Visible to the public SoS Quarterly Summary Report - January 2016Conflict Detection Enabled

Submitted by awhitesell on Fri, 01/08/2016 - 5:11pm

Lablet Summary Report
Purpose: To highlight progress. Information is generally at a higher level which is accessible to the interested public.

A). Fundamental Research
High level report of result or partial result that helped move security science foward-- In most cases it should point to a "hard problem".

[Sanders, Bashir, Nicol and Van Moorsel] We have completed our survey of the social sciences and psychology theories that discuss the behavior of human users in cyber security. We have identified five main theories and discussed each of them in depth. We were able to place our previously built SAN model within the context of the General Deterrence Theory, and discussed its importance as well as its shortcomings in capturing the behavior of users in predictive security models. We have submitted a summary of our findings as a regular research paper for the DSN'16 conference.

[Xie, Blythe, Koppel, Smith] PIs Ross Koppel, Jim Blythe and Sean Smith are working with the University of Pennsylvania team of Insup Lee, Oleg Sokolsky and Lu Feng who (along with Koppel) are working on a grant from NSF and Intel to develop resilient cyber secure communications among devices in healthcare settings. Our team is working with Penn on models of password creation and cognitive load via DASH models and formal models.

[Godfrey, Caesar, Nicol, Sanders, Jin] Continued work on project on a database-based modeling of network behavior, and submitted a paper which was accepted to ACM SOSR 2016. In this work, we take a perspective that both modeling and controlling network infrastructure fundamentally revolves around data: representations of the network topology and forwarding as lower-level data, application-specific abstractions as higher-level derived data, and orchestration to mediate across multiple applications' different data representations. We explore a novel design point driven by this insight: we take the entire SDN network control system under the hood of a standard SQL database, and rely on SQL for data manipulation and the database runtime for data mediation. We present a realization of this approach, Ravel, which offers attractive advantages: programmable ad-hoc abstractions via database views; orchestration across abstractions through view mechanisms and a protocol to mediate between applications; and a system which is exposed to applications through the simple, familiar and highly interoperable SQL interface. While this is an ambitious long-term goal, our Ravel prototype built on the Postgres database exhibits promising performance even for large scale networks. We believe Ravel's flexible interfaces will provide a platform that we can build on in the future to achieve key goals of the larger NetHTM project: integrating multiple data sources to achieve security analyses at different network layers; and answering quantitative hypotheses posed conveniently as data queries on higher level abstractions of network data.

[Iyer, Kalbarczyk] We have deployed a honeypot at NCSA to attract real-world attacks. The honeypot hosts an OpenSSH server with weak credentials, i.e., guessable username/password. Multiple attacks have been observed during the two-month period (October - December 2015). The majority of them are SSH brute-force attacks, where the attacker enters the honeypot using guessable credentials, for example, using the username root and password root. We have seen consistent scanning and logging in activities from IP addresses overseas, and have collected traces of the attack including commands and binary attack payloads.

[Mitra, Dullerud, Chaudhuri] Our simulation-based formal analysis approaches have gained momentum. The IEEE Design and Test paper mentioned above shows that this approach can be used to analyze models of medical devices like pacemakers together with relevant abstractions of physiology. In another related paper, we show that the approaches can handle challenge problems coming from the automotive industry. That paper received the Robert Bosch sponsored best verification result award at the ARCH workshop of CPSWeek.

B). Community Interaction
Work to explain or extend scientific rigor in the community/culture. Workshops, Seminars, Competitions, etc.

Presentations

  • Tao Xie, University of Illinois at Urbana-Champaign, "Software Mining and Software Datasets", invited tutorial, 2015 NSF Interdisciplinary Workshop on Statistical NLP and Software Engineering, Seattle, WA, October 2015.
  • Tao Xie, University of Illinois at Urbana-Champaign, "Software Analytics: Achievements and Challenges", tutorial, 2015 Annual ACM Conference on Systems, Programming, Languages, and Applications: Software for Humanity (SPLASH), Pittsburgh, PA, October 2015.
  • Eric Badger, University of Illinois at Urbana-Champaign, "Scalable Data Analytics Pipeline for Real-Time Attack Detection, Design, Validation, and Deployment in a Honey Pot Environment", Joint Trust and Security/Science of Security Seminar Series, October 6, 2015.
  • Paul Barford, University of Wisconsin, Madison, "Methods and Characteristics of Fraud in Online Advertising", Science of Security Speaker Series (invited speaker), October 16, 2015.
  • Mohammad Noureddine, University of Illinois at Urbana-Champaign, "Accounting for User Behavior in Predictive Cyber Security Models", Joint Trust and Security/Science of Security Seminar Series, October 20, 2015.
  • Eric Badger, University of Illinois at Urbana-Champaign, "Scalable Data Analytics Pipeline for Real-Time Attack Detection", NSA SoS Quarterly Meeting, Baltimore, MD, October 26-27, 2015.
  • Sayan Mitra, University of Illinois at Urbana-Champaign, "Static and Dynamic Analysis of Security Metrics for Cyber-physical Systems", NSA SoS Quarterly Meeting, Baltimore, MD, October 26-27, 2015.
  • Tao Xie, University of Illinois at Urbana-Champaign, "Text Analytics for Mobile App Security and Beyond", invited talk, Washington State University, Pullman, WA, November 2015.
  • Demonstration of the security testbed for attack replay and testing of attack detection techniques, NCSA booth at the International Conference for High Performance Computing, Networking, Storage and Analysis (SC 2015), Austin, TX, November 2015.
  • Zhenqi Huang and Yu Wang, University of Illinois at Urbana-Champaign, "SMT-Based Controller Synthesis for Linear Dynamical Systems with Adversary", Joint Trust and Security/Science of Security Seminar Series, November 3, 2015.
  • Niels Provos, Google, Inc., "Security at Scale", Science of Security Speaker Series (invited speaker), November 13, 2015.
  • Zhengi Huang, University of Illinois at Urbana-Champaign, "Controller Synthesis for Linear Time-varying Systems with Adversaries", IEEE International Conference on Decision and Control (CDC), Osaka, Japan, December 2015.
  • Sayan Mitra, University of Illinois at Urbana-Champaign, "Parameterized Verification of Distributed Systems", invited talk, University of Vienna, December 2015.
  • Zhengi Huang, University of Illinois at Urbana-Champaign, "Compositional Verification and Security of Cyber-physical Systems", PhD preliminary examination, December 2015.

Other Community Interaction

[UIUC SoS Lablet] We have changed the format of our Bi-Weekly Research Meeting. We are now sharing a time slot with the Information Trust Institute's Trust and Security Seminar Series. Combining these two seminars has increased the audience which allows the SoS faculty and students more opportunity to share their research with others at Illinois.

[UIUC SoS Lablet] Three invited speakers gave seminars during the fall session of the SoS Speaker Series. Patrick McDaniel from UPenn, Paul Barford from the University of Wisconsin, and Neils Provos from Google presented on cyber security topics. The series is heavily advertised throughout the University and we have had an excellent turn out. For the spring three visiting speakers are scheduled: J. Alex Halderman from the University of Michigan, Srdjan Capkun from ETH Zurich, and Patrick Traynor from the University of Florida.

[Mitra, Dullerud, Chaudhuri] We are in the process of organizing a Workshop entitled "Science of Security for Cyber-Physical Systems (SOSCYPS)" to be held as part of the CPS Week 2016 to be held in April 2016. CPSWeek is the main annual event for the cyberphysical systems community. It consists of 4 major international conferences---ACM International Conference on Hybrid Systems: Computation and Control (HSCC), ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS), ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN), IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS), and several workshops and tutorials. http://publish.illinois.edu/science-of-security-lablet/science-of-security-for-cyber-physical-systems-workshop/

[UIUC SoS Lablet] The Illinois SoS Lablet website has undergone a major overhaul. All of the lablet's publications and presentations have been added by project. The website features enhanced communications regarding upcoming events. The website can be found at http://publish.illinois.edu/science-of-security-lablet/

C. Educational
Any changes to curriculum at your school or elsewhere that indicates an increased training or rigor in security research.

[Xie, Blythe, Koppel, Smith] PI Xie is designing teaching materials on software analytics (including security analytics) in collaboration with Microsoft Research for teaching and training data-driven approaches to software engineering and security. Some materials are presented in a tutorial at SPLASH 2015 in October 2015.

[Godfrey, Caesar, Nicol, Sanders Jin] Kevin Jin initiated the request and helped to create a new Ph.D. core course group, named "network and security", at the Illinois Institute of Technology. He revised the class CS 558 "Advanced Computer Security" as a key component for the new group.

[Godfrey, Caesar, Nicol, Sanders Jin] Brighten Godfrey co-taught a Coursera online course on Cloud Networking, with roughly 30,000 students enrolled. This course included a segment on network security for the cloud, particularly with respect to network virtualization.

[UIUC SoS Lablet] A call for summer internship applicants has been sent out to the SoS community. The request has been posted to the CPS-VO, Facebook and most notably the iLink system reaching 53 targeted colleges and universities across the United States. The application deadline is January 19, 2016.

Groups: