Dr. Robert Herklotz presents an overview of his program, Information Operations & Security, at the AFOSR 2013 Spring Review. At this review, Program Officers from AFOSR Technical Divisions will present briefings that highlight basic research programs beneficial to the Air Force.
"Engaging with DARPA"
Dr. Tyler McQuade,
Program Manager
Defense Sciences Office
DARPA
February 13, 2015
***
Dr. Tyler McQuade Bio
Dr. D. Tyler McQuade joined DARPA as a program manager in the Defense Sciences Office in 2013.
Prior to joining DARPA, Dr. McQuade was a visiting group leader at the Max Planck Institute of Colloids and Interfaces, on leave from his faculty position at The Florida State University.
Dr. McQuade was an NIH Post-doctoral Fellow at the Massachusetts Institute of Technology. He received a Doctor of Philosophy in Organic Chemistry from the University of Wisconsin, and Bachelor of Science degrees in Chemistry and Biology from the University of California – Irvine.
Dr. Robert Herklotz presents an overview of his program, Information Operations & Security, at the AFOSR 2013 Spring Review. At this review, Program Officers from AFOSR Technical Divisions will present briefings that highlight basic research programs beneficial to the Air Force.
"Engaging with DARPA"
Dr. Tyler McQuade,
Program Manager
Defense Sciences Office
DARPA
February 13, 2015
***
Dr. Tyler McQuade Bio
Dr. D. Tyler McQuade joined DARPA as a program manager in the Defense Sciences Office in 2013.
Prior to joining DARPA, Dr. McQuade was a visiting group leader at the Max Planck Institute of Colloids and Interfaces, on leave from his faculty position at The Florida State University.
Dr. McQuade was an NIH Post-doctoral Fellow at the Massachusetts Institute of Technology. He received a Doctor of Philosophy in Organic Chemistry from the University of Wisconsin, and Bachelor of Science degrees in Chemistry and Biology from the University of California – Irvine.
Dr. Robert J. Bonneau presents an overview of his program, Complex Networks / Foundations of Information Systems, at the AFOSR 2013 Spring Review. At this review, Program Officers from AFOSR Technical Divisions will present briefings that highlight basic research programs beneficial to the Air Force.
The DETER Project: Towards Structural Advances in Experimental Cybersecurity ...DETER-Project
Abstract: It is widely argued that today's largely reactive, "respond and patch" approach to securing cyber systems must yield to a new, more rigorous, more proactive methodology. Achieving this transformation is a difficult challenge. Building on insights into requirements for cyber science and on experience gained through 8 years of operation, the DETER project is addressing one facet of this problem: the development of transformative advances in methodology and facilities for experimental cybersecurity research and system evaluation. These advances in experiment design and research methodology are yielding progressive improvements not only in experiment scale, complexity, diversity, and repeatability, but also in the ability of researchers to leverage prior experimental efforts of others within the community. We describe in this paper the trajectory of the DETER project towards a new experimental science and a transformed facility for cyber-security research development and evaluation.
For more information, visit: http://www.deter-project.org
DevOps is being widely adopted in software industry as a means of rapid and frequent delivery. However, the desire of rapid delivery and ensuring software security present challenges for DevOps teams as traditional mechanisms of ensuring software security are slow. It is important to identify and address the challenges of integrating security in DevOps, also called DevSecOps.
A description of software as infrastructure at NSF, and how Apache projects may be similar. What lessons can be shared from one organization to the other? How does science software compare with more general software?
The Science of Cyber Security Experimentation: The DETER ProjectDETER-Project
Terry Benzel provided the keynote address at the 11th Annual Computer Security Applications Conference (ACSAC). This document is the invited paper that she addressed in her keynote.
Abstract: Since 2004, the DETER Cyber-security Project has worked to create an evolving infrastructure – facilities, tools, and processes – to provide a national resource for experimentation in cyber security. Building on our insights into requirements for cyber science and on lessons learned through 8 years of operation, we have made several transformative advances towards creating the next generation of DeterLab. These advances in experiment design and research methodology are yielding progressive improvements not only in experiment scale, complexity, diversity, and repeatability, but also in the ability of researchers to leverage prior experimental efforts of other researchers in the DeterLab user community. This paper describes the advances resulting in a new experimentation science and a transformed facility for cyber-security research development and evaluation.
Further described: http://www.deter-project.org/blog/deter_-_keynote_address_acsac_key_new_web_site
For additional information, visit:
- http://www.deter-project.org
- http://info.deterlab.net
The DETER Project: Advancing the Science of Cyber Security Experimentation an...DETER-Project
Abstract: Since 2004, the DETER Cybersecurity Testbed Project has worked to create the necessary infrastructure – facilities, tools, and processes – to provide a national resource for experimentation in cyber security. The next generation of DETER envisions several conceptual advances in testbed design and experimental research methodology, targeting improved experimental validity, enhanced usability, and increased size, complexity, and diversity of experiments. This paper outlines the DETER project's status and R&D directions.
For more information, visit: http://www.deter-project.org
Ο κ. Νικήτας Νικητάκος, Καθηγητής Πανεπιστημίου Αιγαίου,
στην Ομιλία «Επαναστατικές Τεχνολογίες στις Ε.Δ. και Νέες Μορφές Στρατιωτικής Ηγεσίας»
στις 8/11/2018, στο ΕΛΙΣΜΕ.
https://www.facebook.com/events/2098992030122707/
Dr. John D. Schmisseur presents an overview of his program, Aerothermodynamics & Turbulence, at the AFOSR 2013 Spring Review. At this review, Program Officers from AFOSR Technical Divisions will present briefings that highlight basic research programs beneficial to the Air Force.
Dr. Chiping Li presents an overview of his program, Energy Conversion and Combustion Sciences, at the AFOSR 2013 Spring Review. At this review, Program Officers from AFOSR Technical Divisions will present briefings that highlight basic research programs beneficial to the Air Force.
More Related Content
Similar to Herklotz - Information Operations & Security - Spring Review 2012
Dr. Robert J. Bonneau presents an overview of his program, Complex Networks / Foundations of Information Systems, at the AFOSR 2013 Spring Review. At this review, Program Officers from AFOSR Technical Divisions will present briefings that highlight basic research programs beneficial to the Air Force.
The DETER Project: Towards Structural Advances in Experimental Cybersecurity ...DETER-Project
Abstract: It is widely argued that today's largely reactive, "respond and patch" approach to securing cyber systems must yield to a new, more rigorous, more proactive methodology. Achieving this transformation is a difficult challenge. Building on insights into requirements for cyber science and on experience gained through 8 years of operation, the DETER project is addressing one facet of this problem: the development of transformative advances in methodology and facilities for experimental cybersecurity research and system evaluation. These advances in experiment design and research methodology are yielding progressive improvements not only in experiment scale, complexity, diversity, and repeatability, but also in the ability of researchers to leverage prior experimental efforts of others within the community. We describe in this paper the trajectory of the DETER project towards a new experimental science and a transformed facility for cyber-security research development and evaluation.
For more information, visit: http://www.deter-project.org
DevOps is being widely adopted in software industry as a means of rapid and frequent delivery. However, the desire of rapid delivery and ensuring software security present challenges for DevOps teams as traditional mechanisms of ensuring software security are slow. It is important to identify and address the challenges of integrating security in DevOps, also called DevSecOps.
A description of software as infrastructure at NSF, and how Apache projects may be similar. What lessons can be shared from one organization to the other? How does science software compare with more general software?
The Science of Cyber Security Experimentation: The DETER ProjectDETER-Project
Terry Benzel provided the keynote address at the 11th Annual Computer Security Applications Conference (ACSAC). This document is the invited paper that she addressed in her keynote.
Abstract: Since 2004, the DETER Cyber-security Project has worked to create an evolving infrastructure – facilities, tools, and processes – to provide a national resource for experimentation in cyber security. Building on our insights into requirements for cyber science and on lessons learned through 8 years of operation, we have made several transformative advances towards creating the next generation of DeterLab. These advances in experiment design and research methodology are yielding progressive improvements not only in experiment scale, complexity, diversity, and repeatability, but also in the ability of researchers to leverage prior experimental efforts of other researchers in the DeterLab user community. This paper describes the advances resulting in a new experimentation science and a transformed facility for cyber-security research development and evaluation.
Further described: http://www.deter-project.org/blog/deter_-_keynote_address_acsac_key_new_web_site
For additional information, visit:
- http://www.deter-project.org
- http://info.deterlab.net
The DETER Project: Advancing the Science of Cyber Security Experimentation an...DETER-Project
Abstract: Since 2004, the DETER Cybersecurity Testbed Project has worked to create the necessary infrastructure – facilities, tools, and processes – to provide a national resource for experimentation in cyber security. The next generation of DETER envisions several conceptual advances in testbed design and experimental research methodology, targeting improved experimental validity, enhanced usability, and increased size, complexity, and diversity of experiments. This paper outlines the DETER project's status and R&D directions.
For more information, visit: http://www.deter-project.org
Ο κ. Νικήτας Νικητάκος, Καθηγητής Πανεπιστημίου Αιγαίου,
στην Ομιλία «Επαναστατικές Τεχνολογίες στις Ε.Δ. και Νέες Μορφές Στρατιωτικής Ηγεσίας»
στις 8/11/2018, στο ΕΛΙΣΜΕ.
https://www.facebook.com/events/2098992030122707/
Similar to Herklotz - Information Operations & Security - Spring Review 2012 (20)
Dr. John D. Schmisseur presents an overview of his program, Aerothermodynamics & Turbulence, at the AFOSR 2013 Spring Review. At this review, Program Officers from AFOSR Technical Divisions will present briefings that highlight basic research programs beneficial to the Air Force.
Dr. Chiping Li presents an overview of his program, Energy Conversion and Combustion Sciences, at the AFOSR 2013 Spring Review. At this review, Program Officers from AFOSR Technical Divisions will present briefings that highlight basic research programs beneficial to the Air Force.
Dr. Mitat A. Birkan presents an overview of his program, Space Propulsion and Power, at the AFOSR 2013 Spring Review. At this review, Program Officers from AFOSR Technical Divisions will present briefings that highlight basic research programs beneficial to the Air Force.
Dr. Michael Berman presents an overview of his program, Molecular Dynamics & Theoretical Chemistry, at the AFOSR 2013 Spring Review. At this review, Program Officers from AFOSR Technical Divisions will present briefings that highlight basic research programs beneficial to the Air Force.
Dr. Patrick Bradshaw presents an overview of his program, Sensory Information Systems, at the AFOSR 2013 Spring Review. At this review, Program Officers from AFOSR Technical Divisions will present briefings that highlight basic research programs beneficial to the Air Force.
Dr. Patrick Bradshaw presents an overview of his program, Human Performance and Biosystems, at the AFOSR 2013 Spring Review. At this review, Program Officers from AFOSR Technical Divisions will present briefings that highlight basic research programs beneficial to the Air Force.
Dr. John D. Schmisseur presents an overview of his program, Energy, Power and Propulsion Sciences, at the AFOSR 2013 Spring Review. At this review, Program Officers from AFOSR Technical Divisions will present briefings that highlight basic research programs beneficial to the Air Force.
Dr. Hugh C. DeLong presents an overview of his program, Natural Materials and Systems, at the AFOSR 2013 Spring Review. At this review, Program Officers from AFOSR Technical Divisions will present briefings that highlight basic research programs beneficial to the Air Force.
Dr. Joycelyn S. Harrison presents an overview of her program, Low Density Materials, at the AFOSR 2013 Spring Review. At this review, Program Officers from AFOSR Technical Divisions will present briefings that highlight basic research programs beneficial to the Air Force.
Dr. Charles Lee presents an overview of his program, Organic Materials Chemistry, at the AFOSR 2013 Spring Review. At this review, Program Officers from AFOSR Technical Divisions will present briefings that highlight basic research programs beneficial to the Air Force.
Dr. Ali Sayir presents an overview of his program, Aerospace Materials for Extreme Environments, at the AFOSR 2013 Spring Review. At this review, Program Officers from AFOSR Technical Divisions will present briefings that highlight basic research programs beneficial to the Air Force.
Dr. Harold Weinstock presents an overview of his program, Quantum Electronic Solids, at the AFOSR 2013 Spring Review. At this review, Program Officers from AFOSR Technical Divisions will present briefings that highlight basic research programs beneficial to the Air Force.
Dr. Jim Hwang presents an overview of his program, Adaptive Multimode Sensing, at the AFOSR 2013 Spring Review. At this review, Program Officers from AFOSR Technical Divisions will present briefings that highlight basic research programs beneficial to the Air Force.
Dr. Jim Hwang presents an overview of his program, GHz-THz Electronics, at the AFOSR 2013 Spring Review. At this review, Program Officers from AFOSR Technical Divisions will present briefings that highlight basic research programs beneficial to the Air Force.
Dr. Gernot S. Pomrenke presents an overview of his program, Photonics and Optoelectronics, at the AFOSR 2013 Spring Review. At this review, Program Officers from AFOSR Technical Divisions will present briefings that highlight basic research programs beneficial to the Air Force.
Dr. B.L. "Les" Lee presents an overview of his program, Mechanics of Multifunctional Materials and Microsystems, at the AFOSR 2013 Spring Review. At this review, Program Officers from AFOSR Technical Divisions will present briefings that highlight basic research programs beneficial to the Air Force.
Dr. Hugh C. DeLong presents an overview of his program, Complex Materials and Devices, at the AFOSR 2013 Spring Review. At this review, Program Officers from AFOSR Technical Divisions will present briefings that highlight basic research programs beneficial to the Air Force.
Dr. Jay Myung presents an overview of his program, Computational Cognition and Robust Decision Making, at the AFOSR 2013 Spring Review. At this review, Program Officers from AFOSR Technical Divisions will present briefings that highlight basic research programs beneficial to the Air Force.
Dr. Frederica Darema presents an overview of his program, Dynamic Data Driven Applications Systems (DDDAS), at the AFOSR 2013 Spring Review. At this review, Program Officers from AFOSR Technical Divisions will present briefings that highlight basic research programs beneficial to the Air Force.
Dr. Tristan Nguyen presents an overview of his program, Sensing, Surveillance and Navigation, at the AFOSR 2013 Spring Review. At this review, Program Officers from AFOSR Technical Divisions will present briefings that highlight basic research programs beneficial to the Air Force.
More from The Air Force Office of Scientific Research (20)
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Enhancing Performance with Globus and the Science DMZGlobus
ESnet has led the way in helping national facilities—and many other institutions in the research community—configure Science DMZs and troubleshoot network issues to maximize data transfer performance. In this talk we will present a summary of approaches and tips for getting the most out of your network infrastructure using Globus Connect Server.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Welcome to the first live UiPath Community Day Dubai! Join us for this unique occasion to meet our local and global UiPath Community and leaders. You will get a full view of the MEA region's automation landscape and the AI Powered automation technology capabilities of UiPath. Also, hosted by our local partners Marc Ellis, you will enjoy a half-day packed with industry insights and automation peers networking.
📕 Curious on our agenda? Wait no more!
10:00 Welcome note - UiPath Community in Dubai
Lovely Sinha, UiPath Community Chapter Leader, UiPath MVPx3, Hyper-automation Consultant, First Abu Dhabi Bank
10:20 A UiPath cross-region MEA overview
Ashraf El Zarka, VP and Managing Director MEA, UiPath
10:35: Customer Success Journey
Deepthi Deepak, Head of Intelligent Automation CoE, First Abu Dhabi Bank
11:15 The UiPath approach to GenAI with our three principles: improve accuracy, supercharge productivity, and automate more
Boris Krumrey, Global VP, Automation Innovation, UiPath
12:15 To discover how Marc Ellis leverages tech-driven solutions in recruitment and managed services.
Brendan Lingam, Director of Sales and Business Development, Marc Ellis
The Metaverse and AI: how can decision-makers harness the Metaverse for their...Jen Stirrup
The Metaverse is popularized in science fiction, and now it is becoming closer to being a part of our daily lives through the use of social media and shopping companies. How can businesses survive in a world where Artificial Intelligence is becoming the present as well as the future of technology, and how does the Metaverse fit into business strategy when futurist ideas are developing into reality at accelerated rates? How do we do this when our data isn't up to scratch? How can we move towards success with our data so we are set up for the Metaverse when it arrives?
How can you help your company evolve, adapt, and succeed using Artificial Intelligence and the Metaverse to stay ahead of the competition? What are the potential issues, complications, and benefits that these technologies could bring to us and our organizations? In this session, Jen Stirrup will explain how to start thinking about these technologies as an organisation.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Herklotz - Information Operations & Security - Spring Review 2012
1. INFORMATION OPERATIONS
&
SECURITY
5 MAR 2012
DR. ROBERT HERKLOTZ
PROGRAM MANAGER
AFOSR/RSL
Integrity Service Excellence Air Force Research Laboratory
13 July 2012 DISTRIBUTION A: Approved for public release; distribution is unlimited.
2. 2012 AFOSR SPRING REVIEW
NAME: DR. ROBERT HERKLOTZ
BRIEF DESCRIPTION OF PORTFOLIO:
Fund science that will enable the AF and DOD to dominate
cyberspace: Science to develop secure information systems for our
warfighters and to deny the enemy such systems.
LIST SUB-AREAS IN PORTFOLIO:
1: SOS-Science of Security
2: Secure Humans
3: Secure Networks
4: Secure Hardware
5: Covert Channels
6: Execute on Insecure Systems
7: Secure Data
8: Secure Systems-Security Policy
DISTRIBUTION A: Approved for public release; distribution is unlimited.
3. Information Operations and Security 61102F
Cyber Security
MOTIVATION PICTURE
• Cyber Security basic research has the
potential to change the current balance Attacks
that favors the attackers
• Discovery and development of a Science
of Cyber Security (SOS) should be
vigorously pursued Defenses
Policies
• Develop methods to execute mission
while under attack
TECHNICAL IDEAS PAYOFF
• Science of Security: formally model • Inherently secure software and hardware
relationships between attacks, defenses systems can be deployed in the future
and policies and invent good metrics • Covert channels can be anticipated and
• Develop a theory of Covert Channels denied or used
• Pursue methods to execute mission on • Insecure, distributed systems can be
insecure components used to execute the mission
DISTRIBUTION A: Approved for public release; distribution is unlimited. Level 3
4. SOS Laws: Analysis and
Synthesis
• Science:
– Laws or theories that are predictive
• Analysis: Given an artifact, predict its
properties…
– Qualitative properties: What it does?
– Quantiative properties: How well?
• Synthesis: Compose artifacts with given
properties to obtain a new one with
predictable properties.
DISTRIBUTION A: Approved for public release; distribution is unlimited.
5. SOS: Laws about What?
• Features:
Attacks
• Classes of policies
• Classes of attacks
Defenses
Policies
• Classes of defenses
• Relationships (= SoS)
• Defense class D enforces policy
class P despite attacks from class A.
DISTRIBUTION A: Approved for public release; distribution is unlimited.
6. AFOSR MURI Project Sept 23, 2011
Science of Cyber Security: Modeling,
Composition, and Measurement
Anupam Datta (CMU)
Joe Halpern (Cornell)
John Mitchell (Stanford, PI)
Andrew Myers (Cornell)
Andre Scedrov (U Penn)
Fred Schneider (Cornell)
David Wagner (UC Berkeley)
Jeannette Wing (CMU)
Ittai Abraham (Microsoft Research, unfunded collaborator)
Stanford, Berkeley, Carnegie-Mellon, Cornell, U Penn
DISTRIBUTION A: Approved for public release; distribution is unlimited.
7. SOS MURI Goals
• Scientific objective
– Advance the science base for trustworthiness by
developing concepts, relationships, and laws with predictive
value.
• Technical approach
– Security modeling: characterize system, threats, and
desired properties. Leverage game-theoretic concepts to
model incentives for the defender and attacker.
– Composition: develop principles for explaining when
security schemes compose, and how to achieve
compositionality.
– Security Measurement: goals include determining relative
strengths of defense mechanisms, evaluating design
improvements, and calculating whether additional
mechanism is warranted based on attacker and defender
incentives
DISTRIBUTION A: Approved for public release; distribution is unlimited.
8. Science Base for
Evaluation and Characterization of
System Trustworthiness-SOS
Metrics
Fred B. Schneider
Department of Computer Science
Cornell University
Ithaca, New York
DISTRIBUTION A: Approved for public release; distribution is unlimited.
9. Kinds of Analysis Laws
• Analysis: Given an artifact, predict its
properties…
– Qualitative properties: What it does.
– Quantitative properties: How well it works.
• Synthesis: Compose artifacts with given
properties to obtain a new one with
predictable properties.
DISTRIBUTION A: Approved for public release; distribution is unlimited.
10. The Promise of Security Metrics
• Users: Purchasing decisions
– Which system is the better value?
• Builders: Engineering trade-offs
– Select among different designs?
• Researchers: Evaluating new ideas
– Basis for declaring success!
Fred B. Schneider, Cornell
DISTRIBUTION A: Approved for public release; distribution is unlimited.
11. Definition: Security Metric
“μ is a security metric” should mean…
– μ: Systems Vals, where:
• < is a partial order on Vals
… so theory applies to more “metrics”. E.g.,
μ(S) = {all attacks that compromise S}
• μ(S) is efficiently computable
• x<y is efficiently computable
Intent: < reflects “actual security”, so
μ(S)< μ(S’) means S is less secure than S’
Fred B. Schneider, Cornell
DISTRIBUTION A: Approved for public release; distribution is unlimited.
12. Properties of Security Metrics
Define: S«S’ – S is “less secure than” S’
Soundness of μ: (Useful for users)
μ(S)< μ(S’) implies S«S’
Completeness of μ: (Useful for engineers)
S«S’ implies μ(S)< μ(S’)
DISTRIBUTION A: Approved for public release; distribution is unlimited.
13. S«S’: The Fine Print
If S«S’ holds then …
S, S’ must implement “same” specification:
– Specification defines an interface.
• All interactions with the system involve actions in this interface.
E.g., Includes side-channels.
– Specification describes expected effects of actions
at the interface.
An attack is an input that causes the
specification to be violated.
DISTRIBUTION A: Approved for public release; distribution is unlimited.
14. The $64,000 Question!
For what classes of specifications do there exist
sound (and complete?) security metrics?
Conjecture:
– Expressive specs IMPLY security metric μ must be
undecidable or μ incomplete.
– Security metric μ decidable and soundness IMPLY
F expressiveness is bounded by static type
checking.
DISTRIBUTION A: Approved for public release; distribution is unlimited.
15. Non-Intrusive Media Forensics
Framework
K. J. Ray Liu and Min Wu
Department of Electrical and Computer Engineering
University of Maryland, College Park
DISTRIBUTION A: Approved for public release; distribution is unlimited.
16. Digital Multimedia Anti-Forensics
• Very little consideration has been given to anti-forensic
operations
– Designed to remove/falsify
intrinsic fingerprints
– Create undetectable forgeries
• The study of anti-forensics is critical
– Identifies weaknesses in existing
forensic techniques
– Important for the development of
tools to detect the use of anti-forensic
operations
DISTRIBUTION A: Approved for public release; distribution is unlimited.
17. ENF: A Ubiquitous and Natural
Fingerprint
• ENF: Electrical Network Frequency
– 60 Hz in North America, 50 Hz elsewhere (50/60 Hz in Japan)
– Electro-magnetic (EM) field from power grid interferes with electronic
recording mechanisms (Sensors)
• ENF varies slightly from 50/ 60 Hz over time
– Deviations depends on regulations: ~ on the order of 0.05-0.1Hz
– Main trends are the same over the power grid [1]
• ENF can be “heard” and “seen”
– Present in audio recordings near power sources
– We showed luminance of indoor lightings fluctuates based on ENF
• Captured by optical sensors: photo diode, CCD camera sensors, etc.
– Random deviations can be used as fingerprints for multimedia
content:
• Determine the time and place of recordings
• Detect tampering in the multimedia content; bind video and audio
[1] C.
Grigoras. Applications of ENF criterion in forensics: Audio, video, computer and
telecommunication analysis. Forensic Science International, 167(2-3):136 – 145, April 2007.
DISTRIBUTION A: Approved for public release; distribution is unlimited.
18. Verify Time of Recording
600 0.9
-80
500 -20
500 -90 0.8
Correlation coefficient
-100 400 -40 0.7
Time (in seconds)
Time (in seconds)
400
-110 0.6
300 -60
300
-120 0.5
200 -130 200
-80 0.4
-140
100 100 0.3
-100
-150
-30 -20 -10 0 10 20 30
9.6 10 10.4 10.8 49.5 50 50.5 51 51.5 Time frame lag
Frequency (in Hz) Frequency (in Hz)
Video ENF signal Power ENF signal Normalized correlation
ENF matching result demonstrating similar variations in the ENF signal
extracted from video and from power signal recorded in India
Aliasing Challenge with video: temporal sampling rate lower than ENF
Our recent results from US, China, and India power grids
Exploit signal processing to harvest from aliasing
Highest correlation between power ENF and video ENF signal corresponds to the
time at which recording took place
DISTRIBUTION A: Approved for public release; distribution is unlimited.
19. Tampering Detection
ENF matching result demonstrating the detection of
video tampering based on the ENF traces
ENF signal from Video
Frequency (in Hz)
10.3
10.2
10.1 Inserted
10 clip
160 320 480 640 800 960
Time (in seconds)
Ground truth ENF signal
Frequency (in Hz)
50.2
50.1
50
49.9
160 320 480 640 800
Time (in seconds)
• Adding a clip between the original video leads to
discontinuity in the ENF signal extracted from video
• Clip insertion can also be detected by comparing the
video ENF signal with the power ENF signal at
corresponding time DISTRIBUTION A: Approved for public release; distribution is unlimited.
20. Forensic Binding of Audio and Visual
Tracks
• ENFs in audio and video tracks captured at the same
time have high correlation
• Research questions ahead:
(1) How to accurately estimate and match weak and noisy ENF?
(2) Can ENF be removed? Tampered? (3) How to prevent anti-
foreniscs on ENF? for public release; distribution is unlimited.
DISTRIBUTION A: Approved
……
21. AFOSR INFORMATION OPERATIONS & SECURITY 2011 PI MEETING
19-23 SEPTEMBER 2011
ALINGTON, VA
High Performance Semantic
Cloud Auditing
Keesook J. Han, Ph.D
Keesook.Han@rl.af.mil
Develop High Performance Semantic Cloud Auditing Technologies and Applications
that includes Comprehensive Cloud Auditing Data Capturing, Analysis and
Rapid Response to Improve Cloud Quality of Services.
Approved for Public Release; Distribution Unlimited: 88ABW-2011-4496, 16-Aug 2011
Approved for Public Release; Distribution is unlimited.
DISTRIBUTION A: Approved for public release; distribution Unlimited: 88ABW-2011-4496, 16-Aug 2011 Keesook.Han@rl.af.mil
INFORMATION INSTITUTE WORKSHOP on ASSURING THE CLOUD, 11 July 2011, GRIFISS Institute, Rome, NY POC: AFRL/RIGA Dr.
22. Cloud Research
Facilities
University of Texas at Texas A&M University of
San Antonio University South Carolina
FlexFarm (Honeyfarm)&FlexCloud: Cisco Test Engineering Center Router Testbed: Center for
Institute for Cyber Security Cisco Cloud Testing Lab Information Assurance Engineering
SUNY University of Illinois at
University of Texas at
Binghamton University Urbana Champaign
Dallas
Coordinated Science Lab Assured
UTD Secure Cloud Repository: GPGPU Cluster: Real-Time
Assured Cloud Computing Center
Hadoop File System Embedded Systems Lab
Rochester University of
Tennessee State
Institute of Technology Pittsburgh
University
Center of Excellence in Information Networking, Security, and Systems Swanson Institute for
Systems and Engineering Management Administration Labs Technical Excellence
University of Missouri AFRL Georgia Institute of
Kansas City RI Technology
Networking & Multimedia GPGPU Cluster: Foundations of Data and Visual
System Lab CONDOR Supercomputer Analytics Center
UNCLASSIFIED
Approved for Public Release; Distribution Unlimited: 88ABW-2011-4496, 16-Aug 2011
DISTRIBUTION A: Approved for public release; distribution is unlimited. Keesook.Han@rl.af.mil
INFORMATION INSTITUTE WORKSHOP on ASSURING THE CLOUD, 11 July 2011, GRIFISS Institute, Rome, NY POC: AFRL/RIGA Dr.
23. Conclusion
Semantic Cloud Auditing:
Develop Efficient Information Theoretic Metadata and Aggregation: Fast Information Exploitation of
Massive Cloud Auditing Data for Rapid Response
Semantic Cloud Auditing will benefit to the following projects:
• Access Control: “Advanced Access Control for Assured Clouds”
• Cloud Security: “Honeyfarm Data Capturing, Rapid Sharing and Exploitation of Malicious Traffic for Cloud
Security”
• Customized Hadoop: “Massive Cloud Auditing Using Data Mining on Hadoop”
• Secure Hadoop: “Assured Information Storage and Sharing on Hadoop”
• GPGPU Computing: “High Performance Processing of Cloud Auditing Data Using GPGPU Many-Core
Parallelism”
• SLA-based Cloud Service Workloads: “Dynamic Mapping of Cloud Resources to Meet Service Level
Agreement (SLA)-based Cloud Service Workloads”
• Traffic Control: “Router-Based Filtering and Rerouting to Traffic Control in Cloud Computing”
• Outage Management: “Router-Initiated Network Outage Management for Multitenant Clouds”
• File Transfer: “Bandwidth Intensive Multimedia Data Transfer for Smartphone-Friendly Cloud Services”
Approved for Public Release; Distribution Unlimited: 88ABW-2011-4496, 16-Aug 2011
DISTRIBUTION A: Approved for public release; distribution is unlimited. Keesook.Han@rl.af.mil
INFORMATION INSTITUTE WORKSHOP on ASSURING THE CLOUD, 11 July 2011, GRIFISS Institute, Rome, NY POC: AFRL/RIGA Dr.
24. Detection of Covertly Embedded
Hardware in Digital Systems
Douglas H. Summerville
Associate Professor
Electrical and Computer Engineering
State University of New York at Binghamton
DISTRIBUTION A: Approved for public release; distribution is unlimited.
25. Covertly Embedded Trojan
• Malicious circuit embedded in
“implementation space” of its host
– Neither functional nor parametric
• Trojan uses existing resources that are
artifacts of the host’s implementation
• No alteration of functional characteristics of
host, therefore not testable
• Can be combinational or sequential circuits
DISTRIBUTION A: Approved for public release; distribution is unlimited.
26. The Embedding
• Covert Hardware alters the circuit’s behavior
in the “don’t care” space
• In effect, two circuits co-exist in the same
physical hardware
– The original circuit, only exercised during normal
operation
– The malicious circuit, exercised by special trigger
DISTRIBUTION A: Approved for public release; distribution is unlimited.
27. Motivating Assumption
• Assume general
case is unsolvable
• In practice, standard
design approaches
generate a small
fraction of possible
implementations
• We focus on
securing few
practical cases
DISTRIBUTION A: Approved for public release; distribution is unlimited.
28. Structural Circuit Analysis
• Can’t look at circuit’s function, so look at its
structure
• Exploits how design approaches optimize for
speed, area, power, etc. in deterministic ways
– Contributing regularity to circuit structure
• Identify structural characteristics of circuits
that
– Result from standard design approaches
– Are removed or altered by tampering
• Restrict optimization to solutions in that
space
– tradeoff
DISTRIBUTION A: Approved for public release; distribution is unlimited.
29. Detecting Hidden Communications
Protocols
R. R. Brooks
Associate Professor
Holcombe Department of Electrical
and Computer Engineering
Clemson University
Clemson, SC 29634-0915
Tel. 864-656-0920
Fax. 864-656-1347
email: rrb@acm.org
DISTRIBUTION A: Approved for public release; distribution is unlimited.
30. Detection of Hidden Communications
Protocols
Richard Brooks: rrb@acm.org, Clemson University
Objective
Detect use of tunneled communications
protocols and infer their current internal
state
• Private communications often tunneled through
virtual private networks (VPNs)
• Mix networks tunnel connections for anonymity
• Tunneling tools (ex. ssh, ssl, TOR) have timing
vulnerabilities
• Hidden Markov models (HMM) and probabilistic
grammars will detect protocol use, infer network
flows, partially decipher content
DoD Benefit: Technical Approach:
• Detection of tunneled communications • Collect inter-packet timing information from
tunneled sessions
protocols
• Zero-knowledge HMM model inference
• In some cases (ex. interactive ssh), partially • Determination of HMM statistical significance
• Tracking HMM transitions driven by network flow
decipher message contents
inter-packet timing data detects protocol use
• Determination of communications patterns • Viterbi algorithm finds maximum likelihood Markov
in mix networks, such as TOR state sequence
• Two point-to-point connections with same Markov
• Detection of timing side channel attack state sequences (Viterbi paths) are likely data
vulnerabilities in DoD networks source and sink
DISTRIBUTION A: Approved for public release; distribution is unlimited 30
31. Active Defense:
Reactively Adaptive Malware:
Attacks & Defenses
Kevin W. Hamlen & Latifur Khan
University of Texas at Dallas
AFOSR Contract FA9550-10-1-0088
September 2011
DISTRIBUTION A: Approved for public release; distribution is unlimited.
32. Attacks Upon Signature-matchers
• Randomize features during decryptor
propagation
– Polymorphism
• encrypt payload with randomly
chosen key
– Oligomorphism
• randomly re-assemble decryptor encrypted
– Metamorphism payload
• non-deterministically recompile
decryptor and/or payload
• Weakness: Undirected
mutation
DISTRIBUTION A: Approved for public release; distribution is unlimited.
33. Reactively Adaptive MALware (RAMAL)
• Three challenges:
1. Covertly harvest data about victim defenses
(malware signature databases)
2. Mine harvested data effectively
3. Derive new mutation strategy from inferred
model
DISTRIBUTION A: Approved for public release; distribution is unlimited.
34. Hardware, Languages, & Architectures for
Defense Against Hostile Operating Systems
(DHOSA)
V. Adve, UIUC
K.Asanović, UC Berkeley
D.Evans, UVA
S.King, UIUC
G.Morrisett, Harvard
R.Sekar, U Stony Brook
D.Song, UC Berkeley
D.Wagner (PI), UC Berkeley
http://www.dhosa.org/
DISTRIBUTION A: Approved for public release; distribution is unlimited.
35. The Approaches
Advances that cut across traditional
disciplines:
• new OS and software architectures
• new hardware architectures
• new policy enforcement techniques
• new techniques for trustworthiness
• new coding techniques
DISTRIBUTION A: Approved for public release; distribution is unlimited.
36. Cryptographic
SVA
secure
computation
e.g., Enforce
Binary translation properties
and on a
malicious OS Data-centric
emulation
security
e.g., Enable
complex
Formal methods distributed
systems, with
resilience to
TRANSFORMATION Secure browser hostile OS’s
appliance
Hardware support for
isolation
e.g., Prevent Secure servers
data
exfiltration
Dealing with WEB-BASED
malicious hardware ARCHITECTURES
HARDWARE SYSTEM ARCHITECTURES
DISTRIBUTION A: Approved for public release; distribution is unlimited 36
37. Helix:
A Self-Regenerative Architecture
for the
Incorruptible Enterprise
MURI 2007 - 2012
John Knight
University of Virginia
AFOSR PI Meeting
9/21/2011
9/21/2011 Helix MURI Project -- 37
38. Helix Team Members
• University of Virginia
– John C. Knight (PI) - Software engineering, dependability
– Jack W. Davidson - Languages, security, virtual machine
– David Evans - Security, applied cryptography
– Westley Weimer - Program analysis
– Anh Nguyen-Tuong - Security, grid computing
• University of New Mexico
– Stephanie Forrest - Biological inspired computing
– Jared Saia - Computational & game theory
• University of California at Davis
– Hao Chen - Security, Web applications
– Zhendong Su - Program analysis, software engineering
– S. Felix Wu - System fault tolerance
– Jeff Rowe - Operating systems
– Karl Levitt - Security
• University of California at Santa Barbara
– Frederic Chong - Secure hardware, hardware acceleration
for program/system analysis
DISTRIBUTION A: Approved for public release; distribution is unlimited.
39. Research Highlights
• Security for mobile devices: • Automated repairs via
– Static analysis genetic programming:
framework for detecting – Demonstrated on
information leaks assembly code
(Android) – Proactive
diversity/variant
• Security for web generation
applications:
– Static analysis to detect • Hardware/architecture for
access control security:
vulnerabilities – Hardware description
language (compiler
• Security for applications: released)
– Detection of unsafe – Provably leak-free
component loading hardware
See web site: http://helix.cs.virginia.edu
9/21/2011
DISTRIBUTION A: Approved for public release; distribution is unlimited.
Editor's Notes
Program title might be obscure: it means I fund research related to cyber security
Approached in ad-hoc manner:Build a science of security to break the attack-patch-attack cycle: how to build inherently secure systems-NO FORMAL DEFINATION OF SECURITY1: SOS-Science of Security: Formal Methods, Advanced theorem proving, Static analysis, Dynamic analysis, Symbolic evaluation and constraint solving, Code-level specification/verification, Hyperproperties2: Secure Humans: Trust in cyberspace, Suspicion in cyberspace3: Secure Networks: Information flow, Root of trust, Secure clouds4: Secure Hardware: Combinational logic, Hardware wrappers 5: Covert Channels: Steganography theory, Steganalysis theory, Dynamic analysis, Binary translation6. Execute on Insecure Systems: Artificial, dynamic diversity, Fully homomorphic encryption, Statistical models, error virtualization and rescue points, Automated Program Repair with Genetic Programming7: Secure Data: policy specification language, Novel logics abstractions for security policy compliance8: Secure Systems: Theory for incentive-compatibility, Security Policy, Obfuscation
Areas of ResearchFormal Methods Advanced theorem proving Static analysis Dynamic analysis Symbolic evaluation and constraint solving Secure Software Code-level specification/verification Obfuscation Artificial, dynamic diversity Fully homomorphic encryption Statistical models, error virtualization and rescue points Automated Program Repair with Genetic Programming Binary translationSecure Hardware Combinational logic Secure Data Theory for incentive-compatibility Security Policy Policy specification language Novel logics abstractions for security policy compliance Science of SecurityHyperproperties Information flows/covert channels Develop a Science of Cyber SecurityVulnerable to fewer attacks Measurable cyber securityHarder and more costly to attackSecures high priority missions through attackRecover rapidly & automatically from zero day attacks
What is SOS?
Image compression fingerprints are forensically importantTrace image’s compression historyProvide evidence of processingDetermine an image’s originIdentify image forgeriesForensic Linkage to Acquisition DeviceNatural Fingerprint from Power Grid
What other phenomena produce signatures in sensor data???
AFOSR, AFRL, DHS, NSF, DOD, CISCO, HPC
Nearly every practical circuit has input or state values that are not part of the system specificationUndefined input values (e.g. 13th month)Undefined state values“Slack” resources for optimizationCircuit’s behavior is not defined for these values to allow optimization
The combined host and covert circuit represents a valid implementation of the host circuitOne of many functionally equivalent ways to build the circuitAnother way to look at it: at least one (typically many) implementations already contain the malicious circuit
Investigate properties of the unused state or output space resulting from given design techniquesWhy unused?Find invariants of circuits generated by that techniqueNarrow these to find a property that isBroken by tamperingStructural analysis of circuits is a promising approach for detection of covert circuit tampering (circuit implementation tampering)Can be performed at any design level where equations can be extractedDoesn’t rely on clean design to compare againstAllows freedom to use latest COTS technologyCan be integrated easily into existing tool chains Is a static technique
Transitions:2011 NSF Career Award: Language-based Polymorphic Malware Security2011 U.S. Army grant: Adaptive Malware Detection over Evolving Malware Streams
Signature updates are an inadequate defensemanual signature generation too slownoncomprehensive update coverage
Signature databases are (usually) confidentialundisclosed, proprietary formatsencryptedanti-piracy software protectionsBut classification decisions are publicpublic APIs (e.g., IOfficeAntivirus on Windows)works on McAfee, AVG, Windows Defender, Norton, …run anti-malware in a sandboxquery public malware detection servicesopen-source signature db’s (e.g., ClamAV
6. Execute on Insecure SystemsCan we defend applications from buggy and even malicious host operating systems?OS’s contain ~50M lines of code SEI estimates 1-7 errors/1Kloc: ~10K bugs?Month of Apple bugs: 23 security relevant bugs found Reality: must assume OS will be compromisedOur goal: Survive a malicious OS, perhaps with degraded functionality or availability.
Exploratory research – many potential paths (some in competition, but mostly synergistic).