Report on Summer 2018 Quarterly Science of Security and Privacy (SoS) Lablet Meeting
Lablet Researchers meet to discuss Science of Security, transition to practice, and outreach
The Summer 2018 Quarterly Science of Security and Privacy (SoS) Lablet meeting was held at the University of Illinois Urbana-Champaign (UIUC) on July 31 and August 1 2018, and was hosted by Bill Sanders, Co-Principal Investigator (PI) at UIUC. This was the first Quarterly meeting since the kickoff of the new contract, and included all of the Lablets awarded contracts in 2018: Carnegie Mellon University (CMU), the International Computer Sciences Institute (ICSI), University of Kansas (KU), North Carolina State University (NCSU), UIUC, and Vanderbilt University (VU). Since research under this contract is not yet mature, the meeting focused on case studies dealing with transition to practice and outreach.
Nadia Carlsten, Program Manager for Transition to Practice (TTP) in the Cyber Security Division (CSD) of the Homeland Security Advanced Research Projects Agency in the Department of Homeland Security Science and Technology organization (DHS S&T), spoke on how the TTP program at DHS identifies promising federally-funded cybersecurity research and accelerates transition from the laboratory to the marketplace through partnerships and commercialization. The TTP program guides researchers through a proven maturation process and connects that research with investors, technologists, and government to create better solutions through partnerships. Transitions include startups, commercial products, open source solutions, and government-wide use. Dr. Carlsten noted that the “value is being able use TTP as a one stop shop” which lowers risk considerably.
The first series of presentations described three successes in Technology Transfer stemming from university research. Lujo Bauer, CMU, presented projects measuring privacy risk and a method for measuring password strengths. The results of the first project were built into a testbed by Pacific Northwest Lab using the algorithm computed. The second project measured password strength and influenced new NIST guidelines, including a de-emphasis on length in favor of complexity, blacklists, feedback to users, Open Source NN password strength estimator, meter, and partnerships with PNC and Google. Matt Caesar, UIUC, described Lablet work that led to creating a startup company called Veriflow. Veriflow was described as a “science-based security company,” whose goal is to make networks secure and provide a rigorous, automated mathematical method to test complex systems. Such efforts are designed to prevent catastrophic failure and provide rigorous formal verification and continuous network verification to check all network-wide data flows. He concluded that industry is discovering the benefits of science of security with more rigor and new market segments. Ehab Al-Shaer, University of North Carolina at Charlotte (UNCC), described a Lablet project at NCSU that automated response with provable guarantees of success in mitigating attacks. This project developed a flexible/expressive policy specification, a provably correct policy refinement engine to enable safe and efficient construction and execution of a course of action workflow with analysis ad reconfiguration. Transition to practice came with NSA and Johns Hopkins Applied Physics Lab (APL) support. It was implemented and tested on virtual SDN using Mininet and OpenDaylight, then deployed on a real APL testbed.
In a panel discussion addressing technology transfer, panelists provided technology transfer case studies—some that worked and some that did not. Panelists Nazli Choucri (Massachusetts Institute of Technology (MIT)), Perry Alexander (KU), Bill Sanders (UIUC), Michael Tschantz (ICSI), Lujo Bauer (CMU), and Munindar Singh (NCSU) described approaches and efforts that varied widely: in Kansas, for example, there is state government support for technology transfer; Illinois research has produced some 30 startup companies that are mentored and supported by the university’s research park; California ran into difficulties. Others described more abstract approaches and general strategies.
Brad Martin addressed NSA’s academic outreach strategy. This talk included NSA’s vision and an overview of its efforts in multiple fields including STEM, Intelligence Analysis, Language, and Cybersecurity. He addressed outreach within NSA and with other agencies, K-12 institutions, colleges and universities, as well as industry and state and local governments. A range of NSA Outreach Activities were presented by NSA personnel Capt Tina McAfee, USAF, Adam Tagert, and Ahmad Riley. These programs include the SoS project itself, the International Science and Engineering Fair (ISEF), visiting scholars, Best Scientific Cybersecurity Paper Competition, and the Meyerhoff Scholars program in coordination with University of Maryland Baltimore County (UMBC). The thrust of these programs is to influence curriculum development, broaden and deepen skills capacity, and tackle hard mission problems.
The second panel discussed successes and failures in outreach activities in promoting rigorous research methods and increasing participation in STEM. Panelists Perry Alexander (KU), Xenefon Koutsoukos (VU), Lindsey McGowan (NCSU), Stephanie Rosenthal (Chatham University), Jana Sibestik (UIUC), Michael Tschantz (ICSI), and Andrea Whitesel (UIUC), covered programs that included youth summer camps and internships, early interest generation, industry community days, weekly seminars, press relations, the appointment and use of a corporate advisory board, and programs that build working toys such as robots, a solar powered car, and a solar powered house. All of the panelists agreed that programs that interest and stimulate young people need to begin early. To stimulate interest in graduate degree programs, they recommended recruiting in the freshman and sophomore years.
The complete agenda is available for viewing on the Science of Security Virtual Organization website.
The next quarterly lablet meeting will be held at Carnegie Mellon University in Pittsburgh on October 29 and 30, 2018.