UIUC SoS Lablet Quarterly Executive Summary - October 2022
A. Fundamental Research
High level report of result or partial result that helped move security science forward-- In most cases it should point to a "hard problem". These are the most important research accomplishments of the Lablet in the previous quarter.
Uncertainty in Security Analysis
- Hoang Nguyen successfully defended PhD thesis based upon this work and accepted job with Amazon. Project is now complete.
An Automated Synthesis Framework for Network Security and Resilience
- We continue to develop a simulation-based platform for cyber-physical system resilience and security evaluation, which addresses the resilient architecture and scalability hard problem. In the current quarter, we discovered that when the non-CPU resources (e.g., disk I/O, network I/O, GPU) are overwhelmingly used, our exiting virtual time system yields fidelity issues. Therefore, we propose a new module, Dynamic I/O Load Monitor, to be integrated into VT-IO to improve the emulation fidelity. We conduct comprehensive experiments to analyze the performance of VT-IO with various I/O loads. We then mathematically model the behavior of the I/O load and develop an I/O task scheduling algorithm. The next step is to implement the module in the Linux Kernel to dynamically adjust the I/O time based on the current load of the host machine to maintain high temporal fidelity with an extensive evaluation.
- We have developed a design and evaluation framework for a self-driving “service provider infrastructure” that leverages our prior work on verification and synthesis to address the resilient architecture hard problem. In the current quarter, we continue to focus on network and container orchestration systems (e.g., Kubernetes). Our platform leverages AI planning algorithms to synthesize steps the system needs to take to protect itself against incoming attacks from an intelligent adversary. The team has a collaborative research project on applying model checking to embedded devices and networks. One application is to verify the power system’s full observability policy in phasor measurement unit (PMU) network design under cyber-attacks and link/device failures. We designed a three-step algorithm to evaluate the resilience of a PMU network in the context of link failures. We modeled the PMU network as a connected graph and checked the reachability of PMU nodes to phase data concentrator (PDC) nodes for link failure combinations given an expected number of links that fail simultaneously. Using the IEEE 14-bus system, we illustrated the construction of the graph model and the solution design. We also performed a comparative evaluation on how adding redundant links to the network improves the Power System Observability on the IEEE 118 bus-system. A paper describing the work has been accepted by the 2022 IEEE SmartGridComm conference.
- We continue to explore methods to detect and mitigate attacks caused by IoT botnets in the context of smart grid to address the resilient architecture hard problem. In the current quarter, we propose a new programmable IoT network architecture and a federated machine learning based detection model to identify suspicious attack packets. We are adding P4 switch support to our testbed integrating the OpenDSS and Mininet for MAD attack simulation, detection model training, and mitigation method evaluation. We recently presented a research poster “Yanfeng Qu, Gong Chen, Zheng Hu, Su Feng, Dong Jin. Detection and Mitigation of IoT-Based Load Altering Attacks in Microgrid” at the IIT Student Research Seminar in Fall 2022.
Resilient Control of Cyber-Physical Systems with Distributed Learning
- We have developed a procedure for reliability analysis of cyber-physical systems with complex perception modules implemented using machine learning models.
- We have developed and implemented a nearly sample-optimal algorithm for statistical model checking of markov decision processes. This advances the state of the art in achieving resiliency (hard problem) as optimal data usage for verification makes the algorithms effective for offline analysis of autonomous system design as well as on board monitoring.
- We have created content for a Summer School for highschool students, supported by the SoS program and Illinois WYSE (Worldwide Youth in Science and Engineering). All the educational material, code, and presentations have been made publicly available.
B. Community Engagement(s)
Research interaction in the community including workshops, seminars, competitions, etc.
- Matthew Caesar is serving as the Vice Chair for ACM SIGCOMM
- Matthew Caesar is serving on the Steering Committees for ACM CoNEXT and ACM SOSR
- Kevin Jin is serving as a Program Co-chair for ACM SIGSIM-PADS 2023.
- Kevin Jin is serving as a guest editor for TOMACS-PADS special issue 2022/2023
- Matthew Caesar will serve on the Program Committee for USENIX NSDI 2023.
- Matthew Caesar is serving as a co-chair for the Networking Channel (https://networkingchannel.eu/), an online talk series for computer networking, systems, and security topics that is a joint initiative between EU's Empower initiative, the National Science Foundation's PAWR office, and ACM SIGCOMM. Talks are held online and are open to all, to provide broad reach into the community.
- Sayan Mitra created and successfully organized a Code a Car summer camp for high school students. Link Media
Publications
- Reuben Samson Raj and Dong Jin. A Framework to Evaluate PMU Networks for Resiliency Under Network Failure Conditions. In Proceedings of the 2020 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm) 2022
- Umar Farooq, Mubashir Anwar, Haris Noor, Rashid Tahir, Santhosh Prabhu, Ali Kheradmand, Matthew Caesar, Fareed Zaffar, FORTIFY: Software Defined Data Plane Resilience, IEEE NFV-SDN, November 2022.
- Exploiting monotonicity and symmetry for efficient simulation of highly dependable systems, the 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2022.
- Verifying Controllers with Vision-based PerceptionUsing Safe Approximate Abstractions. Chiao Hsieh, Keyur Joshi, Dawei Sun, Yangge Li, Sasa Misailovic, and Sayan Mitra. To appear in the proceedings on EMSoft, 2022 and IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.
- Low-fidelity Gradient Updates for High-fidelity Reprogrammable Iterative Learning Control, by Kuan-Yu Tseng, Jeff S. Shamma, Geir E. Dullerud, Proceedings of American Control Conference(ACC), 2022.
- A Model-free Adversarial Reinforcement Learning Approach for mu Synthesis, by Darioush Keivan, Aaron Havens, Peter Seiler, Geir E. Dullerud, Bin Hu, Proceedings of American Control Conference(ACC), 2022.
- Revisiting PGD Attack for Stability Analysis of Large-Scale Nonlinear Systems and Perception-Based Control, by Aaron Havens, Darioush Keivan, Peter Seiler, Geir E. Dullerud, Bin Hu, to appear at IEEE Control and Decision Conference (CDC), 2022.
C. Educational Advances
Impact to courses or curriculum at your school or elsewhere that indicates an increased training or rigor in security research.
- Neil Getty successfully defended his Ph.D. dissertation in July 2022. He joined Argonne National Lab as a Computational Scientist.
- Matthew Caesar has undertaken substantial work to update his Internet of Things MOOC, which reaches over 17,000 students, including development of two new laboratory assignments allowing students to explore cybersecurity of Cisco IOS and core networks, as well as AWS IoT and cloud IoT platforms.
- Matthew Caesar is also teaching CS 437: Internet of Things at the University of Illinois, which covers advanced concepts and security practices in IoT, and which will be taught to about 150 on-campus graduates/undergraduates, as well as about 150 graduate students who are part of the Illinois Masters in Computer Science program, many of whom are software development professionals working in companies across many sectors.
- We have created content for a Summer School for highschool students, supported by the SoS program and Illinois WYSE (Worldwide Youth in Science and Engineering). All the educational material, code, and presentations have been made publicly available.
Groups: