Visible to the public SoS Quarterly Summary Report - NCSU - October 2014

Lablet Summary Report
Purpose: To highlight progress. Information is generally at a higher level which is accessible to the interested public.

A). Fundamental Research
High level report of result or partial result that helped move security science foward-- In most cases it should point to a "hard problem".

  • [Vouk/Williams] Automated cyber attacks tend to be schedule and resource limited. From the perspective of an attacker, the primary progress metric is often "coverage" of pre-determined "known" vulnerabilities that may not have been patched, along with possible zero-day exploits (if such exist). We have developed a hypergeometric process model that describes such attack patterns. We used web request signatures from the logs of a production web server to assess the applicability of the model.
  • [Roberts/St. Amant] We have studied characteristics of cheaters versus non-cheaters as they interact with a computer system via a game we have created involving moving tiles. We have observed a difference between cheating and non-cheating trials, in the duration between a mouse click and movement to a potentially matching tile. In the non-cheating cases, this interval is at least 50 milliseconds longer, providing evidence that in this situation, memory retrievals of the locations of tiles that may match (the non-cheating condition) take longer than visual processing of the display to find a matching tile (the cheating condition) than if the match was already known due to knowledge obtained by cheating.
  • [Doyle/Singh/Chirkova] We are investigating norm and preference specification languages that both adequately express typical collaboration scenarios as well as enable tractable checking of consistency, composability, and realizability via policies. We are formulating the problems of consistency and realizability in mathematical terms with a view toward producing criteria for designing algorithms for consistency and realizability of norms, policies, and preferences. To this end, we are investigating whether a set of norms is consistent and realizable through the policies and preferences of the collaborators and whether a set of norms achieves specified security properties, with reference to the academic IT domain.
  • [Sullivan/Vouk/El Shaer] We have created a taxonomy of formal definitions and metrics related to attack resilience. We have defined a new metric, attack resiliency, as the ability of the system to maintian a sublinear growth in damage with the increasing attack resources/scale. The attack scale is measure of the magnitude of various attributes of the attack including the attack probability, intensity, extent,, distribution, severity, diversity (different types), etc. The potential damage (or risk) is estimated based on (1) the likelihood of successful attack, and (2) the attack impact on the system mission or requirements such as confidentiality, integrity and availability.
  • [Reiter] We have developed techniques to assign network intrusion prevention (NIPS) tasks to the available NIPS nodes in a network so as to respect node and link constraints and to minimize the latency imposed on good traffic and the footprint of malicious traffic on the network. As such, our approach enables a network to wring the best performance out of its hardware investments under the traffic and policy-enforcement demands it is facing.
  • [El Shaer] We provide a formal foundation to investigate the impact of components' interdependency on the attackability of smart grid. We developed a formal analytic approach to quantify the attackers' capabilities required to launch a successful attack. We quantify the direct and indirect impact of the attack and required mitigation techniques.

B). Community Interaction
Work to explain or extend scientific rigor in the community culture. Workshops, Seminars, Competitions, etc.

  • A Community Meeting with local industry is planned for October 24, 2014. Students will present their work to local industry vial short presentations and posters.


C. Educational
Any changes to curriculum at your school or elsewhere that indicates an increased training or rigor in security research.

  • A student seminar series for the Fall 2014 Semester is being held bi-weekly. In the series, students will present research plans and will read papers they are submitting to conferences. As a group, feedback on the scientific components of the work will be provided to the students by other faculty and students.