meet science of securitynomad: mitigating arbitrary cloud side channels via provider-assisted...
TRANSCRIPT
![Page 1: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/1.jpg)
MEET SCIENCE OF SECURITY
Adam Tagert Ph.D.
[email protected] of Security & Privacy Technical Director
National Security Agency
![Page 2: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/2.jpg)
Introduction• What is the Problem
• What is Science?
• 3 Themes
• Research Focus Areas
• Become Involved
2
![Page 3: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/3.jpg)
What is the Problem?• Best Practices
• Do it Twice -> Possibly Different Results
• Need to Move to Scientific Sound Approach
• Science Needs to Catch up with the Engineering
3https://www.flickr.com/photos/digitalurbanlandscape
![Page 4: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/4.jpg)
Science is…• A Philological Unanswered Question
• Definition is mushy
• Our goal with science:
– Rigorous Research
– Generalizable
– Predictable
– Foundational
– Explains the World/Cyberspace
4
![Page 5: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/5.jpg)
Tackling the Problem• In the 2000s, recognition of problem
• CNCI jump start funding
• NSA signed up to lead the effort for the USG
• Started in 2012
5
![Page 6: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/6.jpg)
3 Pillars of 1. Fund Needed Foundational Research
2. Nurture and Grow the SoS Community
3. Support Rigorous Research Methods
6
![Page 7: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/7.jpg)
1. Invest in Foundational Research
7
![Page 8: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/8.jpg)
4 Lablets• Lablet – a small transdiciplinary lab
• Competitive Selection
• Began 2012 using an ARO grant to 3 universities
• 2014 – NSA contract with 4 Universities – From a BAA
– About $8 million per year total
– 20% of funding to other institutions (25 other Universities)
– For Research and to build a science
• 370 Published Papers
8
![Page 9: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/9.jpg)
Lablet Funding Supports• Research
• Salaries and/or Tuition of Professors, Researchers, Post-Docs, Ph.D. Students, Masters Students, and undergraduate research
• Outreach activities for making a science
• Quarterly Meetings
– Next NCSU Feb 1,2
9
![Page 10: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/10.jpg)
5 Hard Problems
• Goals & Rallying Points
• A Measure for Progress
• Developed with lablet PIs
• Not all inclusive
• Needed for improving cybersecurity situation
• Progress Paper Posted
10
![Page 11: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/11.jpg)
NCSU Lablet
• PIs – Laurie Williams and Munindar Singh
• Metrics – 3 Projects
• Human Behavior – 3
• Policy – 4
• Resilient Architectures – 4
• Evaluation & Research Methods Projects
• Summer Workshop & Community Day Events
11
![Page 12: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/12.jpg)
• Evaluation
– Investigators: Lindsey McGowen, David Wright, Jon Stallings
• Research Methods, Community Development, & Data Sharing
– Investigators: Jeff Carver (UAB), Lindsey McGowen, Ehab Al-shaer (UNCC), Jon Stallings, Laurie Williams, David Wright
12
About Science
![Page 13: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/13.jpg)
Science of SecUre and REsilient Cyber-Physical Systems (SURE)
• Vanderbilt (Lead) ; MIT; University of Hawaii; UC Berkeley
• Foundational Research on Cyber Physical Systems
• Research Thrusts:▪ Hierarchical Coordination and Control
▪ Cyber Risk Analysis and Incentive Design – Resilient Monitoring and Control
▪ Science of Decentralized Security
▪ Reliable and Practical Reasoning about Secure Computation and Communication in Networks
▪ Evaluation and Experimentation
▪ Education and Outreachcps-vo.org/group/sure
![Page 14: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/14.jpg)
14Lablet (4)National Security Agency
Science of Security Lablets
![Page 15: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/15.jpg)
15
Science of Security Lablets and Sub-Lablets
![Page 16: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/16.jpg)
16
Science of Security Lablets, Sub-Lablets, SURE
![Page 17: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/17.jpg)
17
Lablets, Sub-Lablets, SURE, and Collaborators
![Page 18: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/18.jpg)
18
Science of Security International Locations
![Page 19: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/19.jpg)
2. Nurture and Grow Science of Security & Privacy Community
19
![Page 20: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/20.jpg)
HoT-SoS
• Annual Community Meeting: – Hot Topics in the Science of Security:
Symposium and Bootcamp in the Science of Security
• Brings Academia, Industry, Gov
• HoTSoS 17 - April 3-4, 2017– Registration Open, Posters Open
• ACM In-cooperation
• 2017 -> In Maryland
20
![Page 21: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/21.jpg)
Virtual Organization• Online Collaboration on
NSF Virtual Organization Platform
• News, Publications, Research, Forums, Events, Collaboration
• 1200+ Members Joined
• http://www.sos-vo.org
21
![Page 22: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/22.jpg)
Workshops, Internships, Outreach
• Other activities host workshops; have interns
• Support other programs such as conferences
• Curriculums
• Graduating Students spread the culture
22
![Page 23: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/23.jpg)
3. Promote Rigorous Research Methods
23
![Page 24: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/24.jpg)
• Annual Competition
• Papers reviewed by NSA & External Distinguished Experts
• Open to All
• Papers Nominated by Public
• Researchers visit NSA and Present Research
• Nominated Papers Before March 31
• http://sos-vo.org/24
![Page 25: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/25.jpg)
4th Annual CompetitionNomad: Mitigating Arbitrary Cloud Side
Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University and University of North Carolina. (CCS15)
25
![Page 26: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/26.jpg)
Also Honorable Mentions• Quantum-Secure Covert Communication on
Bosonic Channels and Increasing Cybersecurity Investments in Private SecortFirms, Bash, etc al
• Increasing Cybersecurity Investments in Private Secort Firms Gordon, etc al.
26
![Page 27: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/27.jpg)
Intel ISEF• NSA Research
Directorate Award at Intel International Science and Engineering Fair (ISEF)
• Present Award to High School Research Projects in Cybersecurity
• 2017 – Los Angeles
27
![Page 28: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/28.jpg)
ISEF 2016• 1750 Students;
80 Countries; Phoenix
• 4,000 Local Students Visit Plus others
28
![Page 29: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/29.jpg)
1st Place - $3,000– Charles Noyes from Villa Park California for
Efficient Blockchain-Driven Multiparty Computation Markets at Scale
29
![Page 30: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/30.jpg)
2nd Place - $1,000– Karthik Yegnesh from Lansdale Pennsylvania for Cosheaf
Theoretical Constructions in Networks and Persistent Homology
– Rucha Joshi from Austin Texas for Determining Network Robustness Using Region Based Connectivity
30
![Page 31: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/31.jpg)
Visit NSA
31
![Page 32: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/32.jpg)
• Attack Surface and Defense-in-Depth Metrics
– Investigators: Andy Meneely (RIT), Laurie Williams
• Systemization of Knowledge from Intrusion Detection Models
– Investigators: Huaiyu Dai, Andy Meneely (RIT)
• Vulnerability and Resilience Prediction Models
– Investigators: Mladen Vouk, Laurie Williams
32
Metrics
![Page 33: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/33.jpg)
• Warning of Phishing Attacks: Supporting Human Information Processing, Identifying Phishing Deception Indicators, and Reducing Vulnerability– Investigators: Christopher B. Mayhorn, Emerson Murphy-
Hill
• A Human Information-Processing Analysis of Online Deception Detection– Investigators: Robert W. Proctor, Ninghui Li, Emerson
Murphy-Hill
• Leveraging the Effects of Cognitive Function on Input Device Analytics to Improve Security– Investigators: David L. Roberts, Robert St. Amant
33
Human Behavior
![Page 34: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/34.jpg)
• Understanding the Effects of Norms and Policies on Robustness, Liveness, and Resilience of Systems – Investigators: Emily Berglund, Jon Doyle, Munindar Singh
• Formal Specification and Analysis of Security - Critical Norms and Policies – Investigators: Jon Doyle, Munindar Singh, Rada Chirkova
• Scientific Understanding of Policy Complexity– Investigators: Ninghui Li, Robert Proctor
• Privacy Incidents Database – Investigator: Jessica Staddon
34
Secure Collaboration
![Page 35: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/35.jpg)
• Resilience Requirements, Design, and Testing – Investigators: Kevin Sullivan, Mladen Vouk, Ehab Al-Shaer
(UNCC)
• Redundancy for Network Intrusion Prevention Systems (NIPS) – Investigator: Mike Reiter (UNC)
• Smart Isolation in Large-Scale Production Computing – Investigators: Xiaohui (Helen) Gu, William Enck
• Automated Synthesis of Resilient Architectures– Investigator: Ehab Al-Shaer (UNCC)
35
Resilient Architectures
![Page 36: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/36.jpg)
Let’s Talk Research – Focus Areas• Access Control
• Analyzing Adversary Supplied Code
• Anomaly Detection
• Internet of Things
• Mitigation Development
• Mobility / Android App Development
• NIDS / Firewalls
• PKI
• Phishing
• Privacy
• Real Time Monitoring
• Sandboxing
• Secure Configuration
• Secure Programming
• Testing Environments
• Workforce Training Development
End
![Page 37: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/37.jpg)
Summing Up
37
![Page 38: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/38.jpg)
Getting Involved• Join the SoS –VO: http://www.sos-vo.org
– Contribute to discussion; learn about what’s going on
– Read Annual Report
– Find published Papers
• Attend Hot-SoS 2017 in Maryland
• Quarterly Meeting at NCSU, Feb 1,2
• TESTFLIGHT (JWICS)
• Nominate Papers for the Competition
• Email: [email protected]
• Apply Scientific Principles to Your Work
38
Go SoS
![Page 39: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/39.jpg)
Thank You
Questions??
39
![Page 40: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/40.jpg)
Access Control• Developing methods to find anomalies using
approach that provides faster results by trading some accuracy: expected use includes access control (CMU)
• Study of Norms of information flows (sharing) and its use for collaboration. Norms include emergencies (NCSU)
• Focus on access control for a formal automated framework in a resilient architecture (NCSU)
40
Home
![Page 41: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/41.jpg)
Analyzing Adversary Supplied Code• Developing method [UberSpark] to enforce
secure object abstractions on adversary-supplied code in C99 & Assembly (CMU)
• Enabling proofs of safety of programs that execute adversary supplied code without code available for deep typing analysis – uses interface confinement [System M] (CMU)
41
Home
![Page 42: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/42.jpg)
Anomaly Detection• Looking at redundancy-based anomaly
detectors to recognize some high risk and difficult to detect attacks on web servers by studying information flows (NCSU)
42
Home
![Page 43: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/43.jpg)
Internet of Things• IoT Tesetbed (VU)• IoT Simulator with Defenders and Attackers (VU)• Developed Software Tool for integrating threat
modeling and risk analysis (VU)• Resilient SCADA algorithms (VU)• Developing a Resilience Measure in respect to multi-
dimensional attack attributes (NCSU)• Developing a rigorous, model-based approach for
analyzing security metrics of large CPS by developing foundational results on compositional analysis (UIUC/RICE)
• Focus on IoT for a formal automated framework in a resilient architecture (NCSU)
43
Home
![Page 44: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/44.jpg)
Insider Threat• Building model of humans work in cyber-
human systems including insiders threats (UIUC / Newcastle)
44
Home
![Page 45: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/45.jpg)
Mitigation Development• Developing a cost effective way detecting data
races when code is updated (CMU/UNL)
• Studying how ordinary computer people make security decisions (CMU/PITT/Berkeley)
• Studying and modeling how non-malicious users circumvent security controls (UIUC/UPenn/Dartmouth)
• Study of online PKI uses in CDNs, sharing of private keys and mitigations (UMD)
45
Home
![Page 46: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/46.jpg)
Mobility / Android App Development• Frameworks that enable construction of secure mobile
applications that have known security properties (CMU)
• Study of Inter-Component communication in android apps and sandboxes. Extracting the architecture of android system with static analysis and sync with running apps. (CMU)
• Studying Android Apps to see if information flows match Privacy Policies (CMU)
• Developing metrics for graphical password strength (UMD/USNA)
• Studying Android Apps to see when they become malicious (UMD)
46
Home
![Page 47: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/47.jpg)
NIDS / Firewalls• Studying the Understandability of Firewall
Policies and complexity (NCSU)
• See Also Real-Time Monitoring
47
Home
![Page 48: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/48.jpg)
PKI• Study of outline certificates being managed by
CDNs and sharing of private keys (UMD)
48
Home
![Page 49: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/49.jpg)
Phishing• Study of how people respond to phishing
attacks with different types of warning messages (NCSU)
• Developing models of how people detect phishing attacks (NCSU)
49
Home
![Page 50: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/50.jpg)
Privacy• Study of norms of information flow in
collaboration. Such as under what circumstances information can be shared (NCSU)
• Analyzing Android apps to see if information flows match privacy policies. (CMU / UTSA)
• Studying using automated analysis of privacy algorithms (CMU)
50
Home
![Page 51: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/51.jpg)
Real Time Monitoring• Studying on how people type for extra
verification on using “how” a password is entered as additional authentication (NCSU)
• Anomaly detection in workflows in IoT (NCSU)• Study of Researcher reports about IDS and how
IDS collaborate (NCSU/RIT)• Developing an architecture and software defined
networking enabling load balancing across geographic distinct NIDS (NCSU / UNCC)
• Study of user behavior in a cloud environments to get probabilities of compromised account (UIUC / NCSA)
51
Home
![Page 52: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/52.jpg)
Sandboxing• Study of isolation techniques in networks,
android. Security in docker images; built security vulnerability analyzer. (NCSU)
52
Home
![Page 53: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/53.jpg)
Secure Configuration• Challenge of Linux configuration options;
study on determining in which options certain bugs appear (CMU)
• Using honey pots to study attacker behavior for different conditions such as presence of honest users or login banner (UMD)
53
Home
![Page 54: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/54.jpg)
Secure Programming• Developing composable programming language so
large programs can be made up of parts; focuses on the interaction between modules and authorization policies (CMU)
• Develop cost effective way of detecting data races (CMU)
• Framework to enable Secure mobile application with known security properties (CMU)
• Study of stack traces to focus on security; prediction of vulnerability at the function level (NCSU)
• HSR study on the challenges developers face in writing security and privacy programs (UMD)
54
Home
![Page 55: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/55.jpg)
Testing Environments• 32 Node IoT Test bed with network simulation
(VU)
• IoT Simulation Environment with attackers / defenders (VU)
• Developing Software that generates large scale architectures from description (cloud size). Useful basis of testing threat scenarios / insider threat. (CMU)
• Simulation analysis of CPS and verification (UIUC / RICE)
55
Home
![Page 56: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/56.jpg)
Workforce Training Development• Study on how people make computer security decisions (CMU)• Modeling people of when they do work vs. security task to develop
norms of behavior (NCSU)• Study on how people respond to phishing and alert messages
(NCSU)• Mental models of people response to phishing attacks (NCSU)• Study on how users circumvent security controls to do work
(UIUC/USC/UPenn/Dartmouth• HSR study on challenges developers face in writing secure code
(UMD)• Developing metric for graphical password strength (UMD/USNA)• Study on how people choose and follow security advice (UMD)
56
Home
![Page 57: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University](https://reader034.vdocument.in/reader034/viewer/2022042419/5f355d4dc3a59951964fa43c/html5/thumbnails/57.jpg)