SoS Quarterly Summary Report - CMU - July 2015

Lablet Summary Report

A). Fundamental Research

Theoretical Foundations - these highlights extend existing methods for modeling that could not previously address the hard security problems.

Embedding authorization logic into type systems. Type systems allow developers to enforce rules about how data can be used and manipulated. These rules are often stated at design time, yet authorization policies change at runtime. This extension to type systems yields a provable guarantee that type systems can be dynamically adapted to changing runtime policies.
Inheritance vs. delegation in type systems. Inheritance is a top-down mechanism for controlling object-oriented behavior, whereas delegation affords dynamically changing the object that receives the desired behavior at runtime. This work makes explicit the design overhead of these two approaches.

Robust machine learning for anomaly detection. Existing support vector machines (SVMs) have difficult meeting the scale of data used to detect anomalies. This work aims to reduce the continuous approximation of anomalies to a discrete approximation that could otherwise not be performed in real time.

Adaptations to Security Problems - these highlights apply existing methods to security problems in new ways that have not been done before

Interface-confined code and logic of programs. Software interfaces restrict what behaviors a class of objects can perform. This work introduces new reasoning techniques aimed at studying how malware can exploit interfaces, and how to use interfaces to pre-empt that exploitation.

Privacy requirements analysis and verification. Threat reporting can include access to personal information. This work introduces a new reasoning technique to trace data flow across privacy policies of different organizational units to detect conflicts and privacy violations.
Geographic attribution of web attacks. Understanding the origin of web attacks is necessary to develop better policies to mitigate attacks on the network and coordinate with private-sector and international partners. This work applied network analysis to attack records to discover the origin of different kinds of attacks, challenging prevailing assumptions.

Scientific Instrumentation - these highlights demonstrate new research to build the tools needed to conduct security experiments that could not previously have been performed.

Tools to simulate race conditions to make races reproducible for experimentation. Race conditions can allow an attacker to obtain privileges or to inject untrusted code or data into a trusted operation. Race conditions are difficult to reproduce, because they occur at runtime and they are often non-deterministic. This tool creates a laboratory in which to study the effects of races and strategies for mitigation.

Tools to study long-term, security-related user behavior. The Security Behavior Observatory is now in version 2.0 and enables the observation of a large pool of home computer security settings and software "in the wild" to understand how users make security related decisions. This platform is one of the first of its kind and can be used to run controlled experiments, e.g., by testing different experimental interventions aimed at changing long-term user behavior.

Tools to study pointer and composability analysis. Call graphs are used to trace dependencies between functions in a program. As programs are composed from other programs, these call graphs become complex and unmanageable. This work aims to understand call graph composition in product lines, where feature sets can interact and produce security vulnerabilities.

B). Community Interaction

C. Educational