System Science of SecUrity and REsilience (SURE)

---

Research Project SURE to launch in October.
Laurel, MD
October 15, 2014

Four university research teams, representing Vanderbilt University, MIT, the University of California at Berkeley, and the University of Hawaii, are about to kick off the research project "System Science of SecUrity and REsilience for cyber-physical systems" (SURE), a research effort funded by NSA. SURE's goals are to develop foundations and tools for designing, building, and assuring cyber-physical systems (CPS) that can maintain essential system properties despite adversaries. Its technology base will provide cyber-physical system (CPS) designers and operators with models, methods, and tools that can be integrated with an end-to-end model-based design flow and tool chain.

According to the team, security and resilience have been largely disjointed or totally missing aspects of CPS design. Due to advances and integration in wireless sensor-actuator networks, the Internet of Things, data-driven analytics, and machine-to-machine interfaces, modern CPS can no longer permit such separation. CPS now has the ability to inter-operate and adapt to open dynamic environments.

New trends in CPS include faster operational time-scales, greater spatial interconnectedness, larger numbers of mixed initiative interactions, and increased heterogeneity of components. These trends are forcing the physical and cyber sides of systems to become tightly coupled. The failure of loosely coupled physical and cyber schemes shows up in unresolved design conflicts between performance and resilience against faults and intrusions, and conflicts between the need for performance optimization and maintaining robustness against adversarial impacts.

As an integral part of the proposed research program, the group will launch a sustained effort to create a new generation of engineers comfortable with understanding, exploiting and managing security and resilience in the context of integrated computational, physical phenomena interacting with human designers and operators.

SURE's research thrusts will focus on: Hierarchical Coordination and Control Resilient monitoring and control of the networked control system infrastructure Science of decentralized security which aims to develop a framework that will enable reasoning about the security of all the integrated constituent CPS components. Reliable and practical reasoning about secure computation and communication in networks which aims to contribute a formal framework for reasoning about security in CPS. Evaluation and experimentation using modeling and simulation integration of cyber and physical platforms that directly interface with human decision-making. Education and Outreach component that aims at education the next generation of researchers in the field of security and resilience of CPS.

The Lead PI, Xenofon Koutsoukos, is an Associate Professor in the Department of Electrical Engineering and Computer Science at Vanderbilt University. He is also a Senior Research Scientist in the Institute for Software Integrated Systems (ISIS). Before joining Vanderbilt, Dr. Koutsoukos was a Member of Research Staff in the Xerox Palo Alto Research Center (PARC) (2000-2002), working in the Embedded Collaborative Computing Area. He received his PhD in Electrical Engineering from the University of Notre Dame in 2000. His research work is in the area of cyber-physical systems with emphasis on formal methods, distributed algorithms, diagnosis and fault tolerance, and adaptive resource management.

Saurabh Amin (PI for MITI) is an Assistant Professor in the MIT Department of Civil and Environmental Engineering. His research focuses on the design and implementation of resilient network control algorithms for infrastructure systems. He works on robust diagnostics and control problems that involve using networked systems to facilitate the monitoring and control of large-scale critical infrastructures, including energy, transportation, and water distribution systems. He also studies the effect of security attacks and random faults on the survivability of these systems, and designs incentive mechanisms to reduce network risks.

Dusko Pavlovic (U. of Hawaii PI) was born in Sarajevo, studied mathematics at Utrecht, and was a postdoc at McGill, before starting an academic career in computer science at Imperial College and at Sussex. He left academia from 1999 to 2009 to work in software research at the Kestrel Institute in Palo Alto. He was a Visiting Professor at Oxford University from 2008-2012, Professor of Information Security at Royal Holloway, University of London (part time at University of Twente in the Netherlands) 2010-2013. He took his current chair in Computer Science at University of Hawaii at Manoa in 2013. Through the years, Dusko's publications covered a wide area of research interests, from mathematics (graphs, categories) through theoretical computer science (semantics, symbolic computation) and software engineering (behavioral specifications, adaptation), to security (protocols, trust, physical security) and network computation (information extraction). Dusko's past publications and the slides of some of his recent talks are available from his web page.

S. Shankar Sastry (UC Berkeley PI) received his B.Tech. from the Indian Institute of Technology, Bombay, 1977, a M.S. in EECS, M.A. in Mathematics and Ph.D. in EECS from UC Berkeley, 1979, 1980, and 1981 respectively. S. Shankar Sastry is currently dean of the College of Engineering. He was formerly the Director of CITRIS (Center for Information Technology Research in the Interest of Society) and the Banatao Institute @ CITRIS Berkeley. He served as chair of the EECS department from January, 2001 through June 2004. In 2000, he served as Director of the Information Technology Office at DARPA. From 1996-1999, he was the Director of the Electronics Research Laboratory at Berkeley, an organized research unit on the Berkeley campus conducting research in computer sciences and all aspects of electrical engineering. He is the NEC Distinguished Professor of Electrical Engineering and Computer Sciences and holds faculty appointments in the Departments of Bioengineering, EECS and Mechanical Engineering. Prior to joining the EECS faculty in 1983 he was a professor at MIT.

The SURE project kickoff meeting is scheduled for Monday, October 27th. (ID#:14-2622)

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

---

Wyvern Programming Language

---

OVERVIEW

Researchers at Carnegie Mellon University, led by associate professor Jonathan Aldrich of the university's Institute for Software research (ISR), have been working on developing an innovative breakthrough programming language for building secure web and mobile applications. The new programming language, called Wyvern - aptly named for the legendary two-legged, winged dragon fiercely protective of its treasure, aims to help software engineers build secure mobile and web applications using several type-based, domain-specific languages (DSLs) within the same program. Wyvern is able to identify sublanguages (SQL, HTML, etc.) used in the program based on types and their context, which signify the format of the data, according to CMU's press release (Spice 2014, accessed at http://www.cs.cmu.edu/news/carnegie-mellon-developing-programming-language-accommodates-multiple-languages-same-program) . Just as a Wyvern dragon ensures protection of its treasure, the Wyvern language is designed to help create secure programs.

Dr. Aldrich and his team recognized the proliferation of programming languages used in the development of web and mobile applications to be incredibly inefficient. Though software development has come a long way, from Fortran to JavaScript, the web and mobile arenas struggle to cobble together a "...mishmash of artifacts written in different languages, file formats, and technologies", according to CMU's web page on Wyvern rationale (http://www.cs.cmu.edu/~aldrich/wyvern/spec-rationale.html). For example, constructing most commercial web pages often require HTML for structure, CSS for design, with JavaScript to appease user interaction, as well as SQL to access the database back-end. The diversity of current languages and tools used to create an application increases the associated time, cost, and security risks, opening the door for particularly prevalent Cross-Site Scripting and SQL Injection attacks. In light of this, Wyvern has eliminated the need for use of character strings as commands, which, for instance, is seen in SQL. By allowing character strings, malicious users with a rough knowledge of a system's structure could execute destructive commands such as DROP TABLE, or manipulate instituted access controls.

Dr. Aldrich likens Wyvern's capabilities to that of a "...skilled international negotiator who can smoothly switch between languages...", able to discern which sublanguage is being used through context, much like the way "...a person would realize that a conversation about gourmet dining might include some French words and phrases" (Spice 2013). Wyvern strives to provide
* Flexible Syntax, using an internal DSL strategy.
* Typechecking, a static type-checking based on defined rules in Wyvern-internal DSLs
* Secure language and library constructs, providing secure built-in datatypes and database access through an internal DSL
* High-level abstractions, wherein programmers will be able to define an application's architecture, to be enforced by the type system, and implemented by the compiler and runtime.

A succinct PowerPoint presentation of Wyvern and examples may be accessed at http://www.cs.cmu.edu/~comar/GlobalDSL13-Wyvern.pdf.

TECHNICAL SPECS

Similar to languages such as Python, Wyvern is a pure object-oriented language that is value-based, statically type-safe, and supports functional programming (Nistor et al. 2013, accessed at http://www.cs.cmu.edu/~aldrich/papers/maspeghi13.pdf). Wyvern follows the principle that objects should only be accessible by invoking their methods. As such, with Wyvern's use of type-specific languages (TSLs), a type is invoked only when a literal appears in the context of the expected type, ensuring non-interference (Omar 2014, accessed at http://www.cs.cmu.edu/~aldrich/papers/ecoop14-tsls.pdf ).

Wyvern is currently ongoing, and is an open-source project. Interested potential users may explore the language at https://github.com/wyvernlang/wyvern .

WYVERN IN THE NEWS

Interest in Wyvern programming language has been shown enthusiastically in the security world. Gizmag, which covers new and emerging technological innovations, mentions Wyvern as "something of a meta-language", and agrees that the web would be a much more secure place if not for vulnerabilities due to the common coding practice of "pasted-together strings of database commands" (Moss 2014, accessed at http://www.gizmag.com/wyvern-multiple-programming-languages/33302/#comments). The CMU Lablet and Wyvern were featured in a press release by SD Times, which mentions the integration of multiple languages, citing flexibility in terms of additional sublanguages, and easy-to-implement compilers. The article may be accessed at http://sdtimes.com/wyvern-language-works-platforms-interchangeably/. ACM Communications explains Wyvern as a host language that allows developers to import other languages for use on a project, but warns that Wyvern, as a meta-language, could be vulnerable to attack. The ACM article can be accessed at http://cacm.acm.org/news/178649-new-nsa-funded-programming-language-could-close-long-standing-security-holes/fulltext.

Learn more about Wyvern at http://www.cs.cmu.edu/~aldrich/wyvern/ .

References

Spice, Byron (2014). Carnegie Mellon developing programming language that accommodates multiple languages in same program. Carnegie Mellon University School of Computer Science. Retrieved from http://www.cs.cmu.edu/news/carnegie-mellon-developing-programming-language-accommodates-multiple-languages-same-program

Cyrus Omar, Darya Kurilova, Ligia Nistor, Benjamin Chung, Alex Potanin, and Jonathan Aldrich. Safely composable type-specific languages. Proc. European Conference on Object-Oriented Programming, 2014. Retrieved from http://www.cs.cmu.edu/~aldrich/papers/ecoop14-tsls.pdf

Ligia Nistor, Darya Kurilova, Stephanie Balzer, Benjamin Chung, Alex Potanin, and Jonathan Aldrich. Wayvern: a simple, typed, and pure object-oriented language. In Mechanisms for Specialization, Generalization, and Inheritance (MASPEGHI), 2013. Retrieved from http://www.cs.cmu.edu/~aldrich/papers/maspeghi13.pdf

Moss, Richard (2014). Wyvern system allows multiple programming languages within one computer system. Gizmag. Retrieved from http://www.gizmag.com/wyvern-multiple-programming-languages/33302/#comments

(ID: 14-2494)

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

---