Warning: Array to string conversion in __TwigTemplate_c4e8c61a2378177715ae2017f173f2b1->doDisplay() (line 175 of sites/sos-vo.org/files/php/twig/673f7f325b2d1_node--project.html.twig_Wd0ZSV0iB_Zy9PTGC_mzXpkb3/rqN54vMGNK3La4Yq02C_-09x9lwxhkyBWSvAB25_mP8.php).
__TwigTemplate_c4e8c61a2378177715ae2017f173f2b1->doDisplay() (Line: 393)
Twig\Template->yield() (Line: 349)
Twig\Template->display() (Line: 364)
Twig\Template->render() (Line: 35)
Twig\TemplateWrapper->render() (Line: 33)
twig_render_template() (Line: 348)
Drupal\Core\Theme\ThemeManager->render() (Line: 491)
Drupal\Core\Render\Renderer->doRender() (Line: 248)
Drupal\Core\Render\Renderer->render() (Line: 476)
Drupal\Core\Template\TwigExtension->escapeFilter() (Line: 65)
__TwigTemplate_38b24e7816bc6392c18e20724e409083->doDisplay() (Line: 393)
Twig\Template->yield() (Line: 349)
Twig\Template->display() (Line: 364)
Twig\Template->render() (Line: 35)
Twig\TemplateWrapper->render() (Line: 33)
twig_render_template() (Line: 348)
Drupal\Core\Theme\ThemeManager->render() (Line: 491)
Drupal\Core\Render\Renderer->doRender() (Line: 504)
Drupal\Core\Render\Renderer->doRender() (Line: 248)
Drupal\Core\Render\Renderer->render() (Line: 476)
Drupal\Core\Template\TwigExtension->escapeFilter() (Line: 90)
__TwigTemplate_585d57018527a70645ce61bc3be127d4->doDisplay() (Line: 393)
Twig\Template->yield() (Line: 349)
Twig\Template->display() (Line: 364)
Twig\Template->render() (Line: 35)
Twig\TemplateWrapper->render() (Line: 33)
twig_render_template() (Line: 348)
Drupal\Core\Theme\ThemeManager->render() (Line: 491)
Drupal\Core\Render\Renderer->doRender() (Line: 504)
Drupal\Core\Render\Renderer->doRender() (Line: 248)
Drupal\Core\Render\Renderer->render() (Line: 238)
Drupal\Core\Render\MainContent\HtmlRenderer->Drupal\Core\Render\MainContent\{closure}() (Line: 638)
Drupal\Core\Render\Renderer->executeInRenderContext() (Line: 239)
Drupal\Core\Render\MainContent\HtmlRenderer->prepare() (Line: 128)
Drupal\Core\Render\MainContent\HtmlRenderer->renderResponse() (Line: 90)
Drupal\Core\EventSubscriber\MainContentViewSubscriber->onViewRenderArray()
call_user_func() (Line: 111)
Drupal\Component\EventDispatcher\ContainerAwareEventDispatcher->dispatch() (Line: 186)
Symfony\Component\HttpKernel\HttpKernel->handleRaw() (Line: 76)
Symfony\Component\HttpKernel\HttpKernel->handle() (Line: 53)
Drupal\Core\StackMiddleware\Session->handle() (Line: 48)
Drupal\Core\StackMiddleware\KernelPreHandle->handle() (Line: 28)
Drupal\Core\StackMiddleware\ContentLength->handle() (Line: 32)
Drupal\big_pipe\StackMiddleware\ContentLength->handle() (Line: 191)
Drupal\page_cache\StackMiddleware\PageCache->fetch() (Line: 128)
Drupal\page_cache\StackMiddleware\PageCache->lookup() (Line: 82)
Drupal\page_cache\StackMiddleware\PageCache->handle() (Line: 50)
Drupal\ban\BanMiddleware->handle() (Line: 48)
Drupal\Core\StackMiddleware\ReverseProxyMiddleware->handle() (Line: 51)
Drupal\Core\StackMiddleware\NegotiationMiddleware->handle() (Line: 36)
Drupal\Core\StackMiddleware\AjaxPageState->handle() (Line: 51)
Drupal\Core\StackMiddleware\StackedHttpKernel->handle() (Line: 741)
Drupal\Core\DrupalKernel->handle() (Line: 19)
Warning: Array to string conversion in __TwigTemplate_c4e8c61a2378177715ae2017f173f2b1->doDisplay() (line 175 of sites/sos-vo.org/files/php/twig/673f7f325b2d1_node--project.html.twig_Wd0ZSV0iB_Zy9PTGC_mzXpkb3/rqN54vMGNK3La4Yq02C_-09x9lwxhkyBWSvAB25_mP8.php).
__TwigTemplate_c4e8c61a2378177715ae2017f173f2b1->doDisplay() (Line: 393)
Twig\Template->yield() (Line: 349)
Twig\Template->display() (Line: 364)
Twig\Template->render() (Line: 35)
Twig\TemplateWrapper->render() (Line: 33)
twig_render_template() (Line: 348)
Drupal\Core\Theme\ThemeManager->render() (Line: 491)
Drupal\Core\Render\Renderer->doRender() (Line: 248)
Drupal\Core\Render\Renderer->render() (Line: 476)
Drupal\Core\Template\TwigExtension->escapeFilter() (Line: 65)
__TwigTemplate_38b24e7816bc6392c18e20724e409083->doDisplay() (Line: 393)
Twig\Template->yield() (Line: 349)
Twig\Template->display() (Line: 364)
Twig\Template->render() (Line: 35)
Twig\TemplateWrapper->render() (Line: 33)
twig_render_template() (Line: 348)
Drupal\Core\Theme\ThemeManager->render() (Line: 491)
Drupal\Core\Render\Renderer->doRender() (Line: 504)
Drupal\Core\Render\Renderer->doRender() (Line: 248)
Drupal\Core\Render\Renderer->render() (Line: 476)
Drupal\Core\Template\TwigExtension->escapeFilter() (Line: 90)
__TwigTemplate_585d57018527a70645ce61bc3be127d4->doDisplay() (Line: 393)
Twig\Template->yield() (Line: 349)
Twig\Template->display() (Line: 364)
Twig\Template->render() (Line: 35)
Twig\TemplateWrapper->render() (Line: 33)
twig_render_template() (Line: 348)
Drupal\Core\Theme\ThemeManager->render() (Line: 491)
Drupal\Core\Render\Renderer->doRender() (Line: 504)
Drupal\Core\Render\Renderer->doRender() (Line: 248)
Drupal\Core\Render\Renderer->render() (Line: 238)
Drupal\Core\Render\MainContent\HtmlRenderer->Drupal\Core\Render\MainContent\{closure}() (Line: 638)
Drupal\Core\Render\Renderer->executeInRenderContext() (Line: 239)
Drupal\Core\Render\MainContent\HtmlRenderer->prepare() (Line: 128)
Drupal\Core\Render\MainContent\HtmlRenderer->renderResponse() (Line: 90)
Drupal\Core\EventSubscriber\MainContentViewSubscriber->onViewRenderArray()
call_user_func() (Line: 111)
Drupal\Component\EventDispatcher\ContainerAwareEventDispatcher->dispatch() (Line: 186)
Symfony\Component\HttpKernel\HttpKernel->handleRaw() (Line: 76)
Symfony\Component\HttpKernel\HttpKernel->handle() (Line: 53)
Drupal\Core\StackMiddleware\Session->handle() (Line: 48)
Drupal\Core\StackMiddleware\KernelPreHandle->handle() (Line: 28)
Drupal\Core\StackMiddleware\ContentLength->handle() (Line: 32)
Drupal\big_pipe\StackMiddleware\ContentLength->handle() (Line: 191)
Drupal\page_cache\StackMiddleware\PageCache->fetch() (Line: 128)
Drupal\page_cache\StackMiddleware\PageCache->lookup() (Line: 82)
Drupal\page_cache\StackMiddleware\PageCache->handle() (Line: 50)
Drupal\ban\BanMiddleware->handle() (Line: 48)
Drupal\Core\StackMiddleware\ReverseProxyMiddleware->handle() (Line: 51)
Drupal\Core\StackMiddleware\NegotiationMiddleware->handle() (Line: 36)
Drupal\Core\StackMiddleware\AjaxPageState->handle() (Line: 51)
Drupal\Core\StackMiddleware\StackedHttpKernel->handle() (Line: 741)
Drupal\Core\DrupalKernel->handle() (Line: 19)
Anonymous Messaging
Lead PI:
Pramod Viswanath
Co-Pi:
Nikita Borisov
Abstract

Anonymity is a basic right and a core aspect of Internet. Recently, there has been tremendous interest in anonymity and privacy in social networks, motivated by the natural desire to share one’s opinions without the fear of judgment or personal reprisal (by parents, authorities, and the public). We propose to study the fundamental questions associated with building such a semi-distributed, anonymous messaging platform, which aims to keep anonymous the identity of the source who initially posted a message as well as the identity of the relays who approved and propagated the message.

Pramod Viswanath
Institution: University of Illinois at Urbana-Champaign
Other Projects
Lead PI:
Laurie Williams
Co-Pi:
Munindar Singh
Laurie Williams

Laurie Williams is a Distinguished University Professor in the Computer Science Department of the College of Engineering at North Carolina State University (NCSU). Laurie is a co-director of the NCSU Secure Computing Institute and the NCSU Science of Security Lablet. She is also the Chief Cybersecurity Technologist of the SecureAmerica Institute. Laurie's research focuses on software security; agile software development practices and processes, particularly continuous deployment; and software reliability, software testing and analysis. Laurie has more than 240 refereed publications.

Laurie is an IEEE Fellow. Laurie was named an ACM Distinguished Scientist in 2011, and is an NSF CAREER award winner. In 2009, she was honored to receive the ACM SIGSOFT Influential Educator Award. At NCSU, Laurie was named a University Faculty Scholars in 2013. She was inducted into the Research Leadership Academy and awarded an Alumni Association Outstanding Research Award in 2016. In 2006, she won the Outstanding Teaching award for her innovative teaching and is an inductee in the NC State's Academy of Outstanding Teachers.

Laurie leads the Software Engineering Realsearch research group at NCSU. With her students in the Realsearch group, Laurie has been involved in working collaboratively with high tech industries like ABB Corporation, Cisco, IBM Corporation, Merck, Microsoft, Nortel Networks, Red Hat, Sabre Airline Solutions, SAS, Tekelec (now Oracle), and other healthcare IT companies. They also extensively evaluate open source software.

Laurie is one of the foremost researchers in agile software development and in the security of healthcare IT applications. She was one of the founders of the first XP/Agile conference, XP Universe, in 2001 in Raleigh which has now grown into the Agile 200x annual conference. She is also the lead author of the book Pair Programming Illuminated and a co-editor of Extreme Programming Perspectives. Laurie is also the instructor of a highly-rated professional agile software development course that has been widely taught in Fortune 500 companies. She also is a certified instructor of John Musa's software reliability engineering course, More Reliable Software Faster and Cheaper.

Laurie received her Ph.D. in Computer Science from the University of Utah, her MBA from Duke University Fuqua School of Business, and her BS in Industrial Engineering from Lehigh University.   She worked for IBM Corporation for nine years in Raleigh, NC and Research Triangle Park, NC before returning to academia.

Performance Period: 03/17/2016 - 03/17/2017
Institution: NC State University
SoS Lablet Research Methods, Community Development and Support
Lead PI:
Jeffrey Carver
Co-Pi:
Laurie Williams
Ehab Al-Shaer
Jonathan Richards-Stallings
Abstract
  • Community Development - The goal is to build an extended and vibrant interdisciplinary community of science of security researchers, research methodologists, and practitioners (Carver, Williams).
  • Community Resources - To create and maintain a repository of defensible scientific methods for security research (Carver, Williams).
  • Oversight for the Application of Defensible Scientific Research Methodologies - To encourage the application of scientifically defensible research through various methods of consultation and feedback (Carver).
  • Usable Data Sharing - To enable open, efficient, and secure sharing of data and experimental results for experimentation among SoS researchers (Al-Shaer).
Jeffrey Carver
Performance Period: 03/17/2016 - 03/17/2017
Institution: University of AlabamaNC State UniversityUNC-Charlotte
SoS Lablet Evaluation
Lead PI:
Lindsey McGowen
Co-Pi:
David Wright
Jeffrey Carver
Jonathan Richards-Stallings
Abstract
  • Contributions to Developing a Science of Security - We will design and implement an evaluation process for assessing the effectiveness and impact of the Lablet's research and community development activities (McGowen, Stallings, & Wright).
  • Contributions to Security Science Research Methodology - We will examine both the impact of Lablet work on the maturity of the SoS field and the methodological rigor of the Lablet research projects themselves (McGowen, Carver).
  • Development of a Community of Practice for the Science of Security - We will develop methods to assess whether Lablet activities are contributing to the development of a sustainable community of practice for the SoS field (McGowen, Stallings, Carver, & Wright).
Lindsey McGowen
Performance Period: 03/17/2016 - 03/17/2017
Institution: NC State UniversityUniversity of Alabama
Privacy Incidents Database
Lead PI:
Jessica Staddon
Abstract

The patterns and characteristics of security incidents are a significant driver of security technology innovation. Patterns are detected by analyzing repositories of malware/viruses/worms, incidents affecting control/SCADA systems, general security alerts and updates, and data breaches. For most types of privacy incidents there are no repositories. Privacy incidents that do not involve a security breach, such as cyber-bullying/slander/stalking, revenge porn, social media oversharing, data reidentification and surveillance, are not represented in the current repositories.  Our project is building the first comprehensive encyclopedia and database of privacy incidents. This publicly-accessible repository will enable tracking of incident rates and characteristics such as involved entities and incident root causes. The repository will provide a resource for privacy researchers to investigate the patterns of a broad range of privacy incidents, and the incident patterns surfaced by the database will help inform privacy technology development globally.

Jessica Staddon
Institution: NC State University
Usable Formal Methods for the Design and Composition of Security and Privacy Policies
Lead PI:
Travis Breaux
Co-Pi:
Array Array
Abstract

Security-Metrics-Driven-Evaluation, Design, Development and Deployment. Our research evaluates security pattern selection and application by designers in response to attack patterns. The evaluation is based on formal models of attack scenarios that are used to measure security risk and promote risk reduction strategies based on assurance cases constructed by the analyst. The aim is to improve the usability of formal methods for studying security design and composition.

Understanding and Accounting for Human Behavior. Our research is based on theory in psychology concerning how designers comprehend and interpret their environment, how they plan and project solutions into the future, with the aim of better understanding how these activities exist in designing more secure systems. These are not typical models of attackers and defenders, but models of developer behavior, including our ability to influence that behavior with interventions.

Travis Breaux

Dr. Breaux is the Director of the CMU Requirements Engineering Lab, where his research program investigates how to specify and design software to comply with policy and law in a trustworthy, reliable manner. His work historically concerned the empirical extraction of legal requirements from policies and law, and has recently studied how to use formal specifications to reason about privacy policy compliance, how to measure and reason over ambiguous and vague policies, and how security and privacy experts and novices estimate the risk of system designs.

To learn more, read about his ongoing research projects or contact him.

Highly Configurable Systems
Lead PI:
Juergen Pfeffer
Co-Pi:
Christian Kästner
Abstract

In highly configurable software systems the configuration space is too big for (re-)certifying every configuration in isolation. In this project, we combine software analysis with network analysis to detect which configuration options interact and which have local effects. Instead of analyzing a system as Linux and SELinux for every combination of configuration settings one by one (>10^2000 even considering compile-time configurations only), we analyze the effect of each configuration option once for the entire configuration space.

Juergen Pfeffer
Resilient Monitoring and Control
Lead PI:
Xenofon Koutsoukos
Abstract

CPS employ Networked Control Systems (NCS) to facilitate real-time monitoring and control. Security of the NCS infrastructure is a large problem due to (1) the wide deployment of commercial-off-the-shelf (COTS) computing devices, (2) the connectivity of NCS with the Internet, and (3) the existence of organized motivated attackers. Traditional IT security solutions are used in NCS, they cannot prevent all cyber attacks. Our goal is to complement IT security with resilient algorithms for monitoring and control in order to reduce NCS security risks. Our framework aims at developing algorithms that ensure that the system will be able to continue operation possibly with degraded performace even in the presence of successful attacks.

Xenofon Koutsoukos

Xenofon Koutsoukos is a Professor of Computer Science, Computer Engineering, and Electrical Engineering in the Department of Electrical Engineering and Computer Science at Vanderbilt University. He is also a Senior Research Scientist in the Institute for Software Integrated Systems (ISIS).

Before joining Vanderbilt, Dr. Koutsoukos was a Member of Research Staff in the Xerox Palo Alto Research Center (PARC) (2000-2002), working in the Embedded Collaborative Computing Area.
He received his Diploma in Electrical and Computer Engineering from the National Technical University of Athens (NTUA), Greece in 1993. Between 1993 and 1995, he joined the National Center for Space Applications, Hellenic Ministry of National Defense, Athens, Greece as a computer engineer in the areas of image processing and remote sensing. He received the Master of Science in Electrical Engineering in January 1998 and the Master of Science in Applied Mathematics in May 1998 both from the University of Notre Dame. He received his PhD in Electrical Engineering working under Professor Panos J. Antsaklis with the group for Interdisciplinary Studies of Intelligent Systems.

His research work is in the area of cyber-physical systems with emphasis on formal methods, distributed algorithms, diagnosis and fault tolerance, and adaptive resource management. He has published numerous journal and conference papers and he is co-inventor of four US patents. He is the recipient of the NSF Career Award in 2004, the Excellence in Teaching Award in 2009 from the Vanderbilt University School of Engineering, and the 2011 Aeronautics Research Mission Directorate (ARMD) Associate Administrator (AA) Award in Technology and Innovation from NASA.

Threat Modeling/Risk Analysis
Lead PI:
Xenofon Koutsoukos
Abstract

With the increased use of cyber physical systems in current defense, medical, and energy applications, it is critical for the infrastructure to remain secure. As such, it is important to identify potential security flaws early in the design process in order to produce a consistent, secure and reliable system with minimal fabrication costs. This task can be accomplished using threat modeling. Threat modeling can be separated into two diverse fragments, asset centric and attack centric threat modeling. Asset centric threat modeling takes the point of view of the defender in order to focus on all of ways that a system can be protected from an attack. Attack centric threat modeling on the other hand focuses on the point of view of the attacker, coming up with all of the possible combinations of actions that can result in the compromise of the system. With the interaction of these two perspectives of threat modeling, the system can be tested against possible attack sequences before fabrication, ensuring a high expectation of system security and reliability after development.

This project focuses on developing an attack centric threat modeling tool using the Generic Modeling Environment (GME). The modeling environment is first developed in a consistent manner to a STRIPS planning problem, and then transformed into a single state machine model using the GReAT tool, allowing for the user modeling interface to be integrated with an external planning library. After integrating the model with the Fast Downward Planning library using the GME DSML C# interpreter api, an action plan can be returned, allowing the modeler to identify the possible methods of compromising the system. Furthermore, this attack centric threat modeling tool will be integrated with an asset centric threat modeling tool currently under development, allowing for a full scale threat modeling testbed.
 

Xenofon Koutsoukos

Xenofon Koutsoukos is a Professor of Computer Science, Computer Engineering, and Electrical Engineering in the Department of Electrical Engineering and Computer Science at Vanderbilt University. He is also a Senior Research Scientist in the Institute for Software Integrated Systems (ISIS).

Before joining Vanderbilt, Dr. Koutsoukos was a Member of Research Staff in the Xerox Palo Alto Research Center (PARC) (2000-2002), working in the Embedded Collaborative Computing Area.
He received his Diploma in Electrical and Computer Engineering from the National Technical University of Athens (NTUA), Greece in 1993. Between 1993 and 1995, he joined the National Center for Space Applications, Hellenic Ministry of National Defense, Athens, Greece as a computer engineer in the areas of image processing and remote sensing. He received the Master of Science in Electrical Engineering in January 1998 and the Master of Science in Applied Mathematics in May 1998 both from the University of Notre Dame. He received his PhD in Electrical Engineering working under Professor Panos J. Antsaklis with the group for Interdisciplinary Studies of Intelligent Systems.

His research work is in the area of cyber-physical systems with emphasis on formal methods, distributed algorithms, diagnosis and fault tolerance, and adaptive resource management. He has published numerous journal and conference papers and he is co-inventor of four US patents. He is the recipient of the NSF Career Award in 2004, the Excellence in Teaching Award in 2009 from the Vanderbilt University School of Engineering, and the 2011 Aeronautics Research Mission Directorate (ARMD) Associate Administrator (AA) Award in Technology and Innovation from NASA.

Attack Surface and Defense-in-Depth Metrics
Co-Pi:
Andy Meneely
Subscribe to