Spotlight on Current Lablet Activities

Critical cyber systems must inspire trust and confidence, protect the privacy and integrity of data resources, and perform reliably. To tackle the ongoing challenges of securing tomorrow's systems we must develop the scientific underpinnings of security to understand what is possible in that domain as well as develop a collaborative community of researchers from government, industry and academia.

As part of that effort NSA began funding academic "Lablets" focused on the development of a Science of Security (SoS) and a broad, self-sustaining community effort to advance it. A major goal is the creation of a unified body of knowledge that can serve as the basis of a trust engineering discipline, curriculum, and rigorous design methodologies. The results of SoS Lablet research will be extensively documented and widely distributed through the SoS Virtual Organization. The intention is for the SoS VO to be our primary resource for describing Lablet research, and for creating a broad community effort to advance security science.

Currently Funded Research Lablets:

Carnegie Mellon University
North Carolina State University
University of Illinois at Urbana-Champaign
University of Maryland

The following sections provide some brief summaries of Lablet activities during the April through June 2014 time period.

(ID#:14-2282)

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

CMU Lablet Recent Activities

CMU Lablet Activities

The following is a brief summary of recent activities by the CMU Lablet as reported in the SoS Quarterly Summary Report.

Fundamental Research

Carnegie Mellon University has conducted several notable studies involving novel analysis techniques for early problem detection, as well as dynamic security assurance. Among these include a technique based on patterns and predetermined requirements intended to discover possible security flaws in the early design stages. CMU has also seen development of a stochastic algorithm to help with reasoning in large planning problems, a program logic that navigates attacker-implemented code, a technique to enforce security constraints at runtime, and a dynamic analysis technique for detecting data races at runtime.

Community Interaction

In terms of community engagement, CMU hosted the CASOS Summer Institute, which serves to make familiar and put into practice concepts of network analytics. Following the Institute, CMU invited guests from four universities, subcontractors, and government organizations for the first Lablet Community Quarterly Meeting, which included workshop sessions and discussions centered around advancing the scientific process of cybersecurity research. The 10th Symposium on Usable Privacy and Security was held, chaired by a notable CMU faculty member.

Educational

Carnegie Mellon is making advances in both undergraduate and graduate education. The Institute for Software Research (ISR) at Carnegie Mellon now offers Masters degrees in Privacy Engineering, while at the undergraduate level, software engineering courses are being revamped, and topics such as security, data analysis, and developer studies are seeing changes. PhD students' shifts to including more experimental and data-focused approaches in their work has prompted the university to recognize and reflect such shifts in the core graduate curriculum.

For more information about CMU Lablet activities go to Carnegie Mellon University

Note:

NC State Lablet Recent Activities

NC State Lablet Activities

The following is a brief summary of recent activities by the North Carolina State University Lablet as reported in the SoS Quarterly Summary Report.

Fundamental Research

NCSU has presented several significant research efforts, which feature developments in understanding Resilient Architectures, mental models of varyingly skilled computer users, preventing phishing attacks through Google Chrome extension, and the human errors in open-source software. Recommendations were made for enforcing policies on network traffic in large networks, while a particular study on smart isolation strove to understand the principles and limitations of isolation and existing isolation techniques.

Community Interaction

NCSU facilitated various workshops, including a kick-off workshop for the International Research Network for the Science of Security during Hot-SoS, as well as a summer workshop for PI's and NCSU students. Guidelines for the design of defensible SoS research projects are currently under development, as well as guidelines for reporting SoS research results.

Educational

For more information about NCSU Lablet activities go to North Carolina State University

Note:

UIUC Lablet Recent Activities

UIUC Lablet Activities

The following is a brief summary of recent activities by the UIUC Lablet as reported in the SoS Quarterly Summary Report.

Fundamental Research

UIUC has presented several current research initiatives toward the science of security. In one such project, researchers continued evaluating the usefulness of DASH models in choosing scenarios that would effectively model multi-agent settings, initial hypotheses, and validation of resulting models. In the UIUC mobile world, a tool is currently in development that is aimed to help users distinguish malicious mobile apps by extracting contextual information, thereby allowing the user to make informed decisions. In a network model design project, researchers' goal is to model network behavior under timing uncertainty. These new models and algorithms aim to test hypotheses related to issues such as reachability, end-to-end delay, and throughout. A new application of Factor Graphs will be used to help represent real-world security risks, and to develop preemptive attack detection methods. UIUC saw development of a technique for deciding bounded time safety properties of deterministic nonlinear hybrid models, models which can capture a wide range of cyber physical systems. A research team is focused on developing quantitative decision-making tools, with a view to guide information security investments, for public and private industry by incorporating human and technological concerns. Models which incorporate human behavior are particularly valuable in understanding why and how humans attempt to bypass security measures.

Community Interaction

UIUC has made notable contributions to the SoS community, including a paper exploring usability challenges within health IT , which was presented at ACySE ( International Workshop on Agents and CyberSecurity) and named "among most significant papers of the year". This joins the ranks of similarly recognized works by UIUC researchers, including a paper on securing industrial control systems, currently in proceedings of the 2014 ACM SIGSIM Conference on Principles of Advanced Discrete Simulation.

Educational

UIUC hosted a kickoff meeting, during which relevant analysis techniques were discussed and explored. In UIUC's educational pursuits, two summer internships were awarded. These two students were given the opportunity to work on developing tools and methodologies for providing connectivity properties of networks across multiple layers of the network stack.

For more information about UIUC Lablet activities go to University of Illinois at Urbana-Champaign

Note:

UMD Lablet Recent Activities

UMD Lablet Activities

The following is a brief summary of recent activities by the University of MD Lablet as reported in the SoS Quarterly Summary Report.

Fundamental Research

UMD has presented studies centered on understanding human factors, behavior, and influence in security. A protocol for remote electronic voting, with the human voter serving as a main participant of the protocol, has been explored. The fundamental notion of trust has been explored to help develop models, which aid in understanding the costs and benefits of collaboration as a variation of trust. This particular study directly addresses challenges of policy-governed secure collaboration. Researchers at UMD have taken culture and workplace dynamics into consideration, in a study which attempts to discover what encourages or discourages privacy and security. An empirical study highlighting graphical passwords, with a view to understand user perceptions of security in visual systems, has been conducted to improve system designs that take human perception of security into consideration. On the offensive side, researchers studied honeypots deployed at UMD to better understand the effects of different system-level aspects of intruder behavior. The disparity in security patch deployment was addressed, in a study which aims to influence the development of quantifiable metrics for assessing the security of systems.

Community Interaction

UMD enjoyed a "kick-off" presentation featuring members from each task in the UMD Lablet, encouraging discussion and feedback on their various works. Inter-lablet communication and cooperation is underway to help characterize and explain the five hard problems currently being studied. The 2015 ACM SIGPLAN-SIGACT Symposium on the Principles of Programming Language, held in Mumbai India, will feature UMD's proposed tutorial on software contracts.

Educational

In an education pursuit, several Lablet members will be teaching Fall computer security courses, topics which include integration of empirical and behavioral studies.

For more information about UMD Lablet activities go to University of Maryland

Note: