UIUC SoS Lablet Quarterly Executive Summary - January 2023
A. Fundamental Research
High level report of result or partial result that helped move security science forward-- In most cases it should point to a "hard problem". These are the most important research accomplishments of the Lablet in the previous quarter.
Resilient Control of Cyber-Physical Systems with Distributed Learning
- We have developed a procedure for reliability analysis of cyber-physical systems with complex perception modules implemented using machine learning models.
- We have developed and implemented a nearly sample-optimal algorithm for statistical model checking of markov decision processes. This advances the state of the art in achieving resiliency (hard problem) as optimal data usage for verification makes the algorithms effective for offline analysis of autonomous system design as well as on board monitoring.
An Automated Synthesis Framework for Network Security and Resilience
- We continue to develop a simulation-based platform for cyber-physical system resilience and security evaluation, which addresses the resilient architecture and scalability hard problem. In the current quarter, we further improved our lightweight virtual time system, VT-IO, that integrates precise I/O time for container-based network emulation. In particular, we modeled and analyzed the temporal error during I/O operations and developed a barrier-based time compensation mechanism in the Linux kernel. We also designed and implemented a dynamic load monitor to mitigate the temporal error during I/0 resource contention. VT-IO enables accurate virtual time advancement with precise I/O time measurement and compensation. The experimental results show that the temporal error is reduced from 7.888 seconds to 0.006 seconds with the new dynamic load monitor, by only introducing around 2% overhead of the total execution time. A paper describing the work has been submitted to ACM TOMACS.
- We continue to apply programmable networks (P4) to enhance cyber security and resilience of energy systems to address the resilient architecture hard problem. In the current quarte, we have developed a general programmatic framework to enable operators to encode constraints on message ordering, packet header and payload values, and path attributes in intuitive ways based on regular expressions. We have developed new algorithms to automatically compile these supplied constraints into P4 programs, obviating the need for human operators to take the more complex and error-prone process of programming their goals directly into P4. To validate our approach, we have undertaken a study of 12 known high-profile attacks on energy grid infrastructures, and investigated the ability of our model to detect and constrain these attacks.
- We have developed a design and evaluation framework for a self-driving “service provider infrastructure” that leverages our prior work on verification and synthesis to address the resilient architecture hard problem. In the current quarter, we worked with AT&T to develop an application of our approach to Radio Access Networks (RANs). AT&T has expressed interest in the work to improve operational security and reliability of their RANs. As part of our efforts, we developed models of key components within a RAN, including their preconditions and postconditions. We constructed implementations of these models in the Planning Domain Definition Language (PDDL). We also constructed a simulation framework for a RAN using the ns-3 simulation platform. We are working with AT&T to gain access to relevant workload (traffic, workload, and event/failure logs), which we will use to replay against our implementation to study performance.
B. Community Engagement(s)
Research interaction in the community including workshops, seminars, competitions, etc.
- Matthew Caesar is serving as the Vice Chair for ACM SIGCOMM
- Matthew Caesar is serving on the Steering Committees for ACM CoNEXT and ACM SOSR
- Kevin Jin is serving as an Associate Editor for ACM TOMACS.
- Kevin Jin is serving as a Program Co-chair for ACM SIGSIM-PADS 2023.
- Kevin Jin is serving as a guest editor for TOMACS-PADS special issue 2022/2023
- Matthew Caesar is serving on the Program Committee for USENIX NSDI 2023 and ACM CoNEXT 2023. He will serve on the Program Committee for USENIX NSDI 2024..
- Matthew Caesar is serving as a co-chair for the Networking Channel (https://networkingchannel.eu/), an online talk series for computer networking, systems, and security topics that is a joint initiative between EU's Empower initiative, the National Science Foundation's PAWR office, and ACM SIGCOMM. Talks are held online and are open to all, to provide broad reach into the community.
- Mitra created and successfully organized a Code a Car summer camp for high school students. Link Media
Publications
- O. Piramuthu and M. Caesar. VANET Authentication Protocols: Security Analysis and a Proposal. Journal of Supercomputing, Springer, December 2022
- Dong Jin, Yanfeng Qu, Xin Liu, Christopher Hannon, Jiaqi Yan, Alex Aved, Philip Morrone. Dynamic Data-Driven Approach for Cyber Resilient and Secure Critical Energy Systems, Book Chapter, Handbook of Dynamic Data Driven Applications Systems, Volume 2, Springer
- Umar Farooq, Mubashir Anwar, Haris Noor, Rashid Tahir, Santhosh Prabhu, Ali Kheradmand, Matthew Caesar, Fareed Zaffar, FORTIFY: Software Defined Data Plane Resilience, IEEE NFV-SDN, November 2022. (Received best paper award)
- Learning Certifiably Robust Controllers Using Fragile Perception, Dawei Sun, Negin Musavi, Geir Dullerud, Sanjay Shakkottai, Sayan Mitra, NeurIPS 2022 5th Robot Learning Workshop: Trustworthy Robotics, 2022
- Verifying Controllers with Vision-based PerceptionUsing Safe Approximate Abstractions. Chiao Hsieh, Keyur Joshi, Dawei Sun, Yangge Li, Sasa Misailovic, and Sayan Mitra. Proceedings of EMSoft, 2022 and IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.
- Using Probabilistic Programming in Anonymous Communication Networks, Hussein Darir, Geir Dullerud, Nikita Borisov, to appear at Network and Distributed System Security Symposium (NDSS), 2023.
- Revisiting PGD Attack for Stability Analysis of Large-Scale Nonlinear Systems and Perception-Based Control, by Aaron Havens, Darioush Keivan, Peter Seiler, Geir E. Dullerud, Bin Hu, Proceedings of IEEE Control and Decision Conference (CDC), 2022.
C. Educational Advances
Impact to courses or curriculum at your school or elsewhere that indicates an increased training or rigor in security research.
- Matthew Caesar has run a summer camp on the Security of Internet of Things in summer of 2022 through UIUC's WYSE program, which admits diverse and underrepresented high school students from across the United States. The program exposed students to technology and career opportunities in the realm of cyber security, and featured talks by industry professionals and experts. Matthew and Kevin plan to work together to expand the camp for 2023, incorporating novel applications and laboratory exercises, as well as an on-site visit to UIUC's TCIP center, which houses testbeds and demonstrative infrastructures for power grid cybersecurity.
- Kevin Jin is advising three undergraduate Honor’s theses with the topic on cyber secure and resilient energy systems. In the current quarter, Jack Norris received the State Undergraduate Research Fellowship (SURF), and Luke Waind received the Honors College Research Grant.
- Kevin Jin has developed a new graduate class “Advanced Network Security” at the University of Arkansas. This class aims to provide a thorough grounding in cyber-security for students who are interested in conducting research and development work on network security and for students who are more broadly interested in real-world security issues and techniques. The class will be offered in Spring 2023.
- Neil Getty successfully defended his Ph.D. dissertation in July 2022. He joined Argonne National Lab as a Computational Scientist.
- Matthew Caesar has undertaken substantial work to update his Internet of Things MOOC, which reaches over 17,000 students, including development of two new laboratory assignments allowing students to explore cybersecurity of Cisco IOS and core networks, as well as AWS IoT and cloud IoT platforms.
- Matthew Caesar is also teaching CS 437: Internet of Things at the University of Illinois, which covers advanced concepts and security practices in IoT, and which will be taught to about 150 on-campus graduates/undergraduates, as well as about 150 graduate students who are part of the Illinois Masters in Computer Science program, many of whom are software development professionals working in companies across many sectors.
- We have created content for a Summer School for highschool students, supported by the SoS program and Illinois WYSE (Worldwide Youth in Science and Engineering). All the educational material, code, and presentations have been made publicly available.
Groups: