SoS Quarterly Summary Report - NCSU - January 2016
Lablet Summary Report
Purpose: To highlight progress. Information is generally at a higher level which is accessible to the interested public.
A). Fundamental Research
High level report of result or partial result that helped move security science forward-- In most cases it should point to a "hard problem".
- For the metrics hard problem, we discovered that the attack surface can be modeled in a much more lightweight, less labor-intensive way than we had anticipated by taking advantage of the call graph. To evaluate empirical research on metrics, we collected new data on 8,654 intrusion detection studies. We found that about two-thirds of these studies fail to report false positives and only a few studies provide both accuracy and performance metrics. In addition, most data involve custom benchmarks and hence difficult to replicate.
- For the humans hard problem, we conducted a field experiment on the effectiveness of a phishing warning user interface. As we expected, that our new warning interface helps users avoid entering their personal information into a fraudulent web site. In addition, we found that whereas domain highlighting was not effective, directing participants to look at the address bar did improve detection of fraudulent sites.
- For the resilience hard problem, we continued to advance our programming framework for SDN optimization that is based on the idea of producing a path-based formulation for SDN optimization problems -- we expect paths are a natural abstraction for expressing requirements. We developed a new metric that measures resiliency against multi-dimensional attacks and can thereby facilitate measure resiliency in reference to properties of an attack.
- For the policy hard problem, we developed a modeling language and tool that uses logical inference to identify which norms govern each agent, especially in the presence of dominance relations and conflicts between norms. We formulated social protocols as a way to capture social machines as sociotechnical systems based on norms. In this way, we conceptualize collaboration in terms of accountability and support requirements engineering for secure collaboration. We investigated human causes of policy misconfiguration and ways to avoid them by interviewing two developers of the Spring Security framework.
B). Community Interaction
Work to explain or extend scientific rigor in the community culture. Workshops, Seminars, Competitions, etc.
- Hosted the 4th annual NCSU SoS Lablet Community Day. The goal of the meeting was to foster collaboration and knowledge transfer between the SoS Lablet and the local Security Community. The community meeting was attended by 28 non-Lablet participants from industry, academia, and government. The event involved student presentations in the pecha kucha style followed by four industry presentations.
C. Educational
Any changes to curriculum at your school or elsewhere that indicates an increased training or rigor in security research.
- We developed a research proposal outline to facilitate bi-weekly group meetings and presentations. This outline helps researcher organize their thoughts and ensure they are conducting their research in a scientifically defensible manner.
- Round 2 Projects
- Approved by NSA
- Scalability and Composability
- Policy-Governed Secure Collaboration
- Metrics
- Resilient Architectures
- Human Behavior
- NCSU
- A Human Information-Processing Analysis of Online Deception Detection
- Attack Surface and Defense-in-Depth Metrics
- Automated Synthesis of Resilient Architectures
- Formal Specification and Analysis of Security-Critical Norms and Policies
- Leveraging the Effects of Cognitive Function on Input Device Analytics to Improve Security
- Redundancy for Network Intrusion Prevention Systems (NIPS)
- Resilience Requirements, Design, and Testing
- Scientific Understanding of Policy Complexity
- Smart Isolation in Large-Scale Production Computing Infrastructures
- Systematization of Knowledge from Intrusion Detection Models
- Understanding the Effects of Norms and Policies on the Robustness, Liveness, and Resilience of Systems
- Vulnerability and Resilience Prediction Models
- Warning of Phishing Attacks: Supporting Human Information Processing, Identifying Phishing Deception Indicators & Reducing Vuln.
- FY14-18
- Jan'16