SURE Meets Reports on 2015 Work on Resiliency |
Arlington, VA
18 November 2015
On November 18, 2015, researchers from the four System Science of SecUrity and REsilience for Cyber-Physical Systems (SURE) project universities (Vanderbilt, Hawai‘i, UC Berkeley, and MIT) met with members of NSA’s Trusted Research Directorate for an annual review. SURE is the NSA-funded project aimed at improving scientific understanding of resiliency in cyber-physical systems (CPS). The project addresses the question of how to design systems that are resilient despite significant decentralization of resources and decision-making. SURE has developed a testbed for evaluating and measuring resiliency through modeling.
Xenofon Koutsoukos, Professor of Electrical Engineering, Computer Engineering, and Computer Science in the Institute for Software Integrated Systems (ISIS) at Vanderbilt University, the Principal Investigator (PI) for SURE, described the value of the testbed as a platform that allows integration of simulators for systems, such as transportation, water distribution, and communications networks, to develop metrics for resilience and to apply SURE methodologies to multiple systems. Main research thrusts are cyber risk analysis and incentive design, resilient monitoring and control, and science of decentralized security.
Originally a physical testbed, it now resides in the Cloud and can be used interactively among the participating research universities. Two demonstrations were presented. The first was decentralized security in adversarial settings. The second demonstrated the effects of tampering with traffic signal controls and the evaluation of vulnerability of transportation networks.
The overall utility of the testbed is to provide experimental validation of attack models. Some of the lessons learned to date include designing good experiments is hard, and there are many questions about that experimental design. The cloud deployment offers scalability. The current single virtual machine is 10-20 times faster than real time on the physical system they used previously. In the future, they hope to achieve distributed simulation using multiple virtual machines, build more tools for cloud deployment, and achieve system scale.
Five additional research projects on resiliency were presented. These covered both behavioral and technical subjects including the use of inversion to train robust machine learning models, reasoning about security in cyber-physical systems, resilience in the wake of disruptions, hierarchical control of incident management, and decentralized security in adversarial settings. Planned upgrades to the CPS-VO web site, its scope and format, were also briefed. Details of these research presentations will be presented in a companion newsletter article.
In addition to Professor Koutsoukos, participants included his Vanderbilt colleagues Himanshu Neema, William Emfinger, Janos Sztipanovits, Peter Volgyesi, and Yevgeniy Vorobeychik. Other participants were Lina Sela and Li Jin from MIT; Dusko Pavlovic and Nancy Mogire, U. of Hawai‘i; and Anthony Joseph from UC, Berkeley. Government representatives from the National Science Foundation, Nuclear Regulatory Commission, and Air Force Research Labs also attended, as well as the sponsoring agency, NSA.
(ID#: 15-7733)
Note:
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.
SURE Review Meeting Presentations |
Arlington, VA
18 Nov 2015
On November 18, 2015, researchers from the four System Science of SecUrity and REsilience for Cyber-Physical Systems (SURE) project universities (Vanderbilt, Hawai‘i, California-Berkeley, and MIT) met with members of NSA’s Trusted Research Directorate for an annual review. SURE is the NSA-funded project aimed at improving scientific understanding of resiliency in cyber-physical systems (CPS). The project addresses the question of how to design systems that are resilient despite significant decentralization of resources and decision-making. During the meeting, SURE researchers demonstrated the cloud-based testbed for evaluating and measuring resiliency through modeling and presented five research products.
Xenofon Koutsoukos (PI-Vanderbilt University); Overview of the Testbed
Prof. Koutsoukos described the testbed as a platform that allows integration of simulators to conduct experiments that can lead to the development of metrics for resilience. The current research thrusts on the testbed are cyber risk analysis and incentive design, resilient monitoring and control, and the science of decentralized security. Demonstrations that allowed the audience to participate using their own browsers covered decentralized security in adversarial settings and an evaluation of vulnerability of transportation networks related to traffic signal control and tampering.
The testbed is customizable. It can model physical domains in C2WT. To date, they have modeled the smart grid, railway transport, and water distribution networks, as well as cyber systems’ topology, wired/wireless distribution, protocols and monitoring, and control systems.
Perhaps the most important part of the testbed is their attack modeling. Using Sensys Networks VDS240, they are conducting experimental validation of these attack models. Their attack models are abstracted models for complex attacks, multistage attacks, and unanticipated attacks that address the impact of these attacks. Using an adversarial approach, they hope to improve understanding with simulations that can lead to new knowledge and are able to predict how an assembly of components will behave. To achieve success, theoretical analysis must be accompanied by large amounts of experimental work and empirical evidence based on realistic models, large-scale CPS, and heterogonous integration. Attacker-defender games demonstrate the difficulty.
Demonstrations were conducted on “DDoS Attack on Transportation System” by Peter Volgyesi (presentation available at: http://cps-vo.org/node/18483), and “C2WT: A Model-Based Integrated Simulation Testbed for SoS” by Himanshu Neema (presentation available at: http://cps-vo.org/node/23437).
These demonstrations utilized well-known CPS domains, existing simulation tools, simulation integration, a web-based collaborative interface, and, to motivate, adversarial play. The elements of the simulation are WEBGME, a meta-programmable collaborative on-line modeling environment, a series of libraries, currently covering traffic patterns, traffic light programs, and maps. To date the work has produced a generic framework and simple scenarios, but is growing scalable into more complex scenarios. Future directions for their research include the development of cyberinfrastructure elements, background management (cueing), and more.
Concluding the demonstrations, Prof. Koutsoukos described the need of the “system science” of security and resilience to integrate theoretical knowledge with empirical observation, that is, to use experiments to test. “Resilience,” he says, “is a moving target that is redefined for each scenario.”
The lessons learned were substantial: the testbed changed the way to perform research in resilience of CPS; the design of experiments is hard; and the testbed is scalable through its distributed heterogeneous simulation of CPS. (ID#: 15-7826)
Anthony Joseph (University of California, Berkeley); “Using Inversion to Train Robust Machine Learning Models” (Presentation available at: http://cps-vo.org/node/23434).
This work shows that machine learning can be used for large-scale estimation (data mining events, combined with physical modes), and adapted to failures and dynamic environments (vehicles, planes, power grid, etc.). Adversaries can view and input; his tactic: to attempt to evade the model by using model inversion. The study further demonstrates that evading tree ensembles is practical, that they are powerful but brittle. To combat this, they can be partially robustified. Such robustification improves accuracy. (ID#: 15-7827)
Nancy Mogire and Dusko Pavlovic (University of Hawai‘i); “Logic for Reasoning about Security in Cyber-Physical Systems”
This presentation explores the idea that security is not just a suitable subject for science, but that the process of security is also similar to the process of science. This similarity arises from the fact that both science and security depend on the methods of inductive inference. Because of this dependency, a scientific theory can never be definitely proved, but can only be disproved by new evidence, and improved into a better theory. Because of the same dependency, every security claim and method has a lifetime, and always, eventually, needs to be improved. The logic thread is that assurance requires CPS proofs, precise proofs require CPS models, and a scientific approach requires CPS model validation. (ID#: 15-7828)
Lina Sela (Perelman) (Massachusetts Institute of Technology); “Resilience of Water Infrastructure in Wake of Disruptions”
Prof. Sela’s work models adversarial link disruptions using undirected network graph and formal mathematical descriptions. For optimal sensing of reliability failure, the challenge is to solve the combinatorial optimization problem that maximizes the expected detection rate subject to resource constraints. (ID#: 15-7829)
Li Jin (Massachusetts Institute of Technology); “Hierarchical Control Approach for Incident Management in Freeway Networks” (Presentation available at http://cps-vo.org/node/23435.)
Lin’s work looks at highway in two contexts, recurrent disturbances, such as demand during peak hours, and fluctuation capacity for non-recurrent disturbances, such as foul weather or a wreck. The challenge is to figure out how to design policy to deal with non-recurrent patterns: what happens in the control center to alleviate disturbance-related congestion? This problem is a stochastic disturbance. To address it, the model is a finite state Markov process. Using the controls of metering and routing, the study shows that disturbances matter, that a queuing model is adequate to approximate flow, and there are quantifiable tradeoffs. (ID#: 15-7830)
Yevgeniy Vorobeychik (Vanderbilt University); “Decentralized Security in Adversarial Settings”
According to Vorobeychik, attackers are increasingly sophisticated and security is a game like chess. It is a zero sum game. Opponents must anticipate each other’s moves. Using the Vanderbilt testbed, he illustrates this in a game theoretical sense: defender chooses strategy; attacker chooses attack; the attacker is limited by the fact that only so many sensors can be attacked, only so many lights reconfigured and that the attacker is resource constrained. Using a Stackelberg game, he concludes the optimal strategy for the defender, and the best attacks for the opponent demonstrate that resilience is achieved when the measurement error after the attack is minimized. (ID#: 15-7831)
Janos Sztipanovits (Vanderbilt University); “The Next Generation CPS-VO Platform”
Prof. Sztipanovits described the effort underway to upgrade and reformat the CPS-VO webpage. Vanderbilt, along with the University of Pennsylvania, UCLA, and the University of Arizona, will develop the next generation CPO-VS in the next 5 years. The new site will serve as an active resource rather than simply as a repository. It will become an integration platform for new capabilities such as design studios, configurable design studios, and active repositories (tools, test beds, benchmarks). Use cases include student competitions; UAV design studio, AVM OpenMETA; and a verification tool repository. Current content will be extended. Microsoft Corporation is also a partner in this venture. (ID#: 15-7832)
(ID#: 15-7833)
Note:
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.