KU SoS Lablet Quarterly Executive Summary - 2022 Q3

A. Fundamental Research

The University of Kansas Lablet continued work on four projects targeting resiliency, preventing side channel communication, developing semantics and infrastructure for trust, and secure native binary execution. Specifically, we are: (i) reducing micro-architectural side-channels by introducing new OS abstractions while minimally modifying micro-architecture and OS; (ii) developing an epistemology and ontology for framing resilience; (iii) formalizing the remote attestation and defining sufficiency and soundness; and (iv) developing a framework for client-side security assessment and enforcement for COTS software.

Highlights from this quarter include:

• Dr. Heechul Yun and his team continued to develop a new microarchitectural attack and an OS kernel-level defense technique.  Their paper, "DeepPicarMicro: Applying TinyML to Autonomous Cyber Physical Systems," was published at RTCSA'22. Describing their optimization of a CNN based end-to-end deep learning model for an autonomous RC car on a micro-controller. The preprint of the paper received media coverage (hackers.io).

• Dr. Prasad Kulkarni and his team continued to develop techniques that  detect the presence of CWEs and indicators of secure coding practices adopted during the coding stage from just the binary code. They developed a method to automate determining the effectiveness of their new CWE and fault detection techniques on binaries.  Their paper describing  techniques, results, and observations regarding the detection of compiler-added security checks in binaries was accepted in Springer's ISPEC'22.  They presented a paper that describes their technique to identify the high-level source language from the given binary at ICR'22. 

• Dr. Perry Alexander and his team continued modeling protocol negotiation including attestation system manifests, and developed a demonstration of existing capabilities on the KU attestation testbed.  They submitted a paper "A Formal Architecture for Trustworthy Remote Attestation" to FM'23 and a student paper to the ASE'23 doctoral symposium.  Working with other Lablet PIs they are supporting C3E in October and an FBI/KU working conference in January.
   

B. Community Engagement(s)

The Institute for Information Sciences (I2S) at The University of Kansas received a Research Rising award from the Vice Chancellor of Research.  This $3M award supports developing a new Center for Cybersocial Dynamics and hiring multiple tenure track faculty and postdoctoral researchers over the next 5 years.  The new Center will focus on interactions between computing systems and social institutions bringing together researchers from Social Sciences and Computer Science.  The proposal was lead by Lablet PIs Dr. John Symons and Dr. Perry Alexander.  Dr. Symons will be the director of the new Center.

The Kansas Lablet will be hosting the Computational Cybersecurity in Compromised Environments (C3E) symposium October 17-19 on the KU campus.  Dr. Perry Alexander will be delivering a keynote presentation on Attestation and Time. The C3E symposium will be followed by a one day series of presentations and demonstrations of security research including our Lablet projects.  Of particular note is the initial demonstration of our attestation testbed. 

The Kansas Lablet will be co-hosting the KU/ FBI Cybersecurity Conference on January 27, 2023.  This conference will feature speakers from our Lablet projects, FBI Associate Director, and our industry advisory board.  Dr. Perry Alexander will be serving as event host.

Grant Jurgensen gave a presentation at the seL4 Summit on KU's formally verified attestation architecture.

KU continues is Lambda Circle reading group for students and faculty interested in languages and security issues.  Recent topics include dependent type systems, an ACL2 introduction, and the Coq ssreflect system.  Presentations and discussions are open to all.KU Lablet PIs continue work with MITRE, JHUAPL, and NSA to develop remote attestation approaches. Joint work from this effort is available at [https://www.copland-lang.org](https://www.copland-lang.org/) including the Copland Collection of utilities and tools, Copland formal semantics, and attestation manager implementations.

C. Educational Advances

The KU Department of Electrical Engineering and Computer Science department has submitted a formal proposal for a new Bachelor of Science in Cybersecurity for approval.  Several Lablet PIs were involved in developing the proposal including Dr. Prasad Kulkarni and Dr. Heechul Yun