NCSU SoS Lablet Quarterly Executive Summary
A. Fundamental Research
High level report of result or partial result that helped move security science forward-- In most cases it should point to a "hard problem". These are the most important research accomplishments of the Lablet in the previous quarter.
We continued to produce science of security outcomes. The following are the major contributions from Lablet projects.
- We refined the design and the implementation of our runtime targeted patching system. An extended abstract about the work will be presented at HotSoS 2020. We continued our work on an aggregated learning framework to further improve anomaly detection accuracy for microservices system consisting of many ephemeral containers. Our preliminary results show that aggregated learning can achieve a higher detection accuracy than a single model without the need to maintain an individual model for each container.
- We collated the vulnerability reports from CPTC 2019 and found a total of 67 vulnerabilities reported from the teams, for which we are constructing timelines. We began work on a model to assist in helping tag the timeline according to the MITRE ATT&CK framework. Our initial model trained on the CPTC 2019 data had an F1 measure of 59%.
- We started building a computational framework which by analyzing app reviews identifies if that app facilitates spying activity. We conducted a preliminary investigation to identify app reviews that were relevant to spying. We observed that relevant app reviews differ greatly in terms of the severity of the problem leading us to investigate how we can automatically determine the severity of the app's spying capability described in an app review. We are designing an annotation scheme for crowdsourcing the annotation of reviews based on their severity.
- We evaluated our proposed enhancements to the Zigbee protocol, which we proposed to avoid vulnerabilities in Zigbee that we previously identified. We used ProVerif to verify the correctness of the proposed protocols. We implemented and deployed our enhanced protocol to evaluate and compare with the Zigbee standard implementations in terms of delay, memory usage, and message size. We found that the enhanced protocol does not introduce extra messages and induces only 3.8% overhead on average for the entire join procedure.
- We conducted interviews with experts that yielded valuable insights and knowledge into what makes cybersecurity research scientific. The interviews reveal the scope of information the Science of Security and the Paper Review rubric will have to contain to address different types of cybersecurity research papers. Our key finding from the interviews is that a rubric that addresses a wide variety of cybersecurity topics will be complex and potentially large.
B. Community Engagement(s)
Research interaction in the community including workshops, seminars, competitions, etc.
We brought up the Science of Security in a variety of fora, including
- Presentations at and discussions with colleagues at academic conferences.
We hosted the SoS Lablet winter quarterly meeting at NCSU which had active participation from the NSA, other SoS lablets, and industry.
C. Educational Advances
Impact to courses or curriculum at your school or elsewhere that indicates an increased training or rigor in security research.
- Approved by NSA
- NCSU
- Coordinated Machine Learning-Based Vulnerability & Security Patching for Resilient Virtual Computing Infrastructure
- Development of Methodology Guidelines for Security Research
- Predicting the Difficulty of Compromise through How Attackers Discover Vulnerabilities
- Principles of Secure BootStrapping for IoT
- Reasoning about Accidental and Malicious Misuse via Formal Methods
- 2020: April