SoS Quarterly Summary Report - April 2016
Lablet Summary Report
Purpose: To highlight progress. Information is generally at a higher level which is accessible to the interested public.
A). Fundamental Research
High level report of result or partial result that helped move security science foward-- In most cases it should point to a "hard problem".
[Sanders, Bashir, Nicol and Van Moorsel] We also continue extending the work submitted in John Mace's PhD thesis looked at providing tools and techniques to analyze the impact of information security policies. Of particular interest is the impact on workflow resiliency, the likelihood of a workflow executed by users with probabilistic availability being completed whilst satisfying all security constraints. We investigate the notion of power that users hold over the completion of a workflow in terms of expected power and actual power and show that the latter may be greater in some cases. This work incorporates parameterized models and would provide a useful case study for our data collection support tool prototype.
[Xie, Blythe, Koppel, Smith] PI Jim Blythe, Dartmouth PhD student Vijay Kothari, and Dartmouth undergraduate Bruno Korbar, as well as PIs Ross Koppel and Sean Smith, have been working on building a new iteration of DASH in Python that is nearing completion. In addition to the previous functionality of the Prolog/Java-based version of DASH, we are working on providing functionality to model space and time, and more robust multi-agent functionality. We are also working toward recreating the password simulation in this Python version of DASH.
[Godfrey, Caesar, Nicol, Sanders, Jin] Continued work on project on a database-based modeling of network behavior. A short paper, accepted last quarter, was presented at ACM SOSR 2016 in March. In addition, we developed a full-length paper submission now in submission to ACM SIGCOMM 2016. This submission introduces efficient incremental data translations so network state can be represented at multiple levels of abstraction by multiple applications simultaneously, all orchestrated to control the same network. In addition, we added a full set of experiments.
[Iyer, Kalbarczyk] This quarter we have continued our work on building a security testbed that provides an execution platform for replaying security attacks in a controlled environment. Specifically, we designed and executed experiments to: i) test our methods for generating variants of known attacks and ii) evaluate detection capabilities of several detection techniques against such attack variants.
[Mitra, Dullerud, Chaudhuri] Our inductive synthesis algorithm is currently under review. Zhenqi Huang attended the Excape Synthesis Summer School at MIT. This summer we are looking to apply these approaches to realistic drone models for automatic synthesis.
B). Community Interaction
Work to explain or extend scientific rigor in the community/culture. Workshops, Seminars, Competitions, etc.
Presentations
- David Nicol, University of Illinois at Urbana-Champaign, "Quantitative Analysis of Stepping Stone Access to Cyber-physical Assets", University of Central Florida Department of Computer Science Spring 2016 Distinguished Speaker Series, January 25, 2016.
- Tao Xie, University of Illinois at Urbana-Champaign, "User Expectations in Mobile App Security", Joint Trust and Security/Science of Security Seminar, January 26, 2016.
- Tao Xie, University of Illinois at Urbana-Champaign, "User Expectations in Mobile App Security", SoS Quarterly Meeting at North Carolina State University, February 2-3, 2016.
- J. Alex Halderman, University of Michigan, "Logjam: Diffie-Hellman, Discrete Logs, the NSA, and You", Science of Security Speaker Series, February 9, 2016.
- Wing Lam, University of Illinois at Urbana-Champaign, "Towards Preserving Mobile Users' Privacy in the Context of Utility Apps", Joint Trust and Security/Science of Security Seminar, March 1, 2016.
- Dong (Kevin) Jin, "Towards a Security and Resilient Industrial Control System with Software-Defined Networking", Joint Trust and Security/Science of Security Seminar, March 15, 2016.
- Srdjan Capkun, ETH Zurich, "Secure Positioning: From GPS to IoT Applications", Science of Security Speaker Series, March 30, 2016.
Other Community Interaction
[UIUC SoS Lablet] Two invited speakers gave seminars during the beginning of the spring session of the SoS Speaker Series. J. Alex Halderman from the University of Michigan and Srdjan Capkun from ETH Zurich gave talks on cyber security topics. The series is heavily advertised throughout the University and we have had an excellent turn out. Patrick Traynor from the University of Florida will be the last speaker of the semester on April 12.
[Mitra, Dullerud, Chaudhuri] Our workshop entitled "Science of Security for Cyber-Physical Systems" (SoSCYPS) to be held as part of the CPS Week 2016 to be held April 11, 2016. The goal of the workshop is to advance the Science of Security and cyber-physical systems. Leaders of the two communities will engage in a full day workshop of invited talks and a panel discussion. The workshop agenda and a list of speakers and topics can be found at the SoSCYPS webpage: http://publish.illinois.edu/science-of-security-lablet/science-of-security-for-cyber-physical-systems-workshop/
C. Educational
Any changes to curriculum at your school or elsewhere that indicates an increased training or rigor in security research.
[Godfrey, Caesar, Nicol, Sanders Jin] Preparations have begun for the next iteration of our Coursera online course on Cloud Networking. When this was taught last fall, roughly 30,000 students enrolled. This course included a segment on network security for the cloud, particularly with respect to network virtualization.
[UIUC SoS Lablet] Five students have accepted positions as SoS summer interns. The students are from Tennessee State University, North Texas University, and the University of Illinois at Urbana-Champaign. We are working on an educational program that will be in conjunction with other internship programs within the UIUC College of Engineering.