SoS Quarterly Summary Report - NCSU - October 2015
Lablet Summary Report
Purpose: To highlight progress. Information is generally at a higher level which is accessible to the interested public.
A). Fundamental Research
High level report of result or partial result that helped move security science forward-- In most cases it should point to a "hard problem".
- For the metrics hard problem, we proposed an automated technique to approximate attack surfaces through the analysis of stack traces. We hypothesize that stack traces user crashes represent activity that puts the system under stress, and is therefore indicative of potential security vulnerabilities. We developed an appraoch that uses random walks has improved our prediction capabilities and gives insight into attacker behavior too. Our results showed that our attack surface metrics improved when a vulnerability is fixed, and degrade when vulnerabilities are introduced.
- For the humans hard problem, we have put effort into developing a new cognitive model of typing appropriate for Human Sublty Proof (HSP) development, which has involved theoretical inquiry, data processing, and the design of a novel visualization tool that fuses recorded data as well as predicted labels into a coherent and interactive exploratory tool that supports hypothesis generation and model refinement. In our phishng study, we found that domain highlighting did not significantly improve detection of fake web sites, nor did directing participants to look at the address bar. We also found that a common mode of attack appears to come from an IT Administrator (30%) where users are asked to verify account information by clicking on a provided link.
- For the resilience hard problem, we developed an automated configuration synthesis framework for an Advanced Metering Infrastructure (AMI system). AMI is one of the most critical elements of smart gird because it connects the meters, the most vulnerable devices in smart grid, to the rest of smart grid including the energy management and control systems. The AMI configuration synthesis plan can potentially consider provisioned resistance for resiliency against attacks such as "meters should be able to communicate even if 10% of the meters are malicious". We showed that existing Anomaly-based intrusion detection systems (or AIDS) are highly susceptible to detection evasion by parameter estimation attacks that can completely paralyze AIDS. We developed mathematical models to quantify and measure the potential of evasion for wide classes of AIDSs. We also propose a threshold randomization technique to provide resiliency against evasion. We showed that these metrics and analysis can establish a scientific foundation for rethinking AIDS design. We completed a survey on security isolation techniques. The survey explores different security isolation techniques based on a hierachical classification structure and discusses trade-offs with respect to security, performance, and compatibility.
- For the policy hard problem, ee have conducted another round of human subject study on understanding firewall policies with a longer policy and a list of more sophisticated questions. Motivated by results from this study, we have obtained devices to measure electroencephalogram (EEG) signals and are designing experiments to use these devices to compare the mental workload users experience when using our policy langauge and when using the original language. We refined our formal model of security-relevant interactions in sociotechnical systems with a view to characterizing and measuring user behavior and interactions precisely.
B). Community Interaction
Work to explain or extend scientific rigor in the community culture. Workshops, Seminars, Competitions, etc.
- We have scheduled a Science of Security Community Day meeting with industry and government organizations on October 29, 2015.
- We have developed a technique to facilitate data sharing of security-related repositories through a novel text-mining algorithm.
C. Educational
Any changes to curriculum at your school or elsewhere that indicates an increased training or rigor in security research.
- We began our Fall 2015 seminar in which supported students and PIs learn about and apply research guidelines. Students present their research plan for feedback prior to conducting the research. We continued to collect and organizing feedback to student presenters during our regular seminars. We further refined feedback instruments with a view to guiding presenters and the audience toward best practices in the science of security.
- We further enhanced our research guidelines, creating a version for (1) empirical evaluation of real-world data; (2) analytical studies that use mathematical proofs; and (3) build-then-evaluate studies of security solutions. The research teams are guided in their plans through these guidelines. Students learn to critique others work through the use of the guidelines.
- Round 2 Projects
- Approved by NSA
- Scalability and Composability
- Policy-Governed Secure Collaboration
- Metrics
- Resilient Architectures
- Human Behavior
- NCSU
- A Human Information-Processing Analysis of Online Deception Detection
- Attack Surface and Defense-in-Depth Metrics
- Automated Synthesis of Resilient Architectures
- Formal Specification and Analysis of Security-Critical Norms and Policies
- Leveraging the Effects of Cognitive Function on Input Device Analytics to Improve Security
- Redundancy for Network Intrusion Prevention Systems (NIPS)
- Resilience Requirements, Design, and Testing
- Scientific Understanding of Policy Complexity
- Smart Isolation in Large-Scale Production Computing Infrastructures
- Systematization of Knowledge from Intrusion Detection Models
- Understanding the Effects of Norms and Policies on the Robustness, Liveness, and Resilience of Systems
- Vulnerability and Resilience Prediction Models
- Warning of Phishing Attacks: Supporting Human Information Processing, Identifying Phishing Deception Indicators & Reducing Vuln.
- FY14-18
- Oct'15