1 / 24

Cyber Security CRA Overview Professor Patrick McDaniel

Cyber Security CRA Overview Professor Patrick McDaniel. Cyber Security (CSEC) Collaborative Research Alliance. Cyber Security CRA Objectives. A Collaborative Alliance between ARL, CERDEC, Academia, & Industry to advance the foundation of cyber science in the context of Army networks.

bryant
Download Presentation

Cyber Security CRA Overview Professor Patrick McDaniel

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber Security CRA OverviewProfessor Patrick McDaniel

  2. Cyber Security (CSEC) Collaborative Research Alliance Cyber Security CRA Objectives A Collaborative Alliance between ARL, CERDEC, Academia, & Industry to advance the foundation of cyber science in the context of Army networks • Develop a fundamental understanding of cyber phenomena (incl human aspects) • Fundamental laws, theories, & theoretically grounded & empirically validated models • Applicable to a broad array of Army domains, applications, & environments 2

  3. Cyber Security CRA Key Attributes • Alliance to advance cyber science: Collaboration between Government& Consortium integral to CRAsuccess • Emphasis on theoreticalunderpinnings with validatedmodels in Army context • Accelerating Transition to Practice • Subject matter experts at ARL enable accelerated transition into operational environments thru active involvement in research & operations • CERDEC enables the maturation of promising research & accelerated transition to industry & PMs/PEOs

  4. Cyber Security ScienceChallenges • Grand Science Challenges: • Joint study of inter-related areas of cyber-security • Understanding human dynamics: defense and attack • Strategic & tactical networks Domain Army-unique Challenges • Heterogeneous & convergent networks • Army must: • Use & defend networks that it neither owns nor directly controls • Construct mission networks with a variety of partners & allies • Adapt to rapidly changing technologies, tactics, & threats • Maintain situation awareness across complexnetworks • Large attack surface • Relatively disadvantaged assets • Large scale & high dynamics • Advanced persistent threats • Close proximity with threats • Disadvantaged users • Must work through contested and compromised environments

  5. Towards a Cyber Science • Scientific understanding should manifest itself in models that: • Are mathematically formulated, developed from first principles • Explicitly & formally specify assumptions, simplifications & constraints • Involve characteristics of threats, defensive mechanisms & the defended network (including quantifiable attributes of the human) • Are at least partly theoretically grounded & yield experimentally testable predictions • Are experimentally validated This effort is not focused on the creation of new cyber defenses!

  6. Cyber Security CRA Strategy • Technical Approach: • Trans-disciplinary; Emphasis on understanding human attackers-defenders-users; Experimentation to validate models • Impact:Create fundamental understanding of cyber science encompassing risk, agility, detection and the underlying human dynamics • Funding: • CORE: ~$3M/year for basic research • ENHANCED (unfunded): $500K/$1M per year for 6.1/6.2 research • Consortium cost-share $587K/year • PI Expertise: • Cyber-security, systems, theory, human factors, psychology, networking • Teaming: • Collaborative teams co-led by PIs from government, academic and industry partner organizations • Accelerate transition to practice via close partnering with SMEs at ARL and CERDEC

  7. CSEC CRA Leadership Prof. Patrick McDaniel CRA Program Manager (PM) Professor, Penn State University Chair, IEEE TC on Security and Privacy Co-Directory, Systems and Internet Infrastructure Security Laboratory Area Edit, Secure Systems, IEEE Security and Privacy Magazine Dr. Ananthram Swami CRA Collaborative Alliance Manger (CAM) Army Research Laboratory ST, Network Science IEEE and ARL Fellow Steering Board, IEEE-Transactions on Network Science and Engineering 7

  8. Area Leads • Risk • Jean Camp (Indiana) Hasan Cam (ARL) • Detection • Srikanth Krishnamurthy (UCR) Ananthram Swami (ARL) • Agility • Prasant Mohapatra (UCD) Lisa Marvel (ARL) • Human Dynamics • Lorrie Cranor (CMU)Norbou Buchler (ARL) 8

  9. CSEC CRA TEAM • University PIs • Penn State : Jaeger, La Porta, and McDaniel • CMU : Bauer, Christin, Cranor, and Gonzalez • Indiana : Bertenthal, Camp, and Henshel • UC Davis : Levitt, Mohapatra, and Su • UC Riverside : Krishnamurthy, Madhyastha, and Neamtiu • ARL Researchers • Buchler, Cam, Erbacher, Kott, Marvel, Rivera, Swami, Torrieri, Vaughn • CERDEC Researchers • Cansever, Hesse, Murawsky, Shahid 9

  10. CSEC CRA Vision • Motivated by key challenge: • Given a security and environmental state, what cyber-maneuvers best mitigate attacker actions and maximize mission success? • Goal: Develop a rigorous science of cyber-security that will: • Detect the threats and attacks present in the environment and assess risks • Understand / predict users, defenders and attackers actions • Alter the environment to securely achieve maximal mission success rates at the lowest resource cost while maximizing cost to adversary • Outcome: Dictate and control the evolution of cyber-missions in the presence of adversarial actions

  11. Cyber Security CRA Research Focus Research Areas • Develop an understanding of cyber phenomena: • Fundamental laws, theories, & theoretically grounded & empirically validated models • That can be applied to a broad range of Army domains, applications, & environments • Risk: Theories & models that relate fundamental properties of dynamic risk assessment to the properties of dynamic cyber threats, Army’s networks, & defensive mechanisms • Detection: Theories & models that relate properties & capabilities of cyber threat detection & recognition to properties of malicious activity • Agility:Theories & models to support planning & control of cyber maneuver in network characteristics & topologies Cross Cutting Research Issue • Human dimensions:Theoretical understanding of the socio-cognitive factors that impact the decision making of the user, defender, & adversary

  12. Cyber Security CRA Research Interrelationships • Risk, Detection, & Agility are intricately linked & co-evolving • Human dimensions are key to understanding decision making of the user, defender, adversary as they relate to Risk, Detection, & Agility Risk • Agile cyber maneuver can reduce risk • Agility makes risk assessment more difficult & uncertain • Identification of risks may trigger maneuvers • Analysts evaluate risk to make cyber security decisions • Risk is diminished with stronger detection • Improved detection increases confidence in risk assessment • Higher tolerance for risk can lower detection requirements Agility Human Dynamics Cross-Cutting Research Issue Detection Trans-disciplinary approach to cyber security research • Agility can hinder accurate timely detection • Agility degrades analyst ability to identify/correlate events • Inaccurate threat detection can cause maneuver flapping 12

  13. Research Areas and Cyber-Science • Agility • Develop theories and models of system agility that reason about: • the universe of security-compliant maneuvers and end-states • the impacts of maneuvers on humans and outcomes • Human Dynamics (CCRI) • Develop theories and models of users behavior in cyber-environments that: • classify user intent and capability • predict how a user will react to stimuli • induce mitigating adversarial behavior • Risk • Develop theories and models of risk assessment in cyber-environments that combine: • system and network risk • human oriented risk • Detection • Develop theories and models of detection that provide: • what is the most likely threat • what impact will it have • the confidence in the process • Experimentation: validation of science • Validate theories and algorithms via user and system experiments • Team internal and BAA partner driven • Using large-scale test-beds, e.g., DoD GENI, NCR, DETER, etc. • Operations Model provides a framework for Risk, Agility, and Detection 13

  14. CRA Area and Task Structure 14

  15. Operations Model • Develop formal structures for reasoning about cyber-maneuvers and security goals & strategies • Mathematical representations must be decomposable and composable in ways that make analysis tractable & answer questions such as • What is the state of the network/system? • Who are users, defenders, and adversary? • What is the state of the user/defender/adversary? • Are the systems available and secure? • Are attacks in progress? • What are the relative risks in the environment? • Should we alter the environment and how? • What outcomes are “globally” optimal? • What are the available cyber-maneuvers? • Which maneuvers maximize outcomes while minimizing cost?

  16. Operations Model • The operation model provides acommon framework for Risk and Agility • Continuous optimization of the environment based on models of attackers, defenders, the environment • Operation survivability is achieved by altering the security configuration and network capabilities in response to detected adversarial operations and situational needs of users and resources and tools available to defenders. • Cost and risk metrics are used to select optimal strategies and configurations that maximize success probabilities while mitigating adversarial actions. • Models of user, defender, and adversarial behaviors, actions and needs are used to derive the operation state, as well as to identify those configurations that increase the probability of operation success.

  17. Example Operation Model: Lost Assets • Scenario: Insurgents capture Sergeant Hill's AN/PSN-13 DAGR (Defense Advanced GPS Receiver), his AN/PRC-148 MBITR, and PFC Stark’s AN/PRC-148 MBITR. • Outcomes: Prevent devices or data therein frombeing used by insurgents to penetrate or disrupt command and control. • Detection: Human-scale reporting, “last gasp” measures, network monitoring. • Risks: Exfiltration of sensitive intelligence and credentials from devices. Disruption of communications among other cooperating devices • Agility: Remote zeroing of devices, revocation of credentials. Where device state is unknown, quarantine until better detection state known. Rekeying of multiparty session keys, changing frequency hopping. Effort: Team of 12 undergrads working with Alliance PIs on implementation and visualization

  18. 5 and 10 Year Goals • By year 5 • Develop a theory of cyber-security built on operation models. The science and models should produce the capability to: • (a) accurately assess current and predict future system states and (b) posit reconfiguration activities that increase success rates of operations, and (c) decrease success rates of adversarial missions. • By year 10 • Validate foundational principles of a science of cyber-security. The science and models should produce the capability to: • (a) perform the continuous optimization of the missionnetwork environment, and (b) dictate and control the evolution of missions, adversarial actions and threats.

  19. CRA Collaboration Plan • Cross-team and cross thrust collaboration will be supported by multi-homed PIs from Universities, ARL, and CERDEC: • Yearly week-long boot camps • CRA Infrastructure provides a mechanism for collaborative research and experimentation, and archival cra.psu.edu • Joint development, planning and execution of research by consortium and government scientists • Will work closely with BAA partner for experimental validation of research, and for transition to ARL and CERDEC and OGA

  20. Summer Undergraduate Research Program • 2014 : 12 topJunior and Senior students recruited from the Computer Science and Engineering Program • Hired as CRA researchers • Working on operations model development, tools • Summer program will support rotation of the students to ARL/CERDEC facilities • May – Aug 2014 • Develop CRA relevant research • ARL/CERDEC Mentorship • Long term: support transition of CRA students to graduate programs

  21. FY14 Events / Visits / Staff Exchanges • Key Events: • 20 Sept 2013 Award • 9-11 Dec 2013 PI Meeting , ARL, ALC • 10 Feb 2014 Visit to ARL/HRED, CERDEC • 01 Apr 2014 Today’s formal launch • 18 Apr 2014 Student team to visit ARL • 11-14 Aug 2014 CRA collaboration Bootcamp • Short visits: already 9 visits between ARL, CERDEC, and PI organizations, many more planned • Planned Staff Rotations: 1 week long rotation already from ARL to Penn State, 8 PI and 3 post doc commitments for Spring/Summer 1-2 week rotations between organizations, 12 undergraduates for summer rotation to ARL 21

  22. Conclusions “Science is the systematic classification of experience.” - Philosopher George Henry Lewes (1817-1887) • The CSEC CRA Team has been working for six months to plan and begin executing an approach to address one of the grand challenges of a generation • This effort will found the science that enables the Army to protect is critical assets and users in future cyber- and physical battlefields … • … and will serve as a model for joint collaboration on scientific problems.

  23. THANKS! Develop the theoretical underpinnings for a Science of Cyber Security

  24. Way AheadMcDaniel (PM) & Swami (CAM)

More Related