Visible to the public SoS Quarterly Summary Report - April 2017Conflict Detection Enabled

Lablet Summary Report
Purpose: To highlight progress. Information is generally at a higher level which is accessible to the interested public.

A). Fundamental Research
High level report of result or partial result that helped move security science foward-- In most cases it should point to a "hard problem".

[Sanders, Bashir, Nicol and Van Moorsel] We have implemented a data collection strategy optimization tool for parameterized models. Given a data-sampling budget, the tool computes how much data per parameter should be collected from multiple data sources to provide the most accurate model output. Computing an optimal strategy is computationally expensive so we explore ways to make our tool more efficient. We consider three case studies to highlight the effectiveness of our tool; workflow resiliency, server energy consumption, and data collection vs. privacy. We also continue to explore the idea of quantifying user power during the execution of security constrained business workflows. By modeling workflows as directed graphs we utilize node power measures used in graph theory to highlight critical steps and users in a workflow. We consider a case study based on reshipping scams, which we model as workflows. We look to identify which steps in the scam are critical and should be targeted, or 'taken out' to reduce the likelihood of scam completion.

[Xie, Blythe, Koppel, Smith] We have been continually developing a platform, called DASH, for agent-based simulations of circumventive behavior in order to understand their causes and consequences. We have largely completed the re-implementation of DASH in Python and have built several agents on the new platform, including models for password behavior, authentication on shared computers and attackers.

[Godfrey, Caesar, Nicol, Sanders, Jin] Released DSSNet software (https://github.com/annonch/DSSnet), a testing and evaluation platform for studying network security in electricity power grid environment. We continue to improve the fidelity and scalability of our simulation/emulation testing and evaluation platform, including a new network model abstraction technique that effectively transforms network devices in an SDN-based network to one virtualized switch model.

[Iyer, Kalbarczyk] Introduce mathematical underpinnings and algorithms to learn: (i) a factor graph structure that represents dependencies among observed events and hidden attack stages and (ii) factor graph parameters (i.e., factor functions) that allow quantifying the most probable stage of the attack based on a sequence of events (corresponding to system, user, and attacker activities) observed at runtime. The goal is to minimize manual effort involved in defining factor functions and improve the detection coverage.

[Mitra, Dullerud, Chaudhuri] .We have formulated the general problem of controller synthesis in the presence of resource constrained adversaries; namely, given an adversary of a certain classification, parametrized according to the resources available to the adversary, we are creating a methodology to assess the performance degradation from this threat class. We have developed a sound and complete algorithm for solving this problem, initially for the special case of linear systems with L2-norm bounded adversaries, and now for more general nonlinear models.

[Gunter and Viswanath] A fundamental study of anonymity of the networking stack of Bit Coin cryptocurrency is more than half-way completed. Substantial progress has been made and a paper representing the work so far has been accepted to Sigmetrics 2017.

B). Community Interaction
Work to explain or extend scientific rigor in the community/culture. Workshops, Seminars, Competitions, etc.

  • Nathaniel Gleicher, Illumio, "What the Secret Service Can Teach Us About Cybersecurity", SoS Speaker Series, University of Illinois at Urbana-Champaign, January 17, 2017.
  • Kevin Jin, "Enabling a Cyber-Resilient and Secure Energy Infrastructure with Software-Defined Networking", Monthly UIUC/R2 Meeting, January 5, 2017.
  • Tao Xie. "Each and Every Student Should Study Computer Science". Invited Talk, National Society of Black Engineers (NSBE) Chapter at the University of Illinois at Urbana-Champaign, February 2017.
  • Jim Blythe, "Modeling Human Behavior to Improve Cyber Security", Invited talk, University of Buffalo, February 2017.
  • Giulia Fanti, NSA SoS Quarterly Meeting, lablet presentation, "Anonymity in the Bitcoin Peer-to-Peer Network, February 1, 2017.
  • Nitin Vaidya, NSA SoS Quarterly Meeting, lablet presentation, "Privacy & Security in Machine Learning/Optimization", February 2, 2017.
  • Wing Lam, Dengfeng Li, and Wei Yang. "Towards Privacy-Preserving Mobile Utility Apps: A Balancing Act." Monthly UIUC/R2 Meeting, February 16, 2017.
  • Giulia Fanti, Joint Trust and Security/Science of Security Seminar, "Anonymity in the Bitcoin Peer-to-Peer Network", February 21, 2017.
  • Giulia Fanti, "Anonymity in the Bitcoin Peer-to-Peer Network", Illinois Bitcoin Meetup, Jump Labs Research Park, University of Illinois at Urbana-Champaign, February 23, 2017.
  • Tao Xie. "User Expectations in Mobile App Security." Invited Talk. IEEE Rochester Section CS/CIS joint chapters/Department of Computing Security, Rochester Institute of Technology, March 2017.
  • Giulia Fanti, "Anonymity in the Bitcoin Peer-to-Peer Network", Security Seminar, Computer Science, University of California at Berkeley, March 10, 2017.
  • Shaileshh Venkatakrishnan, "Dandelion: Redesigning the Bitcoin Peer-to-Peer Network for Anonymity", Security Seminar, MIT, March 15, 2017.
  • Giulia Fanti, "Anonymity in the Bitcoin Peer-to-Peer Network", ISL Colloquium, EE Department, Stanford University, March 16, 2017.
  • Peper Popov, City, University of London, "Conceptual Models of Reliability of Fault-tolerant Software Under Cyber-attacks", SoS Speaker Series, University of Illinois at Urbana-Champaign, March 23, 2017.
  • Chris Hannon, technical presentation, "Ultimate Forwarding Resilience in OpenFlow Networks", in the ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization (SDN-NFV Security 2017), Scottsdale, AZ, March 24, 2017.
  • Giulia Fanti, "Anonymity in the Bitcoin Peer-to-Peer Network", EE Department Seminar, University of Wisconsin, March 28, 2017.

C. Educational
Any changes to curriculum at your school or elsewhere that indicates an increased training or rigor in security research.

[Viswanath] A set of notes summarizing the Bit Coin networking protocols is being developed, with the goal of using them in an upcoming privacy and anonymity course at the graduate level.

[Godfrey, Caesar, Nicol, Sanders, Jin] Godfrey is covering network security in his graduate course, Advanced Computer Networking, including quantitative aspects of BGP security and formal verification of networks. These topics span lectures, reading, and student research projects developing new techniques for formal reasoning about networks.

[Xie, Blythe, Koppel, Smith] I Xie attended the 2017 National Society of Black Engineers (NSBE) Convention during March 30-April 1, where he outreached to a large number of black students (including his mentees) on various exciting computer science problems including security problems.

[UIUC SoS Lablet] Four Science of Security summer interns will begin on June 2017. Two of the interns are returning from last summer to continue working on their research projects. The program will conclude at the end of July with a poster session.