Summary: Fall 2021 SoS Quarterly Lablet Meeting
Fall 2021 SoS Quarterly Lablet Meeting
The Fall 2021 Science of Security and Privacy (SoS) Quarterly Lablet meeting was hosted virtually by the University of Kansas (KU) on November 15-16, 2021. The virtual attendees from the government and six SoS Lablets were welcomed by Perry Alexander, the Principal Investigator (PI) at the KU Lablet, and Heather Lucas, the National Security Agency (NSA) SoS Initiative lead. The Quarterly included two invited talks, six Lablet project talks, and a presentation on Challenge Problem sponsored by the National Science Foundation (NSF).
Invited Talks
Dr. Robert Runser, NSA Research Directorate Technical Director
Unclassified Challenges Facing Cybersecurity
Dr. Runser opened his presentation by noting that cybersecurity is embedded in every pillar of research that NSA is currently doing in the Research Directorate (RD), which demonstrates how important and foundational cybersecurity is to national security and to all the future systems. He described the NSA missions and how RD contributes to advancing those missions by conducting world-class scientific research to develop new technologies and innovative techniques. RD’s five technical focus areas, all of which are interlinked, are 1) Future computing systems; 2) Crypto Mathematics; 3) Science of analysis; 4) SIGINT collection research; and 5) Cybersecurity. He noted that multidisciplinary research is critical to cybersecurity, and since human factors make up our cybersecurity defenses, that often involves bringing in operational psychologists, people that understand how humans operate and can instrument in various trials, human experiments, and red team activities to better understand how cyber defenses can react to human elements and how networks can be more responsive to human errors. He also said that data science is a critical discipline to cybersecurity with the amount of network logs, net flow data, and other types of information, and that human-machine teaming and data science have become critical foundational aspects of the type of cybersecurity research NSA conducts. Within cybersecurity research, he cited large-scale graph analytics, malware and software reverse engineering analytics, and secure operating systems as areas of focus. He commented that the biggest challenge faced today is sifting through large-scale graphs. While graphs used to be constructed simply to look for adversaries, graph analytics are now used to understand the infrastructure that attackers are using to establish the command and control networks before an attack occurs. If we can spot their entry and exit points before they penetrate the system, we can block their attacks and potentially trace them back to their source and perform attribution. He believes that this will dominate much of the research NSA will do in the coming years, trying to optimize graph analytics, adapt it to the cyber domain, and understand how to ensure the right observables go into the high-performance computing environment. High-performance computing systems working in tandem with graphic analytics will drive much research. Within Crypto Mathematics, he cited quantum-resistant cryptography, lattices/modules, coding theory, multivariate quadratics, hash functions, zero-knowledge proofs, and elliptic curve isogenies as areas of interest. He concluded by describing both the academic and career opportunities that are available through the Research Directorate.
The follow-up discussion dealt with such areas as 5G network challenges, implementation of crypto protocols that have been developed, and supply chain issues.
Dr. Natarajan Shankar, SRI International
Composing High-Assurance Software with Evidential Tool Bus
Dr. Shankar began his talk by discussing the software stack, describing it as one of mankind’s greatest engineering achievements, but whose power comes with a price- a large attack surface where bugs can have serious consequences leading to software errors and cybercrime. He said that, unlike other engineering artifacts, software supports greater flexibility, resilience, and versatility in the design and maintenance of a system, but we lack a mature engineering discipline of principled software construction, and attacks can wreak havoc on a global scale. To counter this, we need to invest in a discipline that provides composable assurance. He addressed what can go wrong in software design and what can lead to vulnerabilities, and pointed out that while formal modeling and analysis is practical and even necessary, it is not a panacea. He called for software to be designed hand-in-hand with assurance artifacts that are verifiable by clients (or trusted third parties) and that software designs be centered around software architectures (models of computation and interaction) that deliver efficient arguments for isolation and composition. He addressed Evidence-Based Assurance, saying that an assurance case is a formal method for demonstrating the validity of a claim by providing a convincing argument together with supporting evidence. It is a way to structure an argument to help ensure that top-level claims are credible and supported. The Evidential Tool Bus (ETB2) is a distributed tool integration framework for constructing and maintaining claims supported by arguments based on evidence generated by static analyzers, dynamic analyzers, satisfiability solvers, model checkers, and theorem provers. The key ideas associated with ETB2 are: Data as a metalanguage; Denotational and operational semantics; Interpreted predicate for tool invocation, and uninterpreted predicates for scripts; Datalog inference trees as proofs; Git as a medium for file identity and version control; and Cyberlogic, a logic of attestations, to authenticate the claims and authorize the services. He provided technical details on the ETB2, and described goals, challenges, and approaches as well as key issues in its application. He concluded by describing a Software Proof of Virtues (SPOV), noting that software failures and cyber-attacks weaken trust and the current strategy of applying larger and larger band-aids is only fueling an arms race. He believes that we have the tools and insights to build the infrastructure of trust in software from the ground up to include: software development lifecycle workflows that continuously maintain both process and outcome-based assurance evidence; tools and models that support designs annotated with traceable ontic information that are founded on efficient arguments; verified platforms and services whose integrity is certified by audit logs and audits; and composable assurance cases validating intent, correctness, and innocuity.
Lablet Project Presentations
KU Project Talk
Heechul Yun (KU): Micro-Architectural Attacks and Defenses
Project: Side-Channel Attack Resilience
In addressing micro-architectural attacks, Professor Yun said that they are software attacks on hardware that can have multiple adverse effects. His talk focused on three elements: a new contention-based covert channel; a new DoS attack; and a hardware defense mechanism for DoS attacks. He described Spectre Rewind, a novel contention-based covert channel that transmits secret speculative instructions to past instructions through non-pipelined functional units on a single hardware thread, and bypasses all existing defenses against cache or SMT-based covert channels, and summarized both its benefits and limitations. In describing a new DoS attack, he noted that DoS attacks are more effective when an attacker’s memory requests are processed slowly. He and his team developed memory-aware DoS attacks that target a subset of DRAM banks, and evaluation results show significantly improved attack efficiency on the tested embedded computing platforms. Finally, he addressed the Bandwidth Regulation Unit (BRU), which was created in response to the fact that DoS attacks are possible because of unregulated access to the shared resources and the resultant need for a simple low overhead mechanism to regulate access to shared resources. BRU is a synthesizable hardware IP that regulates memory traffic at the source core that demonstrates the feasibility of fast and predictable processors.
UIUC Project Talk
Matt Caesar (UIUC), Kevin Jin (University of Arkansas) and Gabriella Xue (UIUC)
Project: An Automated Synthesis Framework for Network Security and Resilience
This project was described as building a rigorous methodology for the science of security and addressing challenges in applying science to security. The specific outcome of the project is a resilient network architecture with a specific focus on network data flow. Their research approach leverages network synthesis to automate experiments and apply results; enables practical uses, including deriving patches and automating configuration; and builds upon mathematics. There are three task plans: network control synthesis; network software analysis and modeling; and resilient and self-healing network applications. The talk focused on specific work the team is doing on self-driving service provider infrastructures, resilient power systems, and supporting teaching and research with virtualized IoT systems.
VU Project Talk
Lillian Ratliff (University of Washington), Eric Mazdumar (Caltech), S. Shankar Sastry (UC Berkeley)
Digital Transformation of Social Systems: A New Hope: Hackers Strike Back
Project: Mixed Initiative and Collaborative Learning in Adversarial Environments
This presentation addressed the digital transformation of societal systems (IoT, AI, the Cloud, Big Data) and raised the question of how AI and edge computing fit into intelligent transportation systems. Intelligent systems require rethinking ML, since classical ML assumes the past is representative of the future, an unintended consequence of which is feedback reinforced bias. An emerging new domain is learning-enabled intelligence. Their research focuses on a game-theoretic approach to learning dynamic behavior safely through reachable sets, probabilistically safe planning around people, and safe policy gradient reinforcement learning and trying to analyze and design attacks on learning in multiplayer games. They discussed how they have applied a model to their work and their findings.
NCSU Project Talk
Jeffrey Carver and Matthew Armstrong, University of Alabama
Guidelines for Reporting Scientifically Rigorous and Valid Cyber Security Research
Project: Development of Methodology Guidelines for Security Research
Because cybersecurity is a complex, maturing field and there is no consistent, community accepted standard for reporting cyber security research, this project was initiated to facilitate the development of the science of cyber security by developing guidelines that bring validity and rigor to cyber security reporting. The researchers described their methodology and their accomplishments thus far, including the development of Version 1.0 of the Guidelines for Scientific Reporting in Cyber Security. As part of the presentation, researchers organized an interactive session to gather early feedback on the guidelines.
CMU Project Talk
David Garlan (CMU)
Model-Based Explanation for Automated Decision Making
Project: Model-Based Explanation for Human-in-the-Loop Security
Professor Garlan provided context for the problem, noting that while autonomy is increasingly important for modern systems, many systems require a combination of automated and human involvement to handle security attacks. The problem, therefore is how to create effective coordination by deciding which tasks to allocate to the system vs the human, ensuring that humans have confidence in automated actions, enabling correction of errors, improving automation by learning from humans, and understanding what the system does. He described the current research approach and progress, and discussed specific initiatives underway.
ICSI Lablet Project Talk
Julia Bernd (ICSI)
Perspectives of Stakeholders in Data Governance
Project: Governance for Big Data
This presentation began by noting that while stakeholders are dealing with the same data, they have different goals for the use of the data, different technological capabilities and resources, and different approaches to data management and governance. For the purposes of this research, data stakeholders included technology developers, technology and data platforms, data users, tech/data regulators, and data subjects. This talk presented research findings on ad developers how they approached user privacy as well as a case study on stakeholders in health app privacy. Also presented was the role of privacy champions on software teams and how to support them.
Special Presentation
NSF-funded C3E Challenge Problem Opportunity
Dan Wolf and Don Goff, Cyber Pack Ventures, Inc.
This presentation described a National Science Foundation-funded grant and offered attendees an opportunity to contribute to a challenge problem. The Special Cyber Operations Research and Engineering (SCORE) committee sponsors a yearly Computational Cybersecurity in Compromised Environments (C3E) Workshop, which includes follow-up challenge problems, each of which goes along with the theme of the workshops. NSF has provided funding for honoraria for research on topics related to the workshop challenge problem. All of the submissions go through a peer-review process. The theme of the 2021 C3E workshop was real issues in securing the supply chain, with emphasis on software security, and the 2022 challenge problem options shown below all relate to that topic:
- Supply chain software static analysis coverage.
- Artificial intelligence applied to supply chain cybersecurity
- Computational victimology for developing risk models for supply chain cybersecurity
The Fall Quarterly agenda and selected presentations can be found here.
The next meeting of the SoS Lablets will be at the Hot Topics in the Science of Security: Symposium (HotSoS), which will be virtually hosted by the University of Illinois Urbana-Champaign on April 5-7, 2022. HotSoS is a public event and all are welcome to attend and participate for free.