I have a diverse set of research generally in the areas of security, systems and networking. Below are highlights of the key research areas I am or have been involved in. There are a great many more areas I am involved in that are not documented here, so this is a subset of my work. More detailed information about my historical research can be obtained from the publications, vita and laboratory webpage.

Note: Here is a linke to the Proceedings of the NATO IST-128 Workshop: Assessing Mission Impact of Cyberattacks.

Cyber-Security Collaborative Research Alliance

Description: The goal of the Models for Enabling Continuous Reconfigurability of Secure Missions (MACRO) Cyber-Security Collaborative Research Alliance (CRA) program is to understand and model the risks, human behaviors and motivations, and attacks within Army cyber-maneuvers. Such understanding and models will lead to an asymmetric advantage in cyber domains against known and unknown attackers both in the ability to detect and thwart attacks as well as allow mission progress in the face of ongoing and evolving threats. The overarching scientific goal of this effort is to develop a rigorous science of cyber-decision making that enables military environments to a) detect the risks and attacks present in an environment, b) understand and predict the motivations and actions of users, defenders, and attackers, c) alter the environment to securely achieve maximal maneuver success rates at the lowest resource cost. Ultimately we wish to dictate and control the evolution of cyber-maneuvers and adversarial actions.

SupportRepresentative Publications

Smartphone Application Security

Description: Smartphones have emerged as a essential vehicle for information access and personal communication. However, the fluidity of application markets and structures of the underlying mobile hand operating systems complicate smartphone security. Over tghe last 4 years I have worked wih a number of students and researchers across the country to investigate the security of phones and appications they support. This effort has spanned projects in, among other topics, systems design, policy, and program analysis.

SupportRepresentative Publications

Storage Security and Data Provenance

Description: As computing models change, so too do the demands on storage. Distributed and virtualized systems introduce new vulnerabilities, assumptions, and performance requirements on disks. However, traditional storage systems have very limited capacity to implement needed "advanced storage" features such as integrity and data isolation. This is largely due to the simple interfaces and limited computing resources provided by commodity hard-drives. A new generation of storage devices affords better opportunities to meet these new models, but little is known about how to exploit them. This research is focused on the investigation of security architectures that use advanced storage techniques to address security, performance, and functional requirements of emerging environments.

One area of smart storage that is being carefully studied is its use to implement a provenance system. The value of data maintained by a computing system can only be determined by understanding its origins and pedigree. Data provenance provides this information by documenting the entities, systems, and processes that operate on data of interest-in effect providing a historical record of the lifetime of the data and its sources. The generated evidence supports important forensic activities such as data-dependency analysis, error detection and recovery, and auditing and compliance analysis. Although widely sought after in high-end computing systems supporting applications such as bioinformatics, scientific computing and intelligence systems, existing services for data provenance are limited in scope and depth.

SupportRepresentative Publications

SmartGrid and Control Systems Security

Description: As SmartGrid development progresses, new technologies like AMI, microgrids and transmission and distribution automation introduce new vulnerabilities into the electric grid and the world at large. In order for society to make informed decisions about the deployment and implementation of these devices, detailed information about these vulnerabilities and the necessary mitigation strategies is necessary. The objective of this research is to analyze the security vulnerabilites of SmartGrid devices and to develop mitigation strategies. Much of the work to date has focused on pentration testing of commercial smart meters and their communication interfaces (see papers below).

SupportRepresentative Publications

Network Security

Description: Networking as a discipline and the Internet as an artifact have changed just about everything in our society in the last 15 years. One area that has been neglected (to our great misery and continued peril) is that of protecting the network that serves us. This research focuses on addressing the threats against these increasingly complex networks. One core area I have been involved in is the study of routing security. As the Internet's de facto interdomain routing protocol, the Border Gateway Protocol (BGP) is the glue that holds the disparate parts of the Internet together. A major limitation of BGP is its failure to adequately address security. Recent high-profile outages and security analyses clearly indicate that the Internet routing infrastructure is highly vulnerable. Moreover, the design of BGP and the ubiquity of its deployment have frustrated past efforts at securing inter- domain routing. I have explored the limitations and advantages of proposed security extensions to BGP, and attempted to understand why no solution has yet struck an adequate balance between comprehensive security and deployment cost.

Much of my professional background prior to returning to graduate school focused on networking, and this work is a logical extension that past. While I am not as involved in networking and networking security as I once was (modulo telecommunications security), I still find opportunities to study diverse subjects.

SupportRepresentative Publications

Information Flow/High Integrity Systems

Description: Increasingly prevalent and costly vulnerabilities in software systems mandate stronger guarantees than provided by widely used, ad hoc, informal, and social assurance practices. Such practices are common be- cause there exists no tractable framework for proving or even broadly reasoning about the correctness of an implementation based on a scientific ground truth. Built on decades of rigorous work on the foundations of security, the information flow and integrity guarantees provided by emerging programming languages and systems are now reaching practicality. However, it is not known how to apply these technologies to provide high-assurance systems. This research investigate architectures exploiting these new capabilities, with a focus security typed languages (e.g., Jif), MAC systems (e.g., SELiniux), and integrity measurement (e.g., TPMs).

SupportRepresentative Publications

Telecommunications Security

Description: The nature of telecommunications networks is rapidly changing. Mobile phone frameworks such as Android and Openmoko invite developers and end users to build applications, modify the behavior of the phone, and use network services in novel ways. This offers a promising opportunity to create new, valuable markets and modes of communication. However, the move to open systems alters the underlying performance and security assumptions upon which the network was based. In ongoing work, we have shown that such changes lead to vulnerabilities ranging from merely vexing phone glitches to catastrophic network failures. The current infrastructure lacks the basic protections needed to protect an increasingly open network, and it is unclear what new stresses and threats open systems and services will introduce.

This research seeks to formally and experimentally investigate vulnerabilities and defensive infrastructure addressing vulnerabilities in open cellular operating systems and telecommunications networks. This includes the development of infrastructure for the analysis, configuration, and enforcement of security policy in telecommunications networks.

SupportRepresentative Publications