Fifth Annual Cyber Security and Information Intelligence Research Workshop

April 13-15, 2009

CYBER SECURITY

AND INFORMATION

INTELLIGENCE

CHALLENGES

AND STRATEGIES

Frederick Sheldon, Greg Peterson, Axel Krings, Robert Abercrombie, and Ali Mili (Editors)

CSIIRW09: Cyber Security and Information Intelligence Research Workshop April 13-15, 2009 Oak Ridge National Laboratory, Oak Ridge, Tennessee, USA Frederick Sheldon, Gregory Peterson, Axel Krings, Robert Abercrombie, and Ali Mili (Editors) Cyber security and information intelligence challenges and strategies Our reliance on the cyber infrastructure has further grown and the dependencies have become more complex. The infrastructure and applications running on it are not generally governed by the rules of bounded systems and inherit the properties of unbounded systems, such as the absence of global control, borders and barriers. Furthermore, the quest for increasing functionality and ease of operation is often at the cost of controllability, potentially opening up avenues for exploitation and failures. Intelligence is information valued for its currency and relevance rather than its detail or accuracy. In the presence of information explosion, i.e., the pervasive abundance of (public/private) information and the effects of such, intelligence has the potential to shift the advantages in the dynamic game of defense and attacks in cyber space. Gathering, analyzing, and making use of information constitutes a business-/sociopolitical-/military-intelligence gathering activity and ultimately poses significant advantages and liabilities to the survivability of "our" society. The combination of increased vulnerability, increased stakes and increased threats make cyber security and information intelligence (CSII) one of the most important emerging challenges in the evolution of modern cyberspace. The goal of the workshop is to establish, debate and challenge the far-reaching agenda that broadly and comprehensively outlines a strategy for cyber security and information intelligence that is founded on sound principles and technologies, including:

• Scalable trustworthy systems (including system architectures and requisite development methodologies)

• Enterprise-level metrics (including measures of overall system trustworthiness) • Life-cycle of System Evaluation methodologies (including approaches for attaining sufficient

assurance) • Coping with insider threats • Coping with malware • Global identity management • System survivability • Situational awareness and attack attribution • Data provenance and integrity (relating to information, systems, and hardware) • Privacy-aware security and usable security

A principle goal of the workshop was to foster discussions and dialog among the 115 attendees from North America, Europe, Asia, and Africa. This goal was initiated and facilitated by 9 keynote speakers, a general panel and a specific panel entitled DOE Grass Roots. A total of 58 papers are included in the proceedings, spanning subject areas of Cyber Security, Formal Methods, Intrusion Detection/Insider Threat, Next Generation Security, Security Frameworks, Learning/Optimization Theory and Practice, and Cyber Security Metrics.

1

Table of Contents for the Proceedings of CSIIRW 2009 Oak Ridge National Laboratory, Oak Ridge, TN 37831

Acknowledgements: The CSIIRW 2009 program committee consisted of Frederick T. Sheldon and Robert K. Abercrombie (Oak Ridge National Laboratory), Gregory D. Peterson (University of Tennessee), Axel W. Krings and Zhanshan (Sam) Ma (University of Idaho), Ali Mili (New Jersey Institute of Technology), Anoop Singhal (National Institute of Standards and Technology), and S. Srinivasan (University of Louisville). The CSIIRW 2009 program committee wishes to recognize the contributions of the CSIIRW 2009 review committee which consisted of Lee M. Hively, Joel Reed, Julian Rrushi and Joseph P. Trien (Oak Ridge National Laboratory), Clive Blackwell (University of London), Daniel Dai (University of Central Florida), Jiang Bian (University of Arkansas at Little Rock), Marco Carvalho (Institute for Human and Machine Cognition), Annarita Giani (University of California, Berkeley), Chin-Tser Huang (University of South Carolina), Gregory Vert (Louisiana State University), Daniel Wyschogrod (BAE Systems), Francesca Merighi (Consorzio Interuniversitario del Nord est Italiano Per il Calcolo Automatico [CINECA, Interuniversity Consortium High Performance Systems]), Thomas Neubauer (Secure Business Austria), Douglas S. Reeves (North Carolina State University), Anna Squicciarini (Pennsylvania State University), S. Srinivasan (University of Louisville), and Yi Hu (Northern Kentucky University).

Plenary Sessions:

1. Professor Nabil Adam, Fellow, Infrastructure & Geophysical Division, Science & Technology Directorate , US Department of Homeland Security, and Professor of Computers and Information Systems, Rutgers University, "Cyber-physical Systems Security"

2. Professor Sajal Das, Program Director, Network Technology and Systems (NeTS) Cluster, National Science Foundation, and Professor of Computer Science and Engineering, University of Texas at Arlington, "Pervasively Secured Infrastructures: A Multi-Layer Mathematical Framework"

3. Professor Mike Hinchey, Co-Director, Lero –The Irish Software Engineering Research Centre, University of Limerick, Ireland, "We Can't Get There From Here! The paradox of developing new classes of complex systems"

4. Mr. George Hull, Chief Technology Officer (CTO) & Technical Director of the Information Superiority Operating Unit within the Intelligence Group (TASC), Northrop Grumman Corporation, "Security and Complexity ..... Are we on the Wrong Road?"

5. Professor Carlton Pu, Professor and John P. Imlay, Jr. Chair in Software College of Computing, Georgia Institute of Technology, "Spam and Denial of Information Attacks and Defenses"

6. Dr. Doug Maughan, Cyber Security Research Lead, Science & Technology Directorate, US Department of Homeland Security, "National Cyber Security Research Assessment and Roadmap"

7. Professor Salvatore J. Stolfo, Professor of Computer Science, Columbia University, "Polymorphic Shellcode: The Demise of Signature-based Detection"

8. Robert J. Stratton III, Director, Government Research, Symantec Research Laboratories, "Internet Security Threat Landscape: Scaling to Meet the Threat"

2

9. Professor Bhavani Thuaisingham, Director of Cyber Security Research Center, Professor of Computer Science, University of Texas at Dallas, "Assured Information Sharing between Trustworthy, Semi-trustworthy and Untrustworthy Coalition Partners"

Panel Discussions:

1. “Keynote Panel” with panelists Doug Maughan (Department of Homeland Security, George Hull (Northrop Grumman Corporation), Salvatore Stolfo (Columbia University), and Robert Stratton (Symantec Research Laboratories)

2. “DOE Grass Roots Panel” with panelists John McHugh (Dalhousie University), Robert Armstrong (Sandia National Laboratories), Thomas Longstaff (John Hopkins University Applied Physics Laboratory), Daniel Quinlan (Livermore National Laboratory), Frederick Sheldon (Oak Ridge National Laboratory), and Deborah Frincke (Pacific Northwest National Laboratory)

Track1:

1. “Security-oriented Program Transformations” by Munawar Hafiz, Ralph E. Johnson

2. “Security Policy Testing via Automated Program Code, Generation” by Ting Yu, Dhivya Sivasubramanian and Tao Xie

3. “Long Term Data Storage Issues for Situational Awareness” by John McHugh

4. “Ontology-based Security Assessment for Software Products” by Ju An Wang, Minzhe Guo, Hao Wang, Min Xia and Linfeng Zhou

5. “Debugging Support for Security Properties of Software Architectures” by Kyungsoo Im and John McGregor

6. “On Building Secure SCADA Systems using Security Patterns” by Eduardo B. Fernandez, Jie Wu, M. M. Larrondo-Petrie and Yifeng Shao

7. “Defending Financial Infrastructures Through Early Warning Systems” by Giorgia Lodi, Leonardo Querzoni, Roberto Baldoni, et. al.

8. “JigDFS in Container Communities for International Cargo Security” by J. Bian, R. Seker, and S. Ramaswamy

9. “Automatic Image Analysis Process for the Detection of Concealed Weapons” by R. Gesick, Caner Saritac and Chih-Cheng Hung

Track 2:

1. “A Distributed Reinforcement Learning Approach to Mission Survivability in Tactical MANETs” by Marco Carvalho

2. “Detecting Overflow Vulnerabilities Using Automated Verification” by Jason O. Hallstrom, Brian A. Malloy and Murali Sitaraman

3. “Resilient Multi-core Systems: A Hierarchical Formal Model for N-variant Executions” by Axel Krings, Li Tan, C. Jeffery and R. Rinker

4. “Privacy-Aware Security Applications Using RFID Technology” by S. Srinivasan

3

5. “Techniques for Enterprise Network Security Metrics” by Anoop Singhal and Simon Ou

6. “Quantifying Security Threats and Their Impact” by Anis Ben Aissa, Robert Abercrombie, Frederick Sheldon and Ali Mili

7. “Fair Electronic Exchange using Biometrics” by Harkeerat Bedi, Li Yang and Joseph Kizza

8. “An Outline of the Three-Layer Survivability Analysis Architecture” by Zhanshan (Sam) Ma and Axel W. Krings

9. “Using Automatic Signature Generation as a Sensor Backend” by Daniel Wyschogrod and Jeffrey Dezso

Track 3:

1. “A Framework for Synthetic Stego” by Philip Ritchey, Jorge R. Ramos and Vernon Rego

2. “Leveraging Complexity in Software for Cybersecurity” by Rob Armstrong and Jackson Mayo

3. “Privacy-Preserving Multi-Dimensional Credentialing Using Veiled Certificates” by Chin-Tser Huang and John H. Gerdes, Jr.

4. “Metamodels for Misuse Cases” by Mark Hartong, Rajni Goel and Duminda Wijesekera

5. “OVM: An Ontology for Vulnerability Management” by Ju An Wang and Minzhe Guo

6. “Information Intelligence in Cloud Computing” by Asesh Das, Ramana Reddy, Luyi Wang and Sumitra Reddy

7. “Computing the Behavior of Malicious Code With Function Extraction Technology” by Richard Linger, Stacy Prowell and Kirk Sayre

8. “Data Fusion for Improved Situational Understanding” by Ambareen Siraj

9. “An Active Trust Model based on Zero Knowledge Proofs for Airborne Networks” by Kamesh Namuduri

Track 4:

1. “Assessment of Accountability Policies for Large-Scale Distributed Computing” by W. Lee, A. Squicciarini and Elisa Bertino

2. “Source Code and Binary Analysis of Software Defects” by Daniel Quinlan and Thomas Panas

3. “A Biologically Inspired Password Authentication System” by Dipankar Dasgupta and Sudip Saha

4. “Virtualization Security” by Edward Ray and E. Eugene Schultz

5. “Trust Negotiation: Authorization for Virtual Organizations” by M. Winslett, Adam J. Lee and Kenneth J. Perano

4

Track 5:

1. “Graph-Based Approaches to Insider Threat Detection” by William Eberle and Lawrence Holder

2. “A Security Architecture to Protect against the Insider Threat from Damage, Fraud and Theft: by Clive Blackwell

3. “A Traceability Link Mining Approach for Identifying Insider Threats” by Yi Hu and Brajendra Panda

4. “Monitoring Security Events Using Integrated Correlation-based Techniques” by Qishi Wu, D. Ferebee, Y. Lin and Dipankar Dasgupta

5. “Behavioral Analysis of Fast Flux Service Networks” by A. Caglayan, Mike Toothaker, Dan Drapeau, Dustin Burke and Gerry Eaton

Track 6:

1. “The Case for Prevention-based, Host-resident Defenses in PCS Networks” by Charles Payne, Jr.

2. “u-Vote : A Convenient On-line E-voting System” by Francesca Merighi and Stefano Ravaioli

3. “User Identification Via Process Profiling” by Steven J. McKinney and Douglas S. Reeves

4. “External Monitoring of Endpoint Configuration Compliance” by Darrell M. Kienzle, Ryan K. Persaud, and Matthew C. Elder

5. “Security Models for Contextual Based Global Processing an Architecture and Overview” by Gregory Vert, S.S Iyengar and Vir Phoha

Track 7:

1. “Towards Insider Threat Detection using Web Server Logs” by Justin Myers, Michael R. Grimaila and Robert F. Mills

2. “Integrated Circuit Security - New Threats and Solutions, Miron Abramovici and Paul Bradley

3. “Feature Set Selection in Data Mining Techniques for Unknown Virus Detection – A Comparison Study” by J. Dai, R. Guha and J. Lee

4. “File-system Intrusion Detection by preserving MAC DTS” by Suvrojit Das, Arijit Chattopadhayay, Dipesh Kumar Kalyani and Monojit Saha

5. “Secure Processing Using Dynamic Partial Reconfiguration” by Christopher T. Rathgeb and Gregory D. Peterson

6. “Castle Warrior: Redefining 21st Century Network Defense” by Monty McDougal

7. “High assurance programming in Cryptol” by Levent Erkok and John Matthews

5

8. “Total Cost of Security – A Method for Managing Risks and Incentives Across the Extended Enterprise” by Russell Cameron Thomas

Track 8:

1. “Integrating Dirichlet Reputation into Usage Control” by Li Yang and Alma Cemerlic

2. “Introduction of First Passage Time (FPT) Analysis for Software Reliability and Network Security” by Z. (Sam) Ma Axel Krings and Richard Millar

3. “Towards Usable Cyber Security Requirements” by Jose Romero-Mariona, Hadar Ziv, Debra J. Richardson and Dennis Bystritsky

4. “A Dynamic Erasure Code for Multicasting Live Data” by Erik Ferragut

5. “A Pipeline Development Toolkit in Support of Secure Information Flow Goals” by Philip Tricca

6. “Content-based Alternatives to Conventional Network Monitoring Systems” by G. Louthan, B. Deetz, M. Walker and John Hale

7. “Decision Dependability and its Application to Identity Management” by Nathan Kalka, Nick Bartlow, B. Cukic

8. “How to Determine Threat Probabilities Using Ontologies and Bayesian Networks” by Stefan Fenz and Thomas Neubauer