SoS Quarterly Summary Report Jan to Mar 2015 - April 2015

Lablet Summary Report
Purpose: To highlight progress. Information is generally at a higher level which is accessible to the interested public.

A). Fundamental Research
High level report of result or partial result that helped move security science foward-- In most cases it should point to a "hard problem".

[Sanders, Bashir, Nicol and Van Moorsel] Completed a prototype implementation of the HITOP modeling formalism in the Mobius Framework. We are using this implementation to develop a realistic case study to evaluate the Human-Influenced Task-Oriented Process (HITOP) formalism. The case study simulates a typical engineering firm trying to protect its important assets, such as employee and customer information and unpublished designs. We plan to model the human users and system administrators using the HITOP formalism, the firm's network and systems using stochastic activity networks (SANs).

[Xie, Blythe, Koppel, Smith] Dartmouth Ph.D. student Vijay Kothari and Co-PI Blythe continue to develop DASH simulations of human agents in workaround settings, to support simulation of password and other security behavior. PI Blythe is designing Mechanical Turk experiment to examine users' behaviors when logging in to various accounts. Experiment will allow us to capture key strokes, strategies, systems of password reuse and protection

[Iyer, Kalbarczyk] Focused on building prototype of a real-time log aggregation and analytic architectures. We explored state of the art monitoring technologies and monitoring tools to incorporate into our framework. An example of technologies are out-of-VM monitoring using Hypertap that allows monitoring a guest VM system state from without running an agent inside the guest in order to reduce attack surface to monitoring tools. Example of monitoring tools are Kafka framework a multiple producer/consumer message bus that allows real-time, reliable log transportation from heterogeneous data sources such as syslog, Bro IDS log, netflows, etc.

[Mitra, Dullerud, Chaudhuri] We had developed a sound and complete algorithm for solving this problem for the special case of linear control systems with L2-norm bounded adversaries. We first attempted to generalize this algorithm to nonlinear model, but it turned out that this approach did not scale because there were too many possible future states to consider with the adversary. This suggested to us an alternative approach which is to synthesize inductive proofs of the system's correctness (with adversaries) together with the controller rules. The preliminary results for this approach look promising.

B). Community Interaction
Work to explain or extend scientific rigor in the community/culture. Workshops, Seminars, Competitions, etc.

NSA SoS Lablet Bi-weekly Meetings Presentations, January - March 2015

• Tao Xie presented "AppContext: Differentiating Malicious and Benign Mobile App Behavior Under Contexts"
• Mohammad Noureddine, "Human Aware Science of Security"
• Tao Xie presented "Science of Human Circumventions of Security"
• Brighten Godfrey presented "Hypothesis Testing for Network Security"
• Phuong Cao presented "Preemptive Intrusion Detection: Theoretical Framework and Real-world Measurements"
• Geir Dullerud presented "Static Dynamic Analysis of Security Metrics for Cyber Physical Systems"

NSA SoS Lablet Quarterly Meetings Presentations, January 2015

• Matt Caesar, "Hypthesis Testing for Network Security"
• Ravi Iyer, "Preemptive Intrusion Detection: Theoretical Framework and Real-world Measurements"

Other Community Interaction

• Ross Koppel gave keynote presentation at Royal College of Physicians (Edinburgh) on healthcare software usability and the influence on compliance with cyber security rules, February 2015
• Ross Koppel gave presentation to Wales Health Trust at Prince of Wales Hospital, Swansea, Wales, UK, February 2015.

C. Educational
Any changes to curriculum at your school or elsewhere that indicates an increased training or rigor in security research.

[Godfrey, Caesar, Nicol, Sanders, and Jin] David Nicol's graduate seminar course ECE 598, the Science of Computer Security is will begin at the University of Illinois at Urbana-Champaign in January 2015. The security of computers, communications, and data is of great concern to our society. Decades of research have produced solutions to a variety isolated problems, some of which have been produced using techniques that are recognizable as "scientific", others of which appear to be ad-hoc. There is a growing sentiment in the community that research in security should be conducted when possible on a scientific or engineering basis. This course examines the questions of what might constitute a science of security, framing the questions around five "hard areas" proposed by the NSA: Composition, Policy, Metrics, Resiliency, and Human Factors. The students will read and present papers from the literature that exemplify a scientific approach to security, and write essays on the questions raised by the course. The course is intended for graduate students interested in trustworthy systems research.

[Xie, Blythe, Koppel, and Smith] PI Xie is designing teaching materials on Code Hunt (https://www.codehunt.com/) released by Microsoft Research for teaching and training students on software security. The teaching materials incorporate educational gamification to teach students on improving their software security skills. Some initial designs are described in the HotSoS 2015 poster paper.

[Godfrey, Caesar, Nicol, Sanders, and Jin] Kevin Jin is developing a new graduate-level course, CS558 Advanced Computer Security at the Illinois Institute of Technology. A key topic in this course is network security, which will cover some of the research results of this project.

The educational and curricular plans for the UIUC SoS Lablet are starting to take shape:

• Plans for the UIUC SoS Summer School are in the early organizational stages.
• Two undergraduate and one graduate intern have been selected for the summer the UIUC SoS Lablet Summer Internship Program.They will begin working on their research projects in early June.