Cyber security is a global phenomenon.  For example, recent socially-engineered attacks that target CEOs of global corporations appear to be instigated by the Chinese group dubbed the “comment crew.”  In their 2011 survey Symantec found that the number one cyber risk business concern was external cyber-attacks, followed by concerns about both unintentional insider error (2nd risk) and intentional insider error ( 3rd risk). Analysis by Verizon’s cyber forensics team indicates that the massive increase in external threats overshadows insider attacks.   Despite the increase in external threats little is known about the source of such threats; or the global implications this evolving threat environment.

At the global level, cyber security requires not only attribution and forensics, but harmonized laws and effective information sharing.  In spite of this growing consensus there is still little empirical understanding of the global cyber threat environment, an understanding that is critical for forensics. Currently, many cyber theories are based on anecdotal evidence and case studies.  However, the science of security needs a strong empirical base for strong theory.  It is now possible to create such an empirical base as companies like Symantec have been amassing large quantities of data on attacks.  In contrast to much of the work in cyber security we take a socio-technical approach looking at the human element.   As such, we postulate that the potential severity of the threat is a function of the political environment rather than the just the technology. 

The objective of this project is to empirically characterize the global cyber threat environment and to test this hypotheses using Symantec data. A virtual machine will be constructed and global data on the threat network (which IP attacks which) attributed by location, type of attack, severity and potential impact will be collected by time period. The resultant geo-temporal network will then analyzed at the global level controlling for factors such as machines per country, internet access and the interstate hostility and alliance. The proposed research will create a global mapping of the threat environment, changes in that environment, and its relation to geographical and political factors.  This will provide an empirical baseline for reasoning about the threat environment.  An empirical basis is critical for the growth of science.

The prevalence of multi-core systems has resulted in increasingly common concurrency faults, challenging computer systems' reliability and security.  Races, including low-level data races and high-level atomicity violations, are one of the most common concurrency faults.  Races impair not only the correctness of programs, but may also threaten system security in a variety of ways.  It is therefore critical to efficiently and precisely detect races in order to defend against attacks.

Existing race detectors fall into two categories: static and dynamic approaches.  However, neither category alone has produced satisfactory results so far.  Static approaches are generally complete, that is, they rarely miss races, but they suffer from false positives.  In contrast, dynamic race detectors can ensure soundness but their runtime overhead is prohibitively high.  The purpose of this research is to gain a better scientific understanding of vulnerabilities due to races, and to evaluate the hypothesis that a hybrid race-detection mechanism can combine the benefits of static and dynamic approaches, providing a more effective means of addressing race-related vulnerabilities.

Our Team

Jonathan Aldrich, PI

Du Li, Post-Doctoral Associate

Matthew Dwyer, Collaborator

Witawas Srisa-an, Collaborator

Scientific Questions.  We plan to pursue the purpose described above by answering the following scientific questions:

• How do races introduce security vulnerabilities in real world systems?
• Can existing security tools effectively identify and eliminate the vulnerabilities caused by races?
• Can static analysis help dynamic race detectors to reduce runtime overhead?
• Can dynamic analysis help static race detectors to rule out false warnings?
• Can we build a hybrid approach efficient enough for deployed systems while maintaining high coverage for races?
• Can such an approach help to identify and mitigate race-related vulnerabilities in practice?

Activities.  This project incorporates the following thrusts:

1. Conduct an empirical study on security vulnerabilities in real world systems based on public data such as reports in National Vulnerability Database (NVD).  Evaluate how well existing tools deal with these vulnerabilities.
2. Build a dynamic race detector that uses static analysis to filter out unnecessary monitoring for operations that cannot contribute to enhancing race coverage.
3. Employ a smart sampling mechanism to control runtime overhead without losing too much race coverage based on the potential race distribution information produced by static analysis.
4. Compare the performance, scalability, soundness (relevant to usability), and completeness of our race detector with state-of-the-art race detectors on widely used benchmark suites, and on challenge problems identified in the security vulnerability study. 

Applying social network analysis to Social Media data supports better assessment of cyber-security threats by analyzing underground Social Media activities, dynamics between cyber-criminals, and topologies of dark networks. However, Social Media data are big and state of the art algorithms for social network analysis metrics require >=O(n + m) space and run in >=O(nm) time - some in O(n^2) or O(n^3) - with n = number of nodes, m = number of edges. Therefore, real-time analysis of Social Media activities to mitigate cyber-security threats with sophisticated social network metrics is not possible. To tackle this problem, we apply ideas of composability to big data and algorithms for social network analysis metrics. A network of humans, organizations, etc. is modeled with a graph G = (N, E) by aggregation of observed interactions E between targeted entities N. Because of the algorithmic complexity, composing network analysis metrics by analyzing sub-networks G1, G2, etc. can result in tremendous gain in calculation time.

ABOUT THE PROJECT:

Making sound security decisions when designing, operating, and maintaining a complex enterprise-scope system is a challenging task. Quantitative security metrics have the potential to provide valuable insight on system security and to aid in security decisions. To produce model-based quantitative security metrics, we developed the ADversary VIew Security Evaluation (ADVISE) method and implemented it in the prototype tool Möbius-SE (Möbius Security Edition), which is suitable for use by security modeling experts. Our goal in this project is to extend the ADVISE method and tool to explicitly account for the behavior of human users as part of the system. While cyber security models traditionally model the behavior of the attacker, they usually do not explicitly account for the behavior of the users of a system, and how that use can create or eliminate system vulnerabilities.

Increasingly, accumulated cyber security data indicate that system users can play an important role in the creation or elimination of cyber security vulnerabilities. Thus, there is a need for cyber security analysis tools that take into account the actions and decisions of human users. 

We are 1) developing a Möbius-SE-compatible, process-oriented modeling formalism for modeling how human users interact with systems, using the concept of a human decision point to explicitly represent decisions that affect the security of a system; 2) implementing the formalism as an atomic model editor in Möbius-SE that generates models that can interact with other Möbius-SE models, e.g., models of the systems itself and the attacker; and 3) demonstrating the use of the implemented tool in a variety of government- and industry-motivated case studies, as suggested by our sponsor and industry partners (HP and GE).

OUR TEAM:

William H. Sanders, David M. Nicol, Jim Blythe (University of Southern California), and Sean W. Smith (Dartmouth College)