Visible to the public KU SoS Lablet Quarterly Executive Summary - 2021 Q4Conflict Detection Enabled

A. Fundamental Research

The University of Kansas Lablet continued work on four projects targeting resiliency, preventing side channel communication, developing semantics and infrastructure for trust, and secure native binary execution. Specifically, we are: (i) reducing micro-architectural side-channels by introducing new OS abstractions while minimally modifying micro-architecture and OS; (ii) developing an epistemology and ontology for framing resilience; (iii) formalizing the remote attestation and defining sufficiency and soundness; and (iv) developing a framework for client-side security assessment and enforcement for COTS software.

Highlights from this quarter include:

  • Dr. Heechul Yun and his team developed a static analysis tool, called SpecIFT, which automatically identifies memory blocks that need to be protected from potential Spectre attacks.  They focused this quarter on Intel Integrated GPUs and developed and evaluated GPU based Cache DoS attacks on Intel's integrated GPU platform.

  • Dr. Prasad Kulkarni and his team started a new study to develop techniques that can detect the presence of secure coding practices adopted during the (source level) coding stage from just the binary code.

  • Dr. Michael Jantz and his team at the University of Tennessee (sub-contract) are developing custom tools to study the effectiveness of different strategies for making binary programs more secure.

  • Dr. Perry Alexander and his students are standing up an attestation testbed and exploring the use of device heath records and blockchains to include provenance in attestation.

B. Community Engagement(s)

KU PIs restarted the GenCyber program for high-school educators. GenCyber brings high school teachers to campus for a week-long intensive introduction to cyber security. The intent is providing them hands on experiences they can take back to their classrooms. GenCyber is supported by NSA and NSF.

ITTC in collaboration with KU's Center for Russian and Eastern European Studies (CREES) and Department of Philosophy are forming a new Center for Cyber-Social Dynamics.  The objective of this new interdisciplinary Center is studying cyber attacks on social norms and structures.  In contrast to attacks on computer systems, these attacks use technology to attack society itself.  Examples of these issues include undermining confidence in elections, inflaming ethnic conflicts, and questioning social structures. This important new research center will be lead by John Symons from KU's Department of Philosophy and housed by KU's new Institute for Information Sciences (I2S).

The dialog started initially by Perry Alexander and Raj Pal (NSA)  around attestation in 5G networking is continuing and expanding.  Lyle Paczkowski (TMobile), Jim Flack (Arm), Reed Hinkel (Arm) have joined us as "permanent" members of the discussion.  We are planning to integrate an Arm security appliance and public domain 5G support into KU's attestation testbed to explore integration issues.  A paper is planned when we have experimental results.

KU continues our internal Software Assurance Meetup for faculty and staff researchers interested in high-assurance and secure systems, but are new to the area.  Emily Witt (Mathematics), Drew Davidson (Computer Science), and Adam Petz (ITTC) are regular participants.

KU continues is Lambda Circle reading group for students and faculty interested in languages and security issues.  Currently we have 5 students and 2 faculty who participate regularly.  Recent topics include attestation logics, remote software coordination, and homotopy type theory.

KU Lablet PIs continue work with MITRE, JHUAPL, and NSA to develop remote attestation approaches. Joint work from this effort is available at [https://www.copland-lang.org](https://www.copland-lang.org/) including the Copland Collection of utilities and tools, Copland formal semantics, and attestation manager implementations.

C. Educational Advances

KU researchers Perry Alexander (Computer Science), Emily Witt (Mathematics), and Jennifer Lohoefener (ITTC) are beginning work on a replacement for the standard CS discrete math class that will integrate formal tools and focus examples on security issues.  The goal is online course materials including lectures and labs that will teach traditional discrete math using theorem provers and SAT solvers as "calculators" for logic and proof.  Focusing on security issues ties mathematics to real-world problems that interest students.