meet science of securitynomad: mitigating arbitrary cloud side channels via provider-assisted...

57
MEET SCIENCE OF SECURITY Adam Tagert Ph.D. [email protected] Science of Security & Privacy Technical Director National Security Agency

Upload: others

Post on 10-Jul-2020

5 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

MEET SCIENCE OF SECURITY

Adam Tagert Ph.D.

[email protected] of Security & Privacy Technical Director

National Security Agency

Page 2: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

Introduction• What is the Problem

• What is Science?

• 3 Themes

• Research Focus Areas

• Become Involved

2

Page 3: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

What is the Problem?• Best Practices

• Do it Twice -> Possibly Different Results

• Need to Move to Scientific Sound Approach

• Science Needs to Catch up with the Engineering

3https://www.flickr.com/photos/digitalurbanlandscape

Page 4: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

Science is…• A Philological Unanswered Question

• Definition is mushy

• Our goal with science:

– Rigorous Research

– Generalizable

– Predictable

– Foundational

– Explains the World/Cyberspace

4

Page 5: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

Tackling the Problem• In the 2000s, recognition of problem

• CNCI jump start funding

• NSA signed up to lead the effort for the USG

• Started in 2012

5

Page 6: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

3 Pillars of 1. Fund Needed Foundational Research

2. Nurture and Grow the SoS Community

3. Support Rigorous Research Methods

6

Page 7: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

1. Invest in Foundational Research

7

Page 8: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

4 Lablets• Lablet – a small transdiciplinary lab

• Competitive Selection

• Began 2012 using an ARO grant to 3 universities

• 2014 – NSA contract with 4 Universities – From a BAA

– About $8 million per year total

– 20% of funding to other institutions (25 other Universities)

– For Research and to build a science

• 370 Published Papers

8

Page 9: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

Lablet Funding Supports• Research

• Salaries and/or Tuition of Professors, Researchers, Post-Docs, Ph.D. Students, Masters Students, and undergraduate research

• Outreach activities for making a science

• Quarterly Meetings

– Next NCSU Feb 1,2

9

Page 10: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

5 Hard Problems

• Goals & Rallying Points

• A Measure for Progress

• Developed with lablet PIs

• Not all inclusive

• Needed for improving cybersecurity situation

• Progress Paper Posted

10

Page 11: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

NCSU Lablet

• PIs – Laurie Williams and Munindar Singh

• Metrics – 3 Projects

• Human Behavior – 3

• Policy – 4

• Resilient Architectures – 4

• Evaluation & Research Methods Projects

• Summer Workshop & Community Day Events

11

Page 12: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

• Evaluation

– Investigators: Lindsey McGowen, David Wright, Jon Stallings

• Research Methods, Community Development, & Data Sharing

– Investigators: Jeff Carver (UAB), Lindsey McGowen, Ehab Al-shaer (UNCC), Jon Stallings, Laurie Williams, David Wright

12

About Science

Page 13: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

Science of SecUre and REsilient Cyber-Physical Systems (SURE)

• Vanderbilt (Lead) ; MIT; University of Hawaii; UC Berkeley

• Foundational Research on Cyber Physical Systems

• Research Thrusts:▪ Hierarchical Coordination and Control

▪ Cyber Risk Analysis and Incentive Design – Resilient Monitoring and Control

▪ Science of Decentralized Security

▪ Reliable and Practical Reasoning about Secure Computation and Communication in Networks

▪ Evaluation and Experimentation

▪ Education and Outreachcps-vo.org/group/sure

Page 14: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

14Lablet (4)National Security Agency

Science of Security Lablets

Page 15: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

15

Science of Security Lablets and Sub-Lablets

Page 16: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

16

Science of Security Lablets, Sub-Lablets, SURE

Page 17: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

17

Lablets, Sub-Lablets, SURE, and Collaborators

Page 18: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

18

Science of Security International Locations

Page 19: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

2. Nurture and Grow Science of Security & Privacy Community

19

Page 20: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

HoT-SoS

• Annual Community Meeting: – Hot Topics in the Science of Security:

Symposium and Bootcamp in the Science of Security

• Brings Academia, Industry, Gov

• HoTSoS 17 - April 3-4, 2017– Registration Open, Posters Open

• ACM In-cooperation

• 2017 -> In Maryland

20

Page 21: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

Virtual Organization• Online Collaboration on

NSF Virtual Organization Platform

• News, Publications, Research, Forums, Events, Collaboration

• 1200+ Members Joined

• http://www.sos-vo.org

21

Page 22: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

Workshops, Internships, Outreach

• Other activities host workshops; have interns

• Support other programs such as conferences

• Curriculums

• Graduating Students spread the culture

22

Page 23: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

3. Promote Rigorous Research Methods

23

Page 24: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

• Annual Competition

• Papers reviewed by NSA & External Distinguished Experts

• Open to All

• Papers Nominated by Public

• Researchers visit NSA and Present Research

• Nominated Papers Before March 31

• http://sos-vo.org/24

Page 25: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

4th Annual CompetitionNomad: Mitigating Arbitrary Cloud Side

Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University and University of North Carolina. (CCS15)

25

Page 26: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

Also Honorable Mentions• Quantum-Secure Covert Communication on

Bosonic Channels and Increasing Cybersecurity Investments in Private SecortFirms, Bash, etc al

• Increasing Cybersecurity Investments in Private Secort Firms Gordon, etc al.

26

Page 27: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

Intel ISEF• NSA Research

Directorate Award at Intel International Science and Engineering Fair (ISEF)

• Present Award to High School Research Projects in Cybersecurity

• 2017 – Los Angeles

27

Page 28: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

ISEF 2016• 1750 Students;

80 Countries; Phoenix

• 4,000 Local Students Visit Plus others

28

Page 29: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

1st Place - $3,000– Charles Noyes from Villa Park California for

Efficient Blockchain-Driven Multiparty Computation Markets at Scale

29

Page 30: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

2nd Place - $1,000– Karthik Yegnesh from Lansdale Pennsylvania for Cosheaf

Theoretical Constructions in Networks and Persistent Homology

– Rucha Joshi from Austin Texas for Determining Network Robustness Using Region Based Connectivity

30

Page 31: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

Visit NSA

31

Page 32: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

• Attack Surface and Defense-in-Depth Metrics

– Investigators: Andy Meneely (RIT), Laurie Williams

• Systemization of Knowledge from Intrusion Detection Models

– Investigators: Huaiyu Dai, Andy Meneely (RIT)

• Vulnerability and Resilience Prediction Models

– Investigators: Mladen Vouk, Laurie Williams

32

Metrics

Page 33: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

• Warning of Phishing Attacks: Supporting Human Information Processing, Identifying Phishing Deception Indicators, and Reducing Vulnerability– Investigators: Christopher B. Mayhorn, Emerson Murphy-

Hill

• A Human Information-Processing Analysis of Online Deception Detection– Investigators: Robert W. Proctor, Ninghui Li, Emerson

Murphy-Hill

• Leveraging the Effects of Cognitive Function on Input Device Analytics to Improve Security– Investigators: David L. Roberts, Robert St. Amant

33

Human Behavior

Page 34: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

• Understanding the Effects of Norms and Policies on Robustness, Liveness, and Resilience of Systems – Investigators: Emily Berglund, Jon Doyle, Munindar Singh

• Formal Specification and Analysis of Security - Critical Norms and Policies – Investigators: Jon Doyle, Munindar Singh, Rada Chirkova

• Scientific Understanding of Policy Complexity– Investigators: Ninghui Li, Robert Proctor

• Privacy Incidents Database – Investigator: Jessica Staddon

34

Secure Collaboration

Page 35: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

• Resilience Requirements, Design, and Testing – Investigators: Kevin Sullivan, Mladen Vouk, Ehab Al-Shaer

(UNCC)

• Redundancy for Network Intrusion Prevention Systems (NIPS) – Investigator: Mike Reiter (UNC)

• Smart Isolation in Large-Scale Production Computing – Investigators: Xiaohui (Helen) Gu, William Enck

• Automated Synthesis of Resilient Architectures– Investigator: Ehab Al-Shaer (UNCC)

35

Resilient Architectures

Page 36: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

Let’s Talk Research – Focus Areas• Access Control

• Analyzing Adversary Supplied Code

• Anomaly Detection

• Internet of Things

• Mitigation Development

• Mobility / Android App Development

• NIDS / Firewalls

• PKI

• Phishing

• Privacy

• Real Time Monitoring

• Sandboxing

• Secure Configuration

• Secure Programming

• Testing Environments

• Workforce Training Development

End

Page 37: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

Summing Up

37

Page 38: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

Getting Involved• Join the SoS –VO: http://www.sos-vo.org

– Contribute to discussion; learn about what’s going on

– Read Annual Report

– Find published Papers

• Attend Hot-SoS 2017 in Maryland

• Quarterly Meeting at NCSU, Feb 1,2

• TESTFLIGHT (JWICS)

• Nominate Papers for the Competition

• Email: [email protected]

• Apply Scientific Principles to Your Work

38

Go SoS

Page 39: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

Thank You

Questions??

39

Page 40: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

Access Control• Developing methods to find anomalies using

approach that provides faster results by trading some accuracy: expected use includes access control (CMU)

• Study of Norms of information flows (sharing) and its use for collaboration. Norms include emergencies (NCSU)

• Focus on access control for a formal automated framework in a resilient architecture (NCSU)

40

Home

Page 41: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

Analyzing Adversary Supplied Code• Developing method [UberSpark] to enforce

secure object abstractions on adversary-supplied code in C99 & Assembly (CMU)

• Enabling proofs of safety of programs that execute adversary supplied code without code available for deep typing analysis – uses interface confinement [System M] (CMU)

41

Home

Page 42: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

Anomaly Detection• Looking at redundancy-based anomaly

detectors to recognize some high risk and difficult to detect attacks on web servers by studying information flows (NCSU)

42

Home

Page 43: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

Internet of Things• IoT Tesetbed (VU)• IoT Simulator with Defenders and Attackers (VU)• Developed Software Tool for integrating threat

modeling and risk analysis (VU)• Resilient SCADA algorithms (VU)• Developing a Resilience Measure in respect to multi-

dimensional attack attributes (NCSU)• Developing a rigorous, model-based approach for

analyzing security metrics of large CPS by developing foundational results on compositional analysis (UIUC/RICE)

• Focus on IoT for a formal automated framework in a resilient architecture (NCSU)

43

Home

Page 44: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

Insider Threat• Building model of humans work in cyber-

human systems including insiders threats (UIUC / Newcastle)

44

Home

Page 45: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

Mitigation Development• Developing a cost effective way detecting data

races when code is updated (CMU/UNL)

• Studying how ordinary computer people make security decisions (CMU/PITT/Berkeley)

• Studying and modeling how non-malicious users circumvent security controls (UIUC/UPenn/Dartmouth)

• Study of online PKI uses in CDNs, sharing of private keys and mitigations (UMD)

45

Home

Page 46: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

Mobility / Android App Development• Frameworks that enable construction of secure mobile

applications that have known security properties (CMU)

• Study of Inter-Component communication in android apps and sandboxes. Extracting the architecture of android system with static analysis and sync with running apps. (CMU)

• Studying Android Apps to see if information flows match Privacy Policies (CMU)

• Developing metrics for graphical password strength (UMD/USNA)

• Studying Android Apps to see when they become malicious (UMD)

46

Home

Page 47: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

NIDS / Firewalls• Studying the Understandability of Firewall

Policies and complexity (NCSU)

• See Also Real-Time Monitoring

47

Home

Page 48: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

PKI• Study of outline certificates being managed by

CDNs and sharing of private keys (UMD)

48

Home

Page 49: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

Phishing• Study of how people respond to phishing

attacks with different types of warning messages (NCSU)

• Developing models of how people detect phishing attacks (NCSU)

49

Home

Page 50: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

Privacy• Study of norms of information flow in

collaboration. Such as under what circumstances information can be shared (NCSU)

• Analyzing Android apps to see if information flows match privacy policies. (CMU / UTSA)

• Studying using automated analysis of privacy algorithms (CMU)

50

Home

Page 51: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

Real Time Monitoring• Studying on how people type for extra

verification on using “how” a password is entered as additional authentication (NCSU)

• Anomaly detection in workflows in IoT (NCSU)• Study of Researcher reports about IDS and how

IDS collaborate (NCSU/RIT)• Developing an architecture and software defined

networking enabling load balancing across geographic distinct NIDS (NCSU / UNCC)

• Study of user behavior in a cloud environments to get probabilities of compromised account (UIUC / NCSA)

51

Home

Page 52: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

Sandboxing• Study of isolation techniques in networks,

android. Security in docker images; built security vulnerability analyzer. (NCSU)

52

Home

Page 53: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

Secure Configuration• Challenge of Linux configuration options;

study on determining in which options certain bugs appear (CMU)

• Using honey pots to study attacker behavior for different conditions such as presence of honest users or login banner (UMD)

53

Home

Page 54: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

Secure Programming• Developing composable programming language so

large programs can be made up of parts; focuses on the interaction between modules and authorization policies (CMU)

• Develop cost effective way of detecting data races (CMU)

• Framework to enable Secure mobile application with known security properties (CMU)

• Study of stack traces to focus on security; prediction of vulnerability at the function level (NCSU)

• HSR study on the challenges developers face in writing security and privacy programs (UMD)

54

Home

Page 55: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

Testing Environments• 32 Node IoT Test bed with network simulation

(VU)

• IoT Simulation Environment with attackers / defenders (VU)

• Developing Software that generates large scale architectures from description (cloud size). Useful basis of testing threat scenarios / insider threat. (CMU)

• Simulation analysis of CPS and verification (UIUC / RICE)

55

Home

Page 56: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University

Workforce Training Development• Study on how people make computer security decisions (CMU)• Modeling people of when they do work vs. security task to develop

norms of behavior (NCSU)• Study on how people respond to phishing and alert messages

(NCSU)• Mental models of people response to phishing attacks (NCSU)• Study on how users circumvent security controls to do work

(UIUC/USC/UPenn/Dartmouth• HSR study on challenges developers face in writing secure code

(UMD)• Developing metric for graphical password strength (UMD/USNA)• Study on how people choose and follow security advice (UMD)

56

Home

Page 57: MEET SCIENCE OF SECURITYNomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University