SoS Quarterly Summary Report - NCSU - October 2016
Lablet Summary Report
Purpose: To highlight progress. Information is generally at a higher level which is accessible to the interested public.
A). Fundamental Research
High level report of result or partial result that helped move security science forward-- In most cases it should point to a "hard problem".
- For the metrics hard problem, we have accomplished the following:
- Formulated the problem of collaborative intrusion detection with consideration of how to minimize the sharing of information between the collaborating intrusion detectors, which can remove a hurdle to potential collaboration.
- Using a dataset of over 1,500 healthcare breaches as revealed by the US government, developed an approach for understanding how security policies cover or fail to cover security breaches that have arisen in practice, which would help understand whether there problems in defining or in implementing policies.
- For the humans hard problem, we have accomplished the following:
- Developed and applied a tool for visualizing certain cognitive processes as they relate to input devices, which would help us understand task completion and potentially identify unsafe behaviors by users.
- Developed an approach to capture how user training may take place in connection with interactions such as phishing warnings displayed to users, which could yield a means to provide effective training in situ where it would be more memorable.
- Studied how stable user traits such as personality and susceptibility can affect a user's response to a phishing attack, which can help identify and assist user populations at increased risk.
- For the resilience hard problem, we have accomplished the following:
- Analyzed over 350,000 images on Docker Hub to understand their vulnerabilities and practices, such as patching, relating to these images, which can help understand how vulnerabilities propagate through images and how to reduce them.
- Developed a formal model for resilience in networks and applied it to synthesize network configurations that take into account isolation and diversity to promote resilience.
- Developed metrics for isolation and diversity, which can help us identify optimal responses to multistage attacks on network assets.
- For the policy hard problem, we have accomplished the following:
- Launched our privacy incidents database website, which helps collect and classify privacy incidents with the view of promoting empirical, scientific research into aspects of privacy that are otherwise studied on largely anecdotal grounds.
- Developed a new approach, including design patterns, for specifying sociotechnical systems that address privacy and security concerns of stakeholders, which can lead to improved ways to elicit stakeholder requirements and capture them through a combination of the social and the technical architecture.
- Began developing a new model of a software development organization, its processes, and staff, which can serve as a basis for understanding the emergence and adoption of software practices that lead to secure software development.
B). Community Interaction
Work to explain or extend scientific rigor in the community culture. Workshops, Seminars, Competitions, etc.
- Developed interview guides and surveys to assess the impact of lablet participation on various lablet stakeholder groups, which can provide greater visibility into potential benefits of our systematic approach to the science of security.
- Refined our rubric to use for characterizing the main elements of science as reflected in published research in cybersecurity, which may lead to improved classification of existing research and potentially guidelines for future publications that bring out their scientific contributions
C. Educational
Any changes to curriculum at your school or elsewhere that indicates an increased training or rigor in security research.
- Developed a new rubric and web surveys to assist lablet participants in organizing their comments to reviews of exploratory ideas, research plans, and manuscripts prior to publication, which can lead to more focused comments and discussions before a research effort is considered complete.
- Round 2 Projects
- NSA Program Manager
- Scalability and Composability
- Policy-Governed Secure Collaboration
- Metrics
- Resilient Architectures
- Human Behavior
- NCSU
- A Human Information-Processing Analysis of Online Deception Detection
- Attack Surface and Defense-in-Depth Metrics
- Automated Synthesis of Resilient Architectures
- Formal Specification and Analysis of Security-Critical Norms and Policies
- Leveraging the Effects of Cognitive Function on Input Device Analytics to Improve Security
- Redundancy for Network Intrusion Prevention Systems (NIPS)
- Resilience Requirements, Design, and Testing
- Scientific Understanding of Policy Complexity
- Smart Isolation in Large-Scale Production Computing Infrastructures
- Systematization of Knowledge from Intrusion Detection Models
- Understanding the Effects of Norms and Policies on the Robustness, Liveness, and Resilience of Systems
- Vulnerability and Resilience Prediction Models
- Warning of Phishing Attacks: Supporting Human Information Processing, Identifying Phishing Deception Indicators & Reducing Vuln.
- FY14-18
- Oct'16