How To Improve Experimental Cybersecurity Research



Similar documents
Cybersecurity Experimentation of the Future (CEF): Catalyzing a New Generation of Experimental Cybersecurity Research FINAL REPORT

UC AND THE NATIONAL RESEARCH COUNCIL RATINGS OF GRADUATE PROGRAMS

DISCUSSION ITEM ANNUAL REPORT ON NEWLY APPROVED INDIRECT COSTS AND DISCUSSION OF THE RECOVERY OF INDIRECT COSTS FROM RESEARCH BACKGROUND

Graduate School Rankings By U.S. News & World Report: ENGINEERING SCHOOLS

Freshmen Acceptance Rate AAU Public Universities

University Your selection: 169 universities

How To Rank A Graduate School

US News & World Report Graduate Program Comparison Year ranking was published

Summary of Doctoral Degree Programs in Philosophy

Panel on Emerging Cyber Security Technologies. Robert F. Brammer, Ph.D., VP and CTO. Northrop Grumman Information Systems.

Graduate School Rankings By U.S. News & World Report: MECHANICAL ENGINEERING

Graduate School Rankings By U.S. News & World Report: ELECTRICAL/ELECTRONIC ENGINEERING

Graduate School Rankings By U.S. News & World Report: PSYCHOLOGY (RESEARCH) - Ph.D.

Summary of Doctoral Degree Programs in Philosophy

Realization of Your Dream: Higher Study, Partnership, Collaboration Opportunities

U.S. News & World Report 2015 Best Colleges Rankings Summary Report

Graduate School Rankings By U.S. News & World Report: ACCOUNTING PROGRAMS

By Brian L. Yoder, Ph.D.

Psychology NRC Study S Rankings (1 of 6)

Psychology NRC Study R Rankings (1 of 6)

in the Rankings U.S. News & World Report

Graduate School Rankings By U.S. News & World Report: MARKETING PROGRAMS

Dr. Raju Namburu Computational Sciences Campaign U.S. Army Research Laboratory. The Nation s Premier Laboratory for Land Forces UNCLASSIFIED

SCADA System Overview

Graduate School Rankings By U.S. News & World Report: CIVIL ENGINEERING

in the Rankings U.S. News & World Report

Tuition and Fees. & Room and Board. Costs

U.S. News & World Report 2014 Best Colleges Rankings Summary Report

U.S. News & World Report

in the Rankings U.S. News & World Report

BENCHMARKING UNIVERSITY ADVANCEMENT PERFORMANCE

By Brian L. Yoder, Ph.D.

2009 GRADUATE FACULTY IN PSYCHOLOGY INTERESTED IN LESBIAN, GAY, BISEXUAL, & TRANSGENDER ISSUES SURVEY

SCHOOL SCHOOL S WEB ADDRESS. HOURS Tempe Arizona Ph.D January 15 $60 Not given 550/213

Universities classified as "very high research activity"

National Bureau for Academic Accreditation And Education Quality Assurance LINGUISTICS # UNIVERSITY CITY STATE DEGREE MAJOR SPECIALTY RESTRICTION

CYBERINFRASTRUCTURE FRAMEWORK FOR 21 st CENTURY SCIENCE AND ENGINEERING (CIF21)

CYBERINFRASTRUCTURE FRAMEWORK FOR 21 ST CENTURY SCIENCE, ENGINEERING, AND EDUCATION (CIF21)

Q2 Which university will you be attending? American University (366) Arizona State University (367) Boston University (368) Brown University (439)

UCLA in the Rankings. U.S. News & World Report

Undergraduate School Rankings By U.S. News & World Report:

The DETER Project. Advancing the Science of Cyber Security Experimentation and Test

By Brian L. Yoder, Ph.D.

Graduate School Rankings By U.S. News & World Report: COMPUTER ENGINEERING

US News & World Report Best Undergraduate Engineering Programs: Specialty Rankings 2014 Rankings Published in September 2013

A Guide to Graduate Study in Economics: Ranking Economics Departments by Fields of Expertise

Demographic Trends of Engineering Students

Big Data R&D Initiative

SDN Security Challenges. Anita Nikolich National Science Foundation Program Director, Advanced Cyberinfrastructure July 2015

Frequently Asked Questions

BenefitsMonitor National Higher Education Participants. Mercer Health & Benefits 20

GrantsNet (for training in the biomedical sciences and undergraduate science education)

TUSKEGEE CYBER SECURITY PATH FORWARD

Tufts University Senior Survey 2010 Graduate Schools by Major Report

Graduate School Rankings By U.S. News & World Report: ENVIRONMENTAL ENGINEERING

Graduate Programs Applicant Report 2011

EL Program: Smart Manufacturing Systems Design and Analysis

NSF Cyber Security Conference. FBI Counterintelligence Domain Program Briefing

TOURNAMENT RESULTS 1 N A T I O N A L I N T R A M U R A L - R E C R E A T I O N A L S P O R T S A S S O C I A T I O N

Cyber Security Research and Education Institute (CSI) The University of Texas at Dallas

NASPAA s Research Universities Report 3/4/16

Northrop Grumman Cybersecurity Research Consortium

Fast Facts About The Cyber Security Job Market

AACSB Accredited Business Schools with Management Consulting Courses in MBA Programs (April 2004)

present: Assistant Professor, Foster Faculty Fellow Michael G. Foster School of Business, University of Washington

Smart Manufacturing as a Real-Time Networked Enterprise and a Market-Driven Innovation Platform

US News & World Report Undergraduate Rankings. Updated 09/08/2014

IEEE-Northwest Energy Systems Symposium (NWESS)

Minnetonka High School s International Baccalaureate Diploma Programme Candidates are some of the top-tier colleges recruits in the world.

NSF Workshop: High Priority Research Areas on Integrated Sensor, Control and Platform Modeling for Smart Manufacturing

Test Requirements at Top Colleges

A Ranking of Political Science Programs Based on Publications in Top Academic Journals and Book Presses

DHS S&T Cyber Security R&D Program

Public Health and Law Schools Reported by Survey Respondents

Creighton University Denison University DePaul University Drexel University Duke University Eckerd University Edinboro University of Pennsylvania

College Acceptances The University of Akron The University of Alabama Albion College Allegheny College American University Anderson University-IN

8/12/15 Summary of Results of Survey of US Academic Departments that Include Planetary Science

network PRoteCtion and information L G S H a S P e R F o R M e D assurance networks R e D t e a M S e C U R i t Y

NAVFAC EXWC Platform Information Technology (PIT) Cyber Security Initiatives

In Search of Peer Institutions for UC Merced

Facility Usage Scenarios

NUMBERS. Engineering degrees increased at all levels THE YEAR IN BY MICHAEL T. GIBBONS

Transcription:

Terry Benzel USC Information Sciences Institute May 18, 2015 The Science of Cyber Security Experimentation

The DETER Project A research program: To advance capabilities for experimental cybersecurity research A testbed facility: To serve as a publicly available national resource A community building activity: To foster and support collaborative science 2

The DETER Facility A general purpose, flexible platform for modeling, emulation, and controlled study of large, complex networked systems Elements located at USC/ISI (Los Angeles), UC Berkeley, and USC/ISI (Arlington, VA) Funded by NSF and DHS, started in 2003 Based on Emulab software, with focus on security experimentation Shared resource multiple simultaneous experiments subject to resource constraints Open to academic, industrial, govt researchers essentially worldwide very lightweight approval process 3

Physical Platform ~440 PC-based nodes Los Angeles, CA - 220 Nodes Arlington, VA 20 Nodes Interconnect Berkeley, CA - ~200 Nodes 1 Gb/s LA-UCB 1-10 Gb/s LA-Arlington Local and Remote access 4

Research Goals Advance our understanding of of experimental cybersecurity science and methodologies Enable new levels of rigor and repeatability Transform low level results to high level understanding Broaden the domains of applicability Advance the technology of experimental infrastructure Develop technologies with new levels of function, applicability, and scale Share knowledge, results, and operational capability Facility, data and tools Community and knowledge 5

Scalable Modeling and Emulation The problem: Traditional testbeds can model and emulate small systems at a fixed level of fidelity. The challenge: Many real problems require modeling of large, complex systems at an appropriate ( good enough ) level of fidelity. That level may be different for different parts of the modeled system. Think of this as smearing the computation power around to just where it s needed. 6

Containers DETER containers use virtualization to support larger experiments Containers use several different types of virtualization Selecting different virtualization types allows a trade-off: One container per physical machine high fidelity. More containers per physical machines less fidelity. 7

8 Scalable Control and Instrumentation Experiment scenarios require many disparate elements to be combined within a single overall scenario. These elements must be: deployed, initialized, configured, monitored and coordinated instrumented with real-time and post-mortem data collection throughout the execution of the experiment. DETER s MAGI agent infrastructure provides an architecture for scalable control and instrumentation

Multi-agent system to Model Some Human Behavior Testbeds must model impact of human activity in repeatable experiments Provide more realistic behavior for testing security tools But real humans are expensive and non-repeatable Model goal-directed team activity Measure impact of an attack on team goals Model impact of organization structure Model certain human characteristics Propensity to make mistakes Aspects of physiology, (soon: emotion, bounded rationality) Flexibility to changing conditions Configurable tool for experimenters 9

DETER User Institutions Academia Bar-Ilan University Carnegie Mellon University Columbia University Cornell University Dalhousie University DePaul University George Mason University Georgia State University Hokuriku Research Center ICSI IIT Delhi IRTT ISI Johns Hopkins University Lehigh University MIT New Jersey Institute of Technology Norfolk State University Pennsylvania State University Purdue University Rutgers University Sao Paulo State University Southern Illinois University TU Berlin TU Darmstadt Industry Texas A&M University UC Berkeley Government Air Force Research Laboratory DARPA Lawrence Berkeley National Lab Naval Postgraduate School Sandia National Laboratories Industry Agnik, LLC Aerospace Corporation Backbone Security BAE Systems, Inc. BBN Bell Labs Cs3 Inc. Distributed Infinity Inc. EADS Innovation Works FreeBSD Foundation icast Institute for Information UC Davis UC Irvine UC Santa Cruz UCLA UCSD UIUC UNC Chapel Hill UNC Charlotte Universidad Michoacana de San Nicolas Universita di Pisa University of Advancing Technology University of Illinois, Urbana-Champaign University of Maryland University of Massachusetts University of Oregon University of Southern Callfornia University of Washington University of Wisconsin - Madison USC UT Arlington UT Austin UT Dallas Washington State University Washington University in St. Louis Western Michigan University Xiangnan University Youngstown State University 10

DETER User Research 11

Education Hands on exercises Students gain from direct observation of attacks and interaction Pre packaged for both student and teacher Buffer overflows, command-injection, man-in-the-middle, worm modeling, botnets, and DoS Facility support for class administration 12

Next Steps - Ecosystem SRI and ISI developing strategic plan: Planning grant from NSF Study current/ future cybersecurity research Current/expected experimentation infrastructure Create roadmap for developing: Accessible, broad, and multi-organizational cybersecurity experimentation capability that meets tomorrow s research needs 13

The Road to Tomorrow: Cybersecurity Experimentation of the Future 14

Motivation: Why are We Doing This? Society s cyber dependencies are rapidly evolving In nearly every aspect of our lives, we are moving toward pervasive embedded computing with a fundamental shift in network properties These changes bring a very real and wideranging set of challenging cyber threats Addressing these challenges will require cybersecurity research based on sound scientific principles The scale and complexity of the challenges will require that researchers apply new experimentation methods that enable discovery, validation, and ongoing analysis 15

Research Infrastructure for Cybersecurity Research Cybersecurity R&D is still a relatively young field It involves intrinsically hard challenges Inherent focus on worst case behaviors and rare events In the context of multi-party and adversarial/competitive scenarios Research infrastructure is crucial Allow new hypotheses to be tested, stressed, observed, reformulated, and ultimately proven before making their way into operational systems Ever increasing cyber threat landscape demands new forms of R&D and new revolutionary approaches to experimentation and test Clearly a need for future research infrastructure that can play a transformative role for future cybersecurity research 16

The Need for Transformational Progress Transformational progress in three distinct, yet synergistic areas is required to achieve the desired objectives: 1) 2) 3) Fundamental and broad intellectual advance in the field of experimental methodologies and techniques With particular focus on complex systems and human-technical interactions New approaches to rapid and effective sharing of data and knowledge and information synthesis That accelerate multi-discipline and cross-organizational knowledge generation and community building Advanced experimental infrastructure capabilities and accessibility A Science of Cybersecurity Experimentation 17

Science of Cybersecurity Experimentation New direction for the field of experimental cybersecurity R&D R&D must be grounded in scientific methods and tools to fully realize the impact of experimentation Different than and complementary with the science of cybersecurity Source: https://www.nsa.gov/research/tnw/tnw192/article4.shtml New approaches to sharing all aspects of the experimental science data, designs, experiments, and research infrastructure Cultural and social shifts in the way researchers approach experimentation and experimental facilities New, advanced experimentation platforms that can evolve and are sustainable as the science and the community mature 18

Roadmap for a New Generation of Experimental Cybersecurity Research The roadmap presents requirements, objectives and goals for 30 key capabilities organized into 8 core areas over 3, 5, and 10 year phases Some phases build upon each other and others require new fundamental research over a long time period 8 core areas Key capabilities consider: 30 key capabilities Current experimental cybersecurity research and its supporting infrastructure Other types of research facilities Existing cyber-domain T&E capabilities (primarily DoD) The roadmap presumes advances in key computer science 19 disciplines

A Definition of Cybersecurity Experimentation Infrastructure General purpose ranges and testbeds (physical and/or virtual) Specialized ranges and testbeds (physical and/or virtual) Software tools that supports one or more parts of the experiment life cycle, including, but not limited to: Experiment design Testbed provisioning software Experiment control software Testbed validation Human and system activity emulators Instrumentation systems and humans Data analysis Testbed health and situational awareness Experiment situational awareness Other similarly relevant tools Specialized hardware tools simulators, physical apparatus, etc. 20

Ecosystem of Different Experimental Capabilities Spanning Multiple Domains The goal is not to create a single instance of a cyber experimentation testbed or facility Over time the roadmap may be realized through an ecosystem of many different instantiations from small, stand-alone and localized to large distributed experimental capabilities, all spanning multiple domains SMALL STANDALONE LOCALIZED LARGE DISTRIBUTED 21

Hybrid Architectures Based on Different Building Blocks Cloud technology Software defined networking (SDN) Knowledge sharing and community environments Integrated Development Environments E.g., Eclipse Emulated and simulated environments E.g., RTDS, wireless Specialized hardware E.g., FPGA, GPU, Intel Xeon Phi No single hardware/software substrate 22

Research Infrastructure is More than Infrastructure Research infrastructure >> infrastructure of machines and tools Scientific methodologies, experimental processes, and education are critical to effective use of the machines and tools Research infrastructure requires meta-research into: Design specification (multi-layered languages and visualization) Abstraction methodologies and techniques Semantic analysis and understanding of experimenter intent Formal methods and a rich approach to modeling to satisfy science objectives 23

Where is Experimentation Applicable? Overarching goal is to increase researcher effectiveness and support the generation and preservation of solid empirical evidence Infrastructure to enable research, not constrain New mechanisms to capture and share knowledge (designs, data and results) to enable peer review and allow researchers to build upon each other Experimentation is about learning To perform an evaluation (not formal T&E) To explore a hypothesis To characterize complex behavior To complement a theory To understand a threat To probe and understand a technology 24

Representative Cybersecurity Hard Problems Systems/software Human interactions System of system security metrics Emergent behavior in large scale systems Supply chain and root of trust Societal impacts and regulatory policies Networking Anonymity and privacy of data and communication Trust infrastructure Software defined networking (SDN) Political, social, and economic (balance-of-interest) goals in network design Pervasive communications, across organizational and political boundaries Cyber-physical systems Embedded devices Autonomous vehicles, smart transportation Electric power, smart grid Medical implants, body sensors, etc. 25

Experimentation It s About the Real World Experimentation should start with models of the real world Modeling and abstraction allow us to capture conceptual models of the real world with varying degrees of fidelity Key research areas include: Experiment design specifications Auto-generated model refinement Methodologies and tools to assess representation Understanding the multiple dimensions of realism Taxonomies of realism metrics for realism sufficiency Additional methods and tools can help extend these modeling activities to provide increasing forms of real world models 26

Leveraging Existing Infrastructure Leverage current NSF, DHS, and DOD investments as starting points GENI Community model Integration of real infrastructure (overlay network, part of real deployments) DETER Research and operational knowledge Experimental framework Specialized experimentation and cybersecurity tools E.g., MAGI, Containers MIT Lincoln Laboratory Standard experiment specification languages E.g., CRIS, CCER Specialized experimentation tools E.g., ALIVE, LARIAT, LLAF, KOALA Other government sponsored infrastructure DOD, DOE, DOT, etc. 27

Join Us students, post docs, research programmers, computer scientists, faculty Click to edit Master text styles Second level Third level Fourth level Fifth level