Visible to the public SoS Quarterly Summary Report - July 2017Conflict Detection Enabled

Lablet Summary Report
Purpose: To highlight progress. Information is generally at a higher level which is accessible to the interested public.

A). Fundamental Research
High level report of result or partial result that helped move security science foward-- In most cases it should point to a "hard problem".

[Sanders, Bashir, Nicol and Van Moorsel] We have implemented a data collection strategy optimization tool for parameterized models. We named the tool ADaCS, (Analysing Data Collection Strategies). ADaCS is an extension of the probabilistic model checker PRISM which facilitates the constriction and efficient analysis of probabilistic and parameterized models such as Markov decision processes. Given a data sampling budget, ADaCS computes how much data per parameter should be collected from multiple data sources to provide the most accurate output of the system modeled in PRISM's high-level state based modeling language. We consider using attack trees and server energy consumption as case studies to illustrate the effectiveness of ADaCS. In its basic form ADaCS automatically analysis all possible data collection strategies and selects the optimal one. Computing an optimal strategy in this way is computationally expensive so we explore ways to make our tool more efficient by introducing heuristics to reduce the strategy exploration space when finding the best strategy.

[Xie, Blythe, Koppel, Smith] We have been developing questionnaires for both high-level computer security professionals and general users. These results will improve our understanding of perceptions, attitudes, and behaviors of both security practitioners and general users. Indeed, results may improve security practitioners' decisions directly or indirectly by providing requisite data to build faithful models of human behavior that can inform security practitioners. We have conducted surveys on a small scale and have done initial analysis of results. We are now conducting surveys on a larger scale, and have in fact doubled the number of respondents in the past few months.

[Godfrey, Caesar, Nicol, Sanders, Jin] Investigating infrastructure-level and application-level approach to apply SDN technologies to make industrial control systems more cyber secure and resilient.

[Iyer, Kalbarczyk] Deployment of our automatic learning of factor graphs employed for preemptive detection of multi-stage attacks in large enterprise networks, e.g., HPC system and cloud infrastructure. Specifically, we installed our AttackTagger detector into live network traffic of NCSA's network to tag raw system and network logs with corresponding attack stages. The goal is to detect multi-stage attacks in a life system.

[Mitra, Dullerud, Chaudhuri] .We have formulated the general problem of controller synthesis in the presence of resource constrained adversaries; namely, given an adversary of a certain classification, parametrized according to the resources available to the adversary, we are creating a methodology to assess the performance degradation from this threat class. We have developed a sound and complete algorithm for solving this problem, initially for the special case of linear systems with L2-norm bounded adversaries, and now for more general nonlinear models.

[Gunter and Viswanath] Fundamental limits to spreading and hiding of in the BitCoin P2P networking stack. Our study of anonymity of the BitCoin networking stack has progressed smoothly, with significant research progress.

[Sanders] We tackled the problem of ensuring cloud application resiliency against application distributed denial of service attacks (DDoS). We proposed an engine that uses OpenStack's cloud telemetry infrastructure to monitor the cloud applications and uses change point detection to differentiate periods of high load from DDoS attacks. Once an attack has been detected, the engine bootstraps a resiliency response module that use proof of work client puzzles to rate limit attackers in a stateless fashion. We suggest that the monitoring information can be used to perform horizontal scaling of the cloud application when under attack.

B). Community Interaction
Work to explain or extend scientific rigor in the community/culture. Workshops, Seminars, Competitions, etc.


  • Zhenqi Huang, Yu Wang, Sayan Mitra, and Geir Dullerud, "Differential Privacy and Entropy in Distributed Feedback Systems: Minimizing Mechanisms and Performance Trade-offs", IEEE Transactions on Network Control Systems, volume 4, issue 1, March 2017.
  • Santhosh Prabhu, Mo Dong, Tong Meng, P. Brighten Godfrey, and Matthew Caesar, "Let me rephrase that: Transparent optimization in SDNs", ACM SIGCOMM Symposium on SDN Research (SOSR 2017), Santa Clara, CA, April 3-4, 2017.
  • Hussein Sibaie and Sayan Mitra, "Optimal data rates for estimation and model detection of switched dynamical systems", 20th ACM International Conference on Hybrid Systems: Computation and Control in conjunction with CPS Week 2017, Pittsburgh, PA, April 18-21, 2017.
  • Soudeh Ghorbani and P. Brighten Godfrey, "COCONUT: Seamless Scale-out of Network Elements", European Conference on Computer Systems (EuroSys 2017), Belgrade, Serbia, April 23-26, 2017.
  • Ross Koppel, Jim Blythe, Vijay Kothari, and Sean Smith, "Password Logbooks and What Their Amazon Reviews Reveal About Their Users' Motivations, Beliefs, and Behaviors", 2nd European Workshop on Usable Security (EuroUSEC 2017), Paris, France, April 29, 2017.
  • Ross Koppel and Harold Thimbleby: Lessons from the 100 Nation Ransomware Attack. May 14, 2017 The HealthCare Blog (THCB)
  • Haibing Zheng, Dengfeng Li, Xia Zeng, Beihai Liang, Wujie Zheng, Yuetang Deng, Wing Lam, Wei Yang, and Tao Xie, "Automated Test Input Generation for Android: Towards Getting There in an Industrial Case", 39th International Conference on Software Engineering (ICSE 2017), Software Engineering in Practice (SEIP), Buenos Aires, Argentina, May 20-28, 2017.
  • Jiaqi Yan, Xin Liu and Dong Jin. "Simulation of a Software-Defined Network as One Big Switch", 2017 ACM SIGSIM Conference on Principles of Advanced Discrete Simulation (PADS 2017), Singapore, May 24-26, 2017.
  • Joao Jansch Porto and Geir E. Dullerud, "Decentralized Control with Moving-Horizon Linear Switched Systems: Synthesis and Testbed Implementation", American Control Conference 2017, Seattle, WA, May 24-26, 2017.
  • G. Fanti, S. Venkatakrishnan and P. Viswanath, "Dandelion: Redesigning BitCoin Networking for Anonymity", ACM Sigmetrics 2017, Urbana, IL, June 5-9, 2017.
  • E. Ujcich, A. Miller, A. Bates, and W. H. Sanders, "Towards an Accountable Software-Defined Networking Architecture." 3rd IEEE Conference on Network Softwarization (NetSoft 2017), Bologna, Italy, July 3-7, 2017, to appear.
  • Wang, Y., S. Mitra, and G. Dullerud, "Differential Privacy and Minimum-Variance Unbiased Estimation in Multi-agent Control Systems", IFAC World Congress, Toulouse, France, July 9-14, 2017, to appear.
  • Christopher Novak, Jim Blythe, Ross Koppel, Vijay Kothari, and Sean Smith, "Modeling Aggregate Security with User Agents that Employ Password Memorization Techniques", Who Are You?! Adventures in Authentication (WAY 2017), workshop in conjunction with Symposium On Usable Privacy and Security (SOUPS 2017), July 12-14, 2017, Santa Clara, CA, to appear.
  • Benjamin Andow, Akhil Acharya, Dengfeng Li, William Enck, Kapil Singh, and Tao Xie, "UiRef: Analysis of Sensitive User Inputs in Android Applications", 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2017), Boston, MA, July 18-20, 2017, to appear.
  • Santhosh Prabhu, Ali Kheradmand, Brighten Godfrey, and Matthew Caesar, "Predicting Network Futures with Plankton", 1st Asia-Pacific Workshop on Networking (APNet'17), Hong Kong, China, August 3-4, 2017, to appear.
  • Cheh, B. Chen, W. G. Temple, and W. H. Sanders, "Data-Driven Model-Based Detection of Malicious Insiders via Physical Access Logs", 14th International Conference on Quantitative Evaluation of Systems (QEST 2017), Berlin, Germany, September 5-7, 2017, to appear.
  • John C. Mace, Nippun Thekkummal, Charles Morisset, and Aad van Moorsel, "ADaCS: A tool for Analysing Data Collection Strategies",.14th European Performance Engineering Workshop (EPEW 2017), Berlin, Germany, September 7-8, 2017, to appear.
  • Atul Bohara, Mohammad A. Noureddine, Ahmed Fawaz, and William H. Sanders, "An Unsupervised Multi-Detector Approach for Identifying Malicious Lateral Movement", 36th IEEE International Symposium on Reliable Distributed Systems (SRDS 2017), Hong Kong, September 26-29, 2017, to appear.
  • Dong Jin, Zhiyi Li, Christopher Hannon, Chen Chen, Jianhui Wang, Mohammad Shahidehpour, Cheol Won Lee and Jong Cheol Moon, "Towards a Resilient and Secure Microgrid Using Software-Defined Networking", IEEE Transactions on Smart Grid, Special section on Smart Grid Cyber-Physical Security, to appear.
  • Ning Liu, Adnan Haider, Dong Jin and Xian-He Sun. "A Modeling and Simulation of Extreme-Scale Fat-Tree Networks for HPC Systems and Data Centers", ACM Transactions on Modeling and Computer Simulation (TOMACS), to appear.


  • Mohammad Noureddine, "A Comprehensive Framework for DDoS Resiliency in the Cloud", Monthly UIUC/R2 Meeting, April 27, 2017.
  • Robert Cain, John Mace, Nippun Thekkummal, and Aad van Moorsel, "Optimization of Data Collection Strategies for Model-Based Evaluation and Decision-Making" Monthly UIUC/R2 Meeting, May 11, 2017.
  • Dengfeng Li, Wing Lam, Wei Yang, Zhengkai Wu, Xusheng Xiao, and Tao Xie, "Towards Privacy-Preserving Mobile Apps: A Balancing Act", Poster, Symposium and Bootcamp on the Science of Security (HotSoS 2017), Hanover, MD, April 4-5, 2017.
  • Jim Blythe, Sean Smith, Ross Koppel, Christopher Novak, Vijay Kothari. "FARM: A Toolkit for Finding the Appropriate Level of Realism for Modeling." Poster, Symposium and Bootcamp on the Science of Security (HotSoS 2017), Hanover, MD, April 4-5, 2017.
  • Jim Blythe, Ross Koppel, Sean Smith, Vijay Kothari. "Analysis of Two Parallel Surveys on Cybersecurity: Users and Security Administrators--- notable similarities and differences." Poster, Symposium and Bootcamp on the Science of Security (HotSoS 2017), Hanover, MD, April 4-5, 2017.
  • Sean Smith, Ross Koppel, Jim Blythe, Vijay Kothari. "Flawed Mental Models Lead to Bad Cybersecurity Decisions: Let's Do a Better Job!" Poster, Symposium and Bootcamp on the Science of Security (HotSoS 2017), Hanover, MD, April 4-5, 2017.
  • Sean Smith, "The Internet of Risky Things: Trusting the Devices that Surround Us", University of New Hampshire, Durham, NH, April 20, 2017.
  • Sean Smith, "User Circumvention of Cybersecurity: A Cross-Disciplinary Approach", DIMACS/Northeast Big Data Hub Workshop on Privacy and Security for Big Data, Piscataway, NJ, April 24-25, 2017.
  • Jim Blythe. "Modeling Human Behavior to Improve Cyber Security", Presentation to the Loyola Marymount University MBA class on human decision-making, Los Angeles, CA, June 2017.
  • Kevin Jin, "Towards a Secure and Resilient Microgrid Using Software-Defined Networking, two technical seminars at Huuan University and Xiamen University, June 2017.
  • Sean Smith. "Cybersecurity Fundamentals", Cyber Resilient Energy Delivery Consortium (CREDC) Summer School, St Charles IL, June 12, 2017.
  • Sean Smith, "Cyber Resilience for EDS (my view)", Cyber Resilient Energy Delivery Consortium (CREDC) Summer School, St Charles IL, June 13, 2017.
  • Ahmed Fawaz, "Lateral Movement Detection and Response", Monthly R2/UIUC Meeting, June 15, 2017.
  • Vijay Kothari (Moderator), Ross Koppel (Panelist), Shrirang Mare (Panelist), Scott Rudkin (Panelist), Harold Thimbleby (Panelist), ``On Developing Authentication Solutions for Healthcare Settings", Panel, Who Are You?! Adventures in Authentication (WAY 2017), workshop in conjunction with Symposium On Usable Privacy and Security (SOUPS 2017), July 12-14, 2017, Santa Clara, CA.
  • Geir Dullerud, "Robustness, Mori-Zwanzig Model Reduction, and Statistical Valication of Hybrid Systems", keynote, Second Workshop on Design and Analysis of Robust Systems (DARS 2017) in conjunction with 29th International Conference on Computer Aided Verification (CAV 2017), Heidelberg, Germany, July 22-27, 2017.
  • Ross Koppel, "Understanding Circumvention of Cybersecurity Authentication: Ridiculous Rules, Reasonable and Unreasonable Responses, and User Rationales", Presentation to the Joint NSF/Intel project on cybersecurity of the Internet of Things, Hillsboro, OR, August 9-11, 2017.

C. Educational
Any changes to curriculum at your school or elsewhere that indicates an increased training or rigor in security research.

[Viswanath] Giulia Fanti and Pramod Viswanath gave a tutorial, "Information Limits on Finding and Hiding Message Sources on Networks: Social Media and Cryptocurrencies" at the IEEE International Symposium on Information Theory (ISIT) in Aachen, Germany on June 25, 2017.

[Godfrey, Caesar, Nicol, Sanders, Jin] We have been actively working on dissemination of knowledge through tutorials on network verification. Brighten Godfrey developed and presented a half-day tutorial at a workshop at Hebrew University. Santhosh Prabhu and Brighten Godfrey submitted a proposal to present an expanded tutorial at the IEEE/ACM International Conference on Software Engineering (ASE) in October 2017; this proposal was accepted.

[Xie, Blythe, Koppel, Smith] I Xie attended the 2017 National Society of Black Engineers (NSBE) Convention during March 30-April 1, where he outreached to a large number of black students (including his mentees) on various exciting computer science problems including security problems.

[UIUC SoS Lablet] Four Science of Security summer interns arrived for the summer program on June 5, 2017. The interns work on self-proposed research projects with a University of Illinois advisor. The interns participate in educational and social events with other interns within the College of Engineering. The program will conclude at the end on July 28 with a poster session highlighting the interns' research projects.