SoS Quarterly Summary Report April to June 2015 - July 2015

Lablet Summary Report
Purpose: To highlight progress. Information is generally at a higher level which is accessible to the interested public.

A). Fundamental Research
High level report of result or partial result that helped move security science foward-- In most cases it should point to a "hard problem".

[Sanders, Bashir, Nicol and Van Moorsel] Finalized the literature review and developed an extensive survey of previous work in studying and modeling human behavior in cyber-security. We presented a poster about our work at the Symposium and Bootcamp on the Science of Security (HotSoS) where we discussed our work with several colleagues and received valuable feedback. Furthermore, we have developed a case study to evaluate our approach and obtain insight into the human behavior in cyber-security. We based our case study on the discussions presented from papers in the usable security field, as well as several recent cyber-security reports. We implemented our case study in the Mobius tool and ran several simulations. We are currently in the process of writing a paper that presents our obtained results.

[Xie, Blythe, Koppel, Smith] Tao Xie led Ph.D. students Wei Yang and Blake Bassett on developing tool support for analyzing mobile apps, e.g., to extract contextual information of command-and-control behavior of a bot mobile app so that users of the mobile app can view more detailed information for determining whether the mobile app may be a malicious or not.

[Godfrey, Caesar, Nicol, Sanders Jin] This project is developing the analysis methodology needed to support scientific reasoning about the security of networks, with a particular focus on information and data flow security. The core of this vision is Network Hypothesis Testing Methodology (NetHTM), a set of techniques for performing and integrating security analyses applied at different network layers, in different ways, to pose and rigorously answer quantitative hypotheses about the end-to-end security of a network. This project is building both theoretical underpinnings and a practical realization of Science of Security.

[Iyer, Kalbarczyk] We focused on: (i) building a security testbed that provides an execution platform for replaying security attacks in a controlled environment and (ii) applying game theory with learning for cyber security monitoring. We model multi-stage attacks as multi-stage security game and solve it using Q-Learning. A new attack model is derived from the study on incident data from the National Center of Supercomputing Applications (NCSA) to justify the use of reinforcement learning. The new model accommodates the limited observation of the defender on the attack model.

[Mitra, Dullerud, Chaudhuri] Our simulation-based formal analysis approaches have gained momentum. The IEEE Design and Test paper mentioned above shows that this approach can be used to analyze models of medical devices like pacemakers together with relevant abstractions of physiology. In another related paper, we show that the approaches can handle challenge problems coming from the automotive industry. That paper received the Robert Bosch sponsored best verification result award at the ARCH workshop of CPSWeek.

B). Community Interaction
Work to explain or extend scientific rigor in the community/culture. Workshops, Seminars, Competitions, etc.

NSA SoS HotSoS Presentations, April 2015

• John C. Mace, Charles Morisset, and Aad van Moorsel, "Modelling User Availability in Workflow Resiliency Analysis", Symposium and Bootcamp on the Science of Security (HotSoS), April 2015.

• Mohammad Noureddine, Ken Keefe, William H. Sanders and Masooda Bashir, "Quantitative Security Metrics with Human in the Loop", poster, Symposium and Bootcamp on the Science of Security (HotSoS), April 2015.

• Robert Cain and Aad van Moorsel, "Optimisation of Data Collection Strategies for Model-Based Evaluation and Decisions-Making", poster, Symposium and Bootcamp on the Science of Security (HotSoS), April 2015.

• Tao Xie, Judith Bishop, Nikolai Tillmann, and Jonathan de Halleux, "Gamifying Software Security Education and Training via Secure Coding Duels in Code Hunt," poster, Symposium and Bootcamp on the Science of Security (HotSoS), April 2015.

Zbigniew Kalbarczyk, "Resilience of Cyber-Physical Systems and Technologies," tutorial, Symposium and Bootcamp on the Science of Security, (HotSoS), April, 2015.

Other Community Interaction

• Wenxuan Zhou, "Enforcing Customizable Consistency Properties in Software-Defined Networks" USENIX Symposium on Network Systems Design and Implementation (NSDI), Seattle, WA, April 2-4, 2015.

• Kevin Jin, "Enforcing Customizable Consistency Properties in Software-Defined Networks", invited talk, 4th Greater Chicago Area Systems Research Workshop (GCASR), April 2015.

• Wei Yang (advised by Tao Xie) "AppContext: Differentiating Malicious and Benign Mobile App Behavior Under Contexts", 37ty International Conference on Software Engineering (ICSE), Florence, Italy, May 2015.

• Kevin Jin, "VT-Mininet: Virtual-time-enabled Mininet for Scalable and Accurate Software-Define Network Emulation." ACM SIGCOMM Symposium on SDN Research 2015 (SOSR), Santa Clara, CA, June 2015.

• Jiaqi Yan, "A Virtual Time System for Linux-container-based Emulation of Software-defined Networks." at the ACM SIGSIM Conference on Principles of Advanced Discrete Simulation, London, UK, June 2015

C. Educational
Any changes to curriculum at your school or elsewhere that indicates an increased training or rigor in security research.

[Godfrey, Caesar, Nicol, Sanders, Jin] David Nicol developed and taught a graduate course in the Science of Security for spring 2015. The seminar, ECE 598, examined a number of security papers from the literature and for each discussed the questions: what attributes of this paper either study security properties themselves as first class objects or use scientific methodologies to identify and assess security properties, in what ways does this paper lacking in scientific foundations for the work it presents. Discussions were lively, and exhibited a variance in students' understandings and expectations of "Science of Security." The security of computers, communications, and data is of great concern to our society. Decades of research have produced solutions to a variety of isolated problems, some of which have been produced using techniques that are recognizable as "scientific", others of which appear to be ad-hoc. There is a growing sentiment in the community that research in security should be conducted when possible on a scientific or engineering basis. This course examined the questions of what might constitute a science of security, framing the questions around five "hard areas" proposed by the NSA: Composition, Policy, Metrics, Resiliency, and Human Factors. The students read and presented papers from the literature that exemplified a scientific approach to security, and wrote essays on the questions raised by the course. The course was intended for graduate students interested in trustworthy systems research.

[Xie, Blythe, Koppel, Smith] Ross Koppel is developing a course on the ethnography of organizational workflow and cyber workarounds. That course will involve approximately 20 students interviewing workers about password circumvention and ways of accessing information that is not part of official policy. These findings will help to continue our work of discovering ways well-indented workers create vulnerabilities in cyber security.

[Xie, Blythe, Koppel, Smith] PI Xie is designing teaching materials on Code Hunt (https://www.codehunt.com/) released by Microsoft Research for teaching and training students on software security. The teaching materials incorporate educational gamification to teach students on improving their software security skills. Some initial designs are described in the HotSoS 2015 poster paper.

[Godfrey, Caesar, Nicol, Sanders, Jin] Kevin Jin taught a newly developed graduate-level security course, CS558 Advanced Computer Security, in Spring 2015, at the Illinois Institute of Technology. The class covers some of the research results of this project. Kevin Jin received the CS Teacher of the Year award in May 2015, mainly because of his contribution to the cyber security curriculum at IIT.

[UIUC SoS Lablet] Three undergraduate and one graduate intern have been selected for the summer the UIUC SoS Lablet Summer Internship Program. The interns have been working on their own research projects guided by SoS faculty. The internship program began on June 1 and will conclude on July 24 with a poster session.