Visible to the public SoS Quarterly Summary Report - NCSU - April 2016Conflict Detection Enabled

Lablet Summary Report
Purpose: To highlight progress. Information is generally at a higher level which is accessible to the interested public.

A). Fundamental Research
High level report of result or partial result that helped move security science forward-- In most cases it should point to a "hard problem".

  • For the metrics hard problem, we have accomplished the following:
    • We constructed objective criteria to compare and contrast various resiliency metrics: generality, coverage, accuracy, assumptions, effectiveness, cost/complexity, and deployability.
    • We fed the algorithm design for collaborative intrusion detection system (IDS) configuration, and tested it through extensive simulations. Simulation results indicate that the proposed scheme can facilitate effective resource-sharing among IDSs, leading to significant gain in detection performance. Some theoretical analysis was also conducted, and the conditions under which there is a guaranteed performance improvement as compared to the autonomous IDS system were quantified.
    • We developed a framework called Nane for identifying misuse cases from normative enactments. Understanding the relevant misuse cases of a software system is crucial to prevent security breaches, which often originate from the social interactions among users.
  • For the humans hard problem, we have accomplished the following:
    • We made further progress towards the implementation and evaluation of Human Subtlety Proofs (HSPs), emphasizing the characterizing the differences between existing cognitive models of typing and the types of tasks users are doing in the data set we have collected. We have emphasized both good points and bad points about existing models through a data-driven hypothesis generation process, whereby a custom visualization tool has scaffolded our data analysis and ideation about human subtleties.
  • For the resilience hard problem, we have accomplished the following:
    • We completed the first implementation phase of a tool for measuring the resistance of cyber systems based on isolation and diversity. Our tool verifies the mission's integrity using the isolation and diversity specification against the attack model (described in the resiliency requirements project).
    • We developed a simple language to model attacks, specifically DDoS and Worms propagation attacks. Since there are many different scenarios for these attacks, it is important to define a language that the users can use to define the attack model to be used to verify resiliency. We are currently building tools to simulate these attacks.
    • We have developed a framework and system for subjecting microservice-based systems to faults and evaluating their reactions to them, in an effort to validate proper implementation of fault-handling patterns. This work performs fault injection and monitoring at the network layer and so complements SOL by providing an active monitoring capability for proper implementation, specifically of fault-handling patterns.
  • For the policy hard problem, we have accomplished the following:
    • Launched the privacy incidents database and had a paper accepted to the Privacy Law Scholars Conference based on this initiative.
    • We introduced an approach to make firewall policies more modularized. We developed ModFP, an automated tool for converting legacy firewall policies represented in access control list to their modularized format. With this tool, we are able to understand complex policies as well as identify subtle errors.
    • We enhanced our implementation of our representation and reasoning framework for conflicting norms, demonstrated more complex scenarios involving multiple interrelated norms.
    • We enhanced our approach for mapping from norm schemas to relational (SQL) queries. This approach supports the various norm types defined in the literature (and potentially new types) by showing how to compute the lifecycle state of any norm from the underlying (and appropriately linked) relational information stores.
    • We enhanced the sociotechnical formalization of NoReST, which we developed previously, with a formal model for domain assumptions and technical mechanisms. We also conducted a user study to demonstrate the usefulness of normative models for capturing requirements.

B). Community Interaction
Work to explain or extend scientific rigor in the community culture. Workshops, Seminars, Competitions, etc.

  • We have completed an agenda for our two-day summer workshop (June 2-3; http://cps-vo.org/node/25844). We planned exercises aimed at studying the quality of Science of Security publications. We are also planning several activities to build bridges between the Science of Security research community and security professional in industry and government, including an industry-led panel discussion. We have also included a mini-workshop on technology transfer to be led by a nationally known expert in this field.


C. Educational
Any changes to curriculum at your school or elsewhere that indicates an increased training or rigor in security research.

  • In our June 2-3 summer workshop, students will learn more about sound research methods.
  • We are continuing our weekly seminar series with supported students and PIs. Students present their research plans and publications to obtain feedback on their work. We have continually refined presentation as well as review guidelines to highlight the scientific content.