AgileAppliedResearchforCybersecurity

RickLinger,ORNLLuanneGoldrich,JHU/APLMaCBishop,UCDavisMelissaDark,Purdue

Acknowledgements:DoEcontractDE-AC05-00OR22725toUT-BaCelle,LLC;NSFgrantDGE-1303211toUCDavis,DGE-1303048toPurdueUniversiy

January7,2017 HICSS50 1

DefiniZonofResearch

ResearchiswhatI’mdoingwhenIdon’tknowwhatI’mdoing.

—WernhervonBraun

January7,2017 HICSS50 2

ResearchGap

•  TradiZonalresearchaimedatdeveloping,understanding,applyingfoundaZonalwork

•  ButsomeZmesproblemsrequire– Shorttermresearchleadinginto…– BeCerunderstandingoftheproblem– Resultsthatcanbeappliedquickly– Whatlong-termresearchwouldbemostusefulandinteresZngtodealwiththeproblemoverthelongterm

January7,2017 HICSS50 3

AgileResearch

•  Exploratoryresearchwherespeedisoverarchingrequirement

•  ContribuZon:merge– Exploratorymethodsthatfocusonappliedresearch

– Academic,broadermethodsthatfocusonfoundaZonalresearch

January7,2017 HICSS50 4

InnovaZon

•  InsZtuZonsproducetechnicalchangeviaresearchanddevelopment

•  InsZtuZonsareplacesandsocialroles•  InnovaZonschangebothsocialrolesoftheseplacesandsocialrulesbywhichtheyinteract– Example:Bayh-DoleAct(1980)

January7,2017 HICSS50 5

AgileResearchBasis

•  SponsorsposeresearchquesZons•  Researcherscarryouttheresearchandproduceresults

•  DoneiteraZvely,andwithsponsorsabletoreframethedirecZonoftheresearchifneeded

January7,2017 HICSS50 6

AgileResearchPrinciples

•  PredefinedInfrastructure:resources,logisZcsdefinedandallocatedbeforeresearchneedsemerge

•  IncrementalResearch:structuredintoiteraZve,short-term,accumulaZngincrementseachproducingsomethingofvaluetosponsor

January7,2017 HICSS50 7

AgileResearchPrinciples

•  Incrementalmanagement:processprovidesbuilt-in,short-termcheckpointsforsponsorstounderstandresearch,redirectifneededbasedonincrementalresults

•  Transferability:onegroupmaycarryoutresearch,butmustdosoinawaythatallowsthecurrentstatetobetransferredtoanothergroupifnecessary

January7,2017 HICSS50 8

AgileResearchProcess

January7,2017 HICSS50 9

AgileResearchProperZes

•  Flexible•  AnZcipatory•  Staged•  Speedy

•  Visible•  EffecZve•  Impacgul•  Incremental

January7,2017 HICSS50 10

Example:DataTagging•  Problem:usedatataggingtosupportaccessandretenZonpolicies

•  ResearchquesZonsfromQuickLookStudy:–  Examine current use of data tagging for ABAC, withpolicy-based aCributes and tags used for a largeenterprise

–  IdenZfy technologies that can be adapted to datataggingneeds

–  Researchhowtousedata tagging to supportaccess,retenZonpolicies

–  IdenZfyotherrelevantresearchobjecZves

January7,2017 HICSS50 11

DataTaggingWayForward:RecommendaZons

•  Defineapathforwardinlightofthecomplexityoftheproblem–  Organizecomplexityofproblemusingstructured,divideandconquerrefinementofgoalsandrequirements

–  ExploreexisZngdatataggingsoluZonspaceforcost-effecZveapplicaZontotheproblemsettoaddresssponsorneeds

•  Conductincrementalresearchanddevelopment.–  ResearchtagrepresentaZonandmanagementasfoundaZonforinformaZonsharing

–  DevelopproofofconceptsystemtoexploreandevaluatepotenZalsoluZons

January7,2017 HICSS50 12

DataTaggingSoluZonSpace:RecommendaZons

•  TherearepromisingexisZngcommercialsoluZons.–  RunpublicchallengefordatataggingtoelicitpotenZalsoluZons

–  ConductdatataggingproductevaluaZons•  SponsororganizaZonisbeginningtopilotsoluZonsforenterprisedatatagginginseveralareas–  StudydatataggingdesignpaCernsofsponsororganizaZon

•  OtherorganizaZonsbeginningtotackleenterprisedatatagging–  EvaluatedesignpaCernsusedinsponsororganizaZon–  InvesZgateanearliersponsororganizaZoninformaZondiscoveryandassuredaccessstudy

January7,2017 HICSS50 13

DataTaggingRequirementsAnalysis:RecommendaZons

•  ProblemdomaintoocomplextotacklewithtradiZonalrequirementsspecificaZon–  Conductstructuredengineeringassessmenttodefineincrementaldevelopment,deploymentstages

•  InformaZonarchitectureneededfordatatags– DevelopadatataggingConceptofOperaZons–  ConductanorganizaZonalinventoryofaCributedata– Assesstaxonomies,ontologiesforrepresenZngtags.–  Conductstudyoftrade-offsbetweentaggingdataatrestandonthefly

January7,2017 HICSS50 14

DataTaggingRequirementsAnalysis:RecommendaZons

•  Taggingtechnologies,mechanismsmustbesecured.–  IdenZfypotenZalthreatsandvulnerabiliZes.– Developsecurityreferencearchitecturesfordatatagging

– AssessefficacyofIdenZty-BasedInternetProtocol(IBIP)tosecuredatataggingnetwork

LotsofgristforDeepLookStep!AlsosuggestsseveralfoundaZonalresearchquesZons

January7,2017 HICSS50 15

AgileResearchStructure

January7,2017 HICSS50 16

AgileResearchPorgolio

January7,2017 HICSS50 17

INSuREProject

•  FocalacZvity:cybersecurityresearchclass–  INSuREstandsforINformaZonSecurityResearchandEducaZon

•  Sponsorsproposeproblems–  Ifselected,sponsorexpectedtoprovideguidance,feedbackstudentsinconjuncZonwithfaculty

–  Sponsormustagreethat,ifresultsmeritpublicaZon,theresearchcanbepublished•  Sofar,noproblemswithdoingthis

January7,2017 HICSS50 18

OverviewofStructure

1.  Projectbid2.  Projectproposal3.  Literaturereview4.  ProgressreportandpresentaZon5.  Finalreport,presentaZonforschoolson

semestersystem– PenulZmatereport,presentaZonforquartersystem

6.  Finalreport,presentaZonforschoolsonquartersystem

January7,2017 HICSS50 19

Set-Up

•  Facultysolicitresearchproposalsfrom(potenZal)sponsors– Typically,aparagraphdescribingproblemingeneralterms

– Examples•  IdenZfyingICScomponentsinanetwork•  CodevariaZonasadefenseagainstaCacks•  AnalysisofproposedTCPcryptprotocol

•  Sponsorsthen“pitch”theprojectstothestudentsinfirst1or2classmeeZngs

January7,2017 HICSS50 20

Research

•  Studentsmeetweeklywithsponsor,facultytoreportprogress,challengesencounteredandovercome,nextweek’sgoals

•  Goalsmaychangebasedonchallengesfound– Allowsponsorstomodifyincrementalresearchgoals

– Sponsorscanapplyintermediateresultsasworkprogresses

– Studentsseetheirworkbeingused

January7,2017 HICSS50 21

Reports

•  Weeklyprogressreports•  Midtermprogressreport– Deliveredasformalpaper,presentaZontoallparZcipaZngteams

•  Finalreport– Alsodeliveredtoallteams

•  CriZcalidea:documentresults,tools,datasetssothatanotherteamcanpickupwherethisteamlepoff–  TeachesdatacuraZon

January7,2017 HICSS50 22

PuqngItTogether

January7,2017 HICSS50 23

Mapping•  Bid,proposalèQuickLook– Difference:studentsdon’tidenZfysubjectmaCerexperts;instead,explainwhytheyshouldbeconsidered(orwillbecome)experts

•  ProposalpreparaZonèDeepLook–  Presentsgoals,whattheresearchplancanbeexpectedtoaccomplish

•  ResearchèIncrementalResearchStage– WeeklymeeZngsallowsponsortoadjustgoalsofresearchtomeetneeds,andbasedonweeklyoutcomes

January7,2017 HICSS50 24

QuesZons

•  HowtodeterminewhentouseAgileResearchratherthan(orinaddiZonto)long-termresearch

•  Howtodevelopintermediategoalssothat:–  Incrementalresultsareuseful–  Incrementalresultswillenablethesponsortoprovidefurtherguidancetotheresearchgroup

–  IncrementalgoalswillprovideinsightintothefoundaZonalresearchnecessarytoprovidedeeperunderstandingoftheproblemand,possibly,long-termsoluZons(this,especiallyinanacademicseqng)

January7,2017 HICSS50 25

Conclusion

•  Long-termresearchquesZonsarisefromAgileResearchprojects– AgileResearchisappliedresearchtowardsaparZcular,pressingend

–  Thus,idealforidenZfyinginteresZnglong-termresearchprojects

•  AgileResearchexhibitsproperZesthatarecriZcaltoresearchinvolvementinthefastpacedandunpredictableworldofcybersecurity

January7,2017 HICSS50 26

ClosingThought

•  Tothoseaccustomedtotheprecise,structuredmethodsofconvenZonalsystemdevelopment,exploratorydevelopmenttechniquesmayseemmessy,inelegant,andunsaZsfying.Butit’saquesZonofcongruence:precisionandflexibilitymaybejustasdysfuncZonalinnovel,uncertainsituaZonsassloppinessandvacillaZonareinfamiliar,well-definedones.Thosewhoadmirethemassive,rigidbonestructuresofdinosaursshouldrememberthatjellyfishsZllenjoytheirverysecureecologicalniche. —BeauSheil,“PowerToolsforProgrammers”

January7,2017 HICSS50 27