Visible to the public Winter 2021 SoS Quarterly Lablet Meeting Conflict Detection Enabled

Winter 2021 SoS Quarterly Lablet Meeting

The Winter 2021 Science of Security and Privacy (SoS) Quarterly Lablet meeting was hosted virtually by Vanderbilt University (VU) on January 12-13, 2021. The virtual attendees from the government and six SoS Lablets were welcomed by Xenefon Koutsoukos, the Principal Investigator (PI) at the VU Lablet, and Adam Tagert, the NSA SoS Technical Director. Adam reported on the winner of the 8th Annual Best Scientific Cybersecurity Paper Competition ("Spectre Attacks: Exploiting Speculative Execution") and encouraged attendees to submit a paper for the 9th Annual competition. He also presented details about HotSoS 2021, which will be hosted by NSA and held virtually from 13-15 April; HotSoS 2021 will encourage interaction among presenters and attendees and focus on Works-in-Progress (WiPs), posters, and student presentations. The deadline for submission is February 7, 2021.

NSA Champions Panel

The first presentation consisted of a panel discussion by NSA Champions Adam Tagert, Ahmad Ridley, and Mike Collins, from NSA's Laboratory for Advanced Cybersecurity Research. Adam Tagert moderated the panel. The discussion session addressed such issues as communications with the projects for which they are the Champions, the genesis of the research projects, what it means to be a Champion, how they connect with other researchers about the projects, balancing short-term and long-term research contributions, and NSA's grand challenges.

The Champions noted that it is important to expose the SoS researchers and graduate students to the mission problems or the mission use cases from a national security perspective since they are often different than what researchers might think about in a purely academic or industry case. It is also important to provide additional insight into use cases that drive the national security mission. That makes research more interesting for both the government sponsors and the Lablet researchers.

In addressing the question of how to ensure that others at NSA are made aware of Lablet research, a panelist said that it starts with understanding the challenges in an operational setting. Areas that are not working closely with the Lablets may not be ready for the full research theory or practice being developed, but there are small milestones within the research efforts that could be relevant to challenges in other areas. Even if it is just reducing the amount of time needed to solve a problem, the contribution is worth it. Non-research organizations, for example, may need a way to transition or understand research-heavy concepts and ideas in a way that makes sense for their mission. The role of the Champions is to serve as a bridge. They suggested that if the Lablet research is broken into goals, certain milestones could be achieved such as a white paper, code or research level code that will generate some results.

The Champions agreed that by knowing where the academic and industry research is headed and the tough problems that NSA is trying to solve, Champions can break the research down and explain to mission customers and partners what type of environment they might need to create to be ready for that research when it becomes more widely available. The goal is to allow them to take advantage of research successes--even if it is just a small component that would help a mission partner, that short term goal is still important.

Invited Talk

Brad Martin, Formal Methods at Scale

The quarterly keynote presentation was by NSA's Brad Martin. The topic was his work to increase the use of formal methods in security. Mr. Martin discussed the two workshops held in 2019 under the auspices of the National Science and Technology Council (NSTC) Special Cyber Operations Research and Engineering subcommittee (SCORE) that were designed to improve understanding of how the formal methods community, in partnership with sponsors and users, might achieve broader use of the technologies at increasing levels of scale. The workshops also sought to identify successes, barriers, opportunities, and challenges regarding the use of formal methods in cyber systems. The workshops explored tools, key enablers of success, emerging formal methods capabilities, and opportunities for key R&D investments. Workshop participants concluded that tools, practices, and ecosystems are already facilitating commercial, government, and academic application of formal tools across many application domains and types of systems, but work remains to advance the scope, capability, and usability of the key formal methods technologies, tools, and practices. While the use of formal methods is increasing, the technologies are still at an early stage of development with respect to potential benefits to security, quality, and other kinds of assurance, as well as ancillary benefits to developing systems that are both readily adaptable and, on the basis of formal evidence, also readily recertified.

Lablet Project Presentations

The quarterly meeting included six technical talks, one from each Lablet. The talks were chosen on the quarterly meeting theme of empirical studies and simulation. The theme enables researchers and interested parties to gather with common interests to increase collaboration within the community.

Prasad Kulkarni (KU): Secure Native Binary Executions

Project: Secure Native Binary Executions

Professor Kulkarni described two projects that are underway to achieve the goal of developing a high-performance framework for client-side security assessment and enforcement for cots binary software. The overall project aims to provide greater control to the end-user to actively assess and secure the software they use. The first project assesses the security of software binaries, while the second project enhances the security of software binaries. The projects are designed to produce easy to use, reliable, and high-performance software tools for assessing and enforcing the security of binary software. One of the questions posed was how his research might help mitigate threats from supply chain attack which was recently highlighted by the SolarWinds compromise.

Kyle Crichton (CMU): How Do Home Computer Users Browse the Web?

Project: Characterizing User Behavior and Anticipating its Effects on Computer Security with a Security Behavior Observatory

Using data collected from the Security Behavior Observatory, a CMU CyLab initiative that has collected a wide array of system, network, and browser data from over 500 home Windows computer users over several years, researchers are seeking to better understand how users browse the web in order to identify where browsing breaks down and how to use this data to better mitigate or prevent some of the consequences. This study sought to identify how user behavior has changed compared to previous measurement studies, and researchers identified five notable changes in user behavior. These changes included, among others, an increase in the use of multiple browser tabs as well as an increase in the number of web pages visited each day. One point raised during the follow-up discussion was how this study could be used to educate users on how to avoid common pitfalls associated with web browsing.

Alisa Frick (ICSI): A Qualitative Model of Older Adults' Contextual Decision-Making About Information Sharing

Project: Operationalizing Contextual Integrity

The overall project goal is to design new privacy controls that are grounded in the theory of contextual integrity so that they can automatically infer contextual norms and handle data-sharing and disclosure on a per-use basis. The research goal of this particular study is to develop a comprehensive understanding of older adults' information-sharing decision-making process and what contextual factors affect it. Dr. Frick described the methods and participants used in the study, the model flow that the researchers developed, implications, and future work. During the discussion period, she noted that the focus of the interviews and model flow was to quantify the impact and the relative importance of different factors.

Xenofon Koutsoukos (VU): Resilient Distributed Optimization and Learning in Networked Cyber-Physical Systems

Project: Foundations of CPS Resilience

This research deals with the system science of secure and resilient CPS and aims to develop a systematic body of knowledge with strong theoretical and empirical underpinnings to inform the engineering of secure and resilient cps that can resist not only known but also unanticipated attacks. This presentation focused on how normal agents can aggregate their neighbors' information to achieve the global objective even if some of the neighbors are adversarial. Professor Koutsoukos addressed vector consensus, distributed diffusion using centerpoint, and distributed multi-task learning in multi-agent environments, as well as simulations and empirical studies. The technical discussion following the presentation focused on the centerpoint method, its comparison to other methods, and possibly combining it with optimization algorithms.

Andy Meneely (RIT) NCSU: Deriving Vulnerability Discoverability Insights from a Penetration Testing Competition

Project: Predicting the Difficulty of Compromise through How Attackers Discover Vulnerabilities

The overall goal of this project is to provide actionable feedback on the discoverability of a vulnerability. The researchers' approach combines the attack surface metaphor and attacker behavior to estimate how attackers will approach discovering a vulnerability. In this presentation, Professor Meneely began by noting that the lifetime of a vulnerability is usually many years, and because vulnerabilities are typically small, they are easy to miss. He pointed out that discoverability aids risk assessment and behavior drives discoverability. Using over 14 TB of attacker behavior data gathered from National Collegiate Penetration Testing Competitions (CPTC), the RIT and NCSU researchers sought to answer multiple research questions. Professor Meneely presented some of their findings. In responding to a question about whether these findings can be used to improve the competition, he noted that the competition organizers have been able to see what people tend to do, and they are now able to use actual data to inform competition development.

Hussein Subai (UIUC): Accelerating Autonomous System Verification Using Symmetry

Project: Resilient Control of Cyber-Physical Systems with Distributed Learning

The project aims to bring together techniques from Machine Learning (ML) and formal verification to improve resiliency and risk-reduction in autonomous systems and CPS. This presentation addressed recent successes in CPS verification by the researchers at UIUC and the University of Texas at Austin. The presenter noted that safety analysis of autonomous systems is challenging, and one of the key challenges in analyzing autonomous systems is scalability. He addressed how symmetry can be used to enhance the scalability of autonomous systems verification and provided several examples of how that had been applied in the research. He summarized that they had designed caching reachsets and abstraction-refinement-based algorithms to accelerate autonomous systems verification and developed safety verification tools for autonomous systems that utilize symmetry, and that experimental results are showing orders of magnitude savings in verification time.

The complete agenda and selected presentations can be found here.

The next meeting of the SoS Lablets will be at the Hot Topics in the Science of Security: Symposium (HotSoS) which will be virtually hosted by The National Security Agency on April 13-15, 2021. HotSoS is a public event and all are welcome to attend and participate for free.