KU SoS Lablet Quarterly Executive Summary - 2021 Q1

A. Fundamental Research

The University of Kansas Lablet continued work on four projects on resiliency, preventing side channel communication, developing semantics and infrastructure for trust, and secure native binary execution. Specifically, we are: (i) reducing micro-architectural side-channels by introducing new OS abstractions while minimally modifying micro-architecture and OS; (ii) developing an epistemology and ontology for framing resilience; (iii) formalizing the remote attestation and defining sufficiency and soundness; and (iv) developing a framework for client-side security assessment and enforcement for COTS software. 

B. Community Engagement(s)

The KU Bioscience and Technology Business Center representing Ad Astra Integrity Measurement Systems negotiated rights to commercialize LKIM in cooperation with NSA.  While not directly funded by Science of Security, the program made this result possible.  Our Industrial Advisory Board helped identify commercialization partners and aided in defining and valuing initial markets.  Our NSA project champion, Peter Loscocco, made us aware of the opportunity.

KU PIs participated in an informational meeting with the KU Chancellor, Provost, Assessment and Achievement Institute (AAI) and LTG James Rainey, US Army CAC commander where we presented lablet research projects.  LTG Rainey is responsible for cybersecurity training across the US Army and is interested in our research for purposes of enhancing their training subjects and delivering training to a diverse military.   Our Lablet and KU’s AAI has significant potential for delivering cybersecurity education to soldiers in the field.  AAI provides experiential learning and micro certification capabilities that can significantly enhance CAC’s training capabilities.

Perry Alexander continued to support the High Confidence Software and Systems Conference sponsored in part by NSA.  He met with the steering group to establish topics for this year’s conference and will serve as a shepherd for a number of papers.  Work the KU Lablet is involved with will be presented at the symposium by our MITRE partners.

Perry Alexander and John Symons helped organize a Red Hot Research symposium at KU on blockchain with emphasis on security and privacy.  The symposium featured a number of student and faculty presentations targetting a general audience.  A similar presentation is planned for SUNY Buffalo later this year.  John Symons continues his online seminar work this semester with University of Oregon.  KU PIs and students participated in the Science of Security quarterly meeting January 12-13 where Prasad Kulkarni presented his work on secure native binary execution.

Lablet PIs continue to support our CHASSI effort with Syracuse, Indiana, Minnesota and Case Western Reserve in high-assurance and secure systems.  We are defining projects that are of interest to our industrial partners.  Several projects are closely related to our lablet research projects and could result in significant technology transfer interest.

PIs continue work with MITRE, JHUAPL, and NSA to develop remote attestation approaches.  The paper Flexible Mechanisms for Remote Attestation submitted to ACM Transactions on Privacy and Security is a direct result of these interactions.

C. Educational Advances

KU PIs began an effort to develop course materials for a new cybersecurity offered tentatively called Introduction to Formal Methods and Cybersecurity.  The objective of this effort is to develop a course that introduces formal techniques to undergraduate students in the context of verifying secure and trusted systems.