research outcome includes an accepted journal paper in Journal of Simulation.

[Iyer, Kalbarczyk] We propose data-driven methodologies to create models and metrics used for monitoring, with the goal of recognizing, mitigating, and containing attacks. We use production scale data on security incidents in real-world systems (e.g., NCSA) to discover relationships and time sequences of events in vast amounts of log data to drive the development of scientifically sound methods for early attack detection. The challenge is to capture and identify attackers' actions from the measurements, develop predictive models of attacker behavior before and during an attack, and thus develop a framework within which to reason about attacks, independently of the vulnerability exploited or the adopted attack pattern. Our project looks at models and metrics driving (1) cross-layer monitoring and detection, (2) attack containment, and (3) situational awareness.

[Mitra, Dullerud, Chaudhuri] .We have formulated the general problem of controller synthesis in the presence of resource constrained adversaries; namely, given an adversary of a certain classification, parametrized according to the resources available to the adversary, we are creating a methodology to assess the performance degradation from this threat class. We have developed a sound and complete algorithm for solving this problem, initially for the special case of linear systems with L2-norm bounded adversaries, and now for more general nonlinear models.

[Viswanath] We have initiated a study of anonymity of the BitCoin networking stack. The networking architecture of BitCoin P2P (peer to peer), since distributed architectures are the basic essence of the anonymity provided by the cryptocurrency. However, very recent works point out the loopholes in the networking protocols -- and our work has focused on a systematic exploration of this phenomenon.

B). Community Interaction
Work to explain or extend scientific rigor in the community/culture. Workshops, Seminars, Competitions, etc.

  • Nadia Heninger, University of Pennsylvania, "The Legacy of Export-grade Cryptography in the 21st Century", invited speaker, Science of Security Speaker Series, October 6, 2016.
  • Santhosh Prabhu, "Oreo: Transparent Optimization to Enable Flexible Policy Enforcement in Software Defined Networks", Joint Trust and Security/Science of Security Seminar, October 11, 2016.
  • Franziska Roesner, University of Washington, "Computer Security, Privacy, and User Expections: Case Studies in Web Tracking and Application Permissions", invited speaker, Science of Security Speaker Series, October 18, 2016.
  • Phuong Cao, "Automated Generation of Attack Signatures in Attack Graphs", Joint Trust and Security/Science of Security Seminar, November 1, 2016.
  • Jim Blythe, Christopher Novak, Vijay Kothari, Ross Koppel, and Sean Smith, "Modeling Human Security Behavior: Recent Results on Understanding Compliance" SoS Quarterly Meeting poster session, November 2-3, 2016.
  • Ross Koppel, David Harmon, Sean Smith, Jim Blythe, and Vijay Kothari, "Beliefs about Cybersecurity Rules and Passwords: Comparing Two Survey Samples of Cybersecurity Professionals and General Users and Future Data Collection Experiments" SoS Quarterly Meeting poster session, November 2-3, 2016.
  • Sean Smith, Ross Koppel, Jim Blythe, and Vijay Kothari, "Flawed Mental Models Lead to Bad Cyber Security Decisions: Let's Do a Better Job!" SoS Quarterly Meeting poster session, November 2-3, 2016.
  • Dengfeng Li, Wei Yang, Wing Lam, and Tao Xie, "User-Centric Mobile Security Assessment" SoS Quarterly Meeting poster session, November 2-3, 2016.
  • Brighten Godfrey, Matthew Caesar, David Nicol, and William Sanders, "A Hypothesis Testing Framework for Network Security", SoS Quarterly Meeting poster session, November 2-3, 2016.
  • Giulia Fanti, Peter Kairouz, Sewoong Oh, Kannan Ramchandran, and Pramod Viswanath, "Spy vs. Spy: Anonymous Broadcasting over Networks", SoS Quarterly Meeting poster session, November 2-3, 2016.
  • Geir Dullerud, "UIUC Lablet Report", SoS Quarterly Meeting, November 2-3, 2016.
  • Dengfeng Li, "Toward Privacy-Preserving Mobile Utility Apps: A Balancing Act", Joint Trust and Security/Science of Security Seminar, November 29, 2016.
  • Sayan Mitra, "Auditing Algorithms", Frontiers Seminar, Master of Technology Management Program, University of Illinois at Urbana-Champaign, December 2, 2016.
  • Ahmed Fawaz, "Behavioral Analysis for Cyber Resilience", Joint Trust and Security/Science of Security Seminar, December 6, 2016.
  • Xin Liu, "ConVenus: Congestion Verification of Network Updates in Software-defined Networks", Winter Simulation Conference (WSC 2016), Washington, DC, December 11-14, 2016.
  • Kevin Jin, panelist, "Smart Cities and Urban Infrastructures Panel", Winter Simulation Conference (WSC 2016), Washington, DC, December 11-14, 2016.
  • Heather Rosoff, Jim Blythe, Sarah Kusumastuti, and Richard John, "Behavioral Experimentation of Cyber Attacker Deterrence with DETER Testbed", Society for Risk Analysis Annual Meeting, San Diego, CA, December 11-15, 2016
  • Ross Koppel, panelist, "Individual and Norms Panel", CRA CCC Sociotechnical Cybersecurity Workshop, Hyattsville, MD, December 12-13, 2016.
  • Geir Dullerud, "Differential Privacy, Entropy and Consensus", invited tutorial speaker, in Differential Privacy in Control and Network Systems, IEEE Conference on Decision and Control, Las Vegas, December 12-14, 2016.

C. Educational
Any changes to curriculum at your school or elsewhere that indicates an increased training or rigor in security research.

[Viswanath] A set of notes summarizing the Bit Coin networking protocols is being developed, with the goal of using them in an upcoming privacy and anonymity course at the graduate level.

[UIUC SoS Lablet] The search has begun for the 2017 Science of Security summer interns. We are advertising the program to universities across the country, including underserved and minority campuses. The application deadline in January 31.