Introduction What is the Problem What is Science? 3 Themes - PowerPoint PPT Presentation

M EET S CIENCE OF S ECURITY Adam Tagert Ph.D. actager@tycho.ncsc.mil Science of Security & Privacy Technical Director National Security Agency

Introduction • What is the Problem • What is Science? • 3 Themes • Research Focus Areas • Become Involved 2

What is the Problem? • Best Practices • Do it Twice -> Possibly Different Results • Need to Move to Scientific Sound Approach • Science Needs to Catch up with the Engineering https://www.flickr.com/photos/digitalurbanlandscape 3

Science is… • A Philological Unanswered Question • Definition is mushy • Our goal with science: – Rigorous Research – Generalizable – Predictable – Foundational – Explains the World/Cyberspace 4

Tackling the Problem • In the 2000s, recognition of problem • CNCI jump start funding • NSA signed up to lead the effort for the USG • Started in 2012 5

3 Pillars of 1. Fund Needed Foundational Research 2. Nurture and Grow the SoS Community 3. Support Rigorous Research Methods 6

1. Invest in Foundational Research 7

4 Lablets • Lablet – a small transdiciplinary lab • Competitive Selection • Began 2012 using an ARO grant to 3 universities • 2014 – NSA contract with 4 Universities – From a BAA – About $8 million per year total – 20% of funding to other institutions (25 other Universities) – For Research and to build a science • 370 Published Papers 8

Lablet Funding Supports • Research • Salaries and/or Tuition of Professors, Researchers, Post-Docs, Ph.D. Students, Masters Students, and undergraduate research • Outreach activities for making a science • Quarterly Meetings – Next NCSU Feb 1,2 9

5 Hard Problems • Goals & Rallying Points • A Measure for Progress • Developed with lablet PIs • Not all inclusive • Needed for improving cybersecurity situation • Progress Paper Posted 10

NCSU Lablet • PIs – Laurie Williams and Munindar Singh • Metrics – 3 Projects • Human Behavior – 3 • Policy – 4 • Resilient Architectures – 4 • Evaluation & Research Methods Projects • Summer Workshop & Community Day Events 11

About Science • Evaluation – Investigators: Lindsey McGowen, David Wright, Jon Stallings • Research Methods, Community Development, & Data Sharing – Investigators: Jeff Carver (UAB), Lindsey McGowen, Ehab Al-shaer (UNCC), Jon Stallings, Laurie Williams, David Wright 12

S cience of Sec U re and RE silient Cyber- Physical Systems (SURE) • Vanderbilt (Lead) ; MIT; University of Hawaii; UC Berkeley • Foundational Research on Cyber Physical Systems • Research Thrusts: ▪ Hierarchical Coordination and Control ▪ Cyber Risk Analysis and Incentive Design – Resilient Monitoring and Control ▪ Science of Decentralized Security ▪ Reliable and Practical Reasoning about Secure Computation and Communication in Networks ▪ Evaluation and Experimentation ▪ Education and Outreach cps-vo.org/group/sure

Science of Security Lablets National Security Agency Lablet (4) 14

Science of Security Lablets and Sub-Lablets 15

Science of Security Lablets, Sub-Lablets, SURE 16

Lablets, Sub-Lablets, SURE, and Collaborators 17

Science of Security International Locations 18

2. Nurture and Grow Science of Security & Privacy Community 19

HoT-SoS • Annual Community Meeting: – Hot Topics in the Science of Security: Symposium and Bootcamp in the Science of Security • Brings Academia, Industry, Gov • HoTSoS 17 - April 3-4, 2017 – Registration Open, Posters Open • ACM In-cooperation • 2017 -> In Maryland 20

Virtual Organization • Online Collaboration on NSF Virtual Organization Platform • News, Publications, Research, Forums, Events, Collaboration • 1200+ Members Joined • http://www.sos-vo.org 21

Workshops, Internships, Outreach • Other activities host workshops; have interns • Support other programs such as conferences • Curriculums • Graduating Students spread the culture 22

3. Promote Rigorous Research Methods 23

• Annual Competition • Papers reviewed by NSA & External Distinguished Experts • Open to All • Papers Nominated by Public • Researchers visit NSA and Present Research • Nominated Papers Before March 31 • http://sos-vo.org/ 24

4 th Annual Competition Nomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University and University of North Carolina. (CCS15) 25

Also Honorable Mentions • Quantum-Secure Covert Communication on Bosonic Channels and Increasing Cybersecurity Investments in Private Secort Firms, Bash, etc al • Increasing Cybersecurity Investments in Private Secort Firms Gordon, etc al. 26

Intel ISEF • NSA Research Directorate Award at Intel International Science and Engineering Fair (ISEF) • Present Award to High School Research Projects in Cybersecurity • 2017 – Los Angeles 27

ISEF 2016 • 1750 Students; 80 Countries; Phoenix • 4,000 Local Students Visit Plus others 28

1st Place - $3,000 – Charles Noyes from Villa Park California for Efficient Blockchain-Driven Multiparty Computation Markets at Scale 29

2nd Place - $1,000 – Karthik Yegnesh from Lansdale Pennsylvania for Cosheaf Theoretical Constructions in Networks and Persistent Homology – Rucha Joshi from Austin Texas for Determining Network Robustness Using Region Based Connectivity 30

Visit NSA 31

Metrics • Attack Surface and Defense-in-Depth Metrics – Investigators: Andy Meneely (RIT), Laurie Williams • Systemization of Knowledge from Intrusion Detection Models – Investigators: Huaiyu Dai, Andy Meneely (RIT) • Vulnerability and Resilience Prediction Models – Investigators: Mladen Vouk, Laurie Williams 32

Human Behavior • Warning of Phishing Attacks: Supporting Human Information Processing, Identifying Phishing Deception Indicators, and Reducing Vulnerability – Investigators: Christopher B. Mayhorn, Emerson Murphy- Hill • A Human Information-Processing Analysis of Online Deception Detection – Investigators: Robert W. Proctor, Ninghui Li, Emerson Murphy-Hill • Leveraging the Effects of Cognitive Function on Input Device Analytics to Improve Security – Investigators: David L. Roberts, Robert St. Amant 33

Secure Collaboration • Understanding the Effects of Norms and Policies on Robustness, Liveness, and Resilience of Systems – Investigators: Emily Berglund, Jon Doyle, Munindar Singh • Formal Specification and Analysis of Security - Critical Norms and Policies – Investigators: Jon Doyle, Munindar Singh, Rada Chirkova • Scientific Understanding of Policy Complexity – Investigators: Ninghui Li, Robert Proctor • Privacy Incidents Database – Investigator: Jessica Staddon 34

Resilient Architectures • Resilience Requirements, Design, and Testing – Investigators: Kevin Sullivan, Mladen Vouk, Ehab Al-Shaer (UNCC) • Redundancy for Network Intrusion Prevention Systems (NIPS) – Investigator: Mike Reiter (UNC) • Smart Isolation in Large-Scale Production Computing – Investigators: Xiaohui (Helen) Gu, William Enck • Automated Synthesis of Resilient Architectures – Investigator: Ehab Al-Shaer (UNCC) 35

Let’s Talk Research – Focus Areas • Access Control • PKI • Analyzing Adversary • Phishing Supplied Code • Privacy • Anomaly Detection • Real Time Monitoring • Internet of Things • Sandboxing • Mitigation • Secure Configuration Development • Secure Programming • Mobility / Android App • Testing Environments Development • Workforce Training • NIDS / Firewalls Development End

Summing Up 37

Getting Involved • Join the SoS – VO: http://www.sos-vo.org – Contribute to discussion; learn about what’s going on – Read Annual Report – Find published Papers • Attend Hot-SoS 2017 in Maryland Go SoS • Quarterly Meeting at NCSU, Feb 1,2 • TESTFLIGHT (JWICS) • Nominate Papers for the Competition • Email: actager@tycho.ncsc.mil • Apply Scientific Principles to Your Work 38

Thank You Questions?? 39

Access Control • Developing methods to find anomalies using approach that provides faster results by trading some accuracy: expected use includes access control (CMU) • Study of Norms of information flows (sharing) and its use for collaboration. Norms include emergencies (NCSU) • Focus on access control for a formal automated framework in a resilient architecture (NCSU) Home 40

Analyzing Adversary Supplied Code • Developing method [UberSpark] to enforce secure object abstractions on adversary- supplied code in C99 & Assembly (CMU) • Enabling proofs of safety of programs that execute adversary supplied code without code available for deep typing analysis – uses interface confinement [System M] (CMU) Home 41

Anomaly Detection • Looking at redundancy-based anomaly detectors to recognize some high risk and difficult to detect attacks on web servers by studying information flows (NCSU) Home 42