UIUC SoS Lablet Quarterly Executive Summary - April 2020

A. Fundamental Research
High level report of result or partial result that helped move security science forward-- In most cases it should point to a "hard problem". These are the most important research accomplishments of the Lablet in the previous quarter.

[Project: An Automated Synthesis Framework for Network Security Resilience] We continued the transfer of our technology to industry through interactions with Veriflow and VMWare. Current collaborations target enhancement of our verification technology to operate on real-time traffic data. We continue to investigate of automated synthesis of network control to preserve desired security policies and network invariants. We continued the exploration of self-healing network management to address the resilient architecture hard problem and application of the methods to applications in cyber-physical energy systems. We continue to study the interdependence between the power system and the communication network with the goal of improving resilience in critical energy infrastructures. Our review paper on power grid resilience enhancement has been accepted by IET smart grid journal. We continue to develop a simulation/emulation-based platform for cyber-physical system resilience and security evaluation. The platform combines physical computing and networking hardware for the cyber presence while allowing for offline simulation and computation of the physical world. We have continued our collaboration with AT&T, which operates one of the largest networks in the world, to customize and deploy our technology in their environments; and we have continued our collaborations with Boeing on constructing a resilient IoT platform for the battlefield. We have also made progress constructing a real drone implementation which we will use to evaluate our design. We hope to proceed to a completed approach and construction of a drone-mounted testbed within the next three quarters.

[Project: A Monitoring Fusion and Response Framework to Provide Cyber Resiliency] Our RRE work incorporates modules to monitor current state of a system, detect intrusions, and respond to achieve resilience-specific goals.  Intrusion detection in large-scale distributed systems, which is a necessary precondition for intrusion tolerance and resilience, is highly susceptible to malicious manipulation of system data used for detection (e.g., using rootkits and log tampering), which we term “monitor compromise”. Existing literature attempts to counteract the problem using reputation systems, which weight the trustworthiness of monitor data based on past trustworthiness of the data, but such systems are themselves subject to “betrayal attacks” and “sleeper attacks”. We instead propose the use of data-driven methods for detecting potential monitor compromise. We leverage the insight that systems usually contain multiple monitors that provide redundant information about system activity, so we can use discrepancies between observations of system activity across different monitors to identify potential monitor compromise.

[Project: Uncertainty in Security Analysis] Our research focuses on understanding the network security risk and the uncertainty associated with the estimate when security properties of the network components are not exactly known. In previous study, we used Bernoulli random variables to model the existence of a link between two immediate hosts in the network, which indicates the possibility of a lateral movement [1]. Our current investigation generalized this model by modeling the uncertainty in the link existence using Beta distribution, a more versatile class of distributions that takes one of many different shapes depending on its two parameters. Computing the existence of a pathway between two specifically chosen hosts (i.e. reachability analysis) in the generalized model reduces to identifying the reachability distribution, in the form of a multivariate reliability polynomial of Betas. This is a hard problem. However, our initial results highly suggest that in many cases, the reliability distribution can be well-approximated by another beta distribution. This observation aligns with several results from previous studies [2] [3] regarding approximating Betas. Our finding however applies to a much more general setup. The implication of this result is that under conditions in which the approximation is sufficiently good, the computational cost of reachability analysis can be significantly reduced.

[Project: Resilient Control of Cyber-Physical Systems with Distributed Learning] Three PhD students have been recruited and are dedicating their research time to the project.  We have formulated a new direction of scientific enquiry into safety and security analysis of systems. The approach relies on distributed and sample-efficient optimization techniques that have been developed in the context of the Multi-armed bandit problem. We have shown how these optimization algorithms can be used effectively for statistical model checking of markov decision processes. We have build a suite of benchmarks related to online safety analysis of autonomous and semi-autonomous vehicles. Our initial results are very promising as the data usage and the running time of our algorithms can be several orders of magnitude better than existing model checking approaches such as Storm and Prism. The prototype tool has been made available online.

[Project: A Human-Agent-Focused Approach to Security Modeling] The past quarter we extended our work focused on a metamodeling based approach to sensitivity analysis and uncertainty quantification in complex security models.  To review, many realistic security models run slowly and have input variables whose values are uncertain, which makes it difficult to conduct sensitivity analysis and uncertainty quantification. It is possible to create metamodels of the base security model that trade some accuracy for speed using machine learning techniques. In the previous quarter (the last quarter of 2019), we investigated this method by applying it to a previously-published work that models the growth of peer-to-peer botnets (https://www.perform.illinois.edu/Papers/USAN_papers/08VAN02.pdf). This quarter, we extended the work by applying it to two new models to test its general applicability.

B. Community Engagement(s)
Research interaction in the community including workshops, seminars, competitions, etc.

Publications

1. Benjamin E. Ujcich, Adam Bates, William H. Sanders, "Provenance for Intent-Based Networking", IEEE Conference on Network Softwarization (NetSoft '20)
2. Musavi, Sun, Mitra, Shakkottai, and Dullerud, “Optimistic Optimization for Statistical Model Checking with Regret Bounds” April 2020. Available online from https://arxiv.org/abs/1911.01537; HOOVER tool available from: https://github.com/sundw2014/HooVer
3. Santhosh Prabhu, Kuan Yen Chou, Ali Kheradmand, Brighten Godfrey, Matthew Caesar, “Plankton: Scalable Network Configuration Verification Through Model Checking” NSDI, February 2020

C. Educational Advances
Impact to courses or curriculum at your school or elsewhere that indicates an increased training or rigor in security research.

• Mohammad Noureddine, Uttam Thakore and Ben Ujcich have all passed their preliminary exams this quarter.
• The second edition of PI Mitra’s new course Principles of Safe Autonomy at University of Illinois is coming to a successful conclusion this semester with a larger class size (38 students) despite the setbacks from the COVID19 outbreak. The course takes a deep dive into the seminal topics in object recognition,  localization, decision making, path planning, and safety verification. Graduate and undergraduate students from ECE and CS are completing the course. The course team has designed 6 New programming assignments involving topics such as lane detection, road-sign recognition, localization with particle filters, decision making with reinforcement learning, path planning with rapidly expanding random trees, and safety verification using simulation-driven proofs. With support from the Illinois Center for Autonomy, we have setup a laboratory with 7 workstations with GPUs for performing simulation-based experiments. The students are using ROS, Gazebo, for testing their programming assignments. Find out more about the safe autonomy course and the student projects at https://publish.illinois.edu/safe-autonomy/