HotSoS 2017 - Differential Privacy, CPS, and complex navigation of security issues - Highlighted Topics
Differential Privacy, CPS, and complex navigation of security issues at HotSoS 2017
Hosted by the University of Maryland Lablet and the Vanderbilt University SURE Project, the 2017 Symposium and Bootcamp on the Science of Security (HotSoS) was held April 4 and 5 in Hanover, MD. This was the fourth time researchers have come together to interact and to see presentations demonstrating rigorous scientific approaches to identify, prevent and remove cyber threats. A major continuing focus of the conference is the advancement of scientific methods, including data gathering and analysis, experimental methods, and mathematical models for modeling and reasoning. Outside speakers addressed Science of Security from the perspectives of cyberphysical systems, privacy, differential privacy and data analysis. A panel discussion, papers, tutorials, and poster sessions rounded out the agenda.
Dr. Deborah Frincke, Director of NSA’s TResearch Directorate, introduced the event. “NSA,” she said, “continues a strong commitment to SoS and the connections and collaborations that have been growing in recent years.” She cited the value of the work being done in SoS as having an impact. “The work is showing up in various places, underpinnings of security are improving, and we are seeing the impact of using the principles found in SoS,” she added. “The need is both for dramatic discovery applying basic principles, then transition to practice and baking those discoveries and principles in.”
Insup Lee, University of Pennsylvania Professor of Computer and Information Science, spoke about the ways cyber-physical systems (CPS) are used to monitor and control real-world systems. Securing CPS, he avers, introduces additional challenges since the attack surface is increased compared to conventional systems. In addition to the cyber intrusions that apply to all computer systems, attacks on CPS can be through interference to the physical environment of CPS. A number of such attacks have emerged which suggest that conventional cyber-only security approaches will not be effective. His talk discussed approaches to making CPS resilient to cyber-physical attacks by exploiting spatial and temporal redundancy as well as dynamics of the underlying physical system.
Jules Polonetsky, CEO of the Future of Privacy Forum, a non-profit organization, addressed the stresses on privacy created by technological advances. Online tracking for analytics and advertising has extended to mobile devices, interactive television and smart home devices. Social media sharing has achieved near ubiquity, with services integrating location, facial recognition, and live video sharing. Motor vehicles have become data collectors and drones allow our public spaces to be more easily monitored. Big data strains against fair information practices of consent, limited purpose and data minimization. Algorithmic decision making and machine learning wreak havoc with efforts to provide transparency. Artificial Intelligence may leave us unsure who will even be accountable for data driven determinations. These advances could create opportunities for progress.
Aaron Roth, Associate Professor of Computer and Information Science at the University of Pennsylvania, gave a “friendly introduction” to differential privacy, which he described as “a rigorous methodology for analyzing data to provide provable privacy guarantees that has recently been widely deployed in several settings.” He specifically focused on the rich relationship between differential privacy and machine learning, including both the ability to do machine learning subject to differential privacy, and tools arising from differential privacy that can be used to make learning more reliable and robust even when privacy is not a concern. Refer to his paper “The Algorithmic Foundations of Differential Privacy,” co-authored with Cynthia Dwork.
Carnegie Mellon University Lablet PI William L. Scherlis moderated a lively panel discussion about DARPA’s Cyber Grand Challenge (CGC) which took place August 4, 2016. Seven computers developed by teams of hackers played the world's first all-machine game of “Capture the Flag.” The goal of the CGC was to accelerate the development of advanced, autonomous systems that can detect, evaluate, and patch software vulnerabilities in computers and networked electronic devices before adversaries have a chance to exploit them.
Panelists representing UC Santa Barbara, US Cyber Command, GrammaTech, and the US Navy discussed their participation and lessons learned from the challenge. Panelists suggested that CGC revealed what is currently lacking in achieving cyber autonomy. Moving forward, when full autonomy is achieved, there will still be a need to address the human factor; human intelligence can and should be injected into the system. A video of the CGC final round is available.
Refereed papers were presented on research studies related to CPS properties, scientific reporting quality, optimization of security investments, building a privacy incident database, tradeoffs between privacy and utility, phishing training, variations in attack encounters, uncertainty in network security analysis, and security practice adherence in software development. Tutorials about “System Monitoring for Security” and “The Bugs Framework (BF) ‘Hands-On’” concluded the presentations.
Twenty-three posters were presented. “Is the Guardian Capable? A Routine Activity Theory Approach to Cyber Intrusion on Honeypot Systems” by Michael Becker, Michel Cukier, and David Maimon, a team of researchers from the University of Maryland, was named Best Poster. The presentation was cited for its clarity, intellectual merit, and content.
Members of the Science of Security-Virtual Organization can view the agenda and presentations.
Non-members are referred to information about the SoS VO community and the process for requesting membership.
The 2018 HotSoS will be hosted by the North Carolina State University Science of Security Lablet in Raleigh, NC.