Visible to the public Data-Driven Model-Based Decision-Making - April 2017Conflict Detection Enabled

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PIs: William Sanders, Masooda Bashir, David Nicol, and Aad Van Moorsel*

Researchers: Ken Keefe, Mohamad Noureddine, Charles Morriset* and Rob Cain* (*Newcastle Univ., UK)

This refers to Hard Problems, released November 2012.

  • Predictive Security Metrics - System security analysis requires a holistic approach that considers the behavior of non-human subsystem, bad actors or adversaries, and expected human participants such as users and system administrators. We are developing the HITOP modeling formalism to formally describe the behavior of human participants and how their decisions affect overall system performance and security. With this modeling methodology and the tool support we are developing, we will produce quantitative security metrics for cyber-human systems.
  • Human Behavior - Modeling and evaluating human behavior is challenging, but it is an imperative component in security analysis. Stochastic modeling serves as a good approximation of human behavior, but we intend to do more with the HITOP method, which considers a task based process modeling language that evaluates a human's opportunity, willingness, and capability to perform individual tasks in their daily behavior. Partnered with an effective data collection strategy to validate model parameters, we are working to provide a sound model of human behavior.

Papers published in this quarter as a result of this research. Include title, author(s), venue published/presented, and a short description or abstract. Identify which hard problem(s) the publication addressed. Papers that have not yet been published should be reported in region 2 below.

No publications this quarter.


We have implemented a data collection strategy optimization tool for parameterized models. Given a data-sampling budget, the tool computes how much data per parameter should be collected from multiple data sources to provide the most accurate model output. Computing an optimal strategy is computationally expensive so we explore ways to make our tool more efficient. We consider three case studies to highlight the effectiveness of our tool; workflow resiliency, server energy consumption, and data collection vs. privacy. We also continue to explore the idea of quantifying user power during the execution of security constrained business workflows. By modeling workflows as directed graphs we utilize node power measures used in graph theory to highlight critical steps and users in a workflow. We consider a case study based on reshipping scams, which we model as workflows. We look to identify which steps in the scam are critical and should be targeted, or 'taken out' to reduce the likelihood of scam completion.

We also made significant progress in developing an ontology to support the evaluation of different intrusion detection system (IDS) approaches for Advanced Metering Infrastructure (AMI) deployments. This ontology may be used in conjunction with a model generator and a simple hand-built system model to automatically create sophisticated ADversary VIew Security Evaluation (ADVISE) models to aid security-related design decisions. This automatic generation approach should significantly ameliorate the often-challenging process of security modeling evaluation. We had previously developed the model generation approach for general computer networks on a different project, but in this quarter I extended the approach so it could aid the security evaluation of AMI deployments in addition to general computer networks.

We continue to explore ways to automatically make system design decisions based on the evaluation of system security models like ADVISE. After a review of the literature, we found several connections for leveraging the power of model checking and ADVISE that we are excited to use. We are exploring a small example that demonstrates the power of this approach. The next step is to investigate the art of minimization analysis to restructure the model so that attacks are either removed or made more difficult by design changes. Major challenges include accounting for different attacker behaviors and extending it to more complex models.