Science of Security Speaker Series: Grand Research Challenges for Cybersecurity of Critical Information and Infrastructures

  • Posted on April 13, 2017 at 3:15 pm by whitesel@illinois.edu.
  • Categorized Events.
  • Comments are off for this post.

Paulo Esteves-Verissimo, University of Luxembourg
April 28
, 2017, 4:00 p.m., B02 Coordinated Science Laboratory

slides | video

Abstract: Computing and communications infrastructures have become commodities which societies largely depend on, transacting huge quantities of data and exhibiting pervasive interconnections, sometimes in critical conditions. However, the actual magnitude that security and dependability risks may assume, is often misperceived. The information society has been assuming risk behaviours, without the adequate protection. Many stakeholders, not only end-users but vendors, service providers, public administrations and — what may be surprising — even governments, seem to ignore those risks, in different ways.

Yet, as will be shown in the talk, the problem should be obvious from the symptoms that have lately seen the light. Threats are everyday more powerful, massive or targeted attacks and advanced persistent threats entered the situational awareness agenda of nations. However, systems remain flaky, sometimes seemingly intentionally, vulnerabilities persist, and partial and/or specific fixes imperfectly mend what are sometimes global problems. Grand challenges deserve grand solutions, and so the talk will conclude along two lines of discussion, as a contribution to the debate on science of cybersecurity: effective strategies for cybersecurity are in dire need; advanced research breaking with traditional paradigms is required.

Bio: Paulo Esteves-Veríssimo is a Professor and FNR PEARL Chair at the University of Luxembourg Faculty of Science, Technology and Communication (FSTC), since fall 2014, and head of the CritiX lab (Critical and Extreme Security and Dependability) at SnT, the Interdisciplinary Centre for Security, Reliability and Trust at the same University (http://wwwen.uni.lu/snt). He is adjunct Professor of the ECE Dept., Carnegie Mellon University. Previously, he has been a Professor of the Univ. of Lisbon, member of the Board of the same university and Director of LaSIGE (http://lasige.di.fc.ul.pt). Veríssimo is Fellow of the IEEE and Fellow of the ACM, and he is associate editor of the IEEE Transactions on Computers. He is currently Chair of the IFIP WG 10.4 on Dependable Computing and Fault-Tolerance and vice-Chair of the Steering Committee of the IEEE/IFIP DSN conference. He is currently interested in secure and dependable distributed architectures, middleware and algorithms for: resilience of large-scale systems and critical infrastructures, privacy and integrity of highly sensitive data, and adaptability and safety of real-time networked embedded systems. He is author of over 180 peer-refereed publications and co-author of 5 books.

Science of Security Speaker Series: Conceptual Models of Reliability of Fault-tolerant Software Under Cyber-attacks

  • Posted on March 30, 2017 at 10:48 am by whitesel@illinois.edu.
  • Categorized Events.
  • Comments are off for this post.

Peter Popov, City, University of London
March 23
, 2017, 2:00 p.m., 141 Coordinated Science Laboratory

slides

Abstract: This talk will present an approach to modelling the effect of cyber-attacks on reliability of software used in industrial control applications. The model is based on the view that successful cyber-attacks introduce failure regions, which are not present in non-compromised software. The model is then extended to cover a fault tolerant architecture such as the 1-out-of-2 software, popular to build industrial protection systems. The model is used to study the effectiveness of software maintenance policies such as patching and “cleansing” under different adversary models ranging from independent attacks on the channels to sophisticated synchronized attacks on the channels. The studies demonstrate that the effect of attacks on reliability of diverse software is significantly affected by the adversary model. Under synchroniz ed attacks system reliability may be more than an order of magnitude worse than under independent attacks on the channels. These findings, although not surprising, highlight the importance of using an adequate adversary model in the assessment of the effectiveness of cyber-security controls.

Bio: Peter Popov is Reader in the Centre for Software Reliability, City, University of London, United Kingdom. He joined the Centre in 1997 after a career in industry and in Bulgarian Academy of Sciences. He was a visiting scientist at LAAS, Toulouse, France and at the University of Illinois at Urbana-Champaign and currently at Duke University.

Spring 2017 Joint Trust and Security/Science of Security Seminars

  • Posted on February 7, 2017 at 9:02 am by whitesel@illinois.edu.
  • Categorized Events.
  • Comments are off for this post.

Anonymity in the Bitcoin Peer-to-Peer Network  slides | video
Giulia Fanti, Postdoctoral Research Associate, Coordinated Science Lab, University of Illinois at Urbana-Champaign
February 21, 2017, 4:00 p.m., CSL Auditorium (B02)

Abstract: Bitcoin enjoys a public perception of being a ‘privacy-preserving’ financial system. In reality, Bitcoin has a number of privacy vulnerabilities, including the well-studied fact that transactions can be linked through the public blockchain. More recently, researchers have demonstrated deanonymization attacks that exploit a lower-layer weakness: the Bitcoin peer-to-peer (P2P) networking stack. In particular, the P2P network currently forwards content in a structured way that allows observers to deanonymize users by linking their transactions to the originating IP addresses. In this work, we first demonstrate that current protocols exhibit poor anonymity guarantees, both theoretically and in practice. Then, we consider a first-principles redesign of the P2P network, with the goal of providing strong, provable anonymity guarantees. We propose a simple networking policy called Dandelion, which achieves nearly-optimal anonymity guarantees at minimal cost to the network’s utility.

CANCELLED: Combining Simulation and Emulation Systems for Smart Grid Planning and Evaluation 
Christopher Hannon, Graduate Research Assistant, Computer Science, Illinois Institute of Technology
February 28, 2017, 4:00 p.m., CSL Auditorium (B02)

Abstract: The successful operations of modern power grids are highly dependent on a reliable and efficient underlying communication network. Researchers and utilities have started to explore the opportunities and challenges of applying the emerging software-defined networking (SDN) technology to enhance efficiency and resilience of the Smart Grid. This trend calls for a simulation-based platform that provides sufficient flexibility and controllability for evaluating network application designs, and facilitating the transitions from in-house research ideas to real productions. In this paper, we present DSSnet, a hybrid testing platform that combines a power distribution system simulator with an SDN emulator to support high fidelity analysis of communication network applications and their impacts on power systems. Our contributions lay in the design of a virtual time system with the tight controllability on the execution of the emulation system, i.e., pausing and resuming any specified container processes in the perception of their own virtual clocks, with little overhead scaling to 500 emulated hosts with an average of 70 ms overhead; and also lay in the efficient synchronization of the two sub-systems based on the virtual time. We evaluate the system performance of DSSnet, and also demonstrate the usability through a case study by evaluating a demand response application.

Optimal Data Rate for State Estimation of Switched Nonlinear Systems  slides | video
Hussein Sibai, Graduate Research Assistant, Coordinated Science Lab, University of Illinois at Urbana-Champaign
April 11, 2017, 4:00 p.m., CSL Auditorium (B02)

Abstract: State estimation is a fundamental problem for monitoring and controlling systems. Engineering systems interconnect sensing and computing devices over a shared bandwidth-limited channels, and therefore, estimation algorithms should strive to use bandwidth optimally. We present a notion of entropy for state estimation of switched nonlinear dynamical systems, an upper bound for it and a state estimation algorithm for the case when the switching signal is unobservable. Our approach relies on the notion of topological entropy and uses techniques from the theory for control under limited information. We show that the average bit rate used is optimal in the sense that, the efficiency gap of the algorithm is within an additive constant of the gap between estimation entropy of the system and its known upper-bound. We apply the algorithm to two system models and discuss the performance implications of the number of tracked modes.

Joint Trust and Security/Science of Security Seminar: What the Secret Service Can Teach Us about Cybersecurity

  • Posted on December 21, 2016 at 12:15 pm by whitesel@illinois.edu.
  • Categorized Events.
  • Comments are off for this post.

nathaniel_gleicher-photoNathaniel Gleicher, Illumio
January 17
, 2017, 4:00 p.m., B02 Coordinated Science Laboratory

video

Abstract: Since the Secret Service began protecting the President full time in 1906, only 7 attackers have reached the President. From a cybersecurity defender’s perspective, the President is the ultimate high-value asset – incredibly important, but impossible to lock away in a sealed vault. But despite the similarity, the cybersecurity industry’s record is nowhere close to the Secret Service’s record. This talk will focus on what cybersecurity experts can learn from the Secret Service’s approach.

Bio: Nathaniel Gleicher is trained as a computer scientist and a lawyer, and works at the intersection of technology, policy, and law. He is currently the Head of Cybersecurity Strategy at Illumio, where he heads the company’s thought leadership and public engagement and oversees its cybersecurity technology strategy. Nathaniel is a regular speaker at leading industry events, and his writing has appeared in industry publications, the popular press, and academic journals.

Prior to Illumio, Nathaniel investigated and prosecuted domestic and international cybercrime at the U.S. Department of Justice, advised the South Korean Government on technology policy, and served as Director for Cybersecurity Policy on the National Security Council at the White House. He has also taught computer programming, designed and developed custom e-commerce and database solutions, and built and secured computer networks. Nathaniel received a B.S. in computer science from the University of Chicago, and a J.D. from Yale Law School.

Joint Trust and Security/Science of Security Speaker Series: Computer Security, Privacy, and User Expectations: Case Studies in Web Tracking and Application Permissions

  • Posted on September 16, 2016 at 3:04 pm by whitesel@illinois.edu.
  • Categorized Events.
  • Comments are off for this post.

franziFranziska Roesner, University of Washington
October 18
, 2016, 2:00 p.m., B02 Coordinated Science Laboratory

slides | video

Abstract: As our world becomes more computerized and interconnected, computer security and privacy will continue to increase in importance. My work focuses on investigating computer security and privacy challenges for end users of existing and emerging technologies, and designing and building new systems that better match user expectations. This talk will describe two case studies. First, I will discuss our work on studying the web tracking ecosystem, including a longitudinal study from 1996-2016 and the design of a new defense. I will then describe user-driven access control, a model for granting permissions to applications in modern operating systems that works by extracting permission information from natural user actions. Our recent work enables user-driven access control even for unmodified operating systems. Finally, I will briefly describe our ongoing work on security for emerging augmented reality platforms and security for journalist-source communications.

Bio: Franziska (Franzi) Roesner is an Assistant Professor in Computer Science and Engineering at the University of Washington, where she co-directs the Security and Privacy Research Lab. Her research focuses on understanding and improving computer security and privacy for end users of existing and emerging technologies, including the web, smartphones, and emerging augmented reality and IoT platforms. Her work on application permissions in modern operating systems received the Best Practical Paper Award at the IEEE Symposium on Security and Privacy, her early work on security and privacy for augmented reality was featured on the cover of the Communications of the ACM magazine, and her defense for tracking by social media widgets on the web was incorporated into the Electronic Frontier Foundation’s Privacy Badger tool. She received her PhD from the University of Washington in 2014 and her BS from the University of Texas at Austin in 2008.

Science of Security Special Seminar: Software Defined Everything: Moving to the DoD Information Core

  • Posted on September 13, 2016 at 1:41 pm by whitesel@illinois.edu.
  • Categorized Events.
  • Comments are off for this post.

David Stern, DISA
September 14
, 2016, 1:30 p.m., 3403 Siebel Center for Computer Science

Abstract: Advances and innovation in traditional networks have resulted in new approaches to the employment of the network, compute, storage, and security within the DoD. With the overwhelming operational requirement to provide and secure information capabilities for the warfighter within minutes, a new paradigm that collapses the organizational boundaries between network, compute, storage, and security is occurring. This session will discuss capabilities such as automated provisioning that are currently moving towards production and newer defensive cyber operations innovations such as on demand movement of live compute and storage applications, on demand composition changes to the footprint of DoD networks, on demand connections to commercial cloud and private endpoints, and methods that DISA is exploring to singularly command and control service orchestration, delivery, and visibility within a converged information core.

David Stern is Network Evolution Architect at DISA, which is the network service provider for the U.S. Department of Defense.

Science of Security Speaker Series: The Legacy of Export-grade Cryptography in the 21st Century

  • Posted on August 24, 2016 at 9:18 am by whitesel@illinois.edu.
  • Categorized Events.
  • Comments are off for this post.

heningerNadia Heninger, University of Pennsylvania
October 6
, 2016, 4:00 p.m., B02 Coordinated Science Laboratory

slides

Abstract: To comply with 1990s-era US export restrictions on cryptography, early versions of SSL/TLS supported reduced-strength ciphersuites that were restricted to 40-bit symmetric keys and 512-bit RSA and Diffie-Hellman public values.  Although the relevant export restrictions have not been in effect since 2000, modern implementations often maintain support for these cipher suites along with old protocol versions.

In this talk, I will discuss recent attacks against TLS (FREAK, Logjam, and DROWN) demonstrating how server-side support for these insecure ciphersuites harms the security of users with modern TLS clients.  These attacks exploit a combination of clever cryptanalysis, advances in computing power since the 1990s, previously undiscovered protocol flaws, and implementation vulnerabilities.

Bio: Nadia Heninger is an assistant professor in the Computer and Information Science department at the University of Pennsylvania. Her research focuses on security, applied cryptography, and algorithms. Previously, she was an NSF Mathematical Sciences Postdoctoral Fellow at UC San Diego and a visiting researcher at Microsoft Research New England. She received her Ph.D. in computer science in 2011 from Princeton and a B.S. in electrical engineering and computer science in 2004 from UC Berkeley.

Fall 2016 Joint Trust and Security/Science of Security Seminars

  • Posted on August 19, 2016 at 2:27 pm by whitesel@illinois.edu.
  • Categorized Events.
  • Comments are off for this post.

fantiSpy vs. Spy: Anonymous Messaging over Networks slides | video
Giulia Fanti, Postdoctoral Research Associate, Coordinated Science Lab, University of Illinois at Urbana-Champaign
August 30, 2016, 4:00 p.m., CSL Auditorium (B02)

Abstract: Anonymous microblogging platforms, such as Whisper, Yik Yak, and Secret have emerged as important tools for sharing one’s thoughts without fear of judgment by friends, the public, or authorities. These platforms provide anonymity by allowing users to share content (e.g., short messages) with their peers without revealing authorship information to other users. However, recent advances in rumor source detection show that existing messaging protocols, including those used in the mentioned anonymous microblogging applications, leak authorship information when the adversary has global access to metadata. For example, if an adversary can see which users of a messaging service received a particular message, or the timestamps at which a subset of users received a given message, the adversary can infer the message author’s identity with high probability. We introduce a novel anonymous messaging protocol, which we call adaptive diffusion, that is designed to resist such adversaries. We show that adaptive diffusion spreads messages quickly while achieving provably-optimal anonymity guarantees for specific classes of connectivity networks. Simulations on real social network data show that adaptive diffusion effectively hides the location of the source on real-world networks.

prabhuOreo: Transparent Optimization to Enable Flexible Policy Enforcement in Software Defined Networks  slides | video
Santhosh Prabhu, Research Assistant, Computer Science, University of Illinois at Urbana-Champaign
October 11, 2016, 4:00 p.m., CSL Auditorium (B02)

Abstract: Commercial networks today have diverse security policies, defined by factors such as the type of traffic they carry, nature of applications they support, access control objectives, organizational principles etc. Ideally, the wide diversity in SDN controller frameworks should prove helpful in correctly and efficiently enforcing these policies. However, this has not been the case so far. By requiring the administrators to implement both security as well as performance objectives in the SDN controller, these frameworks have made the task of security policy enforcement in SDNs a challenging one. We observe that by separating security policy enforcement from performance optimization, we can facilitate the use of SDN for flexible policy management. To this end, we propose Oreo, a transparent performance enhancement layer for SDNs. Oreo allows SDN controllers to focus entirely on a correct security policy enforcement, and transparently optimizes the dataplane thus defined, reducing path stretch, switch memory consumption etc. Optimizations are performed while guaranteeing that end-to-end reachability characteristics are preserved – meaning that the security policies defined by the controller are not violated. Oreo performs these optimizations by first constructing a network-wide model describing the behavior of all traffic, and then optimizing the paths observed in the model by solving a multi-objective optimization problem. Initial experiments suggest that the techniques used by Oreo is effective, fast, and can scale to commercial-sized networks.

Aphuong caoutomated Generation of Attack Signatures in Attack Graphs  slides | video
Phuong Cao, Research Assistant, Electrical and Computer Engineering, University of Illinois at Urbana-Champaign
November 1, 2016, 4:00 p.m., CSL Auditorium (B02)

Abstract: In this talk, we investigate applications of Factor Graphs to automatically generate attack signatures from security logs and domain expert knowledge. We demonstrate advantages of Factor Graphs over traditional probabilistic graphical models such as Bayesian Networks and Markov Random Fields in modeling security attacks. We illustrate Factor Graphs models using case studies of real attacks observed in the wild and at the National Center for Supercomputing Applications. Finally, we investigate how factor functions, a core component of Factor Graphs, can be constructed automatically to potentially improve detection accuracy and allow generalization of trained Factor Graph models in a variety of systems.

dengfeng-liTowards Privacy-Preserving Mobile Utility Apps: A Balancing Act  slides | video
Dengfeng Li, Research Assistant, Computer Science, University of Illinois at Urbana-Champaign
November 29, 2016, 4:00 p.m., CSL Auditorium (B02)

Abstract: Among various types of mobile apps, mobile utility apps are increasingly becoming data-driven, and these apps tend to collect a significant amount of app usage data to carry out their promised utilities and enhance user experiences. A part of such app usage data often contains security-sensitive information. Thus, an important and challenging issue arises: how to balance between the user’s privacy and the utility app’s utility functionality. We propose techniques to enable users to determine what original values to keep in sanitized data in order to deliver a desirable level of utility efficacy. To accomplish our goal, we (1) incorporate user assistance for app exploration and abnormal-behavior detection, (2) support user validation of malicious-app candidates via program-repair techniques, and (3) sanitize users’ app usage data to balance between privacy preservation and utility efficacy.

afawaz2Behavioral Analysis for Cyber Resilience  slides | video
Ahmed Fawaz, Research Assistant, Electrical and Computer Engineering, University of Illinois at Urbana-Champaign
December 6, 2016, 4:00 p.m., CSL Auditorium (B02)

Abstract: Systems and attacks are becoming more sophisticated; classical security methods are failing to protect and secure those systems. We believe that systems should be built to be resilient to attacks.  Cyber Resiliency is the protection strategy that will secure modern systems that control our critical infrastructure. Instead of perfectly protecting the system, a resilient system survives a cyber incident by detecting and containing attacks while maintaining service.

In this talk, we describe our proposed resiliency architecture that uses a model of the system to deploy monitors, estimate the state of the system using monitor data, and selects responses to maintain service during attacks. Then we design the essential components of the said resiliency architecture for a multitude of systems including operating systems and hosts and enterprise networks. The components we build are monitor design, monitor view generation, fusion, and response.  However, several practical and theoretical challenges hinder a cyber-resilient architecture. In particular, the architecture needs to deal with the plethora of monitoring with different semantics and time scales. Moreover, the system is dependent on the integrity of the monitoring data when estimating the state of the system. The integrity of the monitoring data is critical to making “correct” decisions that are not influenced by the attacker. Finally, the response mechanisms need to be proven effective in maintaining the resilience of the system. Proving such properties is particularly challenging because of the complexity of the systems. Our pieces address the challenges that face the cyber resiliency architecture.

First, we designed a host-level monitor, Kobra, that combines the various views of application behaviors into a signal, then learns the baseline of acceptable behaviors. We use the baseline for anomaly detection. Since our cyber resiliency architecture depends on the integrity of the monitoring data, we designed PowerAlert, an out-of-box integrity checker. PowerAlert uses CPU power measurements, measured using an external probe, to verify that the machine executed the check as expected. To prevent an attacker from evading PowerAlert, we use random initiation times and random integrity checking programs. Finally, we use Kobra’s host-level views to correlate events that happen in a network. First, we propose a fusion framework that enables us to fuse monitoring events for different sources. Then using the framework, we collect lateral movement chains across the network.  We form the chain using network causation events. Those causations are inferred using Kobra’s process communications view.

Trust and Security/Science of Security Seminar: Towards a Secure and Resilient Industrial Control System with Software-Defined Networking

  • Posted on February 23, 2016 at 10:25 am by amyclay@illinois.edu.
  • Categorized Events.
  • Comments are off for this post.

Kevin Jin webDong (Kevin) Jin, Illinois Institute of Technology
March 15, 2016, 4:00 p.m., Coordinated Science Lab Auditorium (B02)

slides | video

Abstract: Modern industrial control systems (ICSes) are increasingly adopting Internet technology to boost control efficiency, which unfortunately opens up a new frontier for cyber-security. People have typically applied existing Internet security techniques, such as firewalls, or anti-virus or anti-spyware software. However, those security solutions can only provide fine-grained protection at single devices. To address this, we design a novel software-defined networking (SDN) architecture that offers the global visibility of a control network infrastructure, and we investigate innovative SDN-based applications with the focus of ICS security, such as network verification and self-healing phasor measurement unit (PMU) networks. We are also conducting rigorous evaluation using the IIT campus microgrid as well as a high-fidelity testbed combining network emulation and power system simulation.

Bio: Dong (Kevin) Jin is an Assistant Professor in the Computer Science Department at the Illinois Institute of Technology. He obtained his Ph.D. in Electrical and Computer Engineering from the University of Illinois at Urbana-Champaign in 2013. His research interests include trustworthy cyber-physical critical infrastructures, simulation modeling and analysis, software-defined networking, and cyber-security. He received the best paper awards at the ACM SIGSIM Conference on Principles of Advanced and Distributed Simulation (PADS) in 2012 and 2015.

Science of Security Speaker Series: Secure Positioning: From GPS to IoT Applications

  • Posted on February 22, 2016 at 5:25 pm by amyclay@illinois.edu.
  • Categorized Events.
  • Comments are off for this post.

Capkun PictureSrdjan Capkun, ETH Zurich
March 30, 2016, 4:00 p.m. 2405 Siebel Center

video

Abstract: In this talk I will review security issues in today’s navigation and close-range positioning systems. I will discuss why GNS systems like GPS are hard to fully secure and will present novel solutions that can be used to improve the robustness of GNS systems to attacks. I will then show how a different design of a positioning system can enable secure positioning, but also that this requires solving a set of relevant physical- and logical- layer challenges. Finally I will present a design and implementation of a fully integrated IR UWB secure distance measurement (distance bounding) system that solves these challenges and enables secure distance measurement and secure positioning in IoT applications.

Bio: Srdjan Čapkun is a Full Professor in the Department of Computer Science, ETH Zurich and Director of the Zurich Information Security and Privacy Center (ZISC). He was born in Split, Croatia where he received his Dipl.Ing. Degree in Electrical Engineering / Computer Science from the University of Split in 1998. He received his Ph.D. degree in Communication Systems from EPFL in 2004. Prior to joining ETH Zurich in 2006 he was a postdoctoral researcher in the Networked & Embedded Systems Laboratory (NESL), University of California Los Angeles and an Assistant Professor in the Informatics and Mathematical Modelling Department, Technical University of Denmark (DTU). His research interests are in system and network security. He is a co-founder of 3db Access, a startup focusing on secure proximity-based access control.